home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Vectronix 2
/
VECTRONIX2.iso
/
FILES_07
/
UVK_6_3.LZH
/
UVK_6_3
/
DOX
/
MANUAL.TXT
< prev
next >
Wrap
Text File
|
1994-07-16
|
76KB
|
1,285 lines
USER MANUAL for the "Ultimate Virus Killer"
written by Richard Karsmakers
Mark III (rewrite) initiated June 19th 1993
Last change: April 29th 1994
LIST OF CONTENTS
LIST OF CONTENTS
DISCLAIMER NOTICE
INTRODUCTION
MAKING A BACKUP
STARTING THE "ULTIMATE VIRUS KILLER"
WORKING WITH THE "ULTIMATE VIRUS KILLER"
SEEK'N'DESTROY VIRUSES
IMMUNIZE DISKS
REPAIR BPB (BIOS PARAMETER BLOCK)
BOOTSECTOR VIRUSES
LINK VIRUSES
RESTORE DISKS
THE SYSTEM STATUS SCREEN
FEEDBACK
CREDITS
TROUBLE SHOOTING CHART
THE "ULTIMATE VIRUS KILLER" CONFIGURATION FILE
THE "ULTIMATE VIRUS KILLER" HISTORY FILE
The "Ultimate Virus Killer" programme and manual are
copyright (c) 1993 by Douglas Communications
0 DISCLAIMER NOTICE
We make no warranties, either expressed or implied, with respect to this
manual or with respect to the software described in this manual, its quality,
performance, merchantability, or fitness for any particular purpose. The
entire risk as to its quality and performance is with the buyer. Should the
programme prove defective following its purchase, the buyer assumes the entire
cost of all necessary servicing, repair, or correction and any incidental or
consequential damages. In no event will we be liable for direct, indirect or
consequential damages resulting from any defect in the software.
1 INTRODUCTION
Congratulations on your acquisition of the "Ultimate Virus Killer" (or, for
short, UVK). This is probably the most versatile and definitive product in
the battle against computer viruses on the Atari ST/STE/TT/Falcon; a full-
fledged tool that has taken many years of painstaking development already. The
main features of this programme are:
* Recognition of virtually all software that uses the disk's bootsector
* Recognition of ALL known viruses - both bootsector-and link viruses
* Option to restore previously damaged software that needs a specific
bootsector program
* All harmless data on your disks remains 100% intact!
* Immunization of disks/files against many bootsector-and link viruses
* Option to repair damaged or destroyed BIOS Parameter Blocks
* Automatic recognition of any hard-, floppy-and RAM disks that are present
* Automatic recognition of all known viruses already present in the computer
system
* Almost 40 direct on-line, context-sensitive help screens included in the
programme, accessible by pressing the [HELP] button
* Automatic calculation of a 'Virus Probability Factor' for
suspicious/unknown bootsectors
* Fast scanning of a whole drive or partition for link viruses. This allows
you to scan a full partition or floppy disk for link viruses 'at the touch
of a button'
* Option to save potential viruses to disk or print them out, to have them
analysed by the programme author
* Extensive system check; specifies suspicious system variables, scans for
reset-proof programmes and checks for viruses in memory - also when a hard
disk is attached!
* Full compatibility with MEGA ST, MEGA STE, ST, STE and Falcon with a
minimum of 512 Kb of RAM, any ROM TOS and any known hard disk driver
* Total compatibility with any multi-tasking OS
* TT compatibility
* Contains fast, compact machine code routines, harnessing the raw processing
power of the 680x0 type of processors
* Extensive recognition of memory-resident programmes (among
which all known viruses...)
* Comfortable and easy-to-use mouse/keyboard user interface
* Programme checks itself for link virus infection on start-up
* Metados compatibility - check up to 26 drives/partitions!
* Fully GEMDOS compatible, using dialog boxes and easy GEM
conventions
With this tool handy, you need never worry about viruses on your computer any
more: You can simply use it to de-infect your disks and programmes, destroying
the viruses and leaving all other information and data intact.
2 MAKING A BACKUP
The "Ultimate Virus Killer" contains no copy-protection, as it is our firm
belief that copy protection decreases the userfriendliness of programmes
- especially when the programme in question happens to be a utility program
such as the "Ultimate Virus Killer".
Copying it to others, however, is illegal and depriving me and others from a
modest income made by the sales of this product. A UNIQUE LICENCE NUMBER IS
CONTAINED IN THE PROGRAMME, SO THAT ILLEGAL COPIES CAN BE TRACED BACK TO THE
OFFENDER! THIS IS NOT VISIBLE TO THE USER AND HIDDEN IN THE PROGRAMME CODE!
Just use the GEM desktop facilities to copy the files to another disk (or to
hard disk) for backup purposes. For the programme to run properly, the
"DATA.PAK", "640_200.RSC" (for medium resolution), "640_400.RSC" (for any
other resolution) and "UVK_x_x.PRG" files on the original "Ultimate Virus
Killer" disk are needed. An optional configuration file may be handy (see the
appropriate chapter). If you wish to use the programme as a desk accessory you
may rename the "UVK_x_x.PRG" file to "UVK_x_x.ACC" and copy the necessary
files to the root directory of your boot drive. Usually this is partition C if
you have a hard disk, drive A if you don't.
If you are not familiar with the GEM copying conventions, please refer to
your computer's user manual.
Notes on using the "Ultimate Virus Killer" as an accessory:
Usually an accessory is located within the root directory of your boot drive.
However, with use of small accessories such as "Chameleon" that can load and
unload another accessory it may very well happen that you load an accessory
from somewhere else. The "Ultimate Virus Killer" has no problems with that as
long as you make sure that the supplemental files are located in the *current*
directory of a floppy disk or hard disk partition. This means that you have to
open a window to that directory first, *then* use "Chameleon" to load the
"Ultimate Virus Killer". If you neglect this, as a rule only the root
directories of all your valid partitions will be checked for occurrence of the
supplementary files.
You can leave away the "DATA.PAK" file when using it as an accessory in order
to save memory.
If you want to use the "Ultimate Virus Killer" as an accessory on colour
monitors, you have to make sure that your system is switched into a proper
resolution (NOT low resolution!) before any accessories are loaded. They may
be achieved through AUTO folder programs such as "Superboot" and "XBoot" which
can leave your system in medium resolution upon leaving.
3 STARTING THE "ULTIMATE VIRUS KILLER"
Turn your computer off and on again with the "Ultimate Virus Killer" disk in
drive A. After some seconds, a desktop will appear that contains
several file names, amongst which is one called "UVK_x_x.PRG" (where "x_x"
stands for whatever the current version number is). Double-click on this file
with the mouse pointer to load and run it. If you do not want the "DATA.PAK"
restore data file to be loaded (which is only needed if you want to restore
commercial games or demos that have had the programs on their bootsectors
wiped out) you can keep the [CONTROL] key pressed during booting. If you want
to skip the start-up system status screen for whatever reason you should keep
the [RIGHT SHIFT] key pressed.
In case the current system date is not valid (i.e. if the system's internal
clock is set to a date before the year and month in which the current
"Ultimate Virus Killer" version was finished) you will be requested to enter
the date and time before doing anything else. if you do not want to change the
time, you may simply leave the time specification unaltered and press
[RETURN], [ALTERNATE]-O or click on the "OK" button after having entered the
date.
The "Ultimate Virus Killer" will present its start-up screen after some more
seconds, after which it will be ready to be used.
