home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
World of A1200
/
World_Of_A1200.iso
/
programs
/
disk
/
antivirus_utils
/
viresz3
/
docs
/
virusz.doc
< prev
next >
Wrap
Text File
|
1995-02-27
|
42KB
|
838 lines
|
·` __/ _ --+--
/| / /`\ /(____ | . . __|__ _ \/_________. - - ----- --- --
·/\ / | \/__/ \ __ \ · I\_/I /\____)\ /\ _ °/ ---- -- --- - -
|°| |!| /___` |\ II \|\_/|· | /° __ / \ / / - c0nt®0[/aTz -
| | | I | //| | __ /`| |i /i \_ \_/ \/· //\ ------ -
| I\/ / |//·|/ || \ | I: I /\ \ \\ \// /~ \ - --
\ `// |// | || \I ^ /|/ \~\ \\ _|_ // \
\_.\/// |/_/|___°I|_°/ \____/_|\._______/ | /________/°/ Ve®$i0n 3.o7
\/ \/ \
\
SOME NOTES CONCERNING LAW AND ORDER
-----------------------------------
1. Copyright
------------
The entire VirusZ package is written and copyright © 1991,1992,1993 by
Georg Hörmann with exception of the reqtools.libraries which are
written and copyright © by Nico François who gave the permission to use
the libraries and installation scripts in any freely distributable
software package.
2. Disclaimer
-------------
The executionable and non-executionable parts of this software package
may NOT be altered by any means (this includes editing, reprogramming,
crunching, and resourceing), except archiving. The author is in NO way
liable for any changes made to any part of the package, or consequences
thereof as he is in NO way liable for damages or loss of data directly
or indirectly caused by this software.
3. Distribution
---------------
Neither fees may be charged nor profits may be made by distributing
this piece of software. Only a nominal fee for cost of magnetic media
may be acceptable, the amount of US $6 shouldn't be exceeded for a disk
containing VirusZ. Outside a single machine environment, you are NOT
allowed to reproduce only some parts of the package, but you have to
copy it completely. See this list of contents for verification:
VirusZ (dir)
DLD (dir)
DLD
DLD.doc
DLD.dok
Library.doc
Docs (dir)
Brain.doc
Brain.doc.info
VirusZ.doc
VirusZ.doc.info
VirusZ.history
VirusZ.history.info
VZBE.doc
VZBE.doc.info
Libs (dir)
decrunch.library
reqtools.library.13
reqtools.library.20
S (dir)
VirusZ.brain
Docs.info
Install
Install.info
Install.script
VirusZ
VirusZ.info
VZBE
VZBE.info
VirusZ.info
Note that the original package was released as 'VirusZ307.lha' archive.
If any parts were already missing when you received this package, look
out for another source to get your software in future.
4. Shareware
------------
VirusZ is no longer Freeware, but Shareware. This means you are still
allowed to copy the software freely, but you have to pay a fee to the
author if you use VirusZ regularly. Not paying your fee is both immoral
and illegal. If you already have registered for any former releases,
paying the fee again is optional. Suggested donation is DM 20 or an
equivalent amount in any other currency. Anything else will not be
accepted. By now, I had more expense than profit by sending all you
folks your disks back etc. If you want me to continue my work, don't
try to cheat me.
Submissions with new material (viruses/crunchers) are welcome. If you
want your disks back, either enclose enough money for postage or German
stamps. If you send me useful stuff, you will additionally receive the
latest update of VirusZ on your disk. Contact me at the following
address:
Georg Hörmann
Am Lahnewiesgraben 19
--> 82467 Garmisch-Partenkirchen <--
Germany
!!! IMPORTANT NOTE FOR REGISTERED USERS !!!
-------------------------------------------
I will no longer offer the update service for registered users. I had
nothing but trouble in the past with sending dozens of disks around the
world. Some versions of VirusZ always showed some bugs right after
releasing them. If I release the latest versions on BBS boards and PD
disks only, the risk of losing a lot of money isn't that high as it is
if I have to send all bugged updates twice. This becomes too expensive.
