AminetAminet
Search:
82050 packages online
About
Recent
Browse
Search
Upload
Setup
Services

util/virus/Berserker.lha

Mirror:Random
Showing:m68k-amigaosppc-amigaosppc-morphosi386-arosi386-amithlonppc-warpupppc-powerupgeneric
No screenshot available
Short:Ancient Virus Killer with Source
Author:Ralf Thanner
Uploader:aminet aminet net
Type:util/virus
Version:4.1
Architecture:m68k-amigaos
Date:2016-07-27
Download:http://aminet.net/util/virus/Berserker.lha - View contents
Readme:http://aminet.net/util/virus/Berserker.readme
Downloads:272
Berserker V4.1 (1990)
=====================

- works ONLY with Kick 1.2/1.3/2.0
- the Centurion Link Virus is the Smile Cancer

MfG
anonymous


**************************************************************************
*
*                         B E R S E R K E R  IV.1
*                         -----------------------
*
*                (c) Copyright 1988, 1989, 1990 by Ralf Thanner
*
* This code is entirely written in assembler for the Kuma Seka assembler
*
*    Executable program and source code are both in the PUBLIC-DOMAIN!
*
*  A small copy fee for Berserker is okay, but anything which looks like
*        commercial redistribution is forbidden (remember that!).
*
**************************************************************************
*
*       REVISION HISTORY:
*       =================
*
*  R    V1.0    - Just a primitive SCA finder and killer.
*
*  R    V1.c    - Added Byte Bandit & Byte Warrior killer.
*               - Improved SCA & SCA mutants killer routine.
*                 -> OBELISK, AEK, LSD, PENTAGON, BAMIGA SECTOR ONE,
*                    WARHWAK, MICROMASTER & NORTHSTAR...
*
*  R    V2.b    - Now also finds the Exterminator (LAMER).
*
*  R    V2.d    - Now finds the first link virus (IRQ TEAM 41).
*
*       V2.e    - Added alert box. Idea by Olaf Barthel.
*               - Some cleanups and bug-fixes done.
*
*  R    V2.e+   - Doesn't refuse to work with Kick 1.3 any more.
*               - Added custom bootblock writer.
*               - Added kill cold-cool vectors;
*                 There are just too many SCA clones on the market
*                 and it is saver to clear these pointers.
*
*  R    V3.0    - Now also finds the BSG 9 link virus.
*               - Second (and final?) code cleanup for public
*                 release (YEAH!!!).
*               - Removed the custom bootblock writer, too many guys
*                 thought Berserker to be some kind of virus in
*                 disguise.
*
*  R    V3.0+   - Extended to find Gaddafi and Disk-Doctor viruses.
*
*       V3.1    - Extended to find the REVENGE BOOTLOADER virus.
*                 -> THIS IS A NEW ONE!!!
*               - Bug-fix in EXTERMINATOR routine done.
*                 -> should now find ALL lamer versions.... (does not!)
*               - Code cleanup (added some sub-routines).
*
*       V3.2    - Extended to find REVENGE (is an old one, but some
*                 nice guys told me, that berserker should also find
*                 the old ones....and because BERSERKER crashed when
*                 memory was infiltrated by REVENGE )
*
*       V3.2b   - Shortening, speeding up & cleaning the code.
*                 ( and berserker still works.... )
*
*  R    V3.39c+ - JOKE....
*
*       V3.5    - Added Xeno 'killer' routine by STEVE TIBBET.
*
*       V4.0    - Added a more userfriendly Cli-Interface and the
*                 possibility to start BERSERKER from workbench.
*
*  R    V4.0a   - WHAAA, what a pity: forgot to reply message..
*                 Bug now fixed... Thanks to Olaf for this hint.
*               - Shortened and improved code again.
*
*       V4.0b   - Throw the 'led switch off' out.
*               - Made the cold/cool capture killer optionable.
*                 Hello Martin, yes -> only for you....
*               - Shortened and improved code again & again.....
*
*  R    V4.0c   - AARGH!! A new file virus -> Disaster Master V2
*
*  R    V4.0d   - CENTURION LINK VIRUS killer implemented
*               - Implemented a resident library checker.
*               - From now on the source contains only the
*                 'virus-killing-part'.
*
*  R    V4.1    - these fucking assholes... in the last two weeks
*                 i got three new file/link viruses, and this is
*                 even one of the best programmed viruses i ever
*                 saw: The Traveling JACK.... but which chance has
*                 a 'Traveling Jack' against a BERSERKER???  none...
*               - OLSEN found out that 'BERSERKER' crashed on
*                 KICK 2.0.. checks now kick version.
*               - OKI DOKI.. from now on source contains everything..
*                 (some people didn't like it the other way)
*               - removed 'math.lib' check... a virus in math.lib?? NAAA..
*
*  R = released version
*
*  BERSERKER is now: 6920 bytes long. (not crunched!)
*
**************************************************************************

