Release site for Xvs.library made by Georg Wittmann - Virus Help Team

VIRUS HELP TEAM
Amiga Antivirus Website



xvs.library History
Copyright © 2002-2025 by Georg Wittmann

============================================================================
==            xvs.library - The eXternal Virus Scanner Library            ==
============================================================================
==           Copyright © 1997-1999/2001-2025 by Georg Wittmann            ==
==                 Copyright © 1999-2001 by Alex van Niel                 ==
==                  Copyright © 2001 by Jan Erik Olausen                  ==
============================================================================

TO DO:
------
- Add full support for 'Neurotic Death' linkviruses (6 versions). These are
  highly polymorphic and very hard to recognize in files. Currently only the
  original installer files are recognized, and active viruses will be killed
  in memory.
- Add full support for 'LOBO Hardcore' linkvirus, unfortunately another very
  polymorphic little beast. Currently it will only be killed in memory.
- Try to get the old 'GlobVec144' linkvirus. The only ones who ever had a
  copy are Heiner Schneegold (VT-Schutz) and Sönke Freitag (VTC Hamburg),
  but Sönke couldn't find it anymore and Heiner Schneegold didn't give it
  to me :-(

============================================================================

   xvs.library 33.48 (size: 67.328 bytes)
	- Fixed recognition of 'Disk-Doktors' and 'Suicide Machine' boot
	  viruses to avoid false alarms with harmless bootblocks. The new
	  pattern for 'Disk-Doktors' recognizes all clones too, therefore
	  removed entries 'Disk Doktors BJH', 'Disk Doktors NoFast' and
	  'Magic Ultra'. Thanks to Jan Andersen of VHT-DK for the sample
	  bootblocks.
	- Added 'Mosh 3.0' bootvirus. Thanks to Crashdisk for sending it.
	- Added 'Silicon Penetration' bootvirus (actually just a malicious
	  bootblock formatting the disk). Thanks again to Crashdisk for
	  sending that stuff.
	- Fixed recognition of 'Xeno' linkviruses to find modified copies
	  too. Thanks again to Crashdisk for the report and an example file.
	- Fixed recognition of 'Traveling Jack' linkvirus, the shortest
	  strain hasn't been detected correctly. Thanks once again to
	  Crashdisk for the example file.
	- Removed 'Adam Brierley' from the bootvirus brain. This bootblock
	  actually is just some kind of boot-loader and harmless. Thanks to
	  Jan Andersen for the report.
	- Fixed recognition of 'VKill' bootvirus to detect damaged copies
	  too that will crash, but at least install parts in memory. Thanks
	  again to Jan Andersen for the example bootblock.
	- Added 'Disk-Doktors 2' bootvirus. This is a fixed version of the
	  original virus that works with all Kickstart releases. Thanks to
	  Crashdisk again for the sample.
	- Fixed recognition of 'XCopy2' bootvirus to detect modified copies
	  too. Actually this isn't a real virus as it cannot spread, but it
	  modifies pointers and though can be harmful for other programs.
	  Thanks to Crashdisk once again for sending the sample.
	- Added 'Nemesis' bootvirus. This one I got from Crashdisk too.
	- Added 'Warhawk 1 Aniga' bootvirus, another Warhawk clone found by
	  Crashdisk. 

   xvs.library 33.47 (size: 67.024 bytes)
	- Added 'Jackal 2021' bootvirus and its installer (as filevirus).
	  Thanks to Crashdisk for sending the infected archive.
	- Added at least some code to remove an active 'LOBO Hardcore' link-
	  virus from memory. File recognition and repair code is still to
	  come.

