GEMini Atari

home *** CD-ROM | disk | FTP | other *** search

/ GEMini Atari / GEMini_Atari_CD-ROM_Walnut_Creek_December_1993.iso / zip / virus / hospital.lzh / HOSPITAL / HOSPITAL.DOC < prev next >

Wrap

Text File | 1989-08-31 | 9KB | 281 lines

06601020306800 1HOSPITALST Virus ProtectionHOSPITAL 219/5/89Page #19/5/89 F0000000 R [.....................................................................................]211 9[................................................]011 Ç üHOSPITAL 9[....................................................]011 ÇAsuiteofviruspreventionanddetection programsfortheAtariST NeilForsyth DepartmentofComputerScience Heriot-WattUniversity 79Grassmarket Edinburgh neil@uk.ac.hw.cs 9[................................................]011 ëIntroduction Ç Thissuiteofprogramshasbeendevelopedtodetectand preventthespreadofvirusesontheAtariSTcomputer.The programsapplyprimarilytofloppydiskbootsectorviruses butsomedohaveawiderapplication. ëContents Ç Thecompletecontentsofthispackageisasfollows:- HOSPITAL.DOC Documentationin1stWordformat HOSPITAL.TXT SamebutinpureASCIIformat STVIRUS.DOC Discussiononvirusesin1stWordformat STVIRUS.TXT SamebutinpureASCIIformat BOOTCMP.PRG Theprograms DT.TTP GOODBOOT.TOS MEDICAL.TOS RESET2.ACC SKULL.PRG VACCINE.PRG VECHECK.PRG WATCHER.PRG ëCreatinga100%virusfreebootdisk Ç Beforeusingtheseprogramsyoumustensurethatyouhavea safedisktobootfrominthefirstplace.Thefollowingsteps willensurethatyouhaveaknown'clean'disk: 9[.............................................]011 Switchonyourcomputerwithnofloppydiskinany diskdriveandwithyourharddriveswitchedoff. Thiswilltakesometimetobootup(aboutaminute) butitisworthitbecausewecanbesurethereisno virusinthecomputer. Next,insertablankfloppyinthefloppydiskand formatitusingthenormaldesktopformatter.Iknow thereareplentyofotherformattersavailable,my ownincluded,butifsomeonehadmodifiedthemwe'd bebacktosquareone. 9[................................................]011 ëRecommendedSetup Ç Aftercreatingyourknowncleandiskitisrecommendedthat youplacetheprogramsinanAUTOfolderonthis'bootdisk' ♪①inthefollowingorderÉ⑧01,1⑧Ç: VECHECK.PRG SKULL.PRG (otherthingslikeharddiskdrivers,GDOSetc) VACCINE.PRG WATCHER.PRG BOOTCMP.PRG andontherootofthedrivethefollowingfileswillbe createdbytwooftheaboveprograms: VECHECK.DAT BOOTCMP.DAT Youneednotusealltheprograms.Somemaynotsuityour particularsetup. Alwaysbootupyourmachinewiththisdisk,oronepreparedin asimilarway,andalwayskeepitwriteprotectedifyou can.Thiswillgiveyouthemaximumamountofprotection. ëBOOTCMP.PRG Ç Thisprogramshouldberunfrombootup. Thisprogramcomparesthefloppydiskbootsectorwithafile. (BOOTCMP.DAT) Whenfirstrunitwillinformyouthatitcouldnotfindthe fileforcomparisonandwillaskyouifyouwouldliketomake one.Sayyestothisandallowittosavetothedisk. Ifthebootsectoriseverchangedthentheprogramwillstop andtellyou.Itwillthenaskyouifyouwanttoupdatethe comparisonfile.Beabsolutelysurethatthediskdoesnot haveavirusbeforeyoudecidetoupdatethefile. N001:002200750001 ÇTheordercanbechangedlaterwiththeutilityDT.TTP E ëDT.TTP Ç Thisisagenerallyusefuldisktoolbox. Thefullinstructionsforitcanbeobtainedbydoubleclicking onitandpressingreturn. Thetwocommandsrelevanttothismanualare:- Reversablychangetheexecutabilityofabootsector -esha: ChangetheorderofexecutionofAUTOfolderprograms -asha: ëGOODBOOT.TOS ÇThisprogramallowsyoutocreatecustomexecutableboot sectors.Whatthebootsectordoesisuptoyou. Thefollowingoptionsareavailable: 9[............................................]011 °Changetomediumresolutiononcolourdisplays °Changethecolourpalettetowhiteonblackuntil thedesktopappears °RunaprogramcalledCOMMAND.PRGinsteadofthe desktop °Printupamessageonscreen 