Amiga Virus
AMIGA VIRUS
By ED EARING
Although I am not an owner of an Amiga, and although I am not familiar with much of AmigaDOS, I have read the following disturbing subject in a couple of other user group publications. I will attempt to make this report with findings gathered from articles authored by Larry Phillips (Commodore Users of Bartlesville) and Jo-Ann Nemeth (Commodore Users Group of Columbus, Ohio).
If you see this message appear: "Something wonderful has happened. Your Amiga is alive!!!" Please become very concerned.
A European group called Swiss Cracking Association (SCA) is taking the credit for this latest form of invasion.
The usual chain of events is this:
An Amiga is booted with an infected disk. All works normally, with no sign that anything is amiss. If you then reboot the machine with Ctrl-Amiga-Amiga key, using an uninfected disk, the virus is transmitted to the boot disk and it too becomes a "carrier," ready to pass it on again, and so on.
If you have received any copies of programs from anyone ... user group, friends, bulletin boards ... whatever, it is imperative that you test these disks BEFORE doing a warm reboot.
So how do you know if your disks are infected already? What do you do?
Bill Koester of Commodore, Inc., has written a program, VCHECK, that will determine whether a specific disk is indeed infected. The virus writes to block 0 (zero), and one track 1 (0-1, 1-1). This is the same area used by some commercial programs to record important disk information. The result can be the destruction of the commercial program's usefulness. VCHECK tests your computer's memory to see if it is infected with the virus.
As a safeguard, until you are able to test your disks, do NOT use an important and presumedly uninfected disk unless the disk is write protected before you put it into the drive or if this is not possible, turn the Amiga off for a minimum of 60 seconds and then on again. To erase the SCA jokesters' little humor, do an INSTALL of an infected disk from AmigaDOS. The problem with this procedure is that it rewrites blocks zero, and commercial programs often use block zero for copy protection so an "Install" could ruin the program.
Using a program like SECTORAMA (DiskZAP will not show it), look at Block 1 (cyl 0, hd 0, sec 1). If the virus is present, then run INSTALL. Then turn the power off/on. If you have booted from an infected disk, and have used INSTALL to kill the virus (see above), rebooting WITHOUT powering off/on will only reinfect the disk.
Instructions for 2 drives:
Use Kickstart 1.2 (Amiga 500 already has 1.2 built in). When the Workbench prompt appears, place your disk with the virus check program in drive DF0:. This disk will automatically check your current memory. If your memory is clear of the virus proceed. If not, turn off the Amiga for at least 60 secnds and start the procedure over.
Next, place the suspect disk in drive (either DF1: or DF2: for the A2000) and type at the "1>" prompt: vcheck1 (return).
If all is well, you will see this message: "Virus Check 1.0 by Bill Koester (CATS). This disk is healthy." If not, you are told that this disk has the virus. Then type at the "1>" prompt: install df1: (return).
Should you find that your copy of Workbench is infected, then type at the "1>" install df1: (return). Now turn the power off/on for the 60 second interval.
The best advice the writers give is when you receive a new disk place it in a special place and do NOT use it until you have a chance to test it for the virus. They include commercial disks in this warning.
I read that the virus-checking program should be on Quantum Link or GEnie or perhaps some Amiga BBS's. If you have the programs, it would be a good idea to donate them to your SIG library.
NMCUG Editor's Note: The virus has been found on beta-test (i.e., pre-release not totally debugged) versions of commercial software, so it is possible it could appear on brand-new just-out-of-the-box commercial disks. Supposedly commercial software publishers are rectifying this situation.
---------------------
Reprinted from COMMODORE DIMENSIONS,
January 1988, published by New Mexico
Commodore User's Group, P.O. Box 37127,
Albuquerque, NM 87176.
---------------------
Some further notes: this text file was written some one-and-a-quarter years ago, by my time (4/89), and although the information given within is more or less correct, it is outdated. Since the SCA virus emerged, a slew of others have appeared, most of which use the same methods to spread themselves (boot block infection). I will not go into the specifics of these new viruses, but would recommend that interested parties (ALL Amiga users) get a copy of Steve Tibbet's program VirusX and read the accompanying documentation, which goes into more detail about the different viruses. VirusX should be available through your local Amiga user group or from the Fred Fish collection of disks.