Berserker V5.02 (1990)
======================
- works ONLY with Kick 1.2/1.3/2.0
- the Centurion Link Virus is the Smily Cancer
- i must decrunched all files
- the last Version!?
MfG
anonymous
==============================================================================
B E R S E R K E R 5.01
+++++++++++++++++++++++
© Copyright 1988, 1989, 1990 by Ralf Thanner
The code is entirely written in assembler for the Kuma Seka assembler
==============================================================================
REVISION HISTORY:
=================
R V1.0 - Just a primitive SCA finder and killer.
R V1.c - Added Byte Bandit & Byte Warrior killer.
- Improved SCA & SCA mutants killer routine.
-> OBELISK, AEK, LSD, PENTAGON, BAMIGA SECTOR ONE,
WARHWAK, MICROMASTER & NORTHSTAR...
R V2.b - finds the Exterminator ( LAMER ).
R V2.d - finds the first link virus ( IRQ TEAM 41 ).
V2.e - Added alert box. Idea by Olaf Barthel.
- Some cleanups and bug-fixes done.
R V2.e+ - Doesn't refuse to work with Kick 1.3 any more.
- Added custom bootblock writer.
- Added kill cold-cool vectors;
There are just too many SCA clones on the market
and it is saver to clear these pointers.
R V3.0 - Now also finds the BSG 9 link virus.
- Second ( and final? ) code cleanup for public
release
- Removed the custom bootblock writer, too many guys
thought Berserker to be some kind of virus in
disguise.
R V3.0+ - Extended to find Gaddafi and Disk-Doctor viruses.
V3.1 - Extended to find the REVENGE BOOTLOADER virus.
-> THIS IS A NEW ONE!!!
- Bug-fix in EXTERMINATOR routine.
-> should find ALL lamer versions now...
- Code cleanup ( added some subroutines ).
V3.2 - Extended to find REVENGE (an old one, but some
nice guys told me that Berserker should also find
the old ones ... and because Berserker crashed when
memory was infiltrated by REVENGE )
V3.2b - Shortened, sped up & cleaned up the code.
( and Berserker still works! )
R V3.39c+ - JOKE....
V3.5 - Added Xeno 'killer' routine by STEVE TIBBET.
V4.0 - Added a friendlier CLI-interface and an option
to start Berserker from Workbench.
R V4.0a - WHAAA, what a pity: forgot to call ReplyMsg..
Bug now fixed... Thanks to Olaf for this hint.
- Shortened and improved code again.
V4.0b - Threw the 'led switch off' out.
- Made the cold/cool capture killer optional.
Hello Martin, yes, only for you...
- Shortened and improved code again & again....
R V4.0c - AARGH!!! A new link virus: Disaster Master V2.
R V4.0d - CENTURION LINK VIRUS killer implemented.
- Implemented a resident library checker.
- From now on the source contains only the
'virus-killing-part'.
R V4.1 - these fucking ass....., in the last two weeks
I got three new file/link viruses, and this is
even one of the best programmed viruses I ever
saw: The Traveling JACK... What chance has
a 'Traveling Jack' against a Berserker??? None...
- OLSEN found out that 'Berserker' crashed on
Kick 2.0. Now checks the Kickstart version.
That's not my fault, most viruses will crash, too.
- From now on source contains everything.
( some people didn't like it the other way )
- Removed 'math.lib' check. A virus in math.lib?? NAAA...
R V5.0 - improved 'Traveling Jack' searcher (now finds the
mutant version.
- Added a permanent handler. ( read description below )
- Removed 'dos.library' check. My kind of checking doesn't
work correctly with dos.library. ( doesn't find any change )
- Takes care of NTSC screens when printing the CLI
instructions.
- BIG code-cleanup.
This cleanup was a REAL one: Berserker has become shorter,
faster and (keep your fingers crossed) bug-free...
also changed the way I jump into dos.library from 'A5'
into 'A6'. ( less problems with future Kickstarts )
to be honest, I changed most of the routines...
- New Workbench design. ( uses gadgets )
- Full instructions from workbench.
