home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Amiga Elysian Archive
/
AmigaElysianArchive.iso
/
virus
/
nofuck.lha
/
NoFuck.doc
< prev
Wrap
Text File
|
1993-06-05
|
2KB
|
71 lines
* No Fuck 1.0 *
Anti Fuck-Virus
(C) 1993 by Luigi Galli
- THE FUCK VIRUS -
Fuck-Virus is a new dangerous link virus that patch your LoadWB with its
own routines so that each time you open the worbench the viris'll create
a new process (DiskDriver.proc) that runs as a normal AmigDOS process:
this means that no special system vector will be changed making the virus
no-detectable by programs like VirusKiller, BootX etc.
Once activated the virus will wait until the keyboard is untouched for some
minutes and then it'll start to randomly low-level format tracks on each disk
type device you have mounted with the word 'FUCKFUCKFUCK'.
- HOW TO PREVENT INFECTION -
Because it seems that fuck virus only infects the LoadWB command it's easy
to avoid its infection by checking if the LoadWB command differs from
the standard 'safe' version.
You can use NO FUCK to create a 'keyfile' that identifies your safe loadwb
and then use it to check the integrity of loadwb each time you boot the system.
EVEN IF A SINGLE BIT OF LOADWB IS ALTERED NOFUCK WILL DETECT THE CHANGES
AND YOU WILL BE ALERTED.
- HOW TO USE NO FUCK -
The first thing to do is to copy NoFuck in your C: directory (or somewhere in
the search path).
The second thing you need is a copy of LoadWb that is surely not infected by
the virus (e.g. in the Worbench X.X disk that comes with your Amiga).
Please note that a fuck-virus infected LoadWB:
1) is usually bigger than 3k.
2) contains the word 'FUCK'. (try TYPE C:LOADWB OPT H and take a look to
the ASCII dump on the right)
once the good LoadWB is copied to yor C: directory execute NO FUCK with the
-k option:
NoFuck -k
this will create a 'keyfile' in your S: directory that'll be used to check
if the virus started an infection.
Then just edit your startup sequence and put the command NoFuck BEFORE
LoadWB.
If NoFuck will detect changes to LoadWB it'll alert you with a WARNING
and the startup-sequence execution will be stopped.
The execution of the infected LoadWB will be prevented and you can replace
it with the safe one.
CREDITS:
Wouter van Oortmerssen who wrote the wonderful E COMPILER.
SkyLuke who provided an ill LoadWB.
Luigi Galli.
5/6/93