home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Amiga Elysian Archive
/
AmigaElysianArchive.iso
/
virus
/
zerovir2.lha
/
Zerovirus.Doc
< prev
next >
Wrap
Text File
|
1989-11-15
|
19KB
|
340 lines
-------------------------
ZEROVIRUS 2.0
© 1989 by Jonathan Potter
-------------------------
ZeroVirus is a complete virus detection, removal and protection system.
With it you can check the bootblock of any disk. You can install the disk,
removing any virus that is present, with one of four different bootblocks,
and back up the bootblocks of your commercial programs to ensure recovery
from any future viruses that overwrite required bootblock data.
You can also use ZeroVirus to check a directory or a whole disk for any
known file (link) viruses.
ZeroVirus uses BrainFiles to make updating easier. The BrainFiles
contain information the program uses to identify viruses and other
bootblocks.
ZeroVirus has a LEARN option, whereby you may include in the BrainFile
the data necessary to recognize a certain bootblock in the future. ZeroVirus
also has "on-line" BrainFile editing to make the procedure even easier.
You can iconify ZeroVirus to a small window on the Workbench screen.
Here, it runs in the background, checking every disk you insert in the
drives.
STARTING ZEROVIRUS
To start ZeroVirus, double-click the icon or from the CLI or Shell type:
[path]zerovirus (press Return)
ZeroVirus looks for the file called "ZeroVirus.BrainFile" in either the
current directory or in the S: directory. If found, it will be read in.
The program then looks for the Palette file called "ZeroVirus.Palette"
in the same places and will read in your custom colors from that file if it
can be found.
MEMORY CHECKING
Once ZeroVirus has finished the above operations, memory is checked for any
known viruses. If any are found they are automatically removed and you are
notified of their presence.
After this, ZeroVirus checks a number of system vectors. The vectors
checked are WarmCapture, CoolCapture, ColdCapture, KickTagPtr (or RomTags),
KickMemPtr and KickCheckSum vectors. These should all normally be zero
($000000). One sign of a virus in memory is these vectors pointing somewhere
else. If their value is not $000000, you will be given the option to restore
them to $000000.
Be careful here, because some legitimate programs, like Guardian,
modify these for their own purposes.
Next you are prompted to press the left mouse button to continue.
MAIN MENU
Several options are available from the main menu.
The BOOTBLOCKS gadget or "BootBlocks" from the pulldown menu takes you
into the bootblock-checking part of the program.
Similarly, the FILES gadget or "Files" from the pulldown menu takes
you into the file-checking part of ZeroVirus.
The BRAINFILES gadget or "BrainFiles" from the pulldown takes you into
the on-line BrainFile editor.
The LEAVE gadget gives you the option of either quitting or iconifying
ZeroVirus.
"Palette" from the pulldown allows editing the colors ZeroVirus uses and
"Save Palette" saves them for future use.
"About" displays some information about the program.
"Iconify" iconifies ZeroVirus.
"Quit" exits ZeroVirus.
BOOTBLOCKS
This section of ZeroVirus allows you to work with the bootblocks of
disks.
To check the bootblock of a disk, click on the icon of the drive the
disk is in. If no errors occur, the bootblock will be read and checked. If
the bootblock is recognized, its name and description will be displayed.
Here are some of the messages you may see:
"Normal DOS bootblock."
"This disk is okay. Insert another disk to keep checking."
"ZeroVirus BigScreenTest bootblock"
"Check for PAL sized screen on bootup"
"SCA virus recognised!"
"This disk contains a virus! INSTALL it immediately!"
If the bootblock is not recognized, you will see:
"Non-standard bootblock"
"Suggestion : BACKUP and INSTALL"
Under the description, the bootblock is displayed. Characters in white
represent standard bootblock characters. Those in red represent non-standard
bootblock characters.
ZeroVirus detects disk changes, so to check another disk in the same
drive, eject the current disk and insert the new one.
PULLING DOWN OPTIONS
Several options are available from a pulldown menu.
