home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Belgian Amiga Club - ADF Collection
/
BS1 part 23.zip
/
BS1 part 23
/
Zero Virus III.adf
/
VS.Doc
< prev
next >
Wrap
Text File
|
1991-01-20
|
40KB
|
1,063 lines
VScan version 5.03, Copyright © 1989,1990 Arthur Hagen
======================================================
Wednesday December 26th, 1990
TABLE OF CONTENTS:
1 VIRUSES IN GENERAL
1.1 What a computer virus is
1.2 Types of viruses
1.2.1 The worm
1.2.2 The larvae
1.2.3 The true virus
1.2.4 The trojan horse
1.2.5 The bomb
1.3 Virus killing
2 VIRUSES ON THE AMIGA
2.1 Bootblock viruses
2.2 File (link) viruses
2.2.1 Type I file viruses
2.2.2 Type II file viruses
2.3 Trojan horses
3 VIRUSKILLING ON THE AMIGA
3.1 Discovering a virus
3.2 Disabling a virus
3.3 Virus killers for the Amiga
3.3.1 VirusX
3.3.2 KV
3.3.3 Guardian
3.3.4 PseudoOps
3.3.5 Virus Infection Protector
3.3.6 ZeroVirus
3.3.7 NoVirus
3.3.8 KillDaVirus
3.3.9 VScan
3.4 Use of archives/crunchers
3.5 Use of disk optimizers
4 VSCAN INSTRUCTIONS
4.1 About VScan
4.2 Normal operations
4.2.1 Scanning a disk/directory/file
4.2.2 Scan by fast method
4.2.3 Scanning without subdirectories
4.2.4 Scanning with analyze
4.2.4.1 Deep mode
4.2.4.2 Deeper mode
4.2.5 Protecting disks/devices
4.2.5.1 Protecting
4.2.5.2 Unprotecting
4.2.6 Brain file options
4.2.6.1 Making a brain file
4.2.6.2 Adding files to the brain
4.2.6.3 Removing files from the brain
4.2.6.4 Listing the brain file
4.2.6.5 Using the brain file while checking
4.2.7 Memory check
4.2.8 Bootblock options
4.2.8.1 Checking a bootblock
4.2.8.2 Dumping a bootblock
4.2.8.3 Show all known bootblock viruses
4.2.8.4 Installing a fresh bootblock
4.2.9 Help option
4.2.10 Registration query
4.3 Using VScan from the WorkBench
5 REGISTRATION
5.1 Why register
5.1.1 Use off all functions
5.1.2 No random reminder
5.1.3 Your own conscience
5.1.4 Supporting a good cause
5.2 How to register
5.2.1 Direct donation
5.2.2 Money transfer
5.2.3 Gifts
5.3 Illegal versions of VScan
5.3.1 Whodunnit
6 SPECIAL NOTES
6.1 VScan vs other virus killers
6.2 New viruses
6.3 Bugs
6.4 Source code
7 APPENDIXES
7.1 List of known crunchers
7.2 List of known viruses
7.2.1 Bootblock viruses
7.2.2 File (link) viruses
7.2.3 Viruses in memory
7.3 Enclosed files
7.4 Thankslist
1 VIRUSES IN GENERAL
==================
1.1 What a computer virus is:
---------------------------------
To generalize, a computer virus is some code running on a
computer that makes duplicates of itself, by spreading from memory
to other storage media and vice versa. It may also wreak havoc on
a system without the users knowledge. By using an infected disk
(or other infected media) on a system, the virus usually spreads
to other disks, and in a short while, the whole system and every
disk, file or similar may be infected or destroyed.
1.2 Types of viruses:
-------------------------
There are several main types of viruses:
1.2.1 THE WORM:
-----------------
This is a virus that will infect every media once only, usually
whenever the user switches a disk. The worm works automatically,
and usually only on one type of media. This is how the majority
of viruses works.
1.2.2 THE LARVAE:
-------------------
This is almost the same as a worm, but it will only infect
through the use of special actions, like the running of a program,
or the reboot of a system. Very easy to make, and fortunately
quite easy to find and destroy.
1.2.3 THE TRUE VIRUS:
-----------------------
This is a piece of code that will infect the selected media
several times, e.g. by making a copy of itself every time a
program is run. It spreads from media to media, and can
eventually cause a system halt due to lack of storage space. Note
that it is the replica potential that marks this as a TRUE virus,
and just this makes it _v_e_r_y_ dangerous and difficult to
handle.