9[................................................]011 Ifyouenableoneormoreoftheseoptionsonyourbootsector thenifiteverceasestobehaveasitshouldthenyoucan suspectfoulplayandexamineitforavirus. Youcanalsosteriliseabootsector.Thiscleansoutthe areasthatcanholdvirusesbutleavestheimportantpartsof thesectoralone.Thiscanbeusedtokillanyvirusesyou findorgetridofanycustombootsectors.Beverycareful usingthisoptionbecausethecodecontentsofthebootsector cannotberetrieved.IfyouareinanydoubtuseDT.TTPto reversablychangethebootsectorsexecutabilityinstead. Note:Ifyourharddriveisauto-bootingthenthefloppyboot sectorwillnotbeexecutedafterasoftreset. ë MEDICAL.TOS Ç Thisisaprogramforthebulkcheckingofyourdisksfor possibleinfection.Italsochecksthemachineforpossible infection. ë ëRESET2.ACC Ç Thisdeskaccessoryallowsyoutoresetthecomputer. Asoftresetisequivalenttopressingtheresetbuttonatthe backandahardresetisequivalenttoswitchingthecomputer offthenon(thereislessstressonthehardware).Some virusescansurviveasoftresetsoifyouthinkyourcomputer isinfecteddoahardreset. IfyouhavetheTOS1.4ROMversioninyourcomputerthenyou can,usually,resetthemachinebyholdingdownthefollowing keycombinations: Softreset:CONTROL-ALTERNATE-DELETE Hardreset:CONTROL-ALTERNATE-RIGHTSHIFT-DELETE ë SKULL.PRG Ç Thisprogramshouldberunfrombootup. Thisisaviruskiller.Ifyourmachineisinfectedthena skullwillappearatthelefthandedgeofthescreenandthe machinewillhangup.Youmustthenswitchthecomputeroff andbootwithanuninfecteddisk. ëVACCINE.PRG Ç Thisprogramshouldberunfrombootup. Whenrun,thisprograminstallsitselfinthemachineand attemptstopreventanyactivevirusfrominfectingadisk.It alsochecksforviralcodeonincomingdisks. Suspiciousbehaviourandsuspectdiskswillcausethescreen topulsateforafewseconds. ë ëVECHECK.PRG Ç ♪①ThisprogramshouldberunfrombootupÉ⑧01,2⑧Ç. Thisprogramcomparesthevulnerableareasofmemorythat virusesusuallychange,withafile(VECHECK.DAT)savedwhen themachinewasinaknowncleanstate. Whenfirstrunitwillinformyouthatitcouldnotfindthe comparisonfileandwillaskyouifyouwishtomakeone. Sayyestothisbutnotothe'Updatemask'prompt. Notallofthememoryunderscrutinyconcernsdiskaccessor virusesandsomelocationschangeconstantly.Forthisreason thecomparisonfilecontainsamapoftheareastobechecked aswellaswhatthoseareasofmemoryshouldcontain. IfthecomparisongoeswellthenanOKmessagewillappearbut ifnottheaddressesofthedifferenceswillbeprintedwith theoptiontoupdatethefile.Besurethemachineisnot infectedwithavirusbeforeyouallowtheprogramtoupdate thefile. RAMdisksandharddiskdriverprogramsusesimilartechniques asvirusestoinstalltheirroutinesinthemachine.Ifyou haveaharddiskdriveanditisnotauto-booting,thenmake surethisprogramgetsrunbeforethedriverprogramis installed. ResetsurvivableRAMdiskswillprobablycausetheprogramto finddifferencessincetheymakethesystembootupagain oncetheyhaveinstalledthemselves.Don'tupdatethe comparisonfileinthiscasebecausetherearereset survivableviruses.Justknowwhattoexpectfromyoursystems uniqueconfiguration. Tounderstandwhatchangeswouldconstituteapossibleviral threatIrecommendyoureadatechnicalbookabouttheST. N002:003802060001 ÇFromtheGulamstartupfile'gulam.g'mightbegoodideatoo. E ëWATCHER.PRG Ç Thisprogramshouldberunfrombootup. Whenrun,thisprograminstallsitselfinthemachineand checksthatthebootsectorhasnotchangedduringthe mostvulnerabletimes. Ifthebootsectorischanged,probablybyavirus,thenthe screenwillpulsateforafewsecondstowarnyouaboutit. ëDisclaimer Ç Imakenowarrantywithrespecttotheseprograms,and disclaimanyimplied/explicitsuggestionsofusefulnessfor anypurpose.Usetheseprogramsonlyifyouarewillingto assumeallrisks,anddamages,ifany,arisingasaresult, evenifitiscausedbynegligenceorotherfault.