!VKiller/Docs/IconDoc

Home » Archimedes archive » Micro User » MU 1991-09.adf » !VKiller/Docs/IconDoc

This website contains an archive of files for the Acorn Electron, BBC Micro, Acorn Archimedes, Commodore 16 and Commodore 64 computers, which Dominic Ford has rescued from his private collection of floppy disks and cassettes.

Some of these files were originally commercial releases in the 1980s and 1990s, but they are now widely available online. I assume that copyright over them is no longer being asserted. If you own the copyright and would like files to be removed, please contact me.

Tape/disk:	Home » Archimedes archive » Micro User » MU 1991-09.adf
Filename:	!VKiller/Docs/IconDoc
Read OK:	✔
File size:	0656 bytes
Load address:	FFFFFF43
Exec address:	2B534E40

Duplicates

There are 7 duplicate copies of this file in the archive:

Archimedes archive » Micro User » MU 1991-11.adf » !VKiller/Docs/IconDoc
Archimedes archive » Micro User » MU 1992-01.adf » !VKiller/Docs/IconDoc
Archimedes archive » Micro User » MU 1992-02.adf » !VKiller/Docs/IconDoc
Archimedes archive » Micro User » MU 1991-12.adf » !VKiller/Docs/IconDoc
Archimedes archive » Micro User » MU 1991-09.adf » !VKiller/Docs/IconDoc
Archimedes archive » Micro User » MU 1991-10.adf » !VKiller/Docs/IconDoc
Archimedes archive » Micro User » MU 1992-04.adf » !VKiller/Docs/IconDoc
Archimedes archive » Micro User » MU 1992-03.adf » !VKiller/Docs/IconDoc

This is very detailed (although stopping short of a listing of course)
description of the Icon Virus. It is strongly recommended reading, if only to
give you a better understanding of how this virus operates.

Icon Viruses technical information
----------------------------------

There are two 'strains' of the Icon Virus, so I will call them Icon1 and Icon2.

Icon1 is a 5574-byte BASIC program called "Icon", although it is filetyped as
a Sprite. It initialises as a Wimp task called " " and then duplicates itself
when an application is run, unless that application resides on the same disc
as the previous duplication. It occasionally displays a random (silly) Wimp
error on startup.

Icon2 is a modified version of Icon1 and has the modifier's name in it
(R.A. Smith). It is missing the random Wimp error messages on startup, but
otherwise behaves identically to Icon1.

Note that neither virus actually hits an "OS_Exit" or END statement, although
they can call Wimp_CloseDown if a Quit message is received. VKiller shuts both
down by actually modifying the installed task's loop code (using a tricky
Wimp_TransferBlock call) and forces a proper shutdown with the correct task
handle.

Both viruses attach (by now standard) lines to the !Boot file (a Wimpslot call
and then a BASIC -quit run of the virus task), with no attempt to check for
multiple infections of the !Boot file.

Icon Virus Innoculation
-----------------------

Innoculation is not possible. VKiller can cope with all three of the "usual"
problems: !Boot infection, virus code (filename "Icon") infection and
virus code execution (Wimp task " ").

