home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Aminet 21
/
Aminet 21 (1997)(GTI - Schatztruhe)[!][Oct 1997].iso
/
Aminet
/
util
/
virus
/
FastKiller.lha
/
FastVirusKiller.doc
< prev
next >
Wrap
Text File
|
1997-08-19
|
9KB
|
251 lines
*******************************************************************************
FastVirusKiller v1.5
~~~~~~~~~~~~~~~~~~~~
*******************************************************************************
INTRODUCTION:
Initially, FastVirusKiller (Hereafter called FVK) was written to deal with the
BOKOR virus. I then added a few other link-viruses I own, and some bombs, and
added newer BOKOR variants. It's now a mini-viruskiller. But as it was done
so quickly, there is no GUI, or other nice features that you'd find in a killer
such as VirusZ, VirusWorkShop etc..
I intend to turn FK into a complete killer-program with a GUI etc, as all my
current projects are now drawing to a close, freeing up a lot of spare-time
which I could devote to adding more viruses to this killer. Initially, I'll
just add new viruses, but when I have no new ones to add, I'll work on adding
some old ones, that the other killers already handle.
*******************************************************************************
USAGE:
FastVirusKiller accepts three arguments.
FILENAME/M/A - Name of file to be checked.
QUIET/S - Means FastVirusKiller doesn't print Decrunching info.
NOSAVE - If a file is disinfected it doesn't save it.
(To be used for test purposes only)
FastVirusKiller uses a script to scan directories/partitions, which means you
must either use the set the Protect bit of the ScanDirs script, or use the
C:Execute command. If you believe C:Execute or C:Protect to be infected by a
virus, then this is okay, as FVK does a check first.
There is also a script included in this archive which will allow you to scan
a directory/partition. (Also manages recursion so you can just type
`ScanDirs Hd0:') The script takes exactly the same arguments as the actual
Program.
Soon, I'll remove this script and code my own directory-scanner.
*******************************************************************************
IMPORTANT NOTES:
Do not rename FastVirusKiller !! Certain viruses don't infect files with
the word `virus' in them ;-)
There are some infections which FastVirusKiller cannot repair. Some viruses
mangle the files they infect, as they not aware of OS3 hunks like Short-Reloc
tables. If a file containing such a hunk becomes infected, you can bet it's
unrepairable. It should be deleted/replaced, as it will have become
mangled/truncated during infection. FVK will warn you of such files, but will
not attempt to fix them.
*******************************************************************************
KNOWN VIRUSES/TROJANS:
- BOKOR 1.01
- BOKOR 1.05
- BOKOR 1.06
- BOKOR 1.1
- HitchHiker 2.01
- HitchHiker 4.11
- VirusMaker1.0
- TimeBomb 0.9
- BGS9
- Saddam 1
- AmixHack
- Xtruder 3.5 Trojan
- Plus 100+ Boot-sector viruses. (Bootdump files will be recognised)
*******************************************************************************
CONTACT:
If you have bug-reports, new viruses, ideas, or want to send me a bag of
money then you can contact me in several ways..
SNAIL:
Dave Jones.
40,Heol Edward Lewis,
Gelligaer,
Hengoed,
Mid Glamorgan,
Cf82 8ej,
South Wales,
United Kingdom.
Include postage if you require a reply. If you are just requesting
an update, then I will hold onto your postage until the next release
is ready. If you are not residing in the Uk, then just send two
extra disks as payment.
EMAIL:
DJones@CardiffCyberCafe.Co.Uk
IRC:
server : whiterose.net port 6667 (Official #Amiga IRC Server!)
nick : Termy
channel: #Amiga
when : most saturday afternoons GMT
WWW:
http://www-personal.usyd.edu.au/amann/davezpages/
*Notes*
If you need to contact me, and this address no longer works, use the whowhere
web-site to find my current email address.
Just look at http://people.whowhere.com/pages/termy
I go to University in September 1997, which means I'll have a new email
account, WhoWhere will point to the correct address, as will the web-page.
The web-page is managed by an Australian friend of mine who provides me with
some free space. When I go to University, there will be an extra page which
may offer quicker access times for Europeans. The mirror page will be
updated a day or so later than the Local page.
