============================================================================ VIRUSZ II REVISION HISTORY ============================================================================ Actually, version 1.36 should become the XMAS '96 release, but as I had so many other things to do, this is the first version in 1997. Another year has gone by and I'd like to thank all folks out there that supported me through the last year(s) with new stuff and money. At this place I'd also like to thank Jan Andersen and his family for sending that nice Xmas postcard. I wish all of you out there the very best for this new year 1997 and I wish all you virus-coders out there the worst nightmares ever dreamed by any human being!! 1.36 Changes/Additions since 1.35: - Added new viruses: HD Protect 6.24, COP 15, Trust No-One 1-3. Thanks to Jan Hendrik Lots for sending those beasts. - Finally implemented the bootblock brain!!! After 3 years of laziness in this point I managed to code all the necessary stuff to get the brain working. Now VirusZ can learn all your custom bootblocks and will no longer report them as unknown. See details in the guide at the 'Misc Prefs' chapter and in the 'Bootblock Lab' section. All formerly disabled buttons are now fully working. - New distribution site: 'The Realm' is dead, from now on call the 'Army Shop'. Don't panic, same number, same sysop ;-) - Added sort mechanism to brain editor and fixed problems with delete function. - Added new device detection code that finds all usable devices itself and therefore removed 'Devices' from 'Misc Prefs'. Now all mounted sector-based drives will be scanned automatically. I've tested this routine with SCSI/IDE HDs, SyQuest and CD-ROM and it worked fine. Please let me know if it doesn't work properly on your system. - Added menu item 'Update Devices' to refresh the device list after mounting some new drives (eg. SyQuest, CD-ROM etc.). - Added two new options to the Background prefs: 'Check All Drives On Update' and 'Report Known Bootblocks'. The first option makes VirusZ rescan all disks after 'Update Devices', the second option enables the report of bootblocks included in the brain by the background check. - Added possibility to go to Vector Check and Boot Lab directly from the background checker if something unusual has been detected. This feature was already implemented a few years ago but has been removed after rewriting the background code. So now I hope that all you folks demanding it from time to time are happy again ;-) Note that this only works if VirusZ isn't active in any other way at that moment (e.g. File Check). 1.35 Changes/Additions since 1.34: - Added new topic to vector check: 'Suspicious Process Fields'. The tc_Switch, tc_Launch and pr_PktWait fields of every process are listed here. These fields are used by some new viruses and they are likely to be used by future viruses too. - Added 'Show Process Fields' to vector check prefs. This button switches the function mentioned above. - Added 'Process Fields' to 'Clear' menu in the vector check to reset the above mentioned pointers. - Added process field check to the background checker. - Added 'Process Fields' buttons to the background prefs. Here you can turn on/off startup check/surveillance of the process fields. - Added new viruses: TRSI-ZNT.exe Fake, Firedom 1.4, HNY Clones. Thanks to Markus Schmall and Jan Hendrik Lots for sending these little beasts. - Added Prometheus linkvirus. Thanks again to Markus Schmall. - Added Smeg and Aram-Dol linkviruses. Thanks to... Markus ;-) - Added BEOL3 linkvirus. Thanks to Markus Schmall, Jan Hendrik Lots and Jani Juhani Mattinen for sending this sucker. -------------------------------------------------------------------- The time has come to go back to the 'Fachhochschule' again, now for about nine months until July 1997. This means that I will only work on VirusZ at the week-ends which is far too less for astonishing improvements. Therefore I will mainly do some new-virus-implemented updates. Nevertheless VirusZ development will be continued... -------------------------------------------------------------------- 1.34 Changes/Additions since 1.33: - Added new viruses: ADO! + Installer + Library, Gotcha! II, ORB 95, VoxelSvind Trojan and AGA Italy Fake. Thanks to Jan Andersen and Jan Hendrik Lots for sending those beasts. - Added BEOL 96 virus, the most clever bastard ever seen on Amiga so far. It took a lot of analysing work to find a cure against this sucker. Thanks to Jan Hendrik Lots for sending it and Markus Schmall for some more example files. - Added B.E.O.L. 2 and Affe linkviruses. Thanks to Markus Schmall for sending them. - Added XCom linkvirus. Thanks to Markus Lück for sending it. -------------------------------------------------------------------- Jan Andersen reported that the archive check crashes on his A500. I myself then tested VirusZ on a plain 68000 and on Kickstart 2.0, but it worked well. If someone has similar problems on his machine, please tell me and send me the archive that crashed for testing... -------------------------------------------------------------------- 1.33 Changes/Additions