| T.R | Title | User | Personal
Name | Date | Lines |
|---|
| 1560.1 | Cure | TLE::RMEYERS | Randy Meyers | Sun Jul 24 1988 23:39 | 25 |
| Re: 0
Sounds like you were bit by the classic SCA of the virus.
The defense against any of the boot block viruses is:
Turn your Amiga off for at least 20 seconds.
Boot from a uninfected Workbench. For safety's sake, write protect
your Workbench disk.
Use the CLI "INSTALL" command to disinfect your affected bootable
disks. I think the command is "INSTALL DRIVE DF0:".
Do not try doing an install on any games that you have unless you
are positively sure the disk is infected. Some commercial software
uses a special purpose boot block. If you use the INSTALL command on
that disk, the software becomes unusable. Of course, if the software
has a special purpose boot block and it gets the virus, it becomes
unusable as well.
The SCA virus also has a back door. If you boot with an infected
disk while holding down the left mouse button, the screen will flash
green and the virus will remove itself from memory. You then can
use the install command to disinfect the disk.
|
| 1560.2 | additional info... | OBLIO::CASSIDY | I'm schizophrenic and so am I | Mon Jul 25 1988 02:50 | 13 |
|
Sorry to hear about your infection. A detailed description of the
SCA virus can be found in note 992. There are several other notes
about this virus and others which can be found using DIR /TITLE="virus".
On the bright side, there are programs available to test for and
eliminate several of the best know strains. On the dark side,
new ones seem to turn up on a regular basis.
Isn't it wonderful how computers are simplifying our lives? ;-)
Kevin C.
|
| 1560.3 | Virus checker | LEDS::ACCIARDI | I Blit, therefore I am... | Mon Jul 25 1988 09:06 | 7 |
|
I just got hold of the latest virus checker/killer program, VirusX_1.5.
I'll upload it tonight.
Ed.
|
| 1560.4 | SCA invades Phoenix | NITMOI::WITHERS | | Mon Jul 25 1988 14:14 | 7 |
| WARNING! My friend just got a Phoenix Harddrive and as a free bonus
gift the SCA Virus was on the Harddrive Workbench disk! We performed
minor surgery and removed the sucker with no complications but check
out any boot disks for Phoenix Harddrives.
George
|
| 1560.5 | Gaackkkk! I got an infected disk! | MTBLUE::SEELEY_BOB | | Mon Jul 25 1988 17:20 | 14 |
| I've had the treat of receiving and infected disk from a
local dealer a couple of days ago. I checked it with VirusX
after I had shoved it, and a couple of other disks, into my system.
Low and behold! A window popped up and told me that I had an infected
disk (an SCA derivative). I cruised through all the disks that
had been pushed through the machine and checked each. No infection.
I then had some fun with the infected disk and experimented with
the boot/transmission to another disk. I then used the version of the
install command provided within VirusX to 'heal' the copy that I had
just created. I'm impressed, now I can call the dealer and pass
the good news to him ;'). As for me, I'm curious as to what the
message actually looks like and if I have an 'original' version
of the virus... so I'm keeping it until the time at which it
'identifies' itself, then I'll exterminate it.
|
| 1560.6 | I BOUGHT the Bug! | SNOC01::SIMPSON | David Simpson | Mon Jul 25 1988 21:53 | 12 |
| Buying infected disks from authorised software dealers has to be
the PITS. Unfortunately, I now suspect that is from where my infection
originated, and I am still investigating. If true, this will confirm
the flood of rumours Down Under that this is happening.
Thanks to .1 for the advice about INSTALL - you see, I almost never
use Amiga-DOS format or copy, I use Marauder II which of course
will copy practically anything.
I think it would be extremely interesting to know how many people
have legitimately bought infected software, and what people think
could be done about it.
|
| 1560.7 | Simple Advice | TLE::RMEYERS | Randy Meyers | Mon Jul 25 1988 23:42 | 8 |
| I think a fairly simple and effective precaution for dealing with
the current Amiga viruses is to keep all your boot floppies
write protected.
On a more humorous note, another precaution is to buy some extra
memory. One "deadly" strain of the virus (it deletes your files)
has a bug that prevents it from working if you have more than
512k of memory. Talk about incompetent jerks!
|
| 1560.8 | Maybe not so simple... | SNOC01::SIMPSON | David Simpson | Tue Jul 26 1988 00:49 | 12 |
| Re .7
I am not sure that is really workable. Some programs, like Archon
and Arctic Fox will not work with more than 512k - I suspect that
is because they were written specifically for 1.1/Amiga 1000 and
don't know about fast-mem/no-fast-mem. The same might be true for
our deadly intruder.
