finkel@TAURUS.BITNET (04/10/88)
Read the following if you want to defeat the Byte Bandit virus!
--------------------------------------------------------------------
Message #18651 sent 8.04.88 16:24
From : Amigaeb
To : All with virus
To : All
Subject: VIRUS...again (long)
By now most of you should have experienced the two viruses, from SCA
(Swiss Cracking Association) and BB (Byte Bandit). The only cure to this
is the rewrite the bootsectors on the infected disk. This can be done
with INSTALL, but make sure the virus is not in ram allready, or it will
just rewrite the bootsectors again. Just turn off the Amiga for about 10
seconds, and boot with a disk you know for sure hasn't been infected,
for instance the original workbench diskette. Type 'install ?<return>'
and when the disk stop spinning you insert the disk with the virus and
type 'df0:<return>'.
But how do you know the virus is there? There are some programs in
Public Domain to help you with this. The best is (in my opinion) the
latest version of VirusX (1.21) which knows both SCA and BB. VirusX
opens a window on the workbench screen and stays there. Everytime you
insert a new disk it checks for virus, and if it finds one it will ask
you if you want to remove it. It will also note you about any
non-standard bootsectors. Nice, eeeh?
Now for some useful information. The SCA virus can be found without
having a virus-checker program (or a disk 'debugger'), just insert the
disk you want to check and press Ctrl-Amiga-Amiga (reset) and boot the
disk. Then you reset the machine again, and hold down the left
mousebutton at the same time. Hold down the button for a few seconds,
and the screen will become GREEN if the SCA virus is in ram. The virus
will also remove itself from ram, but not from the disk. To be sure the
disk really is infected (the virus could have been in ram from another
disk) you can repeat the procedure.
Every 16th recreation of the SCA virus will be a version that pops up
and give you a message when you boot from that disk ("Something
wonderful has happened...your Amiga is still alive...and even
better..etc.")
And now to the mysterious BB-virus. This virus is more dangerous, at
least to people that don't know how to beat it. By digging around in the
code I found the following:
-- The virus has two parts, the recreation part (which makes this a
virus) and a 'freeze' part. The second part does not start to
function until some action have happened: 1) The virus must have
made at least 6 copies of itself, and 2) the machine must have
been reset at least 3 times. Then a counter starts going...
-- About 7 minutes later the virus will turn off the display (bitplane)
DMA, and ALL interrupts. Goodbye multitasking!
-- "You have just made your best picture, C-program, whatever when the
virus struck you (that is, your Amiga). And you have only saved
to ram! I'll gladely kill that virusmaker, you think, and turn
off your your machine"......No, no, no. DON'T DO THAT, don't
turn off your Amiga, your work isn't lost. The maker of the
BB-virus has also made a way to 'unfreeze' the machine again (to
save himself from getting hit!?). This is what you must do to
'unfreeze':
Press the following keys:
Left-ALT, Left-Amiga, SPACE, Right-Amiga, Right-ALT
The order of the keys IS important, and DON'T release the other
keys when you press the next. Did you get it? Press L-ALT, hold
it down while pressing L-Amiga, hold them down while...
When you press the last key your Amiga should be working again.
If not you have done something wrong, just press the keys again until
successful.
---** AmigaEB **---
SLH1988
<A>gain, <R>eply, <X> Reply & Kill, <K>ill, <N>ext, <C>arbon copy or <E>xit: