home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Belgian Amiga Club - ADF Collection
/
BS1 part 23.zip
/
BS1 part 23
/
Superkillers.adf
/
ZV.Doc
< prev
next >
Wrap
Text File
|
1978-02-06
|
29KB
|
981 lines
ZeroVirus III.
(c) Copyright 1989,1990 by Jonathan Potter
See the bottom of this file for changes
INTRODUCTION
------------
Welcome to ZeroVirus!
---------------------
This program is a complete virus detection, removal, and protection system.
Using ZeroVirus , you can check the bootblock of any disc . You can install
the disc ( removing any virus that is present ) with one of four different
bootblocks, and backup the bootblocks of your commercial programs to ensure
recovery from any viruses in the future.
You can also use ZeroVirus to check a directory , or a whole disc for any
Known file (link) viruses.
ZeroVirus uses BrainFiles to make updating easier. The BrainFiles contain
information that ZeroVirus uses to identify viruses and other bootblocks.
ZeroVirus has a LEARN option , whereby you may include in the BrainFile the
data necessary to recognise a certain bootblock in the future.... ZeroVirus
also has " on-line " BrainFile editing, to make the procedure even easier.
You can iconify ZeroVirus to a small window on the Workbench screen . Here
it runs in the background , checking every disc you insert in the drives.
STARTING ZEROVIRUS
------------------
To start ZeroVirus, double-click on the icon from Workbench ,or type "Zero-
Virus" from the CLI.
ZeroVirus looks for the BrainFile ( called "ZeroVirus.BrainFile") in either
the current directory, or in the S: directory, and if it is found , it will
be read in.
ZeroVirus then looks for the Palette file ( called "ZeroVirus.Palette" ) in
the same places , and will read in your custom colours from that file if it
can be found.
MEMORY CHECKING
---------------
Once ZeroVirus has finished the above operations, memory is checked for any
known viruses . If any are found , they are automatically removed , and you
are notified of their presence.
After this, ZeroVirus checks a number of system vectors. The vectors check-
ed are WarmCapture, CoolCapture, ColdCapture, KickTagPtr(or RomTags), Kick-
MemPtr and KickCheckSum vectors. These should all normally be zero($000000)
and one sign of a virus in memory is these vectors pointing somewhere else.
If their value is not $000000, you will be given the option to restore then
to $000000.
Be careful here , because some legitimate programs , like Guardian , modify
these to their own purposes.
After this , you are prompted to press the left mouse button to continue.
MAIN MENU
---------
Several options are available from the main menu :
-------------------------------------------------
The BOOTBLOCKS gadget , or " BootBlocks " from the pull-down menu takes you
into the bootblock checking part of ZeroVirus.
Likewise 1, the FILES gadget, or "Files" from the pull-down menu takes you
into the file checking part of ZeroVirus.
The BRAINFILES gadget , or " BrainFiles " from the pull-down menu takes you
into the "on-line" BrainFile editor.
The LEAVE gadget gives you the option of either quitting or..... iconifying
ZeroVirus.
"Palette" from the pull-down menu allows you to edit the colours ZeroVirus
uses, and "Save Palette" allows you to save them for future use.
"About" displays some information about the program :
"Iconify" iconifies ZeroVirus.
"Quit" exits ZeroVirus.
BOOTBLOCKS
----------
This section of ZeroVirus allows you to work with the bootblocks of discs.
--------------------------------------------------------------------------
To check the bootblock of a disc , click on the icon of the drive the disc
is in . If no errors occur , the bootblock will be read and checked. If the
bootblock is recognised , its name and description will be displayed.
eg "Normal DOS bootblock."
"This disc is okay. Insert another disc to keep checking."
"ZeroVirus BigScreenTest bootblock"
"Check for PAL sized screen on bootup"
"SCA virus recognised!"
"This disc contains a virus! INSTALL it immediately!"
If the bootblock is not recognised, you will see :
"Non-standard bootblock"
"Suggestion : BACKUP and INSTALL"
Under the description ,the bootblock is displayed . Characters in white re-
present standard bootblock characters ; those in red represent non-standard
bootblock characters.
ZeroVirus detects disc changes, so to check another disc in the same drive,
simple eject the current disc and insert the new one.
Several options are available from a pull-down menu :
---------------------------------------------------
A "-->" in menu names indicates the presence of sub-menus. From top to bot-
tom the menu options are :
BootBlock --> - This option allows you to select the bootblock that
--------- will be written to discs when you install them.
Standard - This is the standard AmigaDOS 1.3 bootblock.
NoFastMem - This bootblock allows you to turn off all auto-con-
figuring expansion memory on bootup.
BigScreenTest - All PAL Amigas have a bug that causes an NTSC ( 200
line) screen to occasionally open on bootup, instead
of one the normal PAL size (256 lines).
This bootblock checks the size of the screen you are
about to boot into , and if it is < 256 lines , will
give you a chance to reset the computer.
This eliminates the possibility of going through a
half hour long startup-sequence only to find at the
end that you have to reboot because of a short
screen.
AutoAddRAM - This bootblock allows you to automatically add one
chunk of non-autoconfiguring memory on bootup.
When you install a disc with this bootblock, you are
prompted for the starting and ending addresses of
the chunk , in hexadecimal . If you give no input to
this, the RAM from $f80000 to $fbfffe present in
Amiga 1000s with Kickstart in ROM is assumed.
Install - This option installs the disc in the currently
selected drive, with the selected bootblock.
Learn - This option allows you to learn the bootblock of the
disc in the currently selected drive.
ZeroVirus recognises bootblocks by checking eight
characters . If all characters match the required
characters, ZeroVirus recognises the bootblock.
When you select learn , eight characters in the
bootblock view are highlighted. These are the eight
characters ZeroVirus has picked to recognise the
bootblock by . Unfortunately...... ZeroVirus cannot
distinguish between code and text. Since text in
a bootblock can be changed relatively easily, it is
not a good idea to learn text bytes.
If it is obvious that ZeroVirus has picked some
text bytes to learn , you may reselect the bytes
yourself.
A maximum of eight characters may be highlighted at
once.
To toggle a character on or off, click on it with
the left mouse button.
You may pick eight or less characters.
Once you have finished picking characters, click
in the centre of the screen where you are told to.
You are now prompted for the name of the bootblock.
To cancel the learn operation , just press return
for this.
Once you have entered the name , you are asked
for a description . If the bootblock you have just
learnt is a virus , just press return for this.
Names and descriptions may be 80 characters at the
most.
Learn only learns to memory - the bootblock is not
recorded to the BrainFile on disc until you do so
from the BrainFile editing menu.
Force Learn - It may happen occasionally that the bootblock of the
disc you wish to learn has the same bytes in the
same places as a bootblock ZeroVirus has learnt
previously . In this case, Learn will complain that
ZeroVirus already knows this bootblock.
You may now learn the bootblock with Force Learn,and
pick some different bytes.
The bootblock will still not be recognised, however,
as the first bootblock is before this one in the
list . To overcome this problem , you may re-arrange
the order of bootblocks in the BrainFile from the
BrainFile editing menu.
Backup --> - These options allow you to manipulate bootblocks as
------ disc files.
Backup - Many programs employ custom bootblocks . These boot-
blocks may be for fast loaders, intros, etc.
Many of these programs depend on their custom boot-
block . If this bootblock is overwritten with a
virus ,the program will no longer work.
Backup allows you to backup a bootblock to a disc
file, for future retrieval.
When Backup is selected , a file requester appears
for you to enter the name you wish to save the boot-
block. The name of the disc is automatically entered
as the filename, but this may be edited.
Once you have chosen the name , you are asked to
enter an optional comment for the bootblock (maximum
40 characters).
Providing no errors occur , the bootblock will be
saved to the file.
It is a good idea to keep all bootblocks in the same
directory, and an even better idea to keep a backup
of the disc containing the bootblocks.
Restore - Restore allows you to restore a previously backed-up
bootblock to the disc in the selected drive.
