Berserker V4.1 (1990)
=====================
- works ONLY with Kick 1.2/1.3/2.0
- the Centurion Link Virus is the Smile Cancer
MfG
anonymous
**************************************************************************
*
* B E R S E R K E R IV.1
* -----------------------
*
* (c) Copyright 1988, 1989, 1990 by Ralf Thanner
*
* This code is entirely written in assembler for the Kuma Seka assembler
*
* Executable program and source code are both in the PUBLIC-DOMAIN!
*
* A small copy fee for Berserker is okay, but anything which looks like
* commercial redistribution is forbidden (remember that!).
*
**************************************************************************
*
* REVISION HISTORY:
* =================
*
* R V1.0 - Just a primitive SCA finder and killer.
*
* R V1.c - Added Byte Bandit & Byte Warrior killer.
* - Improved SCA & SCA mutants killer routine.
* -> OBELISK, AEK, LSD, PENTAGON, BAMIGA SECTOR ONE,
* WARHWAK, MICROMASTER & NORTHSTAR...
*
* R V2.b - Now also finds the Exterminator (LAMER).
*
* R V2.d - Now finds the first link virus (IRQ TEAM 41).
*
* V2.e - Added alert box. Idea by Olaf Barthel.
* - Some cleanups and bug-fixes done.
*
* R V2.e+ - Doesn't refuse to work with Kick 1.3 any more.
* - Added custom bootblock writer.
* - Added kill cold-cool vectors;
* There are just too many SCA clones on the market
* and it is saver to clear these pointers.
*
* R V3.0 - Now also finds the BSG 9 link virus.
* - Second (and final?) code cleanup for public
* release (YEAH!!!).
* - Removed the custom bootblock writer, too many guys
* thought Berserker to be some kind of virus in
* disguise.
*
* R V3.0+ - Extended to find Gaddafi and Disk-Doctor viruses.
*
* V3.1 - Extended to find the REVENGE BOOTLOADER virus.
* -> THIS IS A NEW ONE!!!
* - Bug-fix in EXTERMINATOR routine done.
* -> should now find ALL lamer versions.... (does not!)
* - Code cleanup (added some sub-routines).
*
* V3.2 - Extended to find REVENGE (is an old one, but some
* nice guys told me, that berserker should also find
* the old ones....and because BERSERKER crashed when
* memory was infiltrated by REVENGE )
*
* V3.2b - Shortening, speeding up & cleaning the code.
* ( and berserker still works.... )
*
* R V3.39c+ - JOKE....
*
* V3.5 - Added Xeno 'killer' routine by STEVE TIBBET.
*
* V4.0 - Added a more userfriendly Cli-Interface and the
* possibility to start BERSERKER from workbench.
*
* R V4.0a - WHAAA, what a pity: forgot to reply message..
* Bug now fixed... Thanks to Olaf for this hint.
* - Shortened and improved code again.
*
* V4.0b - Throw the 'led switch off' out.
* - Made the cold/cool capture killer optionable.
* Hello Martin, yes -> only for you....
* - Shortened and improved code again & again.....
*
* R V4.0c - AARGH!! A new file virus -> Disaster Master V2
*
* R V4.0d - CENTURION LINK VIRUS killer implemented
* - Implemented a resident library checker.
* - From now on the source contains only the
* 'virus-killing-part'.
*
* R V4.1 - these fucking assholes... in the last two weeks
* i got three new file/link viruses, and this is
* even one of the best programmed viruses i ever
* saw: The Traveling JACK.... but which chance has
* a 'Traveling Jack' against a BERSERKER??? none...
* - OLSEN found out that 'BERSERKER' crashed on
* KICK 2.0.. checks now kick version.
* - OKI DOKI.. from now on source contains everything..
* (some people didn't like it the other way)
* - removed 'math.lib' check... a virus in math.lib?? NAAA..
*
* R = released version
*
* BERSERKER is now: 6920 bytes long. (not crunched!)
*
**************************************************************************
WHAT DOES BERSERKER IV DO?
==========================
Berserker is a viruskiller which was designed as a CLI-command. It works
with Kick 1.2, Kick 1.3, 512K and expansion RAM.
Because of the big number of link viruses on the Amiga, I recommend
inserting the Berserker call as the third command in your startup-sequence.
(the later the better)
You can start BERSERKER IV either from CLI or from Workbench.
WORKBENCH:
----------
Berserker opens a window and waits for your choice.
You can choose between: '?' - short instructions.
'C' - for checking your memory.
'Q' - for quiting.