A "-->" in menu names indicates the presence of sub-menus. From top to
bottom, the menu options are :
BootBlock --> - This option allows you to select the bootblock that
will be written to disks when you install them.
Standard - This is the standard AmigaDOS 1.3 bootblock.
NoFastMem - This bootblock allows you to turn off all auto-configuring
expansion memory on bootup.
BigScreenTest - All PAL Amigas have a bug that causes an NTSC (200
line) screen to occasionally open on bootup, instead of one the normal PAL
size (256 lines). This bootblock checks the size of the screen you are about
to boot into, and if it is less than 256 lines, will give you a chance to
reset the computer. This eliminates the possibility of going through a long
startup-sequence only to find at the end you must reboot because of a short
screen.
AutoAddRAM - This bootblock allows you to automatically add one chunk
of non-autoconfiguring memory on bootup. When you install a disk with this
bootblock, you are prompted for the starting and ending addresses of the
chunk, in hexadecimal. If you give no input to this, the RAM from $f80000 to
$fbfffe present in Amiga 1000s with Kickstart in ROM is assumed.
Install - This option installs the disk in the currently selected drive
with the selected bootblock.
Learn - This option allows you to learn the bootblock of the disk in
the currently selected drive. ZeroVirus recognizes bootblocks by checking
eight characters. If all characters match the required characters, ZeroVirus
recognizes the bootblock. When you select learn, eight characters in the
bootblock view are highlighted. These are the eight characters ZeroVirus has
chosen to use to recognize the bootblock. Unfortunately, ZeroVirus cannot
distinguish between code and text. Since text in a bootblock can be changed
relatively easily, it is not a good idea to learn text bytes.
If it is obvious ZeroVirus has picked some text bytes to learn, you
may reselect the bytes yourself.
A maximum of eight characters may be highlighted at once. To toggle a
character on or off, click on it with the left mouse button. You may choose
eight or fewer characters. Once you have finished picking characters, click
in the center of the screen where you are told to. You are then prompted for
the name of the bootblock.
To cancel the learn operation, press Return. Once you have entered the
name, you are asked for a description. If the bootblock you have just
learned is a virus, press Return. Names and descriptions may be 80
characters at the most.
Learn only learns to memory - the bootblock is not recorded to the
BrainFile on disk until you do so from the BrainFile editing menu.
Force Learn - It may happen occasionally that the bootblock of the disk
you wish to learn has the same bytes in the same places as a bootblock
ZeroVirus has learned previously. In this case, Learn will complain
ZeroVirus already knows the bootblock. You may now learn the bootblock with
Force Learn and pick some different bytes. The bootblock will still not be
recognized, however, as the first bootblock is before this one in the list.
To overcome this problem, you may rearrange the order of bootblocks in the
BrainFile from the BrainFile editing menu.
BACKING IT UP
Backup --> - These options allow you to manipulate bootblocks as disk
files.
Backup - Many programs employ custom bootblocks. These bootblocks may
be for fast loaders, intros, etc. Many of these programs depend on custom
bootblocks. If this bootblock is overwritten with a virus, the program will
no longer work. Backup allows you to back up a bootblock to a disk file for
future retrieval.
When Backup is selected, a file requester appears for you to enter the
name by which you wish to save the bootblock. The name of the disk is
automatically entered as the filename, but this may be edited. Once you have
chosen the name, you are asked to enter an optional comment for the
bootblock (maximum 40 characters). Providing no errors occur, the bootblock
will be saved to the file.
It is a good idea to keep all bootblocks in the same directory and an
even better idea to keep a backup of the disk containing the bootblocks.
Restore - Restore allows you to restore a previously backed-up
bootblock to the disk in the selected drive. Selecting this opens the file
requester, prompting you for the name of the bootblock you wish to restore.
Catalogue - Generate a catalogue of all the backed-up bootblocks in a
specified directory. Selecting this opens a requester with various gadgets,
allowing you to configure the catalogue.
CATALOGUE TO FILE and CATALOGUE TO PRINTER allow you to send the
generated catalogue to a disk file, or to the printer (PRT:).
