THE VIRUS DESTRUCTION UTILITY by Richard Karsmakers The day after I discovered that viruses were going around on the Atari ST, Frank Lemmen started writing a virus killer (a program that eliminated the virus from infected disks). He wrote two versions: The first one was filled with bugs (didn't work with RAM-and harddisks, for example), and the second one was believed to be full proof as well. But, as days passed, some additional more or less major shortcomings of Frank's new virus killer showed up: * You could only check drive A's infected disks (trouble with people who had a 5,25" drive B) * It could only recognize one specific virus on disk * To work with it, you had to use keyboard AND mouse * One could not IMMUNIZE disks with it The "Virus Destruction Utility" has the following features: - It recognizes and automatically destroys infected disks' virus - A formerly infected disk is also immunized (so that the current virus will not be written on it ever again) - You can also immunize your normal, non-infected disks - Cases of doubt (any executable bootsectors) are recognized and you are warned (please note: This option was included to make the VDU compatible with future viruses, and all auto-boot programs use these as well - not being a virus!) - It works on drive A as well as B (easy if you have a 5,25" drive B) - It recognizes a virus that is already installed in the computer. The VDU will then refuse to work! If a virus might get onto your VDU disk, simply boot with a non-infected disk and then load the VDU. List of programs that auto-boot, and of which the VDU will tell that it 'may be infected by a virus' (there may be more - these are all ORIGINAL versions): Deep Space, Arena, Brataccas, Starglider, Barbarian, Terrorpods, Obliterator, Sapiens, Sentinel, all Aladin disks, Tai Pan, the BIG Demo (from TEX). The version of the Virus Destruction Utility in this ST NEWS Volume 2 Compendium is a somewhat enhanced version of the one published in the original ST NEWS Volume 2 Issue 8. From now on, newer versions of the virus killer will be appearing in ST NEWS issues regularly. Just look at the program (written in GfA Basic), and the remarks will show you how it all works. I hope to have supplied you with a useful tool in your battle against viruses. It is not only for your own sake, but your duty towards other ST users to fight the ST virus! Kill 'em all! Originally published in ST NEWS Volume 2 Issue 8. ooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo '******************************** '****** Gfa Basic Listing ******* '******************************** ' ' VDU - Virus Destruction Utility ' Written by Richard Karsmakers ' December 18th 1987 ' ' Version 2.2 update on Januari 20th 1988 ' ' This program is Public Domain and may ' be copied freely to anyone you want, ' but in the original form only! ' ' *** Variable initialisation ' Starttime%=Timer !Get start time Os%=Lpeek(&H4F2) !Get operating system address If Peek(Os%+1)=&H1E !Normal ST? Wp%=&H9B2 !Write-protect status Else !MEGA ST? Wp%=&H9F8 !Write-protect status Endif Bp%=&H472 !BIOS 'Get_bpb' pointer address Ad%=&H4C2 !_Drvbits, drives attached Disk$=Space$(512) !Disk buffer ' ' *** Startup sequence ' Alert 1,"THE VIRUS DESTRUCTION UTILITY|V.2.2GB by Richard Karsmakers|Thanks to Frank Lemmen and| STRIKE-a-LIGHT",1,"OK|More|Cancel",Buf% If Buf%=2 Alert 1,"This is version 2.2!