These versions of !Killer (1.26) and VProtect (1.10) know about ten
families of virus for the Acorn Archimedes range of computers (including the
A3000 and A5000).     

These are :

* Extend
* Icon (also known as Filer), and known variants
* FF8 (also known as Archievirus)
* RISCOSext (also known as Thanatos)
* DataDQM (also known as Vigayvirus)
* CeBit
* MyMod (also known as Silicon Herpes)
* TrapHandler/NetManager 
* Module (also known as ModVir)                                          
* Image

The alternative names mentioned are those used by the authors of other virus
detection/removal software. 

Should you discover a virus which is not understood by !Killer and VProtect
(or a new variant of one of those above) please contact the Customer
Services department at Acorn, including a clearly marked disc containing an
example of an infected file/application.

VProtect can prevent infected !Boot files from doing any damage. It achieves
this by parsing the !Boot file before it is executed. Should it find a line
which is known to be used by a virus, an error will be generated and the
!Boot file will not be executed. Similarly it can prevent the Module virus
from causing further infection.

VProtect is intended to be small and unobtrusive, lending itself to being
loaded on a system all the time.

!Killer is much more versatile, providing the following facilities:

* Detection and removal/disabling of any viruses already resident

* Self verification to avoid becoming a carrier for a virus

* Searching a file storage device for any infected files, with the ability
to remove them completely (including viruses which merge themselves with
files).

* Detection and removal of any viruses loaded whilst !Killer is loaded

Fuller documentation of !Killer is in the !Help file within !Killer's
directory.

The following sections give a brief summary of the ten known viruses. It
does not attempt to be a technical analysis or description, but simply gives
an overview of the nature of each virus, and it's possible effects.

Of necessity, our definition of the term virus takes a very broad view of
the genre. Anything designed to reproduce itself and/or cause unwanted
events is considered a virus.
                                            
The majority of the viruses documented below alter !Boot files to get
themselves loaded. This means that all you have to do to get a virus in
memory is to open a directory viewer on an infected application!


The Known Viruses
-----------------

1) Extend

This lives in applications, using one of eight possible names. It
modifies/creates a !Boot file to load itself. Apart from claiming more and
more memory (eventually causing the system to run out of memory) it is
harmless, but very contagious.

Quick Check : Press <F12> and type 'help extend' - a message of the form
'Module is...' indicates that it's loaded.

2) Icon (also known as Filer)

There are a number of variants of this around - six have been encountered
already. All use !Boot files to propagate. One variant does nothing apart
from spread itself. The others generate a nonsensical error message when
they is first loaded.

Quick Check : a file called Icon, Poison or NewVirus(!) inside an
application which is filetyped as a sprite, but is actually BASIC.

3) FF8 (also known as ArchieVirus)

This is by far the oldest virus, but various bugs in it's coding make the
chances of it successfully infecting other programs quite small.

Unlike most other viruses discussed here it works by merging itself with
files typed FF8 (Absolute).

On the 13th of the month any infected application will fail to run, giving
the message 'Archievirus strikes again'.

Quick Check : Load a file into !Edit, and look for '1210' at the end of the
file (though 'Hypo1210' indicates an innoculation instead).

4) RISCOSext (also known as Thanatos)

This is by far the worst of the viruses discussed here. It has various nasty
things on particular dates, with a random chance of something happening at
any time. Any outbreaks of this virus should be treated rapidly to avoid any
chance of data loss.

Quick Check : Look in the Task Manager display for 'Thanatos'.

5) DataDQM (also known as VigayVirus)

This one causes the screen to judder an increasing amount during each
Thursday. 

Quick Check : An application called 'TaskManager' - not to be confused with
the real 'Task Manager' which will appear in the list of module tasks.

6) CeBit

Aside from infecting applications (via the !Boot file as usual) it will stop
proceedings on every 16th infection to display a message from 'Devil, The
Lord of Darkness'. This virus was discovered in Germany, and is not thought
to have spread to the UK yet.

Quick Check : press <F12>, then 'help tlodmod'. A message of the form
'Module is...' shows that it is loaded.

7) MyMod

This is a harmless virus, which will display a message on each Friday 13th.
It can exist in two forms, the first being the trojan used to initially
release it, and the second being the form in which it infects applications.

Quick Check : press <F12> then 'help mymod'. A message of the form 'Module
is...' shows that it is loaded.

8) NetManager/TrapHandler

This is a variation of the !Boot theme, with the whole virus being in the
!Boot file. 

Quick Check : press <F12> then 'help netmanager' or 'help traphandler'. A
message of the form 'Module is...' shows that it is loaded.

9) Module

This is quite different, and works by appending it's code to any modules
loaded whilst an infected module is active. It then redirects some of the
module entry points to itself (and then on to the original entry points).

Quick Check: Any modules with changed timestamps, and have grown by almost
1K are potential suspects. Loading the module in to !Edit will reveal the
ASCII string 'Press any key to continue'.

** Important ** Version 1.17 of !Killer can corrupt modules when attempting
to remove this virus (caused by it expecting to find a different strain of
the virus). Corrupted modules may be repaired using this version of !Killer.
Drag an affected module to !Killer's icon with ALT held down to repair
it.
                            
10) Image

This is basically a !Boot infector, but with a couple of variations. A !boot
file is created if one did not exist, otherwise it renames !run to !spr, and
saves a !run of it's own. It loads into OS workspace at 5500, so the chances
of it being overwritten and causing a crash are quite high.

Quick Check: A file called Image appearing in application - length 512
bytes, and no filetype.
