AVK
USER MANUAL for the "Ultimate Virus Killer" written by Richard Karsmakers Mark III (rewrite) initiated June 19th 1993 Last change: June 3rd 1999 LIST OF CONTENTS LIST OF CONTENTS DISCLAIMER NOTICE INTRODUCTION MAKING A BACKUP STARTING THE "ULTIMATE VIRUS KILLER" WORKING WITH THE "ULTIMATE VIRUS KILLER" SEEK'N'DESTROY VIRUSES IMMUNIZE DISKS REPAIR BPB (BIOS PARAMETER BLOCK) BOOTSECTOR VIRUSES LINK VIRUSES RESTORE DISKS THE SYSTEM STATUS SCREEN FEEDBACK CREDITS TROUBLE SHOOTING CHART THE "ULTIMATE VIRUS KILLER" CONFIGURATION FILE THE "ULTIMATE VIRUS KILLER" HISTORY FILE The "Ultimate Virus Killer" programme and manual are copyright (c) 1999 by C.R.I.M.E. Development 0 DISCLAIMER NOTICE We make no warranties, either expressed or implied, with respect to this manual or with respect to the software described in this manual, its quality, performance, merchantability, or fitness for any particular purpose. The entire risk as to its quality and performance is with the buyer. Should the programme prove defective following its purchase, the buyer assumes the entire cost of all necessary servicing, repair, or correction and any incidental or consequential damages. In no event will we be liable for direct, indirect or consequential damages resulting from any defect in the software. 1 INTRODUCTION Congratulations on your acquisition of the "Ultimate Virus Killer" (or, for short, UVK). This is probably the most versatile and definitive product in the battle against computer viruses on the Atari ST/STE/TT/Falcon; a full- fledged tool that has taken many years of painstaking development already. The main features of this programme are: * Recognition of virtually all software that uses the disk's bootsector * Recognition of ALL known viruses - both bootsector-and link viruses * Option to restore previously damaged software that needs a specific bootsector program * All harmless data on your disks remains 100% intact! * Immunization of disks/files against many bootsector-and link viruses * Option to repair damaged or destroyed BIOS Parameter Blocks * Automatic recognition of any hard-, floppy-and RAM disks that are present * Automatic recognition of all known viruses already present in the computer system * Almost 40 direct on-line, context-sensitive help screens included in the programme, accessible by pressing the [HELP] button * Automatic calculation of a 'Virus Probability Factor' for suspicious/unknown bootsectors * Fast scanning of a whole drive or partition for link viruses. This allows you to scan a full partition or floppy disk for link viruses 'at the touch of a button' * Option to save potential viruses to disk or print them out, to have them analysed by the programme author * Extensive system check; specifies suspicious system variables, scans for reset-proof programmes and checks for viruses in memory - also when a hard disk is attached! * Full compatibility with MEGA ST, MEGA STE, ST, STE, TT and Falcon with a minimum of 512 Kb of RAM, any ROM TOS and any known hard disk driver * Total compatibility with "MultiTOS" and "Geneva" * Contains fast, compact machine code routines, harnessing the raw processing power of the 680x0 type of processors * Extensive recognition of memory-resident programmes (among which all known viruses...) * Comfortable and easy-to-use mouse/keyboard user interface * Programme checks itself for link virus infection on start-up * Metados compatibility - check up to 26 drives/partitions! * Fully GEMDOS compatible, using dialog boxes and easy GEM conventions With this tool handy, you need never worry about viruses on your computer any more: You can simply use it to de-infect your disks and programmes, destroying the viruses and leaving all other information and data intact. 2 MAKING A BACKUP Just use the GEM desktop facilities to copy the files to another disk (or to hard disk) for backup purposes. For the programme to run properly, the "DATA.PAK" and "UVK_x_x.PRG" files on the original "Ultimate Virus Killer" disk are needed. An optional configuration file may be handy (see the appropriate chapter). If you wish to use the programme as a desk accessory you may rename the "UVK_x_x.PRG" file to "UVK_x_x.ACC" and copy the necessary files to the root directory of your boot drive. Usually this is partition C if you have a hard disk, drive A if you don't. If you are not familiar with the GEM copying conventions, please refer to your computer's user manual. Notes on using the "Ultimate Virus Killer" as an accessory: Usually an accessory is located within the root directory of your boot drive. However, with use of small accessories such as "Chameleon" that can load and unload another accessory it may very well happen that you load an accessory from somewhere else. The "Ultimate Virus Killer" has no problems with that as long as you make sure that the supplemental files are located in the *current* directory of a floppy disk or hard disk partition. This means that you have to open a window to that directory first, *then* use "Chameleon" to load the "Ultimate Virus Killer". If you neglect this, as a rule only the root directories of all your valid partitions will be checked for occurrence of the supplementary files. You can leave away the "DATA.PAK" file when using it as an accessory in order to save memory. If you want to use the "Ultimate Virus Killer" as an accessory on colour monitors, you have to make sure that your system is switched into a proper resolution (NOT low resolution!) before any accessories are loaded. They may be achieved through AUTO folder programs such as "Superboot" and "XBoot" which can leave your system in medium resolution upon leaving. 3 STARTING THE "ULTIMATE VIRUS KILLER" Turn your computer off and on again with the "Ultimate Virus Killer" disk in drive A. After some seconds, a desktop will appear that contains several file names, amongst which is one called "UVK_x_x.PRG" (where "x_x" stands for whatever the current version number is). Double-click on this file with the mouse pointer to load and run it. If you do not want the "DATA.PAK" restore data file to be loaded (which is only needed if you want to restore commercial games or demos that have had the programs on their bootsectors wiped out) you can keep the [CONTROL] key pressed during booting. If you want to skip the start-up system status screen for whatever reason you should keep the [RIGHT SHIFT] key pressed. In case the current system date is not valid (i.e. if the system's internal clock is set to a date before the year and month in which the current "Ultimate Virus Killer" version was finished) you will be requested to enter the date and time before doing anything else. if you do not want to change the time, you may simply leave the time specification unaltered and press [RETURN], [ALTERNATE]-O or click on the "OK" button after having entered the date. The "Ultimate Virus Killer" will present its start-up screen after some more seconds, after which it will be ready to be used. It is advisable to boot your system with the "Ultimate Virus Killer" disk because it contains a virus-free and immunized bootsector. Theoretically, no virus can be present in memory this way (turning your system off and on again assures that no possible reset-resistant viruses survive). Should you want to create another disk to regularly boot your system with, just copy whatever files you want on it, then check it with the "Ultimate Virus Killer", write-protect it and keep it write-protected. KEEP YOUR ORIGINAL "ULTIMATE VIRUS KILLER" DISK WRITE-PROTECTED AT ALL (!!) TIMES! 