| |
chatGPZ
Registered: Dec 2001
Posts: 11350 |
Making a Virus Scanner - info needed
as some of you might know i made a little util to scan the disks i transfered for errors (D64scan V0.2). now after reading latest discussions about various virii on the c64 i thought it would be a useful feature to add virus detection (and possibly elimination) to that tool aswell...
so the question is, who has detailed info on that subject? useful info would be
- what virii do exist
- how did said virii work
- what are existing scanners/cleaners, and how do they work
- how do those virii "initially" install (i only know about that bhp virus "installer")
...etc.
at the very least, i'd need a bunch of "infected" disks (or well, d64s of them), but ofcourse any further info would make things a lot easier :)
anyone? |
|
... 57 posts hidden. Click here to view all posts....
|
| |
BAR.
Account closed
Registered: Apr 2002
Posts: 324 |
Quote: Quote:
So you where sure that it was no fake ?
what? ppl telling me he made an improved version of HIV? why the hell would that be "fake" ?
Quote:
So i don't understand why you asked me in 2007 for it ?
i always used a c64/drive/cartridge combination which resets the drive together with the c64 (again, as you can read in that thread *sigh*) - and thus all those virii were pretty much a non issue to me. i've never spent a minute thinking about them until now, simply as that.
A hint how to identify a HIV infected disk...
The directory will load slowly after the virus had infected a disk.. It is at first a file infected and then after that the virus linked directly to track18. If all is done, the files
all on disk and the track 18 is infected. That's the reason while it load slowly.. |
| |
chatGPZ
Registered: Dec 2001
Posts: 11350 |
thats not quite right. the directory will load slowly *if the virus is active*, ie if you run some infected program before and didnt reset the drive before loading the directory again. if you didnt run some infected program before, the directory will ofcourse load at normal speed and no harm will be done either. |
| |
BAR.
Account closed
Registered: Apr 2002
Posts: 324 |
Quote: thats not quite right. the directory will load slowly *if the virus is active*, ie if you run some infected program before and didnt reset the drive before loading the directory again. if you didnt run some infected program before, the directory will ofcourse load at normal speed and no harm will be done either.
A hint how to identify a HIV infected disk...
means the virus is active or am i wrong ?
Please read again.. ;) |
| |
chatGPZ
Registered: Dec 2001
Posts: 11350 |
Quote:A hint how to identify a HIV infected disk...
means the virus is active or am i wrong ?
yes you are, and if you read my answer again you might even understand why o_O |
| |
BAR.
Account closed
Registered: Apr 2002
Posts: 324 |
Quote: Quote:A hint how to identify a HIV infected disk...
means the virus is active or am i wrong ?
yes you are, and if you read my answer again you might even understand why o_O
deleted.. |
| |
AlexC
Registered: Jan 2008
Posts: 298 |
I wonder: did anyone actually ever found a sample of Coder-Virus? |
| |
iAN CooG
Registered: May 2002
Posts: 3186 |
sure, grab while it lasts
https://www.dropbox.com/s/bqbk2rkfxobmd04/codervirus.rar?dl=0
contains both a d64 with 2 infected prgs and one extracted infected prg.
Unp64 and d64vrm can be used to disinfect them. |
| |
AlexC
Registered: Jan 2008
Posts: 298 |
Quote: sure, grab while it lasts
https://www.dropbox.com/s/bqbk2rkfxobmd04/codervirus.rar?dl=0
contains both a d64 with 2 infected prgs and one extracted infected prg.
Unp64 and d64vrm can be used to disinfect them.
Thank you! I've been looking for it to confirm it for some time already. |
| |
trent
Registered: Apr 2015
Posts: 12 |
While as far as I know never in the wild, and this source code is benign, the author of this code posted it up some time ago (e.g. someone may have made a variant, however unlikely). Only GEOS virus I ever heard of; but would qualify for this thread; it's a file infector.
http://www.lyonlabs.org/commodore/onrequest/geos/ShadowVirusS.t..
Details of method of operation at the bottom of this page;
http://www.lyonlabs.org/commodore/onrequest/geos.html#exotica |
| |
The Phantom
Registered: Jan 2004
Posts: 360 |
Groepaz - I know nothing, but have some c64 virus stuffs you may want.
I have a document (pdf) on BHP, it's payload and how to avoid it.
Then I have the following:
BCS 1.64
Bula 6.13
Bula 8.32
C.bar.de
And, of course, BHP.
Not sure if any of it would be of use, but if so, make sure you PM me and I'll send them to whatever email address you give. |
| Previous - 1 | 2 | 3 | 4 | 5 | 6 | 7 - Next |
