Newsgroups: comp.binaries.apple2 Path: icaen!news.uiowa.edu!hobbes.physics.uiowa.edu!math.ohio-state.edu!cs.utexas.edu!uunet!mnemosyne.cs.du.edu!nyx10!cdeschu From: cdeschu@nyx10.cs.du.edu (Chris Deschu) Subject: Virus checking inits for System 6.0.1 Message-ID: <1994Feb9.112134.6423@mnemosyne.cs.du.edu> X-Disclaimer: Nyx is a public access Unix system run by the University of Denver for the Denver community. The University has neither control over nor responsibility for the opinions of users. Sender: usenet@mnemosyne.cs.du.edu (netnews admin account) Organization: Nyx, Public Access Unix at U. of Denver Math/CS dept. Date: Wed, 9 Feb 94 11:21:34 GMT Lines: 140 The binaries have been slow lately, so here is some of my work: These are two inits that I have had for many years, since before GS/OS existed. I have no idea who originally wrote them. I take no credit for their creation. I hope the authors do not mind what I have done. The two inits both compare block zero of your boot volume to a built in image, and are supposed to replace the block with the image if it differs. Unfortunately, a difference in operation of GS/OS as compared to P16 prevents them from replacing the block. GS/OS will not allow block writes to any volume that has an open file, and since */system/system.setup/sys.resources is always open under GS/OS, the block write fails. However, the inits will still alert you to the fact that block zero has been modified, if a virus manages to get past the mentioned restriction of GS/OS. All I have done is to replace the old P16 version of the boot block images contained in the inits with current GS/OS boot blocks, so the inits now have renewed usefulness. These will work with either 6.0.X or 5.0.4 versions of GS/OS, although with the latter, if you do get infected, you will have to boot from a floppy to recover, since the inits get caught in an endless loop when they can't replace the damaged boot block, and you can't shift-boot to disable the init. VirusDetect601 has an additional function. At least one known virus uses the last byte of block two as a counter. This init checks that byte to make sure it is set to zero, and will notify you if it is different. It is supposed