|Recognizes '1st Freezer' disks|and non-exec boot stuff.",1,"OK",Dummy% Alert 1,"It also recognizes|many auto-booting programs and|'Aladin'-and MS-DOS disks...",1,"OK",Dummy% Alert 1,"Additional ideas by:| Math Claessens| W.F. Kilwinger| Eerk Hofmeester",1,"OK",Dummy% Alert 1,"Additional thanx to:| Marcel van Valen| Frank Lemmen| STRIKE-a-LIGHT",1,"OK",Dummy% Alert 1,"You computer should be|turned off/on before|running this utility!",1,"OK",Dummy% Alert 1,"When a virus is recognized,|it will be eliminated|automatically!",1,"OK",Dummy% Alert 1,"Cases of doubt will be|recognized as well...",1,"OK",Dummy% Alert 1,"In '100% Safe' cases, it is|possible to immunize the disk|so that it cannot be infected|by the current ST virus.",1,"OK",Dummy% Alert 1,"If you have an auto-boot|program that this version does|not recognize, please|contact me at 'ST NEWS'!",1,"OK",Dummy% Alert 1,"An 'ST NEWS' production|for Atari ST Public Domain...",1,"OK",Dummy% Alert 1,"ST NEWS|Kievitstraat 50|NL-5702 LE Helmond|The Netherlands",1,"OK",Dummy% Alert 1,"(Don't forget to enclose|reply postage or|Int. Reply Coupons so|I can answer!)",1,"OK",Dummy% Endif If Buf%=3 Edit Endif ' ' *** Get drive to check ' Alert 2,"DRIVE SELECTION|Which drive to check?",1,"A|B",Buf% Devno%=Buf%-1 ' ' Ac$=Bin$(Lpeek(Ad%)) !Get active drives If Len(Ac$)>2 !RAM-and/or harddisks attached Norm%=False Else !Only drive A or A+B attached Norm%=True Endif ' ' *** Check if computer is infected by current virus ' Buf%=Lpeek(Bp%) !Get 'Bpb_get' pointer If Buf%0 Alert 1,"SYSTEM ERROR|An error occured during|boot sector read....|Is the disk formatted?",1,"OK",Dummy% Goto The_end Else ' ' *** Check executability of boot sector ' Exec%=Dpeek(Varptr(Disk$)+510) !Buffer checksum Void Xbios(18,L:Varptr(Disk$),L:-1,-1,1) Exed%=Dpeek(Varptr(Disk$)+510) !New checksum If Exec%=Exed% !Compare both checksums Execflag%=True !The same? Then executable Else Execflag%=False Endif ' ' *** Check for Atari bootsector ' If Dpeek(Varptr(Disk$))=&H6038 And Dpeek(Varptr(Disk$)+&H50)=&H4A80 And Dpeek(Varptr(Disk$)+&H100)=&HB645 And Lpeek(Varptr(Disk$)+&H180)=&H20417461 Atari%=True Else Atari%=False Endif ' ' *** Check for current virus ' If Dpeek(Varptr(Disk$))=&H6038 And Lpeek(Varptr(Disk$)+&H7A)=&H4E560000 And Lpeek(Varptr(Disk$)+&HE0)=&H3F3C0001 Curvir%=True Else Curvir%=False Endif ' ' *** Check for key setting ' If Dpeek(Varptr(Disk$)+2)=&H1092 Key%=True Else Key%=False Endif ' ' *** Check for "1st Freezer" disks ' If Mid$(Disk$,&HF5,7)="freezer" Freezer%=True Else Freezer%=False Endif ' ' *** Check 100% safe ' If Peek(Varptr(Disk$))=&H0 Or Dpeek(Varptr(Disk$))=&H4E4E Safe%=True Else Safe%=False Endif ' ' *** Check if 'immunized' ' If Dpeek(Varptr(Disk$))=&H6038 Immu%=True Else Immu%=False Endif ' ' *** Check for known auto-booting programs ' ' * Aladin Disks ' If Mid$(Disk$,&H4F,6)="ALADIN" Alert 1,"DIAGNOSIS|This is an 'Aladin' disk!|Disk is OK!",1,"OK",Dummy% Goto The_end Endif ' ' * Terrorpods disk A ' If Lpeek(Varptr(Disk$)+&HB0)=&H6E31FC And Lpeek(Varptr(Disk$)+&HF0)=&H18604 Alert 1,"DIAGNOSIS|This is Disk A of Psygnosis'|'Terrorpods' game.|Disk is OK!",1,"OK",Dummy% Goto The_end Endif ' ' * Barbarian disk A ' If Lpeek(Varptr(Disk$)+&HB0)=&H204E7000 And Lpeek(Varptr(Disk$)+&HF0)=&H86064EBA Alert 1,"DIAGNOSIS|This is Disk A of Psygnosis'|'Barbarian' game.|Disk is OK!",1,"OK",Dummy% Goto The_end Endif ' ' * Sentinel ' If Mid$(Disk$,&H162,10)="TFINAL.BIN" Alert 1,"DIAGNOSIS|This is Firebird's|'Sentinel' game.|Disk is OK!",1,"OK",Dummy% Goto The_end Endif ' ' * Tai Pan ' If Mid$(Disk$,&HA1,8)="READER.S" And Mid$(Disk$,&HF1,8)="CRUNCH.S" Alert 1,"DIAGNOSIS|This is Ocean's|'Tai Pan' game.|Disk is OK!",1,"OK",Dummy% Goto The_end Endif ' ' * Airball ' If Lpeek(Varptr(Disk$)+&HB0)=&HB84E75 And Lpeek(Varptr(Disk$)+&HF0)=&H60D43800 Alert 1,"DIAGNOSIS|This is Microdeal's|'Airball' game.|Disk is OK!",1,"OK",Dummy% Goto The_end Endif ' ' * Backlash ' If Lpeek(Varptr(Disk$)+&HB0)=&H31FC0011 And Lpeek(Varptr(Disk$)+&HF0)=&HFFFE4E75 Alert 1,"DIAGNOSIS|This is Novagen's|'Backlash' game.|Disk is OK!",1,"OK",Dummy% Goto The_end Endif ' ' * MS DOS Disks ' If Dpeek(Varptr(Disk$))=&HEB34 If Mid$(Disk$,4,3)="IBM" !MS-DOS Version 3.30 disk Alert 1,"DIAGNOSIS|This is a disk for|MS-DOS Version 3.30.|It is OK!",1,"OK",Dummy% Goto The_end Endif If Mid$(Disk$,4,8)="MSDOS3.2" !MS-DOS Version 3.20 disk Alert 1,"DIAGNOSIS|This is a disk for|MS-DOS Version 3.20.