amiga-news ENGLISH VERSION
.
Links| Forum| Kommentare| News melden
.
Chat| Umfragen| Newsticker| Archiv
.

[Login] [Registrieren] [Passwort vergessen?]

< Nächste MeldungVorige Meldung >
26.Okt.2001
Jan Andersen (ML)


 Virus Help Denmark: xvs.library V33.36
Die Bibliothek zum Scannen von Viren 'xvs.library', die jetzt von Jan Erik Olausen und Georg Hoermann gepflegt wird, wurde auf Version 33.36 aktualisiert. Diese Library kann zusammen mit VirusExecutor, VirusChecker II oder VirusZ benutzt werden. Lesen Sie im Anschluss die Original-Meldung:

A new update of the "xvs.library" has been released today. This is a major update, and you should download the update right away, just read about the changes.

And what must be one of the best news is the Antivirus scene in 2001, the 'man' him self is back on the Amiga scene. Georg Hoermann the org. programmer of VirusZ III and xvs.library is BACK. Georg Hoermann and Jan Erik Olausen will work together with the update of xvs.library in the future

Info about the new update of xvs.library:

Name: xvs.library v33.36
Achive name: xvslibrary.lha
Archive size: 82.452 byte
Release date: 25 October 2001
Programmer: Jan Erik Olausen & Georg Hoermann

News for v33.36:
  • After several years on a journey the sourcecodes finally came back home;-) Yes, it's me (Georg Hörmann) again, still alive and kicking virus asses... Thanks must go to Alex van Niel and Jan Erik Olausen for keeping the project alive! This update was done by me alone, but in the future, Jan Erik and I will keep the library up-to-date together.
  • Rearranged and enhanced the security stuff inside the library for 100% detection of any (illegal) function patches. Programs like 'ZeebsVS' will no longer work with this version. Thanks must go to Zeeball for his demonstration of security gaps in the older versions.
  • Added support for 'IOZ (512 Bytes)' linkvirus. Thanks go to Zeeball for sending it.
  • Added support for 'Rexxfunc' trojan. Thanks must go to Zeeball and Jan Andersen for sending it.
  • Totally redesigned the scanner for virus tasks/processes. The new code scans all tasks/processes for every known virus in just one step and can even handle several running copies of one virus correctly (thanks Zeeball for the hint).
  • Checked ALL the stuff that has been added in my absence since xvs.library 33.18. See below for what I have changed/fixed. Thanks must go to Jan Andersen, Jan Erik Olausen and Zeeball for sending me the missing viruses and lots of other stuff. Special thanks to Zeeball for the ZeebsVS sourcecodes!
  • Fixed file recognition for 'Bastard Installer 1'.
  • Renamed 'Miami 4.0 Fake Installer' to 'MUI 4.0 Fake Installer', because that's what it really is.
  • Renamed 'CCCP Clone' bootvirus to 'Anal Rapes' (its real name), fixed its memory recognition and added it to linkvirus brain.
  • Removed recognition for 'Doubledensity' bootblock, this is just an intro boot.
  • Fixed longword access to odd address in 'Jode Capullos 2' file recognition. This caused crashes on 68000 systems.
  • Fixed memory removal code for 'Zakahackandpatch' and 'Zakapior'. The processes of these viruses might stay in memory up to one minute after they have been detected, that's not a bug, but their own call to Delay() that we have to wait for.
  • Fixed recognition for 'Hitch-Hiker 5.00 Installers' and added the plain version created by xfdmaster.library 39.13.
  • Renamed 'MadRoger Short' to 'NoName (248 Bytes)' to follow the guidelines of VTC Hamburg (idea by Jan Andersen).
  • Renamed '212 Bytes Link' linkvirus to 'NoName (212 Bytes)' and fixed its memory removal code.
  • Renamed 'Explode Trojan' linkvirus to 'Port 9876' and removed the repair code, we can use 'Fungus' code instead.
  • Renamed 'Explode Trigger' filevirus to 'Port 9876 Trigger'.
  • Renamed 'Port 4097 Installer' to 'Port 4097' and added memory removal code for the trojan's process. The process will stay in memory for a while without doing any harm, see explanation at 'Zaka...' above.
  • Fixed 'Hitch-Hiker 5.00' memory removal code. The process gets killed immediately, the patched stack addresses will disappear one by one after a while without doing harm.
  • Fixed memory and file recognition and the repair code for 'Motaba 3' linkvirus. Now it restores the correct library jumps and can repair even files that have been damaged by the virus (bad branch offsets!).
  • Fixed memory and file recognition and the repair code for 'Bastard' linkvirus. Now restores all patched functions (inside asl.library and VirusCheckerII) and repairs even big files with bad branch offsets.
  • File recognition for 'Bastard Installer 2' will now only detect the plain, uncrunched virus as xfdmaster.library unpacks this file correctly.
  • Fixed brain entry of 'Port 2421' linkvirus (wrong virus length) and added memory recognition. Moved 'Port 2421 Installer' from linkvirus to filevirus brain as it cannot reproduce itself.
  • Fixed 'Smeg 2a' and 'Smeg 2b' memory removal code. The processes get killed immediately and the patched stack addresses disappear one by one after a while without doing harm.
  • Fixed repair code for 'Penetrator 2001' linkvirus to handle both ways of infection and added memory removal code (removes the task and 2 of 3 processes, the other one usually should already have been run out or crashed because of bad coding!).
  • Fixed memory recognition for 'Bobek 2' linkvirus and tuned the file recognition/repair code. Thanks to Jan Erik Olausen for his bug report about the beta-release of this code.
TO DO:
  • Add some code to close TCP ports opened by several trojans.
  • Add Neurotic Death 1-5 linkviruses. These are highly polymorphic, but crash on my system if I try to infect some test files. I have received several infected files already from other persons and will try to find some solution for these viruses in the near future.
  • Try to get and add GlobVec linkvirus. The only one who has it is Heiner Schneegold (author of VT-Schutz) and VTC Hamburg, but Heiner doesn't give his permission to the VTC to send me the virus :(
Authors:
Currently we are developing xvs.library together, so for bug reports, other comments, new ideas etc. it's enough if you choose one of the following addresses:

Georg Hörmann, Martinswinkelstr. 16c, 82467 Garmisch-Partenkirchen, Germany
email: ghoermann@gmx.de or ghoermann@epost.de

Jan Erik Olausen, Rødsveien 5, N-1671 Kråkerøy, Norway
email: virusexecutor@c2i.net

Download shortcut: http://home4.inet.tele.dk/vht-dk/amiga/xvs/xvs.htm

Remember if you use VirusZ, VirusChecker, Safe and VirusExecutor you must update the xvs.library to have recog for the latest viruses.....
(ps)

[Meldung: 26. Okt. 2001, 14:26] [Kommentare: 7 - 27. Okt. 2001, 17:12]
[Per E-Mail versenden]  [Druck-Version]  [ASCII-Version]
< Nächste MeldungVorige Meldung >

.
Impressum | Datenschutzerklärung | Netiquette | Werbung | Kontakt
Copyright © 1998-2025 by amiga-news.de - alle Rechte vorbehalten.
.