1.2.4 THE TROJAN HORSE:
-------------------------
This is a program that will identify itself as something quite
different from a virus; it usually disguises itself as either a
utility program or a virus killer. When run, it may spawn
viruses, or invoke a bomb (see below).
1.2.5 THE BOMB:
-----------------
This will wait for certain events to take place, like the date
passing friday 13th, or 32 runs of a program. When the conditions
are met, the bomb will identify itself by either doing something
nasty like erasing all stored data, or simply by putting a message
to screen or printer. Many of the above virus types include bombs
in their code.
Note that there are several more types of viruses, and that many
are in fact combinations of several.
1.3 Virus killing:
----------------------
To successfully kill a virus, one must either eradicate ALL
infections, or run a resident program that continuously checks for
viruses. To erase a virus from a media, one first have to know
it's there, then find out where it hides (both on storage media
and in memory), and then identify the virus to find out how to
kill it. This may be so simple as to delete all programs that
have certain names, or might mean several hours of scanning on
each and every disk. Fortunately there are programs that will
find, identify and kill viruses for you.
2 VIRUSES ON THE AMIGA
====================
2.1 BootBlock viruses:
--------------------------
The most common virus type on the Amiga is the BootBlock virus.
Most of these are larvae (see above) or worms, and they are all
relatively easy to identify and destroy. The first two known
viruses on the Amiga (the SCA virus and the Byte Bandit virus)
were BootBlock viruses, and 90% of all BootBlock viruses are mu-
tations of these two. Every time one reboots the Amiga from disk,
a small part of the disk is read and executed. The BB virus will
wedge itself into the code used to start the disk, gain access to
the system memory, and start reproducing itself either by re-
writing itself to disk at every boot, or by writing itself to
every disk that is inserted in any drive. Many of the BB viruses
also includes bombs which will eradicate parts of your disks,
freeze your machine, or otherwise corrupt your system.
2.2 File (link) viruses:
----------------------------
These are not so common as the BB viruses, but are equally
dangerous and should be eradicated whenever encountered. There
are really two categories of this virus type:
2.2.1 Type I file viruses:
----------------------------
The true link virus which will attach itself to certain files,
and spread by making new attachments. This type of virus can be
identified by the increase of file sizes, or by specifically
checking each and every file for the incriminating code.
2.2.2 Type II file viruses:
-----------------------------
The "invisible" file virus which will replace a system file with
a copy of the virus itself, possibly padding the file with empty
data to retain the same file size as the original program. The
original program will be renamed to a filename usually consisting
of non-printable characters, so it will normally not be seen on a
directory scan. When run the virus will execute this invisible
file to enable the system to act as normal, and then it will place
itself into memory. This type of virus is found - not by
searching for the "invisible" file (which is not the virus) - but
by scanning for specific files that call these files.
Usually the file viruses scans the s:startup-sequence for a
usable filename, and attacks this file. It may also attack spe-
cific files, or (if a type I virus) attack several files on each
medium.
2.3 Trojan horses:
----------------------
Some programs on the Amiga poses as utilities, but in addition
to their normal appearance, they also contain incriminating code.
See section 1.2 for an explanation of Trojan horses.
3 VIRUSKILLING ON THE AMIGA
-------------------------
3.1 Discovering a virus:
----------------------------
There are several ways to discover viruses on the Amiga. Often
the virus itself will make its precense known to the user by
putting special messages on screen. You may also experience disks
that suddenly refuse to boot, or they may GURU upon upgrading from
one kickstart to another. Sometimes you just get read-write
errors on disks just too often for it to be coincidental. You may
also experience messages saying "Disk Full" without having written
to that disk, and you may be requested to remove the write
protection on disks when inserting them into the drive(s).
Of course, virus killers will also often tell you about viruses,
but if you use a "normal" virus killer, don't be too sure that it
finds any virus, or that what it tells you is a virus REALLY is a
virus.
3.2 Disabling a virus:
--------------------------
The 'C:INSTALL' command may be of some help killing BB
(BootBlock) viruses. You may use 'Install df0: check' from the
CLI to check if a BB is normal, and 'Install df0:' to make a BB
normal. Be careful, because most commercial program disks require
non-standard BB's, and changing these BB's will most likely render
the disk useless.
File viruses can be found if you keep a record of files and file
sizes on your disks, and check the contents regularly. If you
have a backup, you can then restore the proper files.