I know that it's not your fault when I make mistakes, but it's a
difference between updating an text editor and a virus killer. The
editor will be updated 1 or 2 times a year, but new versions of a virus
killer have to be released at least every 4th week. Errare humanum est.
INTRODUCTION
------------
1. VirusZ Philosophy
--------------------
VirusZ is another try to make the perfect viruskiller. Although there
are already hundreds of killers, none had to offer the, in my opinion,
most important features. These are to be short, fast and not to keep
the user from working by opening a big screen with hundreds of gadgets
or locking the drives. If you like that type of killer, forget VirusZ.
2. Why Use VirusZ?
------------------
VirusZ has been tested on Kickstart 1.2/1.3, OS 2.0 and OS 3.0 and
worked just fine. It offers several OS 2.0 features even under Kick
1.2/1.3 like gadget activation via keyboard. All windows use the full
screen size, have a built-in Topaz 8 font to prevent any trouble, bring
themselves to the front when started and set up a wait pointer for the
other windows. Windows always support the screen font (up to size 124!)
in the menu/title bar. VirusZ recognizes over 220 bootblock viruses and
the filechecker not only detects over 115 file viruses, but it also
offers you the unbelieveable feature of decrunching files. The boot lab
offers all important bootblock operations on one screen. The whole
software is written 100% in assembly language for lightning speed. The
memory checker removes all known viruses from memory without 'Guru
Meditation' and checks memory for viruses regularly. VirusZ has easy to
use intuitionized menus including keycuts for both beginners and
experienced users. It performs a self-test on every startup to prevent
link virus infection. VirusZ works in the background and uses less than
0.5% of your processing time (use Xoper to verify). Last but not least,
VirusZ is regularly updated and hence offers you perfect protection
against the latest viruses. Starting with 3.00, you have the ability to
learn your own bootblocks via the VirusZ Brain Editor VZBE.
GETTING STARTED
---------------
1. For The Very First Time
--------------------------
VirusZ requires the 'reqtools.library' in order to work correctly.
Included in this package are two versions of the 'reqtools.library',
one for Kick 1.3 and one for OS 2.0. Chose the one that fits with your
OS, copy it to the 'libs:' drawer of your boot disk and remove the
suffix (simply rename it). If you don't want to do the copy work
yourself, click on the 'Install' icon from WorkBench. This will start
an installation script. If you want to use the decrunch feature, you'll
additionally need the 'decrunch.library'.
2. If You Already Have Used VirusZ
----------------------------------
Make sure that you copy the latest library versions to your libs:
drawer. Also verify the settings in the prefs menu if you have saved
them with an old VirusZ version because versions higher than 3.00 use a
new preferences file format. Copy the brainfile to your s: directory or
change the prefs to the correct path.
3. The First Step To Glory
--------------------------
Starting VirusZ is nothing more than typing its name to any CLI/Shell
or double-clicking its icon from WorkBench. There are several message
alerts included in the startup module. If anyone of these flashes up,
there is something wrong. These alerts are self explaining so we skip a
detailed description. If the 'VirusZ's hunk structure has been
modified!' alert comes up, your copy of VirusZ might be infected by a
virus or might have been crunched with a bad cruncher (in fact most
crunchers are bad).
Starting with VirusZ 3.03, you have the ability to use VirusZ in your
own Shell scripts. Simply type
1> VirusZ <filename>
and VirusZ will try to read the specified file and checks it for
viruses. VirusZ will print a message with information about the file.
Additionally you receive one of the following return codes for use in
scripts:
OK (0) File is executable or data and no virus was found.
WARN (5) File contains a virus (see message).
ERROR (10) An error occured while checking the file (see message).