since 1.32: - Added archivers preferences! Here you can easily enter the names, recognition offsets/data and command lines of any file based archiver programs (eg. LhA, LZX) you want VirusZ to recognize and extract. - If preferences have been changed during a session, VirusZ now tells you if any of them have not been saved yet before exiting. This is especially useful as the new archivers preferences might be a lot of typing stuff which is annoying to lose. - Added 'EF67A3C3' linkvirus (temporary name until something better comes to my mind). Thanks to Christoph Faßbach for sending me this little beast. - Fixed wrong recognition for Lisa FuckUp 2.0. Sorry folks, but all those RexxMasher compiled files have been recognized as a virus. Thanks to Bert Jahn for sending the RmS package and the report. And sorry to Matthias Scheler (AmiNet Administration) for all the trouble. - Added 'Extract Archives' toggle to the file check preferences to switch on/off the new feature. - Finally added recognition/extract code to the file check itself. The rewritten file loader now also handles data files much better if 'Decrunch Data Files' is activated. Only crunched data files will be read completely, all others will just be read partially for recognition purposes. - Added more informative statistics at the end of each file check. - Added new options to CHECKFILE and CHECKDIR ARexx commands: a. USEEXTERN enables use of external xfd slaves. b. EXTRACT turns on extracting of archives. - Added USEEXTERN and EXTRACT options to Shell template. Meanings are the same as with the ARexx commands. - Added HitchHiker 3.00 + Installer. This is the 50th linkvirus recognized by VirusZ!!! Special thanks to Markus Schmall for sending this 'anniversary gift'. - Fixed bug in HitchHiker 2.01 repair code. Some branches haven't been removed properly in the last version. Thanks to Emmanuel Poirier for this report. - Added new version of xfdmaster.library. ----------------------------------------------------------------- The new features of this version have been heavily debugged and I already fixed 3 major bugs in the beta versions, so this final release should be stable and work properly. If there nevertheless appear any problems, please contact me! Thank you in advance... ----------------------------------------------------------------- 1.32 Changes/Additions since 1.31: - Added recog/repair code for Hitch-Hiker 2.01 linkvirus. Thanks to Frank Heim, Holger Hesselbarth, Michael Veroukis, Bert Jahn and Jan Hendrik Lots for sending me this ugly creature ;-) - Added other viruses: BootShop Virus-Installer, Lisa FuckUp 2.0, Acid Infector 1.5, H.N.Y. Installer 3, ExHacker Trojan 1 - 3, Pamela Fake and Commander Installer 2. Thanks to Jan Hendrik Lots for testing VirusZ 1.31 and sending those missing ones. - Added new xfdmaster.library that supports CFP 1.35/1.36 files. No more hiding of viruses is possible now with that method. 1.31 Changes/Additions since 1.30: - Enhanced basic file check routines. Added better test routines for truncated files, added support for reloc32_short hunks in the linkvirus removal code, added better CPU cache controlling code. I hope that every abnormal condition is under control now ;-) - Added analyzer for raw bootblock data files to file check. Now you can scan your bootblock directories and get a report of all bootblock viruses. - Fixed severe problems in the file check: If a file was infected with a linkvirus and underneath there was a 4eb9-linked file, the 'Delete file' requester didn't pop up. The same problem appeared when a linkvirus couldn't be removed properly. - Fixed some bootblock recognitions. It sometimes happened that clones were reported with the wrong name. All the above improvements are mainly based on the test results of the Virus Test Center of the University of Hamburg. Thanks to Sönke Freitag and the other members of VTC for this 'blow on the head' ;-) I will fight to get back on the top ranking in your test sheet... - Fixed repair code for Invader linkvirus. Some files might have been defect after repair with the old code. - Added new viruses: AMOS AGA-Install, CompuPhagozyte 10/11/12, Circle of Power 12/13/14, VirusConstructionSet 2, LZX Reg Fake, Creator, Degrad, Andy/Decade, Susi Drive Stepper, Biomechanic 7, Wireface 3/4, Fileghost 1, Strange Atmosphere + 3 Installers. Thanks to Markus Schmall and Jan Andersen for reacting so quickly on the poor results in the VTC test and providing me with those missing viruses. - Added new feature to file check: It now automatically removes any hunk_name ($3e8) found in a file. This is especially useful as there appeared several disguised trojans through the last months that used hunk_name to avoid proper file checks. I changed some recognitions too: Wireface Trojans, COP 8 and UA Dialer 6.2 will be analyzed completely and reported with their real names now. - Added Amixhack trojan. Thanks to Dave Jones for that bastard. - Added viruses: UnLZX Trojan, PowerTrader Fake, The BBS Traveller, Hitch-Hiker 1.10 and Mutation Nation 1.0. Thanks again to Markus Schmall for supplying me with these viruses. - Fixed