Fresh Fish 4

home *** CD-ROM | disk | FTP | other *** search

/ Fresh Fish 4 / FreshFish_May-June1994.bin / bbs / amigalib / d989 / viruszii.lha / VirusZII / VirusZ.Doc < prev next >

Wrap

Text File | 1994-04-05 | 25.3 KB | 650 lines

======================================================================= VIRUSZ II DOCUMENTATION ======================================================================= | ·` __/ _ --+-- /| / /`\ /(____ | . . __|__ _ \/_________. ·/\ / | \/__/ \ __ \ · I\_/I /\____)\ /\ _ °/ c0nt®0[/aTz |°| |!| /___` |\ II \|\_/|· | /° __ / \ / / | | | I | //| | __ /`| |i /i \_ \_/ \/· //\ Ve®$i0n II | I\/ / |//·|/ || \ | I: I /\ \ \\ \// /~ \ 1.o3 \ `// |// | || \I ^ /|/ \~\ \\ _|_ // \ \_.\/// |/_/|___°I|_°/ \____/_|\._______/ | /________/°/ OS2 0n[Y \/ \/ \ \ ======================================================================= THE LEGAL STUFF ======================================================================= Copyright --------- The entire VirusZ package is written and copyright © 1991-94 by Georg Hörmann with exception of the reqtools.library which is written and copyright © by Nico François who gave the permission to use it in any freely distributable software package. No parts of this package may be altered by any means (this includes editing, reprogramming, crunching, resourceing etc.), except archiving. Disclaimer ---------- The author is in no way liable for any changes made to any part of the package, or consequences thereof as he is in no way liable for damages or loss of data directly or indirectly caused by this software. Distribution ------------ Neither fees may be charged nor profits may be made by distributing this piece of software. Only a nominal fee for costs of magnetic media may be accepted, the amount of US $6 shouldn't be exceeded for a disk containing VirusZ. Outside a single machine environment, you are not allowed to reproduce single parts of the package, but you have to copy it completely. If any parts were already missing when you received the package, look out for another source to get your software in the future. See this list of contents for verification: VirusZ (dir) Libs (dir) xfdmaster.library reqtools.library Install Libs Install Libs.info Install.script VirusZ VirusZ.info VirusZ.Doc VirusZ.Doc.info VirusZ.History VirusZ.History.info VirusZ.info Shareware --------- VirusZ is Shareware which means you are allowed to copy it freely, but you have to pay a fee to the author if you use VirusZ regularly. Not paying your fee is both immoral and illegal. If you already have registered for any former releases, paying the fee again is optional. Suggested donation is DM 20 or an equivalent amount in any other currency. Anything else will not be accepted. About SHI --------- It is hereby strictly forbidden to include VirusZ II on any Safe Hex International viruskiller compilation disks without my permission. I am NOT a member of SHI and therefore am not interested in any kind of direct or indirect contact to Erik Løvendahl Sørensen who is mostly profit-oriented and tries to cheat the anti-virus programmers both financially and morally. The following regional SHI virus centers have my permission to include VirusZ II on their disks: SHI Team Denmark : Jan Bo Andersen & Lars Kristensen SHI Norway : Kurt Hansen ex-SHI U.S.A. (East) : Jim & Becky Maciorowski ======================================================================= PERSONAL STUFF ======================================================================= The Author ---------- Starting with September 1993, I have to fulfil my community service at the local Red Cross station as an army replacement. Therefore I will no longer have that much time for updating VirusZ as I had it in the past when I went to school. I'll nevertheless try my best, but I can't make any promises. If you want to contact me anyway, try the following address: Georg Hörmann Am Lahnewiesgraben 19 82467 Garmisch-Partenkirchen Germany Submissions ----------- Submissions with new material (viruses/crunchers) are welcome. If you want your disks back, either enclose enough money for postage or German stamps. By now I had more expense than profit by sending all you folks your disks back. If you want me to continue my anti-virus work, don't try to cheat me. Special Thanks -------------- There are several people I want to thank for supporting VirusZ: * Ralf Thanner for everything (what more should I say:-)) * Axel Folley for moral and financial support :-) * Flake/TRSI for viruses and bug reports * Holger Wessling for his unbelievable fantasy * Martin Odaischi for dozens of viruses and financial support * Heinz Lindner for resident tools and new Kickstarts * Markus Stiebeling for bug reports and hints * Control/Alcatraz for the nice logo * Rüdiger Prang for patches and TEX-Docs * Steve/Silicon Designs 3003 for viruses and packers * all other folks that have contacted me in the