Selecting this opens the file requester, prompting
you for the name of the bootblock you wish to re-
store
Catalogue - Catalogue allows you to generate a catalogue of all
the backed-up bootblocks in a specified directory.
Selecting this opens a requester with various gad-
gets allowing you to configure the catalogue.
CATALOGUE TO FILE and CATALOGUE TO PRINTER allow you
to send the generated catalogue to a disc file, or
to the printer (PRT:).
INCLUDE COMMENTS and INCLUDE DATES allow you to
select whether comments and dates are included in
the catalogue.
SORT BY NAME , COMMENT and DATE allow you to turn
catalogue sorting on or off, and select which item
the catalogue is sorted by.
GENERATE CATALOGUE opens the file requester , allow-
ing you to select the directory containing the boot-
blocks you wish to catalogue . Only bootblocks saved
with ZeroVirus are included in the catalogue.
View Saved - This allows you to view a saved bootblock. Selecting
it opens the file requester , prompting you for the
name of the bootblock you wish to view.
Compare Saved - This allows you to compare the bootblock of the disc
in the selected drive with a bootblocks saved to a
disc file. The saved bootblock is the one actually
shown . Conflicting characters are shown in red;
identical characters are shown in white.
Print Saved - This allows you to dump a saved bootblock to the
printer ( PRT : ).The bootblock is printed in both
hexadecimal and ASCII.
Print - This allows you to dump the bootblock of the disc in
the selected drive to the printer (PRT:).
Toolkit --> - These options allow you to manipulate bootblocks in
------- special ways.
UnInstall - UnInstall un-installs a disc, leaving the bootblock
the same as if the disc had just been formatted.
Fix Checksum - This fixes the checksum of the bootblock, and makes
it bootable.
No Checksum - This zeroes the checksum of the bootblock, and makes
it non-bootable.
Copy Block - This allows you to copy the bootblock of the disc
in the selected drive to a disc in another drive.
After selecting this, click on the drive that you
want to copy the bootblock to , or click on the same
drive to cancel the operation.
Main Menu - This option returns you to the main menu.
FILES
-----
This section of ZeroVirus allows you to check files for file (link)
viruses. When selected, the screen clears and the file requester opens. You
may now select the directory you wish to check ( don't worry about the
filename ).
When the directory has been chosen, you are asked if you wish to check all
the sub-directories as well. This allows you to check a whole disc at once,
if necessary.
You are now asked if you want any viruses to be automatically removed. If
you answer positively to this , any file viruses found will be removed
automatically , unless a user action is unavoidable (eg an error occurs).
The files are now checked . The filenames are displayed on the screen as
they are being checked.
File viruses are not learnt in BrainFiles. Therefore, ZeroVirus will be
updated if and when new file viruses appear.
Currently recognised file viruses are :
-------------------------------------
IRQ virus - This virus attaches itself to the first command in
the startup-sequence.
BGS9 virus - Also known as the TTV1 virus, this one replaces the
first command in the startup-sequence with itself,
and places the original file in a hidden file
in DEVS:
If this virus is found, ZeroVirus will also give you
the option of trying to replace the original file.
Even if automatic virus removal is on, user in-
put is required here, as ZeroVirus has no idea where
the DEVS : directory on that disc is (in relation
to the current directory ). The file requester is
opened for this .
LAMER virus - This virus is usually disguised as a hidden file,
and inserts a line calling itself in the startup-
sequence
If a file called " startup-sequence " is found , it
will be checked to see if it calls this virus. The
virus calls itself a name consisting of (in hex)
A0 ( 160 decimal ). These are invisible as normal
ASCII. If any of these are found in the "startup-
sequence", ZeroVirus can remove them.
BRAINFILES
----------
The " on-line " BrainFile editor allows you to easily edit the current
BrainFile.
The name of all bootblocks known by the current BrainFile are displayed on
the screen, along with their comments.
You may scroll the selector-bar up and down the list of bootblocks with the
UP and DOWN gadgets at the bottom of the screen , or with the Move menu.
