home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Amiga Elysian Archive
/
AmigaElysianArchive.iso
/
virus
/
kv.lzh
/
kv.doc
< prev
Wrap
Text File
|
1989-11-26
|
4KB
|
80 lines
KV - KillVirus V2.1 11/26/89
KV will detect and remove three non-boot block viruses, the IRQ Ver 41.0
the Lamer Exterminator and the Bundesgrenzschutz Sektion 9 (BGS) virus.
KV will also detect and disable the XENO virus in executable files.
The Lamer virus will be removed from memory and any infected disks in
the drives.
Usage: kv -LIBA { filename ... }
-L or -l check for Lamer virus on all floppies
-B or -b check for BGS-9 virus on all floppies
-I or -i NAME check for IRQ and XENO virus on NAME
-A or -a do all of the above
`*' (unix style) wildcards allowed
ex. kv -i C:* or kv -i C: will check all files in C:
for the IRQ and XENO virus
kv DF0:C/ will check all files in DF0:C
The XENO virus while `harmless' attaches itself to almost any file that
is opened for either reading or writing while the virus is active. This
nasty can spread rather rapidly over a hard disk before it is detected.
KV will detect the infected files and `disable' the virus. By disable
I mean that the infectious portion of the virus will be neutralized but
not removed from the file. Unfortunetly, the XENO virus merges his
code with the existing code found in the first code hunk. Removal
requires excising the virus code and adjusting the relocation
information found in the RELOC_32 hunk. Rather than delay KV until it
can properly remove the infection, I decided to release this version
that will at least keep the virus from spreading. A future version
of KV will (hopefully) be able to remove the virus code - even the
disabled version.
KV will look on all floppy drives in the system for the Lamer and BGS
viruses.
Be aware that the IRQ virus attacks the file C:dir as well as the
first executable file that it finds listed in your startup-sequence
files. It is to your advantage to check all your disks startup files
and the first executable file referenced once infected with the IRQ
virus.
Also note that the new Lamer virus attaches itself to a disk as an
invisible file located in the root directory. It modifies the first
line of your Startup-Sequence file placing it's invisible name there.
KV will not modify your startup file. You must delete any blank lines
at the beginning of the file. If KV finds the Lamer virus on a disk
it will rename the invisible file to `DANGERVIRUS'. The virus won't
be automatically executed under that name - you may delete it at your
leisure.
The BGS virus finds the name of the first executable file in the
Startup-Sequence file and renames it to an invisible file in the
DEVS: directory. It then replaces the first file with the virus code
which will be executed on startup. During its execution it will
LoadSeg the invisible file and execute it.
===============
Ver 1.01 1/15/89
Minor changes:
Added more info on usage.
Now allow multiple filenames on the command line.
Appended `*' to filename if it ended with ':' or '/' this allows one
to check an entire directory such as KV C:
Changed message output format slightly. Virus found message is in
inverse video.
Used DisplayBeep() to flash screen if IRQ virus is found
Ver 2.0 9/1/89
Added tests for Lamer Exterminator and BGS viruses.
Added AutoRequest() for more positive indication of KV results.
Ver 2.1 11/26/89
Added test for XENO virus.
Added code to disable the XENO virus infection code.