CLI:
----
Berserker offers you following options:
'berserker ?' - longer instructions.
'berserker c' - clears the cold- & coolcapture
If you start BERSERKER IV without any command it will start searching
through memory in order to kill these little bastards.
If Berserker finds a virus a Recoverable Alert appears, just click a
mousebutton to continue (this was added due to the possibility that the
Berserker banner message might have been redirected, the chance to know
about a virus in the system won't be wasted this way).
LIBRARIES
=========
BERSERKER checks the following ones:
- EXEC.LIBRARY
- EXPANSION.LIBRARY
- GRAPHICS.LIBRARY
- LAYERS.LIBRARY
- INTUITION.LIBRARY
- DOS.LIBRARY
Berserker checks these libraries in order to detect any illegal change.
Programs like 'SetPatch' use the systemcall 'SETFUNCTION' to change a
vector but no virus does. Therefore compares BERSERKER the original
library checksum with his self made checksum and ZAPA DAPA DOO...
-->> ANY CHANGE IS DETECTED. <<--
If BERSERKER shows his little alert with 'EXEC.LIBRARY' or 'DOS.LIBRARY'
the chance being infected by a new virus is very high!
BERSERKER does not repair a changed library, this function was only
implemented to give you a higher chance recognizing new viruses....
WHICH VIRUSES DOES BERSERKER KNOW?
==================================
1. SCA and all its mutant brothers and sisters
-------------------------------------------
This means AEK, LSD, WARHAWK, OBELISK, PENTAGON, BAMIGA SECTOR ONE....
2. Byte Bandit
-----------
No need for further discussion (or what do you think?).
3. Byte Warrior (DASA0.2)
----------------------
Was the first virus with coded text, so you couldn't recognize it on
the bootblock.
4. The Exterminator (LAMER!) ALL VERSIONS / CODED OR NOT
--------------------------------------------------------
This one fills the tracks of a disk with 'LAMER!LAMER!LAMER!'.
Exterminator is very tricky, if you try to examine the bootblock it
will always look like a normal one. The new version should find all
versions of the LAMER-EXTERMINATOR.
5. The IRQ-Virus
-------------
This one is a link virus. It looks for the second program in the
startup-sequence and tries to infect it. If this fails it will try to
link itself to the DIR command. WARNING!!! Sometimes it also infects
other programs.
If a disk is write-protected -> REQUESTER
Hint for programmers: the IRQ-virus' vector is OLDOPENLIBRARY(-408),
therefore always use OPENLIBRARY(-552). Unfortunately the standard
Aztec 'C' 3.2a - 3.6a crt0.a68 startup code makes a call to
OldOpenLibrary() to get access to the dos.library. Time for a bug
fix, Manx?
6. The BSG 9-Virus
---------------
This one is a link virus. It looks for the first program in the
startup-sequence and tries to infect it. It saves the modified file
in the DEVS directory with spaces instead of a name. The virus itself
is about 2608 bytes long and becomes visible after four or five
resets; the screen turns black and a message appears:
" A COMPUTER VIRUS IS A DISEASE "
" TERRORISM IS A TRANSGRESSION "
" SOFTWARE PIRACY IS A CRIME "
" THIS IS THE CURE "
" BSG 9 BUNDESGRENZSCHUTZ SEKTION 9 "
" SONDERKOMMANDO 'EDV' "
HERE COMES THE MIDNIGHT MANIAC & MAYDAY VIRUS HAHA
PARADOX RULEZ !!
7. The Gadaffi-Virus
-----------------
This one is a mutant version of the old Byte Warrior. It copies
itself on each disk and tries to play a sound with the disk drive
motor after 12 resets. Even though you might find the music funny,
the drive will be of a different opinion (this may lead to serious
hardware failures!).
8. The Disk-Doctor
---------------
This one is a brand new one. It allocates 12 KBytes after each reset
and ... to be honest, I didn't test what it also does because this
one was very complicated -> before Disk-Doc I had never seen a Task,
nor did I know what you can do with one. I'm lucky enough to be able
to detect and kill it.
( After writing memguard i know a lot more about tasks...)
9. The REVENGE BOOTLOADER
----------------------
This one is just a normal virus with the ASCII text 'REVENGE BOOTLOADER'
in it. Not a very smart idea.....
It looks like as if this one has no message in it, he only copies
himself onto every inserted disk.
This one is a virus of a new generation, it works with every kickstart
and with fast-mem. Nevertheless no chance against BERSERKER....