Enforcer hit in the B.E.O.L. memory check code. Thanks to Christoph Dietz for the report. ! IMPORTANT: I will no longer add new patches as I may develop ! ! a totally new vector check for VirusZ that will be intelligent ! ! enough to learn changes done to the vectors. So please don't ! ! send me disks with new patches any longer. ! And finally sorry for this relatively long delay, but it's going to be summer and I need some fresh air from time to time ;-) 1.30 Changes/Additions since 1.29: - Added some old bootblock viruses: Ass Protector French, Cracker Exterminator, Disk Furunkel, Lamer Ext. Decoded, Laureline Female, Sinister Syndicate 1+2. Some of these aren't really viruses, but most other virus checkers detect them, so I added them too. Thanks to Jan Andersen for sending that stuff. - Fixed bug in preferences load routine. This code crashed on plain 68000 machines because of odd stack addresses. Thanks again to Jan and to Phillip Feigh for the report. - Fixed bug in the 'Happy New Year 96' repair code. The old routine missed to check for one possible branch location and therefore produced some crashing files from time to time. Thanks to Holger Wessling and Jan-Tore Eliassen for reporting that bug and sorry for all the trouble you had with the defect files. - Added patches: CacheIt, ModePro, NewIcons, Prop3D and UrouHack. Thanks to Dave Jones for collecting and sending that stuff. - Added new version of xfdmaster.library. - Added decrunch support to the FD file loader in the vector check. Now you can crunch your FD files with any data cruncher supported by xfdmaster.library. Thanks to Dave Jones for the nice idea. - VirusZ now requires xfdmaster.library already at startup, ie. you MUST install it in your LIBS: drawer. The reason is simple: Until v1.29, I added several xfd-routines directly to VirusZ to avoid loading xfdmaster.library, but this seems to be very uneffective as most people use the decrunch feature anyway. There is a nice side effect too: VirusZ has been shortened by about 2500 bytes. - Added patches: LowFrag and UrouHack 1.3. Thanks to Bert Jahn for sending that stuff. - Saved about 1600 bytes by removing double strings (mostly virus names) and optimized some memory recognition code. 1.29 Changes/Additions since 1.28: - Added xfdPatch to the vector check. - Added recognition for LZX archives to the file check. Thanks to Holger Wessling for the hint. - Added MCP and PatchControl 2.2 to the vector check. Thanks to Stefan Sommerfeld for sending the latest versions and for the extra information. - Added option 'Use External Slaves' to the file check preferences. This is a new feature of xfdmaster.library v37 to filter out external slaves that cause trouble all the time. - Added KUK Crew and LZX 1.2 Fake trojans and Invader linkvirus. Thanks to Markus Schmall for sending them. - Modified and expanded the background preferences. The buttons for 'Bootblocks', 'Disk-Validators' and 'Known Viruses' exist twice now as all the other buttons too. The 'Check Disks On Startup' has been removed and replaced by the above mentioned. Now you can switch on/off the bootblock and disk-validator check separately, the check for known viruses can be switched off at startup too. Please control your settings when you start the new version for the first time. - Rearranged some vector check code for better performance and finally added all patches caused by SetPatch 40.16. Thanks to Lars Kristensen for reporting about the SetPatch problems on his machine. - Redesigned file check preferences for better readability. - Added changes done by 68040.library to vector check. If there are still some vectors reported, please send me a note because I couldn't test the recognition myself. No 68040 :-( 1.28 Changes/Additions since 1.27: - Finally fixed a problem that I already noticed some months ago, but didn't find the bug. After inserting and removing some disks, it may have happened that the system had a busy-loop whenever the background checker was working. Now I found the problem that caused all the trouble: the BEOL memory checker tried to read from a non-existing process in not available memory areas. - Added a big new feature: a real background checker that not only searches for known viruses but recognizes all changes done to any system vectors. You can configure it totally to your needs. All checks can be enabled/disabled separately for startup and for surveillance. - Added new security check to the memory checker: before testing for known viruses, the respective address is tested to be in available memory areas. This prevents busy-loops with RAD: or other residents located near the bounds of a memory area. - Added MagicCX 2.39 to the vector check. Thanks to Martin Hans for sending it. 1.27 Changes/Additions since 1.26: - Added Happy New Year 96 linkvirus + 2 installers and three old bootblock viruses called Asshole, RedGhost and Sao Paulo. Thanks to Markus Schmall and Holger & Data-Stream for sending them. - Added new version of xfdmaster.library to the package. - VirusZ has a new official distribution site: Nirvana BBS !! For more info read the updates chapter of the guide file. Thanks to Markus Schmall for talking with the SysOp. 