Also, while SCA only replicates during a warm boot, it appears that
things like BB set themselves up as a background process. Therefore,
booting while write-protected saves you from SCA but when and if
you want to save that high score you are still open to the BB strain.
|
| 1560.9 | VirusX1.5 | LEDS::ACCIARDI | I Blit, therefore I am... | Tue Jul 26 1988 22:09 | 9 |
|
The latest version of Steve Tibbets' VirusX program is now showing
at LEDS3::USER6:[ACCIARDI.AMIGA].
VirusX opens a small one line window on your Workbench screen and
silently monitors each floppy insertion, notifying you of non-standard
boot blocks. Nice.
Ed.
|
| 1560.10 | Any cases of Hard Disk Viruses? | DPDMAI::ANDERSONA | | Fri Aug 05 1988 18:54 | 8 |
| So far from what I have heard all of the viruses only affect floppys.
While this is bad enough has there been any cases of a virus affecting
a hard disk? This may be a problem lurking around the corner when
ever CA releases 1.3 and auto booting. So far I have been lucky
and have not been infected.
Alan
|
| 1560.11 | haven't heard of any so far.. | BAGELS::BRANNON | Dave Brannon | Mon Aug 08 1988 00:10 | 19 |
| re: .10
only one part of the virus problem is the overwriting of the boot
sectors. A virus can do many things to your harddisk without bothering
to infect the boot sectors on it. In the ibmpc world, they often
do things like destroying or corrupting the file to disk sector
mapping or even reformatting the hard disk.
You're right though, if your harddisk has boot sectors, they are
a very tempting target for a virus since that ensures that you
will be normally booting with those infected sectors.
Nasty stuff, but nothing new. The ibmpc world has had this problem
for years, it is only recently that the press has figured out how
to make a news story about it. The publicity seems to have stirred
up competition between the virus writers. Unfortunately some sick
Amiga programmers feel the need to get fame that way.
-dave
|
| 1560.12 | Just Retribution | SNOC01::SIMPSON | Those whom the Gods would destroy... | Fri Aug 12 1988 02:07 | 2 |
| I think virus writers should be castrated very slowly and without
anaesthetic.
|
| 1560.13 | Enter a title for your reply: | OPUS::BUSCH | | Fri Aug 12 1988 09:38 | 9 |
| Re .-1
That's a sexist remark. Don't you give females any credit for the skill to come
up with a clever bit of code? Or do you give them credit for having the
restraint in not putting it to use? :�)
However, I tend to agree with your feelings.
Dave
|
| 1560.14 | not so sexist | SAUTER::SAUTER | John Sauter | Fri Aug 12 1988 11:54 | 3 |
| re: .13--It is possible to castrate females, though it isn't usually
done.
John Sauter
|
| 1560.15 | VirusX 1.6? | CRISTA::CAPRICCIO | What about pointed sticks? | Mon Aug 15 1988 13:33 | 11 |
|
From the AMIGA_USENET conference (Note 3699.2):
> Agreed, VirusX is definitely the way to go. Several of us down in Atlanta
> have had viruses detected and repaired. The latest version out though, is
> not 1.21. It's 1.6 (available on PeopleLink).
Anyone have version 1.6 out there? Any PLinkers care to download it?
I'll give you money...
Pete
|
| 1560.16 | Dear Mr. Creosote, | WOODRO::CAPRICCIO | All through the day, I-me-mine | Wed Aug 24 1988 19:28 | 13 |
| Re: .15
> Anyone have version 1.6 out there? Any PLinkers care to download it?
Hey, bubble-head! Instead of being such a cheapskate, why don't *YOU*
sign-up for Plink and then you can download it yourself. Doesn't it make
sense to spend a little for access to lots of PD and ShareWare instead
of mailing your paycheck to Hostess and stuffing your face? Wake up you
fat slob! Your Mother was a hamster and your Father smelled of eldeberries...
Re: whoever-cares
I've downloaded VirusX V1.6 from Steve Tibbetts BBS and placed it in:
CRISTA""::AMIGA:VirusX16.Arc
|
| 1560.17 | what etiquette! | WJG::GUINEAU | | Thu Aug 25 1988 08:24 | 12 |
|
> Hey, bubble-head! Instead of being such a cheapskate, why don't *YOU*
> sign-up for Plink and then you can download it yourself. Doesn't it make
> sense to spend a little for access to lots of PD and ShareWare instead
> of mailing your paycheck to Hostess and stuffing your face? Wake up you
> fat slob! Your Mother was a hamster and your Father smelled of eldeberries...
YIKES! I hope you two know eachother!
John
|
| 1560.18 | | LEDS::ACCIARDI | Heisenberg may have slept here | Thu Aug 25 1988 09:00 | 5 |
|
Gee, the Morton Downey Jr. style of etiquette must really be catching
on! :^)
|
| 1560.19 | | MTWAIN::MACDONALD | WA1OMM 7.093/145.05/223.58 AX.25 | Thu Aug 25 1988 11:09 | 3 |
| How do these immature types gain access to our systems?