4. How To Use ReqTools Requesters
---------------------------------
VirusZ uses three types of ReqTools requesters: Requests asking for a
decision, Information Requesters informing you about something and File
Requesters to select files/drawers. You can satisfy them not only by
clicking their gadgets, but also via shortcuts. These are:
Positive Response: <Y>, <RETURN>, <LAMIGA><V>, underscored character
Negative Response: <N>, <ESC>, <LAMIGA><B>, underscored character
The positive gadget is the leftmost always printed in bold, whereas the
negative is the rightmost.
AUTOMATIC FEATURES
------------------
1. General Information
----------------------
VirusZ does lots of things in the background which you will never
notice until there is something wrong. All the automatic features
described below will only work if no other VirusZ windows are currently
open. Read the preferences chapter below if you want to customize any
of the following functions.
2. The Bootblock Check
----------------------
Every disk inserted will be checked for bootblock viruses and
non-standard bootcode. This ensures that your bootblocks stay clean.
Every known virus will cause a request asking you what to do. You can
either go to the bootblock lab or ignore it. The last possibility is
not recommended. If your disk contains anything else than a virus or a
standard bootblock, it will be checked for bootblocks contained in an
external bootblock brainfile. If the bootblock cannot be identified,
VirusZ first compares its checksum. If this is not correct, VirusZ
simply ignores it because it wouldn't be executed anyway. But if all
conditions are met, the bootblock will be reported as unknown. This
might happen with most bootload games or demos, so do NOT install
anything you don't know. You might trash the program that depends on
this boot. But if you are sure that it's a new virus, save the
bootblock (you can use VirusZ for this) install the original bootblock
and send me the copy for inclusion in VirusZ.
3. The Disk-Validator Check
---------------------------
This is executed additionally to the bootblock check when a new disk
has been inserted. The Disk-Validator will be loaded and checked for
virus infection. Currently 2 basic viruses (and several strains) infect
the Disk-Validator. These are the Saddam and Return of the Lamer
Exterminator viruses. If a virus is found, a request appears where you
can delete the Disk-Validator or continue (not recommended). Then you
have to copy a clean Disk-Validator to the L drawer of the disk. I am
not allowed to include the Disk-Validator in VirusZ because it is © by
Commodore.
NOTE: With OS 2.0, you don't have to replace the deleted Disk-Validator
because it is located in the ROM.
4. The Virus & Vector Check in Memory
-------------------------------------
This is the real memory check looking for known viruses. It's executed
once on startup, and whenever VirusZ finds a virus, you will get a
request telling you which virus was removed. VirusZ removes them
automatically. Viruses will not only be patched or disabled, but they
will be removed from memory completely.
After looking around for known viruses, the reset vectors will be
checked. If any of them are set by an unknown program, you will get
directly to the 'VirusZ Vector Check'. See a detailed description of
this in the vector check chapter below.
In addition to the startup memory check, VirusZ repeats the memory
check regularly. The time passed between two checks can be changed by
the user, default is 10 seconds. This is the safest way to find and
remove file- and linkviruses in memory. These viruses can appear in
memory any time an infected file is executed. So whenever VirusZ
reports a virus in memory, check the disks you are working with at the
moment for infection. Note that the time passed between two checks will
be slightly shorter on NTSC machines since VirusZ is PAL oriented and
works with 50Hz.
NOTE: VirusZ will no longer delete all Resident Modules when it removes
a virus from memory. You still can find your recoverable RAM-Disk
after resetting as if nothing has happened. The only reason for a
lost RAM-Disk can be the virus that has been removed.
USING VIRUSZ'S MENU
-------------------
To use all other features offered by VirusZ, you have to use menu items
to call the corresponding functions. These can only be used if VirusZ's
window is active. Note that the background features won't work as long
as any other windows are opened (which is the case with all functions
called via menu).
1. Check Files
--------------
See a description of the file check in one of the next chapters.
2. Check Sectors
----------------
The sector checker makes it possible to scan a whole device for virus
corruption. First you'll get a small selector for the device to check.
