Add to collection(s) Add to saved
  1. Science
  2. Biology
  3. Epidemiology

LSD-Nuke14b

advertisement 
____
_______________
_______________
/
\
/
\ /
\
/
/\
/
//
\
/
/ \
/
_________//
_____
\
/
/
\
/
/
//\
/
/\
\
/
/
\
/
/
// \
\
/ \
\
/
/
\
/
\_______//
\
\ /
\
\
/
/
/
\
\
\
\
\
\
/
/
/ mUb \
\
\
\
\
\
/
\________/__
__\_________
\
__/
\_____/
\
\
\ /
\ /
/
\
//
\\
/
\_______________/ \______________________/ \_____________________/
\
\ \
/ /
/
\
\ \
/ /
/
\
\ \
/ /
/
\
\ \
/ /
/
\______________\/ \____________/ \/____________________/
P R E S E N T
NUKE 1.4b FULL DOCUMENTATION
BY SHAGRATT OF LSD
RELEASE DATE 22/10/91
*** IMPORTANT ***
First an apology, I released NUKE! 1.4a at the Digital party earlier
this month, however when I arrived at the party my hard-drive was
DEAD. I searched through my backup disks and found what I believed to
be the release version ready assembled, so I packed it and released
it. What I didn't realise was this was a development version and
still had a small but irritating bug in it so DO NOT USE VERSION 1.4A!
For those interested my hard-drive is OK now!
*** NUKE 1.4b - CHANGES ***
o Above bug fixed.
o Mutant BGS9 is found and destroyed. Infected file is repaired.
o Destroys LIBERATOR filevirus, full info on this later!
o Checks hard-drive for link-viruses.
o More bootblocks added.
*** NUKE 1.4a - CHANGES ***
o BGS9 is found and destroyed.
The infected file is repaired.
o CCCP is found and destroyed. The infected file is fixed, and it is
protected against re-infection.
o More bootblocks recognised.
o NUKE! analyses any suspect bootblocks and gives them a "danger rating"
it is recommended that you follow the result given.
o Type NUKE Q from the CLI and NUKE will behave normally, but it gives
no messages etc and then quits quickly if the system is Ok.
o The right mouse button no longer toggles between NUKE and the CLI,
this is because no alerts are possible.
o NUKE cannot be runback anymore (to be re-implemented in next version)
*** NUKE 1.3b - CHANGES ***
o KNOWN BUG FIXED: NUKE kills REVENGE BOOTLOADER
o `Intelligent' TRACKDISK.DEVICE virus killer added
o Compatable with 60hz emulator and NTSC machines
o View bootblock options added to virus found section
o New bootblock added to bootblock list and uninstalled bootblocks
recognised
o NUKE uses 10k less chipmem and some code optimisation
o Better descriptions in this documentation
*** CHANGES - NUKE! 1.3a ***
o NUKE now repairs any disks with rogue disk-validators on them, such as
those infected with R.O.L.E etc.
o You can keep inserting disks into a drive to be checked.
o NUKE informs you if your disk(s) are write enabled.
o NUKE now reads, checks and repairs bootblocks.
o NUKE has been tested all the bootblock viruses I could find, it spots
them and gives you the option of installing a boot protector.
o The bootprotector/utility boot is written by ORCRIST of LSD
o The memory usage has also been reduced (again) now needs 36k chip and
14k public. It is written in 100% assembler, and note I will NOT
supply the source to ANYONE, no-matter what reason (this is to prevent
rogue versions appearing).
o NUKE is under 13k packed, so put it in all your startup-sequences, it
needs NO libraries etc.
o After the SADDAM virus has been removed from a disk NUKE will reset
your AMIGA on selecting exit.
o When you reboot the repaired disk it will be un-validated, the disk
will validate itself. Very occasionally when SADDAM has "Got its
teeth into" a disk DOS error "Bad directory" will appear, just use
"fixdisk" and click on the "validate" gadget. The disk will be 100%
afterwards!
*** INTRODUCTION ***
Welcome to a major upgrade of NUKE, a virus killer by SHAGRATT of LSD,
origianally designed to destroy and fix the Saddam virus but now enhanced
to cover other viruses and bootblocks etc!
*** ABOUT SADDAM VIRUS ***
I first read about the Saddam virus in Zine #9 and realised we have had
disks infected with this. I've worked out what Saddam is and does, here
are my findings (note that these may not be complete).
First, Saddam changes the "beginio" and "close" of the
"trackdisk.device",
and "coldcapture" and "vertb" in "execbase". Then it creates an "l"
directory (if you don't already have one) and puts itself into it,
disguised
as the disk-validator, (it's even the same length, if you had a real
disk-validator you don't now!). It alters data blocks to "IRAK" blocks
and
eors the rest of the data within the block with the block number.
Next it unvalidates your disk, and `tricks' the system into believing the
disk is validated. When you insert an infected disk into any drive
(you don't need to boot an infected disk to infect the system), Saddam is
immediatly activated (as one of the first priorities of dos library is
to validate your disk).