   xvs.library 33.46 (size: 66.876 bytes)
	- Fixed recognition for 'VCS 2' bootblock virus to detect encrypted
	  and decrypted versions. Thanks to Jan Andersen of VHT-DK for the
	  report.
	- Added more bootblock viruses (mostly strains of known viruses):
	  'Blizzard 1.0 Ultra', 'Copylock', 'Killed Katrin', 'Oral Device',
	  'Supply Team Lazer', 'SystemZ 5.3 Sear', 'Time Bomb 1 Bad Boy',
	  'Australian Parasite VHT', 'Warhawk 1 VHT' and 'By J.H.'.
	  Thanks again to Jan Andersen of VHT-DK for sending them.
	- Renamed bootvirus 'Byte B. 1 Shut Berlin' to only 'Shut Berlin'.
	- Fixed recognition of 'Revenge Bootloader' bootblock virus in order
	  to detect strains too. Added 'Disk Doktors BJH' bootblock virus.
	  Thanks to Crashdisk for sending them.
	- Fixed recognition of 'Rene' bootblock virus to avoid false alarms
	  when scanning for bootblock viruses inside files. Thanks again to
	  Jan Andersen for the example file.
	- Added 'Liquid Acid' linkvirus. This one is quite special as it
	  doesn't change the size of an infected file by simply crunching
	  parts of the original file together with its own code. Thanks once
	  more to Jan Andersen of VHT-DK for the copy.
	- Added 'DiskJerk' filevirus, the uncrunched version of 'Karacic'
	  filevirus, the three malicious scripts of the StellarX demo called
	  'FuZZ Script #x' datavirus and the malicious files from Zine #10
	  disk-magazine called 'Zine10 .fastdir', 'Zine10 c/.fastdir' and
	  'Zine10 Disk-Validator' filevirus.
	  These were again sent by Jan Andersen of VHT-DK too, thanks.
	- Analysed 'BBS.Conftop' files said to be AE backdoors, but didn't
	  find any suspicious code. Analysed 'dmv05.exe' file said to be a
	  COP trojan, but that file is truncated, cannot be executed and
	  hence isn't dangerous at all.
	  -> both files NOT added, although VT 3.17 detects them as virus!

   xvs.library 33.45 (size: 65.508 bytes)
	- Added icon for the installation drawer, fixed old e-mail address
	  inside the installer script and packed archive with updated LhA
	  (no more Y2K11-bug). Thanks to Stefan A. Haubenthal for the hints.
	- Fixed MuForce hit in xvsSurveyMemory() that occurs on AmigaOS 3.2
	  under certain circumstances. Thanks to Gerben van Kesteren for the
	  report and excessive testing.
	- Added bootblock viruses: 'AmigaMan', 'Amor 1.0' (also added to the
	  sector check, modifies rootblock), 'ASS Protector 1.0 NoFast',
	  'BJH', 'Black Knight', 'ByteBandit 1 NoTxt1', 'ByteBand. 1 Lemke',
	  'ByteWarrior (CSP)', 'Chaos Force Five' (a NorthStar strain), a
	  new strain of 'Nasty-Nasty!' (called Corona-Covid19, but we do not
	  use names of real diseases!), 'Revenge BL (Custom)' which is a
	  Revenge Bootloader strain, 'Delta' (CCCP clone, also added as
	  linkvirus), 'Digital Force', 'Disk Doktors NoFast', 'Game Over'
	  (also added to sector check as it spreads over several sectors),
	  'Gandalf's Rache', a strain of 'Glasnost', 'Goodwill', 'Gurke',
	  'Jeremy' and its installer (added to file virus brain),
	  'Lamer Exterminator 1a', 'Lenin Expropriator' (also added to the
	  sector check), 'Magic Plagiator', 'Magic Ultra' (a Disk Doktors
	  strain), 'Nightmare Loader', 'Pong', 'President' (a Megamaster
	  strain that will crash while running), 'Byte B. 1 Shut Berlin',
	  'Sphinx-O-Virus Pro', 'SystemZ 4.2', 'SystemZ 5.0a',
	  'SystemZ 6.2', 'SystemZ 6.3', 'TRG Loader', 'Tyrannovirus Rex'
	  (also added to sector check), '9CA61C00 (TON)' (also added to
	  sector check), 'Virus-Murder 5.3', 'Byte Bandit 1 Wus', 'Zenker'
	  (renamed old 'Zenker' to 'Zenker Ingo'). Thanks to Jan Andersen
	  of VHT-Denmark for sending them to me.
	- Added recognition for sectors 880/881 damaged by 'Zenker Ingo'
	  to xvsCheckSector().
	- Added even more bootblock viruses: 'Byte Bandit 1 NoTxt2',
	  'DeleteSprite0' and 'Gadaffi NoTxt'. Thanks to Jason Smith,
	  CrashDisk and Aldéric for sending them to Jan Andersen of
	  VHT-Denmark.
	- Added some general recognition code for 'ByteBandit' and 'SCA'
	  strains to xvsCheckBootblock() as so many idiots out there just
	  modify parts (mostly texts) of them to create something 'new'.

   xvs.library 33.44 (size: 62.684 bytes)
	- Not a new author, just a new name: After marriage some years ago,
	  my family name is no longer Hörmann, but Wittmann.
	- Added recognition for AROS systems and enhanced recognition for
	  AmigaOS 4.x in library startup code.
	- Again reviewed the complete xvsSurveyMemory() code for possible
	  AmigaOS 4.x, AROS and MorphOS problems and fixed them all, no more
	  accesses to protected memory areas or invalid structures.

