home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Fish 'n' More 2
/
fishmore-publicdomainlibraryvol.ii1991xetec.iso
/
disks
/
disk412.lzh
/
ZeroVirus
/
ZeroVirus.doc
< prev
next >
Wrap
Text File
|
1990-12-14
|
26KB
|
476 lines
*******************************************************************************
ZeroVirus v2.0
(c) Copyright 1989,1990 by Jonathan Potter
*******************************************************************************
See the bottom of this file for changes
INTRODUCTION
------------
Welcome to ZeroVirus!
This program is a complete virus detection, removal, and protection system.
Using ZeroVirus, you can check the bootblock of any disc. You can install
the disc (removing any virus that is present) with one of four different
bootblocks, and backup the bootblocks of your commercial programs to ensure
recovery from any viruses in the future.
You can also use ZeroVirus to check a directory or a whole disc for any known
file (link) viruses.
ZeroVirus uses BrainFiles to make updating easier. The BrainFiles contain
information that ZeroVirus uses to identify viruses and other bootblocks.
ZeroVirus has a LEARN option, whereby you may include in the BrainFile the data
necessary to recognise a certain bootblock in the future. ZeroVirus also has
"on-line" BrainFile editing, to make the procedure even easier.
You can iconify ZeroVirus to a small window on the Workbench screen. Here, it
runs in the background, checking every disc you insert in the drives.
STARTING ZEROVIRUS
------------------
To start ZeroVirus, double-click on the icon from Workbench, or type
"ZeroVirus" from the CLI.
ZeroVirus looks for the BrainFile (called "ZeroVirus.BrainFile") in either
the current directory, or in the S: directory, and if it is found, it will be
read in.
ZeroVirus then looks for the Palette file (called "ZeroVirus.Palette") in the
same places, and will read in your custom colours from that file if it can be
found.
MEMORY CHECKING
---------------
Once ZeroVirus has finished the above operations, memory is checked for any
known viruses. If any are found, they are automatically removed, and you are
notified of their presence.
After this, ZeroVirus checks a number of system vectors. The vectors checked
are WarmCapture, CoolCapture, ColdCapture, KickTagPtr (or RomTags), KickMemPtr
and KickCheckSum vectors. These should all normally be zero ($000000), and one
sign of a virus in memory is these vectors pointing somewhere else. If their
value is not $000000, you will be given the option to restore them to $000000.
Be careful here, because some legitimate programs, like Guardian, modify these
to their own purposes.
After this, you are prompted to press the left mouse button to continue.
MAIN MENU
---------
Several options are available from the main menu.
The BOOTBLOCKS gadget, or "BootBlocks" from the pull-down menu takes you into
the bootblock checking part of ZeroVirus.
Likewise, the FILES gadget, or "Files" from the pull-down menu takes you into
the file checking part of ZeroVirus.
The BRAINFILES gadget, or "BrainFiles" from the pull-down menu takes you into
the "on-line" BrainFile editor.
The LEAVE gadget gives you the option of either quitting or iconifying
ZeroVirus.
"Palette" from the pull-down menu allows you to edit the colours ZeroVirus
uses, and "Save Palette" allows you to save them for future use.
"About" displays some information about the program.
"Iconify" iconifies ZeroVirus.
"Quit" exits ZeroVirus.
BOOTBLOCKS
----------
This section of ZeroVirus allows you to work with the bootblocks of discs.
To check the bootblock of a disc, click on the icon of the drive the disc is
in. If no errors occur, the bootblock will be read and checked. If the
bootblock is recognised, its name and description will be displayed.
eg "Normal DOS bootblock."
"This disc is okay. Insert another disc to keep checking."
"ZeroVirus BigScreenTest bootblock"
"Check for PAL sized screen on bootup"
"SCA virus recognised!"
"This disc contains a virus! INSTALL it immediately!"
If the bootblock is not recognised, you will see
"Non-standard bootblock"
"Suggestion : BACKUP and INSTALL"
Under the description, the bootblock is displayed. Characters in white
represent standard bootblock characters; those in red represent non-standard
bootblock characters.
ZeroVirus detects disc changes, so to check another disc in the same drive,
simple eject the current disc and insert the new one.
Several options are available from a pull-down menu.
A "-->" in menu names indicates the presence of sub-menus. From top to bottom,
the menu options are :
BootBlock --> - This option allows you to select the bootblock that
will be written to discs when you install them.
Standard - This is the standard AmigaDOS 1.3 bootblock.
