World of A1200

home *** CD-ROM | disk | FTP | other *** search

/ World of A1200 / World_Of_A1200.iso / programs / disk / antivirus_utils / viresz3 / docs / virusz.doc < prev next >

Wrap

Text File | 1995-02-27 | 41.0 KB | 838 lines

| ·` __/ _ --+-- /| / /`\ /(____ | . . __|__ _ \/_________. - - ----- --- -- ·/\ / | \/__/ \ __ \ · I\_/I /\____)\ /\ _ °/ ---- -- --- - - |°| |!| /___` |\ II \|\_/|· | /° __ / \ / / - c0nt®0[/aTz - | | | I | //| | __ /`| |i /i \_ \_/ \/· //\ ------ - | I\/ / |//·|/ || \ | I: I /\ \ \\ \// /~ \ - -- \ `// |// | || \I ^ /|/ \~\ \\ _|_ // \ \_.\/// |/_/|___°I|_°/ \____/_|\._______/ | /________/°/ Ve®$i0n 3.o7 \/ \/ \ \ SOME NOTES CONCERNING LAW AND ORDER ----------------------------------- 1. Copyright ------------ The entire VirusZ package is written and copyright © 1991,1992,1993 by Georg Hörmann with exception of the reqtools.libraries which are written and copyright © by Nico François who gave the permission to use the libraries and installation scripts in any freely distributable software package. 2. Disclaimer ------------- The executionable and non-executionable parts of this software package may NOT be altered by any means (this includes editing, reprogramming, crunching, and resourceing), except archiving. The author is in NO way liable for any changes made to any part of the package, or consequences thereof as he is in NO way liable for damages or loss of data directly or indirectly caused by this software. 3. Distribution --------------- Neither fees may be charged nor profits may be made by distributing this piece of software. Only a nominal fee for cost of magnetic media may be acceptable, the amount of US $6 shouldn't be exceeded for a disk containing VirusZ. Outside a single machine environment, you are NOT allowed to reproduce only some parts of the package, but you have to copy it completely. See this list of contents for verification: VirusZ (dir) DLD (dir) DLD DLD.doc DLD.dok Library.doc Docs (dir) Brain.doc Brain.doc.info VirusZ.doc VirusZ.doc.info VirusZ.history VirusZ.history.info VZBE.doc VZBE.doc.info Libs (dir) decrunch.library reqtools.library.13 reqtools.library.20 S (dir) VirusZ.brain Docs.info Install Install.info Install.script VirusZ VirusZ.info VZBE VZBE.info VirusZ.info Note that the original package was released as 'VirusZ307.lha' archive. If any parts were already missing when you received this package, look out for another source to get your software in future. 4. Shareware ------------ VirusZ is no longer Freeware, but Shareware. This means you are still allowed to copy the software freely, but you have to pay a fee to the author if you use VirusZ regularly. Not paying your fee is both immoral and illegal. If you already have registered for any former releases, paying the fee again is optional. Suggested donation is DM 20 or an equivalent amount in any other currency. Anything else will not be accepted. By now, I had more expense than profit by sending all you folks your disks back etc. If you want me to continue my work, don't try to cheat me. Submissions with new material (viruses/crunchers) are welcome. If you want your disks back, either enclose enough money for postage or German stamps. If you send me useful stuff, you will additionally receive the latest update of VirusZ on your disk. Contact me at the following address: Georg Hörmann Am Lahnewiesgraben 19 --> 82467 Garmisch-Partenkirchen <-- Germany !!! IMPORTANT NOTE FOR REGISTERED USERS !!! ------------------------------------------- I will no longer offer the update service for registered users. I had nothing but trouble in the past with sending dozens of disks around the world. Some versions of VirusZ always showed some bugs right after releasing them. If I release the latest versions on BBS boards and PD disks only, the risk of losing a lot of money isn't that high as it is if I have to send all bugged updates twice. This becomes too expensive. I know that it's not your fault when I make mistakes, but it's a difference between updating an text editor and a virus killer. The editor will be updated 1 or 2 times a year, but new versions of a virus killer have to be released at least every 4th week. Errare humanum est. INTRODUCTION ------------ 1. VirusZ Philosophy -------------------- VirusZ is another try to make the perfect viruskiller. Although there are already hundreds of killers, none had to offer the, in my opinion, most important features. These are to be short, fast and not to keep the user from working by opening a big screen with hundreds of gadgets or locking the drives. If you like that type of killer, forget VirusZ. 