   xvs.library 33.43 (only released as beta-version to some testers in 2006)
	- Fixed bug in LIB_Expunge() function that stole a signal from the
	  calling task. Thanks to Harry Sintonen for the report.
	- Added recognition for AmigaOS 4 systems to startup code and fixed
	  (hopefully) all critical stuff in xvsSurveyMemory() that formerly
	  crashed when running on AmigaOne. Thanks to ... for beta-testing.

   xvs.library 33.42 (size: 62.280 bytes)
	- Fixed bug in xvsSurveyMemory() that appeared with MorphOS port of
	  reqtools.library. Thanks to Harry Sintonen for the report.
	- Added "Elvin-Agga" bootblock virus. Thanks to Johnney Greever for
	  sending this stone-old bastard (it seems to be from 1990!).
	- Fixed recognition for "Butonic 1.1" and "Kefrens 2" bootviruses to
	  avoid false detections when scanning for bootblocks in files.
	  Thanks to Thomas Tavoly for the report.

   xvs.library 33.41 (size: 62.076 bytes)
	- Added AmigaE/libraries/xvs.m developer file. Thanks must go to
	  Ronald van Dijk for this contribution.
	- Once again rewritten taskscanner in xvsSurveyMemory() to avoid
	  Disable()s lasting longer than 250µs. Thanks to Christian again
	  for reporting the problems with his FastEthernet card.
	- Fixed bootblock recognition of "GXTeam" bootvirus to avoid false
	  alarms. Thanks to Ronald van Dijk for the example file.
	- Fixed problem in xvsCheckFile() that caused Enforcer hits under
	  certain conditions with damaged executables. Thanks again for the
	  example files to Ronald van Dijk.
	- Added "ASS Protector 1.0" bootvirus clone and its installer and
	  modified recognition for the original virus. Fixed recognition of
	  "Liberator 1.21" filevirus to avoid false alarms. Thanks once more
	  to Ronald van Dijk for the report and example files.

   xvs.library 33.40 (size: 61.912 bytes)
	- Added file recognition for some very old installer programs of the
	  following bootblock viruses: Blizzard, CLI-Manager, SystemZ 5.0
	  and SystemZ 6.4. Thanks to Dirk Stöcker for sending the files.
	- Added special recognition for "Zeeball AV-Testfile" from Zeeball's
	  antivirus test archive.
	- Changed several often-used CacheClearU() calls to CacheClearE()
	  for better performance on JIT 68k emulated systems (file analysis
	  and repair code for polymorphic linkviruses have not been changed,
	  as these only get called if some patterns match first). Thanks to
	  Harry Sintonen for the hint.
	- Fixed bug in xvsCheckFile() that accessed two bytes following the
	  actual file buffer under certain circumstances. Thanks must go to
	  Mikolaj Calusinski for the report and for beta-testing.
	- Did some compatibility fixes for Pegasos/MorphOS systems. Thanks
	  again to Harry Sintonen for the report and for beta-testing.
	- Replaced old installer script with an updated version written once
	  again by Dave 'Targhan' Crawford. Thanks!

   xvs.library 33.39 (size: 61.196 bytes)
	- Added size check to bootblock virus recognition in xvsCheckFile().
	  Any files bigger than 2048 bytes will no longer be tested for
	  bootblock viruses to avoid fake recognitions inside disk-images.
	- Finally fixed the last MuForce hit ($c0.w) in xvsSurveyMemory().
	  Thanks to Sensei again for the report and Zeeball for further
	  suggestions on this topic.
	- Fixed severe bug in 'Illegal Access' recognition code that caused
	  crashes on any files with virus-like hunklengths. Thanks to
	  Zeeball for the report and the example files.
	- Added 'NoName (196 Bytes)' linkvirus and 'XFD Infiltrator' virus.
	  Thanks to Zeeball for sending them.
	- Fixed problems with native MorphOS applications that directly call
	  xvs.library functions. Thanks to Harry Sintonen for the report and
	  for further help.
	- Implemented custom Disable() function that prevents loss of data
	  on the serial port during xvsSurveyMemory() calls. Thanks to
	  Christian of CAPS (www.caps-project.org) for the report and the
	  excessive beta-testing!
	- xvsSurveyMemory() now closes TCP ports opened by several viruses.
	  These currently are: 1666, 2000, 2001, 2227, 2333, 2421, 2551,
	  4097 and 9876. Please note that closing an open port doesn't cause
	  a virus report, it just happens!
	- Once again improved the internal security stuff for less timing
	  problems with sensitive software (serial.device still has trouble
	  with 115200 bps on a MC68030, use 8n1.device instead!).
	- Added 'Neurotic Death' viruses (6 versions) to xvsSurveyMemory()
	  and the installer files to xvsCheckFile().
	- Added new developer files created by Dirk Stöcker. Thanks a lot
	  and sorry that I forgot to add them to the last release.
	- Added installer script written by Dave 'Targhan' Crawford. Thanks
	  a lot for this contribution.