4 WORKING WITH THE "ULTIMATE VIRUS KILLER" On start-up, a GEM dialog box will appear on the screen. This kind of dialog box will be used throughout the programme and offers some interesting extras when compared to the standard GEM dialog boxes you may be used to. For example, it is not only possible to select your option by clicking the left mouse button on its button, but your selection may also be made by keeping the [ALTERNATE] key pressed and then pressing the alphanumeral that is underlined within the button you want to select. The option that has a thickened frame is the 'default' button, which may be selected additionally by pressing [RETURN] or [ENTER]. Buttons that cannot be selected are represented with a 'greyed out' text and border. Help options, when available, are accessible by clicking on the "HELP" button at the left bottom of a dialog box, or by pressing the [HELP] key on your keyboard. Any button containing a "(U)" in its text (usually a button containing "NO", "CANCEL" or "QUIT") may additionally be selected by pressing the [UNDO] key on your keyboard. Each dialog is displayed within a window. Although it cannot be resized, you can use the window title bar at its top to drag the window all over your desktop and put it anywhere you want, including partly off the actual screen. This can be done by clicking the left mouse button on it, keeping it pressed, and moving the mouse in a dragging movement. Five options are available to you from the main menu dialog box: Seek'n'Destroy Viruses Restore Disks Information about UVK x.x System Status Quit to the Desktop These options, where necessary, will be explained in further chapters. Note on using the "Ultimate Virus Killer" as a .TTP file: The "Ultimate Virus Killer" may be used as .TTP file (for which the "UVK_x_x.PRG" needs to be renamed to "UVK_x_x.TTP"), or similarly from a command line interpreter. This allows for it to receive certain parameters from you or from other programs before it gets started. Although the options offered here are not as extensive as those of the programme in regular mode, they may still be useful. All the options that are on offer here are purely diagnostic - no viruses can be killed, for example! SYNTAX: DESCRIPTION: B X Checks drive "X" for bootsector viruses. L X: Checks the entire partition "X" for link viruses. L E X: Checks the entire partition "X" for link viruses, but only checks executable files. The ":" at the end is important! L X:\PATH\ Checks all files and all files in any folders within the folder "\PATH\" of drive "X" for link viruses. The "\" at the end is important! L X:\PATH\NAME.EXT Checks file "NAME.EXT" in path "\PATH\" of drive "X" for link viruses. "\PATH\" can consist of more than one folder name, divided by "\", to go into deeper subdirectories. X:\PATH\NAME.EXT or NAME.EXT or \PATH\NAME.EXT Alternatively you can feed just a valid file name. It will then be checked for link viruses, with packer info mode on and waiting for a key once finished. In combination with e.g. "NeoDesk" this allows you to check a file for link viruses by dragging its icon on top of the "Ultimate Virus Killer" icon with having to rename the "Ultimate Virus Killer" program file at all. In this mode, none of the parameters specified below may be added. After the initial "L" or "B" a "-" may be added (like for example "L- X:\NAME\NAME.EXT") to suppress you having to press a key when leaving the programme and to prevent the screen from being cleared at start. Likewise, a "+" may be added when doing a link virus scan - to supply you with additional information about whether executable files are packed and, if so, with which packer. A combination of "+" and "-" (to get both suppression of 'waiting for a key' AND extra packer information) is also permitted. In a command line interpreter you could enter "UVK_x_x.PRG L E:\1ST_WORD\WORDPLUS.PRG" for example. For this to work in the standard GEM desktop you would have to enter "L E:\1ST_WORD\WORDPLUS.PRG" in the box that appears on the screen after you have renamed the file to "UVK_x_x.TTP" and double-clicked on the file. In combination with an extended desktop such as "NeoDesk" you can just drag the "WORDPLUS.PRG" icon across (it won't be copied, only the name will be fed to the command line). 5 SEEK'N'DESTROY VIRUSES Following the selection of this option, another dialog box is put on the screen, allowing you to select the drive on which to start seeking'n'destroying viruses. The programme automatically detects any drives that are attached to your system and displays their identifiers in selection buttons. Up to 26 drives/partitions may be selected, with the unavailable drives/partitions being represented in 'greyed-out' text. Please note that bootsector viruses can only be searched (and destroyed) on floppy disk drives - A and B. Selecting drive B is not possible when it is not actually attached. Link viruses can be searched on either floppy-or hard disk (up to and including partition Z). You may select a drive or partition by clicking on its appropriate button with the mouse button or by entering the appropriate keyboard shortcut [ALTERNATE]-key. Once the drive to use is selected, you can decide whether you want to examine your media for bootsector-or link viruses. If you selected bootsector viruses, you will get a prompt to insert the disk you want to check. In case you selected the option to check for the presence of link viruses you will enter some further dialog boxes where you can specify which files you want to check and in what way you want them to be checked. In the first dialog box you will be able to specify whether you want to scan an entire drive or partition (ALL files on a floppy disk or hard disk partition, including those present in all the folders, will be scanned recursively), single files or folders, or whether you want to exit. If you opted for the option to scan single files or folders you can either specify a full filename in the item selector box (in which case only that file will be scanned) or you can specify a folder you want to tree-scan without actually specifying a file (in which case all the files in that specific folder - including all files and further folders present in it - will be scanned). It is important not to select a file name in the latter; just enter the appropriate folder and then click on the item selector box' "OK" button. If you decide to check an entire floppy disk for link viruses the "Ultimate Virus Killer" will also automatically check that disk's bootsector (note: this is for floppy only!). Checking for link viruses on a whole partition or entire folder may be aborted by pressing [ESCAPE] or [UNDO]. When there are many infected files or when you have set "warnings on" and there are many packed files, you may have to press the [ESCAPE] or [UNDO] key a few times. There is one rather important note that applies to bootsector viruses: IT IS POSSIBLE THAT A PERFECTLY HARMLESS DISK IS SUSPECTED OF BEING A VIRUS! This means that either the bootsector of the harmless programme is not yet recognized and not yet implemented in the "Ultimate Virus Killer", or that it is indeed a new virus! Whenever the "Ultimate Virus Killer" encounters such a disk, you will be given the possibility to either REPAIR the disk, PRINT its contents, WRITE A BOOTFILE or LOOK AT IT. In the second and third cases, we would very much like to receive the boot file, that the "Ultimate Virus Killer" can write on a disk with enough space on it (at least 512 bytes free). When you do not have a disk nearby with sufficient space free, you may want to use the FORMAT option that will format a disk (single sided). If you send that disk (or the print-out) to us (together with some written info about the disk it came from and your name and address), we will check it out and send it back as soon as possible provided you have supplied sufficient International Reply Coupons (!). Please make sure the bootfiles are accompanied by sufficient explanation as to what sofware they belong to, for it's usually impossible to determine this information from the bootsector contents and the bootfile file name only. It is likely that the directories of disks that have auto-booting bootsectors on them will appear to be 'empty' or that they seem to have 'corrupted files'. This need not be (and most probably isn't) due to virus infection but to some software protection schemes' exotic disk formats, some of which include there not being any files on the disk at all. IF YOU KNOW THAT THE SUSPECTED DISK CONTAINS NO VIRUS, WE WOULD VERY MUCH LIKE TO RECEIVE IT ANYWAY, BECAUSE OTHER PEOPLE MAY NOT BE AWARE OF IT AND MIGHT ACCIDENTALLY DESTROY THEIR PRECIOUS SOFTWARE!! Please send any disks in a good quality envelope that can also be used for return mailing, and write "CONTAINS MAGNETIC MEDIA - PLEASE DO NOT X-RAY" on it in clear, large characters (to minimize loss of data). Do NOT FORGET TO ADD sufficient International Reply Coupons! Disks without these cannot be sent back! Just before you can select whether to write a boot