felixc@mtgzy.att.com (Felix Cabral) (01/04/89)
I recently purchased a Fred Fish diskette with Virusx on it. I needed it
since I got a visit from the SCA virus. I came across a problem I encountered
using Virusx. I decided to post it in order to get some info on the problem.
If this problem has already been talked about, please excuse me since I'm a
less than six months subscriber to this newsgroup.
Let me first ask if I do have the SCA virus. I got a bar across my screen
saying "The virus was strong but I am stronger". Other things were printed
including "servo and storeroom boy". After looking at the code I also saw
"LSD!LSD!LSD!LSD!LSD!...". Is this really the SCA virus. Needless to say
it wiped out my disk after all this appeared on the screen.
Now for the problem. Virusx determined that indeed it was the SCA virus
by giving me a requester asking me if I want to ignore or remove it. I
decided to search my other diskettes. Virusx came up with the requester
if I switched diskettes back to back but only if the first diskette
had the virus and the second had a "nonstandard" boot code. Now, even if
the virus was not on the second diskette Virusx put up the SCA virus
warning. This would not happen if I placed a good diskette in any of the
drives prior to placing the diskette without a standard boot code in any
drive. If instead of finding the SCA virus on the first diskette (as mentioned
above) it found a nonstandard boot code, Virusx would inform me of a
nonstandard boot code on the second diskette. Apparently, a flag somewhere
is not being cleared. In essence, Virusx warns of a nonstandard boot code
or an SCA virus for a diskette which does not have a standard boot if
prior to checking it either situations were found in a prior diskette. But
again only if the second diskette is entered in a drive immediately after
a bad one.
I have version 1.21 of Virusx. Another point is this happens only with
version 1.2 workbench even with kickstart versions 1.1 or 1.2. It
does not happen with 1.3 workbench.
For a day or so I believed I got the virus from a brand new box of diskettes.
Because these diskettes had no standard boot block (uninitialized) Virusx
gave me the SCA virus warning since I first checked a diskette that really
did have the virus. Now I still don't know where I got it from.
Can someone shed some light on this problem with Virusx or is it a workbench
problem? ALso considering the ascii code (messages) mentioned above is this
virus the SCA virus?
--
Felix Cabral {felixc@mtgzy.att.com} "Just give me a rad
AT&T Bell Labs { or } wave, a rad board
Middletown,NJ { att!mtgzy!felixc } and a sick day"
4B-402 (201) 957-5081lachac@seagulls.rutgers.edu (Gerard Lachac) (01/06/89)
>I have version 1.21 of Virusx. Another point is this happens only with >version 1.2 workbench even with kickstart versions 1.1 or 1.2. It >does not happen with 1.3 workbench. VirusX is upto version 3.00. This came into existance around Jan 2 or so. Included with the zoo file I received was a program call "kv" which detects and removes the new IRQ virus. Available at your local BBS... -- ------------------------ Gerard Lachac | lachac@topaz.rutgers.edu| ------------------------
hrlaser@pnet02.cts.com (Harv Laser) (01/06/89)
lachac@seagulls.rutgers.edu (Gerard Lachac) writes: > >>I have version 1.21 of Virusx. Another point is this happens only with >>version 1.2 workbench even with kickstart versions 1.1 or 1.2. It >>does not happen with 1.3 workbench. > >VirusX is upto version 3.00. This came into existance around Jan 2 or >so. Included with the zoo file I received was a program call "kv" >which detects and removes the new IRQ virus. > >Available at your local BBS... >-- >------------------------ >Gerard Lachac | >lachac@topaz.rutgers.edu| >------------------------ Surprise! Guess what! It's up to 3.1 now! :-) 3.0 had a problem - it didn't install virus-infected disks when you asked it to and it over-reported the number of disks that'd been checked. 3.1 fixes those and adds two MORE viruses (so it checks for NINE of them now....sigh). Judging by the number of viruses at Steve Tibbett's house, I'm going to get some booster shots if I ever go visit him. Harv Laser, Sysop, The People/Link AmigaZone. Plink: CBM*HARV UUCP: {ames!elroy, <backbone>}!gryphon!pnet02!hrlaser INET: hrlaser@pnet02.cts.com <---open Push down while turning close tightly--->
billsey@agora.UUCP (Bill Seymour) (01/07/89)
From article <4575@mtgzy.att.com:, by felixc@mtgzy.att.com (Felix Cabral):
: I recently purchased a Fred Fish diskette with Virusx on it. I needed it
: since I got a visit from the SCA virus. I came across a problem I encountered
: using Virusx. I decided to post it in order to get some info on the problem.
: If this problem has already been talked about, please excuse me since I'm a
: less than six months subscriber to this newsgroup.
:
: Let me first ask if I do have the SCA virus. I got a bar across my screen
: saying "The virus was strong but I am stronger". Other things were printed
: including "servo and storeroom boy". After looking at the code I also saw
: "LSD!LSD!LSD!LSD!LSD!...". Is this really the SCA virus. Needless to say
: it wiped out my disk after all this appeared on the screen.
What you have there is a clone of the SCA virus called... The LSD
virus! I belive it was created by someone by simply zapping the bootblock
of an infected disk.
