!VKiller/Docs/VigayDoc

Home » Archimedes archive » Micro User » MU 1991-08.adf » !VKiller/Docs/VigayDoc

This website contains an archive of files for the Acorn Electron, BBC Micro, Acorn Archimedes, Commodore 16 and Commodore 64 computers, which Dominic Ford has rescued from his private collection of floppy disks and cassettes.

Some of these files were originally commercial releases in the 1980s and 1990s, but they are now widely available online. I assume that copyright over them is no longer being asserted. If you own the copyright and would like files to be removed, please contact me.

Tape/disk:	Home » Archimedes archive » Micro User » MU 1991-08.adf
Filename:	!VKiller/Docs/VigayDoc
Read OK:	✔
File size:	06E6 bytes
Load address:	FFFFFF43
Exec address:	6D3961D7

Duplicates

There is 1 duplicate copy of this file in the archive:

Archimedes archive » Micro User » MU 1991-08.adf » !VKiller/Docs/VigayDoc
Archimedes archive » Micro User » MU 1991-07.adf » !VKiller/Docs/VigayDoc

This is very detailed (although stopping short of a listing of course)
description of the Vigay Virus. It is strongly recommended reading, if only to
give you a better understanding of how the virus operates.

Vigay Virus technical information
---------------------------------

This is a 2311-byte BASIC program called "datadqm" with an associated 97-byte
!Boot file. The REMs at the start of the program are as follows:

REM (C)1989 PAUL VIGAY
REM
REM A nasty little Archie Virus !!
REM ... or is something up with your monitor ???
REM
REM version 1.1a (24th October 1989)

Hence you now know why it's called the "Vigay Virus" - the author's name
appears as a comment at the start !

When first run, it initialises as a Wimp task called "TaskManager" and then
waits for either:

1) a chance of (500 * hours left of a Thursday) to 1 to crop up to spark off
   a silly "wobble" demo (wobbles the screen and mouse pointer). Yes, this demo
   only appears on a Thursday and more frequently as the day wears on.

or:

2) a file/directory double-click, in which case it attempts to replicate itself
   to the first application directory at that level that doesn't already have
   either an !Boot or a datadqm file.

There is no infection count maintained across replications. Because it installs
itself as a BASIC Wimp task, it cannot be easily detected by VKiller if it is
present PRIOR to VKiller being run. Please see the "!ReadMe" on how to minimise
this problem. If the Vigay Virus installs itself as a Wimp task AFTER VKiller
has been run, then VKiller sends a Message_Quit Wimp message to shut it down.

Vigay Virus Innoculation
------------------------

Innoculation can be achieved by creating a new !Boot in the same manner
as the Extend Virus is innoculated.

