.-------. :HISTORY: `-------' ---------------------------------------------------------------------------- V1.17 2nd-Feb-98 (Now a DiGiTaL CoRRuPTioN production. :-) ~~~~~~~~~~~~~~~~~ - The taskname changer and memory checker only worked if the FVK window was activated, as it was relying on IntuiTick IDCMP events. This has now been changed to use a timer device routine. This was actually quite a lot of code changing, and now creates its own message port instead of using the one provided by OpenWindow() - Before, if a file was crunched, it was decrunched, and then checked. If this file had been infected after it was crunched, sometimes the virus wouldn't be detected, as the xfdmaster library still recognised the crunch header even with the virus-code appended. Now FVK now checks like this.. Check file. Try to decrunch file. If file was crunched, check it again. This means crunched files are checked (very) slightly slower than before, but this is the only way in which to be completely safe. Thanks to RaMoNsTeR/dC for pointing out these two bugs :-) - FVK now _NEEDS_ xfdmaster.library installed. - Now handles files with debug hunks in straight after the header correctly. AX_Fucker recognition now works again. - BGS9 file-detection improved. - Improved boot-virus engine. - Added AEK clone, FILO 5.31, French. - Added HNY98 Bootblock. (Thanks to John Adams for sending this to VHT) - Improved recognition of VKill1.0, Australian Parasite, Coders Nightmare, Divina Exterminator, GX Team, Gremlins89, NorthStar1, PentagonCircle2, RevengeBootLoader, TimeBomb10, Joshua2, SwitchOff - If the boot is not identified, it now computes the checksum, to make sure it's valid, If the checksum is incorrect, then it's rescanned against the database using the corrected checksum. - Now recognises bootblocks that are DOS1 thru DOS5. - Removed some unused text strings and some unused variables. - When a virus was removed from a file, the filebuffer was never freed from memory. This memleak now fixed. - Menus now appear in V39 mode. - No longer crashes if xfd.library isn't installed. - Shell file-check used xfd.library after it was closed. This could have caused a crash if xfd got expunged. - Most filevirus checks read past the ends of the filebuffer, which is bad. Now, no reads are performed that are larger than the loaded file. - Added Commander virus and its Installer on request by Jan Anderson. (Memory kill will be added next time) - Main event-handler restructured & optimised. ---------------------------------------------------------------------------- V1.16 7-Jan-98 (Fastest update ever :-) ~~~~~~~~~~~~~~~~ - Added Happy New Year 96 [Optimised] & it's installer. This was released as source code, so I don't know if it's in the wild. But its added just in case. - Added a fix for a stupid problem in my HNY98 removal code which caused an infinite loop to be entered with some files. - Rewrote the Happy New Year 96 file recognition. - Now based upon code recognition instead of the text, which makes it recognises the `Fucked Up Year 98' clone, and maybe any others which may be hanging around. - Fixed a problem, where some files it fixed still had BRAs to a virus which was no longer there. - HNY96 & HNY98 now use the same routine to fix up the patched BRAs. which saves a few bytes - Changed `This file is the xxx virus' to the better description of `This file is infected with the xxx virus' Thanks RaMoNsTeR^DC for this `bug-report' :-) ---------------------------------------------------------------------------- V1.15 6-Jan-98 ~~~~~~~~~~~~~~~~ - Added Happy New Year `98 filevirus and Anti-Cracker bootblock. Thanks RaMoNsTeR/DC for the fast supply. - Added a new file classification. "Joke" files. First entrant into this new catagory is `ViriCheck'. Please stop writing such crap, and do something constructive. The anti-virus field is something to be taken seriously and does not need such foolishness. - Reclassified `DriveMusic' as a Joke file. - Now prints the date & time of filecheck completion, and how many files were scanned. (Sorry this took so long, but I've been busy) ---------------------------------------------------------------------------- V1.14 22-Dec-97 (Yet another fix) ~~~~~~~~~~~~~~~~~ - My ZIB removal code was breaking most files, as it wasn't repairing all the branches to the virus code, only the last one in the file. Sorry for any damaged files. Thanks to Alex Van Niel for the info and to my friends in DC for the example files. - All file check routines overhauled to handle large code hunks. ---------------------------------------------------------------------------- V1.13 5-Dec-97 ~~~~~~~~~~~~~~~~ - Added ZIB Installer. Thanks to Jan Anderson for this. - Fixed BioMechanic6 Recognition, sorry to anyone who deleted any files due to this mistake, but I had only one executable to work from :-( Thanks to the guy who sent two examples (Sorry, forgot your name ;-( ) ---------------------------------------------------------------------------- [ I've been even busier with University stuff than ever, [ so I've not added anything to FVK recently. [ However, New viruses get priority so here it is. V1.12 29-Nov-97 ~~~~~~~~~~~~~~~~~ - Added ZIB file virus. Thanks to Harry Sintonen for this monster. - Added Zombi Bootvirus - Fixed Joshua bootvirus recognition ---------------------------------------------------------------------------- [ Quite some updating/fixing/improving this time. [ I've actually been really busy with University stuff, plus I was ill [ for a little while, so that's my excuse for this slowness of late. V1.11 15-Oct-97 ~~~~~~~~~~~~~~~~~ - Improved File-checker : - Added LiSA-Fuckup 3.0 (ScanEbola97) trojan - Added some old viruses : AFFE, Aram-Dol, AX-Fucker, Biomechanic 6, BBS-Traveller (Ebola2) Thanks again to Jan Anderson/VHT DK for these old beasts. - Some viruses wouldn't have been detected if they had their RELOC hunks converted to short relocs. - Now asks before cleaning/deleting a file, this was actually harder to implement than it sounds, and quite a large part of the filechecker had to be rewritten. - Shell Filecheck can now be aborted with Ctrl-C. - FileInfoBlock is now only allocated once per file check, before it was allocated and deallocated each time for every file. This should speed the FileChecker up a little. - Filechecks used to walk past end of buffer occasionally. - Incorrect file buffer size was FreeMem()'d - Now strips HUNK_DEBUG, HUNK_SYMBOL, & HUNK_NAME before file check. - Some viruses which can only be deleted were calling DeleteFile() instead of branching to a FastKiller routine, which sets the protection bit first. This also made the code a little shorter. - Removed some unnecessary tests in a few file-checks. - Removed enforcer hit that occured if an xfd error occured. - Improved bootblock analysis engine: - Added some old viruses : BootAIDS, ByteBandit4, COBRA, Cheater Hijacker, DigitalLife2, Disgust, DATACrime, Cracker Exterminator, Devils, Dr Mosh, Dr Mosh2, ELENI, Executors, Fast Eddie, GeneStealer, HEIL, Indiana Jones, Influenza, Infector, INGO, IRAK 3, Lamer Exterminator Decoded, LameStyle, Love Machine `90, Loverboy, Little Sven, MG, Nuked007, Obelisk (Format), Paratax III, PayDay, Perverse I, Plastique, Red Ghost, Sao Paulo, Sachsen 1, Sinister Syndicate 1.0, SS, SHI, Sonja, Starlight 2, Starlight Warhawk, Suicide Machine, TNK, TTS, TFC Revenge, Tomates-Gentechnic2.0, Unknown1, Virus-Fighter, VirusV1, VIPHS, ZAccess 3.0 Thanks to Jan Anderson/VHT DK for those. - Fixed recognition for CCCP, DiskDoktors, NorthStar2, SwitchOff & Incognito. - SCA Clones are now called just that to save memory. - Tidied the line-indenter a little. - Misc code shuffling to group associated routines, which meant a few branches are now optimised to byte distances. Ie, shorter executable. ---------------------------------------------------------------------------- V1.10 22-Sep-97 ~~~~~~~~~~~~~~~~~ - First GUI Version! Major overhaul of several routines. So far, just main GUI, and FileCheck GUI included. - Added new viruses: HitchHiker 4.23, BEOL4 installer, EBOLA, Happy New Year 96, Happy New Year 97. Thanks to Jan Anderson/VHT DK for those. - Reworked HitchHiker 4.11 detection - Small optimisation in file detection. - Fixed 3 small bugs in memory clean. - Was reading from the wrong Trap vector. - Wasn't freeing the memory the virus occupied. - When virus removed from memory, the `removed' message looked a little odd. Now fixed to look like the others. - Reworked hunk-handler - No longer crashes when an exe with no HUNK_CODE's is found. - Handles hunks with zero bytes correctly now. - Optimised the routine which shortens hunks. - Removed possible enforcer hit in filecheck. - If a file-error occurs, a linefeed is now printed too. - When xfdmaster.library returns an error, this text is now printed. - Recoded the text-indenter. - Shortened file detection routines for BOKOR 1.1 and HitchHiker2.01 - Dirwalker now works with single files. - Added Workbench startup code, Tooltypes will be added later. - Added routine which changes the taskname every so often, The idea for this came from AntiBEOL by Gideon Zenz. (Good thinking dude ;-) - VHT-DK information file added to distribution. ---------------------------------------------------------------------------- V1.9 6-Sep-97 ~~~~~~~~~~~~~~~~ - Added Incubator & PFixLib to LoadSeg() tunneler. ---------------------------------------------------------------------------- V1.8 1-Sep-97 ~~~~~~~~~~~~~~~~~ - Added UnhappyNearlyNewYearSummer97 installer & dropped file. Thanks to Adam Polkosnik for this shit. This is a compiled REXX script supposedly written by me. I'd love to meet the asshole who made this lame shit. This didn't even run on any of my systems, so I was unable to produce any infected files. - Converted docs to AmigaGuide format. - Added a list of known viruses with explanations. - When HitchHiker 2.01 was cleaned from a file, too much of the buffer was saved, and may have created some unloadable files. - Rewrote the SaveFile() routine, so that it deletes the file first. - Added VMM3.3 & KBVirus to LoadSeg() tunneler. ---------------------------------------------------------------------------- V1.7 