Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!samsung!munnari.oz.au!uhccux!waikato.ac.nz!canterbury!chem194 From: chem194@csc.canterbury.ac.nz (John Davis) Newsgroups: comp.sys.amiga.programmer Subject: Re: What Uses the ColdCapture vectors? Message-ID: <1991Jan26.142508.40@csc.canterbury.ac.nz> Date: 26 Jan 91 02:01:38 GMT References: <15952@sdcc6.ucsd.edu> Lines: 29 In article <15952@sdcc6.ucsd.edu>, orovner@sdcc13.ucsd.edu (Oleg Rovner) writes: > would someone be so kind as to let me know what sort of a program > would set the ColdCapture vector? More specifically, is there any > known link (non-bootblock) virus which does so? If there is, could > you also point me to a program that would check for it? VirusX 4.01 > reports a ColdCapture vector as being set, but KV does not do > anything other than reporting that all my files used is s:startup > scripts are virus free... I am booting off a hard drive, running an > A500 with 1 meg CHIP and 3.5 Megs of slow RAM achieved with an > ICD AdRam board. Well, I use VMK, which not only reports if the (cold|cool)capture vectors are set (in fact it checks nearly ALL vectors a virus could use ... very handy), but also tells you the address it's pointing to, and displays a dump of that area of ram!! It's very handy ... My BootMenu program uses coldcapture (to fix the 1mb chip ram bug in ks1.2/1.3), and CBM's setpatch with the '-r' option does it as well (for the same reason) ... it could be one of them, or of course it _could_ be a new virus that's clever enough to know to patch coldcapture to prevent ram clearing on a 1mb chip machine (which breaks most oldver virii) .... ----------------------------------------------------------- | o John Davis - CHEM194@canterbury.ac.nz o | | o (Depart)mental Programmer,Chemistry Department o | | o University of Canterbury, Christchurch, New Zealand o | | o o | | o co-sysop AmigaINFO BBS,1200/2400 baud CCITT, o | | o 24 hours a day, ph NZ +3-3371-531 o |