Otherware

home *** CD-ROM | disk | FTP | other *** search

/ Otherware / Otherware_1_SB_Development.iso / amiga / utility / disks / vscan.lha / Docs / VScan.DOC < prev

Wrap

Text File | 1991-09-29 | 33.1 KB | 933 lines

VScan version 5.11, Copyright (C) 1989-1991 Arthur Hagen ======================================================== Saturday September 7th, 1991 TABLE OF CONTENTS: 1 VIRUSES IN GENERAL 1.1 What a computer virus is 1.2 Types of viruses 1.2.1 The worm 1.2.2 The larvae 1.2.3 The true virus 1.2.4 The trojan horse 1.2.5 The bomb 1.3 Virus killing 2 VIRUSES ON THE AMIGA 2.1 Bootblock viruses 2.2 File (link) viruses 2.2.1 Type I file viruses 2.2.2 Type II file viruses 2.3 Trojan horses 3 VIRUSKILLING ON THE AMIGA 3.1 Discovering a virus 3.2 Disabling a virus 3.3 Use of archives/crunchers 3.4 Use of disk optimizers 4 VSCAN INSTRUCTIONS 4.1 About VScan 4.2 Normal operations 4.2.1 Scanning a disk/directory/file 4.2.2 Scan by fast method 4.2.3 Scanning without subdirectories 4.2.4 Scanning with analyze 4.2.4.1 Deep mode 4.2.4.2 Deeper mode 4.2.5 Protecting disks/devices 4.2.5.1 Protecting 4.2.5.2 Unprotecting 4.2.6 Brain file options 4.2.6.1 Making a brain file 4.2.6.2 Adding files to the brain 4.2.6.3 Removing files from the brain 4.2.6.4 Listing the brain file 4.2.6.5 Using the brain file while checking 4.2.7 Memory check 4.2.8 Bootblock options 4.2.8.1 Checking a bootblock 4.2.8.2 Dumping a bootblock 4.2.8.3 Show all known bootblock viruses 4.2.8.4 Installing a fresh bootblock 4.2.8.5 Installing a fresh FFS bootblock 4.2.9 Help option 4.3 Using VScan from the WorkBench 5 REGISTRATION 5.1 Why register 5.1.1 Your own conscience 5.1.2 Supporting a good cause 5.2 How to register 5.2.1 Direct donation 5.2.2 Money transfer 5.2.3 Gifts 6 SPECIAL NOTES 6.1 VScan vs other virus killers 6.2 New viruses 6.3 Bugs 6.4 Source code 7 APPENDIXES 7.1 List of known crunchers 7.2 List of known viruses 7.2.1 Bootblock viruses 7.2.2 File (link) viruses 7.2.3 Viruses in memory 7.3 Enclosed files 7.4 Thankslist 1 VIRUSES IN GENERAL ================== 1.1 What a computer virus is: --------------------------------- To generalize, a computer virus is some code running on a computer that makes duplicates of itself, by spreading from memory to other storage media and vice versa. It may also wreak havoc on a system without the users knowledge. By using an infected disk (or other infected media) on a system, the virus usually spreads to other disks, and in a short while, the whole system and every disk, file or similar may be infected or destroyed. 1.2 Types of viruses: ------------------------- There are several main types of viruses: 1.2.1 THE WORM: ----------------- This is a virus that will infect every media once only, usually whenever the user switches a disk. The worm works automatically, and usually only on one type of media. This is how the majority of viruses works. 1.2.2 THE LARVAE: ------------------- This is almost the same as a worm, but it will only infect through the use of special actions, like the running of a program, or the reboot of a system. Very easy to make, and fortunately quite easy to find and destroy. 1.2.3 THE TRUE VIRUS: ----------------------- This is a piece of code that will infect the selected media several times, e.g. by making a copy of itself every time a program is run. It spreads from media to media, and can eventually cause a system halt due to lack of storage space. Note that it is the replica potential that marks this as a TRUE virus, and just this makes it _v_e_r_y_ dangerous and difficult to handle. 1.2.4 THE TROJAN HORSE: ------------------------- This is a program that will identify itself as something quite different from a virus; it usually disguises itself as either a utility program or a virus killer. When run, it may spawn viruses, or invoke a bomb (see below). 1.2.5 THE BOMB: ----------------- This will wait for certain events to take place, like the date passing friday 13th, or 32 runs of a program. When the conditions are met, the bomb will identify itself by either doing something nasty like erasing all stored data, or simply by putting a message to screen or printer. Many of the above virus types include bombs in their code. Note that there are several more types of viruses, and that many are in fact combinations of several. 