It is advisable to boot your system with the "Ultimate Virus Killer" disk
because it contains a virus-free and immunized bootsector. Theoretically, no
virus can be present in memory this way (turning your system off and on
again assures that no possible reset-resistant viruses survive).
Should you want to create another disk to regularly boot your system with,
just copy whatever files you want on it, then check it with the "Ultimate
Virus Killer", write-protect it and keep it write-protected.
KEEP YOUR ORIGINAL "ULTIMATE VIRUS KILLER" DISK WRITE-PROTECTED AT ALL (!!)
TIMES!
4 WORKING WITH THE "ULTIMATE VIRUS KILLER"
On start-up, a GEM dialog box will appear on the screen. This kind of dialog
box will be used throughout the programme and offers some interesting extras
when compared to the standard GEM dialog boxes you may be used to. For
example, it is not only possible to select your option by clicking the left
mouse button on its button, but your selection may also be made by keeping
the [ALTERNATE] key pressed and then pressing the alphanumeral that is
underlined within the button you want to select. The option that has a
thickened frame is the 'default' button, which may be selected additionally by
pressing [RETURN] or [ENTER]. Buttons that cannot be selected are represented
with a 'greyed out' text and border.
Help options, when available, are accessible by clicking on the "HELP" button
at the left bottom of a dialog box, or by pressing the [HELP] key on your
keyboard. Any button containing a "(U)" in its text (usually a button
containing "NO", "CANCEL" or "QUIT") may additionally be selected by pressing
the [UNDO] key on your keyboard.
On the right top corner of most dialog boxes you will find a special box
(resembling a dog-ear) by means of which it is possible to move the dialog
boxes around the screen, providing your screen size allows for this. Moving
the dialog boxes around may be done by clicking on the move box, keeping the
mouse button pressed, and then dragging the dialog box to wherever you want.
These screen positions will be remembered for later occurrences of the dialog
box.
If your computer doesn't have enough memory (for example if you have only 512
Kb) it may happen that only the smaller dialog boxes have move corners. The
bigger ones will then be too big to be moved within your memory limits.
Five options are available to you from the main menu dialog box:
Seek'n'Destroy Viruses
Restore Disks
Information about UVK x.x
System Status
Quit to the Desktop
These options, where necessary, will be explained in further chapters.
Note on using the "Ultimate Virus Killer" as a .TTP file:
The "Ultimate Virus Killer" may be used as .TTP file (for which the
"UVK_x_x.PRG" needs to be renamed to "UVK_x_x.TTP"), or similarly from a
command line interpreter. This allows for it to receive certain parameters
from you or from other programs before it gets started.
Although the options offered here are not as extensive as those of the
programme in regular mode, they may still be useful. All the options that are
on offer here are purely diagnostic - no viruses can be killed, for example!
SYNTAX: DESCRIPTION:
B X Checks drive "X" for bootsector viruses.
L X: Checks the entire partition "X" for link viruses.
L E X: Checks the entire partition "X" for link viruses,
but only checks executable files. The ":" at the end
is important!
L X:\PATH\ Checks all files and all files in any folders within
the folder "\PATH\" of drive "X" for link viruses.
The "\" at the end is important!
L X:\PATH\NAME.EXT Checks file "NAME.EXT" in path "\PATH\" of drive "X"
for link viruses. "\PATH\" can consist of more than
one folder name, divided by "\", to go into deeper
subdirectories.
X:\PATH\NAME.EXT or
NAME.EXT or
\PATH\NAME.EXT Alternatively you can feed just a valid file name.
It will then be checked for link viruses, with
packer info mode on and waiting for a key once
finished. In combination with e.g. "NeoDesk" this
allows you to check a file for link viruses by
dragging its icon on top of the "Ultimate Virus
Killer" icon with having to rename the "Ultimate
Virus Killer" program file at all.
In this mode, none of the parameters specified below
may be added.
After the initial "L" or "B" a "-" may be added (like for example "L-
X:\NAME\NAME.EXT") to suppress you having to press a key when leaving the
programme and to prevent the screen from being cleared at start.
Likewise, a "+" may be added when doing a link virus scan - to supply you
with additional information about whether executable files are packed and, if
so, with which packer. A combination of "+" and "-" (to get both suppression
of 'waiting for a key' AND extra packer information) is also permitted.
In a command line interpreter you could enter "UVK_x_x.PRG L
E:\1ST_WORD\WORDPLUS.PRG" for example. For this to work in the standard GEM
desktop you would have to enter "L E:\1ST_WORD\WORDPLUS.PRG" in the box that
appears on the screen after you have renamed the file to "UVK_x_x.TTP" and
double-clicked on the file. In combination with an extended desktop such as
"NeoDesk" you can just drag the "WORDPLUS.PRG" icon across (it won't be
copied, only the name will be fed to the command line).
5 SEEK'N'DESTROY VIRUSES
Following the selection of this option, another dialog box is put on the
screen, allowing you to select the drive on which to start
seeking'n'destroying viruses. The programme automatically detects any drives
that are attached to your system and displays their identifiers in selection
buttons. Up to 26 drives/partitions may be selected, with the unavailable
drives/partitions being represented in 'greyed-out' text.
Please note that bootsector viruses can only be searched (and destroyed)
on floppy disk drives - A and B. Selecting drive B is not possible when it
is not actually attached. Link viruses can be searched on either floppy-or
hard disk (up to and including partition Z).
You may select a drive or partition by clicking on its appropriate button
with the mouse button or by entering the appropriate keyboard shortcut
[ALTERNATE]-key.
Once the drive to use is selected, you can decide whether you want to
examine your media for bootsector-or link viruses. If you selected bootsector
viruses, you will get a prompt to insert the disk you want to check.
In case you selected the option to check for the presence of link viruses you
will enter some further dialog boxes where you can specify which files you
want to check and in what way you want them to be checked.
In the first dialog box you will be able to specify whether you want to scan
an entire drive or partition (ALL files on a floppy disk or hard disk
partition, including those present in all the folders, will be scanned
recursively), single files or folders, or whether you want to exit. If you
opted for the option to scan single files or folders you can either specify a
full filename in the item selector box (in which case only that file will be
scanned) or you can specify a folder you want to tree-scan without actually
specifying a file (in which case all the files in that specific folder -
including all files and further folders present in it - will be scanned). It
is important not to select a file name in the latter; just enter the
appropriate folder and then click on the item selector box' "OK" button.
If you decide to check an entire floppy disk for link viruses the "Ultimate
Virus Killer" will also automatically check that disk's bootsector (note: this
is for floppy only!).
Checking for link viruses on a whole partition or entire folder may be
aborted by pressing [ESCAPE] or [UNDO]. When there are many infected files or
when you have set "warnings on" and there are many packed files, you may have
to press the [ESCAPE] or [UNDO] key a few times.
There is one rather important note that applies to bootsector viruses: IT
IS POSSIBLE THAT A PERFECTLY HARMLESS DISK IS SUSPECTED OF BEING A VIRUS!
This means that either the bootsector of the harmless programme is not yet
recognized and not yet implemented in the "Ultimate Virus Killer", or that it
is indeed a new virus! Whenever the "Ultimate Virus Killer" encounters
such a disk, you will be given the possibility to either REPAIR the disk,
PRINT its contents, WRITE A BOOTFILE or LOOK AT IT.
In the second and third cases, we would very much like to receive the boot
file, that the "Ultimate Virus Killer" can write on a disk with enough
space on it (at least 512 bytes free). When you do not have a disk nearby with
sufficient space free, you may want to use the FORMAT option that will format
a disk (single sided). If you send that disk (or the print-out) to us
(together with some written info about the disk it came from and your name
and address), we will check it out and send it back as soon as possible
provided you have supplied sufficient International Reply Coupons (!).
