28 October 2021, 09:32 | #1 |
Registered User
Join Date: Mar 2017
Location: Tacoma, WA USA
Posts: 94
|
WHDLoad viruses found with VirusZ III 1.04B Latest
A few days ago I figured out how to update my virusZ to the latest files. I had been putting off the long scan of my games/demos drive, but finally did. It identified viruses on these 3 files.
StarRay/Disk.1 ChaseHQ2/Disk.2 CardinalOfTheKremlin/data/l/Disk-Validator These were extracted from .lha files in the WHDLOAD game repository that I downloaded directly via a PC, not an amiga, then copied the files over to the amiga. My question is are these "false positives" or something to be concerned about? Can someone please confirm whether these are infected, and/or who to contact about this? To me, computer viruses are pretty serious stuff, so I don't want to just delete these and ignore it... |
28 October 2021, 09:56 | #2 |
Registered User
Join Date: Mar 2021
Location: Avellino, Italy
Posts: 170
|
While technically they could be, if run through Whdload they should be harmless because it's a virtual environment and if you have a mmu it's even safer. Don't run that Disk-Validator from your workbench tho. Also wait for a definitive answer from more skilled people to be sure.
|
28 October 2021, 12:28 | #3 |
Registered User
Join Date: Oct 2009
Location: Germany
Posts: 3,303
|
Disk-Validator can be deleted. If the install needs it just copy a clean Disk-Validator over it.
|
28 October 2021, 12:41 | #4 | |
CaptainM68K-SPS France
|
Quote:
you need to ensure that the original disk image is clean. Use ADF workshop for that, it will show you the viruses. |
|
28 October 2021, 14:09 | #5 |
Lemon Curry ?
Join Date: Sep 2004
Location: Denmark
Age: 49
Posts: 4,079
|
These have already been cleaned in the pre-installed set on Turran FTP.
All except StarRay, that's a false positive. Code:
Bootblock specification: - Autoboot - OFS Original File System - Bootblock CRC32 : $E86B058D - Identification with ABR v1 engine : <Virus> SCA Virus - Identification with ABR v2 engine : <Virus> SCA Virus - Identification with AWP v1 engine : Unknown bootblock! - Identification with AWP v2 engine : <False virus warning> Bootloader - StarRay (Logotron) |
28 October 2021, 14:11 | #6 |
Registered User
Join Date: Mar 2017
Location: Tacoma, WA USA
Posts: 94
|
That's why I posted this! If these are legit viruses, then the source in the repository are infected!
|
28 October 2021, 15:12 | #7 |
Registered User
Join Date: Mar 2013
Location: In the Hills
Posts: 377
|
i'm only now getting back into playing amiga with real hardware.
just how much damage can viruses cause on an amiga. viruses can be a nightmare for modern pc's but i don;t know anything about amiga viruses. |
28 October 2021, 19:39 | #8 | ||
Moderator
Join Date: Nov 2004
Location: Eksjö / Sweden
Posts: 5,602
|
Quote:
Quote:
Viruses are always about trusted sources, nothing else. Aminet is checked and yet probably has quite a few viruses in some lesser known packages. Most of the packages for general use though have been tested and true. Aminet is trusted. Amiga websites with clearly a lot of dedication and work behind them are trusted. E.g. WHDLoad. WHDLoad and similar are trusted. Emu websites with lots of mixed platforms, torrent sites, The Zone etc will likely fare much worse than WHDLoad. (Only two viruses is extremely impressive!) Unknown eBay disks, garage/retro disk sales etc, "from the car trunk" goods are the most likely source of viruses. Most are floppy viruses, and they're made to spread from floppy to floppy only. This means you're safe just by write-protecting disks, not running unknown files from the floppy, or turning off your Amiga when you've tested unknown disks and need to write enable floppies again. But there are exceptions, and that's why VirusX, VirusZ etc. To go from floppy to harddisk, normally they must stay in memory. Again, turning off your Amiga after testing unknown disks is the solution. After that, there's very few viruses left. Amiga is lucky in a way like Mac and Linux; it's not targeted like PC and smartphones. You must also be a very experienced Amiga dev to write one that doesn't Guru and make it fail. And most of the new stuff goes through checks before reaching users. I think Amiga users are very safe from getting any virus these days. Granted, I'm not one to add every tool I find on Aminet to my tricked-out Workbench build, rather I'm quite conservative for performance reasons, but if it's any comfort I've used my Amigas since 2005, first on the same Zip disk and then on the same CF card as system disk, and not once have I been infected. I had no antivirus software installed. Pretty safe. But I think the thing that tells most of Amiga being safe from viruses is the utter lack of "I got infected!" threads on EAB since the start around 2000. If there was even a very low chance of virus danger, we would get several virus threads per week. Last edited by Photon; 28 October 2021 at 19:44. |
||
28 October 2021, 20:09 | #9 |
Registered User
Join Date: Mar 2013
Location: In the Hills
Posts: 377
|
that is kinda reassuring.