                       WHAT DOES BERSERKER IV DO?
                       ==========================

Berserker is a viruskiller which was designed as a CLI-command. It works
with Kick 1.2, Kick 1.3, 512K and expansion RAM.

Because  of  the  big  number  of  link  viruses  on the Amiga, I recommend
inserting the Berserker call as the third command in your startup-sequence.
(the later the better)

You can start  BERSERKER IV  either from CLI or from  Workbench.

WORKBENCH:
----------

Berserker opens a window and waits for your choice.

You can choose between:  '?' - short instructions.
                         'C' - for checking your memory.
                         'Q' - for quiting.

CLI:
----

Berserker offers you following options:

                         'berserker ?' - longer instructions.

                         'berserker c' - clears the cold- & coolcapture

If  you  start  BERSERKER IV  without  any command it will start  searching
through  memory in order to  kill these  little bastards.

If  Berserker  finds  a  virus  a  Recoverable  Alert appears, just click a
mousebutton  to  continue  (this  was added due to the possibility that the
Berserker  banner  message  might  have been redirected, the chance to know
about a virus in the system won't be wasted this way).

                                LIBRARIES
                                =========

BERSERKER checks the following ones:

                - EXEC.LIBRARY
                - EXPANSION.LIBRARY
                - GRAPHICS.LIBRARY
                - LAYERS.LIBRARY
                - INTUITION.LIBRARY
                - DOS.LIBRARY

Berserker checks these libraries in order to detect any illegal change.
Programs like 'SetPatch' use the systemcall 'SETFUNCTION' to change a
vector but no virus does. Therefore compares BERSERKER the original
library checksum with his self made checksum and ZAPA DAPA DOO...
                -->> ANY CHANGE IS DETECTED. <<--

If BERSERKER shows his little alert with 'EXEC.LIBRARY' or 'DOS.LIBRARY'
the chance being infected by a new virus is very high!

BERSERKER does not repair a changed library, this function was only
implemented to give you a higher chance recognizing new viruses....


                    WHICH VIRUSES DOES BERSERKER KNOW?
                    ==================================

1.  SCA and all its mutant brothers and sisters
    -------------------------------------------
    This means AEK, LSD, WARHAWK, OBELISK, PENTAGON, BAMIGA SECTOR ONE....

2.  Byte Bandit
    -----------
    No need for further discussion (or what do you think?).

3.  Byte Warrior (DASA0.2)
    ----------------------
    Was  the  first virus with coded text, so you couldn't recognize it on
    the bootblock.

4.  The Exterminator (LAMER!)    ALL VERSIONS / CODED OR NOT
    --------------------------------------------------------
    This  one  fills  the  tracks  of  a  disk  with 'LAMER!LAMER!LAMER!'.
    Exterminator  is  very  tricky, if you try to examine the bootblock it
    will always look like a normal one. The new  version should  find  all
    versions of the LAMER-EXTERMINATOR.

5.  The IRQ-Virus
    -------------
    This  one  is  a  link  virus.  It looks for the second program in the
    startup-sequence and tries to infect it.  If this fails it will try to
    link itself to the DIR command.  WARNING!!!  Sometimes it also infects
    other programs.

