(Written by Lars P. Kristensen - Virus Help Team)

Many people have asked us why and for what.? We haven't really been able to respond to this question other than "it's a hobby". Well then some others says, "this must cost you a great deal of money". Actually not, I don't think our lives - so fare - would have been without a computer anyway. Our families have somehow accepted our interest. Then what have we gained from all this. a lot of friends and many contacts. I think this in general goes for most of us in VHT-DK.

Shortly after the appearance of the Amiga, the "evil viral" showed their ugly faces. Most of us went from the old Commodore C64 to Amiga, with all it's advanced graphic, audio and like, some of us didn't even thought of the risks from the viruses before it was all too late, it was just a "phenomenon" one could read had happened to somebody else. The "phenomenon's" became known with names like "ByteBandit" and "BSG9", these were among many others of the early boot block virus. The virus installed itself right into the boot block and normally easy removed, by simply installing a standard boot block, however as "piracy" also is a "thing" to deal with, many software houses tried to protect their work by changing the sync value or other tricks to prevent "disk swapping". To do that it required a special boot block installed and when the virus infected the bootblock, the entire disk was destroyed. Well, we haven't seen a new boot block virus for some time, because they are easily detected with the programs available today. Later the file- and link virus appeared.

Back in 1987 I got my first AMIGA 500. For the first 2, maybe 3 years I lived completely without knowing about the existing of virus. Then suddenly, all I started begin to fail, some disk that had worked properly wouldn't even boot the Amiga up. I took it to a repair shop, they couldn't find anything wrong, the machine worked perfectly - they claimed (using there own disks). This "failure" cost me about 300 US dollars before I got to the fact that a virus had attacked my computer, so they told me to buy a virus killer. The very first I got to know was ZEROVIRUS from the great author Jonathan Potter - that name should ring a bell. Most Amigausers should know him because he made DIRECTORY OPUS. However, I was so surprised about how easy it was to get writ of those virus and I almost killing myself, by the fact that a 5-dollar disk could have spared me for a "repair note" of 300.

By then I knew some other Amigausers, who had experienced the same "phenomenon's" like I did and I started to aid them. Now the time is about 1990, magnificent machines like the A2000 had been around for some time, with all its "space" inside, expandable to almost everything (read hard drives). I just jumped from KICK 1.2 to KICK1.3/2.0. Programs like BootX by Peter Stuer was in its "autumn" only working under KICK2.0. I think BootX was one of the most popular killers around at that time - in the English speaking part of the world. However in Germany - just south of Denmark is THE ONE of all time's great Amiga virus killer programmers - Heiner Schneegold. Although Commodore sold almost 5 millions Amiga's around the world, more than a million was sold in Germany. However for users outside Germany, Heiners Virus Terminator - VT, was and still is hard to work with, unless one is familiarized with the German language. I think VT has been somewhat "overlooked" because of its very technical design with "German" buttons and documentation. Never the less it is worth trying to figure out VT, as this is one of the last Amiga virus killer's that's still being updated in a timely manner. VT has also proven to be the best virus killer in the yearly test performed by Soenke Freitag at Virus Test Center Hamburg University, actually since Soenke Freitag started to perform these tests.

By then I knew some other Amiga users, who had experienced the same "phenomenon's" like I did and I started to aid them. Now the time is about 1990, magnificent machines like the A2000 had been around for some time, with all its "space" inside, expandable to almost everything (read hard drives). I just jumped from KICK 1.2 to KICK1.3/2.0. Programs like BootX by Peter Stuer was in its "autumn" only working under KICK2.0. I think BootX was one of the most popular killers around at that time - in the English speaking part of the world. However in Germany - just south of Denmark is THE ONE of all time's great Amiga virus killer programmers - Heiner Schneegold. Although Commodore sold almost 5 millions Amiga's around the world, more than a million was sold in Germany. However for users outside Germany, Heiners Virus Terminator - VT, was and still is hard to work with, unless one is familiarized with the German language. I think VT has been somewhat "overlooked" because of its very technical design with "German" buttons and documentation. Never the less it is worth trying to figure out VT, as this is one of the last Amiga virus killer's that's still being updated in a timely manner. VT has also proven to be the best virus killer in the yearly test performed by Soenke Freitag at Virus Test Center Hamburg University, actually since Soenke Freitag started to perform these tests.

Another highly recommendable program is VirusZ by Georg Hörmann, also German. VirusZ is the simplest antivirus program ever made, and yet so powerful. Georg developed a future to check both packed and unpacked files. For quite some time VirusZ was the only program with that ability, with all others one simply had to "decrunch" any packed file, before it could be checked and cleaned properly. Georg managed to write both a German and English documentation. Especially the English documentation was so great, that I still translate it into Danish these days. Another program that Georg should be remembered for is the development of the XFDcruncher library. This is a library other programs can use for the decrunching routines, when scanning for virus. The newest is the XVS.library, a library somewhat still in beta, as it has just been released for other antivirus programmers. This library contains recognition code for most viral.