Please make sure the bootfiles are accompanied by sufficient explanation as
to what sofware they belong to, for it's usually impossible to determine this
information from the bootsector contents and the bootfile file name only.
It is likely that the directories of disks that have auto-booting bootsectors
on them will appear to be 'empty' or that they seem to have 'corrupted files'.
This need not be (and most probably isn't) due to virus infection but to some
software protection schemes' exotic disk formats, some of which include there
not being any files on the disk at all.
IF YOU KNOW THAT THE SUSPECTED DISK CONTAINS NO VIRUS, WE WOULD VERY MUCH
LIKE TO RECEIVE IT ANYWAY, BECAUSE OTHER PEOPLE MAY NOT BE AWARE OF IT AND
MIGHT ACCIDENTALLY DESTROY THEIR PRECIOUS SOFTWARE!!
Please send any disks in a good quality envelope that can also be used for
return mailing, and write "CONTAINS MAGNETIC MEDIA - PLEASE DO NOT X-RAY" on
it in clear, large characters (to minimize loss of data). Do NOT FORGET TO
ADD sufficient International Reply Coupons! Disks without these cannot be sent
back!
Just before you can select whether to write a boot file or simply to repair,
a dialog box will be displayed that tells you the "Virus Probability
Factor" (or VPF for short) - the probability factor that the disk that is on
the current bootsector is indeed a virus. The reliability of this factor is
quite high.
The VPF is produced by scanning the code present in the bootsector for some
vital virus characteristics:
Factor 1: The presence of machine code that is to be found in a routine that
writes a sector to disk.
Factor 2: The presence of machine code that creates the checksum for an
executable bootsector.
Factor 3: The presence of magic checksums or memory locations that are needed
to make a programme reset-resistant.
Factor 4: The presence of the addresses of system variables that viruses can
link themselves to.
In certain cases, an additional dialog box is produced; this happens when an
unknown disk is found to be largely filled with the same value. The larger the
percentage mentioned in this dialog box, the less the likelihood of virus
infection (quite on the contrary, one might add, to the percentage mentioned
with the "Virus Probability Factor" calculation)!
Note on executable file extensions: When you want to check a whole partition
or folder for link viruses it is possible to select whether you only want
executable files to be checked or whether you want this to happen to all
files. Executable files are files that can be run from the desktop; other
files include text files, picture files, source code files and the like.
When selecting to check executable files only, the programme will only check
files with extensions ".PRG", ".TOS", ".APP", ".ACC", and ".TTP" (including
their disabled counterparts ".PRX" and ".ACX"). These are normally the
extensions for executable programmes. Some alternative desktop programmes
(such as "NeoDesk") allow other file extensions to be executable, e.g. ".NPG"
and ".NTP". To check these as well, you would have to opt for ALL files to be
treated, or you will have to configure the UVK.CFG file accordingly (see the
appropriate chapter).
Note for users of "MultiTOS": This Operating System uses a 'unified drive'
(identifier "U:") in which certain folders will cause a crash when checking
for link viruses. You should refrain from checking the following directories:
"U:\DEV", "U:\PROC", "U:\PIPE" and "U:\SHM".
6 IMMUNIZE DISKS
Most of your disks, including those with valuable working material, can be
immunized so that they will no more be infected by many of the known
bootsector viruses and all anti-viruses.
The principle used by the "Ultimate Virus Killer" immunization algorithm is
the fact that many known bootsector viruses, when resident in memory, check if
they are present on a disk already before they bother copying themselves onto
it. If they find themselves present, they do not copy across that particular
disk. When the "Ultimate Virus Killer" writes only those few recognition bytes
to the bootsector that does the trick: The virus thinks it is present on the
disk already and does not copy itself onto it.
- Disk immunization will not help against ALL viruses.
- Programmes that use the bootsector themselves (like the ones included in the
'RESTORE' list in a text file on the "Ultimate Virus Killer" distribution
disk) cannot and should not be immunized as the few bytes necessary for
writing the immunization will destroy the boot code program they need to
perform properly.
- In the text file "VIRUSES.TXT" on your programme disk you will be able to
find the specifications of which virus can be immunized with which code.
Since certain different viruses use the same bytes on the bootsector with
different values to check if they are already present, this means that some
viruses can not be immunized against without sacrificing another. Some
viruses cannot be immunized against at all as they simply copy themselves
across any bootsector without bothering to check their presence prior to
copying. The only way to protect yourself from these types of virus is to
keep your disks write-protected. If this is not possible, you will just have
to check those disks regularly using the "Ultimate Virus Killer".
- On your search for viruses you will undoubtedly come across what the program
calls "MS-DOS disks". These are standard disks that, however, have specific
values written in their bootsectors so that they may be interchanged between
Atari and MS-DOS (i.e. IBM PC and compatible) computers. These disks are
formatted automatically when formatting with TOS version 1.04 or up.
Whenever you immunize such a disk this so-called 'MS-DOS compatibility' will
be lost! It may be best to reserve only a limited amount of disks to
exchange files between these two system standards, and to check these
regularly for virus infection.
7 REPAIR BIOS PARAMETER BLOCK
7.1 INTRODUCTION
Some mutant viruses cause the BIOS Parameter Block (or BPB) to be corrupted.
This means that there is no longer any information on the disk's format,
stored into the BIOS Parameter Block segment of a disk bootsector, available
to the Atari's Operating System. It will no longer be able to determine how
many tracks and sectors a disk has, as well as several other vital parameters.
Trying to display a directory from such a disk will most likely result in a
system hang-up, bomb crash or the appearance of a disk filled with corrupted
files and filenames.
The "Ultimate Virus Killer" incorporates a semi-intelligent routine that
automatically recognizes known mutant virus versions and allows the user to
repair the BIOS Parameter Block again in case of it having been damaged after
the actual mutant virus has been removed.
PLEASE NOTE THAT YOU SHOULD READ THIS SECTION OF THE MANUAL VERY THOROUGHLY
BEFORE YOU EVER ATTEMPT TO REPAIR A BIOS PARAMETER BLOCK!!
Repairing a BIOS Parameter Block is quite difficult; after all, this small
segment of the bootsector determines whether or not your computer can read
from or write to individual disks.
First, let's supply you with a table that specifies how the BIOS Parameter
Block is built up. OFFSET means the value that should be added from the
start of the bootsector, starting at zero. The values are in decimal.
------------------------------------------------------------------------------
OFFSET: NAME: EXPLANATION:
------------------------------------------------------------------------------
11-12 BPS Bytes per sector
13 SPC Sectors per cluster
14-15 RES Number of reserved sectors
16 FAT Number of FATs on the disk
17-18 DIR Number of directory entries
19-20 SEC Total number of sectors
21 MEDIA Media descriptor byte
22-23 SPF Sectors per FAT entry
24-25 SPT Sectors per track
26-27 SIDES Number of sides
28-29 HID Number of hidden sectors
------------------------------------------------------------------------------
It is not necessary for you to know the above table by heart. It was supplied
here with the intention to give you some idea of what the BIOS Parameter
Block means to the Operating System. Whenever a BPB is destroyed, these
essential pieces of information are no longer present (which, as said before,
will most likely result in various disk error messages, system crash or a
garbage disk directory).
