Author Topic: The Ebola Link Virus (Read 2221 times)

paul1981 · « **on:** July 01, 2012, 07:02:12 PM »

Just a bit of advise to all Amiga users out there...

On my A600 I noticed things were sometimes crashing when before I had no crashes. Even trying to run the "Format" program to format a disk wouldn't work (came up with a recoverable software failure). And then in other cases, programs would work but then crash on exit (recoverable software failure).
I noticed something odd...in my '.deldir' on my PFS partition ('.recycled' if you run SFS) there were things in there which shouldn't be in there...things that I had not deleted... So there'd be my C command Assign in the .deldir, and another one in my C drawer (also a bit larger file size).
It confused me for a day or two, but eventually I installed VirusZ. It immediately found and removed the Ebola virus from memory....It then found around 40 infected files, mostly C commands, and also some Libs and handlers in L:. Clock, Format, some Commodities etc which it then continued to repair all files successfully. The virus made some other programs crash, despite those programs being uninfected. It even re-infected some XAD libs whilst doing the check if I remember correctly, so I had to run the check a few times to make sure the Virus had been totally killed.

I traced the source of the virus to something I downloaded last year from "Zeb's Amiga Downloads" website. It was Magic Workbench. I have a fully registered MagicWB disk, but I was setting up the harddrive in my A600 via WinUAE so it should have been easier this way. I then ran the Virus check on my WinUAE AmigaSYS 4 (what I had used to set up my A600 hard drive) and it found even more cases of the Ebola virus. Now I know why HDInst tools and HDtoolbox were crashing etc.

Fortunately, my main Amiga (1200) remained virus-free, despite all the stuff I have downloaded for it from similar sites over the years. Basically, everything I download now gets checked from within Voodoo-X (it uses the xvs.library) before I actually unarchive it to RAM or my hard drive. I've been lucky up to yet, but only just. If people have instability issues with their Amiga, the first thing I would advise now is to run a Virus scan.

I hope one day the xvs.library will be updated as it's now 8 years out of date. There's every possibility that new viruses are around right now, undetected by the out of date xvs.library. I seem to remember reading about a recent virus that attacks Emulated Amiga's (real Amiga's are safe!). So make sure you remain safe....virus check your adf's and your lha's etc before giving them residence on your system.

vox · « **Reply #1 on:** July 01, 2012, 08:35:54 PM »

Quote from: paul1981;698580

Just a bit of advise to all Amiga users out there...

On my A600 I noticed things were sometimes crashing when before I had no crashes. Even trying to run the "Format" program to format a disk wouldn't work (came up with a recoverable software failure). And then in other cases, programs would work but then crash on exit (recoverable software failure).
I noticed something odd...in my '.deldir' on my PFS partition ('.recycled' if you run SFS) there were things in there which shouldn't be in there...things that I had not deleted... So there'd be my C command Assign in the .deldir, and another one in my C drawer (also a bit larger file size).
It confused me for a day or two, but eventually I installed VirusZ. It immediately found and removed the Ebola virus from memory....It then found around 40 infected files, mostly C commands, and also some Libs and handlers in L:. Clock, Format, some Commodities etc which it then continued to repair all files successfully. The virus made some other programs crash, despite those programs being uninfected. It even re-infected some XAD libs whilst doing the check if I remember correctly, so I had to run the check a few times to make sure the Virus had been totally killed.

I traced the source of the virus to something I downloaded last year from "Zeb's Amiga Downloads" website. It was Magic Workbench. I have a fully registered MagicWB disk, but I was setting up the harddrive in my A600 via WinUAE so it should have been easier this way. I then ran the Virus check on my WinUAE AmigaSYS 4 (what I had used to set up my A600 hard drive) and it found even more cases of the Ebola virus. Now I know why HDInst tools and HDtoolbox were crashing etc.

Fortunately, my main Amiga (1200) remained virus-free, despite all the stuff I have downloaded for it from similar sites over the years. Basically, everything I download now gets checked from within Voodoo-X (it uses the xvs.library) before I actually unarchive it to RAM or my hard drive. I've been lucky up to yet, but only just. If people have instability issues with their Amiga, the first thing I would advise now is to run a Virus scan.

I hope one day the xvs.library will be updated as it's now 8 years out of date. There's every possibility that new viruses are around right now, undetected by the out of date xvs.library. I seem to remember reading about a recent virus that attacks Emulated Amiga's (real Amiga's are safe!). So make sure you remain safe....virus check your adf's and your lha's etc before giving them residence on your system.

Interesting experience, I throught that XVS.library covers almost everything out there on Classics. Sadly, its no longer maintained and under OS4,MOS and AROS it has no purpose.

k4lmp · « **Reply #2 on:** July 01, 2012, 09:45:13 PM »

Thanks for the heads up. I recently installed MagicWB from the same site, and will be checking my A2000. Many thanks.

Jeff

Piru · « **Reply #3 on:** July 01, 2012, 10:06:10 PM »

Quote from: vox;698596

XVS.library... under OS4,MOS and AROS it has no purpose.

Not quite true. At least MorphOS is compatible enough for link viruses to function just fine, and I early on made sure that xvs.library was fixed to function correctly under MorphOS.

Of course the scope of the potential 68k virus infection is quite limited, but at least you can run VirusZ and xvs.library under MorphOS.. which is nice if you're scanning amiga archives for viruses.

vox · « **Reply #4 on:** July 01, 2012, 10:43:00 PM »

Quote from: Piru;698611

Not quite true. At least MorphOS is compatible enough for link viruses to function just fine, and I early on made sure that xvs.library was fixed to function correctly under MorphOS.

Of course the scope of the potential 68k virus infection is quite limited, but at least you can run VirusZ and xvs.library under MorphOS.. which is nice if you're scanning amiga archives for viruses.

OK but how they can infect MOS?

I wasn`t speaking of MOS 68k compatibility, but of need for the library. Surely, you could copy library and run VirusZ on OS4 also.

Piru · « **Reply #5 on:** July 02, 2012, 01:56:50 AM »

Quote from: vox;698619

OK but how they can infect MOS?

Um, execute the infected binary?

Quote

I wasn`t speaking of MOS 68k compatibility, but of need for the library.

Well not many other packages allow scanning for amiga viruses on other platforms so I can see use for it.

Quote

Surely, you could copy library and run VirusZ on OS4 also.

Assuming the library and VirusZ works under OS4. xvs.library has some extreme measures to verify the integrity of the library itself. It isn't taken that it works under OS4. Maybe it does.

What I know is that xvs.library does work under MorphOS, along with VirusZ.

Author Topic: The Ebola Link Virus (Read 2221 times)

paul1981

The Ebola Link Virus

vox

Re: The Ebola Link Virus

k4lmp

Re: The Ebola Link Virus

Piru

Re: The Ebola Link Virus

vox

Re: The Ebola Link Virus

Piru

Re: The Ebola Link Virus