2. Why Use VirusZ? ------------------ VirusZ has been tested on Kickstart 1.2/1.3, OS 2.0 and OS 3.0 and worked just fine. It offers several OS 2.0 features even under Kick 1.2/1.3 like gadget activation via keyboard. All windows use the full screen size, have a built-in Topaz 8 font to prevent any trouble, bring themselves to the front when started and set up a wait pointer for the other windows. Windows always support the screen font (up to size 124!) in the menu/title bar. VirusZ recognizes over 220 bootblock viruses and the filechecker not only detects over 115 file viruses, but it also offers you the unbelieveable feature of decrunching files. The boot lab offers all important bootblock operations on one screen. The whole software is written 100% in assembly language for lightning speed. The memory checker removes all known viruses from memory without 'Guru Meditation' and checks memory for viruses regularly. VirusZ has easy to use intuitionized menus including keycuts for both beginners and experienced users. It performs a self-test on every startup to prevent link virus infection. VirusZ works in the background and uses less than 0.5% of your processing time (use Xoper to verify). Last but not least, VirusZ is regularly updated and hence offers you perfect protection against the latest viruses. Starting with 3.00, you have the ability to learn your own bootblocks via the VirusZ Brain Editor VZBE. GETTING STARTED --------------- 1. For The Very First Time -------------------------- VirusZ requires the 'reqtools.library' in order to work correctly. Included in this package are two versions of the 'reqtools.library', one for Kick 1.3 and one for OS 2.0. Chose the one that fits with your OS, copy it to the 'libs:' drawer of your boot disk and remove the suffix (simply rename it). If you don't want to do the copy work yourself, click on the 'Install' icon from WorkBench. This will start an installation script. If you want to use the decrunch feature, you'll additionally need the 'decrunch.library'. 2. If You Already Have Used VirusZ ---------------------------------- Make sure that you copy the latest library versions to your libs: drawer. Also verify the settings in the prefs menu if you have saved them with an old VirusZ version because versions higher than 3.00 use a new preferences file format. Copy the brainfile to your s: directory or change the prefs to the correct path. 3. The First Step To Glory -------------------------- Starting VirusZ is nothing more than typing its name to any CLI/Shell or double-clicking its icon from WorkBench. There are several message alerts included in the startup module. If anyone of these flashes up, there is something wrong. These alerts are self explaining so we skip a detailed description. If the 'VirusZ's hunk structure has been modified!' alert comes up, your copy of VirusZ might be infected by a virus or might have been crunched with a bad cruncher (in fact most crunchers are bad). Starting with VirusZ 3.03, you have the ability to use VirusZ in your own Shell scripts. Simply type 1> VirusZ <filename> and VirusZ will try to read the specified file and checks it for viruses. VirusZ will print a message with information about the file. Additionally you receive one of the following return codes for use in scripts: OK (0) File is executable or data and no virus was found. WARN (5) File contains a virus (see message). ERROR (10) An error occured while checking the file (see message). 4. How To Use ReqTools Requesters --------------------------------- VirusZ uses three types of ReqTools requesters: Requests asking for a decision, Information Requesters informing you about something and File Requesters to select files/drawers. You can satisfy them not only by clicking their gadgets, but also via shortcuts. These are: Positive Response: <Y>, <RETURN>, <LAMIGA><V>, underscored character Negative Response: <N>, <ESC>, <LAMIGA><B>, underscored character The positive gadget is the leftmost always printed in bold, whereas the negative is the rightmost. AUTOMATIC FEATURES ------------------ 1. General Information ---------------------- VirusZ does lots of things in the background which you will never notice until there is something wrong. All the automatic features described below will only work if no other VirusZ windows are currently open. Read the preferences chapter below if you want to customize any of the following functions. 2. The Bootblock Check ---------------------- Every disk inserted will be checked for bootblock viruses and non-standard bootcode. This ensures that your bootblocks stay clean. Every known virus will cause a request asking you what to do. You can either go to the bootblock lab or ignore it. The last possibility is not recommended. If your disk contains anything else than a virus or a standard bootblock, it will be checked for bootblocks contained in an external bootblock brainfile. If the bootblock cannot be identified, VirusZ first compares its checksum. If this is not correct, VirusZ simply ignores it because it wouldn't be executed anyway. But if all conditions are met, the bootblock will be reported as unknown. This might happen with most bootload games or demos, so do NOT install anything you don't know. You might trash the program that depends on this boot. But if you are sure that it's a new virus, save the bootblock (you can use VirusZ for this) install the original bootblock and send me the copy for inclusion in VirusZ. 