First of all, you should know that you should preferably not try out this
'BPB repair' option on original game software, as current-day software
protection techniques involve the craziest disk formats that would probably
drive the "Ultimate Virus Killer" algorithms nuts! Apart from that, attempting
a 'BPB repair' on such a disk may also lead to instant software malfunction.
The only option you should ever use in order to restore the contents of
original (game or demo-) software disk is the main menu 'restore disks'
option.
Second, you should also realize that the 'BPB repair' option may not work
correctly on disks that have been formatted using 'larger' formats
previously. This would for example be the case with a disk that you formatted
with 82 tracks some time ago and later decided to reformat with only 80
tracks. Some remnants of the old format still left intact (in this case the
tracks above track 80) may be found, disturbing the algorithm.
There are two ways to get access to the 'BPB REPAIR' option. The first is the
most obvious: Whenever a damaged BIOS Parameter Block is detected (and
this does not even need to be the result of a virus) the programme ask
whether you want to attempt a BPB repair or not.
The second one is also quite obvious: Whenever the 'Seek'n'Destroy' option
recognizes a mutant virus on the disk, or whatever remains of it, it
will initially remove the virus and then ask you whether you want to attempt
a 'BPB repair' or not.
Upon your confirmation the 'BPB repair' option will be entered. You need not
be worried about inadvertently entering it - after having specified all
parameters you can always cancel the whole thing at the end, leaving the
current BIOS Parameter Block unaltered.
As was stated already, repairing the BIOS Parameter is not only a slightly
complicated matter, but it may also prove dangerous insofar that the
specification of the wrong parameters it can make whatever is on your disk
totally inaccessible. Common symptoms of a disk with inaccessible material on
it are the aforementioned crashes, disk errors and disk directories containing
only garbage information (huge file sizes, weird file names, invalid dates and
times). Therefore you should take care using the 'BPB repair' option.
Even if you have already attempted a BIOS Parameter Block repair with wrong
parameters there is a way to attempt it again - despite the fact that the disk
will now, obviously, have a valid BPB and the 'BPB repair' option will
normally no longer be entered.
What you would need to do in this case is check the disk's bootsector again
and keep the [RIGHT SHIFT] key pressed until the screen flashes briefly. The
program will now have forced the BIOS Parameter Block to be invalid again,
enabling you to enter the 'BPB repair' option again. The most common mistakes
made while repairing a BIOS Parameter block involve the specification of the
number of tracks per side and sectors per track, as well as the number of
actual sides on a disk.
Should you find yourself unable to fix it regardless (or if you simply do not
dare to attempt a BPB repair yourself), you can send the disk to the address
mentioned in the "FEEDBACK" chapter of this manual. Please add an amount of
money that equals the price of an "Ultimate Virus Killer" update and twice the
amount of IRCs required. You will receive your disk(s) back after a short time
(hopefully). In case of my not being able to repair it either, you will
receive your money back (not the IRCs though).
Some important notes:
- It is important that you do not try to delete files from or write files to
disk that have a damaged BIOS Parameter Block.
- If you send in disks with BIOS Parameter Blocks that need to be repaired,
please clearly state that you want your disk repaired and that you don't
want an update!
- Whenever you repair the BIOS Parameter Block of a disk it will automatically
be immunized.
- Attempting a 'BPB repair' on a disk is no cheap way of increasing a disk's
storage capacity. Specifying more sides, sectors per tracks or tracks per
side than are actually present will cause whatever is on the disk to remain
inaccessible.
During the 'BPB repair' option some dialog boxes requesting input will be put
on the screen. You have to use these to specify BPB values, but do not
worry if you do not know anything about this. This part of the manual can be
of some help, and you can also use the built-in context-sensitive on-line help
options by pressing the [HELP] key.
During the 'BPB repair' option you will be requested to specify a number of
parameters needed by the "Ultimate Virus Killer" algorithms to write back what
was previously the correct BIOS Parameter block for the current disk.
7.2 HOW MANY BYTES PER SECTOR
Claus Brod, Atari mass storage media expert and author of probably the best
book in this field (called "Scheibenkleister", unfortunately in German),
claims that only 512 bytes per sector are possible as TOS (the Operating
System within your computer) does not allow for 128, 256 or 1024 BPS on
floppy disks. For the sake of compatibility with future TOS versions as well
as for the pure sake of completion it is possible to select any of the values
here.
Unnecessary to say, you will almost certainly have to specify 512 bytes per
sector here.
7.3 HOW MANY TRACKS PER SIDE
This can vary quite a lot, due to formatting programmes available that
allow up to 90(?!?!) tracks per side to be formatted (whether or not these
programmes should be used and whether these tracks are safe for data storage
will not be discussed here).
When requested to specify the number of tracks per side it will be handy to
remember if you formatted the disk in the drive using the standard GEM DESKTOP
format option or not. If you did, you should select 80. If you did not, you
should select 'Examine' unless you are certain yourself of the amount of
tracks present on the disk (some people write the three vital disk
characteristics - tracks per disk, sectors per track and number of sides - on
the label of a disk; this may be a good idea for you too).
The 'examine' option reads the first sector from ever increasing track
numbers and calculates the number of tracks present on a disk by
substracting 1 from the first track number that cannot be read (usually due
to it never having been formatted). This means that disks that have been
formatted using more tracks earlier and that were reformatted using less
tracks later will cause the "Ultimate Virus Killer" to find the old amount of
tracks.
As said earlier, this may sound like a quick method to increase your disk's
amount of tracks, but really isn't: The 'BPB repair' option algorithms will in
that case not work correctly!
7.4 HOW MANY SECTORS PER TRACK
Much like the amount of tracks per side, the amount of sectors per track can
very a lot. When a standard ST disk was formatted using the standard GEM
DESKTOP format option, this value is 9. In other cases it can be any value
from 1 to 11 (although 12 has been included, for which there is no space on a
track, at least theoretically). Standard Falcon (and post-1992 TT) disks
support higher amounts of sectors per track; they are High Density (HD) disks
as opposed to the regular Double Density (DS). High Density disks can write 18
(on 3.5" disks) or 15 sectors per track (on 5.25" disks). Even Extra High
Density (ED) disk drives exist, allowing the use of a massive 26 sectors per
track, but these are quite rare.
All kinds of disk drives, including DD, HD and ED ones, are supported by the
internal 'BPB repair' algorithms.
Try to remember the right number of sectors per track yourself (and write
this information on disk labels as of now), since otherwise the 'examine'
option will perhaps find the remains of previously formatted extra sectors per
track. Normally this should not happen, but certain 'fast format' programs
neglect to fully initialise a track which may leave some old information more
or less intact.
Analogous to the calculation of tracks per disk that was explained above, the
'examine' option here reads sectors from the first track and calculates the
number of sectors per track by substracting one from the first sector that
it cannot read due to it not being present (not formatted) in the first place.
7.5 HOW MANY SIDES
Due to one of the more ancient Atari cock-ups the ST community is stuck with
the phenomenon of the single-sided disk drive (SF 354). Although virtually
nobody has these drives any more, some software is still supplied on single
sided disks - or sometimes a disk may just be formatted single-sided because
it's quicker, who knows?
Anyway, even though the chances of a disk being double-sided are bigger for
certain, there is no way to be sure whether a disk has one side or two unless
you just happen to know (again, it may be useful to write down the amount of
sides on your disk labels).
In general most older original software is single-sided, and all other disks
are double-sided. If you are not sure, you can use the 'Examine' option
here again, but it has the obvious drawback mentioned several times above:
If a disk is single-sided but has been formatted double-sided prior to the
latest format, the "Ultimate Virus Killer" will assume it's double-sided. The
'examine' option just tries to read a sector from the second side and assumes
a disk is double-sided when this process happens without an error occurring.
