Fish 'n' More 1

home *** CD-ROM | disk | FTP | other *** search

/ Fish 'n' More 1 / FishNMoreVol1.bin / more / virus / novirus / novirus.doc < prev next >

Wrap

Text File | 1989-06-05 | 21KB | 406 lines

NOVIRUS V1.56 Dated 19th January 1989 BY NIC WILSON THIS VERSION OF NOVIRUS SUPERCEDES ALL OTHER VERSIONS. SEE THE END OF THIS FILE FOR UPDATE REPORT & BUG UPDATE 1. SYNTAX...This has changed, since version 1.30 & earlier. All you who are using NoVirus in a batch file (eg startup- sequence) must change this to the new syntax as shown below. Make sure you read the new syntax. NEW SYNTAX. NoVirus <switch> <drive> Where <switch> N or n is an optional switch that makes the program operate in Non-Recursive mode (eg. Startup-sequences, or to check a single disk only). or I or i is an optional switch that will iconify the program immediately after loading. It will open a small window on the dragbar. The program will then sleep until selected or closed. See ICONIFY below on how to Un-iconify the program. At the present time if using this switch, you must execute the program with RunBack (eg. RunBack -0 NoVirus i ). This must be done as the program will not allow the CLI window to close. RunBack overcomes this problem. RunBack can be found on Fish Disk #65, or on the Toowoomba Amiga User Group Newsletter Disk #3. I hope in the future to change this so that RunBack is not required. If you really cannot find a copy of RUNBACK then use the following command instead. It is rather cumbersome but will work. Run >nil: <nil: NoVirus >nil: <nil: i NOTE:- Only one switch is allowed, either n or i but not both. <drive> is only valid if you have the above n or N switch. It allows you to choose a drive to check in non-recursive mode. Drive choice in recursive mode is done inside the program. It must be a valid Amiga device. (eg. DF0: - DF3:). NO SWITCHES.. If no switches are given the program will load, open a custom screen & window and default to recursive mode. Drive choice is made within the program, so you do not need to supply the drive from the command line. NoVirus can also be started from WorkBench simply by double clicking its icon. 2. VIRUSES... The program now recognises a few new viruses:- SCA, DASA(BYTE WARRIOR), BYTE BANDIT, NORTHSTAR, and MICROSYSTEMS, REVENGE1.2, LSD, AEK , HCS. See the end of this file for a update on virus additions to the programs. NoVirus analyses the disk, scanning for new viruses, YES, NEW VIRUSES and reports anything that it finds. This routine does work as Revenge, lsd and aek were all found by this routine and passed on to me by various users. 3. MEMORY... NoVirus now removes all the above, and other new viruses from memory and tells you which one was in memory. This is done as soon as it is loaded, before any other operations. 4. MENUS... NoVirus has menus available from the second mouse button. These menus allow various functions, explained elsewhere in this document. 5. GADGETS... Drives are chosen from within the program. All drives that are not available will be ghosted, and cannot be selected. You can change drives at any time, simply by clicking on the drive gadget. The selected drive show an alternate gadget image with a disk in and the drive LED on. Clicking the same drive again will re-log the disk in that drive. 6. INSTALL.. You can install disks by clicking the install gadget. The disk in the current logged drive will be installed. The code written out is a standard boot block as the DOS INSTALL command would write. 7. NOTSYS... Modifies a bootblock to remove FastRam. It wedges code into the boot block. It WILL WORK ON SPECIAL BOOT BLOCKS!!!. So programs like Archon, ArchonII, Skyfox, Obliterator etc can all be NOTSYSed without worry of destroying them. I do suggest though that the original boot block be saved first. This can be saved with the gadget GRAB explained elsewhere in this document. 8. SYSNOT... This function is similar to install in that it makes a disk bootable. It has one big difference though, it removes FastRam and all external drives at boot time. So you no longer have to remove or turn your drives off, simply SYSNOT them. ------------------------------------------------------------------------ DO NOT USE SYSNOT ON SPECIAL BOOT BLOCKS OR THEY WILL NO LONGER FUNCTION ------------------------------------------------------------------------ 9. GRAB... This function only applies to versions 1.42 and later. It allows you to save a boot block from any disk to a file, for later restoration incase of destruction by viruses etc. To use, first choose a drive by clicking its gadget in the normal way. This is the drive that the boot block will be loaded from, so be sure that the disk you wish to GRAB the boot block from is in that drive. Then click the GRAB gadget. A window will open prompting you for a filename. This filename can be anything of your choice, I normally use the diskname, so it is easy to remember. This filename must be a full path name of where you would like the file stored. Any standard device can be chosen with only two exceptions, one, you may not choose the same drive that you will be loading the boot block from. Any attempt to do so will result in an error message. Two, you may not use volume names in place of floppy drives, volume names are only allowed for non floppy drives, eg hard disks, ramdisks etc. Single drive users can use ramdisk. The program will default to this if only one drive is detected. When the string gadget window opens, 'ram:' will have been inserted for you. If this is not satisfactory (eg. single drive but a hard disk) you can delete 'ram:' with the backspace key. (The ram: default will only occur in versions 1.45 and later). Keep a disk aside to save all of your GRABbed boot blocks on to and use that disk only. Example filenames are shown below EXAMPLE:- df1:bootblocks/mydisk.block dh0:mydisk.block ram:mydisk.block mydisk:mydisk.block (mydisk: cannot be a floppy) NOTE:- If you are using a directory name as in the first example, that directory must already exist, else an error message will result. 