Ok and Cancel should be clear, Refresh tells VirusZ to free its device
list made on startup and rebuild a new one. This is needed if you mount
a device when VirusZ is already running. The selector gadget in the
middle works exactly like a standard OS 2.0 gadget, but is simulated
with Kick 1.3 means. If you click on it, the next device will be
selected, if you press <SHIFT> while clicking, the previous device is
selected. You certainly can also use the shortcuts by pressing the keys
that correspond with the underlined characters. If you made your choice
and clicked Ok, the main display appears. It is divided in two parts.
The small box at the top is a progress indicator which will be filled
from the left to the right while checking, thus telling you what
percentage of the device is already checked. The big box is the text
display which contains all information about the current status. Here
you'll get all messages if VirusZ finds anything that's not ok. Note
that the sector checker will repair damages without asking, i.e. you
have to unprotect your disks before checking. If you don't want to have
any corrections, keep the disk write protected. The damage caused by
the following viruses will be recognized: Saddam (5 versions), Lamer
Exterminator (3 versions), Warsaw Avenger, Fast Eddie, Little Sven,
Glasnost and Sachsen 3. The damage caused by Saddam and Little Sven
will be repaired (blocks will be decrypted), the others can only be
detected. You can pause and exit checking at any time by pressing a
mouse button.
NOTE: With OS 2.0, the recoverable RAM-Disk is not initialized when
mounted, but when you access it the first time via DOS. If you check
the RAD: before accessing it, VirusZ will report a Saddam infection on
sector 880. This happens because the rootblock is not initialized yet.
It isn't really an infection.
NOTE 2: It is not recommended to use the sector checker with harddisks.
This is because the possibility that a virus-specific bunch of bytes
appears in a text file or a program that is no virus is much higher
than on disks and damage of important files may be the result.
3. Check Vectors
----------------
See a description of the vector check in one of the next chapters.
4. Bootblock Lab
----------------
See a description of the bootblock lab in one of the next chapters.
5. Preferences
--------------
See a description of the preferences in one of the next chapters.
6. Load Brain
-------------
This function tries to load the brainfile specified in the preferences.
It will then be used to detect additional bootblocks.
7. Clear Brain
--------------
Use this if you need the memory used by the brainfile. This function is
only available if there is already a brainfile in memory.
8. About
--------
This displays some information about VirusZ. Simply click somewhere in
the window to get rid of it.
9. Quit VirusZ
--------------
Think twice and you'll figure out the function of this.
FILE CHECK
----------
1. Introduction
---------------
In the early days of the Amiga viruses, nobody thought about file or
even link viruses. A good virus killer had to display the bootblock and
check some vectors. But nowadays, the greatest danger doesn't come from
the bootblock, but from files. Therefore this file check has been
created to check files for virus infection. See a list of all known
viruses in the file 'Brain.doc'. This file checker is quite unique as
it offers some possibilities which others lack. First it can decrunch
files for checking, second it can remove all virus links from a file in
one step where others only remove one link after the other. These
features are made possible thanks to a great file buffering method and
my own decrunch.library. If you have to chose a checker, use mine for
perfect checking:-)
2. How To Use It
----------------
First you have to select the path where files should be checked in the
file requester. Therefore the complete path must be included in the
string gadget of the requester. Click 'Ok' and we start checking all
files in the selected directory and its subdirs. You can skip checking
subdirs by enabling the 'Skip Subdirectories' item in the prefs window.
The main window will appear which is divided in two parts. The small
box at the top contains the current path we are checking in. The big
box is the text window where all filenames will be listed with a short
description.
VirusZ recognizes several types of data files (such as archives etc.)
and will print their names if possible. Crunched files will appear to
be reported as executables if you haven't enabled the 'Check Crunched
Files' item in the prefs window. Otherwise, they will be reported with
the packer name printed in bold. Viruses are reported by name (blue
background, white characters) and will cause a requester that informs
you about the type of virus. You may or may not remove the virus from
the infected file.
You can abort/pause checking at any time by pressing any mouse button.