past * of course all users who already paid their shareware fee There's one person I DON'T want to thank: * Erik Løvendahl Sørensen for being the leader of SHI, for his lies and bad comments, his egoism, his pseudo-legal appearance and for the worst written English in the history of mankind. ======================================================================= INTRODUCTION ======================================================================= Philosophy ---------- VirusZ is another try to make the perfect viruskiller. Although there are already hundreds of killers, none had to offer the, in my opinion, most important features. These are to be short, fast and not to keep the user from working by opening a big screen with hundreds of gadgets or locking the drives. If you like that type of killer, forget VirusZ. Enforcer Hits ------------- VirusZ has been designed to kill viruses in memory. Therefore it has to check all the memory locations used by these bastards, amongst them the interrupt table of the CPU. This certainly causes enforcer hits, but it obviously is better to detect the viruses than not to have an enforcer hit, isn't it? By the way, all hits are completely harmless. Getting Started --------------- The VirusZ II series requires OS2 and the reqtools.library in order to work correctly. As an addition, if you want to use the decrunch feature, you need the xfdmaster.library. Copy both files to the LIBS: drawer of your system disk. You can use the 'Install Libs' script for the copy work. After this, starting VirusZ is nothing more than typing its name to any Shell or double-clicking its icon from Workbench. See the chapters below for supported Shell options and tooltypes. How To Use ReqTools Requesters ------------------------------ VirusZ uses three types of ReqTools requesters: requests asking for a decision, information requests informing you about something and file requests to select files/drawers. You can satisfy them not only by clicking their gadgets, but also via shortcuts. These are: Positive response: <Y>, <RETURN>, <LAMIGA-V>, underscored character Negative response: <N>, <ESC>, <LAMIGA-B>, underscored character The positive gadget is the leftmost always printed in bold, whereas the negative is the rightmost. Menus ----- Actions are taken via the items in the 'Project' menu. 'Quit' causes VirusZ to quit, 'Hide' hides the main interface, 'About' gives you information about the current release and 'Show Brains' displays all known viruses. See descriptions of the other items below. The 'Prefs' menu enables the user to configure VirusZ to his own taste. After selecting 'Save Prefs', VirusZ writes the file 'VirusZ_II.Prefs' to the ENVARC: drawer which contains the settings. See descriptions of the other items below. ======================================================================= SHELL OPTIONS ======================================================================= CX_PRIORITY ----------- Specifies the commodity priority of VirusZ's broker. Values may range from -128 to 127, default is 0. CX_POPKEY --------- Defines the hotkey used to pop up the main window. CX_POPUP -------- Tells VirusZ whether to pop up on startup or not. PUBSCREEN --------- Tells VirusZ to open its windows on the defined public screen instead of the Workbench. ??|INFO ------- Prints further information about the exact use of the above options. ======================================================================= TOOLTYPES ======================================================================= CX_PRIORITY ----------- Specifies the commodity priority of VirusZ's broker. Values may range from -128 to 127, default is 0. CX_POPKEY --------- Defines the hotkey used to pop up the main window. CX_POPUP -------- Tells VirusZ whether to pop up on startup or not. PUBSCREEN --------- Tells VirusZ to open its windows on the defined public screen instead of the Workbench. ======================================================================= FILE CHECK ======================================================================= Introduction ------------ In the early days of the Amiga viruses, nobody thought about file or even link viruses. A good virus killer had to display the bootblock and check some vectors. But nowadays, the greatest danger doesn't come from the bootblock, but from files. Therefore this file check has been created to check files for virus infection. See a list of all known viruses by selecting 'Show Brains' from the 'Project' menu. This file check is quite unique as it offers you several features which others lack. First it can decrunch files for checking, second it can remove all virus links from an infected file in one step where others are only able to remove one link after the other. These features are possible thanks to a great file buffering method and my own xfdmaster.library. If you have to chose a checker, use mine for perfect