- Source contains only the last revision description.
- NO german.docs any more! ( it's not too difficult to under-
stand the english docs... )
R V5.01 - Fine tuning ( cli-instructions with 'RETURN' and Workbench
instructions with 'LEFT M.B.' )
- New handler version -> V1.4
R V5.02 - Once again fine tuning.
CLI PARAMETER CHECK recognizes TAB's now.
- New handler version -> V1.5
R = released version release date: 22.11.90
Berserker is now: 7892 bytes long. (not crunched!)
==============================================================================
==============================================================================
Berserker-Handler V1.5
++++++++++++++++++++++
© Copyright 1990 by Ralf Thanner
The code is entirely written in assembler for the Kuma Seka assembler
==============================================================================
REVISION HISTORY:
=================
V1.0 - finds and destroys the two link-viruses 'Traveling
Jack' and 'Centurion'.
R V1.1 - reprogrammed the whole handler which is now absolutely
system friendly. ( launch the handler and use XOPER
to see what I mean! )
- If you start 'Berserker-Handler', it prints
it's revision number.
- Handler should be waterproof... ( I HOPE! )
R V1.2 - improved 'Traveling Jack' searcher.
-> now finds the mutant version.
V1.3 - Removed a big bug ( was it my fault or COMMODORE's ??? )
when the interrupt server was installed, all other servers
running with same priority ( like the Imploder crunch bars
or NoisePlayer's play routine ) didn't work. Changed
priority to '-2'.
- Also changed the check-rate. ( older versions checked every
frame )
R V1.4 - Bumped priority to '-126' since 'BAD' had a priority
of '-60' which caused it to hang.
R V1.5 - changed task priority.
R = released version
Berserker-Handler is now: 884 bytes long. ( don't crunch! )
-------------
==============================================================================
WHAT DOES Berserker V DO?
=========================
Berserker is a viruskiller which was designed as a CLI-command. It works with
Kick 1.2, Kick 1.3, 512K and expansion RAM.
Berserker 5.0 consists of two files, 'Berserker' and 'Berserker-Handler'.
Copy 'Berserker-Handler' into the 'L:' directory if you wish to use the
permament checker ( otherwise Berserker will not able to launch the handler ).
The Handler needs about 4900 bytes of memory; that should be worth it...
( four KB for the stack and one for the program )
Because of the big number of link viruses on the Amiga, I recommend inserting
the Berserker call as the third command in your startup-sequence.
( the later the better... )
You can start Berserker V either from CLI or from Workbench.
WORKBENCH:
----------
Berserker opens a window and waits for your choice.
ALL OPTIONS SHOULD BE SELF-EXPLANATORY
CLI:
----
Berserker offers you following options:
'Berserker ?' - instructions.
'Berserker c' - clears the cold- & coolcapture
'Berserker i' - to install the 'Berserker-Handler'
'Berserker r' - to remove the Handler from memory
If you start Berserker V without any command it will start searching
through memory in order to kill these little bastards.
You can combine the options 'r' or 'i' and 'c'.
If Berserker finds a virus a Recoverable Alert appears, just click a
mousebutton to continue ( you will get to know the presence of a virus even
if the Berserker banner message has been redirected ).
If Berserker-Handler is installed and finds 'JACK' or 'CENTURION' a
Recoverable Alert appears, just click a mousebutton to continue. I would
recommend that you use 'BLVC' to check the file loaded just before the
alert appeared. BLVC 'heals' files infected by link-viruses.
LIBRARIES
=========
Berserker checks the following ones:
- EXEC.LIBRARY
- EXPANSION.LIBRARY
- GRAPHICS.LIBRARY
- LAYERS.LIBRARY
- INTUITION.LIBRARY
Berserker checks these libraries in order to detect any illegal change.
Programs like 'SetPatch' use the systemcall 'SETFUNCTION' to change a
vector but no virus does. Consequently, Berserker compares the original
library checksum with its 'homebrewn' checksum and puts up an alert.
-->> ANY CHANGE IS DETECTED. <<--
If Berserker shows its little alert with 'EXEC.LIBRARY' the chance that you
system has been infected by a new virus is very high!