3. The Disk-Validator Check --------------------------- This is executed additionally to the bootblock check when a new disk has been inserted. The Disk-Validator will be loaded and checked for virus infection. Currently 2 basic viruses (and several strains) infect the Disk-Validator. These are the Saddam and Return of the Lamer Exterminator viruses. If a virus is found, a request appears where you can delete the Disk-Validator or continue (not recommended). Then you have to copy a clean Disk-Validator to the L drawer of the disk. I am not allowed to include the Disk-Validator in VirusZ because it is © by Commodore. NOTE: With OS 2.0, you don't have to replace the deleted Disk-Validator because it is located in the ROM. 4. The Virus & Vector Check in Memory ------------------------------------- This is the real memory check looking for known viruses. It's executed once on startup, and whenever VirusZ finds a virus, you will get a request telling you which virus was removed. VirusZ removes them automatically. Viruses will not only be patched or disabled, but they will be removed from memory completely. After looking around for known viruses, the reset vectors will be checked. If any of them are set by an unknown program, you will get directly to the 'VirusZ Vector Check'. See a detailed description of this in the vector check chapter below. In addition to the startup memory check, VirusZ repeats the memory check regularly. The time passed between two checks can be changed by the user, default is 10 seconds. This is the safest way to find and remove file- and linkviruses in memory. These viruses can appear in memory any time an infected file is executed. So whenever VirusZ reports a virus in memory, check the disks you are working with at the moment for infection. Note that the time passed between two checks will be slightly shorter on NTSC machines since VirusZ is PAL oriented and works with 50Hz. NOTE: VirusZ will no longer delete all Resident Modules when it removes a virus from memory. You still can find your recoverable RAM-Disk after resetting as if nothing has happened. The only reason for a lost RAM-Disk can be the virus that has been removed. USING VIRUSZ'S MENU ------------------- To use all other features offered by VirusZ, you have to use menu items to call the corresponding functions. These can only be used if VirusZ's window is active. Note that the background features won't work as long as any other windows are opened (which is the case with all functions called via menu). 1. Check Files -------------- See a description of the file check in one of the next chapters. 2. Check Sectors ---------------- The sector checker makes it possible to scan a whole device for virus corruption. First you'll get a small selector for the device to check. Ok and Cancel should be clear, Refresh tells VirusZ to free its device list made on startup and rebuild a new one. This is needed if you mount a device when VirusZ is already running. The selector gadget in the middle works exactly like a standard OS 2.0 gadget, but is simulated with Kick 1.3 means. If you click on it, the next device will be selected, if you press <SHIFT> while clicking, the previous device is selected. You certainly can also use the shortcuts by pressing the keys that correspond with the underlined characters. If you made your choice and clicked Ok, the main display appears. It is divided in two parts. The small box at the top is a progress indicator which will be filled from the left to the right while checking, thus telling you what percentage of the device is already checked. The big box is the text display which contains all information about the current status. Here you'll get all messages if VirusZ finds anything that's not ok. Note that the sector checker will repair damages without asking, i.e. you have to unprotect your disks before checking. If you don't want to have any corrections, keep the disk write protected. The damage caused by the following viruses will be recognized: Saddam (5 versions), Lamer Exterminator (3 versions), Warsaw Avenger, Fast Eddie, Little Sven, Glasnost and Sachsen 3. The damage caused by Saddam and Little Sven will be repaired (blocks will be decrypted), the others can only be detected. You can pause and exit checking at any time by pressing a mouse button. NOTE: With OS 2.0, the recoverable RAM-Disk is not initialized when mounted, but when you access it the first time via DOS. If you check the RAD: before accessing it, VirusZ will report a Saddam infection on sector 880. This happens because the rootblock is not initialized yet. It isn't really an infection. NOTE 2: It is not recommended to use the sector checker with harddisks. This is because the possibility that a virus-specific bunch of bytes appears in a text file or a program that is no virus is much higher than on disks and damage of important files may be the result. 3. Check Vectors ---------------- See a description of the vector check in one of the next chapters. 4. Bootblock Lab ---------------- See a description of the bootblock lab in one of the next chapters. 5. Preferences -------------- See a description of the preferences in one of the next chapters. 