Next there is Virus Workshop by Markus Schmall - also from Germany, he has been one of the latest true antivirus programmers, making VW nearly as perfect as VT. He had "learned" from Heiner Schneegold (VT) and from my recollection I know this has been a tough way to learn. Markus also managed to make an English part of his documentation to VW and that - I think, did brought VW to nearly the same popularity as BootX used to have. More about Markus and Georg later on.

The last virus killer I'll mention is VirusChecker (VC), a program that at least two guys has been putting enormously efforts in keeping up to date. First John Veldthuis from New Zealand who started VC. I'm not sure whether this is true or not, but "the word" says that VC was the follower of the great program VirusX by SteveTibbett (the very first real antivirus program), as he is the one that should have aided John in the early days of VC. I never got around to ask John about this.but as so many people I have listened to over the years has told me, I think I better mentioned it. VirusChecker is as easy to use as VirusZ and today Alex van Niel from Holland updates it. Alex has done a much greater job than one possibly can imagine. VC was "dead" for around two years. The source to VC was sold to another programmer Dave Dustin, by that time it was already awful out of date. I'm sure Daves' intention was right, however it seemed that he never found the time to work on VC. Dave decided to make the source available for Virus Help Team Denmark and let it be up to us to find another programmer who could bring VC up to date. My opinion is that Alex has done more than just "cashed in" some expectations, he had brought VC up to a new and higher level.

I know there are many other great antivirus programs yet to mention, and I have seen at least a dozen attempts to make a "killer". From my imagination I think it takes more than fare most people can overcome, during a lifetime - to create a virus killer and mostly, be able to keep it up to date. The programs Virus Help Denmark distribute is only share- and freeware - Virus Help Denmark runs non-profit. It is a fact that all attempts to make a commercial virus killer for the Amiga has failed. They were outrunned by people who simply had their heart at the right place. Combined with the fact that programming of such software isn't just a nine to five job - it simply needs true dedication.

Besides the virus killer programs, which is uses to remove virus, lots of attempts has been made to protect systems from being attacked by virus. They were often very simple to use and when first installed, one almost never noticed their appearance, unless the programs detected some "screwy business going on". The keywords were checksums, pointer- and vector check.

One of the virus warning programs was Virus Memory Kill by Chris Hames (VMK). I still see disks with the VMK command in the startup-sequence. Unfortunately. The program had been stopped from being developed any further. Next worth mentioning is Early Virus Warning (EVW) by none other than Peter Stuer (BootX). The program had a great deal of similarities to VMK. Next Peter Stuer had done Link Virus Detector (LVD). This is a program that detects the appearance of link virus. Those viruses used a new technique - in short; files are scattered all over a certain media, in whole or in parts. Link virus infects the first few hunks in every part of a given file and within a certain time, the hunkstructure is messed up, leaving the data or program completely useless. Some of the first virus utilizing this technique was the Saddam and CCCP. More on virus later on.

FEA (FindEmAll) by Koen Petermanns. FEA had one unique future; it was installed directly in the boot block - who said small. 1024 bytes. This means when a disk is inserted and the Amiga boots up, the very first part read is the boot block. Any other program starts from the Startup-sequence as first or second command. However the Amiga is already long ahead in the bootup procedure, when startup-sequence is being launched. The only sign FEA gave, when everything checked out right, was a "black screen" telling that all worked fine. Koen Petermanns also wrote a small documentation, telling - very basically - what the vectors are used for and how they could be used to hide virus. Just to be completely clear on Koen. he didn't wrote it to give "bad-boys" any "good" ideas. He wrote it to let them know that, whatever vector they intentioned to use, he had FEA to watch it, also if "virus technique of today" wouldn't do any good in using a specific vector. However the newest stealth- and tunnel technique will still be found, maybe not by FEA, but then by other anti virus program.

---

Who is Virus Help Denmark and what do they do:

Jan Andersen: Amiga Support.
Jan Nielsen: Amiga Support.
Torben Danø: Retired.
Henrik Lauridsen: Retired.
Lars P. Kristensen: Retired.

This is a very short description, most off us are still having an Amiga, but the time between the use off it, is getting longer and longer, we all have daily jobs and families to support as well. I could fill pages, with lots of stuff concerning what the five of us has overcome since the early ninety's. I would rather prefer telling the history behind VHT DK, and this started for me at the summertime 1991. The summer I got attacked by a simple virus named ByteBandit. I found a coverdisk which contained a few shareware programs- mainly from the "Fish Library" - every Amigaguy should now Fred Fish and the tremendous work he did to get programmers and users closer. However I found this disk and ZeroVirus, I quickly read the documentation and stumbled over a name - a Danish name: Erik Løvendal Sørensen. Erik had had a similar situation to my own. But -differently - he started to collect the viruses and mail them to authors of antivirus programs, which didn't yet, supported the virus he mailed. Then he put "The New Superkiller" (TNS) together. By the time I got it, it was stuffed with antivirus programs to the limit.

