[comp.sys.apple] Virus Detection Program

chipw@pro-newfrontier.UUCP (Chip Welch) (07/29/88)

Here is a Virus detection program that just appeared on GEnie.  It will scan
all SYS programs on a disk and check for the CyberAIDS/Festering Hate virus.

------------Applesoft Program follows:-----------------
 
 100  REM  This program detects ProDOS 8 SYS files
 101  REM    that have been infected with the
 102  REM    viruses known as:
 105  REM      * CyberAIDS
 106  REM      * Festering Hate
 120  REM 
 121  REM  If you find an infected program in your
 122  REM    library, the safest thing to do is to
 123  REM    delete it and replace it with an
 124  REM    uninfected back up.
 130  REM 
 131  REM  Written by Tom Weishaar, July 1988
 132  REM  Inspiration by Dennis Doms and Eric Mueller
 133  REM 
 900 D$ =  CHR$ (4)
 910  DIM F$(300,1)
 1000  TEXT : HOME : PRINT  CHR$ (21)
 1001  INVRSE 
 1002  PRINT ":    APPLE II VIRUS SCANNER: V 1.0    :"
 1003  NORMAL 
 1004  PRINT 
 1005  PRINT "           COPYRIGHT 1988 BY"
 1006  PRINT "     TOM WEISHAAR, OPEN-APPLE/GENIE"
 1007  PRINT 
 1008  PRINT "FOR THE LATEST VERSION OF THIS PROGRAM,"
 1009  PRINT "CHECK OUT CAT 40 IN GENIE'S A2 LIBRARY."
 1010  PRINT 
 1011  PRINT "FREEWARE: MAY BE COPIED AND DISTRIBUTED"
 1012  PRINT " AS LONG AS NO MODIFICATIONS ARE MADE."
 1013  PRINT 
 1014  PRINT "     PRESS <RETURN> ALONE TO QUIT."
 1015  PRINT : PRINT : PRINT 
 1020  REM  get slot
 1021  PRINT "SCAN DISK DEVICE IN WHICH SLOT? ";
 1022  INPUT "";S$: IF S$ = "" THEN  PRINT D$;"BYE"
 1023 S =  VAL (S$):
 1024  IF S < 1 OR S > 7 THEN  PRINT  CHR$ (7): GOTO 1020
 1040  REM  get drive
 1041  PRINT "                IN WHICH DRIVE? ";
 1042  INPUT "";DR$: IF DR$ = "" THEN 1020
 1043 D =  VAL (DR$):
 1044  IF D < 1 OR D > 2 THEN  PRINT  CHR$ (7): GOTO 1040
 1100  REM  start disk scan
 1110  ONERR  GOTO 1190
 1120  PRINT D$;"PREFIX,S";S;",D";D
 1121  PRINT D$;"PREFIX"
 1122  INPUT F$: GOSUB 4000:F$(0,0) = F$:F$(0,1) = "DIR"
 1123  POKE 216,0
 1130  PRINT : PRINT "CHECKING ";F$(0,0)
 1131  PRINT "THIS MAY TAKE AWHILE....": PRINT 
 1140  PRINT D$;"BLOAD ";F$(0,0);",TDIR,A$300,B511,L1"
 1141  IF  PEEK (768) = 0 THEN 1150
 1142  PRINT "CAUTION: VIRUS COUNTER ON THIS DISK="; PEEK (768)
 1150  REM  clear F$(x,x) array
 1151 FPNT = 1
 1152  IF F$(FPNT,1) = "" THEN  GOTO 1154
 1153 F$(FPNT,1) = "":FPNT = FPNT + 1: GOTO 1152
 1154 FPNT = 0:DIRPNT = 1:NSYS = 0: GOTO 1200
 1190  REM  handle no device connected error
 1191  IF  PEEK (222) <  > 3 AND  PEEK (222) <  > 8 THEN 9900
 1192  CALL  - 3288
 1193  PRINT  CHR$ (7)
 1194  IF  PEEK (222) = 3 THEN  PRINT "NO DEVICE AT SLOT ";S;", DRIVE ";D
 1195  IF  PEEK (222) = 8 THEN  PRINT "I/O ERROR AT SLOT ";S;", DRIVE ";D
 1196  PRINT 
 1197  POKE 216,0: GOTO 1020
 1200  REM  main loop
 1210  IF F$(FPNT,1) = "DIR" THEN  GOSUB 2000:FPNT = FPNT + 1: GOTO 1210
 1220  IF F$(FPNT,1) = "SYS" THEN  GOSUB 3000:FPNT = FPNT + 1: GOTO 1210