Disks that have only been used on the Falcon or a TT will almost certainly
have two sides.
7.6 HOW MANY SECTORS PER CLUSTER
The amount of sectors per cluster (also called the allocation unit) is always
2, except when the disk you're trying to repair is a single-sided disk with 40
tracks (these are created and used by rather ancient MS-DOS-type machines).
It is supposed to be impossible to use other values here, but for the sake of
future compatibility it has been included anyway.
In short, you should most likely specify 2 here, as Atari ST/TT/Falcon disks
always use 2 sectors (1 Kb) for one cluster.
7.7 HOW MANY FATS ON THE DISK
The FAT (short for File Allocation Table) is the space on disk where the
Operating System stores and gets information about which clusters on the disk
are used by files (and which are not) and in which particular sequence
clusters have to be put together in order to load a file bigger than one
cluster that is not stored contiguously (i.e. a fragmented file).
TOS maintains two FATs on a disk - one of these is always present as a
temporary backup. It is not certain whether or not it is possible to use disks
with only one FAT - some formatting programs seem to allow for it, but the
aforementioned Claus Brod denies it categorically.
You should usually specify 2 here.
7.8 HOW MANY DIRECTORY ENTRIES
The directory is list on a disk where the names, lengths and other
characteristics of individual files and folders on that disk are stored. The
particular parameter discussed here pertains to the root directory, i.e. the
directory that appears first when you display the contents ("Open...") a
floppy disk drive or hard disk partition.
The longer the directory, the less space is left on the disk. Usually the
directory takes up the entire second track of a disk.
Most disks have 112 directory entries, but single-sided disks with 40 tracks
(the ones we also encountered above, that are used by rather ancient MS-DOS
systems) have only 64 of them. Again, it is not possible to easily increase
your disk's storage capacity by specifying a lower amount of directory entries
here. This will lead to whatever is on the disk to remain inaccessible.
7.9 HOW MANY SECTORS PER FAT ENTRY
The FAT table is built up of several hundreds of entries, and it is possible
to specify how many sectors ('allocation units') are included in one entry
here. There is a 100% full-proof way to have it checked by the "Ultimate
Virus Killer" itself, so you should specify 'Examine' here unless, for some
reason or other, you are sure about selecting either '1', '2', '3' or '5'
(which is rather unlikely to say the least).
7.10 A NOTE ON DISKS WITH BUSTED BIOS PARAMETER BLOCKS
In by far most of all cases disks with damaged BIOS Parameter Blocks are not
infected by a virus, nor do they suffer from any remaining parts of mutant
viruses. It is quite usual for game data disks (any disk belonging to a game
that you don't actually have to start up with - i.e. game disks labelled 2, 3,
B, C, whatever) to use some sort of exotic disk format, whereas many also
don't really bother about writing a BIOS Parameter Block at all and instead
use even the bootsector to store graphics or map data.
'Repairing' the BPB of one of these disks will most likely prove lethal for
that piece of software! In any case you should write a bootfile prior to any
attempt at repairing them.
8 RESTORE DISKS
If you find that you have accidentally destroyed a suspected but apparently
completely innocent disk that needs a specific bootsector (this destruction
could have happened inadvertently by other or earlier virus killers, for
example), or when you discover that a virus has copied itself across the
necessary boot program present in the bootsector of a commercial game or a
demo, the 'restore disks' option allows you to restore a multitude of these
cases.
Should you, for example, find the bootsector of the popular game "Lemmings 2
- The Tribes" destroyed by a virus or a rash 'repair' action, it is possible
to install its proper bootsector on the original disk again, thus restoring it
and saving yourself and the software company involved a lot of time and money.
Selecting this option causes another dialog box to be displayed. This gives
access to a list of all restorable bootsectors, identified by a game's name
(or a demo's, whatever). You can scroll up and down this list and select the
title of the bootsector you would want to restore.
You can use the arrow buttons at the right to scroll up and down through the
list. A single-arrow button will scroll one entry; a double-arrow button will
scroll one page (15 entries).
Click the mouse pointer on an entry to select it. After confirmation you can
have it written to a disk.
'T' BUTTON Go to top of list
'B' BUTTON Go to bottom of list
'CANCEL' BUTTON Exit the screen, back to the menu
'HELP' BUTTON Access the help option
A-Z/1/5 BUTTONS Jump to first title with it
[UNDO] KEY Exit the screen, back to the menu
[HELP] KEY Access the help option
[ALT]-[A-Z/1/5] KEYS Jump to first title with it
When the bootsector of the game you want to restore should not be present in
the list yet, you can order an "Ultimate Virus Killer" update and hope that
the bootsector you wanted to restore is included in the new version. No
promises can be made with regard to this, however, so you had better also
supply the address and telephone number of the company that made the software
to which the bootsector belonged, as well as the name of the piece of
software. That company can then be contacted by us so that some kind of
agreement may be made.
Most companies are very co-operative with regard to this, as they covertly
recognize the virus problem and all know about the "Ultimate Virus Killer"
(which has become more or less the de-facto industry standard).
- Are you not sure whether or not a bootsector belongs to a particular game of
a specific company?
Just 'restore' the bootsector onto an empty TEST disk (which has to be
formatted, though) and then check it with the "Ultimate Virus Killer". The
alert box stating which bootsector it is will also give the company name, if
one is known.
9 THE SYSTEM STATUS SCREEN
9.1 INTRODUCTION
To assist you in determining whether your computer system itself is already
infected by a virus or not, the "Ultimate Virus Killer" always checks your
computer's most important system variables and memory contents on start-up.
These specific system variables are pointers to various routines in your
Operating System, for example pointing to a routine to read or write a disk
sector, a routine to 'open' a file and so forth. Generally, viruses cling to
these system variable in order to work.
This way all known bootsector viruses can be recognized in the system, as
well as resident types of link virus and a large number of harmless other
programs that also cling to these vectors (i.e. 'bend them') for valid
purposes.
Of course unknown viruses cannot be recognized yet. That is the reason why
this screen has been included. On startup, or after selecting the "System
Status check" option from the main menu, the "Ultimate Virus Killer" will
check all these important system vectors and try to establish which programs
are hooked to them. It will notify you of unknown programs that have bent
these vectors, signified by an inverted display of the memory address to which
the vector points which indicates that there is a chance that you might be
dealing with a new and unknown virus. This chance is increased dramatically if
the program additionally displays "ALERT" behind a memory address displayed in
inverted text style. In this case it has calculated something not unlike the
regular "Virus Probability Factor" for a small cluster of memory located at
that memory address, and the programme code present there was found to contain
one or several characteristics commonly found in viruses.
Whenever a specific program that bends a system vector is recognized by the
"Ultimate Virus Killer" it will display a figure between brackets directly
after the actual memory address. This can have one of the following formats:
(x) The number of a recognized application
(Number corresponds with the APPLICAT.TXT file list)
(?) An unknown application is recognized
(This MIGHT be a virus, or a harmless program)
(#x) Anti-virus recognized. Reboot without it!
(Number corresponds with VIRUSES.TXT file list)
(-x) Virus recognized. Turn off system and reboot!!