10. RESTORE. This function only applies to versions 1.42 and later. It is the reverse of GRAB, in that it loads a given filename and restores it on the disk as a boot block. Use of this function is very similar to GRAB. Choose a drive first by clicking on its gadget. This drive will be used to restore the boot block A window will open prompting you for a file. This file must be given a full path. (See GRAB.). The filename is the name of the file you wish to restore on the disk. It must be a valid boot block saved by GRAB or another similar program. The RESTORE routine does not check or repair the checksum, so if the disk was not bootable when GRABbed it still will be non-bootable when RESTOREd. For an example of the filename see GRAB. ----------------- OTHER FEATURES ----------------- NoVirus will recognise THE GUARDIAN in memory. However it does not remove it. It only notifies you of its presence. The Boot Block Analyse routine does not take for granted that a disk is bootable. It checksums the boot block and if invalid reports that the disk is not bootable. There is one exception to this rule. If a virus is on the boot block it reports the virus whether the checksum is correct or not. This was done as invalid checksums can be corrected. --------- MENUS --------- MENUS HAVE BEEN ADDED TO THE PROGRAM, & THESE MENUS INCLUDE :- HELP - Brief help on most of the functions and gadgets. ABOUT - Info about the program and our phone number, etc. DOSENABLE - The program now inhibits DOS for all drives available. This overcomes the problem where, if a new drive is selected, and the previous drive still has a non-dos disk in it, older versions allowed DOS to see the disk, forcing a system requester telling you it isn't a dos disk. With DOS inhibited for all drives, this does not happen, but another problem eveloves, Inhibiting stops any other tasks from being able to use the drives. This has been overcome by adding a DosEnable menu function. This menu allows you to Enable DOS for one or more drives by clicking on the sub-menu for the drive. Each drive that you select will have a "tick" mark appear beside the name, reminding you that it is enabled for DOS. You can singly select a drive or multiple select by holding the right mouse button down and clicking on each sub-menu you require with the left button. The drives will stay DosEnabled until you click on the sub-menu in the menu again. Once this is done the "tick" will disappear showing you it is once again DosInhibited. NOTE that any drives that are not available will be ghosted in the sub-menu and cannot be selected. ICONIFY - You no longer have to keep loading the program when you want to use it. You can ICONIFY it by selecting this menu option. Once selected the Custom Screen & Window will be closed and all excess memory freed. The program will open a very small window on the title bar & will de-select itself. It will remain asleep in the background until needed. To re-enable it simply select the small window by clicking on it with the left mouse then click on it again with the right mouse button. Once re-enabled it will re-open the screen and windows. When ICONIFIED the small window can be dragged around and placed anywhere you wish as it will not re-enable till it receives the right mouse click. The small window also has a CloseGadget on it so you can completely shut the program down without having to go back inside it. In ICONIFY mode it is only using about 36k of memory so it should not interfere with other uses of the machine. You can also iconify the program on loading also, see SYNTAX above on how to do this. ANALYSE - This menu option displays info about certain boot blocks. It analyses the boot block of the currently selected drive, looking for certain codes that are peculiar to viruses. If any are found they will be displayed on the screen as their actual function. This allows you to check that, if the program states it has found a SCA virus, you can check to see if it is doing anything different to a Standard SCA virus. This allows you to identify hacked versions of known viruses. In order to do this, you must elect to leave the virus alone in the GURU box, then select ANALYSE. When you are satisfied, click the drive gadget again to go back to the GURU box to kill it, or select INSTALL or SYSNOT to destroy it. NEVER SELECT NOTSYS to kill a virus AS IT WONT. NOTSYS does not destroy any boot block, It patches itself in and allows the boot block to operate normally. If ANALYSE decides the boot block is O.K., then nothing is displayed and the program waits for the next disk. This function was mainly added for my own use, and is not normally used or required. I have noticed that a few disks, mainly those with hack screens in the boot block, seem to pass parameters in the Capture Vectors for their own protection schemes. NoVirus will report them as a suspected new virus. If you are unsure about any disk then contact me at the address or phone below or send me a copy of the disk or boot block. REPAIR This function only applies to versions 1.45 and later. How often have you had an annoying NOT A DOS DISK error. These errors are sometimes quite frequent and can be difficult for the inexperienced user to overcome. To use this function click a drive gadget in the normal way. Then place the disk to be repaired in that drive, NoVirus will respond by checking the disk, and then may supply one two errors, NOT A DOS DISK or Error Reading Disk and will prompt you to select REPAIR. This function will check the disk and either repair it fully or recover it so it is a valid DOS DISK, This will allow you to recover the files. The error status will tell you wether it was successfully repaired or only recovered. The success of the function depends on wether only the