[ Screenshot of SuperBoy Virus ]

In the "Important-file" on the disk, Erik looked for new members to his organisation -Safe Hex International. Many Regional Virus Center's (RVC) was already established all over the world and as a Danish Center wasn't among the list of centers, i took a look of the requirements for setting up a center. One point was to translate the whole documentation to ones own language (for me; from English to Danish). I did so in three months. Through this translation I think I got to know the programmers a bit and I was so amassed of:

SO MUCH, SO FEW, ARE DOING, FOR SO MANY

I mailed the disk to Erik and got a phone call, inviting me to Præstø - some 100-km's from my own place. What a trip, and what a story Erik told me. It seemed that this was an organisation, working hard to keep Aimgausers systems clean. However, a Danish center was already up and running. Some of my translations could fill a gap - and I continued to translate some more files from the Utillitydisk. Besides this I thought my abilities could take some pressure off Erik - then Erik "installed" me to take care of the RVC's. During the winter 1991/1992 I got to know lots of RVC-guys all over the world: most of Europe, the fare east, South and North America, even from Australia and South Africa. In those days all communication was performed by the normal postal services. I had no modem and by this no possibility, to get connected to any "nets".

In springtime 1992 there was a "party" held at the Sheraton hotel in Copenhagen - what can i say; SHI was there. We did sell a few hundred disks and made a small "profit" that could cover our expenses. Just to keep the reader correctly informed. SHI was running non-profit.


[ Screenshot of Turk Virus ]

A day during Easter 1992 I was down to visit Erik. Then I met Jan Andersen and Torben Danø I have seen Jan shortly (he can't remember -he's just getting older) talking to Erik about how he had shown the TNS to some pupils at an evening school and taught them how to use it. A month or so after Easter, the two guys forming RVC-DK wished to leave to pay a greater attention to their study. I had had a wish to join the center from the day I started in SHI - now that possibility was in reach. Erik thought it was better if I stayed at "my post", however he hadn't any complaints when Jan was pointed at as a new RVC leader. What the heck. I called Jan and fortunately he lived just 25 km's from me. The next month Jan and I redesigned the whole set of disks. Time demanded a Kick2.0 disk and we first tried different versions of "softkick's" (Jan had a hard drive - lucky him). Well, we equipped Jan's A500 with a Kick2.0 ROM and that gave us a lot of new possibilities, one was to use the entire 880KB of a disk. Shortly after Jan and I teamed up, Jan Nielsen (Jan-Jan), Torben Danø and Henrik Lauridsen joined to be part of the action.

Soon Jan established SHI BBS. First he figured out the MAX BBS system but soon he changed to - and learned to master - the STARNET BBS system (the prior system to MEBBS net) under which the system performed to the end. The system almost killed Jan, he wanted the system to be no less than 100 percent secure and he actually took a bet with another SHI guy, who claimed he could hack the BBS. As fare as i know, Jan is still waiting to collect the bet. However, Jan also did a heck off a job in keeping the BBS up to date, he actually "haunted" every corner of all the great BBS-sites and nets to seek new updates all the time. One more thing, Jan is also the author of the "VirusWarning.guide", a news-guide about virus, what archives they were spread in and where they were found - actually he is still updating it today.

[ Screenshot of Zombi Virus ]

However, on the 31 december 1994 the five of us performing under SHI in the RVC known as "SHI Team Denmark" discovered that SHI in general took a different path, we decided to resign from SHI and keep on the path we had followed so fare. There were many reasons that lead us to this conclusion and it wasn't easy for any of us to leave. As fare as I know SHI doesn't exist anymore, however, lots off friends met each other in SHI and lots of new great ideas evolved from the endless brainstorms we had. From the 1'st of January 1995 Virus Help Team Denmark took off - the name had slightly changed as the words "Team Denmark" is copyrighted, today we function under the name "Virus Help Team".

By that time the Internet hadn't evolved into this communicator it is today, then there were nets like FIDONET, a local net in Denmark and AMIGANET, a world wide net for the Amiga community. It could take up to a fortnight to get a reply from fare places like Australia or South America and it wasn't right to mail virus around those nets, as executables in archives, attached to personal letters, could be opened and executed by accident. Security on the Internet has been improved dramatically and today virus can be mailed via the net instead of on disks in letters.

[ Screenshot of Sachsen Virus ]

When the Internet started to spread among normal users, Jan could see from the log file that users who earlier logged on to the BBS on regular basis, became more and more rear. From my point of view he closed the BBS in the right time, everybody who have a modem, can connect to the Internet and get the updates from the VHT-DK homepage.

If you were a regular visitor on the former BBS, then pay this site a visit and you'll find that everything is back, the homepage was actually up and running some time before he closed down the BBS. I know that Jan still keeps the old STARNET system - just in case.

Since the beginning of 1995 Virus Help Teams has been started in Norway, Holland and Canada, some of the guys in those centers are also earlier SHI-guys. In Norway there's Helge and Kurt, in Holland Alex put a team together (yep - VirusChecker guy), In Canada, Charlene has made a team as well and we still get mails from BBS sysops who is prepared to function as support BBS'.

(Lars P. Kristensen © Copyright 1999)

[ Back to previous page ]