Shareware Overload

home *** CD-ROM | disk | FTP | other *** search

/ Shareware Overload / ShartewareOverload.cdr / virus / virusck.zip / README < prev next >

Wrap

Text File | 1988-02-21 | 4KB | 98 lines

Matt Cohen VIRUSCK.EXE - PO Box 10589 Written in 'C' State College, PA 16805-0589 Turbo or Microsoft C Source code: 83 lines Object Code: 12k Requires: DOS 2.0 or greater. Virus Check Program: VIRUSCK.EXE I am a graduate student in Electrical Engineering at the Pennsylvania State University. As part of preparation for my thesis work at the Engineering Computer Laboratory, I have written a program which I think will be useful in detecting viruses. A computer virus is a program which attaches itself to another program (or itself) when run, causing that program to also act as a virus. The normal function of the program can then be performed, leaving you with no clue of the virus's existence. It is extremely difficult to guard a computer system against a virus. Anywhere there are shared programs, there is the potential for a virus to cause damage and spread unchecked and even undetected. For example, a compiler which compiles another version of itself is a virus. If you suspect a program may a virus, this program MAY be able to find it before it can do any real damage to your system (and before you can spread it) This program attempts to detect a virus in two ways: 1. It notes whether a program changes it's size or modification time. 2. It tells you if any named files had sizes or times changed. Note that either of these two conditions does not guarantee a virus, but gives an indicator (particularly '1') of a possible virus. It is also possible that a virus will bypass the detection scheme. Unfortunately, if a virus is detected, it will have already infected itself or another (possibly unknown) program. If this happens you may be able to tell which program was infected by looking for the program(s) with the newest modification time. You should make a backup of your hard disk and all the files you intend to check (including virusck.exe) before you use this program! Put them on a write protected bootable disk. Also read the file VIRUSCK.DOC and the software license before you use the program. WHAT TO DO IF YOU THINK YOU HAVE FOUND A VIRUS: If you type A:>virusck COMMAND.COM A:>exit and you get a message saying the sizes or times are different, first write down all the numbers, and then: 1. Immediately reboot off a known good (write protected) system disk. 2. Copy the infected COMMAND.COM to a blank formatted disk. 3. Do a directory of the infected disk, noting all the file access times and look for times that match the time when you ran virusck. These files are probably also infected. You also should check the 'hidden' system files (using Norton, or PCTOOLS, or one of the many utility programs). 4. Copy all the infected files to the blank disk. SEND me the disk IMMEDIATELY!! I may be able to find a way to kill the virus. 5. Copy your backup copy of all the infected files, overwriting the possibly infected ones. 6. Run virusck on the old COMMAND.COM again. If you get the same message you are in trouble. You can try again on another backup copy, if you have one. If you are already infected on your backups, You will have to find a way to rid yourself of the virus (throwing away the backups and starting again with all new software is one way). If you are not convinced about the validity of the virusck program, do the following: 1. Try and get another copy from a different bulletin board. 2. Look at the binary files using strings.exe, debug, or a disk editor. 3. Use the flushot program. 4. Write protect everything. If you are still not convinced, I will send you the 'C' source code for $10.00 with the stated condition in writing from you that you won't distribute it and will use it only for validity testing purposes.