file or simply to repair, a dialog box will be displayed that tells you the "Virus Probability Factor" (or VPF for short) - the probability factor that the disk that is on the current bootsector is indeed a virus. The reliability of this factor is quite high. The VPF is produced by scanning the code present in the bootsector for some vital virus characteristics: Factor 1: The presence of machine code that is to be found in a routine that writes a sector to disk. Factor 2: The presence of machine code that creates the checksum for an executable bootsector. Factor 3: The presence of magic checksums or memory locations that are needed to make a programme reset-resistant. Factor 4: The presence of the addresses of system variables that viruses can link themselves to. In certain cases, an additional dialog box is produced; this happens when an unknown disk is found to be largely filled with the same value. The larger the percentage mentioned in this dialog box, the less the likelihood of virus infection (quite on the contrary, one might add, to the percentage mentioned with the "Virus Probability Factor" calculation)! Note on executable file extensions: When you want to check a whole partition or folder for link viruses it is possible to select whether you only want executable files to be checked or whether you want this to happen to all files. Executable files are files that can be run from the desktop; other files include text files, picture files, source code files and the like. When selecting to check executable files only, the programme will only check files with extensions ".PRG", ".TOS", ".APP", ".ACC", and ".TTP" (including their disabled counterparts ".PRX" and ".ACX"). These are normally the extensions for executable programmes. Some alternative desktop programmes (such as "NeoDesk") allow other file extensions to be executable, e.g. ".NPG" and ".NTP". To check these as well, you would have to opt for ALL files to be treated, or you will have to configure the UVK.CFG file accordingly (see the appropriate chapter). Note for users of "MultiTOS": This Operating System uses a 'unified drive' (identifier "U:") in which certain folders will cause a crash when checking for link viruses. You should refrain from checking the following directories: "U:\DEV", "U:\PROC", "U:\PIPE" and "U:\SHM". 6 IMMUNIZE DISKS Most of your disks, including those with valuable working material, can be immunized so that they will no more be infected by many of the known bootsector viruses and all anti-viruses. The principle used by the "Ultimate Virus Killer" immunization algorithm is the fact that many known bootsector viruses, when resident in memory, check if they are present on a disk already before they bother copying themselves onto it. If they find themselves present, they do not copy across that particular disk. When the "Ultimate Virus Killer" writes only those few recognition bytes to the bootsector that does the trick: The virus thinks it is present on the disk already and does not copy itself onto it. - Disk immunization will not help against ALL viruses. - Programmes that use the bootsector themselves (like the ones included in the 'RESTORE' list in a text file on the "Ultimate Virus Killer" distribution disk) cannot and should not be immunized as the few bytes necessary for writing the immunization will destroy the boot code program they need to perform properly. - In the text file "VIRUSES.TXT" on your programme disk you will be able to find the specifications of which virus can be immunized with which code. Since certain different viruses use the same bytes on the bootsector with different values to check if they are already present, this means that some viruses can not be immunized against without sacrificing another. Some viruses cannot be immunized against at all as they simply copy themselves across any bootsector without bothering to check their presence prior to copying. The only way to protect yourself from these types of virus is to keep your disks write-protected. If this is not possible, you will just have to check those disks regularly using the "Ultimate Virus Killer". - On your search for viruses you will undoubtedly come across what the program calls "MS-DOS disks". These are standard disks that, however, have specific values written in their bootsectors so that they may be interchanged between Atari and MS-DOS (i.e. IBM PC and compatible) computers. These disks are formatted automatically when formatting with TOS version 1.04 or up. Whenever you immunize such a disk this so-called 'MS-DOS compatibility' will be lost! It may be best to reserve only a limited amount of disks to exchange files between these two system standards, and to check these regularly for virus infection. 7 REPAIR BIOS PARAMETER BLOCK 7.1 INTRODUCTION Some mutant viruses cause the BIOS Parameter Block (or BPB) to be corrupted. This means that there is no longer any information on the disk's format, stored into the BIOS Parameter Block segment of a disk bootsector, available to the Atari's Operating System. It will no longer be able to determine how many tracks and sectors a disk has, as well as several other vital parameters. Trying to display a directory from such a disk will most likely result in a system hang-up, bomb crash or the appearance of a disk filled with corrupted files and filenames. The "Ultimate Virus Killer" incorporates a semi-intelligent routine that automatically recognizes known mutant virus versions and allows the user to repair the BIOS Parameter Block again in case of it having been damaged after the actual mutant virus has been removed. PLEASE NOTE THAT YOU SHOULD READ THIS SECTION OF THE MANUAL VERY THOROUGHLY BEFORE YOU EVER ATTEMPT TO REPAIR A BIOS PARAMETER BLOCK!! Repairing a BIOS Parameter Block is quite difficult; after all, this small segment of the bootsector determines whether or not your computer can read from or write to individual disks. First, let's supply you with a table that specifies how the BIOS Parameter Block is built up. OFFSET means the value that should be added from the start of the bootsector, starting at zero. The values are in decimal. ------------------------------------------------------------------------------ OFFSET: NAME: EXPLANATION: ------------------------------------------------------------------------------ 11-12 BPS Bytes per sector 13 SPC Sectors per cluster 14-15 RES Number of reserved sectors 16 FAT Number of FATs on the disk 17-18 DIR Number of directory entries 19-20 SEC Total number of sectors 21 MEDIA Media descriptor byte 22-23 SPF Sectors per FAT entry 24-25 SPT Sectors per track 26-27 SIDES Number of sides 28-29 HID Number of hidden sectors ------------------------------------------------------------------------------ It is not necessary for you to know the above table by heart. It was supplied here with the intention to give you some idea of what the BIOS Parameter Block means to the Operating System. Whenever a BPB is destroyed, these essential pieces of information are no longer present (which, as said before, will most likely result in various disk error messages, system crash or a garbage disk directory). First of all, you should know that you should preferably not try out this 'BPB repair' option on original game software, as current-day software protection techniques involve the craziest disk formats that would probably drive the "Ultimate Virus Killer" algorithms nuts! Apart from that, attempting a 'BPB repair' on such a disk may also lead to instant software malfunction. The only option you should ever use in order to restore the contents of original (game or demo-) software disk is the main menu 'restore disks' option. Second, you should also realize that the 'BPB repair' option may not work correctly on disks that have been formatted using 'larger' formats previously. This would for example be the case with a disk that you formatted with 82 tracks some time ago and later decided to reformat with only 80 tracks. Some remnants of the old format still left intact (in this case the tracks above track 80) may be found, disturbing the algorithm. There are two ways to get access to the 'BPB REPAIR' option. The first is the most obvious: Whenever a damaged BIOS Parameter Block is detected (and this does not even need to be the result of