INCLUDE COMMENTS and INCLUDE DATES allow you to select whether comments
and dates are included in the catalogue.
SORT BY NAME, COMMENT and DATE allow you to turn catalogue sorting on
or off, and select which item the catalogue is sorted by.
GENERATE CATALOGUE opens the file requester, allowing you to select the
directory containing the bootblocks you wish to catalogue. Only bootblocks
saved with ZeroVirus are included in the catalogue.
View Saved - This allows you to view a saved bootblock. Selecting it
opens the file requester, prompting you for the name of the bootblock you
wish to view.
Compare Saved - Compares the bootblock of the disk in the selected
drive with a bootblocks saved to a disk file. The saved bootblock is the one
actually shown. Conflicting characters are shown in red; identical characters are shown in white.
Print Saved - This allows you to dump a saved bootblock to the printer
(PRT:). The bootblock is printed in both hexadecimal and ASCII.
Print - This allows you to dump the bootblock of the disk in the
selected drive to the printer (PRT:).
Toolkit --> - These options allow you to manipulate bootblocks in
special ways.
UnInstall - UnInstall un-installs a disk, leaving the bootblock the
same as if the disk had just been formatted.
Fix Checksum - Fixes checksum of bootblock and makes it bootable.
No Checksum - Zeroes the checksum of the bootblock and makes it
non-bootable.
Copy Block - Copies bootblock of the disk in the selected drive to a
disk in another drive. After selecting this, click on the drive to which you
want to copy the bootblock or click on the same drive to cancel the operation.
Main Menu - Returns to the main menu.
FILES
This section of ZeroVirus allows you to check files for file (link)
viruses. When selected, the screen clears and the file requester opens. You
may now select the directory you wish to check. Don't worry about the file
name. When the directory has been chosen, you are asked if you wish to check
all the sub-directories as well. This allows you to check an entire disk at
once, if necessary.
You are now asked if you want any viruses to be automatically removed.
If you answer positively to this, any file viruses found will be removed
automatically, unless a user action is unavoidable, such as an error. The
files are now checked. The file names are displayed on the screen as they
are being checked.
File viruses are not learned in BrainFiles. Therefore, ZeroVirus will
be updated if and when new file viruses appear.
VIRUSES I HAVE KNOWN
Currently recognized file viruses are listed:
IRQ virus - Attaches itself to the first command in the
startup-sequence.
TTV1 virus - Also known as the BGS9 virus, this one replaces the
first command in the startup-sequence with itself and places the original
file in a hidden file in DEVS:. If this virus is found, ZeroVirus will also
give you the option of trying to replace the original file. Even if
automatic virus removal is on, user input is required here, as ZeroVirus has
no idea of the location of the DEVS: directory on that disk in relation to
the current directory. The file requester is opened for this.
LAMER virus - Usually disguised as a hidden file and inserts a line
calling itself in the startup-sequence. If a file called "startup-sequence"
is found, it will be checked to see if it calls this virus. The virus calls
itself a name consisting of (in hex) A0 (160 decimal). These are invisible
as normal ASCII. If any of these are found in the "startup-sequence"
ZeroVirus can remove them.
BRAINFILES
The "on-line" BrainFile editor allows you to easily edit the current
BrainFile.
The name of all bootblocks known by the current BrainFile are displayed
on the screen, along with their comments.
You may scroll the selector-bar up and down the list of bootblocks with the
UP and DOWN gadgets at the bottom of the screen, or with the Move menu.
Several options are available from a pulldown menu:
New - Discards the BrainFile in memory at the moment and begins a new
one. Be careful with this; there is no undo feature.
Load - Loads a BrainFile from disk into memory, replacing the BrainFile
in memory at the moment. The file requester is used to allow you to select
the BrainFile.
Save - This option allows you to save the BrainFile in memory to disk.
The file requester is used to allow you to select the name. The User Update
count of the current BrainFile is incremented every time you Save.
EDITING
Edit --> - These options allow you to make changes to the entries
in the BrainFile.
