17 Bit Software 1: Collection A

home *** CD-ROM | disk | FTP | other *** search

/ 17 Bit Software 1: Collection A / 17Bit_Collection_A.iso / files / 785.dms / 785.adf / kv.doc / kv.doc

Wrap

Text File | 1997-10-19 | 4KB | 98 lines

KV - KillVirus V2.1, 11/26/89 KV will detect and remove three non-boot block viruses, the IRQ Ver 41.0 the Lamer Exterminator and the Bundesgrenzschutz Sektion 9 (BGS) virus. KV will also detect and disable the XENO virus in executable files. The Lamer virus will be removed from memory and any infected disks in the drives. Usage: kv -LIBA { filename ... } -L or -l check for Lamer virus on all floppies -B or -b check for BGS-9 virus on all floppies -I or -i NAME check for IRQ and XENO virus on NAME -A or -a do all of the above `*' (unix style) wildcards allowed ex. kv -i C:* or kv -i C: will check all files in C: for the IRQ and XENO virus. kv DF0:C/ will check all files in DF0:C The XENO virus while `harmless' attaches itself to almost any file that is opened for either reading or writing while the virus is active. This nasty can spread rather rapidly over a hard disk before it is detected. KV will detect the infected files and `disable' the virus. By disable I mean that the infectious portion of the virus will be neutralized but not removed from the file. Unfortunetly, the XENO virus merges his code with the existing code found in the first code hunk. Removal requires excising the virus code and adjusting the relocation information found in the RELOC_32 hunk. Rather than delay KV until it can properly remove the infection, I decided to release this version that will at least keep the virus from spreading. A future version of KV will (hopefully) be able to remove the virus code - even the disabled version. KV will look on all floppy drives in the system for the Lamer and BGS viruses. Be aware that the IRQ virus attacks the file C:dir as well as the first executable file that it finds listed in your startup-sequence files. It is to your advantage to check all your disks startup files and the first executable file referenced once infected with the IRQ virus. Also note that the new Lamer virus attaches itself to a disk as an invisible file located in the root directory. It modifies the first line of your Startup-Sequence file placing it's invisible name there. KV will not modify your startup file. You must delete any blank lines at the beginning of the file. If KV finds the Lamer virus on a disk it will rename the invisible file to `DANGERVIRUS'. The virus won't be automatically executed under that name - you may delete it at your leisure. The BGS virus finds the name of the first executable file in the Startup-Sequence file and renames it to an invisible file in the DEVS: directory. It then replaces the first file with the virus code which will be executed on startup. During its execution it will LoadSeg the invisible file and execute it. Minor changes: Ver 1.01, 1/15/89 ================= Added more info on usage. Now allow multiple filenames on the command line. Appended `*' to filename if it ended with ':' or '/' this allows one to check an entire directory such as KV C: Changed message output format slightly. Virus found message is in inverse video. Used DisplayBeep() to flash screen if IRQ virus is found Ver 2.0, 9/1/89 ================= Added tests for Lamer Exterminator and BGS viruses. Added AutoRequest() for more positive indication of KV results. Ver 2.1, 11/26/89 ================= Added test for XENO virus. Added code to disable the XENO virus infection code.