00000000  54 68 69 73 20 69 73 20  76 65 72 79 20 64 65 74  |This is very det|
00000010  61 69 6c 65 64 20 28 61  6c 74 68 6f 75 67 68 20  |ailed (although |
00000020  73 74 6f 70 70 69 6e 67  20 73 68 6f 72 74 20 6f  |stopping short o|
00000030  66 20 61 20 6c 69 73 74  69 6e 67 20 6f 66 20 63  |f a listing of c|
00000040  6f 75 72 73 65 29 0a 64  65 73 63 72 69 70 74 69  |ourse).descripti|
00000050  6f 6e 20 6f 66 20 74 68  65 20 49 63 6f 6e 20 56  |on of the Icon V|
00000060  69 72 75 73 2e 20 49 74  20 69 73 20 73 74 72 6f  |irus. It is stro|
00000070  6e 67 6c 79 20 72 65 63  6f 6d 6d 65 6e 64 65 64  |ngly recommended|
00000080  20 72 65 61 64 69 6e 67  2c 20 69 66 20 6f 6e 6c  | reading, if onl|
00000090  79 20 74 6f 0a 67 69 76  65 20 79 6f 75 20 61 20  |y to.give you a |
000000a0  62 65 74 74 65 72 20 75  6e 64 65 72 73 74 61 6e  |better understan|
000000b0  64 69 6e 67 20 6f 66 20  68 6f 77 20 74 68 69 73  |ding of how this|
000000c0  20 76 69 72 75 73 20 6f  70 65 72 61 74 65 73 2e  | virus operates.|
000000d0  0a 0a 49 63 6f 6e 20 56  69 72 75 73 65 73 20 74  |..Icon Viruses t|
000000e0  65 63 68 6e 69 63 61 6c  20 69 6e 66 6f 72 6d 61  |echnical informa|
000000f0  74 69 6f 6e 0a 2d 2d 2d  2d 2d 2d 2d 2d 2d 2d 2d  |tion.-----------|
00000100  2d 2d 2d 2d 2d 2d 2d 2d  2d 2d 2d 2d 2d 2d 2d 2d  |----------------|
00000110  2d 2d 2d 2d 2d 2d 2d 0a  0a 54 68 65 72 65 20 61  |-------..There a|
00000120  72 65 20 74 77 6f 20 27  73 74 72 61 69 6e 73 27  |re two 'strains'|
00000130  20 6f 66 20 74 68 65 20  49 63 6f 6e 20 56 69 72  | of the Icon Vir|
00000140  75 73 2c 20 73 6f 20 49  20 77 69 6c 6c 20 63 61  |us, so I will ca|
00000150  6c 6c 20 74 68 65 6d 20  49 63 6f 6e 31 20 61 6e  |ll them Icon1 an|
00000160  64 20 49 63 6f 6e 32 2e  0a 0a 49 63 6f 6e 31 20  |d Icon2...Icon1 |
00000170  69 73 20 61 20 35 35 37  34 2d 62 79 74 65 20 42  |is a 5574-byte B|
00000180  41 53 49 43 20 70 72 6f  67 72 61 6d 20 63 61 6c  |ASIC program cal|
00000190  6c 65 64 20 22 49 63 6f  6e 22 2c 20 61 6c 74 68  |led "Icon", alth|
000001a0  6f 75 67 68 20 69 74 20  69 73 20 66 69 6c 65 74  |ough it is filet|
000001b0  79 70 65 64 20 61 73 0a  61 20 53 70 72 69 74 65  |yped as.a Sprite|
000001c0  2e 20 49 74 20 69 6e 69  74 69 61 6c 69 73 65 73  |. It initialises|
000001d0  20 61 73 20 61 20 57 69  6d 70 20 74 61 73 6b 20  | as a Wimp task |
000001e0  63 61 6c 6c 65 64 20 22  20 22 20 61 6e 64 20 74  |called " " and t|
000001f0  68 65 6e 20 64 75 70 6c  69 63 61 74 65 73 20 69  |hen duplicates i|
00000200  74 73 65 6c 66 0a 77 68  65 6e 20 61 6e 20 61 70  |tself.when an ap|
00000210  70 6c 69 63 61 74 69 6f  6e 20 69 73 20 72 75 6e  |plication is run|
