informis
/
textfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
textfiles/virus/amigvir2.txt

100 lines
6.0 KiB
Plaintext
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

AMIGA VIRUS
By ED EARING
Although I am not an owner of an Amiga, and although I am not familiar with
much of AmigaDOS, I have read the following disturbing subject in a
couple of other user group publications. I will attempt to make
this report with findings gathered from articles authored by Larry Phillips
(Commodore Users of Bartlesville) and Jo-Ann Nemeth (Commodore Users Group of
Columbus, Ohio).
If you see this message appear: "Something wonderful has happened. Your
Amiga is alive!!!" Please become very concerned.
A European group called Swiss Cracking Association (SCA) is taking
the credit for this latest form of invasion.
The usual chain of events is this:
An Amiga is booted with an infected disk. All works normally, with
no sign that anything is amiss. If you then reboot the machine with
Ctrl-Amiga-Amiga key, using an uninfected disk, the virus is
transmitted to the boot disk and it too becomes a "carrier," ready to pass it
on again, and so on.
If you have received any copies of programs from anyone ... user group,
friends, bulletin boards ... whatever, it is imperative that you test these
disks BEFORE doing a warm reboot.
So how do you know if your disks are infected already? What do you do?
Bill Koester of Commodore, Inc., has written a program, VCHECK, that
will determine whether a specific disk is indeed infected. The virus writes
to block 0 (zero), and one track 1 (0-1, 1-1). This is the same area used by
some commercial programs to record important disk information. The result
can be the destruction of the commercial program's usefulness. VCHECK
tests your computer's memory to see if it is infected with the virus.
As a safeguard, until you are able to test your disks, do NOT use an
important and presumedly uninfected disk unless the disk is write protected
before you put it into the drive or if this is not possible, turn the Amiga
off for a minimum of 60 seconds and then on again. To erase the SCA
jokesters' little humor, do an INSTALL of an infected disk from AmigaDOS. The
problem with this procedure is that it rewrites blocks zero, and commercial
programs often use block zero for copy protection so an "Install" could ruin
the program.
Using a program like SECTORAMA (DiskZAP will not show it), look at
Block 1 (cyl 0, hd 0, sec 1). If the virus is present, then run INSTALL.
Then turn the power off/on. If you have booted from an infected disk, and have
used INSTALL to kill the virus (see above), rebooting WITHOUT powering
off/on will only reinfect the disk.
Instructions for 2 drives:
Use Kickstart 1.2 (Amiga 500 already has 1.2 built in). When the
Workbench prompt appears, place your disk with the virus check program in
drive DF0:. This disk will automatically check your current memory. If your
memory is clear of the virus proceed. If not, turn off the Amiga for at least
60 secnds and start the procedure over.
Next, place the suspect disk in drive (either DF1: or DF2: for the A2000)
and type at the "1>" prompt: vcheck1 (return).
If all is well, you will see this message: "Virus Check 1.0 by Bill
Koester (CATS). This disk is healthy." If not, you are told that this disk
has the virus. Then type at the "1>" prompt: install df1: (return).
Should you find that your copy of Workbench is infected, then type at the
"1>" install df1: (return). Now turn the power off/on for the 60 second
interval.
The best advice the writers give is when you receive a new disk place it
in a special place and do NOT use it until you have a chance to test it for
the virus. They include commercial disks in this warning.
I read that the virus-checking program should be on Quantum Link or
GEnie or perhaps some Amiga BBS's. If you have the programs, it would be a
good idea to donate them to your SIG library.
NMCUG Editor's Note: The virus has been found on beta-test (i.e.,
pre-release not totally debugged) versions of commercial software, so it
is possible it could appear on brand-new just-out-of-the-box commercial
disks. Supposedly commercial software publishers are rectifying this
situation.
---------------------
Reprinted from COMMODORE DIMENSIONS,
January 1988, published by New Mexico
Commodore User's Group, P.O. Box 37127,
Albuquerque, NM 87176.
---------------------
Some further notes: this text file was written some one-and-a-quarter years
ago, by my time (4/89), and although the information given within is more or
less correct, it is outdated. Since the SCA virus emerged, a slew of others
have appeared, most of which use the same methods to spread themselves (boot
block infection). I will not go into the specifics of these new viruses, but
would recommend that interested parties (ALL Amiga users) get a copy of Steve
Tibbet's program VirusX and read the accompanying documentation, which
goes into more detail about the different viruses. VirusX should be available
through your local Amiga user group or from the Fred Fish collection of disks.
Some BBSes to call:
Digit Mail Box (408) 258-5463 3/12/2400b 8N1 Milpitas, CA. BBS of 64/More
Commodore User Group.
HomeBase BBS (408) 988-4004 3/12/2400b 8N1 Santa Clara, CA. SysOp John D.
McAfee head of Computer Virus Industry Association.
OMX BBS (613) 731-3419 3/12/2400b 8N1 Ottawa, Canada. SysOp Steve Tibbet,
author of VirusX.

Reference in New Issue View Git Blame Copy Permalink