checking. File Request ------------ After selecting 'File Check' from the 'Project' menu, the first thing to appear is a file request. Here you (multi-)select the files and/or drawers you wish to check. If you want to select several entries, keep <SHIFT> pressed while selecting them. To select all entries, click on the 'All' button. Now click on 'Ok' to start or 'Cancel' to abort checking. Output Window / Control Panel ----------------------------- Now a window opens that is separated in two portions. The bigger part is the output window which contains information about the files that are checked. The small part at the bottom is the control panel. By clicking on 'Stop', checking is interrupted and a request appears asking you to continue or to abort. If you select 'Continue', the request disappears and checking continues. By selecting 'Abort', checking is aborted and you can exit from the file check or select the next drawer/file by clicking on 'Check Again'. Important Notes --------------- The link virus removal code is absolutely reliable as long as infected files aren't damaged in any way. If the hunk structure is corrupted or anything else disables removing, VirusZ will tell you and then skip the file. VirusZ handles the protection bits of files automatically, i.e. makes the file readable for checking and writeable for reparation. This is useful because you don't have to mess around with the Protect command in your Shell. Whenever there comes up a system request "Disk is write protected", VirusZ tried to change the protection bits. This access is not dangerous, so it would be best if you make your disks write enabled before checking. Additional Hint --------------- It may happen that a file is first infected and then crunched. If you want to save the cleaned file without having it decrunched, check it again with decrunching disabled. ======================================================================= FILE CHECK PREFERENCES ======================================================================= Decrunch Files -------------- If this option is enabled, the file check decrunches files in order to check them for viruses. You need the xfdmaster.library for this feature and free memory that is twice as large as the file itself. Skip Subdirectories ------------------- Enable this option to make the file check ignore any drawers that may exist in a selected drawer. Auto-Handle Viruses ------------------- If the file check detects a file that contains a virus, a request pops up to inform you which virus it was and asks you to either kill the virus or let it stay alive. With this option you can skip this request and kill any viruses automatically. Generate Report --------------- This option makes it possible to create a text file that contains a copy of the text output you can see while checking. If enabled, a file request will appear after the file check is finished to ask you for the filename the report should be written to. Check Without Repair -------------------- If enabled, the file check only detects viruses, but doesn't try to repair the files. This may be useful with new disks you don't know the contents. Simply select all files, perform a file check and look at the output without being disturbed by requests. In fact it is useful for me to check through my virus drawers without aborting hundreds of requests. Auto-Save Report ---------------- If enabled, VirusZ doesn't ask for a path/filename to save the report to. It then simply uses the filename that is generated by default and the path entered in 'Default Report Path'. Default Report Path ------------------- Enter the path where you want to save file reports to in this gadget. If auto-save is enabled, VirusZ uses this path for saving. Amount Of Lines Displayed ------------------------- This gadget contains the maximum amount of lines that will fit into the file check output window. Set to 99 on screens lower than 300 pixels and to smaller values on interlaced screens. Otherwise the scrolling will be too slow and decrease checking speed. ======================================================================= SECTOR CHECK ======================================================================= Select Drive ------------ After selecting 'Sector Check' from the 'Project' menu, the first thing to appear is a drive request. Here you select the drive you wish to check. Only trackdisk units are supported, but checking should work with the new 1.76 MB disks too. Click on 'Ok' to start or 'Cancel' to abort checking. Output Window / Control Panel ----------------------------- Now a window opens that is separated in two portions. The bigger part is the output window which contains information about the sectors that are checked. The small part at the bottom is the control panel. By clicking on 'Stop', checking is interrupted and a request appears asking you to continue or to abort. If you select 