Software 2000

home *** CD-ROM | disk | FTP | other *** search

/ Software 2000 / Software 2000 Volume 1 (Disc 1 of 2).iso / utilities / u584.dms / in.adf / ZV.Doc < prev

Wrap

Text File | 1978-02-06 | 28.6 KB | 981 lines

ZeroVirus III. (c) Copyright 1989,1990 by Jonathan Potter See the bottom of this file for changes INTRODUCTION ------------ Welcome to ZeroVirus! --------------------- This program is a complete virus detection, removal, and protection system. Using ZeroVirus , you can check the bootblock of any disc . You can install the disc ( removing any virus that is present ) with one of four different bootblocks, and backup the bootblocks of your commercial programs to ensure recovery from any viruses in the future. You can also use ZeroVirus to check a directory , or a whole disc for any Known file (link) viruses. ZeroVirus uses BrainFiles to make updating easier. The BrainFiles contain information that ZeroVirus uses to identify viruses and other bootblocks. ZeroVirus has a LEARN option , whereby you may include in the BrainFile the data necessary to recognise a certain bootblock in the future.... ZeroVirus also has " on-line " BrainFile editing, to make the procedure even easier. You can iconify ZeroVirus to a small window on the Workbench screen . Here it runs in the background , checking every disc you insert in the drives. STARTING ZEROVIRUS ------------------ To start ZeroVirus, double-click on the icon from Workbench ,or type "Zero- Virus" from the CLI. ZeroVirus looks for the BrainFile ( called "ZeroVirus.BrainFile") in either the current directory, or in the S: directory, and if it is found , it will be read in. ZeroVirus then looks for the Palette file ( called "ZeroVirus.Palette" ) in the same places , and will read in your custom colours from that file if it can be found. MEMORY CHECKING --------------- Once ZeroVirus has finished the above operations, memory is checked for any known viruses . If any are found , they are automatically removed , and you are notified of their presence. After this, ZeroVirus checks a number of system vectors. The vectors check- ed are WarmCapture, CoolCapture, ColdCapture, KickTagPtr(or RomTags), Kick- MemPtr and KickCheckSum vectors. These should all normally be zero($000000) and one sign of a virus in memory is these vectors pointing somewhere else. If their value is not $000000, you will be given the option to restore then to $000000. Be careful here , because some legitimate programs , like Guardian , modify these to their own purposes. After this , you are prompted to press the left mouse button to continue. MAIN MENU --------- Several options are available from the main menu : ------------------------------------------------- The BOOTBLOCKS gadget , or " BootBlocks " from the pull-down menu takes you into the bootblock checking part of ZeroVirus. Likewise 1, the FILES gadget, or "Files" from the pull-down menu takes you into the file checking part of ZeroVirus. The BRAINFILES gadget , or " BrainFiles " from the pull-down menu takes you into the "on-line" BrainFile editor. The LEAVE gadget gives you the option of either quitting or..... iconifying ZeroVirus. "Palette" from the pull-down menu allows you to edit the colours ZeroVirus uses, and "Save Palette" allows you to save them for future use. "About" displays some information about the program : "Iconify" iconifies ZeroVirus. "Quit" exits ZeroVirus. BOOTBLOCKS ---------- This section of ZeroVirus allows you to work with the bootblocks of discs. -------------------------------------------------------------------------- To check the bootblock of a disc , click on the icon of the drive the disc is in . If no errors occur , the bootblock will be read and checked. If the bootblock is recognised , its name and description will be displayed. eg "Normal DOS bootblock." "This disc is okay. Insert another disc to keep checking." "ZeroVirus BigScreenTest bootblock" "Check for PAL sized screen on bootup" "SCA virus recognised!" "This disc contains a virus! INSTALL it immediately!" If the bootblock is not recognised, you will see : "Non-standard bootblock" "Suggestion : BACKUP and INSTALL" Under the description ,the bootblock is displayed . Characters in white re- present standard bootblock characters ; those in red represent non-standard bootblock characters. ZeroVirus detects disc changes, so to check another disc in the same drive, simple eject the current disc and insert the new one. Several options are available from a pull-down menu : --------------------------------------------------- A "-->" in menu names indicates the presence of sub-menus. From top to bot- tom the menu options are : BootBlock --> - This option allows you to select the bootblock that --------- will be written to discs when you install them. Standard - This is the standard AmigaDOS 1.3 bootblock. NoFastMem - This bootblock allows you to turn off all auto-con- figuring expansion memory on bootup. BigScreenTest - All PAL Amigas have a bug that causes an NTSC ( 200 line) screen to occasionally open on bootup, instead of one the normal PAL size (256 lines). This bootblock checks the size of the screen you are about to boot into , and if it is < 256 lines , will give you a chance to reset the computer. This eliminates the possibility of going through a half hour long startup-sequence only to find at the end that you have to reboot because of a short screen. AutoAddRAM - This bootblock allows you to automatically add one chunk of non-autoconfiguring memory on bootup. When you install a disc with this bootblock, you are prompted for the starting and ending addresses of the chunk , in hexadecimal . If you give no input