    If a disk is write-protected -> REQUESTER

    Hint  for programmers:  the IRQ-virus' vector is OLDOPENLIBRARY(-408),
    therefore  always  use  OPENLIBRARY(-552).  Unfortunately the standard
    Aztec  'C'  3.2a  -  3.6a  crt0.a68  startup  code  makes  a  call  to
    OldOpenLibrary()  to  get  access  to the dos.library.  Time for a bug
    fix, Manx?

6.  The BSG 9-Virus
    ---------------
    This  one  is  a  link  virus.   It looks for the first program in the
    startup-sequence  and  tries to infect it.  It saves the modified file
    in the DEVS directory with spaces instead of a name.  The virus itself
    is  about  2608  bytes  long  and  becomes  visible after four or five
    resets; the screen turns black and a message appears:

              "      A COMPUTER VIRUS IS A DISEASE     "
              "       TERRORISM IS A TRANSGRESSION     "
              "        SOFTWARE PIRACY IS A CRIME      "
              "             THIS IS THE CURE           "
              "   BSG 9  BUNDESGRENZSCHUTZ SEKTION 9   "
              "          SONDERKOMMANDO 'EDV'          "


         HERE COMES THE MIDNIGHT MANIAC & MAYDAY VIRUS HAHA

                           PARADOX RULEZ !!


7.  The Gadaffi-Virus
    -----------------
    This  one  is  a  mutant  version  of the old Byte Warrior.  It copies
    itself  on  each  disk  and  tries to play a sound with the disk drive
    motor  after  12  resets.  Even though you might find the music funny,
    the  drive  will  be  of a different opinion (this may lead to serious
    hardware failures!).

8.  The Disk-Doctor
    ---------------
    This  one is a brand new one.  It allocates 12 KBytes after each reset
    and  ...   to  be honest, I didn't test what it also does because this
    one  was  very complicated -> before Disk-Doc I had never seen a Task,
    nor  did  I know what you can do with one. I'm lucky enough to be able
    to detect and kill it.

    ( After writing memguard i know a lot more about tasks...)

9.  The REVENGE BOOTLOADER
    ----------------------
    This one is just a normal virus with the ASCII text 'REVENGE BOOTLOADER'
    in it. Not a very smart idea.....
    It looks like as if this one has no message in it, he only copies
    himself onto every inserted disk.
    This one is a virus of a new generation, it works with every kickstart
    and with fast-mem. Nevertheless no chance against BERSERKER....

10. SYSTEM Z
    --------
    I wanted to add this one but a programm which asks before it copies
    itself onto disk is not a virus in my eyes.

11. REVENGE
    -------
    This is an old one, which contains at the end in the boot following
    ASCII text:  "REVENGEV1.2 COUNT:"
    I had to implement this one because BERSERKER III crashed when REVENGE
    was in memory.

12. TIMEBOMB
    --------
    ARGHHHH!! This one is NOT in memory. TIMEBOMB only tries to copy itself
    to the disk in DF1:. The next time you boot the other disk from DF1:
    TIMEBOMB fills the whole root track with stuff from loacation $20000.
    After killing that disk it displays an alert with it's stupid message.
    BERSERKER cannot find and kill this one coz it's not in memory. Sorry!!
    Special thanks for this virus must go to DATA BECKER. The asshole who
    wrote the virus took all routines out of AMIGA INTERN I.

13. XENO
    ----
    I can tell you nothing about this one, because i never got one..
    Therefore i had to take the routine from STEVE TIBBET, the only
    reason i did it are my friends. Some of them have a harddisk and
    S.T. says that the Xeno spreads like wildfire and infects even
    hard-disk. They were so frightened that, (AAARRGH!! it is very
    hard to speak out) i took the routine from VIRUSX4.0.

14. Disaster-Master V2
    ------------------
    This is a new File virus. He is 1740 bytes long and he only infects
    disks with a startup-sequence. In the startup-seq.  Disaster-Master
    is alway found in first place as 'CLS *' and in the 'C' DIR as 'CLS'.
    When BERSERKER told you that you are infected with DM V2 look into
    the s/start... and into the 'C' dir and delete this bastard.
    The funny thing is that he really clears the screen........
    After a few (???) resets he starts an alert with his stupid message
    and resets the AMIGA.

