Amiga.org
Amiga computer related discussion => Amiga Software Issues and Discussion => Topic started by: yock1960 on December 22, 2006, 03:29:48 AM
-
OK. New to Amiga, purchased genuine used Workbench 1.3 disks and am using them on a A500 with 1MB total memory.
Since I've never owned an Amiga, I have been downloading some software. Some from Aminet, some not.
Not realizing that the Amiga OS was as cursed with virii to the extent that apparently it was/is, I have been uncautious and I have been infected. I have pretty much determined that most of the disks that I have transferred with Amiga Explorer (which I purchsed) are infected with the Saddam virus. Not 100% sure if there was just one source or multiple, but pretty much everything got infected before I knew it was there.
I did some searching on this site and came up with a thread where someone had a similar issue; where WB 1.3 isn't able to run the later AV software. In that thread I followed a link to BootX 4.45, downloaded it and to make a long story short, I feel like my original WB disks are clean. So; all the other disks are being formatted on a PC, then re-formatted on the A500 and new software transferred from the PC using Amiga Explorer.
Everything was going reasonably well until, after I did a fresh install of AExplorer from my PC to the A500 and making a backup of the BootX disk that I made and which did not appear to have any virii (after multiple checks!). When I formatted a disk to copy the AExplorer executable to and then started BootX back up (I know, I should have left it running); this freshly formatted disk has the saddam virus according to BootX! HOW! Is it a false alarm somehow, maybe something in the AExplorer software that is causing a false alarm or could Amiga Explorer be the source(carrier?)?
I'm not sure what to do next. For now I'm going to bed and maybe someone will have some good news for me when I check in tomorrow!
P.S. Even though BootX 'neutralized' the Saddam virus on these disks and I did a full format on the PC, could it still somehow survive?
Thanks!
-
Paraphrasing quite a bit. Hopefully haven't lost any of the orginal meaning.
yock1960 wrote:
I feel like my original WB disks are clean.
...
Everything was going reasonably well until ... I formatted a disk to copy the AExplorer executable to and then started BootX back up (I know, I should have left it running); this freshly formatted disk has the saddam virus according to BootX! HOW!
Saddam is memory resident. So even if BootX cleaned it from the disk, it might have still been in memory. The only way to get it out of memory is to power the Amiga down for a minute or so. Then boot from a fresh, virus free BootX disk and check your Workbench disks again.
yock1960 wrote:
could Amiga Explorer be the source(carrier?)?
I don't think this is possible. The virus would not be able to run on Windows as it is an Amiga programme.
yock1960 wrote:
P.S. Even though BootX 'neutralized' the Saddam virus on these disks and I did a full format on the PC, could it still somehow survive?
Not on the disk, which is why I think it must have still been memory resident and was subsequently able to infect another disk.
--
moto
-
Aah.. The dreadful saddam virus... I remember that many, many years ago, when i was using an Amiga 500, it managed to infect some of my disks too. just for your information, Amigas with KickStart 2 or greater are immune to this and to some other viruses.
-
Would using Kickstart >= 2.x inhibit the activity of the virus even on an already infected disk? Is this immunity intentional, or is it just the by-product of other changes?
--
moto
-
Would using Kickstart >= 2.x inhibit the activity of the virus even on an already infected disk?
Yes.
Is this immunity intentional, or is it just the by-product of other changes?
A "by-product". The carrier of the virus, disk-validator, was moved to the ROM.
-
Saddam was quite nasty, as it was able to force itself to load automagically when the floppy was inserted to the system (it replaced the disk-validator and then corrupted the disk intentionally, forcing the disk-validator to be load the instant the disk was inserted).
I have no proof of this, but I believe one motivation of moving the disk-validator inside the ROM was to plug this loophole. Naturally there were other reasons aswell, mostly the fact that you really shouldn't try to load the validator from the corrupt disk itself (rather bad design).
-
Saddam --?! Schwarzkopf, Schwarzkopf come out whereever you are... :)
-
That was fun! :crazy: But I believe my disks are clean now (well, had to recreate them). Thankfully my original WB disks were ok. I'm being much more careful now.
Back to learning....