AminetAminet
Search:
84749 packages online
About
Recent
Browse
Search
Upload
Setup
Services

util/virus/AntiBeol_133.lha

Mirror:Random
Showing: ppc-morphos icongeneric icon
No screenshot available
Short:Mem viruskiller for the new Packetviruses
Author: gzenz at ixc.net (Gideon Zenz)
Uploader:gzenz ixc net (Gideon Zenz)
Type:util/virus
Architecture:m68k-amigaos
Date:1997-09-22
Download:util/virus/AntiBeol_133.lha - View contents
Readme:util/virus/AntiBeol_133.readme
Downloads:5562

-----BEGIN PGP SIGNED MESSAGE-----

NOTE
        For news please check out the HISTORY section!

PURPOSE
        As  probably  some  of  you  know,  a crazy guy postet the source of a
        really  dangerous  stealth-virus  (Beol3) to the usenet.  I decided to
        debug  this piece in order to protect myself from it, as the danger of
        clones  with  destructive  routines  seemed  to  be pretty high.  When
        testing  it, I had to make sure not to infect myself, and to clean the
        memory from the virus when I finished.  So AntiBeol was born, in order
        to clean the memory from all viruses working like this one.

        I got in contact with Markus Schmall (Virus Workshop) so I could maybe
        help  him  a  bit,  and he encouraged me to improve AntiBeol, as other
        peoples  might  find such a tool handy.  He sent me some more viri, so
        it`s now able to detect and clear the most important one.

        The  difference  to  probably  the  most viruskillers is that this one
        doesn`t  only notify you when it encounters a known virus, but also if
        it  detects  some  abnormal  changes, so it can (hopefully) detect new
        viri.

        All  in  all, it doesn`t replace a good background checker like VirusZ
        is, but it gives you additionally help on this comming-up packetviri.

USAGE
        It`s  pretty  easy to use.  Just put it somewhere in your User-Startup
        with a run, e.g.:

        Run <>NIL: C:AntiBeol

        You won`t notice anything on normal work, but if it detects something,
        a  reqtools  requester  will  pop  up  and  inform  you about it.  The
        following  viri are detected untill now:  Beol 3, Beol 2, Beol 96, and
        SMEG.

        But  you  can  get  another  ones,  which  are:   Dospacket  virus and
        Volumelauncher  virus.   NOTE:   These ones mean that AntiBeol found a
        program  that  used  some techniques NORMALY only viri (like the above
        mentioned)  use.   It  DOESN`T  need  to  be  a  virus, but it can be.
        Programs like ArcHandler or DiskExpaner can cause such things, in this
        case just press "Leave It" and it won`t be touched.  So IF you start a
        program  you  100% KNOW about it`s virus-free (and it crashes), please
        mail me, and try using the NOSTRICT option.

TECHNICAL
        This  paragraph  is  for advanced users only, so don`t get mad because
        you don`t understand a word :)

        So  how  does  this  thingie  work?  Basically quite easy:  Every five
        seconds,  it  checks  some  vectors  of  the system (pr_WaitPkt of all
        Volumes,  Processes,  and TC_LAUNCH of every task), as they`re used by
        the  above  mentioned  viruses.   If such a virus is detected, or some
        other  program  is  found there (these vectors are normaly not used by
        any program I could find) they`ll get cleared, the suspicious piece of
        code  get`s  disabled  and you`ll get notified.  For the curious ones:
        AntiBeol  also changes it`s name randomly every 5 seks, so don`t get a
        heart attack if you see a process like "CLI(15):r7a9wOeci".  This will
        prevent the FindTask("SnoopDos")-trick.

        So  what do these "future-viri" requesters mean?  Dospacket means that
        someone  hooked  up  in  pr_WaitPkt, either in the Processes or in the
        Volumes,  and  Volumelauncher means someone hooked up in the TC_LAUNCH
        field  of the Volumes` tasks.  As additionaly help you get the address
        of  the  suspicious  vector.   This is a pointer to the dos structure,
        e.g.  pr_WaitPkt.

LAST WORDS
        I really do have to thank Markus Schmall for his help and providing of
        viri!   Without  him I wouldn`t even have thought about releasing this
        program!

        I also have to thank Jan Andersen from the VIRUS HELP TEAM DENMARK for
        his    support.     You    can    find    the   newest   AntiBeol   on
        http://home4.inet.tele.dk/vht-dk/ !