*******************************************************************************
HISTORY:
V1.0 Initial Release
28-Jun-97
~~~~~~~~~
- Detects and cleans BOKOR 1.05 from memory and files.
Thanks to _Monk_ from IRC for that Virus.
----------------------------------------------------------------------------
V1.1 Second Release
4-Jul-97
~~~~~~~~
- Added support for Non-crypted BOKOR 1.05 strains.
Thanks to Harry Sintonen for the hints.
- Optimised BOKOR 1.05 detection in memory slightly.
----------------------------------------------------------------------------
V1.2 Third Release
26-Jul-97
~~~~~~~~~
- Added recognition for 5 more fileviruses.
- BOKOR v1.01 (Thanks to Olli-Pekka Kaikuaho for that one.)
- HitchHiker 2.01
- HitchHiker 4.11 (Thanks to Dave from IRC #Amiga for that one.)
- VirusMaker1.0
- TimeBomb 0.9
- BGS9
- Saddam 1
- Improved File-scanner.
- Some internal changes that make it easier to add new viruses.
- Now handles more hunktypes Should now cause no crashes while scanning.
- If a virus is removed from a file, it now tries to decrunch the cleaned
file before rescanning.
- Sometimes didn't free filememory. Now fixed.
- Didn't scan new file after removal of a virus, but instead, a
messy-buffer, file is now reloaded.
- Fixed FreeMem() bug.
- Now handles Zero-byte hunks.
- Rewrote reloc-hunk parser.
- Filescanner code wasn't reentrant, now fixed.
- Script now scans C:Protect too, in case the user used it to set the script
bit of `ScanDirs' while a virus was active.
- Improved Memscanner
- Improved recognition of BOKOR v1.05
- If there was more than one virus in memory, FVK went into an infinite
loop. This has now been fixed.
- Now recognises PPLoadSeg and SegTracker, and tunnels them to get the
LoadSeg vector before they patched it. If a virus is found after
tunneling, The Vector previous to it will be restored.. Imagine..
ROM VECTOR
Virus
SegTracker
PPloadSeg
After tunneling PPLoadSeg and SegTracker, the virus is found, and the
ROM vector will be set, so effectively, SegTracker & PPLoadSeg will be
removed.
----------------------------------------------------------------------------
V1.3 Fourth Release
10-Aug-97
~~~~~~~~~
- Corrected some strings.
BOKOR 1.01 was reported as 1.0, and 1.05 as 1.01
- Added BOKOR 1.06 virus.
- If NOSAVE was specified, and a virus was found, an infinite loop occured.
----------------------------------------------------------------------------
V1.4 Fifth Release
11-Aug-97
~~~~~~~~~
- Added AmixHack trojan.
- NOSAVE wasn't working.
- Now distinguishes between Trojans and viruses, and prints correct name.
- Misc code cleaning.
- Added some small optimisations.
----------------------------------------------------------------------------
V1.5 Sixth Release
17-Aug-97
~~~~~~~~~
- Added BOKOR 1.1 virus.
- Added Xtruder 3.5 trojan.
- Added Drive-Music `joke'.
- Added Bootfile analysis engine.
This beauty is really fast. I don't believe it can be done any faster
way. And it won't slow down much when more bootviruses are added to it.
- Added over a hundred bootviruses to the bootfile engine.
- Tidied docs a little.
- Program now does a self-check, and removes any link-viruses that may have
been attached to it.
- Removed the `FastKiller FastKiller' line from the script.
*******************************************************************************
TO DO: (In order of likelyhood of happening)
- Fix up any existing bugs.
- Add more viruses.
- Add recursive directory handler, and remove that script.
- Add a GUI
- Support $4EB9 linked files.
- Add vector checker. (Similar to VirusZ's but different... ;-)
- Add archive scanning.
*******************************************************************************
DISCLAIMER:
I am not responsible for any loss of data caused by the use of
FastVirusKiller. Although I've tested it on a lot of files. Some viruses
can cause damage to some files which is irrepairable, there is nothing I can
do to fix these files. It is unknown how FastVirusKiller will react to such
files.
*******************************************************************************