Virus Memory Kill V1.10 © Chris Hames. (2388 Bytes) (REMEMBER! no virus can copy itself to a write-protected disk.) This utility is different to the previous version in that it no longer directly detects any virus. Instead it is now the most powerful tool for detecting new viruses. It checks a heap of things that viruses use and tells you when they have changed. Firstly it checks CoolCapture, ColdCapture, WarmCapture, KickTagPtr and the KeyboardReset to find anything that is trying to survive reset. If any of these are abnormal it will alert you including a display of the area of memory that they are pointing to. You can look for words describing was the thing is and then decide whether to do nothing or do a cold reset(note this is much more that just a normal reset), which should clear memory of the virus. Secondly it checks the jump tables of all resident libraries, devices and resources and warns you if any are not pointing to ROM. It will give you a message describing what isn't pointing to rom and where it is actually pointing. Most systems will get at least a few of these warnings. Setpatch causes a few and ther legit programs do as well. FOR PEOPLE WHO DON'T UNDERSTAND A WORD I AM SAYING: --------------------------------------------------- This program is very technical, I agree but a general user can just have it in their startup-sequence and notice the messages it gives. If they change and you haven't changed your system get the latest best Virus Killer (One that checks your disks and files) and run it to check out your system. ALERTS THAT ARE CAUSED BY LEGIT PROGRAMS: ----------------------------------------- Please note some legit programs will cause alerts. If a Alert or Warning is being caused by a standard workbench program or kickstart version provide me with details and I will hopefully add it to the list of legit patches. Stopping Alerts/Warnings that are caused by legit programs: You can stop a alert/warning by giving the full cause of the alert which is best idea eg -$01E(graphics.library)=$66666666 eg KickTagPtr=$77777777 You can stop a alert/warning by giving the full cause without the of the alert which is second best idea eg -$01E(graphics.library) You can stop a alert/warning by giving just the description of the of the alert which is the worst idea eg KickTagPtr eg (keyboard.device) Usage: VMK -cas alerts -c will cold reset(this should kill any virus from memory) -a will make library/devices/resources warnings into alerts with memory display. -s use strict mode where common changes (like setpatch stuff) is not ignored. Examples of use: VMK -c ; Resets your machine safely!! ; (Should kill ANY virus from memory) VMK -s -a ; Very strict. Alerts for everything. I have this as ; the first command on my kickstart 2.0 startup-sequence VMK -a ; Not as strict. Alerts for everything. I have this as ; the first command on my kickstart 1.3 startup-sequence VMK KickTagPtr ; Stops alerts about the KickTagPtr VMK KickTagPtr=$00000700 ; Stops the specific alert at this location VMK (dos.library) ; Stop all warnings/alerts about the dos library VMK (dos.library) -$01E(graphics.library) ; no dos & ; no -$01E graphics alerts History: 10/ 6/91 V1.0 First release 13/10/91 V1.1 VMK now knows about most versions of RAD: and most proper routine patches. ie you should now be able to put VMK as the first thing in your startup-sequence with kickstart 1.3 without getting any warnings. This program is provided "as is" without any warrenty or guarantee it will do anything. All use is at your own risk. Bye, Chris Hames (Available for any Amiga work) Internet: bytey@phoenix.pub.uu.oz.au ins760z@monu4.cc.monash.edu.au (1991 only) FidoNet: 3:633/353