1.3 Virus killing: ---------------------- To successfully kill a virus, one must either eradicate ALL infections, or run a resident program that continuously checks for viruses. To erase a virus from a media, one first have to know it's there, then find out where it hides (both on storage media and in memory), and then identify the virus to find out how to kill it. This may be so simple as to delete all programs that have certain names, or might mean several hours of scanning on each and every disk. Fortunately there are programs that will find, identify and kill viruses for you. 2 VIRUSES ON THE AMIGA ==================== 2.1 BootBlock viruses: -------------------------- The most common virus type on the Amiga is the BootBlock virus. Most of these are larvae (see above) or worms, and they are all relatively easy to identify and destroy. The first two known viruses on the Amiga (the SCA virus and the Byte Bandit virus) were BootBlock viruses, and 90% of all BootBlock viruses are mu- tations of these two. Every time one reboots the Amiga from disk, a small part of the disk is read and executed. The BB virus will wedge itself into the code used to start the disk, gain access to the system memory, and start reproducing itself either by re- writing itself to disk at every boot, or by writing itself to every disk that is inserted in any drive. Many of the BB viruses also includes bombs which will eradicate parts of your disks, freeze your machine, or otherwise corrupt your system. 2.2 File (link) viruses: ---------------------------- These are not so common as the BB viruses, but are equally dangerous and should be eradicated whenever encountered. There are really two categories of this virus type: 2.2.1 Type I file viruses: ---------------------------- The true link virus which will attach itself to certain files, and spread by making new attachments. This type of virus can be identified by the increase of file sizes, or by specifically checking each and every file for the incriminating code. 2.2.2 Type II file viruses: ----------------------------- The "invisible" file virus which will replace a system file with a copy of the virus itself, possibly padding the file with empty data to retain the same file size as the original program. The original program will be renamed to a filename usually consisting of non-printable characters, so it will normally not be seen on a directory scan. When run the virus will execute this invisible file to enable the system to act as normal, and then it will place itself into memory. This type of virus is found - not by searching for the "invisible" file (which is not the virus) - but by scanning for specific files that call these files. Usually the file viruses scans the s:startup-sequence for a usable filename, and attacks this file. It may also attack spe- cific files, or (if a type I virus) attack several files on each medium. 2.3 Trojan horses: ---------------------- Some programs on the Amiga poses as utilities, but in addition to their normal appearance, they also contain incriminating code. See section 1.2 for an explanation of Trojan horses. 3 VIRUSKILLING ON THE AMIGA ------------------------- 3.1 Discovering a virus: ---------------------------- There are several ways to discover viruses on the Amiga. Often the virus itself will make its precense known to the user by putting special messages on screen. You may also experience disks that suddenly refuse to boot, or they may GURU upon upgrading from one kickstart to another. Sometimes you just get read-write errors on disks just too often for it to be coincidental. You may also experience messages saying "Disk Full" without having written to that disk, and you may be requested to remove the write protection on disks when inserting them into the drive(s). Of course, virus killers will also often tell you about viruses, but if you use a "normal" virus killer, don't be too sure that it finds any virus, or that what it tells you is a virus REALLY is a virus. 3.2 Disabling a virus: -------------------------- The 'C:INSTALL' command may be of some help killing BB (BootBlock) viruses. You may use 'Install df0: check' from the CLI to check if a BB is normal, and 'Install df0:' to make a BB normal. Be careful, because most commercial program disks require non-standard BB's, and changing these BB's will most likely render the disk useless. File viruses can be found if you keep a record of files and file sizes on your disks, and check the contents regularly. If you have a backup, you can then restore the proper files. Otherwise, use a good virus killer! 