00000220  2c 20 75 6e 6c 65 73 73  20 74 68 61 74 20 61 70  |, unless that ap|
00000230  70 6c 69 63 61 74 69 6f  6e 20 72 65 73 69 64 65  |plication reside|
00000240  73 20 6f 6e 20 74 68 65  20 73 61 6d 65 20 64 69  |s on the same di|
00000250  73 63 0a 61 73 20 74 68  65 20 70 72 65 76 69 6f  |sc.as the previo|
00000260  75 73 20 64 75 70 6c 69  63 61 74 69 6f 6e 2e 20  |us duplication. |
00000270  49 74 20 6f 63 63 61 73  69 6f 6e 61 6c 6c 79 20  |It occasionally |
00000280  64 69 73 70 6c 61 79 73  20 61 20 72 61 6e 64 6f  |displays a rando|
00000290  6d 20 28 73 69 6c 6c 79  29 20 57 69 6d 70 0a 65  |m (silly) Wimp.e|
000002a0  72 72 6f 72 20 6f 6e 20  73 74 61 72 74 75 70 2e  |rror on startup.|
000002b0  0a 0a 49 63 6f 6e 32 20  69 73 20 61 20 6d 6f 64  |..Icon2 is a mod|
000002c0  69 66 69 65 64 20 76 65  72 73 69 6f 6e 20 6f 66  |ified version of|
000002d0  20 49 63 6f 6e 31 20 61  6e 64 20 68 61 73 20 74  | Icon1 and has t|
000002e0  68 65 20 6d 6f 64 69 66  69 65 72 27 73 20 6e 61  |he modifier's na|
000002f0  6d 65 20 69 6e 20 69 74  0a 28 52 2e 41 2e 20 53  |me in it.(R.A. S|
00000300  6d 69 74 68 29 2e 20 49  74 20 69 73 20 6d 69 73  |mith). It is mis|
00000310  73 69 6e 67 20 74 68 65  20 72 61 6e 64 6f 6d 20  |sing the random |
00000320  57 69 6d 70 20 65 72 72  6f 72 20 6d 65 73 73 61  |Wimp error messa|
00000330  67 65 73 20 6f 6e 20 73  74 61 72 74 75 70 2c 20  |ges on startup, |
00000340  62 75 74 0a 6f 74 68 65  72 77 69 73 65 20 62 65  |but.otherwise be|
00000350  68 61 76 65 73 20 69 64  65 6e 74 69 63 61 6c 6c  |haves identicall|
00000360  79 20 74 6f 20 49 63 6f  6e 31 2e 0a 0a 4e 6f 74  |y to Icon1...Not|
00000370  65 20 74 68 61 74 20 6e  65 69 74 68 65 72 20 76  |e that neither v|
00000380  69 72 75 73 20 61 63 74  75 61 6c 6c 79 20 68 69  |irus actually hi|
00000390  74 73 20 61 6e 20 22 4f  53 5f 45 78 69 74 22 20  |ts an "OS_Exit" |
000003a0  6f 72 20 45 4e 44 20 73  74 61 74 65 6d 65 6e 74  |or END statement|
000003b0  2c 20 61 6c 74 68 6f 75  67 68 0a 74 68 65 79 20  |, although.they |
000003c0  63 61 6e 20 63 61 6c 6c  20 57 69 6d 70 5f 43 6c  |can call Wimp_Cl|
000003d0  6f 73 65 44 6f 77 6e 20  69 66 20 61 20 51 75 69  |oseDown if a Qui|
000003e0  74 20 6d 65 73 73 61 67  65 20 69 73 20 72 65 63  |t message is rec|
000003f0  65 69 76 65 64 2e 20 56  4b 69 6c 6c 65 72 20 73  |eived. VKiller s|
00000400  68 75 74 73 20 62 6f 74  68 0a 64 6f 77 6e 20 62  |huts both.down b|
00000410  79 20 61 63 74 75 61 6c  6c 79 20 6d 6f 64 69 66  |y actually modif|
00000420  79 69 6e 67 20 74 68 65  20 69 6e 73 74 61 6c 6c  |ying the install|
00000430  65 64 20 74 61 73 6b 27  73 20 6c 6f 6f 70 20 63  |ed task's loop c|
00000440  6f 64 65 20 28 75 73 69  6e 67 20 61 20 74 72 69  |ode (using a tri|