Otherwise, use a good virus killer!
3.3 Virus killers for the Amiga:
------------------------------------
There are several good and less good virus killers for the
Amiga. Here is a resumé of some of them:
3.3.1 VirusX by Steve Tibbett
-------------------------------
The best known and most widely used viruskiller. It will kill
several BB viruses, and some file viruses (if infected by "normal"
methods. I.e. it will not kill file viruses if a file is
downloaded, copied or renamed). It will also kill several memory
resident viruses, but unfortunately it also tries to kill other
memory resident routines like the RAD: if you have 2Megs of
chip-mem. VirusX is not dynamic, i.e. it must be recompiled and
redistributed for every new virus found by the author. VirusX is
freeware and includes source code. This has led to at least two
bogey versions of VirusX (version 3.3 and 4.40), but VirusX is
still a pretty good program. Available from most BBS's and PD
sources.
3.3.2 KV by Dan J. James
--------------------------
Bundled with VirusX in the VIRUSX archives. KV will search for
file (link) viruses, and also tries to remove them from memory.
KV can not scan entire disks or devices, and even manages to kill
important system files if you have protected your disks with a
virus protector. Freeware - source included. Available from most
BBS's and PD sources.
3.3.3 Guardian
----------------
Guardian protects you from BB-viruses by staying resident in
memory, and checking the BootBlock and memory at boot-time. Knows
about some BB viruses, but is by now outdated. No new versions
have arrived since 1988. Available from most BBS's and PD
sources, and from the magazine "Amiga Transactor".
3.3.4 PseudoOps viruskiller
-----------------------------
Takes the same approach as Guardian, but promises to be dynamic,
i.e. upgradable. Will not work on 68020+'s. Available from most
BBS's and PD sources.
3.3.5 Virus Infection Protector
---------------------------------
Program for saving and retrieving BootBlocks. Not really a
virus killer, but if you need to make an archive of BootBlocks,
this may be the one for you. Commercial.
3.3.6 ZeroVirus by Jonathan Potter
------------------------------------
Nice viruskiller since it will find and kill both BootBlock- and
file-viruses. Has many of the same options as VScan, but is more
intuition-based (Menus and gadgets). Will alas only find known
viruses, and usually crashes upon leaving. Nice program, though.
Commercial, AUD 25.00
3.3.7 NoVirus by Nic Wilson
-----------------------------
Kills all known types of viruses, and can in addition scan Boot-
Blocks for new previously unencountered viruses. NoVirus also has
several built-in functions no other virus killers can offer.
NoVirus is a commercial program, and can be ordered from:
Nic Wilson Software
138d South Street
Toowoomba, Qld 4350
Australia, Australia
or by phone +61 76 358539
3.3.8 KillDaVirus III
-----------------------
Quite nice viruskiller if you use KickStart 1.3 without any
special resident routines. Kills 35 viruses, and can find some
file viruses. Unfortunately it reports one of the protection
files of VScan as a virus.
3.3.9 VScan by Arthur Hagen
-----------------------------
The program you are now reading the Doc's for. Finds both BB
and file viruses, and kills memory-resident viruses as well. It
is the only program that scans for NEW file viruses as well as
being able to detect changes in your files. Will by option scan
entire disks or devices, and will also list filetypes and file
sizes. It is also very fast, almost comparable to the Dir and
List functions. Will work with all memory types and processors,
but requires a console window (like Shell or CLI) to run.
Registration fee of USD 10.00 must be paid to have full access to
this program. Available from most BBS's.
3.4 Use of archives/crunchers:
----------------------------------
If you have archives (like .ZOO, .LZH etc) of some of your
files, you might be interested to know that virus-infected files
can hide inside these, and no virus killer will ever find them.
It is therefore important to extract all archives and check the
contents for viruses. VScan will tell you which files that really
are archives (even if they are renamed).
If you use crunched programs (programs that are packed, and
self-extracts at run-time), please be very careful. Often viruses
are added to these files PRIOR to crunching, and the virus itself
can then NOT be found. If you use crunchers, at least use a
cruncher that will allow you to decrunch your files. PowerPacker
will both crunch and decrunch, and even decrunch some programs
packed by other crunchers. VScan will of course alert you to
which programs are crunched, and for registered users the cruncher
used will also be displayed. Decrunch these and recheck. To make
a file smaller, you could try HunkFix by the same author. This is
not a cruncher, but a nice program nevertheless.