HISTORY
        v1.0 (24-Sep-96)
         - initial release

        v1.1 (17-Oct-96)
         - Now works on 68000 machines (thx to Danny Lade)
         - Recognizes DiskExpander (thx to Martin Imlau)
         - Finally works with ArcHandler under every condition
         - Improved the warning requester, shows memory and you can decide
           wether to kill or not to kill the suspicious code.

        v1.2 (27-Nov-96)
         - Recognizes FSDirs (thx to Dave Jones)
         - Removed enforcerhits, which caused an
           A3000 to stall every 5 secs (thx to Nils Goers)

        v1.21 (10-Mar-97)
         - Recognizes VincEd (thx to Nils Goers)
         - Added new email address!

        v1.3 (25-Mar-97)
         - Recognizes VMM (thx to Dave Jones)
         - The warning requester will now pop up only one time
           instead of every 5 secs.

        v1.32 (6-Sep-97)
         - Recognizes VincEd 3.52 (thx to Nils Goers)
         - Doesn`t disturb serial transfers anymore (thx to Gary Gagnon)
         - BUGFIX: Recognizes again Beol3 and Beol96. Sorry for this!

        v1.33a (13-Sep-97) Only released at the VIRUS HELP TEAM DENMARK!
         - Recognizes HitchHicker 4.32
         - Added "DisableHH423", a tiny tool which desinfects files
           Sorry, virus only gets disabled, not removed.

        v1.33 (21-Sep-97)
         - Included "RemoveHH423" which really cleanes an infected file
           (also files disabled with "DisableHH423").
         - Removed "DisableHH423" from distribution.

DISCLAIMER
        This  software  is subject to the "Standard Amiga FD-Software Copyright
        Note"  It is Freeware as defined in paragraph 4a.  For more information
        please read "AFD-COPYRIGHT" (Version 1 or higher).

AUTHOR
        If you have some comments, please don`t hesitate to contact me!

        Gideon Zenz
        Giersbergstr. 41
        53229 Bonn
        GERMANY

        EMail: gzenz@ixc.net

        -Gideon Zenz, 21-Sep-97

SECURITY
        If  you  want  to  be shure you have the original programs, check with
        "md5sum -c AntiBeol.readme".  (md5sum is part of the PGP package), and
        of cause check the integrity of this readme with PGP!

72e92394aa7a8e22a41754ca42f90175 *AntiBeol
0c64233fe99ff65bd729bbadedfe39c5 *RemoveHH423