to reset the byte to zero, but as mentioned before, cannot do a block write under GS/OS, so it gets caught in a loop. Other than that, these inits are totally transparent, and do not add anything measureable to your boot time, so protect yourself! :) ____________________________________________________________________________ |___ Chris Deschu cdeschu@nyx.cs.du.edu _|_|con (610) 791-3596 4804 Bowood Street, Center Valley, PA. 18034-9628 :-)|echnologies is IT in the Lehigh Valley for Apple ][ Consulting & Repairs FiLeStArTfIlEsTaRt ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789() MVirDet601.SHK AARXAAAACAeIKIQg8mEAJFAJBQCvAARXAwVw GVvTlzW6DYmIAAAABQiKBggXsQAMeFAJBEACAEABAAAAAAAAdBAAAAAEAAAAAAAA GVvT3wL2DAAPAIAABAAAAoDAAAQIAQAAAAAAAAAAAAgAeVROAEwBUAwAH41FDAQA BQyKBggXAQAAAAAAAAwAAAAAQAAAAAAAAAAIAIAAAAwA8hLAAggCF0AAWBAAEJXa 2QXZ6EDMhVmUl1EZAAAAAAAAAAAAAAAAAAAAb7PAKcYuomQBzkCoIywpMIHMznr0 aQkBon2NBFAzY00BSCiOoBLgFB6xMDiMDEJvY0koAl3NDmC5L4AceMHEoEjjIzop OCChxnHTDqEZSjnMTFKzLwoh3kBEIkuhD3kwYRGNDirgIHupecGNDHmhdUuJI(WO YzhUShm5WHmOKQHGCxkYDFhMbxhjc2oJZ5mBznk0Z1oxhXVj4xBKF7EsJPRkKSHN D1csvQFkoVuJbGLUFYmMoTmKEJKECLGE7Hsoc0gpZTDhzmBveSoBBBmMjGDvd0k8 DHqkzDrgd2khbogNdFghb0wJd8AjTxjmJVu5hhKkDEo1B105eTHkIgENY20hBRXm 9Y2qaKSNWmG8Dx0Gc5yOgZ2MbFzzN1cxcXnOTzCXImT1LJ(9w3AygrmHkHcDvgIu jS2NeeSTohjpKFjot0(OCqhibYgIjAIQc7YoiyK(IotMSwaCuNfuOfIjM(ECwZd8 HEYoPqye0Z6q1q02bR8OvWbrIIiIQN4w32q2Taw3JKKzNJpTNbAM54KMKGkIyAca hDlGynThErIGksbLCyqqDMI8SkPz2MsmaaWODiKSjgL2d6CjBPILiIK)pYcixqhX AK)RBoKJwI8Mk6jbjjHk6IjjPNqkK6hw7IKaDMGju1rp2oA3wKPj)gUbD0RCko4o HF9erB21GkMazKraefDpoO6S7g9l7eDaIjp6Y2PJ7gymDjJEhSL6uMgwLWAxNFiA IRuOFQ9Qpx8Gk55pICCTbFwG(Krq1Ov1)SRogy8GSDk3GNMkro(Yz9jWUh8wIph1 ex4LLo(2SeYrP7cTj(DS2KKtQMhbB1zo3O0ewd9dGaaCsVv9ufqIyAIas0eZQG1Y pWrcuYjDQN(mrQDELZEyjLZGAN)REtGqwxmkXYQANCJscpBpGGodbRe3D4AcWyZH PgzTMO(q9w)8v)0zKDC6odYUOS76Kox)4Prt12JRpcqtiHXv1gF7zMCGVTrToWND Xn(SshChrUC9YtWwLDmUMiGwGRIMGkzATS7mIYDD1ikmguxARUtybr5UwMRjtdrA IgswQ2zQz1v2cfeDpnMAC5kt0YCHjOK25ichOumhU4FMIO7tCUrqImz1MsLiA2WU laQIbSMm2jLDrum67JPkz(itICsgICz7EaR5mBSNV7I0Yj8G8K8VMa1IaSMPKKXT ePCOzrgVzozU03tzB2Kr(uHWDqOVkA8aDTat34aKyzRyoAbNSx6hycPHLX6I)03a EYfM05EySoEOzOLknyUOZctOirpU0Li5V9SyDGxLURSYiEgE2I3CUmcGYcMDKkNq