1.26 Changes/Additions since 1.25: - Added (new versions of) the following patches: BusyPointer, FastWaitBlit, PatchOpenWB, QuietTD, WBGauge, PowerData, ForceIcon, ModePro, AlertPatch, Arq and ReqChange. Thanks must go to Dave Jones, David Oakes, Martin Hans and Adam Szymczak for sending me that stuff. - Added viruses: Circle Of Power 10 + 11, Biomechanic 6, PB-Party Fake and Phantom Linkvirus + Installer. Thanks to Markus Schmall for sending them. - Added unlink code for Glue 2.2 and Glue 2.3 linkers to the file check. Thanks to Dave Jones and Markus Schmall for the example files. 1.25 Changes/Additions since 1.24: - Fixed menu colors for Kickstart V39+. - Removed INFO option from the shell template. - Added ARexx port! Finally VirusZ can be controlled from external scripts or other programs. The first commands are HIDE and QUIT. - Added CHECKFILE command to the ARexx port. Now you can check single files from other programs like DOpus etc. - Added ARexx command CHECKDIR to check a whole directory. - Added scripts: CheckFile.vzrx, CheckDir.vzrx and CheckArc.vzrx. These three show the whole power of VirusZ's Arexx port. You may modify them for use with e.g. DOpus or other archive types. - Extended shell template with FILECHECK, AREXX and QUIT commands. These enable you to send ARexx commands from a shell environment or from scripts directly to VirusZ. Returncodes represent the results of the ARexx calls. If VirusZ is not running while using one of the shell options, it will be first started and then the commands will be transmitted to the ARexx port. - Fixed string comparison in the ARexx code. Now it is no longer case sensitive and thus will no longer make trouble with shell options. - Rebuilt and enhanced documentation. Now you can get some more information about what VirusZ is doing in the background etc. - Added ExAll() emulation to the file checker. There seems to be a problem with some Kickstart versions using ExAll(). I've written a replacement routine that can be turned on if required. Thanks to Markus Schmall for telling me about the problem and to the guys who told it to Markus. - Added MultiCX 2.18 to vector check. Thanks Markus! - Fixed all gadget sliders to Kickstart V39+ colors. - Added Swifter 2.5 and SCSI-HD-Faker viruses. Thanks Markus! - Added new behaviour to startup code: If there's already an old version of VirusZ running, this one will be terminated and the new version is started. This will only work with versions that already have an ARexx port, so this is useful starting with the next version of VirusZ. Thanks to Holger for the idea. - Added 'Activate On Startup' option to the Misc settings. Now you can tell VirusZ to activate the main window on startup. Thanks to Axel Folley for that suggestion. - Added 'Skip Crypted Files' option to file check settings. This is useful if you have many password-protected files and don't want to click on the 'Cancel' gadget a hundred times. Idea by Axel Folley, thanks a lot. - Fixed report output in file check: Now the escape sequences are no longer starting with $9b, but with $1b,$5b. This makes the output readable in editors like CygnusEd that support the usual esc sequences. Thanks again to Axel Folley for the hint. - Added Wireface Trojan 2 (CheckMount) virus. This nasty beast was sent to me by Axel Folley. Thanks #4!! 1.24 Changes/Additions since 1.23: - Oops! Little bug fix in the file check. This one must have been in VirusZ for at least 2 years and nobody (including myself) noticed it. Whenever VirusZ came across 9 or more subdirectories, the display went crazy because of a counter underflow in the screen output routine. Special thanks to Cameron Weeks, Rudolph Riedel and Axel Folley for the detailed report. Isn't it funny that nobody noticed that bug for years and now you guys found it all within two weeks?? - Added support for SetMan, PatchControl and patch.library to the vector check. All patches that have been SetFunction()ed with one of these programs running caused VirusZ to display them as unknown even if they were already built in. Thanks to Rudolph Riedel for sending me the programs. - Added recognition for EasyReqPatch, ModePro, PatchAllocMem, ReqChange, TimedRequesters and MultiCX to the vector check. Thanks to Rudolph Riedel and Axel Folley for sending them. - Added Ebola and Cryptic Essence linkviruses. Thanks to Markus Schmall for sending them. - Added support for FD files to the vector check. Now you are able to see the function names of unknown vectors instead of their offsets. - Uh! Last minute fix in the FD file support. Standard functions (-6 to [-24/-36]) have not been displayed correctly. - Totally overworked file check routines. 