3. Important Notes
------------------
The linkvirus removal code is absolutely reliable as long as the file
isn't damaged in any way. If the hunk structure is corrupted or
anything else disables removing, VirusZ will say 'Can't remove' and
then skip the file.
You should note that VirusZ doesn't use the decrunch feature for
absolute crunchers, i.e. for crunchers that decrunch their files to
absolute addresses, because most viruses wouldn't survive such a
crunching process anyway.
If you get a message 'Can't load', this file is either unreadable or
you don't have enough memory.
VirusZ handles the protection bits automatically, i.e. saves their
original contents, then makes the file readable/writable and restore
them to their originals after checking. This is useful because you
don't have to mess around with the Protect command in your Shell.
Whenever there comes up a system request "disk is write protected",
VirusZ tried to change the protection bits. This access is not
dangerous, so it would be best if you make your disks write enabled
before checking.
4. Additional Hints
-------------------
It may happen that a file is first infected and then crunched. If you
want to save the cleaned file without having it decrunched, check it
again with decrunching disabled.
VECTOR CHECK
------------
1. Introduction
---------------
Mostly all viruses work in the same manner. Either they make themselves
resident and/or corrupt some libraries or devices with their code.
Therefore the vector check was designed to help you finding new viruses
that can't be recognized directly by VirusZ yet.
Most of the vectors and entrypoints that will be displayed are only
interesting for programmers, so I will try to avoid any explanations
that confuse the average user.
2. Usage
--------
The vector check window is nothing more than one big display. It stops
after every page and waits for a mouse button. The left button always
causes VirusZ to continue scrolling, if the last page was already
reached, the vector check will be terminated. The right button has a
double function. While scrolling, you can stop displaying any more
pages. Then, you are able to use the menu items attached to the vector
check window.
3. What Can I See From The Displayed Information?
-------------------------------------------------
Well, every vector has a short comment right of it. As long as you can
read 'Ok' there, everything is fine. Then it might happen that you read
something like 'SetPatch 38.25', this tells you that the changes done
to this vector are ok, because VirusZ recognized who did them. But if
you read 'Please Check', be alarmed. In fact, most of these unknown
changes are nothing more than an utility like the well known 'PP
Patchers'. If you have such an utility and you know the changes are
caused by it, please send it to me for inclusion.
4. The Vectors Menu
-------------------
Here you have the possibility to clear the reset vectors or to cause
VirusZ to show the vector check display again. This is especially
useful if you found some reset vectors set and cleared them. Now you
can verify the changes without leaving and calling the vector check
again. If the cleared vectors are still set after clearing them, you
can be 99% sure you have a new virus in your system. Keep cool, check
the bootblocks first and then try to detect any file changes. If you
find the virus, send it to me.
Note that the vector check menu supports multiselect (hold the right
button and select several items with the left button).
BOOTBLOCK LAB
-------------
1. A Short Introduction
-----------------------
The bootblock lab has been created because the old bootblock functions
of VirusZ (some will remember the 'Bootblocks' menu) were quite boring
and everything else but comfortable to use.
NOTE: Be careful with writing to/installing your HD!!! I'm not reliable
for your faults.
2. The Device Gadget
--------------------
You can find it in the left top corner of the window. Click on it and
the next device will be displayed, use SHIFT and click on it to get the
previous device. You can also use character 'd' on the keyboard instead
of clicking with the mouse.
3. The Mode Gadget
------------------
This is the one in the top right corner. It toggles between ascii- and
hex-dump mode. You may use character 'm' to change the mode too.
4. The Status Line
------------------
Here you can see the name of the bootblock that is currently loaded to
the buffer. If a function call fails or anything else happens, you will
get a report in this box too.
5. The Scroll Gadget
--------------------
It consists of one proportional gadget (I'm very proud of this, because
it was my first ever) and two little arrows at the bottom. It's main
function is to scroll through the bootblock dump displayed in the
window. This is only needed when displaying hex dump, because ascii
dump fits in the window anyway.
