FVK

From AtariForumWiki
Jump to: navigation, search


        FLOPPY VIRUS KILLER V3.0

        Coded by Pacman 1991

Written entirely in 68000 m/code using Devpac and Wercs by Hisoft.

v3.0 Changes....

More bootsector checks, obviously!!!
More Internal Checks at boot up too.

The program will now run as an ACCESSORY or PROGRAM (yeah, I finally got round
to sorting this out).

The program will now function through the keyboard as well as the mouse (hi
Poppers). These keys are the 1st letter of each of the functions, except exit.

D = Dump a bootsector as a DAT file.
X = Exit the program
I = Immunise a disk
R = Renew (clean up) a bootsector
P = Write out a Pompey Bootblock
M = Write out a Medway Bootblock
L = Look for Link Viruses
C = Credits, press return or click on the icon to leave.

Pressing A or B will read the desired disk and display it.

The UP & DOWN arrow keys will move through the bootsector display.

Oh yeah, the program now uses DMA read routines for speed!

There is now a STATUS display incorporated into the program.
Pressing HELP will throw up a status display of important vectors used on the
ATARI ST.

   ---------------------------------

Here is a brief explanation of the vectors displayed in the status window.

FREE RAM is obviously the amount of FREE RAM in your machine.

MEMORY TOP is the contents of $436. On a bare machine with nothing resident in
the computer the address should yield $78000 for 520 ST or $F8000 for 1040's.
Any values lower than this should immediately make you suspicous, so pay
attention when viewing these vectors.

TRAP #1 Vector is the main Gemdos function vector. Ideally nothing should be
using this vector, in real life however it is often essential.
Viruses are unlikely to use this vector as there are no DISK READ routines
within GEMDOS.

TRAP #13 Vector is the BIOS routines provided by ATARI. Viruses WILL use this
vector as there are DISK routines within the BIOS.

TRAP #14 Vector is the eXtended BIOS routines provided by ATARI. Viruses WILL
use this vector as there are DISK routines within the XBIOS functions.

RESET VECTOR is a location in ram where the computer will go after you SOFT
reset the machine. Normally VIRUSES would try to occupy this vector to make
sure that they stay inside your machine without you noticing. Ideally this
vector should be ZERO. Note:- Some Hard Disk drivers (e.g. Vortex) will occupy
this vector also.

H/D BPB is the address in memory of the H/Drive's Bios Parameter Block. On
normal machines (without H/Drive or RAM disk) this vector should point into
ROM.

H/D R/W if you're lucky enough to have one you'll find the drivers for your
Hard drive at this vector. Because H/Drives are rare amongst most users it is
a good location for VIRUSES to hide themselves. RAM DISKS will also use this
vector for their drivers too. To sum up, if you have no H/Drive and no Ram
Disks this vector should point into ROM.

All the other Vectors should be pointing into ROM.
Because of the variety of Tossers's (Operating Systems) around and the
possiblity of different devices plugged into your ST it's impossible to provide
you with details of what these vectors can contain. You should note what these
vectors contain when you normally boot up your ST.

Do not expect these vectors to remain unchanged, they will change once you
start running applications and accessories, but you will have to make your own
decisions about what is NORMAL and what is suspicious!!

To leave the STATUS display press RETURN or click on the RETURN button.

   ---------------------------------

Here follows the instructions on how to use the Floppy Virus Killer.


1. Select the drive to read by CLICKING on either of the
   two DRIVE buttons  'A' or 'B' or PRESS 'A' or 'B' on your
   keyboard.  The bootsector of the disk will be read into
   memory and displayed.

2. If it's a VIRUS or a bootsector that you don't require
   then select one of the alternative bootsectors labelled
   IMMUNE, RENEW, MEDWAY or POMPEY by clicking the required
   button.
   Alternatively press any one of these keys:-
I = Immune
R = Refresh
P = Pompey
M = Medway (Causes crashes on 4meg machines)

The new bootsector will be written to the disk replacing
the old bootsector, but retaining the disk information.

3. If after reading the disk you are unsure about the
   bootsector code, use the arrows in the display window to
   check the bootsector for any text or info about what is
   on the disk.
The UP & DOWN arrow keys will also move up and down the
bootsector display window.
If this fails to bring any results then you will have to
use your own judgement.

   ---------------------------------

DUMP Allows you to save out a file of a suspicous bootsector, presumably so
you can send it to me! A printer OPTION will be installed sometime (he
said confidently).
Pressing the 'D' key will also operate this function.

   ---------------------------------

LINK    Click on this button or use the 'L' key.

At the moment the FVK recognises only one LINK viruses, others
will be added when I come across them.
When selecting LINK from the main screen you will be thrown into a file
selector from where you should click on any EXECUTABLE files on the
disk. These will be read in and checked by the program.
Should the file be okay you will return to the file selector to
continue your search. Clicking on CANCEL while in the file selector
will exit back to the main screen.

Should you find an infected file you will be told so. At this time you
can either KILL the file (delete it) or CONT (continue) checking files.

A manual check was preffered to AUTOMATICALLY searching and checking
the disk, as only program files are affected by this particular LINK
virus. I may incorporate AUTO checking later.

   ---------------------------------

Well this appears to be it for now. Hope you find the program useful and easy
to use.

If you have anything strange lurking on your bootsector or attached to any of
your files then don't hesitate to kill it!! (Well I wouldn't be that hasty
myself - Alien)
Alternatively you could bring the offended code to me, but you'll have to know
where to get in touch with me 1st won't you!!

If you don't know how to get in touch with me directly you may have to resort
to CHAINING the file to me through a friend of a friend. This way we can expect
to infect 50% of all disks collected by everyone. This could lead to full time
employment within a very short period!! Not a bad way to make a living!!

Anyone sending a disk with infected bootsectors or programs should CLEARLY mark
the offending disk as CARRYING a VIRUS.

   ---------------------------------

Anyone with a spare H/drive (plug in and go type of H/drive!) can send it to me
and I'll sort out the viruses lurking on those devices too! This appears to be
no problem, I just have trouble convincing people otherwise! Don't know why
H/drive owners are so touchy!! (It's something to do with the cost of h/ds and
amount of data on them I think... - Alien)
A printer donation will be gratefully appreciated and will allow me to
incorporate a hard copy feature into the program!

Thanks to everyone who helped me with FVK.

Mucho thanks to the rigorous testing of Mike, Rod and Radion Man!

Thanks to the BOG BROTHERS for the viruses. Thanks also to CLOCKWORK ORANGE for
the Link virus.

  Pacman
    



Back to Antivirus