| |
chatGPZ
Registered: Dec 2001
Posts: 11350 |
Making a Virus Scanner - info needed
as some of you might know i made a little util to scan the disks i transfered for errors (D64scan V0.2). now after reading latest discussions about various virii on the c64 i thought it would be a useful feature to add virus detection (and possibly elimination) to that tool aswell...
so the question is, who has detailed info on that subject? useful info would be
- what virii do exist
- how did said virii work
- what are existing scanners/cleaners, and how do they work
- how do those virii "initially" install (i only know about that bhp virus "installer")
...etc.
at the very least, i'd need a bunch of "infected" disks (or well, d64s of them), but ofcourse any further info would make things a lot easier :)
anyone? |
|
... 57 posts hidden. Click here to view all posts....
|
| |
The Phantom
Registered: Jan 2004
Posts: 360 |
The PDF looks to be the same Scout posted at the start. |
| |
Danzig
Registered: Jun 2002
Posts: 440 |
Anyone ever faced a "virus" that copied 2 files on a disk namely ">" and "<". It then changed track 18 so that load"$",8 list just returns load">",8,1.
if you place the cursor on that line and press return you get the directory listing with always the same diskname (something like "visual soft works" or the like, dunno remember exactly). IIRC you can just move the cursor on an entry and press return to load the file. And IIRRC it was also turbo loader.
1.) if you insert another disk into the drive it gets "infected" immediate
2.) it could also lead to "broken disks". I once inserted Zak McCracken into the drive for testing purpose and it mangled the disk.
3.) only way to remove the "virus" was to repair the directory with a disk monitor.
4.) It hides the files ">" and "<" while listing the directory
Anyone? |
| |
AlexC
Registered: Jan 2008
Posts: 298 |
Ok, so I've been able to locate most of infected disk/prgs: I'm still missing those two:
HIV2
Starfire
I'm also looking for more sample of HIV1 virus. I know I could download the source code from codebase64 but I don't want to create new variants by accident so I'd prefer to find disk images or prgs. If anyone has those file please share. Thanks in advance. |
| |
iAN CooG
Registered: May 2002
Posts: 3186 |
Candyland
ALL mirrors have the prg infected with HIV. Grab it while it lasts, needs to be replaced with a cleaned prg /me rolls eyes
No idea about HIV2 anyway. |
| |
bugjam
Registered: Apr 2003
Posts: 2579 |
@Danzig: That one sounds pretty cool, I hope it will be found. |
| |
Danzig
Registered: Jun 2002
Posts: 440 |
Quote: Anyone ever faced a "virus" that copied 2 files on a disk namely ">" and "<". It then changed track 18 so that load"$",8 list just returns load">",8,1.
if you place the cursor on that line and press return you get the directory listing with always the same diskname (something like "visual soft works" or the like, dunno remember exactly). IIRC you can just move the cursor on an entry and press return to load the file. And IIRRC it was also turbo loader.
1.) if you insert another disk into the drive it gets "infected" immediate
2.) it could also lead to "broken disks". I once inserted Zak McCracken into the drive for testing purpose and it mangled the disk.
3.) only way to remove the "virus" was to repair the directory with a disk monitor.
4.) It hides the files ">" and "<" while listing the directory
Anyone?
Yeah, sometimes things just don't let you sleep :D
I found the fucker on an old .D64 of mine (after manually checking ~700 Disks, hints for a good search tool are welcome ;) ).. So if anyone is interested, leave me a pm. I can isolate the 2 files and send it via e-mail!
I hope someone can shed some light on it (who did it, when was it done (my guess: somewhen 1987?)).
Cheers! |
| |
bugjam
Registered: Apr 2003
Posts: 2579 |
Cool. :-) |
| |
Danzig
Registered: Jun 2002
Posts: 440 |
I copied the 2 files to an empty .d64 and "activated" it by executing load">",8,1.
It says Visual--Arts in the header. So I created an entry for the group and the Virus
Edit: Why did I create a new group entry? Because I have no doubt: this was not released by Visual Arts |
| |
bugjam
Registered: Apr 2003
Posts: 2579 |
Is it known which one is the virus mentioned here Virus Warning!? |
| |
Scan
Registered: Dec 2015
Posts: 111 |
Not sure whether you people are still interested in Commodore 64 viruses, but here you can download a new one. The zip file contains the fully documented source code (64tass compatible) and a .d64 image on which the 2nd file (with the picture of the trollface) is infected.
Bit Addict Virus |
| Previous - 1 | 2 | 3 | 4 | 5 | 6 | 7 - Next |
