home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Shareware Overload
/
ShartewareOverload.cdr
/
utils
/
condom.zip
/
CONDOM.DOC
next >
Wrap
Text File
|
1988-05-30
|
5KB
|
141 lines
DOCUMENTATION FOR CONDOM.ARC - May 30, 1988
"The only protection against the virus, short of total
abstinence is the use of a condom."
I first became aware of the existence of the software
virus in magazine articles, and I wondered what I could do to
protect my computer from their insidious attack. The prime
target was usually reported to be COMMAND.COM, although just
about any program could be its target.
I reasoned that if I could compare COMMAND.COM against a
known healthy copy, I could be sure that at least it had not
been contaminated. I figured I would use FC.EXE (file compare)
that came with MS-DOS, in my AUTOEXEC.BAT file to check
COMMAND.COM each time I booted up, and if there was a
difference, flag it so I could replace COMMAND.COM before any
damage was done.
Let me regress for a minute. The demented individuals who
write these viruses, want to make sure it gets spread around,
so they design them to work a few days, or a few bootups after
the virus installs itself. It is done this way to insure that
the virus will be spread by formatting other diskettes, or
looking at a directory in another drive that contains the
program the virus installs itself in (usually COMMAND.COM).
This being the case, you can most likely catch it when you
bootup the computer for the next session. If it did its dirty
work immediately, I would call it a 'Trojan Horse' problem, and
that requires different techniques, although you could use some
of those protection methods along with the one I am describing
to get close to 100% protection.
I wanted the bootup to be automatic, stopping only if
COMMAND.COM was changed. Using FC.EXE would not work as it
doesn't send an errorlevel code after it terminates, so I
decided to write my own 'File Compare' utility that would
output an errorlevel code. I wanted it to be fast, and it
would not have to show every byte that was different, just tell
me that the two files were not identical. I could use FC.EXE
later to get a complete report of the differences.
I called my program FCBIN.EXE (File Compare Binary), it is
written in Turbo Pascal vers 4.0, and it will compare any file,
reporting all the general differences, such as, Date, Length,
and that the bytes did not compare. It also tells you at which
byte the first difference occured.
I decided to check all my files in the root directory as
well, by creating a sub-directory called ZROOT in which were
placed uncontaminated copies of all the files in the root
directory. The file copies were renamed for additional safety,
COMMAND.COM is called CMD.BAK, CONFIG.SYS is called CFG.BAK,
etc. The following examples show the contents of my root
directory, the ZROOT directory, and the contents of my
AUTOEXEC.BAT file.
Directory of C:\
AUTOEXEC BAT 711
DMDRVR BIN 7699
COMMAND COM 23612
ANSI SYS 1651
CONFIG SYS 104
MSMOUSE SYS 6732
Directory of C:\ZROOT
ANS BAK 1651
ATX BAK 711
CFG BAK 104
CMD BAK 23612
DMD BAK 7699
MSM BAK 6732
Contents of AUTOEXEC.BAT
echo off
cls
fcbin \command.com \zroot\cmd.bak
if errorlevel 1 goto :stop
fcbin \ansi.sys \zroot\ans.bak
if errorlevel 1 goto :stop
fcbin \msmouse.sys \zroot\msm.bak
if errorlevel 1 goto :stop
fcbin \config.sys \zroot\cfg.bak
if errorlevel 1 goto :stop
fcbin \dmdrvr.bin \zroot\dmd.bak
if errorlevel 1 goto :stop
fcbin \autoexec.bat \zroot\atx.bak
if errorlevel 1 goto :stop
if errorlevel 0 goto :finish
:stop
echo This file is different!
echo Hit Ctrl-C to terminate batch file.
pause
:finish
Of course you can also have the AUTOEXEC.BAT file run the
programs of your choice, and also have FCBIN check any file you
might be concerned about.
When setting this system up, you should carefully perform
the following steps:
1. Using a cherry, uncontaminated copy of DOS, bootup the
computer from a diskette in drive A:, NOT FROM THE HARD DISK.
2. Copy COMMAND.COM from the diskette over the COMMAND.COM on
the hard drive.
3. Copy COMMAND.COM into your backup sub-directory, renaming
it as you copy it.
4. Copy your CONFIG.SYS file to the backup sub-directory,
renaming it as you copy it.
5. Copy any other files you want to check on bootup into your
backup sub-directory, renaming them as you copy them.
6. Change your AUTOEXEC.BAT file to include the file compare
routines demonstrated in the above example, and then copy it
into your backup sub-directory, renaming it as you copy it.
7. Place FCBIN.EXE either in your root directory, or into a
sub-directory with a path to it.
8. Reboot and check it out.
FCBIN.EXE will output an errorlevel of zero (0) if the
files are identical, and a one (1) if they are different. It
will send its report to the screen, or to a file if you desire.
You can suppress all output (except the errorlevel code - of
course), by using the '/s' command line option when you run
FCBIN. Just type FCBIN without any parameters to get a short
help screen.