3.3 Use of archives/crunchers: ---------------------------------- If you have archives (like .ZOO, .LZH etc) of some of your files, you might be interested to know that virus-infected files can hide inside these, and no virus killer will ever find them. It is therefore important to extract all archives and check the contents for viruses. VScan will tell you which files that really are archives (even if they are renamed). If you use crunched programs (programs that are packed, and self-extracts at run-time), please be very careful. Often viruses are added to these files PRIOR to crunching, and the virus itself can then NOT be found. If you use crunchers, at least use a cruncher that will allow you to decrunch your files. PowerPacker will both crunch and decrunch, and even decrunch some programs packed by other crunchers. VScan will of course alert you to which programs are crunched, and for registered users the cruncher used will also be displayed. Decrunch these and recheck. To make a file smaller, you could try HunkFix by the same author. This is not a cruncher, but a nice program nevertheless. 3.4 Use of disk optimizers: ------------------------------- Often people use disk optimizers to speed up their disk access. I would NOT recommend that you do this, because the AmigaDOS file system is organized in a special way, and using an optimizer will corrupt this. (In fact, VScan will run much SLOWER on an optimized disk.) You may no longer be able to retrieve programs from bad disks using DiskDoctor, DiskSalv, FixDisk et al., and, if a virus like Lamer Exterminator has attacked this disk, you may also find that you lose most of the disks contents instead of just a file or two. In order to speed up your disks, you should rather format a blank disk, and copy all files over to this disk. 4 VSCAN INSTRUCTIONS ================== 4.1 About VScan: -------------------- VScan was made to easily check all files that I received from different sources for the TTV1 virus, since there was no killer available for this virus. I also included the IRQ virus, even though I haven't seen this since the release of KickStart 1.3. Then KV was released with VirusX 3.20, and nobody needed VScan anymore (sob). I figured out I had to offer something more, and started working on the Analyze routine to check for completely NEW viruses on files. So VScan grew. The current version will scan memory, files and bootblocks for viruses, and can keep a brain file which remembers the file sizes of all your precious programs, and more... Since VScan is a part time project, and was in fact the first program I wrote for the Amiga, as well as my first C program ever, please excuse the lack of windows, gadgets etc. I will try to add these things later if need be. In order for me to continue to upgrade this program, please send me information about new viruses, as well as suggestions and comments (gifts would also be welcome ;-) 4.2 Normal operations: -------------------------- Several of the following instructions may be mixed at will. You can, for example, say 'VScan analyze files' to analyze all files on the current directory. All options inside squared brackets are optional. Those inside curly brackets are mandatory. Note that all commands should be entered from a CLI or similar. Also note that you can redirect the output of VScan to e.g. a printer or a file by using the ">" redirector. For example: 'VScan >PRT: C:' will scan the C: directory, and print the results. In the examples given, upper and lower case letters are used, but VScan is in fact quite case insensitive, so 'vSCan mEMorY' should work just as well as 'VScan Memory'. 4.2.1 Scanning a disk/directory/file: --------------------------------------- 1> VScan [pathname] This will scan [pathname] for known viruses, and kill them if possible. You will also get a progress listing with filenames, filesizes and info about the files. If no pathname is supplied, this will search the current directory with all subdirectories, and if pathname is a file, it will just scan that particular file. Note that wildcards are not supported (yet). Example: 1> VScan Example: 1> VScan df0: Example: 1> VScan SYS:C Example: 1> VScan DH0:System/DiskCopy 4.2.2 Scan by fast method: ---------------------------- 1> VScan Fast [pathname] or 1> VScan Quick [pathname] Normally VScan will search through the directory three before printing any results, to make a more tidy output by listing directories above files. This option disables this, and will usually make VScan run somewhat quicker. Note that no speed increase is gained if pathname is the name of a file. Example: 1> VScan Fast Example: 1> VScan Quick df1: 4.2.3 Scanning without subdirectories: ---------------------------------------- 