NoVirus DEMO Copyright 1988 1989 by Nic Wilson Software 138d South Street Toowoomba Queensland Australia 4350 Phone (076) 358522 Work Hours (076) 358539 After Hours (076) 358522 Fax ABOUT THE DEMO VERSION This version is the same as the commercial version except that many functions have been disabled. The program will still check for bootblock and file viruses in both floppies and hard disks. If you would like a full version then send $40.00 to us at the address above. This version may be distributed freely as long as this document file accompanies it, and access to the document file is given on the disk in the form of an entry in the menu or an icon under workbench. Dealer and Distributor enquries contact us at the above address or phone number. FINDING THE BRAINFILE In order for NoVirus to load correctly, the BrainFile, and optional 'prefs' file must reside in the L: directory. If the brain is not found in the l: dirctory then especially for the Megadisc demo version it will look for it in each floppy drive, in a drawer called 'virus'. If not found in df0: dos will bring up a requester asking for a disk in unit 0, either insert your megadisc in df0: or if it is already in a drive other than df0:, cancel each DOS requester in turn and it will find the megadisc. MAKING BACKUPS OF NoVirus You can copy the NoVirus disk using your favourite copy program. RUNNING NoVirus FROM A HARD DISK DRIVE It is possible to run NoVirus from a hard drive. Copy the NoVirus and NoVirus.brain files to the hard drive (NOTE: The brain file MUST be in the L: directory.). NoVirus can be executed from the hard drive using the same methods described in the USAGE section of the manual. C O N T E N T S Copyright Notice i Disclaimer ii Acknowledgements iii Features & Requirements iv History of NoVirus v What are computer viruses vi Using NoVirus from CLI or Workbench 1 Checking disks for viruses 2 The Status Window 3 Using the NoVirus functions 4 System gadgets 5 Menu Items 7 Program Menu 7 Options Menu 7 Preferences Menu 10 What to do with unknown bootblocks Appendix I References Appendix II How to contact N.W.S. Appendix III Index of NoVirus Functions Appendix IV ACKNOWLEDGEMENTS NoVirus is a trademark of Nic Wilson Software. This manual was prepared using Word Perfect (A trademark of the Word Perfect Corporation, Utah, U.S.A.) on an Amiga 1000 and 500. Amiga and AmigaDOS are trademarks of Commodore-Amiga Inc. Nic Wilson Software would like to extend their appreciation to the following persons for their help in the production of NoVirus V3.00 and documentation. Debbie Wilson - Proof reading, punctuation and patience Warren Weber - Thanx for the company during many hours coding Donald Napper - For the great NoVirus icon (8 colour & animated) John Rowe - For Artillery support in the war with Intuition Andre Lapointe - Many suggestions & constructive critisism Any questions, comments, or problems please refer to- Nic Wilson Software 138D South St. Toowoomba, Qld. AUSTRALIA 4350 Phone- See top of this document FEATURES OF NOVIRUS DEMO * Full support for Hard Drives and RAD: drives. * 100% Machine Code for the fastest speed & smallest code. * Totally written and updated regularly in Australia. * Widely known and respected program. * BrainFile allows regular updating of NoVirus. * BrainFile widely distributed around Australia. * Saves & Restores boot blocks in case of virus attack. * View disk boot blocks or memory in ASCII or HEX. * Can Write a Scrolling 'Virus Free' message to bootblocks. * Change & save screen colours to suit your taste. * Change & save default drive. * Onboard help option for quick reference. * Can repair disks shown as 'NOT A DOS DISK' * Can check multiple disks via easy Intuition interface. * Can check single disk through 'startup-sequence' REQUIREMENTS Amiga 1000, 2000 or 500 with a minimum of 512k Ram. 1 - 4 floppy drives PAL or NTSC HISTORY OF NOVIRUS Welcome to NoVirus DEMO. I hope you find this program useful in keeping your valuable disk collection free from viruses. NoVirus was written in Assembly Language using Devpac V2.14. This assembler was an excellent program to use and made writing NoVirus much easier. NoVirus started back sometime in 1988, when the very first Amiga virus reared its ugly head. At that time many virus killers appeared on the public domain and at least one commercial version. I found none of these programs suitable for checking multiple disks quickly. All either had programming bugs or required too many