Path: utzoo!attcan!uunet!jarthur!usc!cs.utexas.edu!sun-barr!newstop!sundc!hadron!lsw!gjc From: gjc@lsw.UUCP (Greg Casamento) Newsgroups: comp.sys.amiga.misc Subject: Re: What BYTE BANDIT VIRUS does? I found one... Summary: BBVirus Message-ID: <190@lsw.UUCP> Date: 21 Feb 91 06:46:56 GMT References: <45082@nigel.ee.udel.edu> Organization: LSW, Landover MD Lines: 45 In article <45082@nigel.ee.udel.edu>, GELSON%SBU.UFRGS.ANRS.BR@uicvm.uic.edu (Gelson Dias Santos) writes: > > Hello people, > > Last weekend I initialized my system with a friend's bootable disk to see > some improvments he did in his startup-sequence. After, I reseted my system and > initialized with my workbench, who have the program Virus_checker5.12 instaled. > Imediately it found a Byte Bandit in memory !! The program disabled the virus > and after I removed it from my friend's disk. The Byte Bandit virus resides in memory and wats for a disk to be inserted. Once a disk is placed in the drive the virus proceeds to install a copy of itself onto the bootblock. It does this so that every time you boot up with an infected disk the virus will pop itself into memory. A big problem with any virus is that it doesn't care what it installs itself on. This creates a problem when you are using certain copy protected games which don't use standard boot sectors. Eventuall the virus may display a message on your screen, but I wouldn't wait until that point to go through some of your most recently used disks to make sure they are not infected. Remember some of your disks may not have standard boot blocks. Whatever virus protection program you are using may not be able to tell regular boot blobks from special boot blocks. Another thing to look for is a boot block archiver. This nifty littlr program takes the boot block from almost *ANY* disk and saves it in a file. That way, incase one of your special disks *DOES* get infected then you will have a backup of it's boot block. This actually happened to me once and I went through *ALL* my disks looking for the infected ones. Lemme tell ya, by the time I got to them almost *ALL* of my disks had been infected. Luckily none of my copy protected games had been touched (whew!). Well, I hope this helps.... And remember, look out for those disks that you suspect have special boot blocks and *ALWAYS*, *ALWAYS* make backups of your floppies and hard drive! -- **************************************************************************** Gregory John Casamento (The Borgster!!!) Standard Disclaimer: All standard disclaimers apply! :) ****************************************************************************