NoFastMem - This bootblock allows you to turn off all
auto-configuring expansion memory on bootup.
BigScreenTest - All PAL Amigas have a bug that causes an NTSC (200
line) screen to occasionally open on bootup,
instead of one the normal PAL size (256 lines).
This bootblock checks the size of the screen you
are about to boot into, and if it is <256 lines,
will give you a chance to reset the computer.
This eliminates the possibility of going through
a half hour long startup-sequence only to find at
the end that you have to reboot because of a short
screen.
AutoAddRAM - This bootblock allows you to automatically add one
chunk of non-autoconfiguring memory on bootup. When
you install a disc with this bootblock, you are
prompted for the starting and ending addresses of
the chunk, in hexadecimal. If you give no input to
this, the RAM from $f80000 to $fbfffe present in
Amiga 1000s with Kickstart in ROM is assumed.
Install - This option installs the disc in the currently
selected drive, with the selected bootblock.
Learn - This option allows you to learn the bootblock of the
disc in the currently selected drive.
ZeroVirus recognises bootblocks by checking eight
characters. If all characters match the required
characters, ZeroVirus recognises the bootblock.
When you select learn, eight characters in the
bootblock view are highlighted. These are the eight
characters ZeroVirus has picked to recognise the
bootblock by. Unfortunately, ZeroVirus cannot
distinguish between code and text. Since text in
a bootblock can be changed relatively easily, it is
not a good idea to learn text bytes.
If it is obvious that ZeroVirus has picked some
text bytes to learn, you may reselect the bytes
yourself.
A maximum of eight characters may be highlighted at
once.
To toggle a character on or off, click on it with
the left mouse button.
You may pick eight or less characters.
Once you have finished picking characters, click
in the centre of the screen where you are told to.
You are now prompted for the name of the bootblock.
To cancel the learn operation, just press return
for this.
Once you have entered the name, you are asked
for a description. If the bootblock you have just
learnt is a virus, just press return for this.
Names and descriptions may be 80 characters at the
most.
Learn only learns to memory - the bootblock is
not recorded to the BrainFile on disc until you
do so from the BrainFile editing menu.
Force Learn - It may happen occasionally that the bootblock of the
disc you wish to learn has the same bytes in the same
places as a bootblock ZeroVirus has learnt previously.
In this case, Learn will complain that ZeroVirus
already knows this bootblock.
You may now learn the bootblock with Force Learn,
and pick some different bytes.
The bootblock will still not be recognised, however,
as the first bootblock is before this one in the list.
To overcome this problem, you may re-arrange the order
of bootblocks in the BrainFile from the BrainFile
editing menu.
Backup --> - These options allow you to manipulate bootblocks
as disc files.
Backup - Many programs employ custom bootblocks. These
bootblocks may be for fast loaders, intros, etc.
Many of these programs depend on their custom
bootblock. If this bootblock is overwritten with a
virus, the program will no longer work.
Backup allows you to backup a bootblock to a disc
file, for future retrieval.
When Backup is selected, a file requester appears for
you to enter the name you wish to save the bootblock
as. The name of the disc is automatically entered as
the filename, but this may be edited.
Once you have chosen the name, you are asked to
enter an optional comment for the bootblock (maximum
40 characters).
Providing no errors occur, the bootblock will be
saved to the file.
It is a good idea to keep all bootblocks in the same
directory, and an even better idea to keep a backup
of the disc containing the bootblocks.
Restore - Restore allows you to restore a previously backed-up
bootblock to the disc in the selected drive.
Selecting this opens the file requester, prompting
you for the name of the bootblock you wish to restore.
Catalogue - Catalogue allows you to generate a catalogue of all
the backed-up bootblocks in a specified directory.
Selecting this opens a requester with various gadgets
allowing you to configure the catalogue.
CATALOGUE TO FILE and CATALOGUE TO PRINTER allow you
to send the generated catalogue to a disc file, or to
the printer (PRT:).
INCLUDE COMMENTS and INCLUDE DATES allow you to
select whether comments and dates are included in the
catalogue.
SORT BY NAME, COMMENT and DATE allow you to turn
catalogue sorting on or off, and select which
item the catalogue is sorted by.
GENERATE CATALOGUE opens the file requester, allowing
you to select the directory containing the bootblocks
you wish to catalogue. Only bootblocks saved with
ZeroVirus are included in the catalogue.
