PATRIOT v.10 - ANTI-SADDAM DEFENCE SYSTEM. Written in assembly language using ASMone, by Milan Polle in 1991. HISTORY. -------- It was a few weeks ago,when I was working on another project that suddenly all kinds of virus-killers started warning me that there was some kind of virus running around the system. Normally this is not so big a problem, simply clear it from memory, install the bootblock and voila, gone it is. But not with this one. After 'killing' it, it simply came back. And the bootblock was perfectly healthy. A few days later I was really starting to get bugged by this invisible virus, I checked my disk with every possible virus killer but none of them recognised it. VirusX thought it was the 'Australian Parasite', which was very unlikely because that is a very old virus. While checking the directories of my disks I suddenly noticed L-directories with disk-validators in them popping up on my data-disks. Aha!, that was it, that had to be the virus. I simply had to type out the disk-validator and compare that with the normal one, if they where different: WHAM! kill it!. But this was more difficult than I expected; every time I inserted an infected disk into the drive the virus became active. And then I discovered something else, the treated disks suddenly suffered read errors. OH NO!, most of the work on my data disks was unreadable now, especially the ones I had worked on the last. Now I got really angry and decided to put the virus-validator into my assembler, I discovered that it was coded, so I decoded it. Now I found out this rotten little virus was very 'humouresly' called the SADDAM VIRUS. Then I fed it to Resource, made it readable and printed it out. At school I found out that many people found that there precious work (we work with amigas) was demolished by this Saddam-virus. I desided to make a killer for this virus, since there wasn't any yet. Making the killer I discovered that it uses the vertical-blank interrupt to bash its vectors into the system all the time. And also that it codes blocks on your disk marking them with the word 'IRAK'. But this virus is also capable of formatting (!) blocks or the whol disk! The first killer I made was a one disk version in three parts: A memory killer, which removed saddam from memory, A disk-scanner, which killed the virus-validators and a disk-fixer which decoded the IRAK-blocks. This killer worked, but it wasn't very handy. When you thought there was a saddam-virus on your disk you had to startup the killer-disk and do every step yourself. So now I have made a better version called Patriot, with lots of improvements. HOW TO USE PATRIOT. ------------------- You can start Patriot from either the workbench or from the CLI (to put it in your startup-sequence). To start it from the workbench simply double-click its icon. To start it from the CLI or from your startup-sequence enter the string: Runback Patriot/Patriot or Run >nil: Patriot/Patriot in your CLI window or just before the command Endcli in your startup-sequence. To edit your startup-sequence enter 'Ed s/startup-sequence' in your CLI window, change the text and press ESCAPE and then enter 'X'. Now patriot will start automatically when you start up that disk. To copy Patriot simply drag its drawer into the window of the disk that you want to have it on. When you have started Patriot, a small window will appear at the top of your screen. It immediatly starts checking your memory and all the disks in the drive for the saddam virus and will alert you if saddam was found. It will also test every disk you insert from now on keeping you posted on what is going on by changing its window title: 'No validator on disk' Means this is probably a data disk which doesn't need a validator. 'No virus on disk' Means there is no saddam virus in your validator. 'Error reading validator' Means your disk has a read error, or it isn't a DOS disk. 'Error deleting validator' Means your disk has a write error, or it is write protected and the virus is still on the disk. Just remove the write protect and insert the disk again. 'No disk in drive!' Means you removed the disk before Patriot could kill the virus. Just reinsert the disk. 'Disk is write protected!' Remove the write protect and reinsert the disk. When a saddam-validator is found on your disk, you will get a requester asking if you want to kill the validator. If you like viruses, you may select 'ignore' to let it live. But if you select kill, patriot will kill the validator and the l-directory if possible. Before killing, Patriot will validate your disk. This is necessary because the saddam-validator doesn't keep a record of which blocks are used and which not, causing DOS to write over existing files. After that it will kill the validator, letting you know if the operation was succesful. If the disk was a self starting disk you will have to replace the disk-validator with a normal one (e.g. the one from your workbench disk). If you are using a manager like dos-manager or CLI-mate the replacing operation will be straightforward, but if you are using the CLI you have to type in this: ------------------------------------------------- (2 drives, started up from workbench in drive 0) 1> Makedir df1:l (if the l directory was deleted) 1> Copy l/Disk-validator to df1:l/ ------------------------------------------------- (1 drive) 1> Copy c/copy to ram: 1> Copy c/makedir to ram: (if l-dir was deleted) 1> path ram: 1> Copy l/Disk-validator to ram: Put the disk on which the validator must go in the drive and enter: 1> makedir df0:l (If l-dir was deleted) 1> Copy ram:Disk-validator to df0:l/ (Time to buy that second drive!) ------------------------------------------------- B.T.W.: Patriot had an option to replace the validator with a good one, but it didn't seem to work. MENU OPTIONS. ------------- After killing a saddam you may get some read errors as mentioned before. If you get read errors select REPAIR DISK from Patriot's menu, selecting the desired drive from the submenu. Patriot will explode its window and start checking the disk for IRAK blocks. This scanning will take a while. During it Partriot will inform you if any IRAK blocks have been found and if so, whether they have been repaired or if the disk was write protected. It will also inform you if any read errors where encountered, showing the standard DOS read error messages. If Patriot is reading block 880 (the root block) it will test the bitmap pointer and check whether the disk is validated. It will say 'Root fixed' when the bitmap pointer has been repaired. The reason the repair option is seperately selectable is that some disks may have IRAK blocks on them while there is no saddam-virus in their validator, and also because you sometimes don't have the time to scan the disk. As a matter of precaution the disk is put to the 'BUSY' state while scanning and validating, and the memory will be checked on every disk operation. Therefore it will be perfectly safe to insert a disk into a drive while reparing a disk in another drive. Patriot will remember you inserting the disk and will check it after finishing the repair. Other menu options are ABOUT to help you remember what this program is doing on your screen. And QUIT to remove Patriot from the screen (you can also press the window's close button). To still keep checking for other viruses, Patriot will happily co-operate with programs like VirusX. COMPLAINTS AND SUGGESTIONS. --------------------------- Patriot really should work well because I tested it over and over again, contaminating disks and repairing them, removing bugs, making improvements etc. By now it should really be called Patriot v2.0! Well, I hope you find this program useful, but... If you find bugs, have a great idea for an enhancement or want to tell me what you think of this program write to: Milan Polle Lavendelhof 44 3434 XT Nieuwegein HOLLAND