boxdiger@altger.UUCP (10/20/87)
How to handle with the SCA Virus -------------------------------- Ok guys, i'm living in Switzerland, where the Virus was programmed by a very honourable Amiga Wizard of the Swiss Cracking Association (I'm not a member of it....). Don't panic the Virus is very harmless and don't damage your Computer. Now, i will try to explain how it works. First, when the Bootblock is loaded into Ram the Virus is copied to $7ec00 (end of Chip Memory). Once there it changes the WarmCapture Pointer in the ExecBase so it will be called by hitting CTRL-AMIGA-AMIGA. Ok now the Virus resides in ur Amiga and waits for someone to reset. RESET: The Virus changes the Pointer of SendIO and returns to the originial Bootroutine. This Routine loads block 0 and 1 in memory using SendIO. Now the Virus writes himself to the Bootblock, destroying the old one (That's the only damage that it will do). After this the Virus increments a counter inside himself and after 15 infections it will come up with a nice message of the form: "Something wonderfull happened.. your Amiga is alive !!!.. and even better... some of your Disk are infected by a Virus... another masterpiece of the Megamighty SCA !!!". After this nice Text appearing sourrounded by a red border in the black screen the bootblock (the old one) will be executed (for his last time, if the this wasn't write protected.). That's all the Virus can do. The Virus is only dangerous in case of disks which needs the bootblock to load a programm without using Dos. Ok, i hope u don't be afraid of it any longer. But how to throw it out of our machine while running. This is very simple. Just hold the left mousebutton down while resetting. If then the screen became green for a half second the Virus was in your computer and even better; is now desactivated. (by him- self of course..). The programmer of the Virus don't like to have it on every Disk .... ok that's all... I hope that nobody will use this idea to create a bad virus. <^_^> Patrick Guelat...... /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\ \ French Name, living in Switzerland, using a german system / / \ \ Replies, questions and money to : / / \ \ ..mcvax!unido!altger!boxdiger or / / ..mcvax!unido!altger!althh!boxdiger \ \ ..altmail!altger!boxdiger / / \ \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
bill@cbmvax.UUCP (10/22/87)
In article <15000002@altger.UUCP> boxdiger@altger.UUCP writes: > >How to handle with the SCA Virus >-------------------------------- >Ok guys, i'm living in Switzerland, where the Virus was programmed >by a very honourable Amiga Wizard of the Swiss Cracking Association >(I'm not a member of it....). Don't panic the Virus is very harmless >and don't damage your Computer. WHOAA! Thats not exactly true. While the VIRUS will not damage your hardware it could very well destroy some commercial products!! There are quite a few commercial games that use the boot block to store information and copy protection schemes if the VIRUS overwrites this information ZAPP goes your game!!! Just another good reason to run from backups!! Bill Koester (CATS) -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Bill Koester -- CBM >>Amiga Technical Support<< UUCP ...{allegra,rutgers,ihnp4,seismo}!cbmvax!bill =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Pleese desrigard eny spealing airors!!!!!!!!!!! =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
flax@suadb.UUCP (Jonas Flygare) (10/23/87)
in article <15000002@altger.UUCP>, boxdiger@altger.UUCP says: > (I'm not a member of it....). Don't panic the Virus is very harmless > and don't damage your Computer. Now, i will try to explain how > it works. > That's all > the Virus can do. The Virus is only dangerous in case of disks > which needs the bootblock to load a programm without using Dos. Not damage my computer I can buy, but harmless.... My guess is that any program that needs the bootblock is a commercial one, therefore bought, probably for muchos dineros.. You can take a good guess about my feelings towards any person that ruins software I paid $$$ for.. Also, to get the virus out, one has to check *all* diskettes, and I have several 100s.. /I-still-want-to-punch-that-guy-in-the-face-flax at his terminal. -- | "Go to the Huntington Gallery and hold a razor blade a quarter of | | an inch away from "The Blue Boy" and shout "Ding dong, ding dong...""| | flax@suadb.UUCP (Jonas Flygare) | | jonasf@kuling.UUCP |
ans@well.UUCP (Anne Schweizer) (10/27/87)
In article <411@suadb.UUCP> flax@suadb.UUCP (Jonas Flygare) writes: > >Not damage my computer I can buy, but harmless.... My guess is that any >program that needs the bootblock is a commercial one, therefore bought, >probably for muchos dineros.. You can take a good guess about my feelings >towards any person that ruins software I paid $$$ for.. Also, to get the virus >out, one has to check *all* diskettes, and I have several 100s.. > > Ok, but did you ever Heard of THE WRITE PROTECT TAB ??? And by the way, if you really have to use a disk which needs the bootblock so press the left mouse button while resetting.. I have the Virus on several Disks, but i don't panic about it... (Males are ever scared about nothing !.) No_smiling_faces_or_other_signatures_available UUCP: ...lll-lcc!well!ans
andy@cbmvax.UUCP (Andy Finkel) (10/27/87)
In article <4306@well.UUCP> ans@well.UUCP (Anne Schweizer) writes: >In article <411@suadb.UUCP> flax@suadb.UUCP (Jonas Flygare) writes: >> >>Not damage my computer I can buy, but harmless.... My guess is that any >Ok, but did you ever Heard of THE WRITE PROTECT TAB ??? Yup...most people have. Unfortunately, some game companies have as well, so they do games that may only be played with the game disk write unprotected. (Little Computer people springs to mind...) And lets not discuss hard disks, which generally don't come with hardware write protects, except to suggest that you don't allow your hard disk to boot (don't let the binddrivers to execute) when trying strange aquired software that you don't have source to. -- andy finkel {ihnp4|seismo|allegra}!cbmvax!andy Commodore-Amiga, Inc. "Interfere? Of course we'll interfere. Always do what you're best at, I always say." Any expressed opinions are mine; but feel free to share. I disclaim all responsibilities, all shapes, all sizes, all colors.
nj@ndmath.UUCP (Narciso Jaramillo) (10/28/87)
In article <4306@well.UUCP>, ans@well.UUCP (Anne Schweizer) writes: > Ok, but did you ever Heard of THE WRITE PROTECT TAB ??? Some commercial, copy-protected, bootblock-needing programs require the tab to be off in order to carry out their various nefarious schemes. > And by the way, if you really have to use a disk which needs the bootblock > so press the left mouse button while resetting.. Yes, but forget once, and it's goodbye software. > I have the Virus on several Disks, but i don't panic about it... > (Males are ever scared about nothing !.) If I had the virus, I certainly would panic about it. Whose word do we have that it might not do something extremely nasty? Better to get rid of it than have a potential REAL trojan. Even worse, suppose this virus turns out to be completely harmless. What if someone releases a virus that *looks* the same but is deadly? Much better to be safe from the beginning. > > No_smiling_faces_or_other_signatures_available > > UUCP: ...lll-lcc!well!ans nj -- nj: ...!ihnp4!iuvax!ndmath!nj, ...!ucbvax!mica!nj