|  |     I snarfed this off the USENET this morning.  I think it might be
    of some use to everyone.  I can't as yet verify its effectiveness
    but here goes anyway:
    
    ---------------------------------------------------------------------------
    
    Newsgroups: comp.sys.amiga
Path: decwrl!decvax!ucbvax!TAURUS.BITNET!finkel
Subject: Defeating BB virus
Posted: 9 Apr 88 20:04:33 GMT
Organization: 
 
Read the following if you want to defeat the Byte Bandit virus!
--------------------------------------------------------------------
Message #18651 sent  8.04.88 16:24
From   : Amigaeb
To     : All with virus
To     : All
Subject: VIRUS...again (long)
 
By now most of you should have experienced the two viruses, from SCA
(Swiss Cracking Association) and BB (Byte Bandit). The only cure to this
is the rewrite the bootsectors on the infected disk. This can be done
with INSTALL, but make sure the virus is not in ram allready, or it will
just rewrite the bootsectors again. Just turn off the Amiga for about 10
seconds, and boot with a disk you know for sure hasn't been infected,
for instance the original workbench diskette. Type 'install ?<return>'
and when the disk stop spinning you insert the disk with the virus and
type 'df0:<return>'.
But how do you know the virus is there? There are some programs in
Public Domain to help you with this. The best is (in my opinion) the
latest version of VirusX (1.21) which knows both SCA and BB. VirusX
opens a window on the workbench screen and stays there. Everytime you
insert a new disk it checks for virus, and if it finds one it will ask
you if you want to remove it. It will also note you about any
non-standard bootsectors. Nice, eeeh?
Now for some useful information. The SCA virus can be found without
having a virus-checker program (or a disk 'debugger'), just insert the
disk you want to check and press Ctrl-Amiga-Amiga (reset) and boot the
disk. Then you reset the machine again, and hold down the left
mousebutton at the same time. Hold down the button for a few seconds,
and the screen will become GREEN if the SCA virus is in ram. The virus
will also remove itself from ram, but not from the disk. To be sure the
disk really is infected (the virus could have been in ram from another
disk) you can repeat the procedure.
Every 16th recreation of the SCA virus will be a version that pops up
and give you a message when you boot from that disk ("Something
wonderful has happened...your Amiga is still alive...and even
better..etc.")
And now to the mysterious BB-virus. This virus is more dangerous, at
least to people that don't know how to beat it. By digging around in the
code I found the following:
 -- The virus has two parts, the recreation part (which makes this a
virus) and a 'freeze' part. The second part does not start to
function until some action have happened: 1) The virus must have
made at least 6 copies of itself, and 2) the machine must have
been reset at least 3 times. Then a counter starts going...
 -- About 7 minutes later the virus will turn off the display (bitplane)
DMA, and ALL interrupts. Goodbye multitasking!
 -- "You have just made your best picture, C-program, whatever when the
virus struck you (that is, your Amiga). And you have only saved
to ram! I'll gladely kill that virusmaker, you think, and turn
off your your machine"......No, no, no. DON'T DO THAT, don't
turn off your Amiga, your work isn't lost. The maker of the
BB-virus has also made a way to 'unfreeze' the machine again (to
save himself from getting hit!?). This is what you must do to
'unfreeze':
Press the following keys:
Left-ALT, Left-Amiga, SPACE, Right-Amiga, Right-ALT
The order of the keys IS important, and DON'T release the other
keys when you press the next. Did you get it? Press L-ALT, hold
it down while pressing L-Amiga, hold them down while...
When you press the last key your Amiga should be working again.
If not you have done something wrong, just press the keys again until
successful.
 
 
---** AmigaEB **---
SLH1988
 
 
 
<A>gain, <R>eply, <X> Reply & Kill, <K>ill, <N>ext, <C>arbon copy or <E>xit:
========================================================================
    
    Hope this is of some help to everyone.
    
