home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Tech Arsenal 1
/
Tech Arsenal (Arsenal Computer).ISO
/
tek-12
/
mvcheck.zip
/
MVCHECK.DOC
< prev
next >
Wrap
Text File
|
1992-02-17
|
7KB
|
199 lines
PLEASE READ THIS SHORT DOCUMENT CAREFULLY SO YOU CAN OBTAIN MAXIMUM BENEFIT
FROM THIS SOFTWARE!
It is the policy of J.M. Allen Creations to provide assistance, in any
reasonable way possible, in the detection and removal of computer viruses.
If this software is beneficial to you, PLEASE SEND NO MONEY! Instead we
ask that you, your friends, and associates forward any disk or files
infected, or suspected of being infected with any virus to J.M. Allen
Creations. Whenever possible, free virus detection and removal software
such as this will be distributed. Individuals who write viruses, for
whatever reason, are sick, and we will do whatever possible to help other
members of the computer industry protect themselves from these individuals
who's lives are so pathetic that they must resort to inflicting hardship on
others for their own pleasure or benefit.
PLEASE READ THE FOLLOWING DISCLAIMER BEFORE USING THIS SOFTWARE!
Michael A. Hotz, nor J.M. Allen Creations, nor any person or entity
affiliated with either, will assume any responsibility for any situation
which occurs as a result, be it direct, or indirect, of the use of this
software. THE USER ASSUMES ALL RISK WHICH MAY BE ASSOCIATED WITH THE USE
OF THIS SOFTWARE. There are no warrantees whatsoever, expressed or
implied, as to the usefulness or effectiveness of this system for any
particular purpose. This software is provided as is, and is not guaranteed
to work on any particular machine, or under any particular hardware or
software configuration.
This software has been tested on our machines and was found to properly
remove the standard strain of the M. Angello Virus currently infecting IBM
compatible computers running an MS-DOS compatible operating system. It has
not been tested under any other operating system. Use of this software in
any way constitutes IMMEDIATE acceptance of these terms by the user.
VIRUS INFORMATION:
J.M. Allen Creations recently acquired a new computer system and discovered
that it was shipped to us infected with the Michelangelo Virus. We
promptly put our disassembler into high gear so we could understand how the
virus works. This enabled us to create MVCHECK to protect you from this
virus. For full details on this virus, see the enclosed file VIRUS.TXT,
but for completeness a short overview will be provided now.
The M. Angello virus is a boot / partition sector virus which infects
systems when an infected floppy is inserted in the A: drive and the system
is booted. The virus code moves the original boot partition from the hard
disk to an unused sector, and installs it's infected boot partition in it's
place. This same chain of events occurs when the virus infects a floppy
disk. Each time the system is booted from the infected disk, the virus
first checks to see if the current date is March 6, if this is the current
date, the virus starts erasing information at the beginning of the disk,
and continues until the system is re-booted. If the date is not March 6,
the virus simply installs a small piece of code in memory, and the system
boots up as normal. This small piece of resident code is used by the virus
to infect EVERY floppy disk that is accessed in any way in the A: drive.
Running a program, copying a file, listing the directory, or any other
operation involving the A: drive of the system will result in the floppy
being infected. This floppy then has the potential of infecting systems
just like the original floppy which infected the hard disk.
The enclosed program MVCHECK will check either the FIRST hard disk, the
FIRST floppy disk, or MEMORY to see if the virus has infected the disk or
is resident.
MVCHECK m - Instructs the program to check memory for the virus
MVCHECK h - Instructs the program to check the first hard disk
MVCHECK f - Instructs the program to check the disk in drive A:
If the program does not detect the virus, then you can be fairly sure that
it HAS NOT infected the disk you are checking. However, if your system was
some how infected by a similar virus, or even a new strain of the virus
that wasn't known at the time of this writing, you may not be safe. We are
asking anyone who finds a virus to please send the infected disk or file to
us so the code can be evaluated, and an antidote created and distributed.
If MVCHECK sounds a warning and displays a message indicating the
argumented disk IS infected, you then have the option of allowing MVCHECK
to remove the virus for you.
If MVCHECK isn't absolutely sure it can safely remove the virus, it
displays a message indicating this condition, and terminates. The only
reason this would happen is if the original boot/partition record is not
found on the disk where it is supposed to be. For further information, see
the VIRUS.TXT file.
You should start by booting your system with a WRITE PROTECTED BOOTABLE
SYSTEM DISK. If you have no bootable disks which you are SURE are NOT
infected, then you should first check your HARD DISK, and make sure that it
is clean. You should also check memory to make sure the virus isn't
resident. If the hard disk is clean and the virus is not resident, you can
proceed to checking floppies. If it is infected, once you have cleaned it,
you should RE-BOOT your system FROM THE HARD DISK. The key here is to make
sure that the virus is not resident in memory, otherwise any floppy disks
you clean with MVCHECK will be re-infected by the virus. You can use the M
argument to have MVCHECK test for the resident virus code.
If you have any trouble, questions, or other information on this or any
other virus, please contact JMAC at the address or phone number listed
below.
The MVCHECK.EXE program does an integrity check at run time. If the
program is modified in any way it will not run. This does NOT guarantee
that someone could not distribute a modified version. If you are at all
uncertain as to the authenticity of this software, contact JMAC.
J.M. Allen Creations
Michael A. Hotz
Senior Programmer
2107 Hayes Avenue
Fremont, Ohio 43420
(419) 334-5204
Compuserve Mail - 72200,1312
GEMail - MAHOTZ