|It is OK!",1,"OK",Dummy% Goto The_end Endif Endif ' ' * Programs to add: Deep Space Disk A, Arena Disk A, Brataccas, Starglider ' Sapiens, Goldrunner, Obliterator, B.I.G. Demo, ' Karate Kid II, Jupiter Probe, Space Shuttle II ' Guus Surtel Bootsector disk ' ' *** Display results of the check ' If Atari%=True !Atari bootsector? Alert 1,"DIAGNOSIS|This disk is OK!|(and already immune)",1,"OK",Dummy% Goto The_end Endif If Safe%=True !first two bytes zero? Alert 1,"DIAGNOSIS|This disk is OK!|(but not immune)",1,"OK|Immunize",Dummy% If Dummy%=2 @Immunize Endif Goto The_end Endif If Curvir%=True And Key%=True !Virus present and key set? Alert 1,"RED ALERT DIAGNOSIS|Watch it! This disk is|not only infected but|the 'key' is also set!!",1,"Repair!",Dummy% @Repair Goto The_end Endif If Curvir%=True And Execflag%=False !Non-executable infected boot sector? Alert 1,"ALERT DIAGNOSIS|The virus is on the disk|all right, but is not|executable...(harmless)",1,"Repair|Cancel",Dummy% If Dummy%=1 @Repair Endif Goto The_end Endif If Curvir%=True !Virus bootsector executable? Alert 1,"RED ALERT DIAGNOSIS|This disk is infected!",1,"Repair!",Dummy% @Repair Goto The_end Endif If Freezer%=True And Execflag%=True !1st Freezer disk and executable Alert 1,"DIAGNOSIS|This is a '1st Freezer' disk!|This disk is executable but|it's OK!",1,"OK",Dummy% Goto The_end Endif If Freezer%=True !1st Freezer disk but not executable (?!) Alert 1,"DIAGNOSIS|This is a '1st Freezer' disk,|but it's not executable?!?!|(Disk is OK, however)",1,"OK",Dummy% Goto The_end Endif If Execflag%=True !Executable sector? Warning! Alert 1,"ALERT DIAGNOSIS|This disk is executable!|Might be an auto-boot program|or an unknown virus...",1,"Repair|Cancel",Dummy% If Dummy%=1 @Repair Endif Goto The_end Endif If Immu%=True !Disk immune Alert 1,"DIAGNOSIS|This disk is OK!|(it was immunized already)",1,"OK",Dummy% Goto The_end Else Alert 1,"This disk is non-executable|but I cannot call it 100%|safe...There's something|written on the bootsector!",1,"Repair|Cancel",Buf% If Buf%=1 @Repair Endif Goto The_end Endif Endif The_end: Alert 2,"INPUT|Should I check another disk?",1,"YES|NO",Dummy% Exit If Dummy%=2 Loop Time%=(Timer-Starttime%)/200 Minute%=Time%/60 Second%=Time%-(Minute%*60) Minute$=Str$(Minute%)+"'"+Str$(Second%)+Chr$(34) Counter$=Str$(Counter%) Alert 1,"This session took "+Minute$+"|and "+Counter$+" viruses were destroyed.",1,"OK",Dummy% Alert 1,"If you meet the guy who|made the virus, tell him|to f.ck off!!!",1,"OK",Dummy% Alert 1,"Special remark from Eerk of|STRIKE-a-LIGHT: Virus makers|are completely ignorant of all|sense of responsibility!",1,"OK",Dummy% Edit Procedure Repair If Devno%<2 !Drive A or B? Again: If Peek(Wp%+Devno%)=255 !Check if disk is write protected Alert 1,"SYSTEM MESSAGE|Please remove write-protect|so that I can repair|the disk!",1,"OK|Cancel",Dummy% If Dummy%=2 Goto Cancel Endif Goto Again Endif Endif ' ' *** Clear virus ' Lpoke (Varptr(Disk$)),&H60380000 !Clear 2nd and 3rd byte (key) and immunize For X%=32 To 511 !Erase irrelevant bootsector data Poke (Varptr(Disk$)+X%),0 Next X% ' ' *** Write bootsector back (repaired) ' Buf%=Xbios(9,L:Varptr(Disk$),L:0,Devno%,1,0,0,1) If Buf%<>0 Alert 1,"SYSTEM ERROR|Error writing boot sector!",1,"OK",Dummy% Else Inc Counter% Endif Cancel: Return Procedure Immunize If Devno%<2 !Drive A or B? Wider: If Peek(Wp%+Devno%)=255 !Check if disk is write protected Alert 1,"SYSTEM MESSAGE|Please remove write-protect|so that I can immunize|the disk!",1,"OK|Cancel",Dummy% If Dummy%=2 Goto Outof Endif Goto Wider Endif Endif ' ' *** POKE bytes that virus uses to recognize if it's already present ' Lpoke (Varptr(Disk$)),&H60380000 ' ' *** Write bootsector back (repaired) ' Buf%=Xbios(9,L:Varptr(Disk$),L:0,Devno%,1,0,0,1) If Buf%<>0 Alert 1,"SYSTEM ERROR|Error writing boot sector!",1,"OK",Dummy% Endif Outof: Return