00000000  54 68 69 73 20 69 73 20  76 65 72 79 20 64 65 74  |This is very det|
00000010  61 69 6c 65 64 20 28 61  6c 74 68 6f 75 67 68 20  |ailed (although |
00000020  73 74 6f 70 70 69 6e 67  20 73 68 6f 72 74 20 6f  |stopping short o|
00000030  66 20 61 20 6c 69 73 74  69 6e 67 20 6f 66 20 63  |f a listing of c|
00000040  6f 75 72 73 65 29 0a 64  65 73 63 72 69 70 74 69  |ourse).descripti|
00000050  6f 6e 20 6f 66 20 74 68  65 20 56 69 67 61 79 20  |on of the Vigay |
00000060  56 69 72 75 73 2e 20 49  74 20 69 73 20 73 74 72  |Virus. It is str|
00000070  6f 6e 67 6c 79 20 72 65  63 6f 6d 6d 65 6e 64 65  |ongly recommende|
00000080  64 20 72 65 61 64 69 6e  67 2c 20 69 66 20 6f 6e  |d reading, if on|
00000090  6c 79 20 74 6f 0a 67 69  76 65 20 79 6f 75 20 61  |ly to.give you a|
000000a0  20 62 65 74 74 65 72 20  75 6e 64 65 72 73 74 61  | better understa|
000000b0  6e 64 69 6e 67 20 6f 66  20 68 6f 77 20 74 68 65  |nding of how the|
000000c0  20 76 69 72 75 73 20 6f  70 65 72 61 74 65 73 2e  | virus operates.|
000000d0  0a 0a 56 69 67 61 79 20  56 69 72 75 73 20 74 65  |..Vigay Virus te|
000000e0  63 68 6e 69 63 61 6c 20  69 6e 66 6f 72 6d 61 74  |chnical informat|
000000f0  69 6f 6e 0a 2d 2d 2d 2d  2d 2d 2d 2d 2d 2d 2d 2d  |ion.------------|
00000100  2d 2d 2d 2d 2d 2d 2d 2d  2d 2d 2d 2d 2d 2d 2d 2d  |----------------|
00000110  2d 2d 2d 2d 2d 0a 0a 54  68 69 73 20 69 73 20 61  |-----..This is a|
00000120  20 32 33 31 31 2d 62 79  74 65 20 42 41 53 49 43  | 2311-byte BASIC|
00000130  20 70 72 6f 67 72 61 6d  20 63 61 6c 6c 65 64 20  | program called |
00000140  22 64 61 74 61 64 71 6d  22 20 77 69 74 68 20 61  |"datadqm" with a|
00000150  6e 20 61 73 73 6f 63 69  61 74 65 64 20 39 37 2d  |n associated 97-|
00000160  62 79 74 65 0a 21 42 6f  6f 74 20 66 69 6c 65 2e  |byte.!Boot file.|
00000170  20 54 68 65 20 52 45 4d  73 20 61 74 20 74 68 65  | The REMs at the|
00000180  20 73 74 61 72 74 20 6f  66 20 74 68 65 20 70 72  | start of the pr|
00000190  6f 67 72 61 6d 20 61 72  65 20 61 73 20 66 6f 6c  |ogram are as fol|
000001a0  6c 6f 77 73 3a 0a 0a 52  45 4d 20 28 43 29 31 39  |lows:..REM (C)19|
000001b0  38 39 20 50 41 55 4c 20  56 49 47 41 59 0a 52 45  |89 PAUL VIGAY.RE|
000001c0  4d 0a 52 45 4d 20 41 20  6e 61 73 74 79 20 6c 69  |M.REM A nasty li|
000001d0  74 74 6c 65 20 41 72 63  68 69 65 20 56 69 72 75  |ttle Archie Viru|
000001e0  73 20 21 21 0a 52 45 4d  20 2e 2e 2e 20 6f 72 20  |s !!.REM ... or |
000001f0  69 73 20 73 6f 6d 65 74  68 69 6e 67 20 75 70 20  |is something up |
00000200  77 69 74 68 20 79 6f 75  72 20 6d 6f 6e 69 74 6f  |with your monito|
00000210  72 20 3f 3f 3f 0a 52 45  4d 0a 52 45 4d 20 76 65  |r ???.REM.REM ve|
00000220  72 73 69 6f 6e 20 31 2e  31 61 20 28 32 34 74 68  |rsion 1.1a (24th|
00000230  20 4f 63 74 6f 62 65 72  20 31 39 38 39 29 0a 0a  | October 1989)..|
00000240  48 65 6e 63 65 20 79 6f  75 20 6e 6f 77 20 6b 6e  |Hence you now kn|