1> VScan Files [pathname] Normally VScan will automatically scan the contents of all subdirectories as well as the specified directory. This can be turned off by using the Files option. This option makes VScan a good substitute for the "List" and "Dir" commands. This option is not applicable if pathname is a single file. Example: 1> VScan Files devs: 4.2.4 Scanning with analyze: ------------------------------ By using this option, you enable VScan to load and analyze each file, and display further information about the files. Unknown executable files will be scanned for code that is similar to that used by file viruses, and NEW viruses may be discovered this way. Note that the Deep options may be combined with the Fast or the Files options. 4.2.4.1 Deep mode: ------------------ 1> VScan Analyze [pathname] or 1> VScan Deep [pathname] You will be given a rating of the program(s) according to their internal coding. This is ONLY available on VScan. If the file is most probably O.K., VScan will rate the program as "Harmless" or "Mostly Harmless", or if the file is crunched, the cruncher's name will be shown. Example: 1> VScan Analyze Example: 1> VScan Deep C: Example: 1> VScan Fast Deep Example: 1> VScan Analyze Files DH0:DownLoads 4.2.4.2 Deeper mode: -------------------- 1> VScan Deeper [pathname] or 1> VScan Atomic [pathname] The hunk structure of the files will also be listed, or if files are crunched, the crunchers used will be displayed. No other programs can do this. You may also dump Amiga-type object files by using this option(!). Example: 1> VScan Deeper C: Example: 1> VScan Atomic LIB:amiga.lib Example: 1> VScan Fast Deeper FH7:mysource/objectfiles/ 4.2.5 Protecting disks/devices: --------------------------------- These two options will enable you to protect/unprotect disks or devices from file viruses. See below for details. 4.2.5.1 Protecting: ------------------- 1> VScan Protect [device] or 1> VScan Pro [device] This option will, if possible, make three "invisible" dummy files on the selected device. These three files, two in the DEVS directory, and the other in the ROOT directory, have the same names that three file viruses use on their "invisible" files, and this fools these viruses to believe that the disks already are infected. Regretfully this also fools the virus killers VirusX and KV, as these viruskillers seem to believe that the "invisible" files are the viruses without checking further. As a matter of fact, the "invisible" files are NEVER viruses themselves. If you use the "List" command on the root directory or the devs directory, protections made by VScan will identify themselves by their filesize and attached filenote. VScan will of course also tell you about protection files. The three viruses prevented from infecting disks by using this option are the TTV1 (alias BGS9), the Terrorist virus, and the Revenge of the Lamer virus. Example: 1> VScan Protect df0: Example: 1> VScan Pro SYS: 4.2.5.2 Unprotecting: --------------------- 1> VScan UnProtect [device] or 1> VScan UnPro [device] Removes the protection made by the [Protect] option. Will also remove protectors made by other antivirus programs. Example: 1> VScan UnProtect df0: Example: 1> VScan UnPro SYS: 4.2.6 Brain File options: --------------------------- VScan gives you the possibility to easily make a archive of file names and file sizes, and automatically check if file sizes have changed. This may enable you to discover completely NEW file viruses, and combined with the Analyze mode makes VScan the most versatile file virus killer available. These options make and use a file in devs: called VScan.Brain which contains info of all files you yourself select to include therein. As this file is self-checking, the maximum protection is achieved. 4.2.6.1 Making a Brain File: ---------------------------- 1> VScan CreateBrain or 1> VScan BrainCreate Before adding filenames and filesizes to the brain file, you need a brainfile called DEVS:VScan.Brain. This command will make this file for you. Note that if you already have a brainfile, this command will erase the old file with all its contents. Example: 1> VScan BrainCreate 4.2.6.2 Adding files to the Brain: ---------------------------------- 1> VScan AddBrain [pathname] or 1> VScan BrainAdd [pathname] This option will automatically add files to the brain file while doing normal VScan operations. If a file already is in the brain file while using this option, the brain file entry will be up- dated. Note that ".info" files (and some other files) are never added