View Saved - This allows you to view a saved bootblock. Selecting
it opens the file requester, prompting you for the
name of the bootblock you wish to view.
Compare Saved - This allows you to compare the bootblock of the disc
in the selected drive with a bootblocks saved to a
disc file. The saved bootblock is the one actually
shown. Conflicting characters are shown in red;
identical characters are shown in white.
Print Saved - This allows you to dump a saved bootblock to the
printer (PRT:). The bootblock is printed in both
hexadecimal and ASCII.
Print - This allows you to dump the bootblock of the disc in
the selected drive to the printer (PRT:).
Toolkit --> - These options allow you to manipulate bootblocks in
special ways.
UnInstall - UnInstall un-installs a disc, leaving the bootblock
the same as if the disc had just been formatted.
Fix Checksum - This fixes the checksum of the bootblock, and makes
it bootable.
No Checksum - This zeroes the checksum of the bootblock, and makes
it non-bootable.
Copy Block - This allows you to copy the bootblock of the disc
in the selected drive to a disc in another drive.
After selecting this, click on the drive that you
want to copy the bootblock to, or click on the same
drive to cancel the operation.
Main Menu - This option returns you to the main menu.
FILES
-----
This section of ZeroVirus allows you to check files for file (link) viruses.
When selected, the screen clears and the file requester opens. You may now
select the directory you wish to check (don't worry about the filename).
When the directory has been chosen, you are asked if you wish to check all
the sub-directories as well. This allows you to check a whole disc at once, if
necessary.
You are now asked if you want any viruses to be automatically removed. If you
answer positively to this, any file viruses found will be removed
automatically, unless a user action is unavoidable (eg an error occurs).
The files are now checked. The filenames are displayed on the screen as they
are being checked.
File viruses are not learnt in BrainFiles. Therefore, ZeroVirus will be
updated if and when new file viruses appear.
Currently recognised file viruses are :
IRQ virus - This virus attaches itself to the first command in the
startup-sequence.
BGS9 virus - Also known as the TTV1 virus, this one replaces the
first command in the startup-sequence with itself, and
places the original file in a hidden file in DEVS:
If this virus is found, ZeroVirus will also give you
the option of trying to replace the original file.
Even if automatic virus removal is on, user input is
required here, as ZeroVirus has no idea where the DEVS:
directory on that disc is (in relation to the current
directory). The file requester is opened for this.
LAMER virus - This virus is usually disguised as a hidden file, and
inserts a line calling itself in the startup-sequence.
If a file called "startup-sequence" is found, it will
be checked to see if it calls this virus. The virus
calls itself a name consisting of (in hex) A0
(160 decimal). These are invisible as normal ASCII.
If any of these are found in the "startup-sequence",
ZeroVirus can remove them.
BRAINFILES
----------
The "on-line" BrainFile editor allows you to easily edit the current
BrainFile.
The name of all bootblocks known by the current BrainFile are displayed on
the screen, along with their comments.
You may scroll the selector-bar up and down the list of bootblocks with the
UP and DOWN gadgets at the bottom of the screen, or with the Move menu.
Several options are available from a pull-down menu; these are :
New - This option discards the BrainFile in memory at the
moment, and begins a new one. Be careful with this;
there is no undo feature.
Load - This option allows you to load a BrainFile from disc
into memory, replacing the BrainFile in memory at the
moment. The file requester is used to allow you to
select the BrainFile.
Note that BrainFiles need not be called
"ZeroVirus.BrainFile" - they may be called anything, and
kept anywhere. However, they will not be read in
automatically when ZeroVirus is run unless they are.
Save - This option allows you to save the BrainFile in
memory to disc. The file requester is used to allow
you to select the name.
The User Update count of the current BrainFile is
incremented everytime you Save.
Edit --> - These options allow you to make changes to the entries
in the BrainFile.
Move - Move allows you to reposition an entry in the BrainFile.
When selected, you may move the selector-bar to the
position you wish the entry to be moved to.
Press the right mouse button when the bar is in the
correct position. You are then asked if you wish the
entry to be moved above or below the current position.
To cancel this, press the right mouse button without
moving the bar.
Rename - This allows you to change the name and description of
the highlighted entry.
Delete - This allows you to delete the highlighted entry from
the BrainFile.
Merge - The Learn option allows you to include your own
bootblocks in the BrainFile. However, new BrainFiles
issued by the author will not, of course, contain these,
and so you would have had to Learn them all again.