:
: Now for the problem. Virusx determined that indeed it was the SCA virus
: by giving me a requester asking me if I want to ignore or remove it. I
: decided to search my other diskettes. Virusx came up with the requester
: if I switched diskettes back to back but only if the first diskette
: had the virus and the second had a "nonstandard" boot code. Now, even if
: the virus was not on the second diskette Virusx put up the SCA virus
: warning. This would not happen if I placed a good diskette in any of the
: drives prior to placing the diskette without a standard boot code in any
: drive. If instead of finding the SCA virus on the first diskette (as mentioned
: above) it found a nonstandard boot code, Virusx would inform me of a
: nonstandard boot code on the second diskette. Apparently, a flag somewhere
: is not being cleared.
: I have version 1.21 of Virusx.
There's the solution, get a newer version of VirusX. 1.21 is pretty
old. The current version (it even finds and removes the IRQ virus from memory)
is version 3.10. It's available on PLink and various BBSes around the country.
I imagine it'll be up here soon...
: --
: Felix Cabral {felixc@mtgzy.att.com} "Just give me a rad
: AT&T Bell Labs { or } wave, a rad board
: Middletown,NJ { att!mtgzy!felixc } and a sick day"
: 4B-402 (201) 957-5081
--
-Bill Seymour ...tektronix!reed!percival!agora!billsey
...tektronix!sequent!blowpig!billsey
Creative Microsystems Northwest Amiga Group At Home Sometimes
(503) 684-9300 (503) 656-7393 BBS (503) 640-0842robocop@netmbx.UUCP (Thorsten Ebers) (01/07/89)
In article <Jan.5.17.32.17.1989.16748@seagulls.rutgers.edu> lachac@seagulls.rutgers.edu (Gerard Lachac) writes: > >VirusX is upto version 3.00. This came into existance around Jan 2 or >so. Included with the zoo file I received was a program call "kv" >which detects and removes the new IRQ virus. > >Available at your local BBS... But not Germany or Europe.So please Post the zoo-file to comp.bin.amiga or to comp.sys.amiga if the file is not too long. thorsten --- There are four people named Everybody,Somebody,Anybody and Nobody. There was an important job to be done and Everybody was asked to do it.Everybody was sure Somebody would do it.Anybody could have done it, but Nobody did it.Somebody got angry about that,because it was Everybody's job.Everbody thought Anybody could do it but Nobody realized that Everybody wouldn't do it.It ended up that Everybody blamed Somebody when Nobody did what Anybody could have done. -- Thorsten Ebers Overseas:..pyramid!tmpmbx!netmbx!robocop Goerresstr.20 Europe :..altger!tmpmbx!netmbx!robocop 1000 Berlin 41 Germany :robocop@netmbx.UUCP Germany Phone:030/851 84 60
tope@enea.se (Tommy Petersson) (01/09/89)
In article <Jan.5.17.32.17.1989.16748@seagulls.rutgers.edu> lachac@seagulls.rutgers.edu (Gerard Lachac) writes:
-VirusX is upto version 3.00. This came into existance around Jan 2 or
-so. Included with the zoo file I received was a program call "kv"
-which detects and removes the new IRQ virus.
-
PLEASE POST THEM!kim@uts.amdahl.com (Kim DeVaughn) (01/10/89)
In article <10366@gryphon.COM>, hrlaser@pnet02.cts.com (Harv Laser) writes: > > Surprise! Guess what! It's up to 3.1 now! :-) Just a note on VirusX v3.10 ... in one of the docs, Steve mentions the byte-count for VirusX, so people can check to see if it might have had code surreptitiously added to it (thanks, Steve). Unfortunately, he forgot to change it (the byte-count) for v3.10, and still gives the count for v3.00. The v3.10 version is slightly larger (by a couple hundred bytes, or so, as I recall). /kim -- UUCP: kim@amdahl.amdahl.com or: {sun,decwrl,hplabs,pyramid,uunet,oliveb,ames}!amdahl!kim DDD: 408-746-8462 USPS: Amdahl Corp. M/S 249, 1250 E. Arques Av, Sunnyvale, CA 94086 BIX: kdevaughn GEnie: K.DEVAUGHN CIS: 76535,25
davidg@killer.DALLAS.TX.US (David Guntner) (01/10/89)
From article <4229@enea.se>, by tope@enea.se (Tommy Petersson): > In article <Jan.5.17.32.17.1989.16748@seagulls.rutgers.edu> lachac@seagulls.rutgers.edu (Gerard Lachac) writes: > -VirusX is upto version 3.00. This came into existance around Jan 2 or > -so. Included with the zoo file I received was a program call "kv" > -which detects and removes the new IRQ virus. > - > > PLEASE POST THEM! I've mailed a copy to Bob Page, so I expect that he'll be posting it to the binaries/sources group in the near future. --Dave -- David Guntner UUCP: {ames, mit-eddie}!killer!davidg INET: davidg@killer.DALLAS.TX.US "...Different ship, but she's got the right name. Treat --Admiral L. McCoy her like a lady, and she'll always bring you home." "Encounter at Farpoint"