6. Load Brain ------------- This function tries to load the brainfile specified in the preferences. It will then be used to detect additional bootblocks. 7. Clear Brain -------------- Use this if you need the memory used by the brainfile. This function is only available if there is already a brainfile in memory. 8. About -------- This displays some information about VirusZ. Simply click somewhere in the window to get rid of it. 9. Quit VirusZ -------------- Think twice and you'll figure out the function of this. FILE CHECK ---------- 1. Introduction --------------- In the early days of the Amiga viruses, nobody thought about file or even link viruses. A good virus killer had to display the bootblock and check some vectors. But nowadays, the greatest danger doesn't come from the bootblock, but from files. Therefore this file check has been created to check files for virus infection. See a list of all known viruses in the file 'Brain.doc'. This file checker is quite unique as it offers some possibilities which others lack. First it can decrunch files for checking, second it can remove all virus links from a file in one step where others only remove one link after the other. These features are made possible thanks to a great file buffering method and my own decrunch.library. If you have to chose a checker, use mine for perfect checking:-) 2. How To Use It ---------------- First you have to select the path where files should be checked in the file requester. Therefore the complete path must be included in the string gadget of the requester. Click 'Ok' and we start checking all files in the selected directory and its subdirs. You can skip checking subdirs by enabling the 'Skip Subdirectories' item in the prefs window. The main window will appear which is divided in two parts. The small box at the top contains the current path we are checking in. The big box is the text window where all filenames will be listed with a short description. VirusZ recognizes several types of data files (such as archives etc.) and will print their names if possible. Crunched files will appear to be reported as executables if you haven't enabled the 'Check Crunched Files' item in the prefs window. Otherwise, they will be reported with the packer name printed in bold. Viruses are reported by name (blue background, white characters) and will cause a requester that informs you about the type of virus. You may or may not remove the virus from the infected file. You can abort/pause checking at any time by pressing any mouse button. 3. Important Notes ------------------ The linkvirus removal code is absolutely reliable as long as the file isn't damaged in any way. If the hunk structure is corrupted or anything else disables removing, VirusZ will say 'Can't remove' and then skip the file. You should note that VirusZ doesn't use the decrunch feature for absolute crunchers, i.e. for crunchers that decrunch their files to absolute addresses, because most viruses wouldn't survive such a crunching process anyway. If you get a message 'Can't load', this file is either unreadable or you don't have enough memory. VirusZ handles the protection bits automatically, i.e. saves their original contents, then makes the file readable/writable and restore them to their originals after checking. This is useful because you don't have to mess around with the Protect command in your Shell. Whenever there comes up a system request "disk is write protected", VirusZ tried to change the protection bits. This access is not dangerous, so it would be best if you make your disks write enabled before checking. 4. Additional Hints ------------------- It may happen that a file is first infected and then crunched. If you want to save the cleaned file without having it decrunched, check it again with decrunching disabled. VECTOR CHECK ------------ 1. Introduction --------------- Mostly all viruses work in the same manner. Either they make themselves resident and/or corrupt some libraries or devices with their code. Therefore the vector check was designed to help you finding new viruses that can't be recognized directly by VirusZ yet. Most of the vectors and entrypoints that will be displayed are only interesting for programmers, so I will try to avoid any explanations that confuse the average user. 2. Usage -------- The vector check window is nothing more than one big display. It stops after every page and waits for a mouse button. The left button always causes VirusZ to continue scrolling, if the last page was already reached, the vector check will be terminated. The right button has a double function. While scrolling, you can stop displaying any more pages. Then, you are able to use the menu items attached to the vector check window. 3. What Can I See From The Displayed Information? ------------------------------------------------- Well, every vector has a short comment right of it. As long as you can read 'Ok' there, everything is fine. Then it might happen that you read something like 'SetPatch 38.25', this tells you that the changes done to this vector are ok, because VirusZ recognized who did them. But if you read 'Please Check', be alarmed. In fact, most of these unknown changes are nothing more than an utility like the well known 'PP Patchers'. If you have such an utility and you know the changes are caused by it, please send it to me for inclusion. 