rFYYwjllptBBthWQIF8TEZCsdH6t)ZVz1O0gyCrnJSTs4RHVWHEFDC747QC4KGOa kLR2Yljh1DISHE(A7C3wEypBzxpeAu4Qbz7Q0RKsaI3QGxrbMRfkd0USRtgA1UHR ESROIYWD0hQAGIIkLMObAg2SwjPCutThOQwAaIAGRWjmh1s1oiGDt4xQoaIMQKHB JAEQwwlHQmvhu4QodoEKFAvGBK)OCxgQspgCYMAEEAApBh8NwoFDkrxgINEgOEQo zAHYKjSIZCCYKPrAXeLEAGEDCS7JQqsjAd5hHhQIrEUiDC0ZSRqFohjBa5Ag(IAk N4AvNFlT0ToVQRiphPToZIUY0cDOSCPEU67KCm0C(2BQLAagBDwWCqPEwOOwmQAC UEIAaAnysx(u4DwG57zh(9cufSvAH0qA170)hitRAwj(CAwAAAAA6AQAAECA3CAA AAAAAEAAAIAAOgBAIwBWAUAAY5AGAgAHksSBI4VAEAQAAAAAAMAAAAAAAAAAAAQF AACACAAAAMAAzCAAEAw1)CAAAAwAylmV0VGRxAjNsJkOTBzalZXYxAjNAAAAAAAA AAAA(DAADy72CMAvwEgtAMKkKMIg4QACgCEGAY4gAALCATAATAhN6EM5RDGCCXlk AhIYcCSBtCACyLIOXDyFZDQLAmggRAgZ0jmIR0qVFDYNiKZyK4vDADgRgj4pDEK0 AIwhBhHtKxfATQ)VJJAI9ZzlXVvGWNIBlR2CeSj6piBOKxjgczQAthwIoFwXfF0C Qbksa2D5k7yCjIJySwNAeAJcFqXYgGwVACwhJQAqDZofwhLvOiQY(sUIAXAGxvlw GAhDQ)EIyUI6IYRBWPAgcYCAxAuEZTCNKSAAZDsUARmpFCmA6DokJgwRxSmCTDEk BtcANGgqwACAUN61pSiEBAitIhwUgSSIPTCvBkCRrDmMTkNoXCYZ9SAjITic(8AJ dSAkQhi)dFsBCSgqQU8SIBAUY9hJOivXIADEQIYUxhgJjApgEFCkNqAiBWISoIsQ QkAZAgkTMPjFENaCow4ckhYxkDIDYQZnAACaRCqBCUhIgGBowUCFEMGaBClBzFAp lhilgVSCZASMJCeBCQxAFwmGSRAhVCAeITJWopkZIEhtsjQECUcAoVJLEM44TkjG wiAlIQMLoQJ5UhI5EhCA8AVCJQGIoKsQQkAshzaRIBDxcIcc0o9JmYhIAxI5wgWC AUCEJGlOkxABnmNoUXHRe8Y4E68ZoBw51EAsUiWAJIYwgBEAEgo4BADBemiCJKOI hrUKShojCyiOkSSDEC484o4H65gwGnoroVilUWcYAATFelwgBAgEA53CXASoLaOL vAYpiG27qSgiYYScpgZYqRhBFGgnCeWmUYQI5RKanhphllipGQhiAGKUpTVFgBRB BFmUUiAlfaagAKAdn5p5xAVwSOQhfBYIARBBCVYQCtjqVXRCOLCUoQBISpIJkjii 7dGhYQQS1gKEqTw5NMHq4Rg5YSQQoEIi6oQeCF6CgK03cGKwhCOKCYBACkJzMGgE HIQmIpNEoQBohDAMHPVjPUeAARqQcUAACEJjwcmHRAAQRoOeQFAqmGEQYxHnfWSA Rq(dxRxBnlH2AVHnUUQgZKMdy9(ZHEnyebHldcSIpI9cQx5hlHgtwzGgcyjXPYAf y55xnkBQOrHnecYQBIMU05ZxnlK5BpsHvCSMxYucipJXGlKqAdmGdceoHDCU(((Z c4w)IfXdeWUA5RscT355qly6AQZAweIqrSQCLAjnpCJAAEgn7FKWH4rAAcAo)rCq (CQCA6hiTQwP4pHwAFgDBseM(TMUSuo63Xy6AIU5AHQqSRwPaIAQIEIMBAOXAj6G AY8A17UVijtRAwDnCAwAAAAA6AQAAECA3CAAAAAAAEAAAIAAO4BAEMQWAUAAZ5gH AQwAksSBI4VAEAQAAAAAAMAAAAAAAAAAAAAGAACACAAAAMAASAAAIAQBtDAAAAQB ylmV0VGRxAjNpZlOzVnc0VGR0NWZxAjNAAAAAAAA(DAAGG)2EUg6wEgtBQAkKMIg 4QACgCEGAY4gAALCATAATAhNbUJ5JDHcoGhKDRIAbAeAgAwRAIYRk5OMDM3qgkqG GiK0)YUgMQKDALwJgOIzIXA)ANYRGQitAVHoagAhCQVvCSDAnBWQA85zw0sWA(GA