(Number corresponds with VIRUSES.TXT file list)
Sometimes the program does not display a number but instead displays a four-
letter code (like "FrmD" of "CBHD", or whatever). This is the so-called 'XBRA
identification', which is a protocol devised in the early nineties (one of the
few good things to come out of Germany) to allow for easier recognition of the
multitude of files that can hook themselves to the various computer system
variables. These XBRA identifiers are displayed by default when they are
found; should you want to see numbers only (as these correspond with the
APPLICAT.TXT file list) you need to keep the [ALTERNATE] key pressed while the
addresses are put on the screen. Pressing [CONTROL] will slow down the output
- in case you want to see what bends the vector and you are not content with
seeing that nothing is suspiciously inverted.
An additional advantage of the XBRA protocol is that it is possible to check
if several programs have hooked themselves to the same vector. These will then
form what is referred to as an 'XBRA chain', a sequence of programs that all
use the XBRA protocol. This chain of programs will be examined by the
"Ultimate Virus Killer" as deep as it can go - which is until it finds an
unknown program that uses the XBRA protocol, a program (known or unknown) that
does not use the XBRA protocol, or when it hits on the actual standard
Operating System values.
- Please note that, with but a few exceptions, installed RAM disks are not
recognized and will most likely result in "(?) Unknown Application Found".
To get rid of this, get rid of the RAM disks in memory. Note that a lot of
the modern RAM disks are reset-proof, so you will have to turn off your
system to get rid of them.
- When the Physical Top of RAM is inverted, this usually due to some kind of
(resident) RAM disk, too. Again, get rid of it and run the "Ultimate Virus
Killer" again.
- Alternative (and unofficial) versions of (beta STE) TOS 1.06 that go around
(reference to the TOS '1.07' by TEX, TNT Crew and Level 16 is meant here)
are mostly recognized as a standard TOS 1.06. This is because the people
behind that adapted TOS wanted to have maximum compatibility and could
therefore not change the date and version number. When specific TOS 1.07
versions are recognized, they are thus stated in the status screen, and
their release date will be stated at 'TOS date' (which normally displays the
date contained is the TOS header, which represents the date at which that
particular TOS version has been released).
- Something similar is the case for the alternative Operating System "KaosTOS"
(an adapted TOS 1.04). When this is recognized, the TOS version displays
'KAOS' and the TOS date specified is the release date of the "KAOSTOS"
version currently in use.
- The system screen will also check for reset-proof programmes and warns you
when non-recognized resistant programmes are found.
9.2 WHEN SUSPICIOUS
What to do when one or several of these variables happen to be displayed in
inverted text style, in other words when there is something 'suspicious' that
isn't yet recognized?
In that case you should turn off your system and turn it on again after about
30 seconds, with the "Ultimate Virus Killer" disk (or another disk that is
guaranteed to be free of viruses) in the drive. If you're using an AUTO folder
on your boot disk or boot partition, disable all programmes in there, as well
as all accessories. Do this prior to booting up your system anew.
Disabling AUTO folder programs can be done by changing the extensions from
.PRG or .ACC into e.g. .PRX and .ACX respectively. The Operating System will
only load .PRG files from the AUTO folder and will only recognize .ACC files
as accessories. If these aren't present the system will assume they're not
there and won't load any of them.
You will now have a totally empty system. All values displayed by the System
Screen Status should be in regular text. In case of inverted display this does
not necessarily point to virus infection - perhaps your hard disk driver or
particular Operating System version is not yet recognized (hard disk drivers
typically use memory slightly above the bottom of memory, whereas your
Operating System is typically located on addresses $E0xxxx or $FCxxxx).
Now, enable one AUTO folder program, reset your system and load the "Ultimate
Virus Killer". Continue like this until either all files are loaded or until a
system variable is displayed in inverted text style. The file to have been
enabled last before the system variables are 'suspicious' again is the one
that changes them.
Do not delete a programme that bends any system vectors, as it is usually not
at all likely to be of viral nature unless the word "ALERT!" appears behind
the inverted address displayed. Please just send the appropriate program file,
whether "ALERTed" or not, to the feedback address, if possible with additional
files belonging to it and any documentation (on disk, or photocopied). It will
be implemented into the forthcoming version of the "Ultimate Virus Killer" so
that it will be recognized and will no longer cause any memory addresses to be
displayed in inverted text style. Do not forget to supply enough International
Reply Coupons (!no stamps!) if you expect your disks to be returned.
The same goes for the accessories, but do note that you have to check out all
AUTO folder programs before you start enabling any accessories, as accessories
will be loaded 'on top' of any AUTO folder programs and might disable the
"Ultimate Virus Killer" from following the chain right down to possible AUTO
folder programs.
In case you are reluctant to send the programme(s) in question to the
feedback address, you can move the mouse cursor on top of the inverted system
variable contents and click on it with the left mouse button. An additional
dialog box will be displayed, containing some vital information that we can
work with to some extent. Please write down the contents of the dialog box
together with the name, version number and origin of the file that caused the
vectors to be inverted, and send it to us so that inclusion in future
"Ultimate Virus Killer" versions may be possible after all.
If you have a printer attached, you can keep [CONTROL] pressed while pressing
the left mouse button; the programme will then also output the information on
your printer. If you additionally keep [ALTERNATE] pressed, a Form Feed will
be sent after printing has finished, causing the paper to be moved up to the
start of the next page (tractor feed) or to be ejected (sheet feed).
Press any key or mouse button to cause the information lines to disappear
from the screen.
Pressing the "OK" button or pressing the associated keyboard shortcut (in
this case [ALTERNATE]-O or [RETURN]) will leave the screen system status
screen altogether, back to the main menu.
- If system variables are suspicious even without any AUTO folder programmes
and accessories having been installed, and you have no hard disk, it could
be a virus or RAM based version of TOS.
- If the above occurs if you have a hard disk, it is very likely to be your
hard disk driver. This is normal.
- If the programme to bend the system vector uses the XBRA protocol, the next
in line will be checked. The deepest XBRA found will be displayed. This may
be helpful to determine which programme actually bent the vector. The deeper
down the XBRA vector, the earlier it was loaded and installed (with the
"Warp 9" accessory being a known exception).
9.3 THE PROBLEM
As you could have gathered from the above, it is no exception that several
programmes hook onto the same system variable. It will not be hard to imagine
that a dozen or more resident programs can be installed, all bending various
system vectors to their heart's content. This sort of thing tends to happen
when you have a hard disk cache programme installed, a screen speeder ("Turbo
ST", "Quick ST", "NVDI", "Warp 9", etc.), an alternative file selector
("FSelect", "UIS", "Selectric", etc.), a resident multi-tool programme
("Update", "Mortimer"), an alert box enhancement programme ("Let 'Em Fly" or
"FormDoIt") and an alternative desktop ("Gemini", "Teradesk" or "NeoDesk") for
example. It's easy to have even more programmes bending these vectors.
To check which application (i.e. which programme) has bent a particular
system variable, the "Ultimate Virus Killer" examines the piece of memory
where the vector points to. It will (or won't) recognize the program present
there and display the appropriate message in the system status screen for you
to look at.
Whenever multiple programmes bend the same vector it becomes difficult (if
not impossible) to check which programmes bent the system vectors before the
last one did. Usually the address that the last application found sitting on
the vector is stored somewhere within itself so that it can be called after it
has served its own purpose, and there is no way to tell precisely where. You
can compare a series of programmes bending one system vector with a chain. The
program that was loaded last (let's call it programme "A") is most 'on top'
and will be executed first whenever the system variable is accessed by the
Operating System. Once programme "A" is finished doing what it was intended
for it will pass on the address it found sitting on the vector before it
installed itself, i.e. the address at which the programme is located that
installed itself prior to that last programme. Let's call that programme "B".