Mr. Moderator?
|
| 1560.20 | | ANT::SMCAFEE | Steve McAfee | Thu Aug 25 1988 13:35 | 4 |
| Take it easy guys. In case you didn't notice it looks like
.15 and .16 were written by the same person.
:-)
|
| 1560.21 | Schizophrenia??? | MQFSV2::DESROSIERS | Tout est possible | Thu Aug 25 1988 13:42 | 5 |
|
Is that what is known as a split personnality?
Jean
|
| 1560.22 | Where's Miss Manners for USENET? | JFRSON::OSBORNE | Blade Walker | Thu Aug 25 1988 15:51 | 6 |
| Re: .15,.16
Must be just the result of reading USENET. (Who said "constant exposure
results in contamination"?) Every so often USENET has the etiquette
equivalent of a thermonuclear device go off...
|
| 1560.23 | VirusX 1.7 | LOWLIF::DAVIS | That's not a BUG, it's a FEATURE! | Sun Aug 28 1988 00:24 | 5 |
| Wow, looks like Steve is really pumping new versions of VirusX out fast! You
can get version 1.7 now from MDKCSW::DUA2:[DAVIS.AMIGA]VIRUSX17.ARC and from
what I have heard a couple of newer versions may be on the way RSN.
...richard
|
| 1560.24 | Priv? | GILBRT::BEAUREGARD | Roger Beauregard SHR1-3 | Mon Aug 29 1988 12:14 | 7 |
| Richard,
Could you please allow world access to Virusx17.arc
Thank You
Roger
|
| 1560.25 | Oops | MDKCSW::DAVIS | That's not a BUG, it's a FEATURE! | Tue Aug 30 1988 14:12 | 3 |
| Sorry, I _did_ have it W:R at some point. Uh huh, sure. No really I did...
:-) ...richard
|
| 1560.26 | VirusX V2.0 available | LOWLIF::DAVIS | That's not a BUG, it's a FEATURE! | Tue Sep 06 1988 22:20 | 4 |
| VirusX V2.0 is now at MDKCSW::DUA2:[DAVIS.AMIGA]VIRUSX20.ARC and yes, it's
even open for world read. (Impressive, isn't it? Ya gotta love it!) :-)
...richard
|
| 1560.27 | OUCH! Bitten by the byte bandit | MQFSV1::DESROSIERS | Tout est possible | Mon Sep 26 1988 23:53 | 13 |
| Sunday I had a small infection from the BYTE BANDIT virus (and my
mother told me time and time again "don't take anything from
strangers"). Anyway, what prompted me to try VIRUSX vers. 1.5 was
that a copy utility would guru when I attempted to remove a disquette
from a drive, the program had never before behaved strangely so
I gave it a shot of virus-aid, and it died. I was a bit skeptical
because VIRUSX had never done anything else than write its title
in the top bar, but when I saw the requester....what a surprise!!
My hat off to the good people who write these things, bravo!
Jean
|
| 1560.28 | VirusX V2.1 | CRISTA::CAPRICCIO | Slave to the waffle light | Tue Dec 20 1988 19:06 | 22 |
| Steve Tibbett's VirusX V2.1 can be found at:
CRISTA""::AMIGA:VIRUSX21.ARC
New features include:
No need to use RUNBACK or ARUN anymore (in fact, he recommends NOT to in
order to use the other features properly - see v2.1.notes in the archive)
New CLI or new WSHell (if you have WSHell) from the VirusX window
Ability to position the VirusX window
The latter doesn't seem to be mentioned in the docs, but in Steve's BBS
description he mentioned it. You indicate the position as x/y parameters
in the command string, ie:
virusx 100 100
My favorite position is 331 13. Just ask my Wife ;^)
Pete
|
| 1560.29 | Is it me? | GILBRT::BEAUREGARD | read manual as a last resort | Thu Dec 22 1988 08:40 | 9 |
| Has anyone tried putting this into thier startup sequence? I tried
last night and I can't seem to get the newcli window to appear.
I'm not using runback as suggested in the documentation. If I invoke
the program from the amiga shell, alls fine. I only have the problem
when the program is invoked from the startup sequence.
Roger
|
| 1560.30 | WB 1.2 okay | CRISTA::CAPRICCIO | Slave to the waffle light | Thu Dec 29 1988 16:29 | 12 |
| I've only tried it with WB 1.2 and it works fine. The only snafu I
ran into was if you specify a window location that puts part of the
VirusX window "off" the screen. In that case, you get no window at
all (and no status message either). My startup-sequence reads:
;
VirusX 331 13
;
So far, so good...
Pete
|