AminetAminet
Search:
82823 packages online
About
Recent
Browse
Search
Upload
Setup
Services

util/virus/desaddamv10b.lha

Mirror:Random
Showing:m68k-amigaosppc-amigaosppc-morphosi386-arosi386-amithlonppc-warpupppc-powerupgeneric
No screenshot available
Short:SADDAM Virus killer & disk repair tool
Author:desaddamvk at gmail.com (Strahinja Bojovic)
Uploader:desaddamvk gmail com (Strahinja Bojovic)
Type:util/virus
Architecture:m68k-amigaos < 2.0.4
Distribution:Aminet
Verson:1.0b
Date:2019-08-14
Download:http://aminet.net/util/virus/desaddamv10b.lha - View contents
Readme:http://aminet.net/util/virus/desaddamv10b.readme
Downloads:167
------------------
* DeSADDAM v1.0b * (TEST VERSION! BE CAREFUL!)
------------------
* Programmed by Strahinja Bojovic, (c) 2019 *

* DeSADDAM v1.0b is a program that decrypts blocks on the disk encrypted 
by SADDAM Virus and thus made them unusable (except when the SADDAM virus 
is in memory). Also, DeSADDAM v1.0b deletes the SADDAM virus (which recorded
itself on the disk as a fake Disk-Validator in the L directory) and records
the correct Disk-Validator on the disk. By launching the program (except
when using the -c command below), DeSADDAM v1.0b will remove the SADDAM
virus from the memory if present. 

* Commands 

F1   - Check DF0                F2   - Check DF1
ESC  - Exit                     HELP - About
F10  - Reset vectors		DEL  - Hard Reset

You can also use the -c command from the CLI (DeSADDAMv10b -c) to check if 
the SADDAM virus is in the memory. This is very useful when used in a 
startup-sequence file. 

* Known bugs

- If for some reason the program cannot delete Disk-Validator 
  (ie SADDAM Virus) from the disk, and the program decrypts the blocks to
  the end that means they are OK and the data is returned, but the SADDAM
  virus is STILL on the disk! This happens when you try to change the BITMAP
  flag in block 880 (at the position $138, whose value can be $ffffffff 
  [disk valid] or $00000000 [disk is not valid]) on an infected disk. 
  If this is the case, do the following after block decryption: 

1. Change BITMAP flag in block 880 (offset $138) to $ffffffff
   (if offset $13e on the same block is $0000, hmh, try using FixDisk)
2. Execute Hard Reset (DEL) or turn off and restart the computer
3. Load some file manager (for example, FileMaster) from the disk for
   which you know it's not infected with the virus. Disk should be
   protected!
4. Insert the disk containing the SADDAM virus. SADDAM will install itself
   in memory! Be careful that you do not have floppies in additional
   drives because SADDAM will infect them too!
5. Delete the Disk Validator from the L directory of the infected diskette
6. Execute Hard Reset (DEL) or turn off and restart the computer
7. Use the "FixDisk" program to validate the floppy or copy data to 
   another, formatted, diskette. 
8. All above is not going to happend if you dont try to manualy remove
   SADDAM virus. Just dont touch anything if you dont know nothing
   about how SADDAM virus works!
9. All these above is at your own risk and I can not guarantee that is
   going to work!
   
- Do not delete the Disk-Validator yourself on an infected disk because
  then DeSADDAM v1.0b will not be able to repair the disk and your data
  will stay corrupted on disk. If you did it, however, you will have to 
  re-record the virus in the L directory (or re-insert it while the SADDAM
  virus is in the memory to infect it) and then just check the disc again.
- I'm not sure what happens when the diskette from which you want to remove
  the virus is damaged (But I think that everything is going to be ok).
	  
* IMPORTANT !!!

- When DeSADDAM v1.0b completes block decryption, it will overwrite the
  SADDAM virus and record a new Disk-Validator. During this process,
  a system requester may prompt to inform you that the disk is 
  not valid and offer you Retry/Cancel options. Do not press any, but if the
  requester does not turn of by itself in a few seconds, it means that
  DeSADDAM v1.0b cannot get the virus out of the disk and record the new
  Disk-Validator. Then choose Cancel. After that proceed to the procedure
  described in this guide under the topic "Known bugs". 
- This is a BETA version of program and I am not responsible for any problems
  or loss of data arising from the use of the DeSADDAM v1.0b program. 
- I recommend that you always make backup floppies from which you want to
  remove the SADDAM virus. 
- I'am still not sure how DeSADDAM deals with other SADDAM virus versions!
  (try it and send me email)
- DeSADDAM v1.0b does not work under Kickstart versions higher than 1.3.
- SADDAM Virus does not work on Kickstart versions higher than 1.3 because
  recent versions do not use the Disk-Validator from the diskette.
- SADDAM virus will not infect NON-DOS floppy disks.
- DeSADDAM v1.0b does not work in the Workbench environment! 
- THIS IS TEST VERSION! BE CAREFUL!
  
* The file DeSADDAM10b.lha contains:

- DeSADDAMv10b	      (executable file)
- DeSADDAMv10b.readme (this file)
- Disk-Validator      (Disk-Validator. Not necessary for program execution)
- SADDAM.txt	      (info about SADDAM virus)

* Software used in program design and analysis 

- ASM-One v1.01 by Rune Gram-Madsen (Seka-Updated by JIL)
- FileMaster v2.2 by Toni Wilen
- Deksid v2.10 by Christian Warren

* Hardware used during creation of DeSADDAM v1.0b

- Amiga 500, 1mb, Kickstart v1.2
- Gotek external drive

* Lenght of source code

- DeSADDAM v1.0b is written in assembler and source code is around 37kb 
  
* I thank the following people for help and support:

- Robert Szacki, Keir Fraser and Henrik Erlandsson (Photon/Scoopex).
  
* Contact

- Send bug reports and suggestions to: desaddamvk at gmail.com
- Please send to the same address the other discovered versions of 
  SADDAM virus so I can analyse them. 
						Strahinja Bojovic
						Mikole Kocisa 15
						21000 Novi Sad
						Serbia


Contents of util/virus/desaddamv10b.lha
 PERMSSN    UID  GID    PACKED    SIZE  RATIO METHOD CRC     STAMP          NAME
---------- ----------- ------- ------- ------ ---------- ------------ -------------
[generic]                 4854    9208  52.7% -lh5- b8b6 May 26  1980 DeSADDAMv10b
[generic]                 2463    5522  44.6% -lh5- 6d61 May 26  1980 DeSADDAMv10b.readme
[generic]                 1114    1848  60.3% -lh5- eacb May 26  1980 Disk-Validator
[generic]                 1555    2901  53.6% -lh5- 4ae6 May 26  1980 SADDAM.txt
---------- ----------- ------- ------- ------ ---------- ------------ -------------
 Total         4 files    9986   19479  51.3%            Aug 14 12:20

Aminet © 1992-2019 Urban Müller and the Aminet team. Aminet contact address: <aminetaminet net>