a virus) the programme ask whether you want to attempt a BPB repair or not. The second one is also quite obvious: Whenever the 'Seek'n'Destroy' option recognizes a mutant virus on the disk, or whatever remains of it, it will initially remove the virus and then ask you whether you want to attempt a 'BPB repair' or not. Upon your confirmation the 'BPB repair' option will be entered. You need not be worried about inadvertently entering it - after having specified all parameters you can always cancel the whole thing at the end, leaving the current BIOS Parameter Block unaltered. As was stated already, repairing the BIOS Parameter is not only a slightly complicated matter, but it may also prove dangerous insofar that the specification of the wrong parameters it can make whatever is on your disk totally inaccessible. Common symptoms of a disk with inaccessible material on it are the aforementioned crashes, disk errors and disk directories containing only garbage information (huge file sizes, weird file names, invalid dates and times). Therefore you should take care using the 'BPB repair' option. Even if you have already attempted a BIOS Parameter Block repair with wrong parameters there is a way to attempt it again - despite the fact that the disk will now, obviously, have a valid BPB and the 'BPB repair' option will normally no longer be entered. What you would need to do in this case is check the disk's bootsector again and keep the [RIGHT SHIFT] key pressed until the screen flashes briefly. The program will now have forced the BIOS Parameter Block to be invalid again, enabling you to enter the 'BPB repair' option again. The most common mistakes made while repairing a BIOS Parameter block involve the specification of the number of tracks per side and sectors per track, as well as the number of actual sides on a disk. Should you find yourself unable to fix it regardless (or if you simply do not dare to attempt a BPB repair yourself), you can send the disk to the address mentioned in the "FEEDBACK" chapter of this manual. Please add an amount of money that equals the price of an "Ultimate Virus Killer" update and twice the amount of IRCs required. You will receive your disk(s) back after a short time (hopefully). In case of my not being able to repair it either, you will receive your money back (not the IRCs though). Some important notes: - It is important that you do not try to delete files from or write files to disk that have a damaged BIOS Parameter Block. - If you send in disks with BIOS Parameter Blocks that need to be repaired, please clearly state that you want your disk repaired and that you don't want an update! - Whenever you repair the BIOS Parameter Block of a disk it will automatically be immunized. - Attempting a 'BPB repair' on a disk is no cheap way of increasing a disk's storage capacity. Specifying more sides, sectors per tracks or tracks per side than are actually present will cause whatever is on the disk to remain inaccessible. During the 'BPB repair' option some dialog boxes requesting input will be put on the screen. You have to use these to specify BPB values, but do not worry if you do not know anything about this. This part of the manual can be of some help, and you can also use the built-in context-sensitive on-line help options by pressing the [HELP] key. During the 'BPB repair' option you will be requested to specify a number of parameters needed by the "Ultimate Virus Killer" algorithms to write back what was previously the correct BIOS Parameter block for the current disk. 7.2 HOW MANY BYTES PER SECTOR Claus Brod, Atari mass storage media expert and author of probably the best book in this field (called "Scheibenkleister", unfortunately in German), claims that only 512 bytes per sector are possible as TOS (the Operating System within your computer) does not allow for 128, 256 or 1024 BPS on floppy disks. For the sake of compatibility with future TOS versions as well as for the pure sake of completion it is possible to select any of the values here. Unnecessary to say, you will almost certainly have to specify 512 bytes per sector here. 7.3 HOW MANY TRACKS PER SIDE This can vary quite a lot, due to formatting programmes available that allow up to 90(?!?!) tracks per side to be formatted (whether or not these programmes should be used and whether these tracks are safe for data storage will not be discussed here). When requested to specify the number of tracks per side it will be handy to remember if you formatted the disk in the drive using the standard GEM DESKTOP format option or not. If you did, you should select 80. If you did not, you should select 'Examine' unless you are certain yourself of the amount of tracks present on the disk (some people write the three vital disk characteristics - tracks per disk, sectors per track and number of sides - on the label of a disk; this may be a good idea for you too). The 'examine' option reads the first sector from ever increasing track numbers and calculates the number of tracks present on a disk by substracting 1 from the first track number that cannot be read (usually due to it never having been formatted). This means that disks that have been formatted using more tracks earlier and that were reformatted using less tracks later will cause the "Ultimate Virus Killer" to find the old amount of tracks. As said earlier, this may sound like a quick method to increase your disk's amount of tracks, but really isn't: The 'BPB repair' option algorithms will in that case not work correctly! 7.4 HOW MANY SECTORS PER TRACK Much like the amount of tracks per side, the amount of sectors per track can very a lot. When a standard ST disk was formatted using the standard GEM DESKTOP format option, this value is 9. In other cases it can be any value from 1 to 11 (although 12 has been included, for which there is no space on a track, at least theoretically). Standard Falcon (and post-1992 TT) disks support higher amounts of sectors per track; they are High Density (HD) disks as opposed to the regular Double Density (DS). High Density disks can write 18 (on 3.5" disks) or 15 sectors per track (on 5.25" disks). Even Extra High Density (ED) disk drives exist, allowing the use of a massive 26 sectors per track, but these are quite rare. All kinds of disk drives, including DD, HD and ED ones, are supported by the internal 'BPB repair' algorithms. Try to remember the right number of sectors per track yourself (and write this information on disk labels as of now), since otherwise the 'examine' option will perhaps find the remains of previously formatted extra sectors per track. Normally this should not happen, but certain 'fast format' programs neglect to fully initialise a track which may leave some old information more or less intact. Analogous to the calculation of tracks per disk that was explained above, the 'examine' option here reads sectors from the first track and calculates the number of sectors per track by substracting one from the first sector that it cannot read due to it not being present (not formatted) in the first place. 7.5 HOW MANY SIDES Due to one of the more ancient Atari cock-ups the ST community is stuck with the phenomenon of the single-sided disk drive (SF 354). Although virtually nobody has these drives any more, some software is still supplied on single sided disks - or sometimes a disk may just be formatted single-sided because it's quicker, who knows? Anyway, even though the chances of a disk being double-sided are bigger for certain, there is no way to be sure whether a disk has one side or two unless you just happen to know (again, it may be useful to write down the amount of sides on your disk labels). In general most older original software is single-sided, and all other disks are double-sided. If you are not sure, you can use the 'Examine' option here again, but it has the obvious drawback mentioned several times above: If a disk is single-sided but has been formatted double-sided prior to the latest format, the "Ultimate Virus Killer" will assume it's double-sided. The 'examine' option just tries to read a sector from the second side and assumes a disk is double-sided when this process happens without an error occurring. Disks that have only been used on the Falcon or a TT will almost certainly have two sides. 