00000250  6f 77 20 77 68 79 20 69  74 27 73 20 63 61 6c 6c  |ow why it's call|
00000260  65 64 20 74 68 65 20 22  56 69 67 61 79 20 56 69  |ed the "Vigay Vi|
00000270  72 75 73 22 20 2d 20 74  68 65 20 61 75 74 68 6f  |rus" - the autho|
00000280  72 27 73 20 6e 61 6d 65  0a 61 70 70 65 61 72 73  |r's name.appears|
00000290  20 61 73 20 61 20 63 6f  6d 6d 65 6e 74 20 61 74  | as a comment at|
000002a0  20 74 68 65 20 73 74 61  72 74 20 21 0a 0a 57 68  | the start !..Wh|
000002b0  65 6e 20 66 69 72 73 74  20 72 75 6e 2c 20 69 74  |en first run, it|
000002c0  20 69 6e 69 74 69 61 6c  69 73 65 73 20 61 73 20  | initialises as |
000002d0  61 20 57 69 6d 70 20 74  61 73 6b 20 63 61 6c 6c  |a Wimp task call|
000002e0  65 64 20 22 54 61 73 6b  4d 61 6e 61 67 65 72 22  |ed "TaskManager"|
000002f0  20 61 6e 64 20 74 68 65  6e 0a 77 61 69 74 73 20  | and then.waits |
00000300  66 6f 72 20 65 69 74 68  65 72 3a 0a 0a 31 29 20  |for either:..1) |
00000310  61 20 63 68 61 6e 63 65  20 6f 66 20 28 35 30 30  |a chance of (500|
00000320  20 2a 20 68 6f 75 72 73  20 6c 65 66 74 20 6f 66  | * hours left of|
00000330  20 61 20 54 68 75 72 73  64 61 79 29 20 74 6f 20  | a Thursday) to |
00000340  31 20 74 6f 20 63 72 6f  70 20 75 70 20 74 6f 20  |1 to crop up to |
00000350  73 70 61 72 6b 20 6f 66  66 0a 20 20 20 61 20 73  |spark off.   a s|
00000360  69 6c 6c 79 20 22 77 6f  62 62 6c 65 22 20 64 65  |illy "wobble" de|
00000370  6d 6f 20 28 77 6f 62 62  6c 65 73 20 74 68 65 20  |mo (wobbles the |
00000380  73 63 72 65 65 6e 20 61  6e 64 20 6d 6f 75 73 65  |screen and mouse|
00000390  20 70 6f 69 6e 74 65 72  29 2e 20 59 65 73 2c 20  | pointer). Yes, |
000003a0  74 68 69 73 20 64 65 6d  6f 0a 20 20 20 6f 6e 6c  |this demo.   onl|
000003b0  79 20 61 70 70 65 61 72  73 20 6f 6e 20 61 20 54  |y appears on a T|
000003c0  68 75 72 73 64 61 79 20  61 6e 64 20 6d 6f 72 65  |hursday and more|
000003d0  20 66 72 65 71 75 65 6e  74 6c 79 20 61 73 20 74  | frequently as t|
000003e0  68 65 20 64 61 79 20 77  65 61 72 73 20 6f 6e 2e  |he day wears on.|
000003f0  0a 0a 6f 72 3a 0a 0a 32  29 20 61 20 66 69 6c 65  |..or:..2) a file|
00000400  2f 64 69 72 65 63 74 6f  72 79 20 64 6f 75 62 6c  |/directory doubl|
00000410  65 2d 63 6c 69 63 6b 2c  20 69 6e 20 77 68 69 63  |e-click, in whic|
00000420  68 20 63 61 73 65 20 69  74 20 61 74 74 65 6d 70  |h case it attemp|
00000430  74 73 20 74 6f 20 72 65  70 6c 69 63 61 74 65 20  |ts to replicate |
00000440  69 74 73 65 6c 66 0a 20  20 20 74 6f 20 74 68 65  |itself.   to the|
00000450  20 66 69 72 73 74 20 61  70 70 6c 69 63 61 74 69  | first applicati|
00000460  6f 6e 20 64 69 72 65 63  74 6f 72 79 20 61 74 20  |on directory at |
00000470  74 68 61 74 20 6c 65 76  65 6c 20 74 68 61 74 20  |that level that |
00000480  64 6f 65 73 6e 27 74 20  61 6c 72 65 61 64 79 20  |doesn't already |
00000490  68 61 76 65 0a 20 20 20  65 69 74 68 65 72 20 61  |have.   either a|
000004a0  6e 20 21 42 6f 6f 74 20  6f 72 20 61 20 64 61 74  |n !Boot or a dat|