Once programme "B" has finished what it wanted to do it will pass on the
address that it found on the system variable, that of programme "C". And so on
and so forth, until eventually the last programme in the chain will execute
the actual Operating System routine that needed to be called.
The addresses that each of these programmes found sitting on the system
vector are stored in themselves somewhere, internally. The location where they
are stored vary from programme to programme, even between different versions
of the same application.
The problem for a programme such as the "Ultimate Virus Killer" that tries to
determine which other applications are hooked to any particular system
variable is that it is normally only possible to tell which application bent
that system vector last. There is no way it can be determined what the other
applications before it are, as those programmes' addresses are contained
somewhere in the programme that later patched that vector (I hope you're still
with me - this bit of the manual actually took longest to rewrite).
Only when the last programme ("A") used the XBRA protocol can it be
determined where the programme before that application ("B") is located in
memory - and when that uses the XBRA protocol again it is possible to go one
step deeper (to "C") until one encounters the first programme that does not
use XBRA.
You see that it is thus normally only possible to check the programmes
bending the vectors until a certain 'depth', i.e. up to the first programme
that is foolish enough not to use the exalted XBRA protocol.
Anything that's any 'deeper' can only be guessed at. So in case you're a
programmer writing utilities that bend system vectors, do abide by the XBRA
rules! They are available in any recent programmer's guide or in the "Ultimate
Virus Killer" book (:-)).
As was said before, the "Ultimate Virus Killer" checks the system variables
as extensive as possible - up to the first programme that bends the variable
without using XBRA, up to the first programme using XBRA that is not yet
recognized, or, ideally, up to the dark and mystic depths of your computer's
Operating System. You will see the system status screen display the various
addresses with the application numbers associated with them as it proceeds
along the chain of XBRA programmes.
So far mention has been made only of problems for the "Ultimate Virus
Killer". But what about a problem for you? Well, unfortunately there is one.
Just suppose a virus installs itself in your system. It hooks itself to a few
system variables and would be plainly visible for any extensive system check
screen you'd care to throw at it. However, now just suppose a bunch of AUTO
folder programs and desk accessories are loaded right afterwards. Unless all
of these are using the XBRA protocol, they will effectively hide the virus
from view (and, what's most important, they will also hide it from the
"Ultimate Virus Killer" check algorithms and all will appear to be OK).
For you to be sure that all is safe you will have to do pretty much the same
as was described above, where the isolation of unrecognized AUTO folder
programmes and desk accessories was concerned. Disable all of these and boot
your system anew. Enable one AUTO folder program at a time, each time run the
"Ultimate Virus Killer", then do the same with the desk accessories. If no
memory addresses are displayed in inverted text style you can consider
yourself safe even if the programme will not be able to check to the most
extreme depths each time.
Do note that you will have to check each newly acquired AUTO folder programme
and desk accessory afterwards if you want to continue feeling safe!
10 FEEDBACK
Feedback, suggestions, comments and non-recognized boot files (on disk or as
printout) can be sent to:
Richard Karsmakers
Looplantsoen 50
NL-3523 GV Utrecht
The Netherlands
(This address ia valid at least up to summer 1995)
Please do not forget to add sufficient International Reply Coupons if you
want some sort of reply, or if you want to receive disks back! Do not add any
stamps unless they're Dutch!!
You may direct important questions (no binary files though unless they're
UUENCODED) to my electronic postbox at email account. The name if my email
account is "R.C.Karsmakers@stud.let.ruu.nl".
If possible limit any electronic mail to the explanation of problems, bugs,
and other questions of technical nature. Inquiries about subscriptions,
administration, orders, pricing, replacement copies, disks with bootfiles that
you sent, etc., should be sent to the above regular address. Please make sure
your message subject is appropriate.
11 CREDITS
All resource and Flydial routines, as well as help using them
Gregor Duchalski
System Status Screen memory check
H.W.A.M. de Beer (SysInfo)
Insurmountably invaluable GEM programming assistance
Mark Matts
Scan Partition Code and various small but important bits
Stefan Posthuma
AntiVirus
Helmut Neukirchen
Additional ideas and miscellaneous help
Claus Brod (ST Computer)
Volker Söhnitz (Virendetektor)
Chris Brookes (Professional Virus Killer 3)
Martijn Wiedijk (Lucifer Eksod)
Mike Watson (Sinister Developments)
Filipe Martins
'Fame' acknowledgements
Niall McKiernon (Douglas Communications)
Tarik Ahmia (TOS Magazine Germany)
Willem Hartog (Atari ST Nieuws)
Les Ellingham (New Atari User/Page 6)
Special thanks
Kai Holst (Antidote)
All other coding (what's left of it), research, programming, resource design,
text, manual, development, program collection and layout
Richard Karsmakers
12 TROUBLE SHOOTING CHART
In this chapter you will find some of the problems that may occur while
running the "Ultimate Virus Killer" - and suggestions on how to prevent them
from appearing again.
* A 'NOT ENOUGH MEMORY' ALERT BOX APPEARS.
Disable all desk accessories, RAM disks and AUTO folder programmes that
occupy memory space. Please note that cache programmes (such as hard disk
speeders, "Turbodos" and printer spoolers) also occupy a lot of memory. The
"Ultimate Virus Killer" should also work on a machine with half a megabyte of
memory (it will not be able to restore any bootsectors then, though).
* AN ERROR MESSAGE OCCURS DURING PROGRAMME EXECUTION AND IT RETURNS TO THE
DESKTOP UNWANTED.
This means that you've done something awkward that the "Ultimate Virus
Killer" couldn't handle! Please try to re-create this error message and write
down EXACTLY what you did to do it, as well as some of your system details
(TOS version, amount of memory, monitor mode, etc.). The bug will then be
avoided in future versions (hopefully).
If the error in question was an error '33' during the link virus partition
scan, this is due to a bug in GEM. The older the TOS version, the more likely
it is that this error will occur. Nothing much can be done about it, as GEM is
faulty in this case. You may try to use the "FOLDRxxx.PRG" AUTO folder
programme, which serves to increase the GEMDOS internal memory pool. This will
delay the occurrence of the error, but will not fix it.
* VERY MANY SYSTEM VARIABLES ARE PRINTED IN REVERSE WHEN DISPLAYING THE SYSTEM
STATUS CHECK.
You are probably using (a beta version of) a disk based TOS. Reboot without
this. The "Ultimate Virus Killer" works smoothly with all known TOS versions
on ROM. Basically, these inconveniences should only occur with a RAM version
of any of the TOS versions.
You might also be using lots of unknown resident programmes, e.g. in your
(hard disk) AUTO folder. Please send those to us so we can include a
recognition! Send accessories as well, and never forget to explain WHAT does
WHAT and WHO made it!
* DISKS THAT YOU HAVE IMMUNIZED WITH VERSIONS 3.X ARE FOUND TO BE IMMUNIZED IN
THE 'OLD' WAY, WHEREAS 3.X VERSIONS STATED THAT THEY WERE IMMUNIZED PROPERLY.
Quite a while ago the immunization logics have been redesigned to fit some of
the later viruses, and are therefore 'new' as of version 4.0 (this was the
first time this was changed since version 3.3) and up. It is advisable to
immunize your disks anew with the current "Ultimate Virus Killer" version.
Please refer to the VIRUSES.TXT file to check out against which viruses it
protects you. Other viruses can only be protected against by keeping your
disks write-protected!