6. Quit
-------
Ahh, what was it?? Yes, you can leave the boot lab with this gadget.
7. Load
-------
Here you can load a bootblock from a file to the buffer. A
filerequester pops up were you have to select the file you want to
load. The bootblock will only be loaded to the buffer, not installed on
disk.
8. Save
-------
Counterpart of 'Load' which saves a bootblock as a file. Nothing more
to say, because it works exactly the same as 'Load'. These two
functions are useful for making bootblock backups of games, demos etc.
If the buffer is empty, the gadget is disabled.
9. Read
-------
Reads the bootblock of the currently selected disk to the buffer. Now
you can watch, save or print it.
10. Write
--------
Writes the buffer contents to the bootblock of the currently selected
disk. Only use this if you know what you are actually doing. An
overwritten bootblock cannot be restored in any way. An empty buffer
cannot be written, gadget is disabled.
11. Print
---------
Prints the dump of a bootblock. Make sure that your printer is online
or you will have to wait for this silly system request for appr. 30
seconds. This function always prints the bootblock dump you can
currently see in the window. If nothing was loaded, nothing will be
printed, the gadget is disabled then.
12. Install
-----------
Installs the bootblock selected in the settings menu to the currently
selected disk. Same as 'Write', you should only install disks when you
know that they will still work afterwards.
13. Settings Menu
-----------------
Here you can configure all important parts of the bootblock lab as you
like. Note that this menu supports multi-select (hold right button and
select items with the left button).
FastFileSystem BB: If enabled, the 'Install' command will install a
FFS bootblock (0x444f5301), otherwise you will get
a normal OFS bootblock (0x444f5300).
Uninstalled BB: If enabled, VirusZ will write an uninstalled bootblock
to the disk. This disk will no longer boot after a
reset, but works the same as before from Shell and
Workbench. If disabled, a standard OS 2.0 bootblock
will be installed. This bootblock works under
Kick 1.2/1.3 as well.
Correct CheckSum: Tells VirusZ to correct the checksum of a bootblock
before writing it to disk. If you install a bootblock
with a wrong checksum, the disk won't boot after a
reset.
Detect DiskChange: If set, the bootblock lab will behave like the main
part of VirusZ, i.e. whenever you insert a disk while
the bootblock lab is active, it will automatically
select this drive and read the bootblock.
Ask Before Action: If enabled, you will get an additional requester asking
you if you really want to continue with the selected
action. This works with 'Print', 'Write' and 'Install'
as these functions can do some harm if wrongly used.
Refresh Devices: This is not part of the settings. You can refresh the
contents of the device gadget here, e.g. after mounting
a new drive.
PREFERENCES
-----------
1. The Main Idea
----------------
I think everyone of you knows those programs that always look the same
and do the same and you cannot change anything of their behaviour. I
didn't want VirusZ to become the same, so I added this fine preferences
window. It was designed having the User Interface Style Guide in mind.
All gadgets can be toggled via keypad too (see underlined character).
2. Action Gadgets
-----------------
These are the three gadgets at the bottom. 'Use' will cause VirusZ to
use the currently selected settings only for this session. 'Cancel'
ignores all changes made to the settings. 'Save' saves them to a file
called 'VirusZ.prefs' in your S: drawer that will be used on all
following startups. Additionally to the options specified in the prefs
window, the following will be saved too:
- the position of VirusZ's main window
- all settings of the bootblock lab
3. Audible & Visible Alarm
--------------------------
This enables/disables the fantastic sound and screen flash that warns
you when a virus has been detected on disk or in memory. Default is on.
4. Install Faked SnoopDos
-------------------------
This installs/removes a task called SnoopDos (only if the real SnoopDos
isn't installed) for protection against PowerPacker 3.2 trojan horse.
Fully compatible to the real SnoopDos, the option doesn't need any
processing time since the task is running at a low priority and waits
for a message that never arrives. Default: off.