Each time you access a file from disk, Saddam modifies the data blocks
in this file. This causes no immidate problems, providing Saddam is
always present. But if its not in the system your disk has read
errors.
Saddam also totally destroys your disk, but I can't find a pattern to
when this happerns (but it is quite quickly!).
It doesn't appear to infect hard drives, but I advise caution!
Saddam is the cleverest virus I have seen so far, but its unfortunate
that its used for destructive purposes. Does anyone know where it came
from or who wrote it?
*** ABOUT LIBERATOR FILEVIRUS ***
This is new to version 1.4b, many thanks go to Greg Hughes of
Birmingham for sending me this little bastard and some info about it.
I have only had the virus 24 hours and seeing as my car has just
failed its MOT, I have had to spend some time on it, so i've only had
a couple of hours to spare on Liberator, here are my findings NOTE I
only ran it from floppy, I didn't let it near my hard-drive as I was
told it does nasty things with your heads (?);
Liberator can only be executed from a booted disk, it copies itself
from sys: and does NOT set any of the usual virus execbase-vectors,
instead it enters memory for a couple of seconds, and spreads to all
write enabled drives.
It adds an extra first line to the startup-sequence "memcheck s", and
claims to be Slipstreams Memcheck 8.1 by Marc. After a few software
resets I am told it prints up a message, (but I never got one, Harddrive only?) then prevents DOS access to the infected disk.
It claims to be an anti-anti-virus, in Liberator are these following
words ZeroVirus, VirusExpert, PVL, ZeroVirus, VirusChecker, MVK 2.1,
BLVC, Berserker and Berserker 5.0. from this I assume they look for
the filenames on disk (or in memory?) and kill them.
Also inside
Liberator are the words January to December and all the days of the
week, i've no idea what they are for (yet!) maybe something to do with
a battery backed clock? If you type "memcheck" from the CLI on an
infected disk you will get the following screen NOTE IT IS A ROGUE
VERSION OF MEMCHECK if you find it, destroy it, It does not check
anything. Liberator is packed with Powerpacker 3.2 my version is 6492
bytes long.
<<<<<<<< MemCheck v8.1 - August 1991 >>>>>>>>
THIS PROGRAM IN THE STARTUP-SEQUENCE WILL KILL ALL VIRUSES
^^^^^
<<CODED BY MARC OF SLIPSTREAM>>
MEMORY CLEAR ------ NO VIRUS ------ MEMORY CLEAR
DISK-VALIDATORS CLEAN ------ NO VIRUS ------ DISK-VALIDATORS CLEAN
I have also found a bug in Liberator; if you type eg "df1:memcheck" (a
drive it has not been booted from) it adds "memcheck s" to the
startup-sequrence, but doesn't copy memcheck to the disk!
*** KILLING VIRUSES ***
This is the recommended procedure for killing a bootblock virus;
(assuming NUKE has found one)
Select display bootblock, look for any messages, virus often have
messages
in them telling you they are a virus (such as REVENGE BOOTLOADER and
BYTE BANDIT). Some viruses contain messages such as "This is not a
virus"
or "Install me and you've wasted £25", however these messages may be
genuine it is recommended to backup the bootblock before installing if
you have any doubts.
A good way of determining if the bootblock is a virus is to select "kill
the
virus in memory (hard reset)". If on rebooting NUKE finds a virus again
you
can be almost certain it is a virus, usless of course you have a link
virus
on your disk, or some STRANGE hardware (such as amiga 2000 hard disk
controllers etc.).
*** BOOTBLOCK DANGER RATING ***
A new feature of NUKE! is the Bootblock examination, which is carried
out during the "Bootblock scan". What it does is checks it for any
things that the bootblock is doing, that a bootblock shouldn't do, or
an encripted bootblock etc. If NUKE! dosn't like a bootblock, install
the utility boot!
*** QUICK EXIT ***
Another new feature is the quick exit, just type "nuke Q" instead of
"nuke" and if your system, and all disks in the drives are clean, then
you will get a very fast exit, instead of having to press the <LMB>.
*** OPTIONAL SHAREWARE NOTICE! ***
If you like this program, I would not turn down any donation (of
anything!), no-matter how large or small (don't worry, you won't offend
me by not sending much!). Anyone sending a reasonable sum will recieve
the next upgrade (or current version if you don't have it!) posted to
you free of charge on the day of release. This will guarantee I don't
lose interest in the NUKE! project.
*** PD LIBRARIES NOTE ***
You may stock NUKE only if you put this document file with it and if
you do not charge more than £1.50 for the disk this is on. NUKE!
clearly states it is copyright. If you write to me for an upgrade
etc. then send at least one disk and return postage or you will not
get a reply. I am developing NUKE! for the use of everyone, but
despite what some people think, I am not a charity.
*** HELP! ***
I am
they
wish
have
looking for copies of all link etc viruses (not bootblock, unless
are anything special!), both new and old. The reason for this is I
to make nuke! check and repair disks infected with these, so if you
any please send them to me all disks will be returned.
