MSAV, Turbo AV, CP AV are all the same product and all a giant piece of garbage I would not run period. viruses would take major advantage of those AV products. Using them risks making things a lot worse, if you did have a virus.

BloodyCactus wrote on 2024-01-30, 17:44:

MSAV, Turbo AV, CP AV are all the same product and all a giant piece of garbage I would not run period. viruses would take major advantage of those AV products. Using them risks making things a lot worse, if you did have a virus.

Thank you for your input.
Unfortunately, if this is true, I do not have much options currently.

In what way would they make it worse?

Do you have any alternative?

Okay, if you legit do have a virus on it, that is actually really cool. Try to back it up or something. It’s kinda history 🤣

Sphere478 wrote on 2024-01-30, 18:41:

Okay, if you legit do have a virus on it, that is actually really cool. Try to back it up or something. It’s kinda history 🤣

Haha, after all this work, it would have been very entertaining if my memory are wrong, or if only got a false positive from my AV way back when

cross wrote on 2024-01-30, 18:34:

In what way would they make it worse?

a lot of viruses were written specifically to detect these 3 tools, and if so, they disable them in memory, and then infect every file the AV looks at, then turn the AV back on! The AV tool says "nothing found here!" but in reality, just infected every file on disk and you never knew!

once this enable/disable api was documented in the virus community, we all used it in our code 🤣

Ah okey..
That is very unfortunate.

"Virus community" 🙁

Well, moving on.

My options are very few still.
1.Either upgrade the cpu. Which seem to be the only viable options to be able to run the nice program shared in this thread.
Would this be a straight drop-in and then just run Masaw´s AV straight from the floppy? Checking eBay it looks to be available here and there.
At least the v20 is available. The v30 not so much. Not really sure if both will work for this case?

2. Finding some way to interface with the disk on another platform, fast google on that subject does not return much
3. Trying to get MSAV to run on it, but rinsing the above issue instead

There is nice collection of DOS AV-tools on DOS Days. It might worth checking it out.

BloodyCactus wrote on 2024-01-30, 18:52:

cross wrote on 2024-01-30, 18:34:

In what way would they make it worse?

a lot of viruses were written specifically to detect these 3 tools, and if so, they disable them in memory, and then infect every file the AV looks at, then turn the AV back on! The AV tool says "nothing found here!" but in reality, just infected every file on disk and you never knew!

once this enable/disable api was documented in the virus community, we all used it in our code 🤣

That's fascinating, I didn't know that. 😃

I wonder, how does this work if a clean boot-up disk with one of those av scanners is being used?

I'd assume that the viruses would have to be active in first place (memory resident).

Also, what about check list files?
If they're being created for each sub directory, they should keep track of the files in that directory (file size or checksum).

Any later alteration that happend should be recognized by the av software.

The situation mentioned above sounds more like a situation in which the files had been already "immunized" by the av scanner.

During immunization (optional feature), the files are basically being "infected" by a part of the av software, which then in turn does protect the files from real viruses.
- A bit like a DOS header of a Windows program ("This program requires MS Windows.")

If that immunization part is being altered by smart viruses, then yes, the av scanner might not be able to detect the immunization part as a threat.

Just a bit of update for everyone following along, crazy ppl 😁 And thank you for it!

I decided to pick up a NEC V30 from eBay, should arrive within a couple of days.

My working theory:
1. Plug it in
2. Run Masaws program
3. Hope for the best

Sounds simple, right? 😁

Haha. If anyone has ideas or hints if this CPU needs anything else in form of software or other means please let me know.

Masaw, if you still are following along. Can you confirm if your program checks if the CPU is a 286 or not? It loks like form J022´s update earlier that these CPUs does not report like that.

cross wrote on 2024-01-31, 09:31:

Masaw, if you still are following along. Can you confirm if your program checks if the CPU is a 286 or not? It loks like form J022´s update earlier that these CPUs does not report like that.

no it doesn't check for 286 specific cpu, but it should work fine on a V30 if the 286 instructions used by the C compiler are present .

Masaw wrote on 2024-01-31, 09:48:

cross wrote on 2024-01-31, 09:31:

Masaw, if you still are following along. Can you confirm if your program checks if the CPU is a 286 or not? It loks like form J022´s update earlier that these CPUs does not report like that.

no it doesn't check for 286 specific cpu, but it should work fine on a V30 if the 286 instructions used by the C compiler are present .

And even if they'd check, I think it depends also upon how certain routines do check for an 80286.

There was no CPUID yet at the time (late 486 CPUs and up), so programs had to test certain things. Trial&error style, so to say.

An 80186 or V20/V30 might pass these tests and the program assumes its an 80286.
Simply because the 80186 was sort of an oddball.

Dedicated 80186 support in C compilers exists (Mix Power C has it; besides 80286 support), but it wasn't really meant for PC programs, I think.

The 80186 did exist in some PCs, but it was designed more like an microcontroller / early SoC (not fully IBM 5150/5160 compatible).