judging by what Lisko said "if run through Whdload they should be harmless because it's a virtual environment" then there would be no negative affects if running these WHDloadinstalls which have not been virus cleaned? ChaseHQ2/Disk.2 CardinalOfTheKremlin/data/l/Disk-Validator i got my cfcard with a ton of games already pre installed so i don't really know what versions i have. if these WHDload installs are safe to run regardless then i will not bother figuring out how to test these two games for viruses. |
28 October 2021, 22:06 | #10 | |
Moderator
Join Date: Nov 2004
Location: Eksjö / Sweden
Posts: 5,602
|
Quote:
As mentioned by Lisko you have to actually go into the WHDLoad disk image and actually run that version on the disk image to make anything bad happen. Could happen to WHDLoad testers I guess but not users realistically. That would fall under garage sale/eBay - if not for the fact the seller probably got them from the safe sites. So I deem WHDLoad packs from anywhere (if not ancient at least) a safe source. Garage sale/eBay = you know, boxes of floppy disks. Doesn't mean you couldn't backup your preinstalled CF card just once so you don't have to buy it again, it's quick nowadays (emu+.HDF+reading tutorials) and also wards against write errors and unwanted updates/changes. But that's more under saving time/frustration than viruses. |
|
28 October 2021, 23:08 | #11 |
Registered User
Join Date: Mar 2013
Location: In the Hills
Posts: 377
|
yeah i intend to to purchase some cfcards to make backups.
i wont say any names but i got the card from someone well trusted and respected when it comes to all things amiga. unless any of the whdload installs are out of date which that person could do nothing about after the fact i'm sure they are all good. |
29 October 2021, 01:36 | #12 |
Registered User
Join Date: Jan 2019
Location: Finland
Posts: 634
|
Just wanted to reiterate that Retroplay's WHDLoad installs stash is clean and up-to-date.
WHDownLoad.com on other hand hasn't been updated since 2019, and contains aforementioned viruses. |
29 October 2021, 03:00 | #13 |
Registered User
Join Date: Mar 2013
Location: In the Hills
Posts: 377
|
yeah i can see myself replacing some installs over time with some of retroplay's stash.
there is a lot to learn and i will have to figure out how to verify the WHDload versions i have are latest versions etc and what needs updating. |
29 October 2021, 04:43 | #14 |
Registered User
Join Date: Mar 2017
Location: Tacoma, WA USA
Posts: 94
|
I'm new to the actual process of converting game disks over to WHDLoad usable types of files, so if I'm completely misunderstanding, you are free to correct me... If a disk header is infected with a virus, don't you need some kind of program that knows exactly how to remove that specific virus from that specific disk header file? How do you "FIX" disks with headers that are infected with a virus?
I suppose another way of handling this is a way to either recreate the header file, or a collection of all possible disk header files? Last edited by ahandyman59; 29 October 2021 at 04:45. Reason: Typos and another insight... |
29 October 2021, 16:34 | #15 |
Super Member
Join Date: Sep 2014
Location: Wakefield
Age: 48
Posts: 1,333
|
I got similar results with a scan and also Megademo2 by Northstar apparently has a Northstar 2 virus.This sounds like a false positive to me on this one due to the names being the same.
|
14 November 2021, 09:38 | #16 |
Registered User
Join Date: Jun 2020
Location: Copenhagen, Denmark
Posts: 23
|
You can send the files and bootblocks to me, and I will have a look at them.
E-mail: amigavirus@vht-dk.dk |
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
Thread Tools | |
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
VirusZ III 1.04ß by Georg Wittmann released | Jan-VHT | News | 21 | 14 April 2023 15:42 |
VirusZ III are looking for these files | Jan-VHT | News | 0 | 01 October 2021 17:37 |
VirusZ III Bootblocks Update | AMIGASYSTEM | News | 1 | 18 October 2020 22:59 |
VirusZ III | LAJ | New to Emulation or Amiga scene | 4 | 23 December 2004 14:48 |
Crashing with VirusZ III | Enverex | support.WinUAE | 26 | 25 April 2004 18:53 |
|
|