Berserker does not repair a modified library. The function was added only
to give you an opportunity to recognize new viruses...
WHICH VIRUSES DOES Berserker KNOW?
==================================
1. SCA and all its mutant brothers and sisters
-------------------------------------------
This means AEK, LSD, WARHAWK, OBELISK, PENTAGON, BAMIGA SECTOR ONE....
2. Byte Bandit
-----------
No need for further discussion (or what do you think?).
3. Byte Warrior (DASA0.2)
----------------------
Was the first virus with coded text, so you couldn't recognize it on
the bootblock.
4. The Exterminator (LAMER!)
-------------------------
This one fills the tracks of a disk with 'LAMER!LAMER!LAMER!'.
Exterminator is very tricky, if you try to examine the bootblock it
will always look like a normal one. The new version should find all
versions of the LAMER-EXTERMINATOR. (that's not true... what a shame)
5. The IRQ-Virus
-------------
This one is a link virus. It looks for the second program in the
startup-sequence and tries to infect it. If this fails it will try to
link itself to the DIR command. WARNING!!! Sometimes it also infects
other programs.
If a disk is write-protected -> look for REQUESTER
Hint for programmers: the IRQ-virus' vector is OLDOPENLIBRARY(-408),
therefore always use OPENLIBRARY(-552). Unfortunately the standard
Aztec 'C' 3.2a - 5.0 crt0.a68 startup code makes a call to
OldOpenLibrary() to get access to the dos.library. Time for a bug
fix, Manx?
6. The BSG 9-Virus
---------------
This one is a link virus. It looks for the first program in the
startup-sequence and tries to infect it. It saves the modified file
in the DEVS directory with spaces instead of a name. The virus itself
is about 2608 bytes long and becomes visible after four or five
resets; the screen turns black and a message appears:
" A COMPUTER VIRUS IS A DISEASE "
" TERRORISM IS A TRANSGRESSION "
" SOFTWARE PIRACY IS A CRIME "
" THIS IS THE CURE "
" BSG 9 BUNDESGRENZSCHUTZ SEKTION 9 "
" SONDERKOMMANDO 'EDV' "
7. The Gadaffi-Virus
-----------------
This one is a mutant version of the old Byte Warrior. It copies
itself on each disk and tries to play a sound with the disk drive
motor after 12 resets. Even though you might find the music funny,
the drive will be of a different opinion (this may lead to serious
hardware failures!).
8. The Disk-Doctor
---------------
This one is a brand new one. It allocates 12 KBytes after each reset
and ... to be honest, I didn't test what it also does because this
one was very complicated -> before Disk-Doc I had never seen a Task,
nor did I know what you can do with one. I'm lucky enough to be able
to detect and kill it.
( By writing Memguard I got to know a lot more about tasks...)
9. The REVENGE BOOTLOADER
----------------------
This one is just a normal virus with the ASCII text 'REVENGE
BOOTLOADER' in it (not the smartest of ideas). It looks like as if
this one has no message in it, it only copies itself onto every
disk inserted. This one is a virus of a new generation, it works with
every kickstart and with fast-memory.
10. SYSTEM Z
--------
I wanted to add this one but a programm which asks before it copies
itself onto disk is not a virus in my eyes.
11. REVENGE
-------
This is an old one, which at the end of the boot code contains the
following ASCII text: "REVENGEV1.2 COUNT:". I had to implement this
one because Berserker III crashed when REVENGE was in memory.
12. TIMEBOMB
--------
ARGHHHH!! This one is NOT in memory. TIMEBOMB only tries to copy
itself to the disk in DF1:. The next time you boot the other disk
from DF1: TIMEBOMB fills the whole root track with random data from
location $20000. After quite literally killing the disk it displays
an alert with it's stupid message. Berserker cannot find and kill
this one since it is not in memory. Sorry!!! Special thanks for this
virus must go to DATA BECKER. The asshole who wrote the virus took
all routines out of AMIGA INTERN I.