In the early days (early 80s), some PCs used the 80186 in its function as a CPU only and had used dedicated hardware to form a PC motherboard chipset for better PC compatibility.

Ok, technically, there's an "easy" way to detected an 80286 - try to enter protected mode and then reset.
Or check for Himem.sys and A20 gate. But I suppose that wouldn't be a safe way to do it in a professional field.
Such things could potentially hang PCs or crash the application, especially if they're running on OS/2 or another DOS compatible OS.

Edit: What I meant to say is that programs may not distinguish between 80186 and 80286 so much.
If 80186 instructions are being supported, many programs should be happy thinking it's an 80286.
Because, as far as real-mode instructions go the 80186, V20/V30 and 80286 are quite similar.

The Windows 3.0 VGA driver, for example, normally does require an 80286.
But it will also unofficially work with an an V20/V30.
(To be fair, that specific driver had been patched recently for 8088/8086 by a member of vcfed.org forums.)

Analog_programmer,
Thank you so much for this link, I appreciate it!

Masaw,
Thank you for following along and confirming this!
Kind of excited to see if the new CPU will make your program run and if it can find any virus!

J022,
Again, thank you so much for these very technical walkthroughs, super interesting and we learn a lot from them!

Would be very interesting to know what instructions the original is missing that the program is calling for, guess that we might never know that.
If now Masaw don't want to port the program "back" to the 8086 😁

Again, if this will work by just dropping in a new CPU would be amazing, and a super interesting endeavor.

I do however have a slight feeling that it might not be this simple. I am usually a bit unlucky with these things 😁
For example, maybe the program has a memory requirement that is higher than what I have installed currently? Or something like that

It is a waiting game now until the new CPU arrive in the mail.

I did actually check my other system 30 what CPU it had, but also a 8086, however a intel branded one, meanwhile this machine has a Siemens branded one.

As soon as I have tested the new CPU I will report back for everyone interested! And if you have any other details meanwhile, feel free to share while we wait 😁

So everyone, if you are still following! 😁

After dealing with one very unreliable ebay seller, I was able to find another seller with a V30 that arrived yesterday.
I plugged that one in, booted up from clean floppy and was able to run Masaw´s amazing program without any issues!
And yes, my memory was correct. The machine had a virus on it. Called "Junkie". (Not sure where i got "Banana" from though 😁
Reading up on it, it looks to be highly contagious, however pretty "Harmless". Most likely why nothing was ever seen on the machine while using it

VCHECK correctly identified it on the MBR and even some of the COM files and successfully removing it. Can also confirm that the virus was still active before this, as all the floppy that touched the machine was infected. VCHECK was able to clean this also.

Initially I was thinking of filming it just to show VCHECK work and how it looks when/if it found anything. However, process took a while. What I did instead though, was taking screenshots of the prompts when it found the virus on file.

So all good now, with this new CPU, I was also able to make one of my ZIP drives to work with it. Pretty amazing that the ZIP works on this machine!
It is currently copying all the files over to a ZIP-disk for preservation. Found alot of fun memories on the drive that I want to keep around. I guess these HDDs are not super reliable after all these years.

I just wanted to thank you all that was involved and helped me through this process with ideas and tips!
And a very very special thanks to Masaw for all your assistance, knowledge and sharing your amazing piece of software. I really appreciate it.
Also, Jo22, thank you so much for all your knowledge with this!

cool. who would have thought it would still be useful after like 20 years since the last time I made major updates to it. glad I could help

Masaw wrote on 2024-02-23, 10:06:

cool. who would have thought it would still be useful after like 20 years since the last time I made major updates to it. glad I could help

Old but Gold, as the saying goes 😀

What an adventure 😁

Did you manage to save a copy of an infected file? I see a "Junkie" in some DOS virus collection but who knows if it's the same one.

HandOfFate wrote on 2024-02-24, 16:17:

What an adventure 😁

Did you manage to save a copy of an infected file? I see a "Junkie" in some DOS virus collection but who knows if it's the same one.

Yes it sure was 😁

To be honest i was so fed up chasing this virus. (Remember it has been a thing on the machine for 30 years 😁) So I was so happy that it was removed.
I miiiight have one of the floppy-disks still infected maybe. I'm guessing though that this virus is saved in alot of places, since it was so so common.

Maybe someone knows more about these variations? I think i read somewhere that it was at least two versions of it.

Reading the story behind it, it was written by some "Dr White". Maybe he is on the forums? 😁

[/quote]

Maybe someone knows more about these variations? I think i read somewhere that it was at least two versions of it.

Reading the story behind it, it was written by some "Dr White". Maybe he is on the forums? 😁

[quote/]

I'm pretty sure that's the variant that exists in the wild for a long time,
So far, there are at least 7 variants:

Junkie.1027.A , .B ,.C ,.D
Junkie.1029
Junkie.1308
Junkie.1536

and all of them are identified correctly and handled properly by VCheck+