home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Fritz: All Fritz
/
All Fritz.zip
/
All Fritz
/
FILES
/
VIRUTION
/
ANTIVIR1.LZH
/
VACCINE.DOC
< prev
next >
Wrap
Text File
|
1987-12-23
|
3KB
|
71 lines
Documentation for VACCINE.EXE
VACCINE.EXE is a very quick-and-dirty effort at a program to detect any
virus that may have infected your COMMAND.COM or similar program. It can
be run from a batch file, and will raise a big ruckus if either the file
length or the creation date of the selected file has changed (the latest,
most destructive "viruses" don't change the file length but they DO change
the file creation date when they install themselves). I would have liked
to include a checksum of the data in the file itself, but since this is a
compiled BASIC program the delay involved in generating the checksum would
have been intolerable for all but the shortest files. Anyone who would
like to take the idea behind this program and write it in assembly
language, or a faster higher-level language is more than welcome to do so.
To use VACCINE.EXE, do the following (COMMAND.COM is the program being
monitored for unauthorized changes in this example):
FIRST, type
VACCINE C:\COMMAND.COM /I
(the /I is for "inquire"). You will see a display that looks something
like this:
C:\COMMAND.COM length: 23612 date: 5-01-87
Write down the length and the date exactly as they appear in this line.
SECOND, put a line in your AUTOEXEC.BAT file (or some other batch file
that you use frequently) that looks like this:
VACCINE C:\COMMAND.COM 23612 5-01-87
Note that you use the length and date that you got while using the /I
option in step one.
That's all there is to it. When the VACCINE.EXE program is called, it
checks the file length and creation date against that currently shown in
the directory. As long as they remain the same, you'll see something like:
C:\COMMAND.COM length: 23612 date: 5-01-87
File verified!
BUT, if your COMMAND.COM has become corrupted by a "virus", you may see
the following:
C:\COMMAND.COM length: 23612 date: 12-05-87
WARNING!!!!! File C:\COMMAND.COM appears to be CORRUPTED!!!!!
Press ENTER to continue.....
This will be accompanied by an intermittent "beeping" from your computer's
speaker. As this point you know that something has happened to cause a
change in either the length or the creation date of the specified file
(COMMAND.COM) and can take appropriate steps to deal with the problem.
Keep in mind that backups may also be corrupted by the virus so check the
date on everything!
I wil repeat here that I'd like to see a file checksum used in addition to
the file length and date as a means of comparison. This program is NOT
foolproof and isn't even real elegant programming, but it should do the
job in guarding against one strain of virus that's going around that has
been quite fatal to hard drives. It works with MS-DOS 3.21 and any other
version that uses the EXACT same format for the directory display. If it
doesn't work, a likely cause is that your DOS uses a different directory
display format.
The most current version of VACCINE should always be available on BIXNET,
the Business Information Xchange NETwork BBS at (616) 361-7500 (OPUS node
1:120/64, 300/1200/2400 bps). It is also WaZoo File Requestable as
VACCINE.ARC except during 0900-1000 UCT (the Zone 1 National Mail Hour).