4EB9-linked files will be unlinked, decrunched and checked now. Nested 4EB9-links in one file are handled all during one check via recursive calls to the check routine. This stuff took me two full days as I had to localize all global structures in the check routines! - Totally overworked internal file- and linkvirus brains to support 4EB9-viruses directly. And another weekend is gone! Attention: VirusZ will detect some built-in viruses ONLY if the decrunch option is enabled. Sorry, but that's the drawback with recursive checking. - Splitted docs in three parts: English, Deutsch and history. Cut pre-VirusZ II entries from the history to shorten docs back to a sensible size. Updated guides with new features. - Fixed another little problem with FD files in the vector check. Some devices (e.g. trackdisk) don't have a FD file because they don't offer additional functions. In that case the standard functions (-6 to -36) have not been displayed by name. - Added new powerful version of xfdmaster.library. - Removed old icons and added MagicWB icons by Martin Huttenloher and Timm S. Müller. Thanks for the great work guys! 1.23 Changes/Additions since 1.22: - Oops! Illegal Access also has a method to link itself to libraries/devices/datatypes etc. which I've totally forgotten in the last version. Thanks to Markus Schmall for reporting this 'feature'. - Oops again! The recognition for COP 9 recognized almost every Amiga-E program as virus. Sorry for this especially to all Amiga-E programmers who had trouble with their users. Thanks again to Markus Schmall for the call. - Renamed viruses formerly called COP 9 to Biomechanic 1. - Renamed DayDream/Fixdisk Fake to Biomechanic 2. VirusZ 1.21 Fake is a Biomechanic 2 too. - Added viruses: HD_Install Fake, Circle of Power 9, Vera 2.3, ConMan Link Installer and ConMan Link, Wireface Trojan and Biomechanic 3. Thanks to Markus Schmall for sending them. - Oops #3! When reading the report from VTC Hamburg, I always wondered which generation of the Crime'92 shouldn't be recognized by VirusZ. Now I found it by analysing the virus once again. I've forgotten to check for word-padded links (happens when the very last opcode in a file is RTS) and I've overseen the fact that the encryption may have two different branch offsets. Sorry folks, now it's 100% safe! - Optimized hunk handling in the linkvirus removal routines and saved about 400 bytes of code. - Finally fixed one BIG problem of the file checker: Whenever there was a write access (deleting/removing virus), it may have happened that some files were overseen or checked twice because the filesystem exchanges some file headers on disk on every write access. This was especially nasty concerning RAM:, because that handler is not block oriented. That problems are history!! I've rewritten the whole directory scan routine using ExAll() instead of Examine()/ExNext(). Now not only the above mentioned problems are fixed, but the code is even shorter and faster than before. Nested directories are now handled via recursive calls to the scan routine! - Added (new versions of) the following patches to the vector check: AlertPatch, ExecPatch, MakeVPortPatch, Enhanced Alert Hook, NewMenu, NoCare, PatchAlert, PointerX, Reset1200 and SysIHack. Thanks to Dave Jones for sending them. 1.22 Changes/Additions since 1.20: - Added file and memory support for B.E.O.L. and Illegal Access viruses. These two bastards took me a whole weekend to analyse and find a cure. Very nasty and totally new ideas inside. Thanks to Markus Schmall for sending them so quickly. - Added some more information to the vector check 'CPU Interrupt Vectors'. Just an idea I got while analysing Illegal Access. Now not only the autovectors are displayed, but all exceptions. - Added recognition for the following viruses: Alfons Eberg 2.0, ComKiller 1.6 Fake, Condom 1.5, K&M Intro, DayDream/FixDisk Fake, Butonic 3.10 + Installer, LZX 1.20 Fake, Empty Biomechanic, Rock'n'Roll Trojan and InstSG Fake. - Added new feature to file check: So-called 4EB9-Linkers will now be detected and reported. 4EB9, 4EF9, UFO and XLink linkers are recognized by now. I will add some more support for these in the next versions (Possibly re-link and check single parts?). ---------------------------------------------------------------------------- 1.21 FAKED VERSION!!! I never released VirusZ II 1.21 (80268 Bytes). This is an original VirusZ version with a Biomechanic virus linked to it via 4EB9 Linker. Delete it immediately!!! Thanks to Markus Schmall for reporting about that stuff. ---------------------------------------------------------------------------- 1.20 Changes/Additions since 1.18: - Added recognition for the following viruses: Circle Of Power (several new versions), Fileghost 3, Karaçiç and Conman 1995 + Installer. Thanks to Markus Schmall and Axel Folley for sending that stuff. ---------------------------------------------------------------------------- 1.19 FAKED VERSION!!! I never released VirusZ II 1.19 (9.6.95). This actually is VirusZ II 1.03 with only the version strings changed. No damage is caused by this fake. Thanks to Markus Schmall for reporting about that stuff and to Holger Hesselbarth and André Lagemann for sending it to me. ---------------------------------------------------------------------------- 1.18 Changes/Additions since 1.17: - Updated file check to support the new features of the xfdmaster.library v35. - Added new option to the file check prefs: "Decrunch Data Files" Now you can tell VirusZ to load data files