3.5 Use of disk optimizers:
-------------------------------
Often people use disk optimizers to speed up their disk access.
I would NOT recommend that you do this, because the AmigaDOS file
system is organized in a special way, and using an optimizer will
corrupt this. (In fact, VScan will run much SLOWER on an optimized
disk.) You may no longer be able to retrieve programs from bad
disks using DiskDoctor, DiskSalv, FixDisk et al., and, if a virus
like Lamer Exterminator has attacked this disk, you may also find
that you lose most of the disks contents instead of just a file or
two. In order to speed up your disks, you should rather format a
blank disk, and copy all files over to this disk.
4 VSCAN INSTRUCTIONS
==================
4.1 About VScan:
--------------------
VScan was made to easily check all files that I received from
different sources for the TTV1 virus, since there was no killer
available for this virus. I also included the IRQ virus, even
though I haven't seen this since the release of KickStart 1.3.
Then KV was released with VirusX 3.20, and nobody needed VScan
anymore (sob). I figured out I had to offer something more, and
started working on the Analyze routine to check for completely NEW
viruses on files. So VScan grew. The current version will scan
memory, files and bootblocks for viruses, and can keep a brain
file which remembers the file sizes of all your precious programs,
and more... Since VScan is a part time project, and was in fact
the first program I wrote for the Amiga, as well as my first C
program ever, please excuse the lack of windows, gadgets etc. I
will try to add these things later if need be. In order for me to
continue to upgrade this program, please send me information about
new viruses, as well as suggestions and comments (gifts would also
be welcome ;-). When using VScan you may find that some of the
below listed functions of VScan does not work. This may be
because you use an unregistered version. See section 5 for
information of how to register. If you note any other
irregularities, please use the included bug-report form, and I
will try to correct them asap.
4.2 Normal operations:
--------------------------
Several of the following instructions may be mixed at will. You
can, for example, say 'VScan analyze files' to analyze all files
on the current directory. All options inside squared brackets are
optional. Those inside curly brackets are mandatory. Note that
all commands should be entered from a CLI or similar. Also note
that you can redirect the output of VScan to e.g. a printer or a
file by using the ">" redirector. For example: 'VScan >PRT: C:'
will scan the C: directory, and print the results. In the
examples given, upper and lower case letters are used, but VScan
is in fact quite case insensitive, so 'vSCan mEMorY' should work
just as well as 'VScan Memory'.
4.2.1 Scanning a disk/directory/file:
---------------------------------------
1> VScan [pathname]
This will scan [pathname] for known viruses, and kill them if
possible. You will also get a progress listing with filenames,
filesizes and info about the files. If no pathname is supplied,
this will search the current directory with all subdirectories,
and if pathname is a file, it will just scan that particular file.
Note that wildcards are not supported (yet).
Example: 1> VScan
Example: 1> VScan df0:
Example: 1> VScan SYS:C
Example: 1> VScan DH0:System/DiskCopy
4.2.2 Scan by fast method:
----------------------------
1> VScan Fast [pathname]
or 1> VScan Quick [pathname]
Normally VScan will search through the directory three before
printing any results, to make a more tidy output by listing
directories above files. This option disables this, and will
usually make VScan run somewhat quicker. Note that no speed
increase is gained if pathname is the name of a file.
Example: 1> VScan Fast
Example: 1> VScan Quick df1:
4.2.3 Scanning without subdirectories:
----------------------------------------
1> VScan Files [pathname]
Normally VScan will automatically scan the contents of all
subdirectories as well as the specified directory. This can be
turned off by using the Files option. This option makes VScan a
good substitute for the "List" and "Dir" commands. This option is
not applicable if pathname is a single file.
Example: 1> VScan Files devs:
4.2.4 Scanning with analyze:
------------------------------
Note: These options are available on REGISTERED versions only!!
By using this option, you enable VScan to load and analyze each
file, and display further information about the files. Unknown
executable files will be scanned for code that is similar to that
used by file viruses, and NEW viruses may be discovered this way.
Note that the Deep options may be combined with the Fast or the
Files options.
4.2.4.1 Deep mode:
------------------
1> VScan Analyze [pathname]
or 1> VScan Deep [pathname]
You will be given a rating of the program(s) according to their
internal coding. This is ONLY available on VScan. If the file is
most probably O.K., VScan will rate the program as "Harmless" or
"Mostly Harmless", or if the file is crunched, the cruncher's name
will be shown.