13. XENO
----
I can't tell you anything about this one (I never got it). I had to
take the routine from STEVE TIBBET. Some of my friends own hard disk
drives. S.T. says that the Xeno spread like wildfire and infected
even hard disks. My friends were so frightened that, (AAARRGH!! it
is very hard to say) I took the routine from VIRUSX4.0.
14. Disaster-Master V2
------------------
This is a link virus which is 1740 bytes long and only infects disks
with a startup-sequence. Disaster-Master is alway found in the first
line as 'CLS *' and in the 'C:' directory as the 'CLS' command. Be
sure to examine both the startup-sequence script and the 'C:'
directory If Berserker discovers that your system has been infected by
DM V2. Funny enough if launched without the asterisk ('*') the CLI
window is cleared. After a few (???) resets it puts up an alert and
resets the computer.
15. CENTURION LINK VIRUS
--------------------
This new virus makes itself resident, changes DoIO & KickSum and is
always located at $7f000 (some guys will - hopefully - never learn
it). The virus itself is 3916 bytes long and tries to infect the
programs listed in the startup-sequence (what else!). After a number
of resets it changes the mouse pointer to a smiley with a tiny
scrolling banner message in it. I heard that you can protect your
commands in the startup-sequence with this little trick: change your
command line from: 'Berserker' to 'C/Berserker', etc. Keep away from
programs like 'new LZ' or 'LHwarp V1.44'; they are fake and contain
the virus.
If a disk is write-protected -> look for REQUESTER
16. THE TRAVELING JACK
------------------
You can wipe it out with a reset (that's at least what I guess from
the code) and changes the dos.library jump table (clever idea)! When
installed it tries to write its 'VIRUS.xx' file to disk each time a
program accesses the drive. Be careful: it tries to 'link' itself to
anything!
There are two diffent versions, a normal one and a mutant. Berserker
wipes both from memory, but doesn't tell you whether it was the normal
or the mutant version.
If a disk is write-protected -> look for REQUESTER
REQUESTER
=========
If a disk is write-protected the virus always brings up a standard
DOS Autorequester like this:
+System Request ==================##|##+
| |
| Volume |
| - Disk name - |
| is write protected |
| |
| +-----+ +------+ |
| |RETRY| |CANCEL| |
| +-----+ +------+ |
+--------------------------------------* <- 'OLSEN' is not a good painter..
ADDITIONAL REMARKS
==================
Special thanks go to my friends:
Olaf B. for testing and ideas & help
Michael V. for utis, viruses and testing
Henning L. for being a helpfull coder
Thorsten H. for tips and help
Erik L0vendahl S0rensen, watch out for the next version....
«» DON'T RESOURCE! «»
Olsen: Berserker was written using the well known Kuma Seka Assembler. As
an American user you might have never heard or seen anything of it. Kuma
did it the British way: Seka does neither generate ALink compatible linker
object files, nor does it apply to the de facto Metacomco MASM (see
Developers' toolkit) standard. For this reason your CAPE, MASM, ASM or AS
will probably refuse to re-assemble the source code. Calls like "MOVE 4.W
A6" will have to be replaced by something like "MOVE 4,A6".
Ralf: I love my SEKA and i use calls like 'MOVE 4.w,a6' for speed, you
C-FREAK!
SORRY TO ALL THE FOLKS WHO WROTE ME A LETTER AND I DIDN'T ANSWER THEM!!!
I WILL ANSWER THEM EVEN IF THEY ARE ONE YEAR OLD... I'M SO LAZY...
=============================== Berserker ==================================
IMPORTANT NOTICE: This program is (c) Copyright by Ralf Thanner, but can
be FREELY DISTRIBUTED, providing that the following rules are respected.
- No change is made to the program nor to the accompaning documentation.
- Every form of distribution is allowed and encouraged, but no fee can
be charged for this program except for, possibly, the cost of magnetic
media.
- The package is always distributed in its complete form consisting of 4
files: 'Berserker', 'Berserker-Handler', 'Berserker.Doc' and
'Berserker.S'.
By copying, distributing and/or using the program you indicate your
acceptance of the above rules.
==============================================================================
|