   xvs.library 33.38 (size: 59.040 bytes)
	- Just had to fix two problems with the security code:
	  a. Timing has been improved to avoid interference with some music
	     software. Thanks to Paracels/PCB for the report and testing.
	  b. Expunge of library caused access to deallocated memory in some
	     rare cases. Thanks to Mikolaj Calusinski for the report and
	     the excessive beta-testing ;)
	- Fixed (hopefully all) MuGuardianAngel hits in the SurveyMemory()
	  routine. If anyone detects some more, please send me the logs.
	  Thanks to Thomas Richter for his suggestions about mmu.library,
	  but I finally found an other solution. And thanks to Sensei for
	  reporting all his hits.
	- Improved speed of SurveyMemory() drastically by skipping similar
	  recognition routines in just one step if their common requirements
	  are not available.

   xvs.library 33.37 (size: 58.832 bytes)
	- Once more added some new security features to the library. It will
	  now try to self-defend after alien attacks, only if these efforts
	  fail, the library gets disabled.
	- Added recognition for 2 demo files that I call 'Anti-UAE Trojan'.
	  Their code checks for UAE systems and in case it finds one will
	  delete important files. Thanks to Jan Andersen for sending the
	  demos to me.
	- Added recognition for a MS-DOS strain of 'Bastard Installer'.
	  Thanks to Jan Andersen for the file.
	- Added recognition and repair code for 'Bobek 3' linkvirus.
	  Thanks to Zeeball for sending me an infected file, even though
	  it was accidentally :-)

   xvs.library 33.36 (size: 57.972 bytes)
	- After several years on a journey the sourcecodes finally came
	  back home;-) Yes, it's me (Georg Hörmann) again, still alive
	  and kicking virus asses... Thanks must go to Alex van Niel and
	  Jan Erik Olausen for keeping the project alive!
	  This update was done by me alone, but in the future, Jan Erik
	  and I will keep the library up-to-date together.
	- Rearranged and enhanced the security stuff inside the library
	  for 100% detection of any (illegal) function patches. Programs
	  like 'ZeebsVS' will no longer work with this version. Thanks
	  must go to Zeeball for his demonstration of security gaps in
	  the older versions.
	- Added support for 'IOZ (512 Bytes)' linkvirus. Thanks go to
	  Zeeball for sending it.
	- Added support for 'Rexxfunc' trojan. Thanks must go to Zeeball
	  and Jan Andersen for sending it.
	- Totally redesigned the scanner for virus tasks/processes. The
	  new code scans all tasks/processes for every known virus in just
	  one step and can even handle several running copies of one virus
	  correctly (thanks Zeeball for the hint).
	- Checked ALL the stuff that has been added in my absence since
	  xvs.library 33.18. See below for what I have changed/fixed.
	  Thanks must go to Jan Andersen, Jan Erik Olausen and Zeeball
	  for sending me the missing viruses and lots of other stuff.
	  Special thanks to Zeeball for the ZeebsVS sourcecodes!
	- Fixed file recognition for 'Bastard Installer 1'.
	- Renamed 'Miami 4.0 Fake Installer' to 'MUI 4.0 Fake Installer',
	  because that's what it really is.
	- Renamed 'CCCP Clone' bootvirus to 'Anal Rapes' (its real name),
	  fixed its memory recognition and added it to linkvirus brain.
	- Removed recognition for 'Doubledensity' bootblock, this is just
	  an intro boot.
	- Fixed longword access to odd address in 'Jode Capullos 2' file
	  recognition. This caused crashes on 68000 systems.
	- Fixed memory removal code for 'Zakahackandpatch' and 'Zakapior'.
	  The processes of these viruses might stay in memory up to one
	  minute after they have been detected, that's not a bug, but
	  their own call to Delay() that we have to wait for.
	- Fixed recognition for 'Hitch-Hiker 5.00 Installers' and added
	  the plain version created by xfdmaster.library 39.13.
	- Renamed 'MadRoger Short' to 'NoName (248 Bytes)' to follow the
	  guidelines of VTC Hamburg (idea by Jan Andersen).
	- Renamed '212 Bytes Link' linkvirus to 'NoName (212 Bytes)' and
	  fixed its memory removal code.
	- Renamed 'Explode Trojan' linkvirus to 'Port 9876' and removed
	  the repair code, we can use 'Fungus' code instead.
	- Renamed 'Explode Trigger' filevirus to 'Port 9876 Trigger'.
	- Renamed 'Port 4097 Installer' to 'Port 4097' and added memory
	  removal code for the trojan's process. The process will stay
	  in memory for a while without doing any harm, see explanation
	  at 'Zaka...' above.
	- Fixed 'Hitch-Hiker 5.00' memory removal code. The process gets
	  killed immediately, the patched stack addresses will disappear
	  one by one after a while without doing harm.
	- Fixed memory and file recognition and the repair code for
	  'Motaba 3' linkvirus. Now it restores the correct library jumps
	  and can repair even files that have been damaged by the virus
	  (bad branch offsets!).
	- Fixed memory and file recognition and the repair code for
	  'Bastard' linkvirus. Now restores all patched functions (inside
	  asl.library and VirusCheckerII) and repairs even big files with
	  bad branch offsets.
	- File recognition for 'Bastard Installer 2' will now only detect
	  the plain, uncrunched virus as xfdmaster.library unpacks this
	  file correctly.
	- Fixed brain entry of 'Port 2421' linkvirus (wrong virus length)
	  and added memory recognition. Moved 'Port 2421 Installer' from
	  linkvirus to filevirus brain as it cannot reproduce itself.
	- Fixed 'Smeg 2a' and 'Smeg 2b' memory removal code. The processes
	  get killed immediately and the patched stack addresses disappear
	  one by one after a while without doing harm.
	- Fixed repair code for 'Penetrator 2001' linkvirus to handle both
	  ways of infection and added memory removal code (removes the task
	  and 2 of 3 processes, the other one usually should already have
	  been run out or crashed because of bad coding!).
	- Fixed memory recognition for 'Bobek 2' linkvirus and tuned the
	  file recognition/repair code. Thanks to Jan Erik Olausen for his
	  bug report about the beta-release of this code.

