My Computer Infected by a virus. Lets disscuss about making Anti-Virus here .:mad:

I have studying about DMA and BootSector. The function I have Got will be used to Repair the MBR. Win9x is real weak.

My Question:
1. Can I disscuss Making AntiVirus here?
2. Is Resident program handle Visible?
3. How to Report the user something was changed on our HardDisk?

Okay guys, I have to made my own AV first. This virus called Fake2. Its an exe, it brought a File called restore 1~7. Im still reverse engineering it to obtain its signature.
Just delete this thread was not match.
Posted on 2003-04-13 20:03:20 by realvampire
That kinda is a good question. Bet the crappy DMCA wont even let you reverse-engineer viruses to protect against them. Take that Norton!! :grin:

It is a fine line I think. If you give too much info, you might end up teaching some people how to make a virus. This board is not here to teach people to make virii.
Posted on 2003-04-13 20:55:11 by ThoughtCriminal
As a programmer you yourself should be able to watch out for all files that you execute. If it isn't from a trusted site(such as a major company, or etc.) then you should be very cautious when downloading.

I myself always reverse through any file i get that isn't from a trusted source(i even check things my so called friends send me as they without knowledge may be passing something on to me). As i tell many people on other forums and now i shall pass it on to you. Dont depend on any software to protect yourself. YOU are the antivirus and by NOT running these files and/or looking thru them first(since as you've stated above you CAN reverse(that is you have the knowledge to)) you'll be safe.:alright:
Posted on 2003-04-13 23:13:01 by Guy on ASM

That kinda is a good question. Bet the crappy DMCA wont even let you reverse-engineer viruses to protect against them. Take that Norton!! :grin:

It is a fine line I think. If you give too much info, you might end up teaching some people how to make a virus. This board is not here to teach people to make virii.


if you encrypt this virus with even the lamest possible xor then yes you can sue people for breaking your virus under the DMCA :p
Posted on 2003-04-14 05:00:36 by Hiroshimator
Poor northon,
I'll made my encrypted virus immediately :grin: .
BTW: what is DCMA ?
Posted on 2003-04-14 06:06:03 by realvampire

I'll made my encrypted virus immediately


So,you are a virii coder? Wait for the penguin to cancel your membership. :)
Posted on 2003-04-14 09:38:13 by Vortex
Be careful about such statements realvampire, germans don't know about humour nor satire ^_^
Posted on 2003-04-14 09:53:33 by f0dder


BTW: what is DCMA ?


you have to switch places of the C and the M and you'll get:

Digital Millennium Copyright Act
Posted on 2003-04-14 09:54:19 by Guy on ASM

Be careful about such statements realvampire, germans don't know about humour nor satire ^_^


Thats why Bazik ....., :grin:
Posted on 2003-04-14 10:25:46 by realvampire



So,you are a virii coder? Wait for the penguin to cancel your membership. :)



Im just kidding, Dont you see my first thread? Im The Victim.
Dont Cancel my Membership. :grin:
Posted on 2003-04-14 10:37:14 by realvampire
Check this. It will be the first module for backup-ing Sector 1 and 2 at the Disskette.



BacaSekTor proc uses edi Num:dword,lpHrp:dword

mov dx,01f7h
mov al,20h ;read with retry
out dx,al ;Port 0x01f7

mov edi,lpHrp
mov eax,Num

mov dx,1f3h
out dx,eax ;Port 0x01f3

add edx,3
xor eax,eax
mov al,0ah
out dx,al
sub edx,3

dec edx
xor eax,eax
inc eax
out dx,al ; Port 0x01f2

mov ecx,256
dec edx
dec edx ; Port now at 0x01f0

rep insb ;Repeat reading. EDI and Port address are
; Adjusting by automatically.


ret
BacaSekTor endp


Is there any mistake at that code. Im not too understand how to use port 0x1f6, Im affraid I made a mistake. :explosion:
Posted on 2003-04-17 03:32:14 by realvampire

That kinda is a good question. Bet the crappy DMCA wont even let you reverse-engineer viruses to protect against them. Take that Norton!! :grin:

It is a fine line I think. If you give too much info, you might end up teaching some people how to make a virus. This board is not here to teach people to make virii.



If someone wants to write a virus thay don't even need to
know how to do it anymore there are kits on the net that
let some morons do little more than pick the damage
and how to spread from a menu and the kit builds a virus
for them
pluse any half assed piss poor assembly lanuage programmer
could with veary little thinking write a virus
IMHO the more people who know how to fight vriuses the
better
now that I'm done with my rant

have a nice day
Posted on 2003-04-28 00:55:09 by rob.rice
realvampire,

You live in Indonesia so you are not directly covered by the DMCA that is in force in the US but in terms of this forum's policy on viral coding, as long as you are acting to repair your own computer from the damage caused by a virus there should be no problems with the rules that are in force here.

I recently had to repair one of my machines that was infected with OPASERV as I made the mistake of dropping my firewall for a short time and it got into my machine and while I chased it down in detail to find out what had happened, I eventually overwrote the entire drive with a ghost image just to make sure there was nothing left.

Any repair will involve either deleting damage or overwriting it with correct data and this is nothing more than any AV cleaner does so as long as you stay with repair and not creation of viral code, there should be nothing wrong with your posting.

Regards,

hutch@movsd.com
Posted on 2003-04-28 01:33:52 by hutch--

Any repair will involve either deleting damage or overwriting it with correct data and this is nothing more than any AV cleaner does

The nice AV scanners can, for many viral types, use knowledge of the virus to remove it from the infected file - without having to delete or restore from backup. They'd never be able to do this if they hadn't been RE'ing virii. I wouldn't be running a system that has been disinfected this way, as executables don't always return 100% to their original state, but it's nice for getting the system into a "emergency overview" state.

Not that I've had a virus for ages.
Posted on 2003-04-28 01:45:36 by f0dder
I have some knowledge about virus, but not Boot sector virus. I want to know how to backup Bootsector HDD and FDD, immediately. BTW: It have been repaired, it took a Day repairing it.
Posted on 2003-04-28 07:30:37 by realvampire

I have some knowledge about virus, but not Boot sector virus. I want to know how to backup Bootsector HDD and FDD, immediately. BTW: It have been repaired, it took a Day repairing it.


most likely you know this already BUT just in case there is someone
who dosen't know this one I'll post it any way
a boot sector can be fixed with fdisk ( I have never tryed this on a floppy)

" fdisk \MBR "
Posted on 2003-04-28 18:45:03 by rob.rice
FDISK? is it already installed on my system?:confused:
Posted on 2003-04-28 19:09:23 by realvampire