193 lines
14 KiB
Plaintext
193 lines
14 KiB
Plaintext
/************************************************************************/
|
|
/* */
|
|
/* Viruses Dealt With: */
|
|
/* ------------------- */
|
|
/* */
|
|
/* SCA - The SCA is the simplest virus to deal with, */
|
|
/* as it's not actually DOING anything except */
|
|
/* hiding in memory, until you reboot. */
|
|
/* We just look at CoolCapture and fix it to get */
|
|
/* it out of RAM. */
|
|
/* */
|
|
/* Byte Bandit - The Byte Bandit virus takes the DoIO() vector */
|
|
/* and redirects it through itself. Thus, any */
|
|
/* attempt to read or write the boot block (ie, */
|
|
/* AmigaDOS trying to figure out what kind of */
|
|
/* disk it is) results in the BB writing itself */
|
|
/* onto that disk. VirusX couldn't just rewrite */
|
|
/* the boot block, we have to get him out of RAM */
|
|
/* first. This virus also has an interrupt that */
|
|
/* crashes the machine every 5 minutes or so */
|
|
/* after it's infected a few of your disks. Ow. */
|
|
/* It stays in memory not via the Capture */
|
|
/* vectors, but by a Resident module. */
|
|
/* */
|
|
/* Revenge - Basically, a Byte Bandit clone except it will */
|
|
/* bring up an obscene pointer a few minutes */
|
|
/* after you reboot. We treat it much like the */
|
|
/* byte bandit. */
|
|
/* */
|
|
/* Byte Warrior - Jumps right into 1.2 Kickstart. Won't work */
|
|
/* under 1.3. Hangs around via Resident struct, */
|
|
/* doesn't do any damage. */
|
|
/* */
|
|
/* North Star - Like SCA, hangs around via CoolCapture, */
|
|
/* killing CoolCapture kills the North Star. */
|
|
/* */
|
|
/* Obelisk Softworks Crew */
|
|
/* - Hangs around via CoolCapture, also */
|
|
/* watches reads of DoIO() (but doesn't */
|
|
/* infect EVERY disk - onlyt ones you boot */
|
|
/* off of) */
|
|
/* */
|
|
/* IRQ - This is the FIRST Non-Bootblock Virus. */
|
|
/* It copies itself from place to place via the */
|
|
/* first executable program found in your */
|
|
/* startup-sequence. It SetFunction's */
|
|
/* OldOpenLibrary(), has a KickTagPtr, */
|
|
/* and lives in the first hunk of an */
|
|
/* infected program. */
|
|
/* THANKS! to Gary Duncan and Henrik Clausen for */
|
|
/* being the first to send this one to me! */
|
|
/* */
|
|
/* Pentagon Circle - This one looks at the DoIO vector, and has */
|
|
/* a CoolCapture vector. It will write itself */
|
|
/* over any virus inserted, but not onto */
|
|
/* anything else. (Neat idea!). No danger, */
|
|
/* easy to eliminate. Holding left button */
|
|
/* while booting with this one shows different */
|
|
/* screen colour, but doesn't get rid of it. */
|
|
/* Thanks to Bill at CMI (CMI*BILL on Plink) */
|
|
/* for sending me this one! */
|
|
/* */
|
|
/* SystemZ Virus Protector */
|
|
/* - I took this one out. It's not really a */
|
|
/* 'Virus' in that it won't overwrite a disk */
|
|
/* without asking you first. Besides, it seems */
|
|
/* a lot of people LIKE the SystemZ Virus */
|
|
/* Protector (though it isn't perfect). */
|
|
/* */
|
|
/* Lamer Exterminator - THIS one was a bugger. Yet another virus */
|
|
/* aimed at hurting people. Y'see, a Lamer */
|
|
/* is apparently the worst kind of pirate - */
|
|
/* one who doesn't crack software, doesn't */
|
|
/* write software, just collects names and */
|
|
/* addresses and collects and spreads software. */
|
|
/* Lamers don't do anybody any good - and the */
|
|
/* guy behind this Virus took it upon himself */
|
|
/* to make their (and our) lives miserabler. */
|
|
/* Anyway, this virus loads into RAM into a */
|
|
/* different location every time (using a */
|
|
/* random location). It is encrypted on the */
|
|
/* disk so you can't SEE the name of it, and */
|
|
/* it never actually SHOWS the name (but it's */
|
|
/* definately there). It changes the */
|
|
/* encryption key used each time it is written */
|
|
/* back to disk. It has a counter and will */
|
|
/* wait until the machine has been reset 2 times */
|
|
/* OR until 3 disks have been infected, and will */
|
|
/* then pick a DATA block (Only a DATA block - */
|
|
/* FFS disks are safe, I guess), randomly, and */
|
|
/* will write the word 'LAMER!' all through it. */
|
|
/* This is obviously not good, and will cause */
|
|
/* random disk errors. This is the worst kind */
|
|
/* of havoc to wreak on the new user - and this */
|
|
/* virus is EVERYWHERE! I've gotten it from 5 */
|
|
/* people in the last week alone (all from */
|
|
/* different countries! Ack!). Anyways, credit */
|
|
/* for being the first with this one is */
|
|
/* Christian Schneider. Thanks, Christian! */
|
|
/* Might as well break the margin convention here, eh? Anyways, */
|
|
/* something else I thought of about this virus: It introduces a NEW */
|
|
/* way for a Virus to stay in RAM. Y'see, if ExecBase is okay at */
|
|