7.6 HOW MANY SECTORS PER CLUSTER The amount of sectors per cluster (also called the allocation unit) is always 2, except when the disk you're trying to repair is a single-sided disk with 40 tracks (these are created and used by rather ancient MS-DOS-type machines). It is supposed to be impossible to use other values here, but for the sake of future compatibility it has been included anyway. In short, you should most likely specify 2 here, as Atari ST/TT/Falcon disks always use 2 sectors (1 Kb) for one cluster. 7.7 HOW MANY FATS ON THE DISK The FAT (short for File Allocation Table) is the space on disk where the Operating System stores and gets information about which clusters on the disk are used by files (and which are not) and in which particular sequence clusters have to be put together in order to load a file bigger than one cluster that is not stored contiguously (i.e. a fragmented file). TOS maintains two FATs on a disk - one of these is always present as a temporary backup. It is not certain whether or not it is possible to use disks with only one FAT - some formatting programs seem to allow for it, but the aforementioned Claus Brod denies it categorically. You should usually specify 2 here. 7.8 HOW MANY DIRECTORY ENTRIES The directory is list on a disk where the names, lengths and other characteristics of individual files and folders on that disk are stored. The particular parameter discussed here pertains to the root directory, i.e. the directory that appears first when you display the contents ("Open...") a floppy disk drive or hard disk partition. The longer the directory, the less space is left on the disk. Usually the directory takes up the entire second track of a disk. Most disks have 112 directory entries, but single-sided disks with 40 tracks (the ones we also encountered above, that are used by rather ancient MS-DOS systems) have only 64 of them. Again, it is not possible to easily increase your disk's storage capacity by specifying a lower amount of directory entries here. This will lead to whatever is on the disk to remain inaccessible. 7.9 HOW MANY SECTORS PER FAT ENTRY The FAT table is built up of several hundreds of entries, and it is possible to specify how many sectors ('allocation units') are included in one entry here. There is a 100% full-proof way to have it checked by the "Ultimate Virus Killer" itself, so you should specify 'Examine' here unless, for some reason or other, you are sure about selecting either '1', '2', '3' or '5' (which is rather unlikely to say the least). 7.10 A NOTE ON DISKS WITH BUSTED BIOS PARAMETER BLOCKS In by far most of all cases disks with damaged BIOS Parameter Blocks are not infected by a virus, nor do they suffer from any remaining parts of mutant viruses. It is quite usual for game data disks (any disk belonging to a game that you don't actually have to start up with - i.e. game disks labelled 2, 3, B, C, whatever) to use some sort of exotic disk format, whereas many also don't really bother about writing a BIOS Parameter Block at all and instead use even the bootsector to store graphics or map data. 'Repairing' the BPB of one of these disks will most likely prove lethal for that piece of software! In any case you should write a bootfile prior to any attempt at repairing them. 8 RESTORE DISKS If you find that you have accidentally destroyed a suspected but apparently completely innocent disk that needs a specific bootsector (this destruction could have happened inadvertently by other or earlier virus killers, for example), or when you discover that a virus has copied itself across the necessary boot program present in the bootsector of a commercial game or a demo, the 'restore disks' option allows you to restore a multitude of these cases. Should you, for example, find the bootsector of the popular game "Lemmings 2 - The Tribes" destroyed by a virus or a rash 'repair' action, it is possible to install its proper bootsector on the original disk again, thus restoring it and saving yourself and the software company involved a lot of time and money. Selecting this option causes another dialog box to be displayed. This gives access to a list of all restorable bootsectors, identified by a game's name (or a demo's, whatever). You can scroll up and down this list and select the title of the bootsector you would want to restore. You can use the arrow buttons at the right to scroll up and down through the list. A single-arrow button will scroll one entry; a double-arrow button will scroll one page (15 entries). Click the mouse pointer on an entry to select it. After confirmation you can have it written to a disk. 'T' BUTTON Go to top of list 'B' BUTTON Go to bottom of list 'CANCEL' BUTTON Exit the screen, back to the menu 'HELP' BUTTON Access the help option A-Z/1/5 BUTTONS Jump to first title with it [UNDO] KEY Exit the screen, back to the menu [HELP] KEY Access the help option [ALT]-[A-Z/1/5] KEYS Jump to first title with it When the bootsector of the game you want to restore should not be present in the list yet, you can order an "Ultimate Virus Killer" update and hope that the bootsector you wanted to restore is included in the new version. No promises can be made with regard to this, however, so you had better also supply the address and telephone number of the company that made the software to which the bootsector belonged, as well as the name of the piece of software. That company can then be contacted by us so that some kind of agreement may be made. Most companies are very co-operative with regard to this, as they covertly recognize the virus problem and all know about the "Ultimate Virus Killer" (which has become more or less the de-facto industry standard). - Are you not sure whether or not a bootsector belongs to a particular game of a specific company? Just 'restore' the bootsector onto an empty TEST disk (which has to be formatted, though) and then check it with the "Ultimate Virus Killer". The alert box stating which bootsector it is will also give the company name, if one is known. 9 THE SYSTEM STATUS SCREEN 9.1 INTRODUCTION To assist you in determining whether your computer system itself is already infected by a virus or not, the "Ultimate Virus Killer" always checks your computer's most important system variables and memory contents on start-up. These specific system variables are pointers to various routines in your Operating System, for example pointing to a routine to read or write a disk sector, a routine to 'open' a file and so forth. Generally, viruses cling to these system variable in order to work. This way all known bootsector viruses can be recognized in the system, as well as resident types of link virus and a large number of harmless other programs that also cling to these vectors (i.e. 'bend them') for valid purposes. Of course unknown viruses cannot be recognized yet. That is the reason why this screen has been included. On startup, or after selecting the "System Status check" option from the main menu, the "Ultimate Virus Killer" will check all these important system vectors and try to establish which programs are hooked to them. It will notify you of unknown programs that have bent these vectors, signified by an inverted display of the memory address to which the vector points which indicates that there is a chance that you might be dealing with a new and unknown virus. This chance is increased dramatically if the program additionally displays "ALERT" behind a memory address displayed in inverted text style. In this case it has calculated something not unlike the regular "Virus Probability Factor" for a small cluster of memory located at that memory address, and the programme code present there was found to contain one or several characteristics commonly found in viruses. Whenever a specific program that bends a system vector is recognized by the "Ultimate Virus Killer" it will display a figure between brackets directly after the actual memory address. This can have one of the following formats: (x) The number of a recognized application (Number corresponds with the APPLICAT.TXT file list) (?) An unknown application is recognized (This MIGHT be a virus, or a harmless program) (#x) Anti-virus recognized. Reboot without it! (Number corresponds with VIRUSES.TXT file list) (-x) Virus recognized. Turn off system