Several options are available from a pull-down menu; these are :
--------------------------------------------------------------
New - This option discards the BrainFile in memory at the
moment, and begins a new one. Be careful with this;
there is no undo feature.
Load - This option allows you to load a BrainFile from
disc into memory , replacing the BrainFile in memory
at the moment. The file requester is used to allow
you to select the BrainFile.
Note that BrainFiles need not be called "ZeroVirus.
BrainFile" ........ they may be called anything, and
kept anywhere . However , they will not be read in
automatically when ZeroVirus is run unless they are.
Save - This option allows you to save the BrainFile in
memory to disc . The file requester is used to allow
you to select the name.
The User Update count of the current BrainFile is
incremented everytime you Save.
Edit --> - These options allow you to make changes to the en-
---- tries in the BrainFile.
Move - Move allows you to reposition an entry in the
BrainFile . When selected , you may move the se-
lector-bar to the position you wish the entry to be
moved to.
Press the right mouse button when the bar is in the
correct position. You are then asked if you wish the
entry to be moved above or below the current
position . To cancel this , press the right mouse
button without moving the bar.
Rename - This allows you to change the name and description
of the highlighted entry.
Delete - This allows you to delete the highlighted entry from
the BrainFile.
Merge - The Learn option allows you to include your own
bootblocks in the BrainFile. However, new BrainFiles
issued by the author will not, of course, contain
these, and so you would have had to Learn them all
again. Merge allows you to, effectively, join the
current BrainFile with one on disc. However, the
"new" BrainFile will not conta in any repeated en-
tries.
Move --> - These options allow you to move around the current
---- BrainFile.
Entry Up - Moves you one entry up. Identical to pressing the UP
gadget.
Entry Down - Moves you one entry down. Identical to pressing the
DOWN gadget.
Page Up - Moves you one page (13 entries) up.
Page Down - Moves you one page (13 entries) down.
Top - Moves you to the top of the BrainFile.
Bottom - Moves you to the bottom of the BrainFile.
Main Menu - This option returns you to the main menu.
PALETTE
-------
The palette requester has several gadgets to enable you to set the colours
of the screen . The coloured squares at the top of the window let you
select which colour you wish to work with. Underneath these is a window-
wide bar, which is filled with the current colour, and displays (in hex)
the value of the colour.
Under this are six slider gadgets . The first three, R, G and B enable you
to set the red , green and blue content of the current colour. The next
three, H, S and L enable you to set the hue, saturation and luminance of
the current colour.
Under these are six other gadgets :
---------------------------------
- COPY allows you to copy the current colour to the next selected
colour.
- SPREAD allows you to evenly spread the colours between the current
colour and the next selected colour.
- RESET allows you to reset to the palette in use when the Palette
Requester was first invoked. Also , pressing the ESCape key has this
effect, so if you accidentally set all the colours to black ( or some-
thing ), just press ESCape.
- DEFAULT returns the colours to their default settings.
- OKAY accepts the current colour settings and exits the palette
requester.
- CANCEL rejects the colour settings and exits the palette requester.
Clicking the close gadget also has this effect.
ICONIFY
-------
Iconify closes the ZeroVirus window and screen, and opens a small window on
the Workbench screen . ZeroVirus now behaves very much like the PD program
VirusX . Unlike VirusX , however , it also contains a title bar clock and
memory monitor. The current time is displayed (and updated) along with the
amount of chip and fast memory available in the system.
When the iconified window first opens , all discs present are checked for
viruses or non-standard bootblocks . If they have viruses or other non-
standard bootblocks on them, a requester appears, asking you if you wish to
return to ZeroVirus . If the bootblock is a virus, you are not told which
virus it is. You will find this out when you return to ZeroVirus.
You are only notified if the bootblock is a virus, or if it is an unknown,
non-standard bootblock.
After all discs have been checked, the clock starts and continues updating.
Every time a disc is changed , that disc is automatically checked, and the
same procedure as above follows.
To return to ZeroVirus from the iconified window, activate the window and
press the right mouse button . To exit ZeroVirus without returning to the
main program, click the close gadget.