/* reboot time (Exec keeps a checksum, among other things, and checks */
|
|
/* to see if anything has been corrupted quite carefully). Anyways, */
|
|
/* if Exec thinks ExecBase is okay, it doesn't bother rebuilding it. */
|
|
/* Sooo, this virus sets the SumKickData() vector to point at itself. */
|
|
/* Then at Reboot when this vector gets called after reset, the virus */
|
|
/* ReInstalls himself. At least this is what I think is happening. */
|
|
/* This virus sets up a Resident structure, but never sets the Match */
|
|
/* Word - either this means we don't need the MatchWord or it means */
|
|
/* his SumKickData() is doing the recovery job - either way, it's */
|
|
/* new! 3 points for originality. */
|
|
/* */
|
|
/* Graffiti - The first virus to come with rotating 3-d graphics! */
|
|
/* It's neat - you might want to trigger it (I'm not sure */
|
|
/* how) before nuking it. Anyway, this one just sets */
|
|
/* CoolCapture(), does something with DoIO() during the */
|
|
/* reboot but sets it back to normal before anybody gets */
|
|
/* to look at it. Lots of code is taken by the graphics */
|
|
/* stuff. I just clear the CoolCapture vector. [yawn] */
|
|
/* */
|
|
/* Old Northstar - Poof. */
|
|
/* */
|
|
/* 16 Bit Crew - Well, I didn't actually have to DO anything to get */
|
|
/* VirusX to recognize it... because it seems to operate */
|
|
/* like the Graffiti Virus. If the 16 bit crew is in */
|
|
/* RAM, VirusX will say it removed the Graffiti virus. */
|
|
/* Oh well. 8-) */
|
|
/* */
|
|
/* DiskDoktor - I spent more time on this one than on any other. */
|
|
/* Y'see, this virus does lots of things. The first one */
|
|
/* for some reason was quite funny to me. heh */
|
|
/* What it would do is after you have rebooted 5 times, */
|
|
/* each time you reboot after that, the virus would eat */
|
|
/* 10K times the total number of reboots - so after */
|
|
/* rebooting 10 times, you would be short about 100K. */
|
|
/* This virus also starts up another TASK. I'm not */
|
|
/* exactly sure when it happens, but another task named */
|
|
/* 'clipboard.device' will appear at a priority of -120, */
|
|
/* and will continually bash the Virus' vectors into the */
|
|
/* Coldcapture, Coolcapture, Warmcapture (which it sets */
|
|
/* to $ff000000 just to annoy), and the DoIO() vector. */
|
|
/* When I was working on this one, I figured I just had */
|
|
/* to restore the old values to the DoIO() vector, but as */
|
|
/* soon as I did so, the Virus restored them - and since */
|
|
/* I didn't disassemble the entire thing, I didn't realize*/
|
|
/* this until I wasted time looking for other faults. */
|
|
/* This one also allocates some memory, copies some code */
|
|
/* out of Exec into this memory, and executes it. I */
|
|
/* never bothered to figure out why - Once it's gone, it's*/
|
|
/* gone. */
|
|
/* */
|
|
/* Thanks also to Robb Walton for being the first to send one of the */
|
|
/* other ones, (but I can't remember which one anymore... 8-( ) */
|
|
/************************************************************************/
|
|
/* */
|
|
/* Notes on making VirusX yourself: The source is included mainly */
|
|
/* for your perusal, not so that you can modify it and redistribute */
|
|
/* it. I've modified Manx's _main.c module to make the detach */
|
|
/* from the initial CLI work properly. I can't redistribute this */
|
|
/* module since it's copyright manx, so here's VirusX without it. */
|
|
/* It will compile and run, but if you run it from WB, it won't quit. */
|
|
/* The version I've supplied should do everything just fine. */
|
|
/* */
|
|
/* VirusX */
|
|
/* */
|
|
/* by Steve Tibbett */
|
|
/* */
|
|
/* Please - if you find a new virus, Send me a copy! */
|
|
/* (And warn me it's on the disk!). I want to keep */
|
|
/* this program current. (Feel free to put something */
|
|
/* neat on the disk also!) */
|
|
/* */
|
|
/* This version of VirusX is done with the Lattice 5.0 */
|
|
/* compiler. The Lattice compiler, with the help of John Toebes, */
|
|
/* gave me an executable almost 4K smaller than the best I could */
|
|
/* get out of Manx. Reason enough for me to switch! */
|
|
/* */
|
|
/* The Makefile included in the "source.zoo" file you should have */
|
|
/* gotten in the VirusX.Zoo file this came from, is set up for the */
|
|
/* MANX Make Utility. Switching to Lattice's LMK should be easy, */
|
|
/* but I've had no reason to. The important thing is the command */
|
|
/* line switches and the BLINK command line. */
|
|
/* */
|
|
/* Thanks to John Toebes for a lot of help getting it going, and */
|
|
/* thanks to Dan James for providing the routine down at the bottom */
|
|
/* that actually takes the IRQ Virus out of executable files. */
|
|
/* */
|
|
/************************************************************************/
|
|
|
|
/* End of Text */
|
|
|