to this, the RAM from $f80000 to $fbfffe present in Amiga 1000s with Kickstart in ROM is assumed. Install - This option installs the disc in the currently selected drive, with the selected bootblock. Learn - This option allows you to learn the bootblock of the disc in the currently selected drive. ZeroVirus recognises bootblocks by checking eight characters . If all characters match the required characters, ZeroVirus recognises the bootblock. When you select learn , eight characters in the bootblock view are highlighted. These are the eight characters ZeroVirus has picked to recognise the bootblock by . Unfortunately...... ZeroVirus cannot distinguish between code and text. Since text in a bootblock can be changed relatively easily, it is not a good idea to learn text bytes. If it is obvious that ZeroVirus has picked some text bytes to learn , you may reselect the bytes yourself. A maximum of eight characters may be highlighted at once. To toggle a character on or off, click on it with the left mouse button. You may pick eight or less characters. Once you have finished picking characters, click in the centre of the screen where you are told to. You are now prompted for the name of the bootblock. To cancel the learn operation , just press return for this. Once you have entered the name , you are asked for a description . If the bootblock you have just learnt is a virus , just press return for this. Names and descriptions may be 80 characters at the most. Learn only learns to memory - the bootblock is not recorded to the BrainFile on disc until you do so from the BrainFile editing menu. Force Learn - It may happen occasionally that the bootblock of the disc you wish to learn has the same bytes in the same places as a bootblock ZeroVirus has learnt previously . In this case, Learn will complain that ZeroVirus already knows this bootblock. You may now learn the bootblock with Force Learn,and pick some different bytes. The bootblock will still not be recognised, however, as the first bootblock is before this one in the list . To overcome this problem , you may re-arrange the order of bootblocks in the BrainFile from the BrainFile editing menu. Backup --> - These options allow you to manipulate bootblocks as ------ disc files. Backup - Many programs employ custom bootblocks . These boot- blocks may be for fast loaders, intros, etc. Many of these programs depend on their custom boot- block . If this bootblock is overwritten with a virus ,the program will no longer work. Backup allows you to backup a bootblock to a disc file, for future retrieval. When Backup is selected , a file requester appears for you to enter the name you wish to save the boot- block. The name of the disc is automatically entered as the filename, but this may be edited. Once you have chosen the name , you are asked to enter an optional comment for the bootblock (maximum 40 characters). Providing no errors occur , the bootblock will be saved to the file. It is a good idea to keep all bootblocks in the same directory, and an even better idea to keep a backup of the disc containing the bootblocks. Restore - Restore allows you to restore a previously backed-up bootblock to the disc in the selected drive. Selecting this opens the file requester, prompting you for the name of the bootblock you wish to re- store Catalogue - Catalogue allows you to generate a catalogue of all the backed-up bootblocks in a specified directory. Selecting this opens a requester with various gad- gets allowing you to configure the catalogue. CATALOGUE TO FILE and CATALOGUE TO PRINTER allow you to send the generated catalogue to a disc file, or to the printer (PRT:). INCLUDE COMMENTS and INCLUDE DATES allow you to select whether comments and dates are included in the catalogue. SORT BY NAME , COMMENT and DATE allow you to turn catalogue sorting on or off, and select which item the catalogue is sorted by. GENERATE CATALOGUE opens the file requester , allow- ing you to select the directory containing the boot- blocks you wish to catalogue . Only bootblocks saved with ZeroVirus are included in the catalogue. View Saved - This allows you to view a saved bootblock. Selecting it opens the file requester , prompting you for the name of the bootblock you wish to view. Compare Saved - This allows you to compare the bootblock of the disc in the selected drive with a bootblocks saved to a disc file. The saved bootblock is the one actually shown . Conflicting characters are shown in red; identical characters are shown in white. Print Saved - This allows you to dump a saved bootblock to the printer ( PRT : ).The bootblock is printed in both hexadecimal and ASCII. Print - This allows you to dump the bootblock of the disc in the selected drive to the printer (PRT:). Toolkit --> - These options allow you to manipulate bootblocks in ------- special ways. UnInstall - UnInstall un-installs a disc, leaving the bootblock the same as if the disc had just been formatted. Fix Checksum - This fixes the checksum of the bootblock, and makes it bootable. No Checksum - This zeroes the checksum of the bootblock, and makes it non-bootable. Copy Block - This allows you to copy the bootblock of the disc in the selected drive to a disc in another drive. After selecting this, click on the drive that you want to copy the bootblock to , or click on the same drive to cancel the operation. Main Menu - This option returns you to the main menu. FILES ----- This section of ZeroVirus allows you to check files for file (link) viruses. When selected, the screen clears and the file requester opens. You may now select the directory you wish to check ( don't worry about the filename ). When the