yorkw@stable.ecn.purdue.edu (Willis F York) (03/21/91)
Well like a Good amiga user, i got the "Bigbrother" anti virus program. and got it running.. but... EVERY SECOND the thing pops up. I clear the memory, and it Pops up again!. So obvisouly somthing's trashing somthing it shoulden't So how do i find out what's doing it? To be exact- it saya the following. ---------------------- ColdCapture - Offset 42 :$00000000 CoolCapture - Offset 46 :$00000000 KickMemPtr - Offset 546 :$00000000 KickTagPtr - Offset 550 :$00000000 DoIO Vector - Offset -454 :$00fc06dc <------- What are all these anyway? RadTask has not been found. ---------------------- This system has been modified. Non reset virus. ^^^^^^^^^^^^^^ It's this line that has me Stumped.... Well i'm sure some other "begginers" would like to know more about this topic. -- yorkw@ecn.purdue.edu Willis F York (Hope THIS sig don't insult anyone!)
jms@vanth.UUCP (Jim Shaffer) (03/22/91)
In article <yorkw.669508824@stable.ecn.purdue.edu> yorkw@stable.ecn.purdue.edu (Willis F York) writes: >Well like a Good amiga user, i got the "Bigbrother" anti virus program. >and got it running.. but... I've never used Bigbrother, so I can only give you general information. >EVERY SECOND the thing pops up. I clear the memory, and it Pops up again!. > >So obvisouly somthing's trashing somthing it shoulden't Yeah, it sounds like you've got a *really persistent* virus there! >So how do i find out what's doing it? I would advise you to get some anti-virus program that will actually tell you *what virus you have*, not just that your vectors have been modified. VirusX 4.01 does this, though it's a little out of date. There's a more recent one named Berserker which I think also identifies the beasties by name. This is what you need. >ColdCapture - Offset 42 :$00000000 >CoolCapture - Offset 46 :$00000000 >KickMemPtr - Offset 546 :$00000000 >KickTagPtr - Offset 550 :$00000000 >DoIO Vector - Offset -454 :$00fc06dc <------- What are all these anyway? The Capture vectors and the KickPtrs have something to do with doing a re-boot of your system. (See below.) DoIO I think is a library routine. >RadTask has not been found. >---------------------- >This system has been modified. >Non reset virus. >^^^^^^^^^^^^^^ It's this line that has me Stumped.... If you had a virus that took effect at boot time (reset time), it would've modified one of the first four items on the list above. You apparently have something that acts at other times. Like, I/O operations. Now, one final thing: Do you have any non-standard patches or utilities active when you trigger this program? Perhaps the change was made by something other than a virus. This is where it would be nice to have a program that actually identified viruses by name. (If Bigbrother is *supposed* to do this (remember, I've never seen it), and it's not, either you don't have a virus or you have a really new virus.) -- * From the disk of: | jms@vanth.uucp | "You know I never knew Jim Shaffer, Jr. | amix.commodore.com!vanth!jms | that it could be so 37 Brook Street | uunet!cbmvax!amix!vanth!jms | strange..." Montgomery, PA 17752 | 72750.2335@compuserve.com | (R.E.M.)