and reboot!! (Number corresponds with VIRUSES.TXT file list) Sometimes the program does not display a number but instead displays a four- letter code (like "FrmD" of "CBHD", or whatever). This is the so-called 'XBRA identification', which is a protocol devised in the early nineties (one of the few good things to come out of Germany) to allow for easier recognition of the multitude of files that can hook themselves to the various computer system variables. These XBRA identifiers are displayed by default when they are found; should you want to see numbers only (as these correspond with the APPLICAT.TXT file list) you need to keep the [ALTERNATE] key pressed while the addresses are put on the screen. Pressing [CONTROL] will slow down the output - in case you want to see what bends the vector and you are not content with seeing that nothing is suspiciously inverted. An additional advantage of the XBRA protocol is that it is possible to check if several programs have hooked themselves to the same vector. These will then form what is referred to as an 'XBRA chain', a sequence of programs that all use the XBRA protocol. This chain of programs will be examined by the "Ultimate Virus Killer" as deep as it can go - which is until it finds an unknown program that uses the XBRA protocol, a program (known or unknown) that does not use the XBRA protocol, or when it hits on the actual standard Operating System values. - Please note that, with but a few exceptions, installed RAM disks are not recognized and will most likely result in "(?) Unknown Application Found". To get rid of this, get rid of the RAM disks in memory. Note that a lot of the modern RAM disks are reset-proof, so you will have to turn off your system to get rid of them. - When the Physical Top of RAM is inverted, this usually due to some kind of (resident) RAM disk, too. Again, get rid of it and run the "Ultimate Virus Killer" again. - Alternative (and unofficial) versions of (beta STE) TOS 1.06 that go around (reference to the TOS '1.07' by TEX, TNT Crew and Level 16 is meant here) are mostly recognized as a standard TOS 1.06. This is because the people behind that adapted TOS wanted to have maximum compatibility and could therefore not change the date and version number. When specific TOS 1.07 versions are recognized, they are thus stated in the status screen, and their release date will be stated at 'TOS date' (which normally displays the date contained is the TOS header, which represents the date at which that particular TOS version has been released). - Something similar is the case for the alternative Operating System "KaosTOS" (an adapted TOS 1.04). When this is recognized, the TOS version displays 'KAOS' and the TOS date specified is the release date of the "KAOSTOS" version currently in use. - The system screen will also check for reset-proof programmes and warns you when non-recognized resistant programmes are found. 9.2 WHEN SUSPICIOUS What to do when one or several of these variables happen to be displayed in inverted text style, in other words when there is something 'suspicious' that isn't yet recognized? In that case you should turn off your system and turn it on again after about 30 seconds, with the "Ultimate Virus Killer" disk (or another disk that is guaranteed to be free of viruses) in the drive. If you're using an AUTO folder on your boot disk or boot partition, disable all programmes in there, as well as all accessories. Do this prior to booting up your system anew. Disabling AUTO folder programs can be done by changing the extensions from .PRG or .ACC into e.g. .PRX and .ACX respectively. The Operating System will only load .PRG files from the AUTO folder and will only recognize .ACC files as accessories. If these aren't present the system will assume they're not there and won't load any of them. You will now have a totally empty system. All values displayed by the System Screen Status should be in regular text. In case of inverted display this does not necessarily point to virus infection - perhaps your hard disk driver or particular Operating System version is not yet recognized (hard disk drivers typically use memory slightly above the bottom of memory, whereas your Operating System is typically located on addresses $E0xxxx or $FCxxxx). Now, enable one AUTO folder program, reset your system and load the "Ultimate Virus Killer". Continue like this until either all files are loaded or until a system variable is displayed in inverted text style. The file to have been enabled last before the system variables are 'suspicious' again is the one that changes them. Do not delete a programme that bends any system vectors, as it is usually not at all likely to be of viral nature unless the word "ALERT!" appears behind the inverted address displayed. Please just send the appropriate program file, whether "ALERTed" or not, to the feedback address, if possible with additional files belonging to it and any documentation (on disk, or photocopied). It will be implemented into the forthcoming version of the "Ultimate Virus Killer" so that it will be recognized and will no longer cause any memory addresses to be displayed in inverted text style. Do not forget to supply enough International Reply Coupons (!no stamps!) if you expect your disks to be returned. The same goes for the accessories, but do note that you have to check out all AUTO folder programs before you start enabling any accessories, as accessories will be loaded 'on top' of any AUTO folder programs and might disable the "Ultimate Virus Killer" from following the chain right down to possible AUTO folder programs. In case you are reluctant to send the programme(s) in question to the feedback address, you can move the mouse cursor on top of the inverted system variable contents and click on it with the left mouse button. An additional dialog box will be displayed, containing some vital information that we can work with to some extent. Please write down the contents of the dialog box together with the name, version number and origin of the file that caused the vectors to be inverted, and send it to us so that inclusion in future "Ultimate Virus Killer" versions may be possible after all. If you have a printer attached, you can keep [CONTROL] pressed while pressing the left mouse button; the programme will then also output the information on your printer. If you additionally keep [ALTERNATE] pressed, a Form Feed will be sent after printing has finished, causing the paper to be moved up to the start of the next page (tractor feed) or to be ejected (sheet feed). Press any key or mouse button to cause the information lines to disappear from the screen. Pressing the "OK" button or pressing the associated keyboard shortcut (in this case [ALTERNATE]-O or [RETURN]) will leave the screen system status screen altogether, back to the main menu. - If system variables are suspicious even without any AUTO folder programmes and accessories having been installed, and you have no hard disk, it could be a virus or RAM based version of TOS. - If the above occurs if you have a hard disk, it is very likely to be your hard disk driver. This is normal. - If the programme to bend the system vector uses the XBRA protocol, the next in line will be checked. The deepest XBRA found will be displayed. This may be helpful to determine which programme actually bent the vector. The deeper down the XBRA vector, the earlier it was loaded and installed (with the "Warp 9" accessory being a known exception). 