28-Aug-97 ~~~~~~~~~~~~~~~~~ - Added BootShop virus installer. - Added more bootviruses. -- Fast2, Lamer Exterminator 1-7, Paradox2 Rene, SwitchOff, CopperBoot, SherLock2.0, VirKill2, Tai-Pan Chaos, Tai-Pan LameBlame, PVL 3.0, PVL 4.0, PVL 5.0, PVL 5.1, PVL 5.3, PVL 5.4, PVL 6.1, PVL 6.4, PVL 6.5 - Fixed MAD2 bootvirus detection. - Added XFDPatch to the vector tunneller - DirWalker wouldn't abort on Ctrl-C. - DirWalker didn't obey the QUIET argument. - If a virus was found in a crunched file, and the QUIET arg was specified, then no text would be printed. - Now restores filedate when removing link-viruses. - FVK now sets the Read & write file protection bits when removing a link virus from a file, and restores the original status afterwards. - Removed all inline file-delete's, and replaced them with Bsr's to a DeleteFile routine which sets the Delete bit first. - Optimised filecheck routine a little, to use jumptables instead of multiple compares. - Boot analysis engine sometimes exited before completing the scan which meant some bootviruses were reported as clean. - Bootblock analysis engine sometimes got stuck in an infinite loop. - Outputs some error-messages if the something goes wrong during filecheck. - Selfcheck would fail if started from DirectoryName/FastVirusKiller - BOKOR 1.05 and BOKOR 1.06 are virtually identical to check for, so now they use just one removal routine, (They are both reported correctly though) - Fixed version string. ---------------------------------------------------------------------------- V1.6 22-Aug-97 ~~~~~~~~~~~~~~~~~ - Self-check routine now uses a larger buffer for pathname. - Added a variant of Harry Sintonen's DirWalker routine. The script is no longer necessary. - Rewrote text output routines. They now generate a buffer, and print that all in one go, instead of printing each line in three stages. (filename, packer, virusname) ---------------------------------------------------------------------------- V1.5 17-Aug-97 ~~~~~~~~~~~~~~~~~ - Added BOKOR 1.1 virus. - Added Xtruder 3.5 trojan. - Added Drive-Music `joke'. - Added Bootfile analysis engine. This beauty is really fast. I don't believe it can be done any faster way. And it won't slow down much when more bootviruses are added to it. - Added over a hundred bootviruses to the bootfile engine. - Tidied docs a little. - Program now does a self-check, and removes any link-viruses that may have been attached to it. - Removed the `FastKiller FastKiller' line from the script. ---------------------------------------------------------------------------- V1.4 11-Aug-97 ~~~~~~~~~~~~~~~~~ - Added AmixHack trojan. - NOSAVE wasn't working. - Now distinguishes between Trojans and viruses, and prints correct name. - Misc code cleaning. - Added some small optimisations. ---------------------------------------------------------------------------- V1.3 10-Aug-97 ~~~~~~~~~~~~~~~~~ - Corrected some strings. BOKOR 1.01 was reported as 1.0, and 1.05 as 1.01 - Added BOKOR 1.06 virus. - If NOSAVE was specified, and a virus was found, an infinite loop occured. ---------------------------------------------------------------------------- V1.2 26-Jul-97 ~~~~~~~~~~~~~~~~~ - Added recognition for 5 more fileviruses. - BOKOR v1.01 (Thanks to Olli-Pekka Kaikuaho for that one.) - HitchHiker 2.01 - HitchHiker 4.11 (Thanks to Dave from IRC #Amiga for that one.) - VirusMaker1.0 - TimeBomb 0.9 - BGS9 - Saddam 1 - Improved File-scanner. - Some internal changes that make it easier to add new viruses. - Now handles more hunktypes Should now cause no crashes while scanning. - If a virus is removed from a file, it now tries to decrunch the cleaned file before rescanning. - Sometimes didn't free filememory. Now fixed. - Didn't scan new file after removal of a virus, but instead, a messy-buffer, file is now reloaded. - Fixed FreeMem() bug. - Now handles Zero-byte hunks. - Rewrote reloc-hunk parser. - Filescanner code wasn't reentrant, now fixed. - Script now scans C:Protect too, in case the user used it to set the script bit of `ScanDirs' while a virus was active. - Improved Memscanner - Improved recognition of BOKOR v1.05 - If there was more than one virus in memory, FVK went into an infinite loop. This has now been fixed. - Now recognises PPLoadSeg and SegTracker, and tunnels them to get the LoadSeg vector before they patched it. If a virus is found after tunneling, The Vector previous to it will be restored.. Imagine.. ROM VECTOR Virus SegTracker PPloadSeg After tunneling PPLoadSeg and SegTracker, the virus is found, and the ROM vector will be set, so effectively, SegTracker & PPLoadSeg will be removed. ---------------------------------------------------------------------------- V1.1 4-Jul-97 ~~~~~~~~~~~~~~~~ - Added support for Non-crypted BOKOR 1.05 strains. Thanks to Harry Sintonen for the hints. - Optimised BOKOR 1.05 detection in memory slightly. ---------------------------------------------------------------------------- V1.0 28-Jun-97 ~~~~~~~~~~~~~~~~~ - Detects and cleans BOKOR 1.05 from memory and files. Thanks to _Monk_ from IRC for that Virus.