Example: 1> VScan Analyze
Example: 1> VScan Deep C:
Example: 1> VScan Fast Deep
Example: 1> VScan Analyze Files DH0:DownLoads
4.2.4.2 Deeper mode:
--------------------
1> VScan Deeper [pathname]
or 1> VScan Atomic [pathname]
The hunk structure of the files will also be listed, or if files
are crunched, the crunchers used will be displayed. No other
programs can do this. You may also dump Amiga-type object files
by using this option(!).
Example: 1> VScan Deeper C:
Example: 1> VScan Atomic LIB:amiga.lib
Example: 1> VScan Fast Deeper FH7:mysource/objectfiles/
4.2.5 Protecting disks/devices:
---------------------------------
These two options will enable you to protect/unprotect disks or
devices from file viruses. See below for details.
4.2.5.1 Protecting:
-------------------
1> VScan Protect [device]
or 1> VScan Pro [device]
This option will, if possible, make three "invisible" dummy files
on the selected device. These three files, two in the DEVS
directory, and the other in the ROOT directory, have the same
names that three file viruses use on their "invisible" files,
and this fools these viruses to believe that the disks already are
infected. Regretfully this also fools the virus killers VirusX
and KV, as these viruskillers seem to believe that the "invisible"
files are the viruses without checking further. As a matter of
fact, the "invisible" files are NEVER viruses themselves. If you
use the "List" command on the root directory or the devs
directory, protections made by VScan will identify themselves by
their filesize and attached filenote. VScan will of course also
tell you about protection files. The three viruses prevented from
infecting disks by using this option are the TTV1 (alias BGS9),
the Terrorist virus, and the Revenge of the Lamer virus.
Example: 1> VScan Protect df0:
Example: 1> VScan Pro SYS:
4.2.5.2 Unprotecting:
---------------------
1> VScan UnProtect [device]
or 1> VScan UnPro [device]
Removes the protection made by the [Protect] option. Will also
remove protectors made by other antivirus programs.
Example: 1> VScan UnProtect df0:
Example: 1> VScan UnPro SYS:
4.2.6 Brain File options:
---------------------------
VScan gives you the possibility to easily make a archive of file
names and file sizes, and automatically check if file sizes have
changed. This may enable you to discover completely NEW file
viruses, and combined with the Analyze mode makes VScan the most
versatile file virus killer available. These options make and use
a file in devs: called VScan.Brain which contains info of all
files you yourself select to include therein. As this file is
self-checking, the maximum protection is achieved.
4.2.6.1 Making a Brain File:
----------------------------
1> VScan CreateBrain
or 1> VScan BrainCreate
Before adding filenames and filesizes to the brain file, you
need a brainfile called DEVS:VScan.Brain. This command will make
this file for you. Note that if you already have a brainfile,
this command will erase the old file with all its contents.
Example: 1> VScan BrainCreate
4.2.6.2 Adding files to the Brain:
----------------------------------
1> VScan AddBrain [pathname]
or 1> VScan BrainAdd [pathname]
This option will automatically add files to the brain file while
doing normal VScan operations. If a file already is in the brain
file while using this option, the brain file entry will be up-
dated. Note that ".info" files (and some other files) are never
added to the brain, as this scarcely is neccessary.
Example: 1> VScan AddBrain c:Dir
Example: 1> VScan Files BrainAdd Deep SYS:System/
4.2.6.3 Removing files from the Brain:
--------------------------------------
1> VScan BrainSub [pathname]
or 1> VScan SubBrain [pathname]
or 1> VScan BrainDel [pathname]
or 1> VScan DelBrain [pathname]
You may wish to remove one or more files from the brain, either
to decrease the size of the brain, or because the file(s) in
question change(s) quite often or are not useful to have in the
brain file. This option allows you to do this.
Example: 1> VScan BrainSub Dir
4.2.6.4 Listing the Brain File:
-------------------------------
1> VScan BrainList
or 1> VScan ListBrain
You may wish to see the contents of the brain file. This option
will list all files currently in the brain file, along with the
stored file sizes.