completely into memory and try to decrunch them. Useful especially for XPK packed executables, as they couldn't be checked for viruses until now. Thanks to Nicolas Franck for this nice idea. - Renamed old option "Decrunch Files" to "Decrunch Executables" as this description is less confusing. - VirusZ has a second official distribution site now: Virus Help BBS - Team Denmark [++45-3672-6867]. Thanks Jan! - Fixed little bug in the linkvirus removal code: If the hunk to be removed was the only hunk of the whole file, VirusZ crashed. Thanks to Koenraad Rutgers for sending some example files. - Added new patches: MultiUser 1.8, ToolManager 2.1a, SmartWB and xLoadSeg. Thanks to Nicolas Franck for sending them. - Added viruses: Circle Of Power 4, CallingCard Hacker and HD SpeedUp 1.0. Thanks to Jan Andersen for sending them. - Added new features to the vector check: a. Settings can be changed within the vector check now. If some prefs have been changed, display auto-refeshes. b. Vector report can be saved now. Thanks to Steve Bowman for this useful idea and sorry for the long delay. 1.17 Changes/Additions since 1.16: - Added viruses: Revenge of NANO 1 + 2, IconDepth Fake, VScan Fake, Circle of Power 2 + 3. Thanks to Markus Schmall and Matthias Gutt for sending them. - VirusZ has an official distribution site now. Thanks to Holger of THE REALM [++49-(0)515-43528] for his offer. 1.16 Changes/Additions since 1.15: - Added patches: DosPrefs, TWA, PowerSnap and a new version of ToolsDaemon. Thanks to Rudolph Riedel for sending these. - Added viruses: Circle Of Power, /X Fucker, Rastenbork 1.2, Rastenbork 2.0, Rastenbork Installer, World Clock Fake. Thanks to Markus Schmall and Jan Andersen for sending them. 1.15 Changes/Additions since 1.13: - Added Gathering '95, Conman-LoadWB + Installer, Addy 0.99 + Installer, Commander Installer, Copy_LX, LhA V3, IStrip 2.1. Thanks to Markus Schmall for all that viruses. - Fixed recognition for DMS 2.06, Timebomber Inst. and Gotcha Lamer! Installer. Thanks again to Markus Schmall. ---------------------------------------------------------------------------- 1.14 FAKED VERSION!!! I never released VirusZ II 1.14 (2.2.95). This actually is VirusZ II 1.03 with only the version strings changed. No damage is caused by this fake, but it's really old and though not too useful. Thanks to Jan Andersen for sending that stuff to me. ---------------------------------------------------------------------------- 1.13 Changes/Additions since 1.12: - Added new PointerX, SysException and AddPower to the vector check. Thanks to Dave Jones for sending this stuff. - Added 'Access Forbidden' clone. Again thanks to Dave. - Added CheckDebug, CycleToMenu, ForceIcon, NewMode, PatchPointer, SwazInfo and new Setpatch to vector check. Thanks to Thomas Kessler for all those bits'n'pieces. - Added WBExtender to vector check. Thanks to Markus Schmall. - Added Ami-Hacker, DMS 2.06 Short and Surprise virus. Thanks to Markus Schmall for sending this stuff. - Totally revised & updated the filevirus brain. Everything is prepared for some new features now. Wait and see... - Fixed some bad recognition code that reported several virus-free programs to be infected. Thanks to Markus Schmall, David Oakes and Koenraad Rutgers for the hints. Note to Koenraad: The problems with BootJob and XLink will be fixed in one of the next updates as this is what I wanted to do next anyway. Your files are NO viruses. - Added patches: FasterBlit 6.6 and some new SetPatch stuff. Thanks to Adam Szymczak for these. - Added Pestilence bootvirus. Infected sectors can be repaired via SectorCheck. Thanks again to Markus Schmall. 1.12 Changes/Additions since 1.11: - Added Commander, Eleni! and Fileghost 2 viruses! Thanks to Markus Schmall for sending them. - Added new versions of ReqChange and CopyMemQuicker to the vector check. Thanks to Adam Szymczak for sending them. - Renamed "? No Name ?" virus to Vtek 2.2. - Improved recognition code for Decompiler virus. Some AMOS files had been recognized as the virus. Thanks to Markus Schmall for the hint. - Redesigned whole file- and linkvirus checking routines. You won't notice a big difference as the GUI looks as always, but internally everything has changed. VirusZ is now able to check EVERY hunk of executable files for linkviruses. NO hidden linkviruses anymore by just adding some new hunks! - Fixed several small bugs in some old linkvirus stuff while rewriting the checker. - Linkvirus removal code now supports all official hunktypes from hunk_unit to hunk_index. - Added some new file types. - Renamed some more viruses, amount of viruses changed slightly because some routines now recognize several types of the same virus while others have been split. - Redesigned "Show Brains" requester. - Added Big Ben, Max Of Starlight '93, BootX Killer and Amiga Fanatic 1.1 bootviruses. Thanks to Markus Schmall as always for sending them ;-) - Added recognition for new versions of RTPatch and FasterBlit. Thanks to David Oakes for sending them. - Redesigned "Show Brains" again, displays patches now. TO DO: Due to lack of time, I just redesigned the linkvirus part of the file check, the filevirus part still only checks the first hunk. This will be changed in later releases. I have some ideas concerning the so-called 4EB9-Linker and similar utilities, too. This is a secret, wait for the key... 1.11 Changes/Additions since 1.10: - Added Elien 0.1 virus and VMK 3.00 fake. Thanks to Markus Schmall for sending them. - Added Enforcer, SegTracker and MungWall to vector check. Thanks to Ulrich Klauer for sending this stuff. - Added latest version of xfdmaster.library. 