to the brain, as this scarcely is neccessary. Example: 1> VScan AddBrain c:Dir Example: 1> VScan Files BrainAdd Deep SYS:System/ 4.2.6.3 Removing files from the Brain: -------------------------------------- 1> VScan BrainSub [pathname] or 1> VScan SubBrain [pathname] or 1> VScan BrainDel [pathname] or 1> VScan DelBrain [pathname] You may wish to remove one or more files from the brain, either to decrease the size of the brain, or because the file(s) in question change(s) quite often or are not useful to have in the brain file. This option allows you to do this. Example: 1> VScan BrainSub Dir 4.2.6.4 Listing the Brain File: ------------------------------- 1> VScan BrainList or 1> VScan ListBrain You may wish to see the contents of the brain file. This option will list all files currently in the brain file, along with the stored file sizes. Example: 1> VScan BrainList Example: 1> VScan >PRT: ListBrain 4.2.6.5 Using the Brain while checking: --------------------------------------- 1> VScan ScanBrain [pathname] or 1> VScan BrainScan [pathname] or 1> VScan Brain [pathname] When using this option, the brain file will be loaded into memory, and all files checked will be matched against the contents of the brain. If a file has changed its size, a warning will be given. Note that all standard file options (Fast, NoSweep, Deep) can be used together with this option. Example: 1> VScan Brain C:Addbuffers Example: 1> VScan BrainScan Deep Fast SYS: 4.2.7 Memory check: --------------------- 1> VScan Memory or 1> VScan Mem Viruses stay alive by hiding in memory, so if you kill a virus on a disk, but not in memory, the disk could easily be reinfected. The memory option will check out the memory for you, and kill all known as well as many unknown viruses. This is maybe the best option of all, and I can strongly recommend that you put the above command first in your s:startup-sequence. Of cource, VScan will automatically find out if you have SuperFatAgnus or FatterAgnus, and will report neither of these nor the RAD: disk as viruses (unlike some other well known virus killers). If VScan finds an unknown virus in memory, it will try to kill it, and will then force a reboot to clear the memory. This can be prevented by hit- ting the left mousebutton while VScan counts down before re- booting. Example: 1> VScan Memory Example: 1> VScan Mem 4.2.8 BootBlock options: -------------------------- Even though VScan was originally meant as a file virus killer, it now has several functions to check bootblocks. As new BB viruses appear almost every week, information about these viruses are kept in a file called 'virus.library' that should be included with the program VScan, and placed in your libs: directory. This file is likely to be updated quite more often than the pro- gram VScan itself, and may be found on BBS's under the name VLIB498.LZH or something similar (depending on the release). 4.2.8.1 Checking a BootBlock: ----------------------------- 1> VScan CheckBoot {df?:} or 1> VScan BootCheck {df?:} or 1> VScan BootBlock {df?:} or 1> VScan BB {df?:} This option will load a bootblock from a floppy disk, and check it against the list of known viruses in the current release of the virus.library. If any match is found, the offending virus will be killed if the disk is write-enabled. The bootblock will be re- placed with a standard 1.2/1.3 bootable bootblock. Note that the curly brackets used above means that the drive MUST be specified to check a bootblock. Valid drive names are DF0: to DF3: de- pending on your computer's configuration. If an unknown bootblock is found, the program will enter Analyze mode, and give it's opinion of whether the bootblock is safe or not. You will then be asked if you want to install a fresh bootblock. Example: 1> VScan CheckBoot df0: Example: 1> VScan BB DF1: 4.2.8.2 Dumping a BootBlock: ---------------------------- 1> VScan DumpBoot {df?:} or 1> VScan BootDump {df?:} VScan may report a bootblock as unknown or custom, and you may want to look at it to be certain that it really is harmless. This option will dump the bootblock to standard output in exactly the same format as used by the 'Type <filename> opt h' command. To save screen space, the output will stop when no more data is found on the bootblock. To see how this command works, try it on both standard disks as well as on commercial "must_be_booted" disks. You may even keep a record of your custom bootblocks by using this command with redirection to printer or a file. This can be useful to ensure that no new virus changes the