Example: 1> VScan BrainList
Example: 1> VScan >PRT: ListBrain
4.2.6.5 Using the Brain while checking:
---------------------------------------
1> VScan ScanBrain [pathname]
or 1> VScan BrainScan [pathname]
or 1> VScan Brain [pathname]
When using this option, the brain file will be loaded into
memory, and all files checked will be matched against the contents
of the brain. If a file has changed its size, a warning will be
given. Note that all standard file options (Fast, NoSweep, Deep)
can be used together with this option.
Example: 1> VScan Brain C:Addbuffers
Example: 1> VScan BrainScan Deep Fast SYS:
4.2.7 Memory check:
---------------------
1> VScan Memory
or 1> VScan Mem
Viruses stay alive by hiding in memory, so if you kill a virus
on a disk, but not in memory, the disk could easily be reinfected.
The memory option will check out the memory for you, and kill all
known as well as many unknown viruses. This is maybe the best
option of all, and I can strongly recommend that you put the above
command first in your s:startup-sequence. Of cource, VScan will
automatically find out if you have SuperFatAgnus or FatterAgnus,
and will report neither of these nor the RAD: disk as viruses
(unlike some other well known virus killers). If VScan finds an
unknown virus in memory, it will try to kill it, and will then
force a reboot to clear the memory. This can be prevented by hit-
ting the left mousebutton while VScan counts down before re-
booting.
Example: 1> VScan Memory
Example: 1> VScan Mem
4.2.8 BootBlock options:
--------------------------
Even though VScan was originally meant as a file virus killer,
it now has several functions to check bootblocks. As new BB
viruses appear almost every week, information about these viruses
are kept in a file called 'virus.library' that should be included
with the program VScan, and placed in your libs: directory.
This file is likely to be updated quite more often than the pro-
gram VScan itself, and may be found on BBS's under the name
VLIB498.LZH or something similar (depending on the release).
4.2.8.1 Checking a BootBlock:
-----------------------------
1> VScan CheckBoot {df?:}
or 1> VScan BootCheck {df?:}
or 1> VScan BootBlock {df?:}
or 1> VScan BB {df?:}
This option will load a bootblock from a floppy disk, and check
it against the list of known viruses in the current release of the
virus.library. If any match is found, the offending virus will be
killed if the disk is write-enabled. The bootblock will be re-
placed with a standard 1.2/1.3 bootable bootblock. Note that the
curly brackets used above means that the drive MUST be specified
to check a bootblock. Valid drive names are DF0: to DF3: de-
pending on your computer's configuration.
FOR REGISTERED USERS ONLY: If an unknown bootblock is found,
the program will enter Analyze mode, and give it's opinion of
whether the bootblock is safe or not. You will then be asked
if you want to install a fresh bootblock.
Example: 1> VScan CheckBoot df0:
Example: 1> VScan BB DF1:
4.2.8.2 Dumping a BootBlock:
----------------------------
1> VScan DumpBoot {df?:}
or 1> VScan BootDump {df?:}
VScan may report a bootblock as unknown or custom, and you may
want to look at it to be certain that it really is harmless. This
option will dump the bootblock to standard output in exactly the
same format as used by the 'Type <filename> opt h' command. To
save screen space, the output will stop when no more data is found
on the bootblock. To see how this command works, try it on both
standard disks as well as on commercial "must_be_booted" disks.
You may even keep a record of your custom bootblocks by using this
command with redirection to printer or a file. This can be useful
to ensure that no new virus changes the bootblock.
Example: 1> VScan DumpBoot df0:
Example: 1> VScan BootDump >>MyBootblocks DF2:
4.2.8.3 Show all known BootBlock viruses:
-----------------------------------------
1> VScan ListBoot
or 1> VScan BootList
You may want to know which viruses the current release of the
virus.library file can identify. This command lists the names of
the viruses. If you hear of a new virus, this option will tell
you whether VScan is able to find it.
Example: 1> VScan ListBoot
Example: 1> VScan >PRT: BootList
4.2.8.4 Installing a fresh BootBlock:
-------------------------------------
1> VScan InstallBoot {df?:}
or 1> VScan BootInstall {df?:}
This command does the same as the AmigaDOS command INSTALL. You
make a disk virus-free and bootable with this command. Use with
care; don't install any disks with custom bootloaders (e.g. games)
This install-command should work even if the memory is infected
by an unknown virus, and is therefore safer to use than the normal
AmigaDOS command.