   xvs.library 33.35 (size: 58.512 bytes)
	- Added Bobek 2 Installer 1 datavirus.
	  Thanks to Rafal Mania for sending me this file.

   xvs.library 33.34 (size: 58.424 bytes)
	- Replaced the Hitch-Hiker 5.00 detection/removal code.
	  Thanks to Georg Hörmann for writing a better code ;)
	- Cleaned up some code. Got some tips from Georg.
	  So the library is a bit smaller now...
	- For developers: Added XVSLIST_DATAVIRUSES to xvsCreateVirusList()
	  so that you can view data viruses as well.

   xvs.library 33.33 (size: 59.756 bytes)
	- Fixed 2 bugs in Hitch-Hiker 5.00 removal + improved checking.
	  Thanks to Thomas Klein for reporting the bugs.
	- Removed Sinister Syndicate 1/2 and French from the
	  bootblock recog. They were harmless.
	  Thanks to Dirk Stöcker for telling me.

   xvs.library 33.32 (size: 59.824 bytes)
	- Argh... Fixed major bug in Hitch-Hiker 5.00 removal.
	  The virus was removed, but the file was not fixed.
	  Thanks to Jean Holzammer for reporting this bug.

   xvs.library 33.31 (size: 59.824 bytes)
	- Improved the Hitch-Hiker 5.00 Link virus.
	  Should be able to detect 99.9% of this virus now...
	  Thanks to Jan Andersen and Treveur BRETAUDIERE for the files
	- Fixed bug in recog for Bastard Installer 1 File virus
	- Added recog for 'EICAR STANDARD AV-TEST FILE'
	  This is not a virus, but a testfile that can be found on
	  http://www.eicar.org/anti_virus_test_file.htm
	  The purpose of this test file is to check that your favourite
	  anti virus program really finds it! Deep inside arhcives etc...
	  PS! This is a data file, so you might turn on the
	  'data file checking' in your virus killer.
	  Thanks to Sami Rautiainen for telling me about this file.