mouse or key presses between disk changes. NoVirus was born from these needs. From the outset it was designed to be fast & efficient. Since its conception I have had many suggestions and reports on the program, and this has allowed it to grow into the most powerful and regularly updated program in Australia, if not the World. For the past eighteen months the program has been widely distributed at no cost to the user. As the virus problem on the Amiga grew I found this program to be taking many hours of dis-assembling and pondering over code, to keep NoVirus up to date. I decided to release a new version of the program commercially to help cover the cost of time and resources spent, and to keep updates coming regularly. NoVirus is the safest and most efficient way to check your disks for viruses, and with regular updates will allow you to keep one step ahead of the vandals of the computer age. To write a virus is easy, but to write a machine code program like NoVirus is a very difficult task. I get a great feeling from the comments and praise from users regarding NoVirus. I will never understand what the author of a virus gets from writing such. Obviously they are not talented enough to write useful programs. Nic Wilson WHAT ARE COMPUTER VIRUSES & WHAT DO THEY DO? A computer virus is a small program designed to hide away in memory and remain there even through a re-boot and perform a wide variety of tasks without the users' knowledge. They are normally designed to attach themselves to a disk sector or a file so they can spread from disk to disk, user to user, rapidly. Some viruses perform their tasks immediately while others can remain static for a period of time before becoming active. Early viruses on the Amiga were not really destructive, although they could render 'special loader' disks useless. This, I believe, was more accidental than pre-meditated destruction. As newer viruses emerge, they seem to be getting more and more destructive and harder to remove from the computer without forcing a reboot or a power down. Some recent ones are getting harder to locate, as they encode themselves differently each time they write to a disk. One particular virus attaches itself to files rather than the boot block. These require much more time to locate as the whole disk must be scanned. Hopefully as time goes on, virus authors will get bored with writing this type of program and use the time more usefully. But I can guarantee that until that time, NoVirus will be there to render assistance. CHECKING DISKS CHECKING MULTIPLE DISKS - Load NoVirus, either from Workbench or CLI as explained in the USAGE section. The program will default to drive DF0: unless you have selected another drive using NoVirus Preferences. Then, load the disks you wish to check into the selected drive one at a time and take note of the Status Window. Next to the words "Disk Status" you will see a message appear each time you insert a new disk. This status line will tell you what sort of bootblock is on a disk. If a virus is present on the disk that the BrainFile recognises, it will inform you of the Virus and give further instructions. You can use INSTALL, SCROLL or SYSNOT to remove the virus from the bootblock. CHECKING A SINGLE DISK - There are two ways of doing this. From WorkBench, using the same method described above, NoVirus will check the disk in the selected drive automatically. The other method is from CLI. Using the syntax described in the USAGE section NoVirus will check an individual disk in the drive of your choice, and return a Status message to the current CLI window informing the type of bootblock it has and if it found a virus. It will also give you a Memory Status message telling you whether NoVirus found any unusual or suspicious code residing in memory. THE STATUS WINDOW The Status Window is used to communicate with the user. All program information is displayed in this window. Thewindow is sectioned into six parts. Each part is explained below:- DISK STATUS - Displays information on the disk or bootblock in the selected drive. MEMORY STATUS - Displays the result of a check for known or possible new virus code in memory. PROGRAM STATUS - Informs the user that the program is ready to accept the next disk or command. ERROR STATUS - Displays the last error encountered. VIRUSES FOUND - Counts the number of viruses found in one checking session. BRAIN FILE - Displays the version number of the BrainFile being used. USING NoVirus From the