Example: 1> VScan InstallBoot df1:
Example: 1> VScan BootInstall df0:
4.2.9 Help option:
--------------------
1> VScan Help
or 1> VScan ?
or 1> VScan -h
You may need some temporary help with the commands while using
VScan. This option will list a small command summary, as well as
a few facts about the program itself. By Amiga standards, sup-
plying a question mark to the filename should have given you a
template, but as most people want a brief summary instead, this is
what you get.
Example: 1> VScan ?
Example: 1> VScan >PRT: Help
4.2.10 Registration query:
---------------------------
This is not an option which can be chosen by the user. If you
use an unregistered version of VScan, every tenth time (at random)
you run VScan, you will be queried to register yourself as a user.
As VScan is NOT FreeWare or Public Domain, this small reminder
serves a useful purpose. Whenever (if ever) you register, this
registration query will automatically cease to pop up.
4.3 Using VScan from the WorkBench:
---------------------------------------
Click on the VScan! icon, then hold down shift and double-click
on the file/drawer/disk you want to check for file viruses.
If you just double-click on the VScan! icon, the memory will be
searched for viruses, and then all disks present will be scanned
for bootblock-viruses.
5 REGISTRATION
------------
5.1 Why register:
---------------------
5.1.1 Use of all functions:
-----------------------------
VScan will not allow the use of the powerful Analyze tools if
you are not registered as a VScan user.
This may not seem a great problem until the next virus arrives,
and you know you have it, but can't find it...
5.1.2 No random reminder:
---------------------------
You will no longer see the reminder that is printed on screen at
random intervals on unregistered versions. This also means that
you can trust VScan enough to put 'VScan mem' first in your
S:Startup-Sequence.
5.1.3 Your own conscience:
----------------------------
It is illegal to use this program for a prolonged time without
registering yourself as a user. I won't press any charges or go
to court, but you might consider it proper to register if you keep
this program.
5.1.4 Supporting a good cause:
--------------------------------
The registration fee will, in full, be forwarded to an infirmary
for rheumatic children. Believe me, this is a good cause. If you
don't trust me, either send the funds/gifts directly there, or
support a similarly good cause of your own choice.
5.2 How to register:
------------------------
People who either forward funds, or send a copy of a valid do-
nation receipt, will be registered as users, and will be entitled
to the use of this program with ALL its functions, and in addition
they can opt for support from the author.
The fact that most of the functions of the program works also on
unregistered versions does NOT mean that you are free to use the
program - see Copyright.DOC!
People who use this program WITHOUT paying said charges, are in
fact breaking the law, and are no better than pirates and virus
makers.
5.2.1 Direct donation:
------------------------
Donate USD 10.00 or NOK 100.00 or equivalent in any currency to
any childrens hospital, or hospital for rheumatic people or
similar. Then notify me.
5.2.2 Money transfer:
-----------------------
Send me USD 10.00 or NOK 100.00 or equivalent in any currency
through SWIFT, fedwire or international check to the following
norwegian account:
/1600.52.26531
Acct name: Arthur Hagen
Acct held by: Union Bank of Norway,
OSLO, NORWAY
SWIFT 1 address: UBNONOKK
or by intl. check / money order to this address:
Arthur Hagen
Johan Scharffenbergsvei 99, apt 56,
N-0694 OSLO 6
PAR AVION Norway, Europe
Please do NOT send foreign cash by mail, as the charges for
exchanging foreign cash might well exceed the amount sent!
Funds received will be forwarded to the Rheumatic Hospital in
Oslo, and will be marked for use for children.
5.2.3 Gifts:
--------------
Gifts to the said institutions/address are also accepted in
lieu of the registration fee, as long as the gift is not for me,
but for charity. (Of course, if you want to send ME a small gift,
you are welcome to do so; souvernirs from your part of the world
would be much appreciated.)
5.3 Illegal versions of VScan:
----------------------------------
It was bound to happen sooner or later... A person registered
himself as a VScan user, and allowed the spreading of that
registered version of the program. I am now pleased to say that
countermeasures are taken in this version of VScan, and I urge you
NOT to use any registered versions that's not yours, as I cannot
warrant the consequences thereof.
5.3.1 Whodunnit:
------------------
As I have no sympathy whatsoever for persons cheating money from
handicapped children, I will keep a public record here of persons
who have misused their license by giving away registered versions
of VScan:
i) Arvid Kristoffersen, Oslo, Norway
6 SPECIAL NOTES
-------------
6.1 VScan vs other virus killers:
-------------------------------------
You may encounter some problems when using VirusX and/or KV in
conjunction with VScan-protected disks. VirusX and KV use
checking methods that fool themselves into thinking that the pro-
tection files are viruses. The same goes for disks protected by
other virus killers. VirusX and KV often report viruses where
there are none, and they often will kill the first command in your
s:startup-sequence regardless of it's actual contents. The same
may be true for some other virus killers.