9.3 THE PROBLEM As you could have gathered from the above, it is no exception that several programmes hook onto the same system variable. It will not be hard to imagine that a dozen or more resident programs can be installed, all bending various system vectors to their heart's content. This sort of thing tends to happen when you have a hard disk cache programme installed, a screen speeder ("Turbo ST", "Quick ST", "NVDI", "Warp 9", etc.), an alternative file selector ("FSelect", "UIS", "Selectric", etc.), a resident multi-tool programme ("Update", "Mortimer"), an alert box enhancement programme ("Let 'Em Fly" or "FormDoIt") and an alternative desktop ("Gemini", "Teradesk" or "NeoDesk") for example. It's easy to have even more programmes bending these vectors. To check which application (i.e. which programme) has bent a particular system variable, the "Ultimate Virus Killer" examines the piece of memory where the vector points to. It will (or won't) recognize the program present there and display the appropriate message in the system status screen for you to look at. Whenever multiple programmes bend the same vector it becomes difficult (if not impossible) to check which programmes bent the system vectors before the last one did. Usually the address that the last application found sitting on the vector is stored somewhere within itself so that it can be called after it has served its own purpose, and there is no way to tell precisely where. You can compare a series of programmes bending one system vector with a chain. The program that was loaded last (let's call it programme "A") is most 'on top' and will be executed first whenever the system variable is accessed by the Operating System. Once programme "A" is finished doing what it was intended for it will pass on the address it found sitting on the vector before it installed itself, i.e. the address at which the programme is located that installed itself prior to that last programme. Let's call that programme "B". Once programme "B" has finished what it wanted to do it will pass on the address that it found on the system variable, that of programme "C". And so on and so forth, until eventually the last programme in the chain will execute the actual Operating System routine that needed to be called. The addresses that each of these programmes found sitting on the system vector are stored in themselves somewhere, internally. The location where they are stored vary from programme to programme, even between different versions of the same application. The problem for a programme such as the "Ultimate Virus Killer" that tries to determine which other applications are hooked to any particular system variable is that it is normally only possible to tell which application bent that system vector last. There is no way it can be determined what the other applications before it are, as those programmes' addresses are contained somewhere in the programme that later patched that vector (I hope you're still with me - this bit of the manual actually took longest to rewrite). Only when the last programme ("A") used the XBRA protocol can it be determined where the programme before that application ("B") is located in memory - and when that uses the XBRA protocol again it is possible to go one step deeper (to "C") until one encounters the first programme that does not use XBRA. You see that it is thus normally only possible to check the programmes bending the vectors until a certain 'depth', i.e. up to the first programme that is foolish enough not to use the exalted XBRA protocol. Anything that's any 'deeper' can only be guessed at. So in case you're a programmer writing utilities that bend system vectors, do abide by the XBRA rules! They are available in any recent programmer's guide or in the "Ultimate Virus Killer" book (:-)). As was said before, the "Ultimate Virus Killer" checks the system variables as extensive as possible - up to the first programme that bends the variable without using XBRA, up to the first programme using XBRA that is not yet recognized, or, ideally, up to the dark and mystic depths of your computer's Operating System. You will see the system status screen display the various addresses with the application numbers associated with them as it proceeds along the chain of XBRA programmes. So far mention has been made only of problems for the "Ultimate Virus Killer". But what about a problem for you? Well, unfortunately there is one. Just suppose a virus installs itself in your system. It hooks itself to a few system variables and would be plainly visible for any extensive system check screen you'd care to throw at it. However, now just suppose a bunch of AUTO folder programs and desk accessories are loaded right afterwards. Unless all of these are using the XBRA protocol, they will effectively hide the virus from view (and, what's most important, they will also hide it from the "Ultimate Virus Killer" check algorithms and all will appear to be OK). For you to be sure that all is safe you will have to do pretty much the same as was described above, where the isolation of unrecognized AUTO folder programmes and desk accessories was concerned. Disable all of these and boot your system anew. Enable one AUTO folder program at a time, each time run the "Ultimate Virus Killer", then do the same with the desk accessories. If no memory addresses are displayed in inverted text style you can consider yourself safe even if the programme will not be able to check to the most extreme depths each time. Do note that you will have to check each newly acquired AUTO folder programme and desk accessory afterwards if you want to continue feeling safe! 10 FEEDBACK Feedback, suggestions, comments and non-recognized boot files (on disk or as printout) can be sent to: Richard Karsmakers P.O. Box 67 NL-3500 AB Utrecht The Netherlands Please do not forget to add sufficient International Reply Coupons if you want some sort of reply, or if you want to receive disks back! Do not add any stamps unless they're Dutch!! You may direct important questions to my electronic postbox at email account cronos@atari.org. If possible limit any electronic mail to the explanation of problems, bugs, and other questions of technical nature. Inquiries about subscriptions, administration, orders, pricing, replacement copies, disks with bootfiles that you sent, etc., should be sent to the above regular address. Please make sure your message subject is appropriate. 11 CREDITS All resource and Flydial routines, as well as help using them Gregor Duchalski System Status Screen memory check H.W.A.M. de Beer (SysInfo) Insurmountably invaluable GEM programming assistance Mark Matts Scan Partition Code and various small but important bits Stefan Posthuma AntiVirus Helmut Neukirchen Additional ideas and miscellaneous help Claus Brod (ST Computer) Volker S”hnitz (Virendetektor) Chris Brookes (Professional Virus Killer 3) Martijn Wiedijk (Lucifer Eksod) Mike Watson (Sinister Developments) Filipe Martins 'Fame' acknowledgements Niall McKiernon (Douglas Communications) Tarik Ahmia (TOS Magazine Germany) Willem Hartog (Atari ST Nieuws) Les Ellingham (New Atari User/Page 6) Special thanks Kai Holst (Antidote) All other coding (what's left of it), research, programming, resource design, text, manual, development, program collection and layout Richard Karsmakers 12 TROUBLE SHOOTING CHART In this chapter you will find some of the problems that may occur while running the "Ultimate Virus Killer" - and suggestions on how to prevent them from appearing again. * A 'NOT ENOUGH MEMORY' ALERT BOX APPEARS. Disable all desk accessories, RAM disks and AUTO folder programmes that occupy memory space. Please note that cache programmes (such as hard disk speeders, "Turbodos" and printer spoolers) also occupy a lot of memory. The "Ultimate Virus Killer" should also work on a machine with half a megabyte of memory (it will not be able to restore any bootsectors then, though). * AN ERROR MESSAGE OCCURS DURING PROGRAMME EXECUTION AND IT RETURNS TO THE DESKTOP UNWANTED. This means that you've done something awkward that the "Ultimate Virus Killer" couldn't handle! Please try to re-create this error message and write down EXACTLY what you did to do it, as well as some of your system details (TOS version, amount of memory, monitor mode, etc.). The bug will then be avoided in future versions (hopefully). If the error in question was an error '33' during the link virus partition scan, this is due to a bug in GEM. The older the TOS version, the more likely it is that this error will occur. Nothing much can be done about it, as GEM is faulty in this case. You may try to use the "FOLDRxxx.PRG" AUTO folder programme, which serves to increase the GEMDOS internal memory pool. This will delay the occurrence of the error, but will not fix it. * VERY MANY SYSTEM VARIABLES ARE PRINTED IN REVERSE WHEN DISPLAYING THE SYSTEM STATUS CHECK. You are probably using (a beta version of) a disk based TOS. Reboot without this. The "Ultimate Virus Killer" works smoothly with all known TOS versions on ROM. Basically, these inconveniences should