1.10 Changes/Additions since 1.09: - Added viruses: Decompiler, Doom + Installer, Intel (LoadWB), Lamerfry 1.3b, Lamerkiller, Laureline, DMS 2.13 Fake, JiZANSi, RootFormatter, EastStar + Installer, Look BBS, Sumpf Gag, Polyzygotronifikator. Thanks to Markus Schmall for these. - Added latest version of xfdmaster.library. - Added another linkvirus that doesn't contain any ID string, so I simply called it "? No Name ?". May be renamed later. Thanks again to Markus Schmall for sending it. 1.09 Changes/Additions since 1.08: - Added viruses: Eleni, Loop-Combo and Labtec. Thanks to Markus Schmall and Mark Ives for sending these. - Added latest version of xfdmaster.library. 1.08 Changes/Additions since 1.07: - Added viruses: Mount, Debugger, G-Zus and some CCCP Clones. Thanks to Marco van den Mont, Jan Andersen, Jim Maciorowski and Krzysztof Klos for sending them. - Added more viruses: Installer of Mount, Easy-E and Installer of Conman. Thanks to Markus Schmall for sending them. 1.07 Changes/Additions since 1.06: - Added viruses: Installer of Datalock, LhA-Check 1.1 and a new version of Menem's Revenge. Thanks to Markus Schmall and Jan Bo Andersen for sending them. - Again new viruses: MST-Inte, Rel 01.28 and Conman-Trojan. Thanks to Markus Schmall for these beasts. - Added new version of xfdmaster.library including external decruncher and changed installation script. - Designed new icons for VirusZ, Guide and Installation. 1.06 Changes/Additions since 1.05: - Added some additional self checks. You can now verify if your copy of VirusZ is an original or a fake by comparing the length stated in the "About" request with the actual file length. - Added new patches: HD Floppy Driver, SetPatchMrgCop, PowerData, BorderBlank and a new version of MagicMenu. Thanks to David Oakes and Naim Hosein for sending them. - Added boot viruses: Datalock 1.1, Datalock 1.2, Polish P-1B. Thanks to Markus Schmall and Krzysztof Klos. - Added file viruses: Installer of Digital Dream, Xlink 3.0, Saddam 7, Aibon 3, Burn 2, T.A.I. 11, ToolsDaemon 2.2 Fake, GeneralHunter 3.2. Thanks to Markus Schmall, Martin Odaischi and Jan Bo Andersen. - Added string gadget "Devices" to the Misc Prefs. Now you can enter all your devices (mounted or unmounted) to this list and they will be both checked from the background task and used from the BootLab. I hear some people say: "Oh, I have to type them all myself. How irritating!". BUT: You'll have to do it only once, and then there will never be any problems with CD drives, some HD controllers etc. If a drive doesn't work, simply don't add it to the list. Thanks to this simple but nevertheless great idea to Axel Folley. - Added again viruses: Zonder Kommando 1 + 2, AAA-Enhancer, JINX. Thanks to Markus Schmall for these and for the 'Burn' code. - Included latest version of xfdmaster.library. ---------------------------------------------------------------------------- !WARNING! VirusZ II 1.05 (68544 bytes) is a fake! !WARNING! The original is 66116 bytes long. ---------------------------------------------------------------------------- 1.05 Changes/Additions since 1.03: - Totally redesigned documentation. It is now written for AmigaGuide and contains a German section to satisfy all the guys who kept on nagging for the last months. - Added some nice code for encrypting VirusZ. Bad luck, hackers. I hate nothing more than little lamers thinking they are cool when they destroy the hard work of other people. - Added patches: AlertPatch, FaccII, GOMF 3.0, RTDD 1.7, SFAPatch, Setpatch 40.14. Thanks go to Steve Bowman and Ralf Thanner. - Added bootblock viruses: Baltasar, Datacrime 2.0, PAL, PDS, PKK, Shake!, TAI 4, TAI 5, TAI 6, TAI 8, TAI 9, Tomates Gentechnic 2.0. Thanks to Martin Odaischi and [can't remember who it was]. - Added file viruses: Boot-Virus Installer, VirusZ 1.03 Fake. Thanks fly over to Martin Odaischi and Markus Schmall. If I only could get my hands on the little idiot who did that fake, he'd wish he never had done it. ---------------------------------------------------------------------------- !WARNING! VirusZ II 1.04 is a fake! !WARNING! ---------------------------------------------------------------------------- ---------------------------------------------------------------------------- !WARNING! VirusZ II 1.03 (67076 bytes) is a fake! !WARNING! The original is 64664 bytes long. ---------------------------------------------------------------------------- 1.03 Changes/Additions since 1.01: - Added the following viruses: Sepultura 2.26, BossNuke, ModuleMaster 1.7 Fake, Virus-Hunter 10.20, VKill 1.00 File, Merry, MegaLink, Digital Dream, Zenker. Thanks to Markus