5. Check Resident Vectors
-------------------------
This tells VirusZ whether to check the resident vectors during startup
and while running or not. Useful if VirusZ keeps on reporting your
recoverable RAM-disk or harddisk-device after every reset. Default is
off.
6. Report Custom Bootblocks
---------------------------
This will, if enabled, cause VirusZ to report known custom bootblocks
while checking your disks. Useful if you want to find a certain
bootblock and you simply can't remember where it was. Default is off.
7. Check Memory For Viruses
---------------------------
By disabling this item, you can tell VirusZ not to check memory for
viruses regularly. This does not disable the memory check on startup,
because it's still the main task of a virus checker to check for
viruses :-) Default is on.
8. Detect Disk Changes
----------------------
Toggles the automatic bootblock and disk-validator check on/off. Useful
if you are working a whole day with only two disks that already have
been checked and you don't want to wait until VirusZ has checked them
every time you insert them. Default is on.
9. Check Hunks On Startup
-------------------------
If you intend to crunch VirusZ with your preferred executable cruncher,
you'll soon find that VirusZ complains about a modified hunk structure.
To prevent this complaint, toggle this item off. Default is on.
10. Requesters Follow Mouse
---------------------------
This item offers you the possibility to select what type of requesters
should be used for decisions. If enabled, the requesters will appear
with the negative response under the mouse, if disabled, they will
appear at the top left edge of the screen.
11. Check Drives On Startup
---------------------------
This has been added to prevent VirusZ from checking all bootblocks on
startup. This is especially useful if you have lots of HD partitions or
if VirusZ has problems with your HD. Default is on.
12. Load Brain On Startup
-------------------------
If this item is enabled, VirusZ tries to load the brainfile specified
in the prefs (see below) on startup. Default is off.
13. 'Are You Sure?' Before Exit
-------------------------------
This item toggles the verify request that appears when you either close
the VirusZ window or select Quit on/off. Default is on.
14. Check Disk-Validator
------------------------
Here you can switch on/off the automatic Disk-Validator check that is
executed whenever a new disk has been inserted. Default is on.
15. Memory Check Repeat Delay
-----------------------------
Click on the Get gadget and a request appears. Here you may change the
delay between two memory checks. Any value between 2 and 120 seconds is
valid, others will be rejected. Default is 10 seconds.
16. Window Y-Sizes
------------------
There are three items labeled '... Y-Size'. You can enter the amount of
text lines that should be displayed in the respective windows. Useful
on lace screens (slow scrolling) or if you don't want VirusZ to use the
whole screen for the display. Enter a value that is too big to set the
windows to their full sizes. Use the Get gadgets to enter new values.
Defaults to 199.
17. Bootblock Brainfile
-----------------------
Enter the full path and filename of the default brainfile here. This
name is used by Load Brain and on startup if the respecting prefs item
is enabled. Default is 'S:VirusZ.brain'.
18. Check Crunched Files
------------------------
This enables/disables the outstanding mega-feature of decrunching files
for virus checking. Note that you need 'decrunch.library' in your libs
drawer if you intend to use this. Default is off.
19. Skip Subdirectories
-----------------------
Tells the file checker not to check subdirs. Useful for checking the
root directory of a harddisk :-) Default is off.
20. Handle Viruses Automatically
--------------------------------
If this option is set, you will not see any requesters asking you
whether to repair an infected file or not, VirusZ will always try to
remove viruses at once. You should enable the file report if you use
this feature so you can see what happened while checking afterwards.
Default is off.
21. Create File Report
----------------------
If enabled, VirusZ captures all text output during file check to a
buffer. You can save this buffer after the file check is finished.
Default is off.
SPECIAL NOTES
-------------
1. New Viruses And Packers
--------------------------
Although VirusZ recognizes lots of viruses both in memory and on disk,
this is NOT enough until also the very last virus is included.
If you ever get a new virus, do not delete it before sending me a copy.