    Bob.
    
    
 | 
|  | 
The following article was on the USENET last week. It might be of 
interest to some readers of this file. 
I was not aware that a central "Virus Depository" existed.
From: [email protected] (RISKS Forum)
Subject: RISKS DIGEST 9.48
Date: 25 Nov 89 21:03:55 GMT
Sender: [email protected]
 
RISKS-LIST: RISKS-FORUM Digest  Saturday 25 November 1989   Volume 9 : Issue 48
 
        FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS 
   ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
 
%%%%%%%%%%%%%%%%%%%%%%% Extraneous Text Deleted %%%%%%%%%%%%%%%%%%%%%%%%%%%
 
Date: 21 Nov 89 17:37 GMT+0100
From: Klaus Brunnstein <[email protected]>
Subject: Computer Virus Catalog Index: November '89
 
The Computer Virus Catalog now classifies 45 viruses (AMIGA:24;MSDOS:15;
Atari:6). Activities are undertaken to make the documents available via servers
in different regions of the world; we hope that we can announce such servers in
the next weeks. If you wish to receive the documents (see Index appended, with
length of the documents given) sooner, please send a short request to the
author.
                                    Klaus Brunnstein
 
========================================================================
==                     Computer Virus Catalog Index                   ==
========================================================================
==        Status:        November 15, 1989 (Format 1.2)               ==
==        Classified: 15 MSDOS-Viruses (MSDOSVIR.A89)                 ==
==                    24 AMIGA-Viruses (AMIGAVIR.A89)                 ==
==                     6 Atari-Viruses (ATARIVIR.A89)                 ==
== Updates   since last edition (July 31, 1989) marked: U (column 70)=U=
== Additions since last edition (July 31, 1989) marked: + (column 70)=+=
========================================================================
== Document MSDOSVIR.A89 contains the classifications of the          ==
== following viruses (1.138 Lines, 6.271 Words, 62 kBytes):           ==
==                                                                    ==
==  1) Autumn Leaves=Herbst="1704"=Cascade A Virus                    ==
==  2) "1701" = Cascade B = Autumn Leaves B = Herbst B Virus          == 
==  3) Bouncing Ball = Italian = Ping Pong= Turin Virus              =U=
==  4) "Friday 13th" = South African Virus                           =+=
==  5) GhostBalls Virus                                              =+=
==  6) Icelandic#1 = Disk Crunching = One-in-Ten Virus               =U=
==  7) Icelandic#2 Virus                                             =+=
==  8) Israeli = Jerusalem A Virus                                   =U=
==  9) MachoSoft Virus                                               =+=
== 10) Merritt = Alameda A = Yale Virus                               ==
== 11) Oropax = Music Virus                                           ==
== 12) Saratoga Virus                                                =+=
== 13) SHOE-B v9.0 Virus                                              ==
== 14) VACSINA Virus                                                 =+=
== 15) Vienna = Austrian = "648" Virus                               =U=
==                                                                    ==
== Remark: The following 13 MS-DOS-Viruses are presently being classi-==
== fied and will be published in the next edition (December 31,1989): ==
==   .) Brain A = Pakistani A-Virus          (Pakistani Virus Strain) ==
==   .) Datacrime I = 1168 Virus             (Datacrime Virus Strain) ==
==   .) Datacrime II = 1280 Virus            (Datacrime Virus Strain) ==
==   .) Den Zuk Virus                 (Venezuela/Search Virus Strain) ==
==   .) Lehigh Virus                                                  ==
==   .) FuManchu Virus                         (Israeli Virus Strain) ==
==   .) NewZeeland= Marijuana= Stoned Virus (NewZealand Virus Strain) ==
==   .) Pentagon Virus                                                ==
==   .) SURIV 1.01,2.01,3.00 Viruses           (Israeli Virus Strain) ==
==   .) Traceback Virus                                               ==
==   .) 405 Virus                                                     ==
========================================================================
== Document AMIGAVIR.A89 contains the classifications of the          ==
== following 24 viruses (2.272 Lines, 9.421 Words, 106 kBytes):       ==
==                                                                    ==
==   1) AEK-Virus = Micro-Master Virus (SCA Virus Strain)            =U=
==   2) BGS 9-Virus                                                  =+=
==   3) Byte Bandit Virus                                            =U=
==   4) Byte Bandit Plus Virus (Byte Bandit Virus Strain)            =+= 