6.2 New viruses:
--------------------
If you find a new virus that VScan cannot handle, please send it
to me ASAP, and in return I will send you the newest version of
VScan (hopefully including a routine to kill just that virus).
Please use the enclosed virus report form if possible.
6.3 Bugs:
-------------
Even though I've tried to eliminate most bugs in VScan, there
are bound to be some left, so please send me reports of encount-
ered problems using VScan. If possible, tell me all about your
system (kickstart version, workbench version, ram, harddisks etc),
and try to explain just what you did. The bug report form should
be of great help here.
6.4 Source code:
--------------------
If you are suspicious of nature, and will encertain that VScan
is not a Trojan horse, you may get the source code from the
author.
You may ask for the source on the following BBS systems:
Red Heart (M)BBS, +47 2 522434, 300-19200 bps, F8N1, 24 hours
MediaFoto (M)BBS, +47 2 176056, 300- 9600 bps, F8N1, 24 hours
or by mail to the above mentioned address.
7 APPENDIXES
----------
7.1 List of known crunchers:
--------------------------------
ANC cruncher (crload/crsave)
ByteKiller 1.3
DefJamCruncher
DragPack 1.0-1.1
Flash Packer 1.4
HQC 2.0
Imploder 1.0-3.1
MasterCruncher 3.0
Mega Crunch 1.0
Mega Crunch (not same as above)
PowerPacker 2.1-3.0a
Relokit 1.0
SuperCruncher 2.7
TetraCrunch 1.2
TetraPack 2.2
Time Cruncher 1.2
Titanics Cruncher
TNM 1.1
TryIt 1.01
+Two crunchers I don't know by name
...and more will be added.
In addition VScan recognizes .ZOO, .PP, .WRP and .LZH archives,
not by name but by code (they could be renamed).
7.2 List of known Viruses:
------------------------------
The following viruses will be found and/or killed by VScan:
7.2.1 BootBlock Viruses:
--------------------------
See list in VLIB.DOC
7.2.2 File (link) viruses:
----------------------------
IRQ v. 41.0
Revenge of the Lamer I
Revenge of the Lamer II
Revenge of the Lamer III
TTV1 I alias BGS alias GSG9
TTV1 II
Xeno I
Xeno II
Terrorists alias TTV1 III
Butonic
Travelling Jack
CCCP
...and more will be added.
VScan will also analyze files for NEW virus types.
7.2.3 Viruses in memory:
--------------------------
Australian Parasite
Bamiga Sector One
BlackFlash
Byte Bandit
Byte Bandit Clones (several different)
Byte Warrior
CCCP
DiskDoktor
Gadaffi
Graffiti
HCS I
HCS II
IRQ
Lamer Exterminator I
Lamer Exterminator III
LSD
Micro Master / AEK
MicroSystems
NorthStar / StarFire I
NorthStar / StarFire II
Obelisk
Opapa
Pentagon Circle I
Pentagon Circle II
Phantasmograph
Revenge
Revenge Clones (several different)
Revenge of the Lamer
SCA
SCA Clones (several different)
UltraFox
VKill
WarHawk
Xeno
... and several others
... and many viruses not yet encountered
... and more will be added if you people out there keep sending
the new ones to me.
7.3 Enclosed files:
-----------------------
The following files should be contained in this archive, or on
this disk:
Docs/READMEFIRST
Docs/VScan.DOC
Docs/Copyright.DOC
Docs/History.DOC
Docs/Virus_Report_Form
Docs/Bug_Report_Form
virus.library Version 4.99
VScan Version 5.03
VScan!
VScan!.info
If any of these files are absent, try to get your programs from
another source in the future!
7.4 Thankslist:
-------------------
Thanks goes to the following:
__
__///
Jay Miner for the \XX/
MediaFoto for the use of their FAT machine
and their excellent BBS.
the Whale for eating all that fish.
Ole Chr. Magneshaugen for technical support at Commodore.
Johnny Niska for keeping me occupied.
Jørn Lokøy for his homebrewed beer.
... and all of you who have registered yourselves as VScan users.
*Art