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3ia

mQCNAi3izr8AAAEEAMi+7o+iKDG26t8EuoX0NJ92iwhkviRC3GdJ1Uvef4+xJA3V
ey20ZnzBg/OokPdo0a3VxhwyjD2auyFmp7DLupQTko7Wx2zLk19EzVBxI6NggUev
ep+eaVvAi8V/YosYh0Xg4/dScOq391irO6k9+BPqkQPH+bRNCUBgnhXGkfElAAUR
tBtHaWRlb24gWmVueiA8Z3plbnpAaXhjLm5ldD6JARUDBRAz36dHCen5CopyTkUB
AUrFB/9cdPzCbD0H6z3CDBRA2rhFQblNvC3R/Cjl5+EQhafJZ5egiMncEbH/rgR2
xmAqj789+ClC2cxtvRJpEeldB/BTqh0Ta/2i752xaH/AZP8Z6LFiLufW8EFRKmTz
QZEV2uQ9iIEUAZaxP6482Sqymvp4WmqFWWuDnS+G6PjPwIl1gSvFhVaZSZfmbZGs
YDePjL4yEHJymKW19hNkyG4u7TRpvWVHLuuqYUS+gjvXKfJkEr1epfVbUkgPqbyZ
vQ5eJ097oL6m7dZwhgLmdwZ2EUNWH45pHXNTyOSFhkWkt9wMCQ4dzDSgmvD0T9Tw
WhExUoTDX6r1tYdvGrg52y5PtLTEiQCVAwUQMySwfUBgnhXGkfElAQGJcgP/b6Hf
GYzF1TBvXbmubxzkvPJtnX4PNQP3PF97vjwqBpkUuYv1esxSgbvuN8wbYwsOoNW1
cDDIxM/sAXBrMHxX5cFf+au46hovwAQT9Uj9t47bQRVSqHKPGVjUUEP5jVfEQy6j
842QJ5hANHQjvmZAR0dwaPJ35nqJ+h414KY7hq20Ok5PVEU6IDxnemVuekBFcm5p
ZS5NSS5VbmktS29lbG4uREU+IGlzIG5vdCB2YWxpZCBhbnkgbW9yZSGJAJUDBRAz
JLCqQGCeFcaR8SUBAZ8pA/9yXKDclBIxx/BiKdxNSDBgaNC5hyHyCC2iZK0/F2zP
uvuqkhCIQCdzMFLsJLFslamhjVDFZVKRtpSA3vblWivpM5n6yt4kxi+bMkK3LW2q
r4CBWw3SriShT1BgGhuLbV4YcVNB/PIeAOJ4Z82tLxLQzuwKsYOxPkGSS/maSxOB
+LQpR2lkZW9uIFplbnogPGd6ZW56QEVybmllLk1JLlVuaS1Lb2Vsbi5ERT6JAJUC
BRAysg5ltvkN3Lttr4EBAVI4BACG972YynotdH9MLDVoZZydI6NMEYF//vf/bTn/
QDN9DcW9VfTHNhbcsBbs4VOrvqX9Dww2d/91u3+HYaA3crz00mN5uVjkCE9FMH3v
QNykrKmBMnajDpqY0E9dJAyYu4C8NaYCzypEeA6oGzrllTTa++9h2VoGCTVrcCBg
4fa9MYkBFQMFEDH2trkAYAKC86RPCQEBgTUH/A8KTc/9NKi/mbzkPGUyywI3krp/
HqGDAQVN89QFynq5PtTSuKy5Q4DAmJwQ4gna9GJQytme1YbaXKjNNxMi2b33Rhd9
aj5HKVHx6bRguJ7LpgAotz6FuI6Ny76V1ccwQQnbxroy+EKOR2uOnOh/Gr4NbVz1
QTVqksYyp/T5rwI1esgJlTKxow6Y9BAutyC4M3n9Snc6sViGQwZsH9Xxts9c9meI
7LRjleWjSFcl7LuZVyf6LFFuzo9jQQTt+Ak69wCeN4Qq5oTzLJQa9KzgQaxj70oP
9LyTPBkdYPWHa+JYPCxgyBojY8igq7PmSRiMnJKhWkQx+uRQbnpuDHPgvgSJAJUD
BRAx0dc3QGCeFcaR8SUBAciDA/4qaRFv5KZGlIbAeGphlR33+aBjMZDf1MlC1QcI
k2yPY9tTMIisz06IckZw7Oq+RVBmJOvOZtJJJuVCuufyHKSg3+HRj6YE4lQ7/ojC
U7yPcrdfny4oLKEpehRB/F89Mzan7cjyLI9qH07I2wq7a9wCwP4BDpa0lxMAQd9U
k+UN6g==
=bdm/
- -----END PGP PUBLIC KEY BLOCK-----

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1

iQCVAwUBNCXIU0BgnhXGkfElAQFEeAP+Kj6l/nR3Eunq/lnKtAOqgCkjZE4Qf5B6
sLeyO9+JRFC0UA+BC9miQI9suTqRv5emAacrSRyBPHS884T4/Z2USOfyDEi0JT2N
eSdCNBr8U4qVuBPHZLzXZB4vQHrrnTEWtRqHtgXkF8JTy3mmr3cwRTqi2YNvPyee
dmZcZtZeJMU=
=ctUo
-----END PGP SIGNATURE-----


Contents of util/virus/AntiBeol_133.lha
 PERMSSN    UID  GID    PACKED    SIZE  RATIO     CRC       STAMP          NAME
---------- ----------- ------- ------- ------ ---------- ------------ -------------
[generic]                 2858    7266  39.3% -lh5- 9aaa Jul  8  1995 afd-copyright
[generic]                 1556    2024  76.9% -lh5- 8144 Sep 21  1997 AntiBeol
[generic]                 4857    8891  54.6% -lh5- 2c64 Sep 21  1997 AntiBeol_133.readme
[generic]                  514     900  57.1% -lh5- 2169 Sep 21  1997 RemoveHH423
---------- ----------- ------- ------- ------ ---------- ------------ -------------
 Total         4 files    9785   19081  51.3%            Sep 22  1997
Page generated in 0.02 seconds
Aminet © 1992-2024 Urban Müller and the Aminet team. Aminet contact address: <aminetaminet net>