only occur with a RAM version of any of the TOS versions. You might also be using lots of unknown resident programmes, e.g. in your (hard disk) AUTO folder. Please send those to us so we can include a recognition! Send accessories as well, and never forget to explain WHAT does WHAT and WHO made it! * DISKS THAT YOU HAVE IMMUNIZED WITH VERSIONS 3.X ARE FOUND TO BE IMMUNIZED IN THE 'OLD' WAY, WHEREAS 3.X VERSIONS STATED THAT THEY WERE IMMUNIZED PROPERLY. Quite a while ago the immunization logics have been redesigned to fit some of the later viruses, and are therefore 'new' as of version 4.0 (this was the first time this was changed since version 3.3) and up. It is advisable to immunize your disks anew with the current "Ultimate Virus Killer" version. Please refer to the VIRUSES.TXT file to check out against which viruses it protects you. Other viruses can only be protected against by keeping your disks write-protected! * WHENEVER THE PROGRAMME WANTS YOUR ATTENTION (FOR EXAMPLE WHEN A SUSPICIOUS BOOTSECTOR IS FOUND), IT FLASHES THE SCREEN. DURING THIS FLASHING, YOU FIND THAT YOU REPEATEDLY HAVE TO LISTEN TO A SAMPLED SOUND OF SOME VARIETY. You probably have a programme installed that changes your computer's 'bell' sound (chr$(7)) into a sample. A programme like this is Gribnif's "Newbell" by Dan Wilga. Disable this program. * THE PROGRAMME REFUSES TO LOAD THE "DATA.PAK" FILE, EVEN IF YOU DISABLE ALL RAM DISKS AND ACCESSORIES. YOU EVEN TURNED OFF THE MACHINE FOR 30 SECONDS AND YOU BOOTED WITH THE ORIGINAL "ULTIMATE VIRUS KILLER" DISK SO THERE CAN'T POSSIBLY BE SOMETHING IN MEMORY... Then you surely have a 512 Kb machine. For the "DATA.PAK" file to be loaded it needs more free memory than a 512 Kb machine has. Since the programme needs considerably less space to run WITHOUT the "DATA.PAK" file, it decided not to load it. * READING IN A BOOTSECTOR RESULTS IN A 'TRACK NOT FOUND' ERROR. Some games use exotic disk formats, especially for their data disks (usually any disk other than the boot disk). Psygnosis, for example, is famous for creating these kind of formats. This is NOT unusual, and does NOT indicate hardware/software failure, nor virus infection. If this happens with a game boot disk (a disk labelled "1" or "A") this is no good news and DOES indicate some sort of disk failure (though no virus infection) - in case of the game not working either, you should have it replaced by the company you bought it from (refer to the game manual for details). * THE PROGRAMME BOMBS OUT WHEN EXITING - USUALLY ABOUT SIX BOMBS. Do you have the Rubrik's Screen Saver (on offer on the UK magazine "ST Format", cover disk #42) installed? This has the problem that, when it is resident in your system, all programmes written in "GfA Basic" versions 3.xx will cause a bomb crash when exiting back to the desktop. This even happens with "GfA Basic" itself. * THE PROGRAMME BOMBS OUT WHEN PERFORMING THE EXTENSIVE SYSTEM CHECK. Do you have Dan Wilga's (Gribnif's) "Sysmon" programme installed? Older versions of this program install an XBRA vector the wrong way which will lead to the mentioned bomb error. Either disable "Sysmon" from being installed or skip the system check screen when starting the "Ultimate Virus Killer" by keeping [RIGHT SHIFT] pressed until the first regular dialog box appears. A special algorithm fixes this with some "Sysmon" versions. * YOU HAVE FOUND SEVERAL DISKS SOME TIME AGO AND YOU IMMUNIZED THEM. EVERYTHING'S OKAY SO FAR, BUT ONCE YOU EXIT YOUR CURRENT "ULTIMATE VIRUS KILLER" SESSION YOU GET "IMMUNIZATIONS PERFORMED: 0" (OR ANY OTHER NUMBER LOWER THAN WHAT YOU THINK YOU HAVE ACTUALLY IMMUNIZED). The statistics apply only to the CURRENT session. This means that this line of statistics specifies the number of immunizations you have actually performed during the current virus killer session. The "HISTORY.PRG" and "UVK.HST" files are used to maintain statistics across sessions, and this option only works if you start the program from hard disk. * AFTER RE-PARTITIONING YOUR HARD DISK OR INSTALLING ANOTHER HARD DISK DRIVER, THE HIDDEN HARD DISK OPTION TELLS YOU THAT THE HARD DISK BOOTSECTOR HAS CHANGED AND GIVES A WARNING. Simply leave the programme, erase the "AVK.BUF" file in the root directory of hard disk partition "C:", restart the "Ultimate Virus Killer" and run the hidden option again. * YOU WANT TO CHECK DRIVE "U" BUT IT'S DISABLED. This is not a bug or anything. You are using "MultiTOS", which used drive "U" as the 'unified drive'. This drive should never be checked for link viruses, as it would irrevokably crash the system. 13 THE "ULTIMATE VIRUS KILLER" CONFIGURATION FILE As of version 5.8 the programme can be additionally configured with regard to the file extensions it handles as belonging to 'executable files' (i.e. files that you can double-click on and execute from the desktop directly without having to 'install application'). When checking for link viruses, 'executable files' used to be only those with the extensions .PRG, .TOS, .APP, .TTP, .ACC, .PRX (disabled .PRG) and .ACX (disabled .ACC). It is now possible to create a configuration file, named "UVK.CNF", to be present in the "Ultimate Virus Killer" directory. This configuration file can contain up to 8192 file extensions of executable files. When selecting "executable files only" during link virus partition or folder scan, only the files with these specific extensions will be checked. If you have no configuration file in the main directory, the program will use the default extensions, listed above. The following rules apply to the "UVK.CNF" file. 1) Extension entries should be no longer than 4 characters, including an obligatory "." as the leftmost character. 2) Remarks can be added on any line not containing an actual extension entry. They need to start off with ";". 3) The file must be called "UVK.CNF" and it must be in the same directory as the "Ultimate Virus Killer" programme itself. 4) The file should be written in straight ASCII (i.e. without any control codes). This can be done with any text editor (such as "EdHak" or "Tempus") or a word processor with WP mode switched off while saving. Below you'll find a sample configuration file: ; ; Ultimate Virus Killer configuration file ; ; These are the regular extensions ; .PRG .TOS .APP .TTP .ACC .CPX ; ; These are Neodesk special executable file extensions ; .NPG .NTP ; ; These are some common disabled versions of the above ; .PRX .ACX .CPZ ; ; This is the 'GEM takes parameters' extension for TOS >2.00 ; .GTP ; ; End of file ; As of version 6.1, the program supports a special extension that is used to determine the minimum size a file must have in order to be checked in the "check all files" link virus scan department. You can use any of the extensions you want for this (even multiple ones) but only the last one found will be used so it's best the use the very last entry for this. The format is ".XXX", where "XXX" stands for the minimum size in kilobytes (i.e. the actual file size divided by 1024) from 0 to 999. When none is specified, the program uses a default minimum size of 3 Kb (i.e. 3072). The larger the specified size, the quicker the link virus scan but the less safe! In all cases fill up the value with zeroes to make sure the length is 3 digits (so "123", "003" and "030" would be valid entries). 14 THE "ULTIMATE VIRUS KILLER" HISTORY FILE When you are using the "Ultimate Virus Killer" from a hard disk (!not when running it from floppy disk!) it will write (or, when already present, it will update) a small file called "UVK.HST" that will be located in the same directory as that of the "Ultimate Virus Killer" programme. Its contents may be displayed on screen in any resolution offering 80 characters per line (i.e. 80 columns) by double-clicking on the "HISTORY.PRG" programme. This latter file should also be located in the same directory as the "Ultimate Virus Killer" programme. The "UVK.HST" file will contain some statistics such as the total amount of times the "Ultimate Virus Killer" was used, the total amount of time you spent using it, which TOS version it was last used on, how many viruses were killed, etc. You are requested for statistical purposes to supply a copy of your "UVK.HST" file every time you send in anything on disk to the feedback address.
Back to Antivirus