000004b0  61 64 71 6d 20 66 69 6c  65 2e 0a 0a 54 68 65 72  |adqm file...Ther|
000004c0  65 20 69 73 20 6e 6f 20  69 6e 66 65 63 74 69 6f  |e is no infectio|
000004d0  6e 20 63 6f 75 6e 74 20  6d 61 69 6e 74 61 69 6e  |n count maintain|
000004e0  65 64 20 61 63 72 6f 73  73 20 72 65 70 6c 69 63  |ed across replic|
000004f0  61 74 69 6f 6e 73 2e 20  42 65 63 61 75 73 65 20  |ations. Because |
00000500  69 74 20 69 6e 73 74 61  6c 6c 73 0a 69 74 73 65  |it installs.itse|
00000510  6c 66 20 61 73 20 61 20  42 41 53 49 43 20 57 69  |lf as a BASIC Wi|
00000520  6d 70 20 74 61 73 6b 2c  20 69 74 20 63 61 6e 6e  |mp task, it cann|
00000530  6f 74 20 62 65 20 65 61  73 69 6c 79 20 64 65 74  |ot be easily det|
00000540  65 63 74 65 64 20 62 79  20 56 4b 69 6c 6c 65 72  |ected by VKiller|
00000550  20 69 66 20 69 74 20 69  73 0a 70 72 65 73 65 6e  | if it is.presen|
00000560  74 20 50 52 49 4f 52 20  74 6f 20 56 4b 69 6c 6c  |t PRIOR to VKill|
00000570  65 72 20 62 65 69 6e 67  20 72 75 6e 2e 20 50 6c  |er being run. Pl|
00000580  65 61 73 65 20 73 65 65  20 74 68 65 20 22 21 52  |ease see the "!R|
00000590  65 61 64 4d 65 22 20 6f  6e 20 68 6f 77 20 74 6f  |eadMe" on how to|
000005a0  20 6d 69 6e 69 6d 69 73  65 0a 74 68 69 73 20 70  | minimise.this p|
000005b0  72 6f 62 6c 65 6d 2e 20  49 66 20 74 68 65 20 56  |roblem. If the V|
000005c0  69 67 61 79 20 56 69 72  75 73 20 69 6e 73 74 61  |igay Virus insta|
000005d0  6c 6c 73 20 69 74 73 65  6c 66 20 61 73 20 61 20  |lls itself as a |
000005e0  57 69 6d 70 20 74 61 73  6b 20 41 46 54 45 52 20  |Wimp task AFTER |
000005f0  56 4b 69 6c 6c 65 72 0a  68 61 73 20 62 65 65 6e  |VKiller.has been|
00000600  20 72 75 6e 2c 20 74 68  65 6e 20 56 4b 69 6c 6c  | run, then VKill|
00000610  65 72 20 73 65 6e 64 73  20 61 20 4d 65 73 73 61  |er sends a Messa|
00000620  67 65 5f 51 75 69 74 20  57 69 6d 70 20 6d 65 73  |ge_Quit Wimp mes|
00000630  73 61 67 65 20 74 6f 20  73 68 75 74 20 69 74 20  |sage to shut it |
00000640  64 6f 77 6e 2e 0a 0a 56  69 67 61 79 20 56 69 72  |down...Vigay Vir|
00000650  75 73 20 49 6e 6e 6f 63  75 6c 61 74 69 6f 6e 0a  |us Innoculation.|
00000660  2d 2d 2d 2d 2d 2d 2d 2d  2d 2d 2d 2d 2d 2d 2d 2d  |----------------|
00000670  2d 2d 2d 2d 2d 2d 2d 2d  0a 0a 49 6e 6e 6f 63 75  |--------..Innocu|
00000680  6c 61 74 69 6f 6e 20 63  61 6e 20 62 65 20 61 63  |lation can be ac|
00000690  68 69 65 76 65 64 20 62  79 20 63 72 65 61 74 69  |hieved by creati|
000006a0  6e 67 20 61 20 6e 65 77  20 21 42 6f 6f 74 20 69  |ng a new !Boot i|
000006b0  6e 20 74 68 65 20 73 61  6d 65 20 6d 61 6e 6e 65  |n the same manne|
000006c0  72 0a 61 73 20 74 68 65  20 45 78 74 65 6e 64 20  |r.as the Extend |
000006d0  56 69 72 75 73 20 69 73  20 69 6e 6e 6f 63 75 6c  |Virus is innocul|
000006e0  61 74 65 64 2e 0a                                 |ated..|
000006e6

Our privacy policy is here.
Last updated: 01 May 2025, 21:49 UTC
Website designed by .