4. The Vectors Menu ------------------- Here you have the possibility to clear the reset vectors or to cause VirusZ to show the vector check display again. This is especially useful if you found some reset vectors set and cleared them. Now you can verify the changes without leaving and calling the vector check again. If the cleared vectors are still set after clearing them, you can be 99% sure you have a new virus in your system. Keep cool, check the bootblocks first and then try to detect any file changes. If you find the virus, send it to me. Note that the vector check menu supports multiselect (hold the right button and select several items with the left button). BOOTBLOCK LAB ------------- 1. A Short Introduction ----------------------- The bootblock lab has been created because the old bootblock functions of VirusZ (some will remember the 'Bootblocks' menu) were quite boring and everything else but comfortable to use. NOTE: Be careful with writing to/installing your HD!!! I'm not reliable for your faults. 2. The Device Gadget -------------------- You can find it in the left top corner of the window. Click on it and the next device will be displayed, use SHIFT and click on it to get the previous device. You can also use character 'd' on the keyboard instead of clicking with the mouse. 3. The Mode Gadget ------------------ This is the one in the top right corner. It toggles between ascii- and hex-dump mode. You may use character 'm' to change the mode too. 4. The Status Line ------------------ Here you can see the name of the bootblock that is currently loaded to the buffer. If a function call fails or anything else happens, you will get a report in this box too. 5. The Scroll Gadget -------------------- It consists of one proportional gadget (I'm very proud of this, because it was my first ever) and two little arrows at the bottom. It's main function is to scroll through the bootblock dump displayed in the window. This is only needed when displaying hex dump, because ascii dump fits in the window anyway. 6. Quit ------- Ahh, what was it?? Yes, you can leave the boot lab with this gadget. 7. Load ------- Here you can load a bootblock from a file to the buffer. A filerequester pops up were you have to select the file you want to load. The bootblock will only be loaded to the buffer, not installed on disk. 8. Save ------- Counterpart of 'Load' which saves a bootblock as a file. Nothing more to say, because it works exactly the same as 'Load'. These two functions are useful for making bootblock backups of games, demos etc. If the buffer is empty, the gadget is disabled. 9. Read ------- Reads the bootblock of the currently selected disk to the buffer. Now you can watch, save or print it. 10. Write -------- Writes the buffer contents to the bootblock of the currently selected disk. Only use this if you know what you are actually doing. An overwritten bootblock cannot be restored in any way. An empty buffer cannot be written, gadget is disabled. 11. Print --------- Prints the dump of a bootblock. Make sure that your printer is online or you will have to wait for this silly system request for appr. 30 seconds. This function always prints the bootblock dump you can currently see in the window. If nothing was loaded, nothing will be printed, the gadget is disabled then. 12. Install ----------- Installs the bootblock selected in the settings menu to the currently selected disk. Same as 'Write', you should only install disks when you know that they will still work afterwards. 13. Settings Menu ----------------- Here you can configure all important parts of the bootblock lab as you like. Note that this menu supports multi-select (hold right button and select items with the left button). FastFileSystem BB: If enabled, the 'Install' command will install a FFS bootblock (0x444f5301), otherwise you will get a normal OFS bootblock (0x444f5300). Uninstalled BB: If enabled, VirusZ will write an uninstalled bootblock to the disk. This disk will no longer boot after a reset, but works the same as before from Shell and Workbench. If disabled, a standard OS 2.0 bootblock will be installed. This bootblock works under Kick 1.2/1.3 as well. Correct CheckSum: Tells VirusZ to correct the checksum of a bootblock before writing it to disk. If you install a bootblock with a wrong checksum, the disk won't boot after a reset. Detect DiskChange: If set, the bootblock lab will behave like the main part of VirusZ, i.e. whenever you insert a disk while the bootblock lab is active, it will automatically select this drive and read the bootblock. Ask Before Action: If enabled, you will get an additional requester asking you if you really want to continue with the selected action. This works with 'Print', 'Write' and 'Install' as these functions can do some harm if wrongly used. Refresh Devices: This is not part of the settings. You can refresh the contents of the device gadget here, e.g. after mounting a new drive. PREFERENCES ----------- 1. The Main Idea ---------------- I think everyone of you knows those programs that always look the same and do the same and you cannot change anything of their behaviour. I didn't want VirusZ to become the same, so I added this fine preferences window. It was designed having the User Interface Style Guide in mind. All gadgets can be toggled via keypad too (see underlined character). 