* WHENEVER THE PROGRAMME WANTS YOUR ATTENTION (FOR EXAMPLE WHEN A SUSPICIOUS
BOOTSECTOR IS FOUND), IT FLASHES THE SCREEN. DURING THIS FLASHING, YOU FIND
THAT YOU REPEATEDLY HAVE TO LISTEN TO A SAMPLED SOUND OF SOME VARIETY.
You probably have a programme installed that changes your computer's 'bell'
sound (chr$(7)) into a sample. A programme like this is Gribnif's "Newbell" by
Dan Wilga. Disable this program.
* THE PROGRAMME REFUSES TO LOAD THE "DATA.PAK" FILE, EVEN IF YOU DISABLE ALL
RAM DISKS AND ACCESSORIES. YOU EVEN TURNED OFF THE MACHINE FOR 30 SECONDS AND
YOU BOOTED WITH THE ORIGINAL "ULTIMATE VIRUS KILLER" DISK SO THERE CAN'T
POSSIBLY BE SOMETHING IN MEMORY...
Then you surely have a 512 Kb machine. For the "DATA.PAK" file to be loaded
it needs more free memory than a 512 Kb machine has. Since the programme needs
considerably less space to run WITHOUT the "DATA.PAK" file, it decided not to
load it.
* READING IN A BOOTSECTOR RESULTS IN A 'TRACK NOT FOUND' ERROR.
Some games use exotic disk formats, especially for their data disks (usually
any disk other than the boot disk). Psygnosis, for example, is famous for
creating these kind of formats. This is NOT unusual, and does NOT indicate
hardware/software failure, nor virus infection. If this happens with a game
boot disk (a disk labelled "1" or "A") this is no good news and DOES indicate
some sort of disk failure (though no virus infection) - in case of the game
not working either, you should have it replaced by the company you bought it
from (refer to the game manual for details).
* THE PROGRAMME BOMBS OUT WHEN EXITING - USUALLY ABOUT SIX BOMBS.
Do you have the Rubrik's Screen Saver (on offer on the UK magazine "ST
Format", cover disk #42) installed? This has the problem that, when it is
resident in your system, all programmes written in "GfA Basic" versions 3.xx
will cause a bomb crash when exiting back to the desktop. This even happens
with "GfA Basic" itself.
* THE PROGRAMME BOMBS OUT WHEN PERFORMING THE EXTENSIVE SYSTEM CHECK.
Do you have Dan Wilga's (Gribnif's) "Sysmon" programme installed? Older
versions of this program install an XBRA vector the wrong way which will lead
to the mentioned bomb error. Either disable "Sysmon" from being installed or
skip the system check screen when starting the "Ultimate Virus Killer" by
keeping [RIGHT SHIFT] pressed until the first regular dialog box appears. A
special algorithm fixes this with some "Sysmon" versions.
* YOU HAVE FOUND SEVERAL DISKS SOME TIME AGO AND YOU IMMUNIZED THEM.
EVERYTHING'S OKAY SO FAR, BUT ONCE YOU EXIT YOUR CURRENT "ULTIMATE VIRUS
KILLER" SESSION YOU GET "IMMUNIZATIONS PERFORMED: 0" (OR ANY OTHER NUMBER
LOWER THAN WHAT YOU THINK YOU HAVE ACTUALLY IMMUNIZED).
The statistics apply only to the CURRENT session. This means that this line
of statistics specifies the number of immunizations you have actually
performed during the current virus killer session. The "HISTORY.PRG" and
"UVK.HST" files are used to maintain statistics across sessions, and this
option only works if you start the program from hard disk.
* AFTER RE-PARTITIONING YOUR HARD DISK OR INSTALLING ANOTHER HARD DISK DRIVER,
THE HIDDEN HARD DISK OPTION TELLS YOU THAT THE HARD DISK BOOTSECTOR HAS
CHANGED AND GIVES A WARNING.
Simply leave the programme, erase the "AVK.BUF" file in the root directory of
hard disk partition "C:", restart the "Ultimate Virus Killer" and run the
hidden option again.
* YOU WANT TO CHECK DRIVE "U" BUT IT'S DISABLED.
This is not a bug or anything. You are using "MultiTOS", which used drive "U"
as the 'unified drive'. This drive should never be checked for link viruses,
as it would irrevokably crash the system.
13 THE "ULTIMATE VIRUS KILLER" CONFIGURATION FILE
As of version 5.8 the programme can be additionally configured with regard to
the file extensions it handles as belonging to 'executable files' (i.e. files
that you can double-click on and execute from the desktop directly without
having to 'install application'). When checking for link viruses, 'executable
files' used to be only those with the extensions .PRG, .TOS, .APP, .TTP, .ACC,
.PRX (disabled .PRG) and .ACX (disabled .ACC).
It is now possible to create a configuration file, named "UVK.CNF", to be
present in the "Ultimate Virus Killer" directory. This configuration file can
contain up to 8192 file extensions of executable files. When selecting
"executable files only" during link virus partition or folder scan, only the
files with these specific extensions will be checked.
If you have no configuration file in the main directory, the program will use
the default extensions, listed above.
The following rules apply to the "UVK.CNF" file.
1) Extension entries should be no longer than 4 characters, including an
obligatory "." as the leftmost character.
2) Remarks can be added on any line not containing an actual extension entry.
They need to start off with ";".
3) The file must be called "UVK.CNF" and it must be in the same directory as
the "Ultimate Virus Killer" programme itself.
4) The file should be written in straight ASCII (i.e. without any control
codes). This can be done with any text editor (such as "EdHak" or "Tempus")
or a word processor with WP mode switched off while saving.
Below you'll find a sample configuration file:
;
; Ultimate Virus Killer configuration file
;
; These are the regular extensions
;
.PRG
.TOS
.APP
.TTP
.ACC
.CPX
;
; These are Neodesk special executable file extensions
;
.NPG
.NTP
;
; These are some common disabled versions of the above
;
.PRX
.ACX
.CPZ
;
; This is the 'GEM takes parameters' extension for TOS >2.00
;
.GTP
;
; End of file
;
As of version 6.1, the program supports a special extension that is used to
determine the minimum size a file must have in order to be checked in the
"check all files" link virus scan department. You can use any of the
extensions you want for this (even multiple ones) but only the last one found
will be used so it's best the use the very last entry for this.
The format is ".XXX", where "XXX" stands for the minimum size in kilobytes
(i.e. the actual file size divided by 1024) from 0 to 999. When none is
specified, the program uses a default minimum size of 3 Kb (i.e. 3072). The
larger the specified size, the quicker the link virus scan but the less safe!
In all cases fill up the value with zeroes to make sure the length is 3
digits (so "123", "003" and "030" would be valid entries).
14 THE "ULTIMATE VIRUS KILLER" HISTORY FILE
When you are using the "Ultimate Virus Killer" from a hard disk (!not when
running it from floppy disk!) it will write (or, when already present, it will
update) a small file called "UVK.HST" that will be located in the same
directory as that of the "Ultimate Virus Killer" programme. Its contents may
be displayed on screen in any resolution offering 80 characters per line (i.e.
80 columns) by double-clicking on the "HISTORY.PRG" programme. This latter
file should also be located in the same directory as the "Ultimate Virus
Killer" programme.
The "UVK.HST" file will contain some statistics such as the total amount of
times the "Ultimate Virus Killer" was used, the total amount of time you spent
using it, which TOS version it was last used on, how many viruses were killed,
etc.
You are requested for statistical purposes to supply a copy of your "UVK.HST"
file every time you send in anything on disk to the feedback address.