directory has been chosen, you are asked if you wish to check all the sub-directories as well. This allows you to check a whole disc at once, if necessary. You are now asked if you want any viruses to be automatically removed. If you answer positively to this , any file viruses found will be removed automatically , unless a user action is unavoidable (eg an error occurs). The files are now checked . The filenames are displayed on the screen as they are being checked. File viruses are not learnt in BrainFiles. Therefore, ZeroVirus will be updated if and when new file viruses appear. Currently recognised file viruses are : ------------------------------------- IRQ virus - This virus attaches itself to the first command in the startup-sequence. BGS9 virus - Also known as the TTV1 virus, this one replaces the first command in the startup-sequence with itself, and places the original file in a hidden file in DEVS: If this virus is found, ZeroVirus will also give you the option of trying to replace the original file. Even if automatic virus removal is on, user in- put is required here, as ZeroVirus has no idea where the DEVS : directory on that disc is (in relation to the current directory ). The file requester is opened for this . LAMER virus - This virus is usually disguised as a hidden file, and inserts a line calling itself in the startup- sequence If a file called " startup-sequence " is found , it will be checked to see if it calls this virus. The virus calls itself a name consisting of (in hex) A0 ( 160 decimal ). These are invisible as normal ASCII. If any of these are found in the "startup- sequence", ZeroVirus can remove them. BRAINFILES ---------- The " on-line " BrainFile editor allows you to easily edit the current BrainFile. The name of all bootblocks known by the current BrainFile are displayed on the screen, along with their comments. You may scroll the selector-bar up and down the list of bootblocks with the UP and DOWN gadgets at the bottom of the screen , or with the Move menu. Several options are available from a pull-down menu; these are : -------------------------------------------------------------- New - This option discards the BrainFile in memory at the moment, and begins a new one. Be careful with this; there is no undo feature. Load - This option allows you to load a BrainFile from disc into memory , replacing the BrainFile in memory at the moment. The file requester is used to allow you to select the BrainFile. Note that BrainFiles need not be called "ZeroVirus. BrainFile" ........ they may be called anything, and kept anywhere . However , they will not be read in automatically when ZeroVirus is run unless they are. Save - This option allows you to save the BrainFile in memory to disc . The file requester is used to allow you to select the name. The User Update count of the current BrainFile is incremented everytime you Save. Edit --> - These options allow you to make changes to the en- ---- tries in the BrainFile. Move - Move allows you to reposition an entry in the BrainFile . When selected , you may move the se- lector-bar to the position you wish the entry to be moved to. Press the right mouse button when the bar is in the correct position. You are then asked if you wish the entry to be moved above or below the current position . To cancel this , press the right mouse button without moving the bar. Rename - This allows you to change the name and description of the highlighted entry. Delete - This allows you to delete the highlighted entry from the BrainFile. Merge - The Learn option allows you to include your own bootblocks in the BrainFile. However, new BrainFiles issued by the author will not, of course, contain these, and so you would have had to Learn them all again. Merge allows you to, effectively, join the current BrainFile with one on disc. However, the "new" BrainFile will not conta in any repeated en- tries. Move --> - These options allow you to move around the current ---- BrainFile. Entry Up - Moves you one entry up. Identical to pressing the UP gadget. Entry Down - Moves you one entry down. Identical to pressing the DOWN gadget. Page Up - Moves you one page (13 entries) up. Page Down - Moves you one page (13 entries) down. Top - Moves you to the top of the BrainFile. Bottom - Moves you to the bottom of the BrainFile. Main Menu - This option returns you to the main menu. PALETTE ------- The palette requester has several gadgets to enable you to set the colours of the screen . The coloured squares at the top of the window let you select which colour you wish to work with. Underneath these is a window- wide bar, which is filled with the current colour, and displays (in hex) the value of the colour. Under this are six slider gadgets . The first three, R, G and B enable you to set the red , green and blue content of the current colour. The next three, H, S and L enable you to set the hue, saturation and luminance of the current colour. Under these are six other gadgets : --------------------------------- - COPY allows you to copy the current colour to the next selected colour. - SPREAD allows you to evenly spread the colours between the current colour and the next selected colour. - RESET allows you to reset to the palette in use when the Palette Requester was first invoked. Also , pressing the ESCape key has this effect, so if you accidentally set all the colours to black ( or some- thing ), just press ESCape. - DEFAULT returns the colours to their default settings. - OKAY accepts the current colour settings and exits the palette requester. - CANCEL rejects the colour settings and exits the palette requester. Clicking the close gadget also has this