2. Action Gadgets ----------------- These are the three gadgets at the bottom. 'Use' will cause VirusZ to use the currently selected settings only for this session. 'Cancel' ignores all changes made to the settings. 'Save' saves them to a file called 'VirusZ.prefs' in your S: drawer that will be used on all following startups. Additionally to the options specified in the prefs window, the following will be saved too: - the position of VirusZ's main window - all settings of the bootblock lab 3. Audible & Visible Alarm -------------------------- This enables/disables the fantastic sound and screen flash that warns you when a virus has been detected on disk or in memory. Default is on. 4. Install Faked SnoopDos ------------------------- This installs/removes a task called SnoopDos (only if the real SnoopDos isn't installed) for protection against PowerPacker 3.2 trojan horse. Fully compatible to the real SnoopDos, the option doesn't need any processing time since the task is running at a low priority and waits for a message that never arrives. Default: off. 5. Check Resident Vectors ------------------------- This tells VirusZ whether to check the resident vectors during startup and while running or not. Useful if VirusZ keeps on reporting your recoverable RAM-disk or harddisk-device after every reset. Default is off. 6. Report Custom Bootblocks --------------------------- This will, if enabled, cause VirusZ to report known custom bootblocks while checking your disks. Useful if you want to find a certain bootblock and you simply can't remember where it was. Default is off. 7. Check Memory For Viruses --------------------------- By disabling this item, you can tell VirusZ not to check memory for viruses regularly. This does not disable the memory check on startup, because it's still the main task of a virus checker to check for viruses :-) Default is on. 8. Detect Disk Changes ---------------------- Toggles the automatic bootblock and disk-validator check on/off. Useful if you are working a whole day with only two disks that already have been checked and you don't want to wait until VirusZ has checked them every time you insert them. Default is on. 9. Check Hunks On Startup ------------------------- If you intend to crunch VirusZ with your preferred executable cruncher, you'll soon find that VirusZ complains about a modified hunk structure. To prevent this complaint, toggle this item off. Default is on. 10. Requesters Follow Mouse --------------------------- This item offers you the possibility to select what type of requesters should be used for decisions. If enabled, the requesters will appear with the negative response under the mouse, if disabled, they will appear at the top left edge of the screen. 11. Check Drives On Startup --------------------------- This has been added to prevent VirusZ from checking all bootblocks on startup. This is especially useful if you have lots of HD partitions or if VirusZ has problems with your HD. Default is on. 12. Load Brain On Startup ------------------------- If this item is enabled, VirusZ tries to load the brainfile specified in the prefs (see below) on startup. Default is off. 13. 'Are You Sure?' Before Exit ------------------------------- This item toggles the verify request that appears when you either close the VirusZ window or select Quit on/off. Default is on. 14. Check Disk-Validator ------------------------ Here you can switch on/off the automatic Disk-Validator check that is executed whenever a new disk has been inserted. Default is on. 15. Memory Check Repeat Delay ----------------------------- Click on the Get gadget and a request appears. Here you may change the delay between two memory checks. Any value between 2 and 120 seconds is valid, others will be rejected. Default is 10 seconds. 16. Window Y-Sizes ------------------ There are three items labeled '... Y-Size'. You can enter the amount of text lines that should be displayed in the respective windows. Useful on lace screens (slow scrolling) or if you don't want VirusZ to use the whole screen for the display. Enter a value that is too big to set the windows to their full sizes. Use the Get gadgets to enter new values. Defaults to 199. 17. Bootblock Brainfile ----------------------- Enter the full path and filename of the default brainfile here. This name is used by Load Brain and on startup if the respecting prefs item is enabled. Default is 'S:VirusZ.brain'. 