   xvs.library 33.30 (size: 58.140 bytes)
	- Added Jode Capullos 2 Trojan file virus
	  Thanks to Fabrizio Bartoloni for the file
	- Renamed MKG to Jode Capullos 1
	- Added Hitch-Hiker 5.00 Installer file virus
	  This is the same for all three link viruses
	- Added Hitch-Hiker 5.00 Link virus
	  Added Hitch-Hiker 5.00a Link virus
	  Added Hitch-Hiker 5.00b Link virus
	  Thanks to Jan Andersen for the HH5 files.

   xvs.library 33.29 (size: 56.928 bytes)
	- Added MKG Trojan File virus
	  Thanks to Golds for the file.
	- xvs.library has changed name...
	  from: The eXternal Virus Support Library
	    to: The eXternal Virus Scanner Library

   xvs.library 33.28 (size: 56.828 bytes)
	- Fixed bug in the memory check routine for Smeg2
	  Thanks to Luca, Harry and Dirk for telling me about this
	  bug. It will not happen again!

   xvs.library 33.27 (size: 56.828 bytes)
	- Added Penetrator 2001 Link virus
	  Thanks to Krzysztof Duda for the files.
	- Added CCCP Clone Bootblock virus
	  Thanx to Mr Yoard for sending me this bootblock
	- Fixed bug in recognition code for DKG-Blum file virus again!
	  Thanks to Urban Mueller for reporting this.
	- Added Smeg2a Installer File virus
	  Thanks to Antonio De Cicco for the file.
	- Added Smeg2a Link virus
	- Added Smeg2b Link virus
	  Thanks to Zeeball for the files.

   xvs.library 33.26 (size: 55.700 bytes)
	- Added Bobek2 Link virus
	  Thanks to Jan Andersen for the files.
	  Thanks to Zeeball for the memory removal routines.
	- Added Expl0de Trojan Link virus
	  Added Expl0de Trigger File virus
	  Thanks to Jan Andersen for the files.
	- Renamed 8x8 Link to Motaba-3

   xvs.library 33.25 (size: 54.168 bytes)
	- Added Zakahackandpatch File virus
	  Thanks to Jan Andersen for the files.
	- Added Bobek! Link virus
	  Thanks to Jan Andersen, Frank and Zeeball for the files.
	- Added Bastard Installer 1 Data virus
	        Bastard Installer 2 File virus
	        Bastard Link virus
	  Thanks Jan Andersen and Zeeball for the files.
	  Thanks to Zeeball for the info on this virus and for the decrypt
	  and memory removal routines.
	- Added 212 Bytes Link virus
	  Thanks to Jan Andersen for the file.
	- Fixed bug in recognition code for DKG-Blum file virus.
	  Thanks to Jan Andersen for reporting this.
	- Added Bobek2 Installer File virus
	  Thanks to Fabrizio Bartoloni for telling me about this file.
	- The library has changed programmer, although Georg does keep all
	  copyrights and remains owner of the sources, I (Jan Erik Olausen)
	  will continue developement. See the README file for my contact
	  address.
	  Thanks to Georg Hörmann and Dirk Stöcker for helping me out with
	  fixing bugs in the source. I couldn't have done this without there
	  help :o)

   xvs.library 33.24 (size: 52.916 bytes)
	- Added 4kIntro Trojan
	  Thanks to Ryben Kozlak and Jan Andersen
	- Added Dkg-Blum Trojan
	  Thanks to Peter Gordon, Urban Mueller and Jan Andersen
	NOTE:
	  This trojan also replaces or adds a file called asi.library.
	  XVS will not (yet) be able to detect this file because as far as
	  I could analyze it, it looked like a normal VideoTracker file.
	  If XVS would have to see this as a virus, more VideoTracker files
	  will be fake detected. If you have problems or want this added
	  anyway let me know.

   xvs.library 33.23 (size: 52.868 bytes)
	- Added Port 4097 Installer (LoadWB) virus
	  Thanks to Zeeball for the files
	  No memory infection found yet, might be added later if one
	  is found.
	- Added Port 4097 Trojan (RexxFifo.Library) virus
	  Thanks to Zeeball for the file
	  No memory infection found yet, might be added later if one
	  is found.
	- Added Port 2421 Installer virus (Jizzer)
	  Thanks to Zeeball for the file
	  No additional memory or file infection found yet, might be added
	  later if one is found.
	- Added Port 2421 Trojan (Mount) virus
	  No additional memory or file infection found yet, might be added
	  later if one is found.
	These viruses create TCP/IP ports in memory. If a file infected with
	one or more of these viruses is found on your system, chances are
	that these ports are open already. For now, you should let the
	xvs.library remove the virus and then reset your Amiga. (Which is
	always a good idea after detecting a virus, but that aside of the
	subject) The ports should then be gone.