10. SYSTEM Z
--------
I wanted to add this one but a programm which asks before it copies
itself onto disk is not a virus in my eyes.
11. REVENGE
-------
This is an old one, which contains at the end in the boot following
ASCII text: "REVENGEV1.2 COUNT:"
I had to implement this one because BERSERKER III crashed when REVENGE
was in memory.
12. TIMEBOMB
--------
ARGHHHH!! This one is NOT in memory. TIMEBOMB only tries to copy itself
to the disk in DF1:. The next time you boot the other disk from DF1:
TIMEBOMB fills the whole root track with stuff from loacation $20000.
After killing that disk it displays an alert with it's stupid message.
BERSERKER cannot find and kill this one coz it's not in memory. Sorry!!
Special thanks for this virus must go to DATA BECKER. The asshole who
wrote the virus took all routines out of AMIGA INTERN I.
13. XENO
----
I can tell you nothing about this one, because i never got one..
Therefore i had to take the routine from STEVE TIBBET, the only
reason i did it are my friends. Some of them have a harddisk and
S.T. says that the Xeno spreads like wildfire and infects even
hard-disk. They were so frightened that, (AAARRGH!! it is very
hard to speak out) i took the routine from VIRUSX4.0.
14. Disaster-Master V2
------------------
This is a new File virus. He is 1740 bytes long and he only infects
disks with a startup-sequence. In the startup-seq. Disaster-Master
is alway found in first place as 'CLS *' and in the 'C' DIR as 'CLS'.
When BERSERKER told you that you are infected with DM V2 look into
the s/start... and into the 'C' dir and delete this bastard.
The funny thing is that he really clears the screen........
After a few (???) resets he starts an alert with his stupid message
and resets the AMIGA.
15. CENTURION LINK VIRUS
--------------------
This new virus makes himself resident, changes the DOIO & KICKSUM.
He is ALWAYS located at $7f000. (thanx god!)
Virus is 3916 bytes long and tries to infect the programs in the
startup-sequence (what else!).
After XX resets he changes the mousepointer to a smiley with a
little scroller in it.
I heard that you can protect your commands in the startup-seq.
with this little trick. Change your command line from:
'BERSERKER' to 'C/BERSERKER'.
Keep away from programs like 'new LZ' or 'LHwarp V1.44'. This versions
are FAKE. They have the virus build in.
If a disk is write-protected -> REQUESTER
16. THE TRAVELING JACK
------------------
you can wipe him out with a reset.. (i think so...)
he changes the dos.lib jump tab.. (clever idea!)
when he is installed, he tries to write his 'VIRUS.xx' file to
the disk. each time a programm access the drive he write his
stupid text.
Be carefull, he tries to 'link' everything...
If a disk is write-protected -> REQUESTER
REQUESTER
=========
If a disk is write-protected the virus always brings up a standard
DOS Autorequester like this:
+System Request ==================##|##+
| |
| Volume |
| - Disk name - |
| is write protected |
| |
| +-----+ +------+ |
| |RETRY| |CANCEL| |
| +-----+ +------+ |
+--------------------------------------*
ADDITIONAL REMARKS
==================
Special thanks go to:
Olaf B. for testing and ideas
Michael V. for utis, viruses and testing
Henning L. for being one of the BEST assembler freaks
Thorsten H. for also being one of the BEST
Gunnar L. for being a friend and good programmer
Martha for leaving me after two years...
Olsen: Berserker was written using the well known Kuma Seka Assembler. As
an American user you might have never heard or seen anything of it. Kuma
did it the British way: Seka does neither generate ALink compatible linker
object files, nor does it apply to the de facto Metacomco MASM (see
Developers' toolkit) standard. For this reason your CAPE, MASM, ASM or AS
will probably refuse to re-assemble the source code. Calls like "MOVE 4.W
A6" will have to be replaced by something like "MOVE 4,A6". Don't wonder
if the executable progam becomes longer than the supplied Berserker file:
it has been compressed using a brilliant object file packer called
"Powerpacker". Berserker is NOT a virus, this IS a guarantee.
Ralf: I love my SEKA and i use calls like 'MOVE 4.w,a6' for speed, you C-FREAK!
P.a.V. (Programmers against Viruses)
SORRY TO ALL THE FOLKS WHO WROTE ME A LETTER AND I DIDN'T ANSWER THEM!!!
I WILL ANSWER THEM EVEN IF THEY ARE ONE YEAR OLD... I'M SO LAZY........
MY BEST REGARDS GO TO STEVE TIBBET & FRED FISH!
|
aminet net>