CLI USAGE NoVirus n or N An optional switch for non-recursive checking (eg. Use this switch in startup-sequences, or to check a single disk only). OR i or I An optional switch to start ICONIFYed. It will start the program as a small window on the dragbar. The program will remain there on 'stand-by' until selected or closed. See ICONIFY in the Menu section for more on this function. NOTE: If the 'i' switch is used the parameter is not used, as the program will default to recursive. If used in a startup-sequence or batch file it DOES NOT need RUN or RUNBACK as NoVirus spawns its own process. This means that as soon as the program loads it will return the command line, and will allow the window it was launched from, to close, when an ENDCLI command is given. The Drive to be checked, eg. DF0: (for non-recursive only). Drive is only valid if you have used the n switch. The Drive selected must be a valid Amiga drive (ie. DF0: - DF3:). If no switches are given then the program will load, open a custom screen & window and default to recursive mode. Drive choice in recursive mode is made from the prefs file (see SavePrefs) or from inside the program, so you don't supply the drive from the command line. FROM WORKBENCH NoVirus is activated from the workbench by simply double-clicking on the NoVirus icon. IMPORTANT NOTE In order for NoVirus to load correctly, the BrainFile, and optional 'prefs' file must reside in the L: directory. If the brain is not found in the l: dirctory then especially for the Megadisc demo version it will look for it in each floppy drive in a drawer called 'virus'. If not found in df0: dos will brin up a requester asking for a disk in unit 0. Insert your megadisc in df0: or if it is already in a drive other than df0: than cancel each DOS requester in turn and it will find the megadisc. USING THE NoVirus FUNCTIONS GADGETS Drive Gadgets- Click on a drive gadget to select that drive. You can change drive at any time by clicking on another drive gadget. The selected drive shows an alternate image with a disk in and the drive LED on. The selected drive is the focal point of all functions of the program. All bootblock operations (multiple checking for Viruses, saving bootblocks, etc.) use this drive. Clicking on an already selected drive gadget will re-check the disk in that drive. When NoVirus is loaded it looks for a file, "L:novirus.prefs" (See MENU FUNCTIONS - SavePrefs). If found, the program will select the drive as specified in the 'prefs' file. If not found, NoVirus will default to drive df0:. BUTTONS - The button gadgets on the bottom of the screen perform different functions. Each is explained below. SCROLL - Not Available in the demo version INSTALL - Writes a standard AmigaDos bootblock to the selected drive. This is the same as installing a disk using the 'install' command in CLI. NOTSYS- Not available in the demo version SYSNOT- Not available in the demo version GRAB- Not available in the demo version RESTORE- Not available in the demo version BOOTBLOCK - This gadget is a switch that shows you the currently selected mode of NoVirus. Each click of this gadget toggles the mode from bootblocks to files and vice-versa. These two modes perform different functions as follows:- BOOTBLOCKS - This mode forces NoVirus to test only bootblocks for viruses. The program first checks for viruses that are built in to the code itself. Next it checks for viruses known by the BrainFile. If no known virus is found, it thenanalyses the bootblock for possible new viruses. The Brainfile also knows many safe bootblocks. If any of these are found they will be identified. File Viruses are not checked in this mode. This mode is fast, and allows you to check a batch of disks quickly. FILES - This mode does a complete virus scan. It first scans the disk directory and then tests each file in every directory on the disk for viruses known by the Brain. A file virus must be known by the Brain. It does not do any analysis of the file. To do this would take far too long even for a machine code program such as NoVirus. Once this is complete it then checks the bootblock the same as in the above mode. The time taken to perform this function depends solely on the number of files and directories on a given disk. So you have an idea on how long it will take, the program will count the files while scanning and display this in the status window, it will then decrement this will checking the files. SYSTEM GADGETS The system gadgets can be found