I am particually after the following link-viruses;
Xeno, Colourfile, Travelling Jack 2 and any not killed by NUKE! and
not listed in Future expansion.
I would also like to hear from virus writers, although I doubt they
will contact me!
If you have any problems with NUKE please let me know, but make sure it
is the CURRENT version, I had a lot of mail telling me about I bug in
version 1.2a TWO MONTHS after I upgraded it! (Telling me "it
doesn't work on my A5000" doesn't help me either, descriptions
please!)
If you wish to contact me about bug reports and upgrades etc. write
to: (Please note I am NOT interested in swapping!);
Shagratt
c/o Parasite (LSD WHQ),
2 South Parade,
Gainsborough,
Lincs,
DN21 ???.
England
*** FUTURE EXPANSION ***
Future plans include;
o A memory resident version
o Smiley Cancer fix
o Travelling Jack fix
o Disaster Master fix
o Any other link viruses people send me (I only have the three listed
above currently, so send me any link viruses not in this version!)
o More bootblocks (send them)!
The next minor upgrade will be called 1.4c/d etc, the next major
upgrade will be version 1.5a
Heres a quick question for all virus writers:- Who gets more glory,
the guy who writes the virus, or the guy who writes the virus-killer.
Who's wasting the most time?
Greetings to all our friends everywhere, and thanks to FLAKE of THE
SPECIAL BROTHERS for help with the Requesters (I hope my info solved
your problem also!) and to PARASITE for helping me find the bootblocks
included in NUKE and for typing this! Hi to Mr Big/Anarchy, thanx for
the message on Stolen Data issue 7! Many thanx to COBRA for sending
me three link viruses, Greg Hughes for liberator and to MERLIN for
some useful bootblocks!
*** SHAREWARE DONATORS ***
So far only one person has sent me any money for NUKE, so I assume
only one person uses it regually, but somehow I think I am wrong!
Many thanks go to D IBBOTSON of Manchester for his genorous donation.
*** RECOGNISED BOOTBLOCKS ***
NOTE: There appear to be more than one version of some utility boots,
such as OMNI-BOOT 3.2, INTERFERON 1, etc.
***** normal ******
normal (4 types)
normal (workbench 2.4)
uninstalled (3 types)
***** lsd ******
lsd 1.0
lsd 1.1
lsd vector check 2.0 (marl)
***** mf ******
interferion 1 (2 types)
interferion II
**** lexicon ****
inner city vkill 3.4
archaos virus slayer 3.13
archaos virus slayer 3.12
mf interferion pro
***** n.o.m.a.d. ******
crystal ub 1.0
crystal ub 1.0
marc of Slipstream ub 4.0
scoopex ub 1.0
marc of Slipstream ub 2.1
marc of Slipstream ub 3.0
marc of Slipstream ub 6.0
marc of Slipstream vk/ub 6.1
Slipstream uboot 5.0
Slipstream uboot 7.0
Quartex 1.0
***** anarchy *****
omni boot 5.1
anarchy boot 2
omniboot 3.2
omniboot 3.2
anarchy boot 1.1
***** misc ******
xcopy (3 types)
quartex no drives (3 types)
scorpion developments 1.0
scorpion developments 1.1
tsb boot protector
hallon boot 1.4 (mahoney & kaktus)
stoneboot 1.06 (cave)
seek &destroy memcheck
punishers proboot 1.0
cytax powerboot 1.2
mirage noboot
action replay boot pro
hypnosis boot
psudo ops vkiller 2.1
pe protector
tristar vkiller 1.1
memory allocator 1.2
memory controller 1.3
scoopex ub 1.3
aspect boot 1.0
option boot (scampy of adept)
santurary boot
ccs boot v2.0
random access virus killer 2.1
devware antivirus 1988
dietmar noll novirus
ccs boot 3.0
fastmem boot allocator
vcc bootmem
vcs boot 3.2
sabaudian boot 1.0
hyperboot 2.82
blizzard protector 1.0
ccs boot 2.0
quazar of dawn
megaboot 1.3
nofastmem
ntsc warning
pleasure boot 1.3+
tristar vk1.1
tetracopy formatted disk
copper boot
rebels uboot
Razor 1911 uboot
Amaze uboot
end.
Related documents
LSD-Nuke13b
LSD-Nuke13b
Disposing of old hard drives
Disposing of old hard drives
WEEE Disposal Form - Cardiff University
WEEE Disposal Form - Cardiff University
PC Fundamentals Test Name: Date: Directions: Answer all
PC Fundamentals Test Name: Date: Directions: Answer all
Outline
Outline
gdc - Amiga
gdc - Amiga
BAB 2 BASIC OPERATING SYSTEM CONCEPT
BAB 2 BASIC OPERATING SYSTEM CONCEPT
For kernel - RoboSavvy
For kernel - RoboSavvy
REU_locations
REU_locations
Download
advertisement