Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!tut.cis.ohio-state.edu!rutgers!cbmvax!amix!vanth!jms From: jms@vanth.UUCP (Jim Shaffer) Newsgroups: comp.sys.amiga.misc Subject: Re: Begginer q's What's these Vectors thing? And what's trashing them? Message-ID: Date: 21 Mar 91 18:19:14 GMT References: Organization: The Search For Terrestrial Intelligence Lines: 51 In article yorkw@stable.ecn.purdue.edu (Willis F York) writes: >Well like a Good amiga user, i got the "Bigbrother" anti virus program. >and got it running.. but... I've never used Bigbrother, so I can only give you general information. >EVERY SECOND the thing pops up. I clear the memory, and it Pops up again!. > >So obvisouly somthing's trashing somthing it shoulden't Yeah, it sounds like you've got a *really persistent* virus there! >So how do i find out what's doing it? I would advise you to get some anti-virus program that will actually tell you *what virus you have*, not just that your vectors have been modified. VirusX 4.01 does this, though it's a little out of date. There's a more recent one named Berserker which I think also identifies the beasties by name. This is what you need. >ColdCapture - Offset 42 :$00000000 >CoolCapture - Offset 46 :$00000000 >KickMemPtr - Offset 546 :$00000000 >KickTagPtr - Offset 550 :$00000000 >DoIO Vector - Offset -454 :$00fc06dc <------- What are all these anyway? The Capture vectors and the KickPtrs have something to do with doing a re-boot of your system. (See below.) DoIO I think is a library routine. >RadTask has not been found. >---------------------- >This system has been modified. >Non reset virus. >^^^^^^^^^^^^^^ It's this line that has me Stumped.... If you had a virus that took effect at boot time (reset time), it would've modified one of the first four items on the list above. You apparently have something that acts at other times. Like, I/O operations. Now, one final thing: Do you have any non-standard patches or utilities active when you trigger this program? Perhaps the change was made by something other than a virus. This is where it would be nice to have a program that actually identified viruses by name. (If Bigbrother is *supposed* to do this (remember, I've never seen it), and it's not, either you don't have a virus or you have a really new virus.) -- * From the disk of: | jms@vanth.uucp | "You know I never knew Jim Shaffer, Jr. | amix.commodore.com!vanth!jms | that it could be so 37 Brook Street | uunet!cbmvax!amix!vanth!jms | strange..." Montgomery, PA 17752 | 72750.2335@compuserve.com | (R.E.M.)