Merge allows you to, effectively, join the current
BrainFile with one on disc. However, the "new" BrainFile
will not contain any repeated entries.
Move --> - These options allow you to move around the current
BrainFile.
Entry Up - Moves you one entry up. Identical to pressing the UP
gadget.
Entry Down - Moves you one entry down. Identical to pressing the DOWN
gadget.
Page Up - Moves you one page (13 entries) up.
Page Down - Moves you one page (13 entries) down.
Top - Moves you to the top of the BrainFile.
Bottom - Moves you to the bottom of the BrainFile.
Main Menu - This option returns you to the main menu.
PALETTE
-------
The palette requester has several gadgets to enable you to set the colours of
the screen. The coloured squares at the top of the window let you select
which colour you wish to work with. Underneath these is a window-wide bar,
which is filled with the current colour, and displays (in hex) the value of
the colour.
Under this are six slider gadgets. The first three, R, G and B enable you to
set the red, green and blue content of the current colour. The next three,
H, S and L enable you to set the hue, saturation and luminance of the
current colour.
Under these are six other gadgets.
- COPY allows you to copy the current colour to the next selected colour.
- SPREAD allows you to evenly spread the colours between the current
colour and the next selected colour.
- RESET allows you to reset to the palette in use when the Palette
Requester was first invoked. Also, pressing the ESCape key has this
effect, so if you accidentally set all the colours to black (or
something), just press ESCape.
- DEFAULT returns the colours to their default settings.
- OKAY accepts the current colour settings and exits the palette requester.
- CANCEL rejects the colour settings and exits the palette requester.
Clicking the close gadget also has this effect.
ICONIFY
-------
Iconify closes the ZeroVirus window and screen, and opens a small window on
the Workbench screen. ZeroVirus now behaves very much like the PD program
VirusX. Unlike VirusX, however, it also contains a title bar clock and memory
monitor. The current time is displayed (and updated) along with the amount of
chip and fast memory available in the system.
When the iconified window first opens, all discs present are checked for
viruses or non-standard bootblocks. If they have viruses or other non-standard
bootblocks on them, a requester appears, asking you if you wish to return to
ZeroVirus. If the bootblock is a virus, you are not told which virus it is.
You will find this out when you return to ZeroVirus.
You are only notified if the bootblock is a virus, or if it is an unknown,
non-standard bootblock.
After all discs have been checked, the clock starts and continues updating.
Every time a disc is changed, that disc is automatically checked, and the
same procedure as above follows.
To return to ZeroVirus from the iconified window, activate the window and
press the right mouse button. To exit ZeroVirus without returning to the main
program, click the close gadget.
If, from the CLI, ZeroVirus is run with the "-i" option, ie
ZeroVirus -i
it will start up in the iconified mode.
You may also, from the CLI, specify the x and y locations of the iconified
window.
ZeroVirus -xnum1 -ynum2
will set the left edge of the window to num1, and top edge to num2. You may
use -i, -x and -y in any order, and they are all optional.
ABOUT
-----
ZeroVirus is NOT public domain, although it is freely redistributable. It is
under NO circumstances to be sold, or included on any product for profit,
without prior permission from me. ZeroVirus may be copied and used freely.
If you have any comments or bug reports, or find any new viruses, please
send them to me.
THE END
-------
ZeroVirus is an easy program to use. I hope it becomes a program you use
regularly to guard against the battery of viruses on the Amiga. If programs
like this are used regularly by everyone, viruses on the Amiga could one day
become a thing of the past.
PLEASE send any new viruses, or suspected viruses, to me at the address below.
Or, if you live in Europe, send them to
Erik Løvendahl Sørensen
Snaphanevej 10
4720 Præstø
Denmark
and Erik will pass them along to me.
To contact the author, write to
Jonathan Potter
3 William Street
Clarence Park S.A. 5034
Australia
ph : (08) 2932788
------------------------------------------------------------------------------
Changes ZeroVirus v2.27 21-Jan-1990
1. About ZeroVirus III menu added (see accompanying doc file)
2. Fixed various problems to do with memory checking. Byte Bandit is now
killed properly, as are at least two strains of Lamer.
3. Added XENO virus checking.
The XENO virus is a file virus that hooks itself onto certain ROM routines,
which result in it being able to attach itself to almost every file. This
means, of course, that it can spread very quickly. ZeroVirus does not remove
the XENO code from an infected program, but it does disable it, rendering it
harmless.
------------------------------------------------------------------------------