effect. ICONIFY ------- Iconify closes the ZeroVirus window and screen, and opens a small window on the Workbench screen . ZeroVirus now behaves very much like the PD program VirusX . Unlike VirusX , however , it also contains a title bar clock and memory monitor. The current time is displayed (and updated) along with the amount of chip and fast memory available in the system. When the iconified window first opens , all discs present are checked for viruses or non-standard bootblocks . If they have viruses or other non- standard bootblocks on them, a requester appears, asking you if you wish to return to ZeroVirus . If the bootblock is a virus, you are not told which virus it is. You will find this out when you return to ZeroVirus. You are only notified if the bootblock is a virus, or if it is an unknown, non-standard bootblock. After all discs have been checked, the clock starts and continues updating. Every time a disc is changed , that disc is automatically checked, and the same procedure as above follows. To return to ZeroVirus from the iconified window, activate the window and press the right mouse button . To exit ZeroVirus without returning to the main program, click the close gadget. If, from the CLI, ZeroVirus is run with the "-i" option, ie ZeroVirus -i it will start up in the iconified mode. You may also, from the CLI, specify the x and y locations of the iconified window. ZeroVirus -xnum1 -ynum2 will set the left edge of the window to num1, and top edge to num2. You may use -i, -x and -y in any order, and they are all optional. ABOUT ----- ZeroVirus is NOT public domain , although it is freely redistributable. It is under NO circumstances to be sold , or included on any product for profit , without prior permission from me. ZeroVirus may be copied and used freely. If you have any comments or bug reports , or find any new viruses , please --------------------------------------------------------------------------- send them to me. --------------- CHANGES TO ZEROVIRUS III. ------------------------- Firstly , ZeroVirus now detaches itself, so you do not need RUN or RUNBACK. Screen is back to NTSC size - why not? You now no longer have to press the left mouse button to enter the program. Brilliant title screen, eh ? Thanks to Adrian Jones for that. Any enquiries on Amiga graphics , or offers for contract work can be sent to Adrian via me (see address at the bottom of this text). A new menu item, Memory, allows you to : -------------------------------------- a) Re-check memory for viruses . This repeats the procedure that occurs when the program is run. b) View memory , to look for any suspicious text. Palette requester is much nicer . Sorry , Andrew Wong . I know ZeroVirus is not a paint program , but when you have 4096 colours available , it's silly (no , notridiculous , just silly) not to take advantage of them. New Credits requester , showing names of all... those marvelous people who --------------------- helped making this program what it is. Into BootBlocks section. Click on a drive gadget. Zoooom.. yes, bootblock display is several million % faster. A new bootblock , Message , displays a scrolling message on a green copper list . If this disappears from a disk you know it was on , it is likely a virus has overwritten it. Hide Drive allows you to switch off a drive, hiding it from DOS. This would be used , if you are checking lots of non-DOS disks , that would normally throw up DOS requester when you insert them . Disk change is not dectected when a drive is hidden , so you have to keep clicking on the drive gadget to check each new disk. Back to main menu, into Files section : ------------------------------------- File viruses currently recognised are BGS9 (or TTV1), LAMER, IRQ and XENO. Catalogue files lets you generate a catalogue of all files in a directory (or on disk). These files can later be checked against the catalogue (using Check Catalogue) for changes in size, date and protection bits. Into BrainFiles section : ----------------------- Nothing much changed here , except you can move using cursor ( shift/ctrl, etc ) keys.. easier, I think. The file requester is better. DRIVES gives you a list of all available dev- ices (disk, assigns......). In ARP fashion, SHIFT-RETURN jumps to the other string gadget. ZeroVirus III generally is more memory efficient than earlier versions. Only 1K of chip RAM is used when it is iconified. That's about all the changes there are . Sorry about the lack of proper do- cumentation, but, hey! It's free! What more could you want? Changes v1.18 ------------- (v1.16 & 1.17 were never released). ZeroVirus now REALLY recognises the changes to system vectors made by SetPatch r. There is a new function from the main menu, Virus List, which simply displays an alphabetical list of all the viruses recognised by the current version/brainfile. ZeroVirus now uses the req.library for a file and palette requester. A nice advantage of this (apart from the better requesters) is that the executable is about 14k (uncrunched) shorter. The req.library MUST be present for ZeroVirus to run. * * * * * PLEASE send any NEW viruses , or suspected viruses , to me at the address ------ ---- below . Or, if you live in Europe, send them to : Erik Løvendahl Sørensen Snaphanevej 10 4720 Præstø Denmark ( and Erik will pass them along to me.) Enjoy...! Jonathan Potter P.O. Box 289 Goodwood, SA 5034 Australia ph : (08) 2932788 (All donations gratefully accepted . Not only that , but you'll get back a --------------------------------------------------------------------------- copy of the latest version/BrainFile. Thanks.) ----------------------------------------------