rouaix@inria.UUCP (Francois Rouaix) (04/19/88)
Yet another bad news about ByteBandits Virus ! Starting from a safe machine, running VirusX. Insert a ByteBandits-infected disk (boot-block presents the infamous message, and usual symptoms when booting from this disk) Nothing happens ! (I thought VirusX would show up the 'usual' requester) BTW, VCheck1.9 detects a non-standard boot-code. I just wrote a small utility that converts a 1024 bytes file (supposed to be the image of block 0 and 1) into an AmigaDos executable-file. (technical details: two hunks : 1 for code and 1 for data -- the first three longwords on block 0). This allows you to use Dis or Wack or ... to study any boot-code. If you're interested, let me know and I will post/mail the sources. -- *- Francois Rouaix // When the going gets tough, * *- rouaix@inria.inria.fr \X/ the guru goes meditating... * *- SYSOP of Sgt. Flam's Lonely Amigas Club. (33) (1) 39-55-84-59 (Videotext) *
tope@enea.se (Tommy Petersson) (04/21/88)
In article <682@inria.UUCP> rouaix@inria.UUCP (Francois Rouaix) writes: > >Yet another bad news about ByteBandits Virus ! > >Starting from a safe machine, running VirusX. >Insert a ByteBandits-infected disk (boot-block presents the infamous message, >and usual symptoms when booting from this disk) >Nothing happens ! (I thought VirusX would show up the 'usual' requester) > >BTW, VCheck1.9 detects a non-standard boot-code. > (stuff deleted) Is VirusX a general virus finder/killer? I just got a "ByteBandit Virus Killer" program that just looks for that partical virus in one mode, looks for non-standard boot blocks in another mode and has an "install" option to write a new standard boot block to a diskette. It didn't find any ByteBandits on my diskettes, so I still don't know if it works. What exactly does the ByteBandit do, more than freezing the machine? The information I have read differs from different sources. Will it eat up data on the hard disk?
dg2l+@andrew.cmu.edu (Douglas Phillip Ghormley) (04/24/88)
In article <682@inria.UUCP>, Francois Rouaix writes: >I just wrote a small utility that converts a 1024 bytes file (supposed >to be the image of block 0 and 1) into an AmigaDos executable-file. >(technical details: two hunks : 1 for code and 1 for data -- the first >three longwords on block 0). >This allows you to use Dis or Wack or ... to study any boot-code. >If you're interested, let me know and I will post/mail the sources. Well, I for one would be interested in seeing this posted. -Douglas Ghormley (dg2l+@andrew.cmu.edu)
lphillips@lpami.van-bc.UUCP (Larry Phillips) (04/24/88)
In <682@inria.UUCP>, rouaix@inria.UUCP (Francois Rouaix) writes: >I just wrote a small utility that converts a 1024 bytes file (supposed >to be the image of block 0 and 1) into an AmigaDos executable-file. >(technical details: two hunks : 1 for code and 1 for data -- the first >three longwords on block 0). >This allows you to use Dis or Wack or ... to study any boot-code. >If you're interested, let me know and I will post/mail the sources. Yes... love to see it. Please do post it. -larry -- Janus? Well, look at it this way. If you squint a little, the J could be Amiga checkmark, and the rest of the word describes MsDos. +----------------------------------------------------------------+ | // Larry Phillips | | \X/ {ihnp4!alberta!ubc-vision,uunet}!van-bc!lpami!lphillips | | COMPUSERVE: 76703,4322 | +----------------------------------------------------------------+