bootblock. Example: 1> VScan DumpBoot df0: Example: 1> VScan BootDump >>MyBootblocks DF2: 4.2.8.3 Show all known BootBlock viruses: ----------------------------------------- 1> VScan ListBoot or 1> VScan BootList You may want to know which viruses the current release of the virus.library file can identify. This command lists the names of the viruses. If you hear of a new virus, this option will tell you whether VScan is able to find it. Example: 1> VScan ListBoot Example: 1> VScan >PRT: BootList 4.2.8.4 Installing a fresh BootBlock: ------------------------------------- 1> VScan InstallBoot {df?:} or 1> VScan BootInstall {df?:} This command does the same as the AmigaDOS command INSTALL. You make a disk virus-free and bootable with this command. Use with care; don't install any disks with custom bootloaders (e.g. games) This install-command should work even if the memory is infected by an unknown virus, and is therefore safer to use than the normal AmigaDOS command. The InstallBoot command also writes a 2.0 version of the bootblock, so this is a convenient method for 1.2/1.3 users to make a 2.0-compatible bootblock. Example: 1> VScan InstallBoot df1: Example: 1> VScan BootInstall df0: 4.2.8.5 Installing a fresh FastFileSystem BootBlock: ---------------------------------------------------- 1> VScan InstallFast {df?:} or 1> VScan FastInstall {df?:} This works as the above command, with the exception that it will install a FastFileSystem bootblock instead of a normal bootblock. 4.2.9 NoRequest flag: ----------------------- 1> VScan NoRequest [options] [pathname] or 1> VScan NoReq [options] [pathname] If you want VScan to automatically kill viruses without first popping up a requester, use the NoRequest flag. This will work with all file scan modes as well as with the "Memory" option. Example: 1> VScan >BBS:VirusReport.TXT NoReq BBS:Files/NewUploads Example: 1> VScan NoRequest Memory 4.2.10 Help option: -------------------- 1> VScan Help or 1> VScan ? or 1> VScan -h You may need some temporary help with the commands while using VScan. This option will list a small command summary, as well as a few facts about the program itself. By Amiga standards, sup- plying a question mark to the filename should have given you a template, but as most people want a brief summary instead, this is what you get. Example: 1> VScan ? Example: 1> VScan >PRT: Help 4.3 Using VScan from the WorkBench: --------------------------------------- Click on the VScan! icon, then hold down shift and double-click on the file/drawer/disk you want to check for file viruses. If you just double-click on the VScan! icon, the memory will be searched for viruses, and then all disks present will be scanned for bootblock-viruses. 5 REGISTRATION ------------ 5.1 Why register: --------------------- 5.1.1 Your own conscience: ---------------------------- It is illegal to use this program for a prolonged time without registering yourself as a user. I won't press any charges or go to court, but you might consider it proper to register if you keep this program. 5.1.2 Supporting a good cause: -------------------------------- The registration fee will, in full, be forwarded to an infirmary for rheumatic children. Believe me, this is a good cause. If you don't trust me, either send the funds/gifts directly there, or support a similarly good cause of your own choice. 5.2 How to register: ------------------------ People who either forward funds, or send a copy of a valid do- nation receipt, will be registered as users. People who use this program WITHOUT paying said charges, are in fact breaking the law, and are no better than pirates and virus makers. 5.2.1 Direct donation: ------------------------ Donate USD 10.00 or NOK 100.00 or equivalent in any currency to any childrens hospital, or hospital for rheumatic people or similar. Then notify me. 5.2.2 Money transfer: ----------------------- Send me USD 10.00 or NOK 100.00 or equivalent in any currency through SWIFT, fedwire or international check to the following norwegian account: /1600.52.26531 Acct name: Arthur Hagen Acct held by: Union Bank of Norway, OSLO, NORWAY SWIFT address: UBNONOKK or by intl. check / money order to this address: Arthur Hagen Skorkeberg Alle 13F, N-1440 DR0BAK PAR AVION Norway, Europe Please do NOT send foreign cash by mail, as the charges for exchanging foreign cash might well exceed the amount sent! Funds received will be forwarded to the Rheumatic Hospital in Oslo, and will be marked for use for children. 