Schmall and Jan Nielsen for sending them. - Replaced decrunch.library by xfdmaster.libary support. That's one of the reasons why the last few updates were quite simple, I worked on that library since October. It works much more efficient than decrunch.library, is much safer and supports some more crunchers. Several bugs have been fixed. - Improved the hunk tester in the file check. - Added some more viruses: PHA Intro Fake, Anim Intro Fake, Dialer 2.8g/6.2, M-WHO Backdoor, Stockmarket Backdoor. Thanks to Markus Schmall and Jan Bo Andersen. - Replaced old reqtools.library with a new update. - Added new patches to vector check: Xoper 2.4, NOG2 2.1, PowerCache 37.64, FasterBlit 5.0, IPrefs 40.29. Thanks to Ralf Thanner for sending them. ---------------------------------------------------------------------------- !WARNING! VirusZ II 1.02 is a fake, delete it now. !WARNING! ---------------------------------------------------------------------------- 1.01 Changes/Additions since 1.00: - Added new viruses: VIRI, SHI, VCS 1, VCS 2, Leviathan, Fred Cohen. Thanks to Markus Schmall and Jan Bo Andersen for these. - Added new patches to vector check: KCommodity 2.5, MagicMenu 1.27, PrintManager 1.1 + 2.0, FastWaitBlit, FrontPubScreen, Alert Patch. 1.00 Changes/Additions since 0.94ß: - Added new bootviruses: Karl Marx, CBM, SCA 666, M_Chat and TFC Evergreen 47.11. Thanks to Martin Odaischi for sending them. - Added new bootviruses: AIFS, NASA, TAI, PVL. Added new linkviruses: Dark Avenger 1 + 2. Thanks to Markus Schmall for sending them. 0.94ß Changes/Additions since 0.93ß: - Added several new bootblock viruses (mostly clones): ABC Viruskiller 1.01, Electro Vision, Exorcist, Grim Reaper, Irak 3, JT Protector 1.0, Lame Game, MAD 3b, Prima Vera 8.0, Starcom 1, 2 and 3. 0.93ß Changes/Additions since 0.92ß: - Added code for safer device calls. Several people told me that previous VirusZ versions crashed immediately when started on their A3000(T). They all had PC0: mounted. This was not a problem of VirusZ at all, but a bug in the mfm.device of Commodore. This device trashes register D3 in the Open() call and therefore caused VirusZ to crash because it uses D3. Time for a little bug fix, Commodore?? Thanks a lot to Axel Folley for his extensive testing. I don't know if I would have found that bug as fast as he did. 0.92ß Changes/Additions since 0.91ß: - Added 'Check Again' gadget to file and sector checker. - Added 'Auto-Save Report' and 'Default Report Path' to the file check preferences. - Added 'Hide OK Vectors' to the vector check preferences. - Rewrote main loop to act as a commodity. VirusZ can now be controlled via Exchange. - Added Shell options and tooltypes CX_PRIORITY, CX_POPKEY and CX_POPUP for standard commodity support. - Added 'Hide' item to project menu. - Added commodity default settings to the misc prefs. - Removed 'Snapshot Window' item from prefs menu. The window now remembers all movements automatically. - Added 'Center Main Window' to the misc prefs to override the remembered window position. - Added 'Close Main Window = Exit' to support both the old CLOSEWINDOW and the standard commodity behaviour. - Added Shell option and tooltype PUBSCREEN. VirusZ can open its windows on any public screen now. - Added Shell option ??=INFO. Use it to get more information about the usage of the other options. - Added new viruses: SnoopDos 1.9 Fake, SnoopDos 2.1 Fake, DWEdit 1.62a Fake, DI Ansi Ed 2.8 Fake, AEReg 3.9, A.I.S.F. 0.91ß Changes/Additions since 0.90ß: - Added bootblock lab (no brain support yet). - Added bootlab preferences. - Removed Unicorn 1.1 from the bootvirus brain. This is not a virus, but a quite unique loader for menus etc. Thanks to the guy from Unicorn for calling me. 0.90ß Changes/Additions since 3.07: - VirusZ requires OS2 now. - Redesigned main menu and split it in two parts. - Totally rewritten file check. Uses a multiselect filereq now, has a new window and new preferences. Detects more file types and handles viruses even better than the old one. - Totally rewritten sector check. Only works with trackdisk units now and supports HD drives. Improved Saddam checking in order to prevent wrong diagnostics (same with Little Sven). New window and own preferences have been added. - Totally rewritten vector check. Output may be scrolled now, preferences configure the vectors that should be checked. - Totally rewritten background checker. Works parallel to the main process and therefore can check memory/disks even during a file check. Own preferences. - New preferences format with checksum. This will be compatible with future ones because of standard definition. - Rewritten startup code. - Added internal brain display to VirusZ. - No brain support and all related functions in this release. - No bootblock lab + prefs. - No Shell usage. - 1000 other minor changes I can't remember. ---------------------------------------------------------------------------- VirusZ II (OS 2.0+ only) history starts in Summer '93. VirusZ 1.00 - VirusZ 3.07 history (September '91 - Summer '93) removed. ----------------------------------------------------------------------------