00000450  63 6b 79 0a 57 69 6d 70  5f 54 72 61 6e 73 66 65  |cky.Wimp_Transfe|
00000460  72 42 6c 6f 63 6b 20 63  61 6c 6c 29 20 61 6e 64  |rBlock call) and|
00000470  20 66 6f 72 63 65 73 20  61 20 70 72 6f 70 65 72  | forces a proper|
00000480  20 73 68 75 74 64 6f 77  6e 20 77 69 74 68 20 74  | shutdown with t|
00000490  68 65 20 63 6f 72 72 65  63 74 20 74 61 73 6b 0a  |he correct task.|
000004a0  68 61 6e 64 6c 65 2e 0a  0a 42 6f 74 68 20 76 69  |handle...Both vi|
000004b0  72 75 73 65 73 20 61 74  74 61 63 68 20 28 62 79  |ruses attach (by|
000004c0  20 6e 6f 77 20 73 74 61  6e 64 61 72 64 29 20 6c  | now standard) l|
000004d0  69 6e 65 73 20 74 6f 20  74 68 65 20 21 42 6f 6f  |ines to the !Boo|
000004e0  74 20 66 69 6c 65 20 28  61 20 57 69 6d 70 73 6c  |t file (a Wimpsl|
000004f0  6f 74 20 63 61 6c 6c 0a  61 6e 64 20 74 68 65 6e  |ot call.and then|
00000500  20 61 20 42 41 53 49 43  20 2d 71 75 69 74 20 72  | a BASIC -quit r|
00000510  75 6e 20 6f 66 20 74 68  65 20 76 69 72 75 73 20  |un of the virus |
00000520  74 61 73 6b 29 2c 20 77  69 74 68 20 6e 6f 20 61  |task), with no a|
00000530  74 74 65 6d 70 74 20 74  6f 20 63 68 65 63 6b 20  |ttempt to check |
00000540  66 6f 72 0a 6d 75 6c 74  69 70 6c 65 20 69 6e 66  |for.multiple inf|
00000550  65 63 74 69 6f 6e 73 20  6f 66 20 74 68 65 20 21  |ections of the !|
00000560  42 6f 6f 74 20 66 69 6c  65 2e 0a 0a 49 63 6f 6e  |Boot file...Icon|
00000570  20 56 69 72 75 73 20 49  6e 6e 6f 63 75 6c 61 74  | Virus Innoculat|
00000580  69 6f 6e 0a 2d 2d 2d 2d  2d 2d 2d 2d 2d 2d 2d 2d  |ion.------------|
00000590  2d 2d 2d 2d 2d 2d 2d 2d  2d 2d 2d 0a 0a 49 6e 6e  |-----------..Inn|
000005a0  6f 63 75 6c 61 74 69 6f  6e 20 69 73 20 6e 6f 74  |oculation is not|
000005b0  20 70 6f 73 73 69 62 6c  65 2e 20 56 4b 69 6c 6c  | possible. VKill|
000005c0  65 72 20 63 61 6e 20 63  6f 70 65 20 77 69 74 68  |er can cope with|
000005d0  20 61 6c 6c 20 74 68 72  65 65 20 6f 66 20 74 68  | all three of th|
000005e0  65 20 22 75 73 75 61 6c  22 0a 70 72 6f 62 6c 65  |e "usual".proble|
000005f0  6d 73 3a 20 21 42 6f 6f  74 20 69 6e 66 65 63 74  |ms: !Boot infect|
00000600  69 6f 6e 2c 20 76 69 72  75 73 20 63 6f 64 65 20  |ion, virus code |
00000610  28 66 69 6c 65 6e 61 6d  65 20 22 49 63 6f 6e 22  |(filename "Icon"|
00000620  29 20 69 6e 66 65 63 74  69 6f 6e 20 61 6e 64 0a  |) infection and.|
00000630  76 69 72 75 73 20 63 6f  64 65 20 65 78 65 63 75  |virus code execu|
00000640  74 69 6f 6e 20 28 57 69  6d 70 20 74 61 73 6b 20  |tion (Wimp task |
00000650  22 20 22 29 2e 0a                                 |" ")..|
00000656

Our privacy policy is here.
Last updated: 01 May 2025, 21:49 UTC
Website designed by .