If, from the CLI, ZeroVirus is run with the "-i" option, ie
ZeroVirus -i
it will start up in the iconified mode.
You may also, from the CLI, specify the x and y locations of the iconified
window.
ZeroVirus -xnum1 -ynum2
will set the left edge of the window to num1, and top edge to num2. You may
use -i, -x and -y in any order, and they are all optional.
ABOUT
-----
ZeroVirus is NOT public domain , although it is freely redistributable. It
is under NO circumstances to be sold , or included on any product for
profit , without prior permission from me. ZeroVirus may be copied and used
freely.
If you have any comments or bug reports , or find any new viruses , please
---------------------------------------------------------------------------
send them to me.
---------------
CHANGES TO ZEROVIRUS III.
-------------------------
Firstly , ZeroVirus now detaches itself, so you do not need RUN or RUNBACK.
Screen is back to NTSC size - why not?
You now no longer have to press the left mouse button to enter the program.
Brilliant title screen, eh ? Thanks to Adrian Jones for that. Any enquiries
on Amiga graphics , or offers for contract work can be sent to Adrian via
me (see address at the bottom of this text).
A new menu item, Memory, allows you to :
--------------------------------------
a) Re-check memory for viruses . This repeats the procedure that
occurs when the program is run.
b) View memory , to look for any suspicious text.
Palette requester is much nicer . Sorry , Andrew Wong . I know ZeroVirus is
not a paint program , but when you have 4096 colours available , it's silly
(no , notridiculous , just silly) not to take advantage of them.
New Credits requester , showing names of all... those marvelous people who
---------------------
helped making this program what it is.
Into BootBlocks section.
Click on a drive gadget. Zoooom.. yes, bootblock display is several million
% faster.
A new bootblock , Message , displays a scrolling message on a green copper
list . If this disappears from a disk you know it was on , it is likely a
virus has overwritten it.
Hide Drive allows you to switch off a drive, hiding it from DOS. This would
be used , if you are checking lots of non-DOS disks , that would normally
throw up DOS requester when you insert them . Disk change is not dectected
when a drive is hidden , so you have to keep clicking on the drive gadget
to check each new disk.
Back to main menu, into Files section :
-------------------------------------
File viruses currently recognised are BGS9 (or TTV1), LAMER, IRQ and XENO.
Catalogue files lets you generate a catalogue of all files in a directory
(or on disk). These files can later be checked against the catalogue (using
Check Catalogue) for changes in size, date and protection bits.
Into BrainFiles section :
-----------------------
Nothing much changed here , except you can move using cursor ( shift/ctrl,
etc ) keys.. easier, I think.
The file requester is better. DRIVES gives you a list of all available dev-
ices (disk, assigns......). In ARP fashion, SHIFT-RETURN jumps to the other
string gadget.
ZeroVirus III generally is more memory efficient than earlier versions.
Only 1K of chip RAM is used when it is iconified.
That's about all the changes there are . Sorry about the lack of proper do-
cumentation, but, hey! It's free! What more could you want?
Changes v1.18
-------------
(v1.16 & 1.17 were never released).
ZeroVirus now REALLY recognises the changes to system vectors made by
SetPatch r. There is a new function from the main menu, Virus List, which
simply displays an alphabetical list of all the viruses recognised by the
current version/brainfile.
ZeroVirus now uses the req.library for a file and palette requester. A nice
advantage of this (apart from the better requesters) is that the executable
is about 14k (uncrunched) shorter. The req.library MUST be present for
ZeroVirus to run.
* * * * *
PLEASE send any NEW viruses , or suspected viruses , to me at the address
------ ----
below . Or, if you live in Europe, send them to :
Erik Løvendahl Sørensen
Snaphanevej 10
4720 Præstø
Denmark
( and Erik will pass them along to me.)
Enjoy...!
Jonathan Potter
P.O. Box 289
Goodwood, SA 5034
Australia
ph : (08) 2932788
(All donations gratefully accepted . Not only that , but you'll get back a
---------------------------------------------------------------------------
copy of the latest version/BrainFile. Thanks.)
----------------------------------------------