bootblock is damaged or the whole of track zero is damaged. If it is only the bootblock that is damaged this function replaces it. If the whole track is corrupt, the track is formatted then a bootblock written. Any file on the disk that used these blocks will now be unrecoverable. When reading these files DOS will report that the disk has a READ/WRITE error. If this happens delete that file and copy all other files to a freshly formatted disk. This function does not prompt you before writing to the disk, so do not select this function unless NoVirus reports one of the above error messages. VIEWBOOT This function allows you to view the ascii of any boot block. To use it, select the drive gadget in the normal way, if you are given messages about new viruses etc. click through them until the program is asking you to insert the next disk. At this time select viewboot from the menus. A 'GURU' box will open displaying the bootblock in an ascii form. From this window you are able the leave it as is by clicking the left mouse button or elect to install the disk by clicking the right mouse button. If you elect to install you will be prompted a second time to make sure. QUIT - Another way out of the program. ------------------------------------------ R E C E N T B U G S & U P D A T E S ------------------------------------------ A NOTE ON VERSION NUMBERS ------------------------- Version numbers are only incremented when a copy of the program has been given to someone. This way I can keep a track of who has which version. This list shows all additions and modifications to NoVirus in order of version number. If you find a bug please let me know!!! ------ 1.50 ------ 1. Mutual Exclusion added to the drive gadgets. You may have noticed that in earlier versions, when a drive gadget was selected a momentary second image was displayed. This second image displayed a disk in the drive and the drive light aglow. The original meaning for this, was that I meant for the gadgets to be TOGGLESELECT and Mutually Exclude each other. Then I found out that the current versions of Intuition (including 1.3) don't support Mutual Exclusion for gadgets, it is only supported in Menus. We have now written our own Mutual Exclusion routine and it has now been added to NoVirus. For the inexperienced this means that when a gadget is selected other drive gadgets will be automatically de-selected. This gives you a visual indication of the current drive in use. This new function was added in version 1.50 ------ 1.51 ------ 1. Major change to the Assembly of the program. I am no longer using ASM68k public domain assembler. I am no using Devpac Amiga V2.08. This assembler is much better, it is around 10-15 times faster to assemble and has some functions that ASM68k lacked. It is now much easier to debug as symbol info is included in the executable. NoVirus source code has been modified to suit this assembler and V1.51 has been assembled with it. 2. A bug in the RESTORE function has been fixed. If the source device was a hard drive etc. (not a floppy) then the block would not be written to the disk. Also if the source device was a floppy and the block written then when the close gadget was clicked to exit the program, the program would hang up. Both these bugs have been fixed in V1.51 ------ 1.52 ------ 1. A new virus has surfaced under the disguise of an antivirus. It is known as HCS virus. This version has been updated to include all necessary checks and cures. 2. A bug in the Non-Recursive mode has been fixed. If a virus was found you would receive a visit from the GURU after the first alert window. This was due to NoVirus trying to activate a non-existent window. This would have crept in a few versions ago. This bug was fixed in V1.52 3. A bug in the iconify routine has been fixed. If the program was launched from workbench and then iconified, if from this point the close gadget was clicked you would have recieved a visit from the GURU. This has been fixed in V1.52 ------ 1.53 ------ 1. An addition has been made to the virus checking routine. P. Tritscher sent me a disk that NoVirus saw as a possible virus. It turned out to be a safe intro bootblock. NoVirus now sees this bootblock as O.K. and a message to that effect is displayed if this bootblock is read. This was added in V1.53. THANX PETER!!! 2. A bug crept into the help routine. Since I converted NoVirus to assemble under Devpac the help routine chopped three characters off every line. This has been fixed in V1.53 3. In Versions 1.51 & 1.52 I found that after NOTSYS was used, the bootblock caused the Amiga to crash, this was because DevPac was not assembling the NOTSYS code properly. I changed the code to satisfy DevPac so it now works fine. This mod was done in V1.53 ------ 1.54 ----- 1. I also found that Devpac was not assembling SYSNOT properly, so it has been totally rewritten and its version number incremented to V1.3. From time to time as you find older versions on your disks, update them with this version. ------ 1.55 ------ 1. Viewboot added to the menus. This was added to the large number of letters and phone calls I have received requesting it. To use it see the explanation in MENUS above. 2. The analyse routine has had improvements made to speed it up. ------ 1.56 ------ 1. A new virus has been added. It is known as the VKILL 1.0 virus. It operates via the COOL CAPTURE and patches itself into the PUTMSG function in ExecBase by calling SetFunction. NoVirus recognises it and removes it from memory and from disk. The virus pretends to be an anti-virus but it is definately much more than that!!! 2. Additions to the Analyse New Virus Code routine. The older code could under some circumstances, not find some viruses. The routine is now much more thorough. NIC WILSON 159 RAMSAY STREET TOOWOOMBA QUEENSLAND AUSTRALIA PHONE (076) 359221 (076) 358539 (076) 358522 HAVE FUN!!!!!!! NIC WILSON PRESIDENT TOOWOOMBA AMIGA USER GROUP