   xvs.library 33.22 (size: 52.732 bytes)
	- Added 8x8 Link virus.
	  Thanks to Jan Andersen, Chill and Zeeball for the files.
	  Thanks to Heiner Schneegold for the info on this virus.

   xvs.library 33.21
	- Added YamPPCpatch Trojan. When so called "patched" a file called
	  "cedmacros" is put in your "S:". Aferwards, when you press
	  specific buttons in CED ("a", "q", etc.) some lame text is placed
	  in the text you are editing. Highly annoying. The library
	  recognises the "patch" and it's installer. Thanks to Jan Andersen
	  for supplying it to me. Thanks to Urban Mueller for reporting it
	  to Jan Andersen.
	- Changed position of DoubleDensity bootblock virus in virus list.
	  Wasn't sorted alphabetically properly.
	- Fixed MUI 4.0 (clickforcolors) entry to a smaller entry (too big
	  a name for some virus killers)

   xvs.library 33.20
	- Quickly fixed the naming of the MUI 4.0 fake. I accidentally named
	  it Miami 4.0 for some reason. Thanks for Dirk Stöcker for noticing
	  this.
	- Placed the Amos Joshua trojans at the right place in the list for
	  programs that don't sort the virus list before outputting to the
	  user.

   xvs.library 33.19
	- Added Zakapior trojan virus and it's Dropper, thanks to Jan
	  Andersen for sending them.
	- Added Amos Joshua trojan virus and it's Dropper, thanks to
	  Jan Andersen for sending them.
	- Added Amos Joshua Clone virus and it's Dropper, thanks to
	  Jan Andersen for sending them.
	- Added MUI 4.0 trojan virus and installer, thanks to Jan Andersen
	  for sending them.
	- Added AmigaE modules to archive, including a small example.
	  The modules and example were created by Andrew Cashmore
	  (aj.cashmore@ukonline.co.uk)
	- The library has changed programmer, although Georg does keep all
	  copyrights and remains owner of the sources, I (Alex van Niel)
	  will continue developement. See the README file for my contact
	  address.

   xvs.library 33.18
	- Fixed bug in recognition code for Elbereth 1 - 4 and Disnomia
	  linkviruses. Some copies have not been detected correctly.
	  Thanks to Dran/Chew-Z for the report and the testfiles.
	- Added additional verification code for pseudo-executables like
	  'Scalos.key' starting with $3f3 even if they are datafiles.
	  Thanks to Ramon for the report.

   xvs.library 33.17
	- Added 'STD Crabs #1' linkvirus and its Dropper. Thanks to Jan
	  Andersen and David Knell for sending them.
	- Added 'STD Vaginitis #1' linkvirus and its Dropper. Thanks to
	  Jan Andersen for sending them.
	- Added 'STD Vaginitis #2' linkvirus, its Dropper and
	  'STD Vaginitis #3' filevirus. Thanks to Jan Andersen and
	  Jesper Svennevid for sending them.

   xvs.library 33.16
	- Added another security mechanism that should bring up an alert
	  if xvs.library has been modified in length (what usually all
	  viruses do). If such an alert pops up on your computer, please
	  perform a file check with VirusZ on 'xvs.library' in your libs:
	  drawer. The library will therefore no longer refuse to work when
	  it's (possibly) infected.
	- Oh my god, why am I such an idiot? While analyzing Polish Power
	  linkvirus, it suddenly came to my mind: The polymorphic code
	  of Polish Power is exactly the same as the one Antonio uses.
	  I just had to fix some small routines in the repair code, and
	  now both dangerous linkviruses will be recognized :-)

   xvs.library 33.15
	- My Christmas gift for you: Recognition and repair code for the
	  'Antonio' linkvirus (that's how I call it!). It uses the ugliest
	  polymorphism I have seen so far, but I nevertheless did it in
	  just 2 days. If there appear infected files that cause problems,
	  please send them to me immediately (by email if possible).
	  Thanks to Jan Andersen for sending me this virus so quickly.

   xvs.library 33.14
	- Added 'Datatypes.Library Trojan'. Thanks to Jan Andersen for
	  sending this Miami backdoor.
	- Please note my new email address in the README file.

   xvs.library 33.13
	- Added Mad_Roger Short linkvirus.
	- Added Robby bootvirus. Thanks to Peter Lindberg for this really
	  old stuff. It's from 1988 and I've never seen it before!!!
	- Added 'C' developper files. Thanks to Dirk Stöcker for creating
	  them.