BIGoDio1ArSkATxoDmAwBqYIi4Jgk2S6eA5dQY7xjaI4Acw9tBQXVieFuf76PYQX 9fvBBbz2tVI4uywKAFyuTCxWmNwCvIEI)ThmrRCAaCAAkqnOYI22zDGrhPo6Q7g2 EM3u1tJAl6)oAEyliOYPGijEutbvAiQX9sehAUAGBti4JhDpIRu4NcAC4gCFNVAQ iBRGhyr3N75ArFzmxxLQOI4AzRjmBCJQFZ4vpPf(HhdY(ayEKLDmN(KYzY(Ny04I BAHyyCBBOMKeIoNEQ8wIjPL(CHzuMMOqLgMN7szIjCp0CljjBDLWAd(B2E0whBAy Q)ODMEyAohtNQszzjDJ4kPTjNOKCwJP(wIMkPQALGZPQNOMTgB0M6wwIjBmyerjQ OEGAIFEAsz4wjBnwMfjwMGLsUSmNlsz4jhSzTgCDB4EzcyMKz4zIDha6oavDAFMB IAEPw7k0PNCxiNPDFJL7bM8MVe4TrrixWTLrtsuayYu48OLbsvFieAMouy80LLRz GPLVs0oOkp3MyCeElfzUQPDzNPCRYoHNv0EcKRf2GBa5NoqtOwJg5OuWraK63oj7 RvbuEkTyKNQz0Jc91s77whpyAxPUaHOQIVGG80TQvt43Snjv)(84kEyIDsMURTzE yxewMOEfdaAMvLMsBAgwjHBRGB5wbEDB))oIigA5mKSC9EEEzATOmxgoDB5yRaSS MILeEoUExjYQWBI0zuCzNN1QIbq89ogYjD20mvfYPJNqsW1KXU0gvwUYYaCCEOBE 28kk4XOURMr1onvPNM)09XqhRQMMTAXXnfozOPKLru9Op6kM35dddcBRKNAdFYRO T2JIn7oxAMIiqeCkKq4g1G4JgFZ5EQaboCqOGY9gcAAIAmBYS4QCQOMwZIZIFFAA jBoUGUyGYCASAIpQC9R5BAEkQiVmHYEgIxBWAYSJnCDESK1hVKCQAAZLgAxoCEkC w8CFSS4zBAJBo1hZFHB7k5FAXCKSILBHf7BRgiUgU8zkCYAUJJ1dUJPAFFADgxHt 1FaegAsQClAREDCmOKUCQYIQ3QcIGUhIjmgCAVCkBECOwwMW5zwJiGTzSOCFSCQM xp1dAEoraAAMFgkUhAaAoIFgtNQADEAGJGAUjhpBYVaCgJhgkBYYeAAKFAQcXTbA kAhCPUAIsUEQNAJljJEEBJwGsTABLoQAJAFlAhfbBphAEB1QFSIolLMMICFlqi(I AoEEIcQhCRQs8FEhfjWTAp2(QCzvmngwOIIcLARjwwvJAqkAEZgBdBQESISoGAEY hYPNoW3P0n3QNYAcAEX4DCGaAmQjwKjhAQAwJAIgbi3RgAaCQcShTlQ4qXIKKAFi BWR9AgUDIdQniMI8OEMHGhL9xyGNwqFBrQhwYAAwLCMmAAIBAw)CyVQBgXYgAIax HwLLQq6E4oGgCjxIxYEYNGEQCC4ZI8cGAFjBp1QAYMIPGh5zQaaKoGggrAAovUEU MGAAABLVQFBF6TjBA4YkeMOQDTgmwJV)QQGgIgJ4KAAUICFVB1R0TdfC8JxgFQAG KICFChSpg6UIk4VygghA5QK(6AiTtVf0gnwnAKSBg0UwKMHwCRaQBsQMUyRBwrwI sAAoOCGCCBUKYaMAg4gASBIlDEAQjnp6xDEOIJ0BoEQAxEIwPAApAA2ZAiYAE0zR 6Bo00BAEAkRJgEgTwbZAXoCNMBAAVEh6EifDFYEAudAQlC4YnQirJXSPKYJTUAwA zkaZSBAADovllCFAre2puTlajWBuVMkwMjKAHvvU2yp1ol6wAcQrUNre1QNf1hGA SBwg4QdtAUF9F2ySa6MAIY105oKQYncNSqteUauxITQBv5kanCJQIQj5KiiBR7PQ C8c2hOLwo1aBPsXRAAw)AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA Agb6 -- ______________________________________________________________________________ |___ Chris Deschu cdeschu@nyx.cs.du.edu _|_|con (215) 791-3596 4804 Bowood Street, Center Valley, PA. 18034-9628 :-)|echnologies is IT in the Lehigh Valley for Apple ][ Consulting and Repairs