orovner@sdcc13.ucsd.edu (Oleg Rovner) (01/24/91)
would someone be so kind as to let me know what sort of a program would set the ColdCapture vector? More specifically, is there any known link (non-bootblock) virus which does so? If there is, could you also point me to a program that would check for it? VirusX 4.01 reports a ColdCapture vector as being set, but KV does not do anything other than reporting that all my files used is s:startup scripts are virus free... I am booting off a hard drive, running an A500 with 1 meg CHIP and 3.5 Megs of slow RAM achieved with an ICD AdRam board. thanks for your time, wherever you are... :-) -- ************************************************************************ GOD BLESS AMERICA! SUPPORT OUR TROOPS AND OUR ALLIES! FREE KUWAIT! ************************************************************************
chem194@csc.canterbury.ac.nz (John Davis) (01/26/91)
In article <15952@sdcc6.ucsd.edu>, orovner@sdcc13.ucsd.edu (Oleg Rovner) writes: > would someone be so kind as to let me know what sort of a program > would set the ColdCapture vector? More specifically, is there any > known link (non-bootblock) virus which does so? If there is, could > you also point me to a program that would check for it? VirusX 4.01 > reports a ColdCapture vector as being set, but KV does not do > anything other than reporting that all my files used is s:startup > scripts are virus free... I am booting off a hard drive, running an > A500 with 1 meg CHIP and 3.5 Megs of slow RAM achieved with an > ICD AdRam board. Well, I use VMK, which not only reports if the (cold|cool)capture vectors are set (in fact it checks nearly ALL vectors a virus could use ... very handy), but also tells you the address it's pointing to, and displays a dump of that area of ram!! It's very handy ... My BootMenu program uses coldcapture (to fix the 1mb chip ram bug in ks1.2/1.3), and CBM's setpatch with the '-r' option does it as well (for the same reason) ... it could be one of them, or of course it _could_ be a new virus that's clever enough to know to patch coldcapture to prevent ram clearing on a 1mb chip machine (which breaks most oldver virii) .... ----------------------------------------------------------- | o John Davis - CHEM194@canterbury.ac.nz o | | o (Depart)mental Programmer,Chemistry Department o | | o University of Canterbury, Christchurch, New Zealand o | | o o | | o co-sysop AmigaINFO BBS,1200/2400 baud CCITT, o | | o 24 hours a day, ph NZ +3-3371-531 o |
SteveX@omx.UUCP (Steve Tibbett) (01/27/91)
In article <15952@sdcc6.ucsd.edu> orovner@sdcc13.ucsd.edu (Oleg Rovner) writes: >would someone be so kind as to let me know what sort of a program >would set the ColdCapture vector? More specifically, is there any >known link (non-bootblock) virus which does so? If there is, could >you also point me to a program that would check for it? VirusX 4.01 >reports a ColdCapture vector as being set, but KV does not do >anything other than reporting that all my files used is s:startup >scripts are virus free... SetPatch will set the CoolCapture vector. If you're NOT using RAD: then put "-c" on the VirusX command line. If you ARE using RAD: then put "-r" on, and maybe the requester will go away, maybe it won't (It depends on where in memory SetPatch puts the vector). -- ...Steve Tibbett...bix=s.tibbett...Plink=STEVEX...BBS=613-731-3419... ...VirusX=4.01...Insert Disclaimer Here...