   xvs.library 33.12
	- Added new linkvirus: Fungus/LSD. Thanks to Jan Andersen for
	  sending this stuff.

   xvs.library 33.11
	- Added new viruses: UnpackJPEG Trojan, LOBO Simple, LOBO Weird
	  and its Installer. Thanks to Jan Andersen for sending the viruses
	  and Dran/Chew-Z for sending them to Jan.
	- Finally released the developper files (include, autodoc, fd etc.)
	  to the public. It's time now to give other skilled coders the
	  opportunity to develop their own viruskillers...

   xvs.library 33.10
	- Added the rest of the missing viruses from VTC (see below):
	  666!-Trojan, Mosh 1.0, Promoter 1, Purge Dropper, Purge Trojan,
	  TDTJ Trojan, SehrJung Dropper, SehrJung Trojan, Nibbler 1.0ß Link,
	  Nibbler Installer, New Age (bad linkvirus, can only be deleted).
	- Added recognition for 666!-Trojan damages to sector check code.
	- Added recognition for files damaged by Cute Little Ponnies and
	  Inspector X of A.L.F.
	- Added AmigaRAR.exe Fake, a packed version of Gathering '95 that
	  cannot be decrunched by xfdmaster.library at the moment. I will
	  add the cruncher as soon as possible to xfd.lib, then the extra
	  recognition is no longer needed. Thanks to Jan Andersen for this
	  packed trojan.

   xvs.library 33.9
	- Finally I contacted Soenke Freitag of VTC Hamburg and asked him to
	  send me the old but still missing viruses from their test. I added
	  the following viruses until now:
	  AHM Keymaker 1.1, BBS Blieb6, Miami Fake, BBS MegaMon, DumDum 2,
	  BBS CLP/InspectorX, BootX Updater, Buzz Bomb MKI, Hexer/Bea 1,
	  Hexer/Bea 2, Hexer/Bea 3, Conman Format,  Compuphagozyte 13,
	  Disk.info Bomb, Joshua 3 and Christmas Violator.
	  There are still more to come, I will add them (hopefully) in the
	  following 2 or 3 weeks.
	  Special thanks go to Soenke Freitag for the good cooperation and
	  all the work he had with sending me the virus collection.
	  Thanks must go to Markus Schmall and Jan Andersen too for giving
	  Soenke the permission to submit the viruses to me (most of them
	  were NDA).
	- Added MaxDoorControl + Lib. Thanks to Jan Andersen for sending it.

   xvs.library 33.8
	- Added Mad Roger bootvirus and WAWE trojan. Thanks to Jan Andersen
	  for sending the trojan.

   xvs.library 33.7
	- Did some internal reworking for better performance.
	- Added bootblock viruses: AHC, Gadaffi 2, Virus Slayer 6.12.
	- Added recognition for files damaged by Lisa FuckUp 2.0.
	- Fixed removal code for ZIB linkvirus. Now detects all files that
	  have been infected by the installer directly.
	- Added recognition for Doom_CLX Trojan, CompuPhagoLink and
	  X-Ripper 1.1.

	Special thanks for sending all the above mentioned viruses are going
	to Jan Andersen. VirusZ did not recognize these viruses at the time
	when the VTC-Test 1998 took place, therefore the ranking of VirusZ
	in this test would be even better right now.

   xvs.library 33.6
	- Added HappyNewYear 96/2 clone, HNY 96/3 clone + installer and
	  Sepultura bootblock virus. Thanks to Jan Andersen for submitting
	  them.

   xvs.library 33.5
	- Fixed bug in 'Smeg' recognition. Thanks to Thomas Richter for the
	  tests and the report.
	- Added 'MKey.exe Fake' trojan. Thanks to Jan Andersen for sending
	  it to me.
	- Added 'HANF' linkvirus. This nasty bastard took me a lot of time.
	  Thanks to Ralph Bernecker and Jan Andersen for sending it to me.

   xvs.library 33.4
	- Added 'ReOrgIt Fake' trojan. Thanks to Jan Andersen for sending
	  it to me.

   xvs.library 33.3
	- Added new viruses: 'Death To Maxs' 1-4 trojans. Thanks to Jan
	  Andersen for sending them.
	- Rewritten some memory checking routines for safer execution.

   xvs.library 33.2
	- Just did a little fix in the memory checking code. Some strange
	  patches haven't been accepted.

   xvs.library 33.1
	- Moved all virus recognition and removal code from VirusZ to
	  this library. Several support routines have been rewritten
	  or designed totally new.





Virus Help Team
Denmark & Canada
Copyright © 1995-2025