5.2.3 Gifts: -------------- Gifts to the said institutions/address are also accepted in lieu of the registration fee, as long as the gift is not for me, but for charity. (Of course, if you want to send ME a small gift, you are welcome to do so; souvernirs from your part of the world would be much appreciated.) 6 SPECIAL NOTES ------------- 6.1 VScan vs other virus killers: ------------------------------------- You may encounter some problems when using VirusX and/or KV in conjunction with VScan-protected disks. VirusX and KV use checking methods that fool themselves into thinking that the pro- tection files are viruses. The same goes for disks protected by other virus killers. VirusX and KV often report viruses where there are none, and they often will kill the first command in your s:startup-sequence regardless of it's actual contents. The same may be true for some other virus killers. 6.2 New viruses: -------------------- If you find a new virus that VScan cannot handle, please send it to me ASAP, so I can make a new version of VScan (hopefully including a routine to kill just that virus). Please use the enclosed virus report form if possible. 6.3 Bugs: ------------- Even though I've tried to eliminate most bugs in VScan, there are bound to be some left, so please send me reports of encount- ered problems using VScan. If possible, tell me all about your system (kickstart version, workbench version, ram, harddisks etc), and try to explain just what you did. The bug report form should be of great help here. 6.4 Source code: -------------------- If you are suspicious of nature, and will encertain that VScan is not a Trojan horse, you MAY get the source code from the author. You may ask for the source on the following BBS systems: Red Heart (M)BBS, +47 2 522434, 300-2400 bps, F8N1, 24 hours MediaFoto (M)BBS, +47 2 176056, 300-9600 bps, F8N1, 24 hours or by mail to the above mentioned address. 7 APPENDIXES ---------- 7.1 List of known crunchers: -------------------------------- ANC cruncher (crload/crsave) ByteKiller 1.3 DefJamCruncher DragPack 1.0-1.1 Flash Packer 1.4 HQC 2.0 Imploder 1.0-3.1 MasterCruncher 3.0 Mega Crunch 1.0 Mega Crunch (not same as above) PowerPacker 2.1-3.0a Relokit 1.0 SuperCruncher 2.7 TetraCrunch 1.2 TetraPack 2.2 Time Cruncher 1.2 Titanics Cruncher TNM 1.1 TryIt 1.01 +Two crunchers I don't know by name ...and more will be added. In addition VScan recognizes .ZOO, .PP, .WRP and .LZH archives, not by name but by code (they could be renamed). 7.2 List of known Viruses: ------------------------------ The following viruses will be found and/or killed by VScan: 7.2.1 BootBlock Viruses: -------------------------- Use "VScan BootList" for a complete list. 7.2.2 File (link) viruses: ---------------------------- IRQ v. 41.0 Revenge of the Lamer I Revenge of the Lamer II Revenge of the Lamer III TTV1 I alias BGS alias GSG9 TTV1 II alias BSG9 alias BGS9 Xeno I Xeno II Terrorists alias TTV1 III Butonic v. 3.00 Traveling Jack CCCP Centurion alias Lamer Exterminator VirusTest TimeBomb Bret Hawnes Production Saddam Hussein alias disk-validator-virus alias Return of the Lamer ...and more will be added. VScan will also analyze files for NEW virus types. 7.2.3 Viruses in memory: -------------------------- Australian Parasite Bamiga Sector One BlackFlash Byte Bandit Byte Bandit Clones (several different) Byte Warrior CCCP Centurion DiskDoktor Gadaffi Graffiti HCS I HCS II IRQ Lamer Exterminator I Lamer Exterminator III LSD Micro Master / AEK MicroSystems NorthStar / StarFire I NorthStar / StarFire II Obelisk Opapa Pentagon Circle I Pentagon Circle II Phantastograph Revenge Revenge Clones (several different) Revenge of the Lamer SCA SCA Clones (several different) UltraFox VKill WarHawk Xeno ... and several others ... and many viruses not yet encountered ... and more will be added if you people out there keep sending the new ones to me. 7.3 Enclosed files: ----------------------- The following files should be contained in this archive, or on this disk: Docs/READMEFIRST Docs/VScan.DOC Docs/Copyright.DOC Docs/History.DOC Docs/Virus_Report_Form Docs/Bug_Report_Form virus.library Version 5.2 VScan Version 5.11 VScan! VScan!.info If any of these files are absent, try to get your programs from another source in the future! 7.4 Thankslist: ------------------- Thanks goes to the following: __ __/// Jay Miner for the \XX/ Erik Lovendahl Sorensen for sending me his new virii. Kristin for massaging my neck. Terry Pratchett for hilarious entertainment. Jorn Lokoy for his homebrewed beer. ... and all of you who have registered yourselves as VScan users. *Art