'Continue', the request disappears and checking continues. By selecting 'Abort', checking is aborted and you can exit from the sector check or select the next drive by clicking on 'Check Again'. ======================================================================= SECTOR CHECK PREFERENCES ======================================================================= Auto-Repair Sectors ------------------- If the sector check detects an infected sector that can be repaired, a request pops up to ask you to either repair the sector or ignore it. With this option you can skip this request and repair any sectors automatically. Check Without Repair -------------------- If enabled, the sector check only detects infected sectors, but doesn't try to repair them. Useful to get a quick overview over the sectors of a disk. Amount Of Lines Displayed ------------------------- This gadget contains the maximum amount of lines that will fit into the sector check output window. Set to 99 on screens lower than 300 pixels and to smaller values on interlaced screens. Otherwise the scrolling will be too slow and decrease checking speed. ======================================================================= VECTOR CHECK ======================================================================= Introduction ------------ Mostly all viruses work in the same manner. Either they make themselves resident and/or corrupt some libraries or devices with their code. Therefore the vector check was designed to help you finding new viruses that can't be recognized directly by VirusZ yet. Most of the vectors and entrypoints that will be displayed are only interesting for programmers, so I will try to avoid any explanations that confuse the average user. Output Window / Control Panel ----------------------------- After selecting 'Vector Check' from the 'Project' menu, a window opens that is separated into two portions. The bigger part is the output window which contains information about the vectors that are checked. With the scroll gadget at the right you can move the output up and down. The small part at the bottom is the control panel. By clicking on 'Refresh', the output will be refreshed. This is useful after clearing some vectors. If there is not enough memory to refresh, the vector check exits. With 'Exit', you normally leave the vector check. What Can I See From The Displayed Information? ---------------------------------------------- Well, every vector has a short comment right of it. As long as you can read 'Ok' there, everything is fine. Then it might happen that you read something like 'SetPatch', this tells you that the changes done to this vector are ok, because VirusZ recognized who did them. But if you read '*** NON-STANDARD VECTOR ***', be alarmed. In fact, most of these unknown changes are nothing more than an utility like the well known 'PP Patchers'. If you have such an utility and you know the changes are caused by it, please send it to me for inclusion. Menu ---- There exists a menu called 'Clear' in the vector check which offers you the possibility to clear certain vectors one by one or all together. The item names correspond with the respective vectors. ======================================================================= VECTOR CHECK PREFERENCES ======================================================================= Show ResModules --------------- If enabled, the ResModules will be checked and non-ROM based modules will be displayed. Show Exec Interrupts -------------------- If enabled, the exec interrupt table will be checked and non-ROM based entrypoints will be displayed. Show CPU Interrupts ------------------- If enabled, the CPU interrupt table will be checked and non-ROM based entrypoints will be displayed. Show Devices ------------ If enabled, devices will be checked and non-ROM based function table entrypoints will be displayed. Show Libraries -------------- If enabled, libraries will be checked and non-ROM based function table entrypoints will be displayed. Hide Known Patches ------------------ Normally the sector check displays known patches with their name after the patched entrypoints. If this option is enabled, known patches are skipped and will not be displayed. Useful to filter out modifications caused by SetPatch, LoadWB or other system commands. Hide 'OK' Vectors ----------------- If enabled, the vector check will not display ANY vectors marked 'OK'. This decreases the amount of printed lines drastically as long as there aren't too much patches in the system. Amount Of Lines Displayed ------------------------- This gadget contains the maximum amount of lines that will fit into the vector check output window. ======================================================================= BOOTBLOCK LAB ======================================================================= Attention --------- Be careful with writing to / installing your harddisk. I'm not