15. CENTURION LINK VIRUS
    --------------------
    This new virus makes himself resident, changes the DOIO & KICKSUM.
    He is ALWAYS located at $7f000. (thanx god!)
    Virus is 3916 bytes long and tries to infect the programs in the
    startup-sequence (what else!).
    After XX resets he changes the mousepointer to a smiley with a
    little scroller in it.
    I heard that you can protect your commands in the startup-seq.
    with this little trick. Change your command line from:
    'BERSERKER' to 'C/BERSERKER'.
    Keep away from programs like 'new LZ' or 'LHwarp V1.44'. This versions
    are FAKE. They have the virus build in.

    If a disk is write-protected -> REQUESTER


16. THE TRAVELING JACK
    ------------------
    you can wipe him out with a reset.. (i think so...)
    he changes the dos.lib jump tab..   (clever idea!)
    when he is installed, he tries to write his 'VIRUS.xx' file to
    the disk. each time a programm access the drive he write his
    stupid text.
    Be carefull, he tries to 'link' everything...

    If a disk is write-protected -> REQUESTER



                                REQUESTER
                                =========

    If a disk is write-protected the virus always brings up a standard
    DOS Autorequester like this:

   +System Request ==================##|##+
   |                                      |
   | Volume                               |
   | - Disk name -                        |
   | is write protected                   |
   |                                      |
   | +-----+                     +------+ |
   | |RETRY|                     |CANCEL| |
   | +-----+                     +------+ |
   +--------------------------------------*



                            ADDITIONAL REMARKS
                            ==================

                           Special thanks go to:

                       Olaf B. for testing and ideas
                 Michael V. for utis, viruses and testing
           Henning L. for being one of the BEST assembler freaks
                Thorsten H. for also being one of the BEST
             Gunnar L. for being a friend and good programmer
                Martha for leaving me after two years...

Olsen:  Berserker was written using the well known Kuma Seka Assembler.  As
an  American  user you might have never heard or seen anything of it.  Kuma
did it the British way:  Seka does neither generate ALink compatible linker
object  files,  nor  does  it  apply  to  the  de facto Metacomco MASM (see
Developers'  toolkit) standard.  For this reason your CAPE, MASM, ASM or AS
will  probably refuse to re-assemble the source code.  Calls like "MOVE 4.W
A6"  will  have to be replaced by something like "MOVE 4,A6".  Don't wonder
if  the  executable progam becomes longer than the supplied Berserker file:
it  has  been  compressed  using  a  brilliant  object  file  packer called
"Powerpacker".  Berserker is NOT a virus, this IS a guarantee.

Ralf: I love my SEKA and i use calls like 'MOVE 4.w,a6' for speed, you C-FREAK!

                   P.a.V. (Programmers against Viruses)


   SORRY TO ALL THE FOLKS WHO WROTE ME A LETTER AND I DIDN'T ANSWER THEM!!!
   I WILL ANSWER THEM EVEN IF THEY ARE ONE YEAR OLD...  I'M SO LAZY........



              MY BEST REGARDS GO TO STEVE TIBBET & FRED FISH!


Contents of util/virus/Berserker.lha
PERMISSION  UID  GID    PACKED    SIZE  RATIO METHOD CRC     STAMP     NAME
---------- ----------- ------- ------- ------ ---------- ------------ ----------
[unknown]                 3606    6920  52.1% -lh5- a6f2 Jan 16  1980 Berserker/BERSERKER
[unknown]                 6125   14523  42.2% -lh5- 3c3a Oct 17  1990 Berserker/Berserker.doc
[unknown]                11252   34170  32.9% -lh5- 7800 Jan 16  1980 Berserker/berserker.s
[unknown]                 3119    9384  33.2% -lh5- 7e20 Jan 16  1980 Berserker/BLVC
[unknown]                 1458    2983  48.9% -lh5- 1a92 Oct 17  1990 Berserker/BLVC.doc
---------- ----------- ------- ------- ------ ---------- ------------ ----------
 Total         5 files   25560   67980  37.6%            Jul 27 21:34

Aminet © 1992-2017 Urban Müller and the Aminet team. Aminet contact address: <aminetaminet net>