Move - Move allows you to reposition an entry in the BrainFile. When it
is selected, you may move the selector-bar to the position where you wish
the entry to be. Press the right mouse button when the bar is in the correct
position. You are then asked if you wish the entry to be moved above or
below the current position. To cancel this, press the right mouse button
without moving the bar.
Rename - Changes the name and description of the highlighted entry.
Delete - Deletes the highlighted entry from the BrainFile.
Merge - Lets you include your own bootblocks in the BrainFile. However,
new BrainFiles issued by the author will not, of course, contain these, and
so you would have had to Learn them all again. Merge allows you to,
effectively, join the current BrainFile with one on disk. However, the "new"
BrainFile will not contain any repeated entries.
MOVING
Move --> - These options allow you to move the current BrainFile.
Entry Up - Moves one entry up. Identical to pressing the UP gadget.
Entry Down - Moves one entry down. Identical to pressing DOWN gadget.
Page Up - Moves one page (13 entries) up.
Page Down - Moves one page (13 entries) down.
Top - Moves to the top of the BrainFile.
Bottom - Moves to the bottom of the BrainFile.
Main Menu - Returns to the main menu.
PALETTE
The palette requester has several gadgets to enable you to set the
colors of the screen. The colored squares at the top of the window let you
select which color to work. Underneath these is a window-wide bar, which is
filled with the current color and displays hex value of the color. Under
this are six slider gadgets. The first three, R, G and B enable you to
set the red, green and blue content of the current color. The next three,
H, S and L, enable you to set the hue, saturation and luminance of the
current color. Under these are six other gadgets.
- COPY - Copy the current color to the next selected color.
- SPREAD - Evenly spread the colors between the current color and the
next selected color.
- RESET - Reset to the palette in use when the Palette Requester was
first invoked. Also, pressing the ESCape key has this effect, so if you
accidentally set all the colors to black, press ESC.
- DEFAULT - Returns colors to their default settings.
- OKAY - Accepts current color settings and exits palette requester.
- CANCEL rejects color settings and exits the requester. Clicking the
close gadget also has this effect.
ICONIFY
Iconify closes the ZeroVirus window and screen and opens a small
window on the Workbench screen. ZeroVirus now behaves very much like the PD
program VirusX. Unlike VirusX, however, it also contains a title bar clock
and memory monitor. The current time is displayed (and updated) along with
the amount of chip and fast memory available in the system.
When the iconified window first opens, all disks present are checked
for viruses or non-standard bootblocks. If such are found, a requester
appears, asking you if you wish to return to ZeroVirus. If the bootblock is
a virus, you are not told which virus it is. You will find this out when you
return to ZeroVirus. You are only notified if the bootblock is a virus, or
if it is an unknown, non-standard bootblock.
After all disks are checked, the clock starts and continues updating.
Each time a disk is changed, it is automatically checked and the same
procedure as above follows.
To return to ZeroVirus from the iconified window, activate the window
and press the right mouse button. To exit ZeroVirus without returning to the
main program, click the close gadget.
If, from the CLI, ZeroVirus is run with the "-i" option, that is:
ZeroVirus -i (press Return)
. . .it will start up in the iconified mode.
You may also, from the CLI, specify the x and y locations of the
iconified window:
ZeroVirus -xnum1 -ynum2 (press Return)
. . . will set the left edge of the window to num1, and top edge to num2.
You may use -i, -x and -y in any order, and they are all optional.
ABOUT
ZeroVirus is NOT public domain. It is under NO circumstances to be
sold or included on any product for profit without prior permission from me.
ZeroVirus may be copied and used freely. A $25 donation will get you
the latest version of program and BrainFile, a printed manual that is much
more detailed than these instructions, and a satisfied conscience.
Also, if you have any comments or bug reports, or find any new viruses,
please send them to me.
It is an easy program to use. I hope it becomes a program you use
regularly to guard against the battery of viruses on the Amiga. If programs
like this are used regularly by everyone, viruses on the Amiga could one day
become a thing of the past.
To contact the author, write Jonathan Potter, 3 William St., Clarence
Park S.A. 5034, Australia. Phone (08) 2932788.
END OF TEXT