 1230  PRINT : IF NSYS THEN M$ = "MORE "
 1240  PRINT "NO ";M$;"SYS FILES ON THIS DISK. ";
 1250 M$ = ""
 1260  INPUT "";A$
 1270  GOTO 1000
 2000  REM  search a directory for DIR and SYS files
 2010  ONERR  GOTO 2900
 2011  PRINT D$;"OPEN ";F$(FPNT,0);" ,TDIR"
 2012  PRINT D$;"READ ";F$(FPNT,0)
 2013  INPUT F$: IF  LEN (F$) < 40 THEN 2013
 2014  INPUT F$
 2100  REM  search directory loop
 2110  INPUT F$: ON F$ = "" GOTO 2910
 2111 DIR$ =  MID$ (F$,18,3):F$ =  MID$ (F$,2,16)
 2112  GOSUB 4000
 2120 F$(DIRPNT,0) = F$(FPNT,0) + "/" + F$
 2130  IF DIR$ = "DIR" THEN F$(DIRPNT,1) = "DIR":DIRPNT = DIRPNT + 1
 2140  IF DIR$ = "SYS" THEN F$(DIRPNT,1) = "SYS":DIRPNT = DIRPNT + 1
 2150  GOTO 2110
 2900  REM  handle end-of-file error
 2901  IF  PEEK (222) <  > 5 THEN 9900
 2902  CALL  - 3288
 2910  POKE 216,0
 2911  PRINT D$;"CLOSE"
 2912  RETURN 
 3000  REM  do virus check on a SYS file
 3005  ONERR  GOTO 3900
 3010  PRINT D$;"BLOAD";F$(FPNT,0);",A$300,L6,B0,TSYS"
 3020 DETECT = 1:NSYS = NSYS + 1:TTL = 0
 3030  FOR ADR = 771 TO 773
 3031 :TTL = TTL +  PEEK (ADR): IF TTL > 256 THEN TTL = TTL - 256
 3032  NEXT 
 3040  IF TTL <  > 57 THEN 3700
 3050 ADR = ( PEEK (769) + ( PEEK (770) * 256)) - 8192
 3060  PRINT D$;"BLOAD";F$(FPNT,0);",A$300,L4,B";ADR;",TSYS"
 3070  IF  PEEK (768) <  > 32 THEN DETECT = 0
 3071  IF  PEEK (769) <  > 88 THEN DETECT = 0
 3072  IF  PEEK (770) <  > 255 THEN DETECT = 0
 3073  IF  PEEK (771) <  > 186 THEN DETECT = 0
 3690  ON DETECT GOTO 3800
 3700  REM  no virus in this file
 3710  PRINT "OK: ";F$(FPNT,0)
 3720  POKE 216,0: RETURN 
 3800  REM  file appears infected
 3810 DCNT = DCNT + 1
 3820  PRINT  CHR$ (7)
 3822  PRINT F$(FPNT,0);" APPEARS INFECTED."
 3825  PRINT "   DELETE IT? (Y/N) ";
 3830  GET A$: PRINT A$: PRINT 
 3840  IF A$ = "Y" OR A$ = "y" THEN  GOSUB 3860
 3850  POKE 216,0: RETURN 
 3860  REM  delete current file
 3870  PRINT D$;"UNLOCK";F$(FPNT,0)
 3880  PRINT D$;"DELETE";F$(FPNT,0)
 3890  RETURN 
 3900  REM  handle end-of-file error
 3901  IF  PEEK (222) <  > 5 THEN 9900
 3902  CALL  - 3288
 3903 DETECT = 0: GOTO 3200
 4000  REM  delete trailing spaces & slash in F$
 4010  FOR I =  LEN (F$) TO 2 STEP  - 1
 4020  IF  MID$ (F$,I,1) = " " OR  MID$ (F$,I,1) = "/" THEN F$ =  LEFT$ (F$,I
- 1)
 4030  NEXT 
 4040  RETURN 
 9900  REM  fatal error
 9910  PRINT "ERROR #"; PEEK (222);" IN LINE "; PEEK (218) +  PEEK (219) * 256
 9920  END 

I hope this will help to eliminate the viruses now existing.  If you are
writing programs, you should consider having your finished program check it's
own End of File marker and notify the user if the length of the program has
changed.  Does anyone have any other suggestions on how to prevent Viruses
when writing programs?

                             Apple ][ Forever!!!
  UUCP: crash!pro-newfrontier!chipw
  ARPA: crash!pro-newfrontier!chipw@nosc.mil
  INET: chipw@pro-newfrontier.cts.com
  GEnie: C.WELCH3 [Chip]