| |
chatGPZ
Registered: Dec 2001
Posts: 11360 |
Making a Virus Scanner - info needed
as some of you might know i made a little util to scan the disks i transfered for errors (D64scan V0.2). now after reading latest discussions about various virii on the c64 i thought it would be a useful feature to add virus detection (and possibly elimination) to that tool aswell...
so the question is, who has detailed info on that subject? useful info would be
- what virii do exist
- how did said virii work
- what are existing scanners/cleaners, and how do they work
- how do those virii "initially" install (i only know about that bhp virus "installer")
...etc.
at the very least, i'd need a bunch of "infected" disks (or well, d64s of them), but ofcourse any further info would make things a lot easier :)
anyone? |
|
... 57 posts hidden. Click here to view all posts....
|
| |
chatGPZ
Registered: Dec 2001
Posts: 11360 |
Quote:A hint how to identify a HIV infected disk...
means the virus is active or am i wrong ?
yes you are, and if you read my answer again you might even understand why o_O |
| |
BAR.
Account closed
Registered: Apr 2002
Posts: 324 |
Quote: Quote:A hint how to identify a HIV infected disk...
means the virus is active or am i wrong ?
yes you are, and if you read my answer again you might even understand why o_O
deleted.. |
| |
AlexC
Registered: Jan 2008
Posts: 298 |
I wonder: did anyone actually ever found a sample of Coder-Virus? |
| |
iAN CooG
Registered: May 2002
Posts: 3187 |
sure, grab while it lasts
https://www.dropbox.com/s/bqbk2rkfxobmd04/codervirus.rar?dl=0
contains both a d64 with 2 infected prgs and one extracted infected prg.
Unp64 and d64vrm can be used to disinfect them. |
| |
AlexC
Registered: Jan 2008
Posts: 298 |
Quote: sure, grab while it lasts
https://www.dropbox.com/s/bqbk2rkfxobmd04/codervirus.rar?dl=0
contains both a d64 with 2 infected prgs and one extracted infected prg.
Unp64 and d64vrm can be used to disinfect them.
Thank you! I've been looking for it to confirm it for some time already. |
| |
trent
Registered: Apr 2015
Posts: 12 |
While as far as I know never in the wild, and this source code is benign, the author of this code posted it up some time ago (e.g. someone may have made a variant, however unlikely). Only GEOS virus I ever heard of; but would qualify for this thread; it's a file infector.
http://www.lyonlabs.org/commodore/onrequest/geos/ShadowVirusS.t..
Details of method of operation at the bottom of this page;
http://www.lyonlabs.org/commodore/onrequest/geos.html#exotica |
| |
The Phantom
Registered: Jan 2004
Posts: 360 |
Groepaz - I know nothing, but have some c64 virus stuffs you may want.
I have a document (pdf) on BHP, it's payload and how to avoid it.
Then I have the following:
BCS 1.64
Bula 6.13
Bula 8.32
C.bar.de
And, of course, BHP.
Not sure if any of it would be of use, but if so, make sure you PM me and I'll send them to whatever email address you give. |
| |
The Phantom
Registered: Jan 2004
Posts: 360 |
The PDF looks to be the same Scout posted at the start. |
| |
Danzig
Registered: Jun 2002
Posts: 440 |
Anyone ever faced a "virus" that copied 2 files on a disk namely ">" and "<". It then changed track 18 so that load"$",8 list just returns load">",8,1.
if you place the cursor on that line and press return you get the directory listing with always the same diskname (something like "visual soft works" or the like, dunno remember exactly). IIRC you can just move the cursor on an entry and press return to load the file. And IIRRC it was also turbo loader.
1.) if you insert another disk into the drive it gets "infected" immediate
2.) it could also lead to "broken disks". I once inserted Zak McCracken into the drive for testing purpose and it mangled the disk.
3.) only way to remove the "virus" was to repair the directory with a disk monitor.
4.) It hides the files ">" and "<" while listing the directory
Anyone? |
| |
AlexC
Registered: Jan 2008
Posts: 298 |
Ok, so I've been able to locate most of infected disk/prgs: I'm still missing those two:
HIV2
Starfire
I'm also looking for more sample of HIV1 virus. I know I could download the source code from codebase64 but I don't want to create new variants by accident so I'd prefer to find disk images or prgs. If anyone has those file please share. Thanks in advance. |
| Previous - 1 | 2 | 3 | 4 | 5 | 6 | 7 - Next |