18. Check Crunched Files ------------------------ This enables/disables the outstanding mega-feature of decrunching files for virus checking. Note that you need 'decrunch.library' in your libs drawer if you intend to use this. Default is off. 19. Skip Subdirectories ----------------------- Tells the file checker not to check subdirs. Useful for checking the root directory of a harddisk :-) Default is off. 20. Handle Viruses Automatically -------------------------------- If this option is set, you will not see any requesters asking you whether to repair an infected file or not, VirusZ will always try to remove viruses at once. You should enable the file report if you use this feature so you can see what happened while checking afterwards. Default is off. 21. Create File Report ---------------------- If enabled, VirusZ captures all text output during file check to a buffer. You can save this buffer after the file check is finished. Default is off. SPECIAL NOTES ------------- 1. New Viruses And Packers -------------------------- Although VirusZ recognizes lots of viruses both in memory and on disk, this is NOT enough until also the very last virus is included. If you ever get a new virus, do not delete it before sending me a copy. Don't forget: I can only help you in your fight against these little bastards if you support me with all the necessary material. Killing a virus without knowing how it works is impossible. Additionally to new viruses I'm always searching for new crunchers for inclusion in 'decrunch.library'. 2. Bugs ------- VirusZ has been tested on Kick 1.3, OS 2.0 and OS 2.1 (Locale) and worked just fine. If you nevertheless find a bug, please don't wait for better days, but send me a detailed description (if possible) including your system's configuration and when and how the bug appears. You can find some information about your hardware configuration in the vector check. If VirusZ crashes in connection with other software, I would be glad if you send me a copy of these programs (if the copyright allows it). Please DO NOT report things that I can't repeat on my Amiga without a detailed description of the circumstances. 3. Enforcer Hits ---------------- This program is made for virus killing. For this reason it has to check all those memory locations used by viruses, amongst them the interrupts table of the CPU. This certainly causes enforcer hits, but it obviously is better to find the virus than not to have an enforcer hit, isn't it? By the way, all hits are completely harmless. 4. Known Problems ----------------- VirusZ as a program works fine with Kickstart 33.166 (old 1.2), but the memory check routines will sometimes restore wrong pointers while removing viruses. As this Kickstart was only shipped with A1000, and most of the A1000 users have Kick 1.3 or at least Kick 1.2 (33.180) which work fine, I don't see this as a great problem. APPENDIXES ---------- 1. Viruses In Memory -------------------- All viruses mentioned in the 'Brain.doc' will be removed properly from memory (as far as they install themselves in memory). But not all of them will be recognized by name. This is because some clones (especially SCA clones) can be detected and killed all the same way. Including a routine to get their real names as an addition would cause the memory checking routines to get more than twice as large as they are now. And that's not worth it. 2. Utilities In Memory ---------------------- Since VirusZ only kills what it knows in memory, it's not necessary to add all the resident utilities like RAD:, VD0:, ZKick etc. If you ever have problems with these (it's not very likely that VirusZ thinks these might be viruses), let me know and I'll fix it. 3. Special Thanks ----------------- There are several people I wish to thank for their VirusZ support: Ralf Thanner what more should I say?? Control / Alcatraz nice logo and other support Axel Folley moral and financial support :-) Steve / Silicon Designs 3003 always some new viruses and packers Flake / D-Tect nice letters and viruses Holger Wessling always some new ideas Terminator / Destiny UK bootblocks and long letters Martin Odaischi always some new viruses Heinz Lindner resident tools and new Kickstarts Markus Stiebeling several bug reports and hints Rüdiger Prang nice patches and TEX-Docs and several other supporters that have contacted me in the past and of course all users who already paid their shareware fee. 4. Some Kind Of Parody ---------------------- Control's logo is much better, that's why it is at the top and this is at the bottom. But as I got this one for the last release, I wanted to include it anyway... ___ __ ___ /. / __ |._|______________ » ThE BeSt MoNeY CaN BuY « \. \ // / ______ |. |||\___________ . / \\ \ // /_>|. _. \|| ||| |/. _____// / · KeWl CoDeR, KeWl RoUtInEs \\ \// /__ || |_>> >| ||| << <__ // / · o-5 YeArS ViRuZeZ \\ ' /|. ||| . /|| ||| |\__. \// / · RuNnInG oN 68o7o/99MHz \\ / || ||| |\\ \|` `'__|___>> // / 3.o7 · NiCe ShArEwArE FeEs \/ |__||| | \\ \\___\_______// /__________ · AlWaYs LaTeSt BrAiN ThE |__| \\ \ UlTiMaTe /______________\ · AuToDeCrUnCh FiLeS \__\ ViRuS KiLLeR !¡! WhErE WoNdErS CoMe TrUe AnD ThE ViRuZeZ CoMmIt SuIcIdE !¡! !TML!