==   5) Byte Warrior#1 Virus = DASA-Virus (Byte Warrior Strain)      =U=
==   6) Disk Doctors Virus                                           =U=
==   7) Gaddafi-Virus                                                =U=
==   8) Gyros Virus                                                  =U=
==   9) IRQ-Virus                                                    =U=
==  10) LAMER (Exterminator) Virus                                   =U=
==  11) LSD Virus (SCA Virus Strain)                                 =+=
==  12) NORTH STAR I  Antivirus-Virus (NORTH STAR Virus Strain)      =U=
==  13) NORTH STAR II Antivirus-Virus (NORTH STAR Virus Strain)      =U=
==  14) Obelisk Virus                                                =U=
==  15) Paramount Virus = Byte Warrior#2 Virus (Byte Warrior Strain) =U=
==  16) Pentagon Antivirus-Virus                                     =+=
==  17) Revenge 1.2G Virus                                           =+=
==  18) SCA-Virus                                                    =U=
==  19) System Z 3.0 Antivirus-Virus (System Z Virus Strain)         =U=
==  20) System Z 4.0 Antivirus-Virus (System Z Virus Strain)         =U=
==  21) System Z 5.0 Antivirus-Virus (System Z Virus Strain)         =+=
==  22) Timebomb 1.0 Virus                                           =+=
==  23) VKill 1.0 Virus = Camouflage Virus                           =U=
==  24) WAFT-Virus                                                   =+= 
==                                                                    ==
==  Remark: the following 8 AMIGA-viruses are presently analysed, clas-=
==  sified and will be published in the next edition (12/31/1989):    ==
==   .) BUTONIC 1.1 Virus                                             ==
==   .) JOSHUA Virus                                                  ==
==   .) LAMER EXTERMINATOR Virus 1.0, 2.0, 3.0                        ==
==   .) SYSTEM Z 5.1, 5.3 Virus                                       ==
==   .) WARHAWK Virus                                                 ==      
========================================================================
== Document ATARIVIR.A89 contains the classifications of the          ==
== following 6  viruses (375 Lines, 2.045 Words, 21 kBytes):          ==
==                                                                    ==
==             1) ANTHRAX = Milzbrand Virus                          =+=
==             2) c't Virus                                           ==
==             3) Emil 1A Virus = "Virus 1A"                          == 
==             4) Emil 2A Virus = "Virus 2A" = mad Virus              ==
==             5) Mouse (Inverter) Virus                             =U=
==             6) Zimmermann-Virus                                    ==
==                                                                    ==
== Since last edition, ANTHRAX V. has been added. We have problems to ==
== get viruses, as many users wish to exchange their viruses (like    ==
== stamps) against our's, which we generally refuse: the Virus Test   ==
== Center's ethical standard says, that we do not spread viruses!     ==
== Please send infected programs without preconditions.               ==
========================================================================
==  For essential updates (marked "U="), we wish to thank D.Ferbrache,==
==  Y.Radai and F.Skulason for their continued help and support.      ==
==  Critical and constructive comments as well as additions are       ==
==  appreciated. Especially, descriptions of recently detected viruses =
==  will be of general interest. To receive the Virus Catalog Format, == 
==  containing entry descriptions, please contact the above address.  ==
========================================================================
 
======================================================================== 
== The Computer Virus Catalog may be copied free of charges provided  ==
== that the source is properly mentioned at any time and location     ==
== of reference.                                                      ==
========================================================================
==  Editor:   Virus Test Center, Faculty for Informatics              ==
==            University of Hamburg                                   ==
==            Schlueterstr. 70,  D2000 Hamburg 13, FR Germany         ==
==            Prof. Dr. Klaus Brunnstein, Simone Fischer-Huebner      ==
==            Tel: (040) 4123-4158 (KB), -4715 (SFH), -4162(Secr.)    ==
==  Email (EAN/BITNET): [email protected]   ==
========================================================================
==      This document: 117 Lines, 701 Words, 9 kBytes                 ==
========================================================================
 
 |