at the top left and top right side of the screen. They perform different functions as follows:- CLOSEGADGET - The closegadget is located at the extreme top left of the screen. Clicking this gadget, opens a small window and prompts you to choose between exiting or ICONIFYing the program. ICONIFYing is explained on page 8. BACKGADGET - The backgadget pushes the NoVirus screen to the back. This gadget is not handled by intuition, so if any other function is currently being used within NoVirus, the action will not be performed until you finish the current function. This problem can be overcome by using Left Amiga N and Left Amiga M instead of the back/front gadgets accordingly. FRONTGADGET - The frontgadget performs the exact opposite function to the backgadget. MENU ITEMS PROGRAM MENU HELP - Gives a help screen describing the NoVirus functions in brief. CREDITS - This option displays information on the program (version number, etc.) and also the author's credits. We have also included an address that you can send potential new Viruses and unknown bootblocks to be checked. VIRUSES - This gives a complete list of the Viruses known by the particular version of the brain file that NoVirus is using. It is updated by the brain file when loaded. AUTO_NEWCLI - Not available in the demo version QUIT - This gives you an option to exit or ICONIFY the program. QUIT & DIE - Not available in the demo version OPTIONS MENU DOSENABLE - Not available in the demo version ICONIFY - Not available in the demo version ANALYSE - Not available in the demo version REPAIR - Not available in the demo version VIEWBOOT - Not available in the demo version FIXBOOT - Not available in the demo version NOBOOT - Not available in the demo version VIEWMEM - Not available in the demo version VIEWVECS - Not available in the demo version CHECKMEM - Not available in the demo version PREFERENCES PALETTE - Not available in the demo version STARTDRIVE - Not available in the demo version SAVEPREFS - Not available in the demo version WHAT TO DO WITH AN UNKNOWN BOOTBLOCK An unknown bootblock contains code that is not recognised by the NoVirus DEMO BrainFile. The difficult thing to determine when NoVirus discovers code that it does not recognize, is whether it is a safe bootblock or a possible new virus. The safest way to tackle a disk with an unknown bootblock is to write protect the disk then boot it. Then watch and listen to how the disk loads and sounds. Bootblocks normally work in one of several ways. A disk with a standard bootblock will show an AmigaDOS window after a few seconds. Boot a standard Workbench that NoVirus shows as 'DISK CLEAN' to see this in action. An unknown bootblock that opens this AmigaDOS window, and seems to boot like a standard disk is definitely suspect and requires looking into. Other 'Special' bootblocks will show different results. Some disks have a special menu function encoded in the bootblock to select a particular program on that disk. Do not confuse these with menus programmed in a disk file. A menu bootblock will appear instantly at boot (this first short disk access after inserting the disk into the drive at the 'WorkBench hand'). Other types of bootblocks are mainly coded by hackers and show graphics and or scrolling text, these will also show almost immediately. Chances are that these will be virus free and safe to use. Some commercial software uses the bootblock to 'Fast Load' games. These bootblocks can be readily recognised, as the AmigaDOS window will never show and the program will load immediately. These can also be recognised in another way, fast loaders or trackdisk.device loaders step the disk drive head in a rhythmic or repetitive pattern and also step rapidly. These types of bootblocks are probably safe (normal AmigaDOS bootblocks have a very arhythmic sound, boot a normal disk and listen to the sound of the disk drive). If you are ever unsure about any disk or bootblock, please send a copy of the disk to us at Nic Wilson Software, and we will examine it for you. All disks will be returned with the latest version of the NoVirus BrainFile. We suggest that your copy of the program remain unused until your disk is returned. The latest version of the Brainfile on your returned disk will either recognize the disk as a virus, a safe bootblock or still unknown. If it is still seen as unknown, you can be assured that it is quite safe to use. NOTE RETURN POSTAGE MUST BE SENT OR WE CANNOT SEND YOUR DISK BACK. END OF NOVIRUS.DOC