Don't forget: I can only help you in your fight against these little
bastards if you support me with all the necessary material. Killing a
virus without knowing how it works is impossible. Additionally to new
viruses I'm always searching for new crunchers for inclusion in
'decrunch.library'.
2. Bugs
-------
VirusZ has been tested on Kick 1.3, OS 2.0 and OS 2.1 (Locale) and
worked just fine. If you nevertheless find a bug, please don't wait for
better days, but send me a detailed description (if possible) including
your system's configuration and when and how the bug appears. You can
find some information about your hardware configuration in the vector
check. If VirusZ crashes in connection with other software, I would be
glad if you send me a copy of these programs (if the copyright allows
it). Please DO NOT report things that I can't repeat on my Amiga
without a detailed description of the circumstances.
3. Enforcer Hits
----------------
This program is made for virus killing. For this reason it has to check
all those memory locations used by viruses, amongst them the interrupts
table of the CPU. This certainly causes enforcer hits, but it obviously
is better to find the virus than not to have an enforcer hit, isn't it?
By the way, all hits are completely harmless.
4. Known Problems
-----------------
VirusZ as a program works fine with Kickstart 33.166 (old 1.2), but the
memory check routines will sometimes restore wrong pointers while
removing viruses. As this Kickstart was only shipped with A1000, and
most of the A1000 users have Kick 1.3 or at least Kick 1.2 (33.180)
which work fine, I don't see this as a great problem.
APPENDIXES
----------
1. Viruses In Memory
--------------------
All viruses mentioned in the 'Brain.doc' will be removed properly from
memory (as far as they install themselves in memory). But not all of
them will be recognized by name. This is because some clones
(especially SCA clones) can be detected and killed all the same way.
Including a routine to get their real names as an addition would cause
the memory checking routines to get more than twice as large as they
are now. And that's not worth it.
2. Utilities In Memory
----------------------
Since VirusZ only kills what it knows in memory, it's not necessary to
add all the resident utilities like RAD:, VD0:, ZKick etc. If you ever
have problems with these (it's not very likely that VirusZ thinks these
might be viruses), let me know and I'll fix it.
3. Special Thanks
-----------------
There are several people I wish to thank for their VirusZ support:
Ralf Thanner what more should I say??
Control / Alcatraz nice logo and other support
Axel Folley moral and financial support :-)
Steve / Silicon Designs 3003 always some new viruses and packers
Flake / D-Tect nice letters and viruses
Holger Wessling always some new ideas
Terminator / Destiny UK bootblocks and long letters
Martin Odaischi always some new viruses
Heinz Lindner resident tools and new Kickstarts
Markus Stiebeling several bug reports and hints
Rüdiger Prang nice patches and TEX-Docs
and several other supporters that have contacted me in the past
and of course all users who already paid their shareware fee.
4. Some Kind Of Parody
----------------------
Control's logo is much better, that's why it is at the top and this is
at the bottom. But as I got this one for the last release, I wanted to
include it anyway...
___ __
___ /. / __ |._|______________ » ThE BeSt MoNeY CaN BuY «
\. \ // / ______ |. |||\___________ . /
\\ \ // /_>|. _. \|| ||| |/. _____// / · KeWl CoDeR, KeWl RoUtInEs
\\ \// /__ || |_>> >| ||| << <__ // / · o-5 YeArS ViRuZeZ
\\ ' /|. ||| . /|| ||| |\__. \// / · RuNnInG oN 68o7o/99MHz
\\ / || ||| |\\ \|` `'__|___>> // / 3.o7 · NiCe ShArEwArE FeEs
\/ |__||| | \\ \\___\_______// /__________ · AlWaYs LaTeSt BrAiN
ThE |__| \\ \ UlTiMaTe /______________\ · AuToDeCrUnCh FiLeS
\__\ ViRuS KiLLeR
!¡! WhErE WoNdErS CoMe TrUe AnD ThE ViRuZeZ CoMmIt SuIcIdE !¡!
!TML!