reliable for your faults. Drive / Display --------------- There are two cycle gadgets in the bootblock lab, one on each side of the status line. The left one selects the drive you want to work with, the right one selects the display mode. Keyboard activiation of the drive gadget is <D> or <SHIFT-D> and <B> or <SHIFT-B> for the display mode gadget. Name ---- Whenever there happens to occur an error, this will be stated in the status line. Then the name of the current bootblock in the buffer will be overwritten. By clicking on this gadget, the name is printed again. Exit ---- Click to exit from bootblock lab. Read ---- Reads the bootblock from the currently selected drive to the buffer. Only DOS disks can be read. Write ----- Writes the current buffer contents to the bootblock of the selected drive. The disk type and the checksum will be corrected automatically. Load ---- Opens a file request to select a bootblock file that should be loaded to the buffer. Only DOS bootblocks can be loaded. Save ---- Saves the current buffer contents to a file. This is useful to backup important bootblocks of games etc. Prefs ----- Opens the bootblock lab preferences window. Useful to change something without having to leave the lab. Install ------- Installs a standard OS2 bootblock to the currently selected drive. The disk type will be corrected automatically. ======================================================================= BOOTBLOCK LAB PREFERENCES ======================================================================= Ask Before Write Access ----------------------- If enabled, a security request pops up every time you select 'Write' or 'Install' in the bootblock lab. Read Inserted Disks ------------------- This enables the bootblock lab to read the bootblocks of inserted disks automatically. Useful if you intend to check a whole box of disks for bootblock viruses. Install Uninstalled Boot ------------------------ If enabled, 'Install' doesn't install a standard bootblock, but makes the disk non-bootable. ======================================================================= BACKGROUND PREFERENCES ======================================================================= Check All Disks On Startup -------------------------- If enabled, the bootblocks and disk-validators of all available disks will be checked on startup. Check Memory For Viruses ------------------------ If enabled, memory will be checked for viruses regularly. The state of this button does not influence the memory check on startup which is always performed. Check Bootblocks ---------------- If enabled, the bootblock of every inserted disk is checked. The state of this button does not influence the behaviour of the bootblock check that is performed on startup. Check Disk-Validators --------------------- If enabled, the disk-validator of every inserted disk is checked. The state of this button does not influence the behaviour of the startup disk-validator check. Memory Check Repeat Delay ------------------------- Enter the amount of seconds that should pass between two memory checks here. ======================================================================= MISCELLANEOUS PREFERENCES ======================================================================= Check Hunks On Startup ---------------------- If enabled, the hunk structure of VirusZ will be checked on startup. An alert appears if there is something wrong (might be a link virus). Disable this option if you intend to crunch VirusZ with a file packer because most of these modify the hunks. Requesters Follow Mouse ----------------------- If enabled, all ReqTools requesters appear with the negative response under the mouse. If disabled, they pop up in the top left corner as usual. Quit Immediately ---------------- If enabled, VirusZ quits without verification. Install SnoopDos Task --------------------- If enabled, a task called 'SnoopDos' will be created which doesn't use any processor time, but prevents several trojan horses from doing any harm. Pop Up On Startup ----------------- If enabled, VirusZ opens the main window on startup, otherwise it can be controlled via the Exchange commodity only. Close Main Window = Exit ------------------------ If enabled, VirusZ quits when you click on the close-window button of the main window, otherwise it will act as if you selected the 'Hide' item from the 'Project' menu. Center Main Window ------------------ If enabled, VirusZ's main window appears centered at the top border of the screen. Otherwise it will use the coordinates that have been last saved. You can save the coordinates by moving the window to the desired position and then selecting 'Save Prefs'. Hotkey ------ The default commodity hotkey used to pop up the main window. ======================================================================= END OF DOCUMENTATION =======================================================================