25 replies to this topic

[1lann]

Hello! This is a rescue disk/antivirus that I wrote which can (hopeully) detect and remove viruses on your CC Computer
You must have the HTTP API Enabled (And working)
Also, on the first time, you must run the program when you know your computer's startup is clean.

Features:
Window GUI and Auto-updating database



You have to run the program from a disk as startup.
You can download the program by using

pastebin get hLnnpXtZ /disk/startup

Note: If you get an message saying that the disk is infected, reinstall the antivirus.
Constructive feedback/criticism is welcome. Please post if you get any false-positives or any viruses being undetected. Feel free to post ideas and improvements to make. Btw, editing the file will cause you to get a message saying the dis is infected XD.

[Wolvan]

How exactly does it identify Viruses? Does it just search for OS.shutdown and stuff or does it check a complete program if it is the same as an entry in the database?

[1lann]

Wolvan, on 07 July 2012 - 10:36 AM, said:

How exactly does it identify Viruses? Does it just search for OS.shutdown and stuff or does it check a complete program if it is the same as an entry in the database?

Did you get a false positive or something? If so, you can check the logs
(use "edit /disk/avlog.log") and compare it to the database (below) to see what triggered it

Anyway, it reads a database from http://pastebin.com/xJhGLZeV
What it does is it scans through all of your files/folders (except for rom and disk) for things like:
That your startup has been modified since you last ran the rescue disk
files named as system files in the root directroy. Like edit or pastebin
Programs which try to mask functions.
And others which I came across on the CC server I play on.
The format for the database is:
Name
Snippet
It just scans through all files for the snippit.

[Pinkishu]

1lann, on 07 July 2012 - 12:00 PM, said:

Wolvan, on 07 July 2012 - 10:36 AM, said:

How exactly does it identify Viruses? Does it just search for OS.shutdown and stuff or does it check a complete program if it is the same as an entry in the database?

Did you get a false positive or something? If so, you can check the logs
(use "edit /disk/avlog.log") and compare it to the database (below) to see what triggered it

Anyway, it reads a database from http://pastebin.com/xJhGLZeV
What it does is it scans through all of your files/folders (except for rom and disk) for things like:
That your startup has been modified since you last ran the rescue disk
files named as system files in the root directroy. Like edit or pastebin
Programs which try to mask functions.
And others which I came across on the CC server I play on.
The format for the database is:
Name
Snippet
It just scans through all files for the snippit.

So easy to get around />

[Wolvan]

No I was just curious how this system works. Really interesting if I say so myself. It covers most of the viruses you can do with CC

[1lann]

Pinkishu, on 07 July 2012 - 01:44 PM, said:

So easy to get around />

lol

Wolvan, on 07 July 2012 - 02:40 PM, said:

No I was just curious how this system works. Really interesting if I say so myself. It covers most of the viruses you can do with CC

Thanks!

[Pinkishu]

it doesn't cover if someone uses rawset to change a function from what i've seen />
also seems you could write a new function and do

function myFunc() end
rs.setOutput = myFunc

or

rawset(rs,"setOutput", function() end )

One could also encode their functions as hex, decimal, binary or whatsoever and have the code generated and executed at runtime
Or one could use compiled lua + loadstring
etc

[1lann]

Pinkishu, on 07 July 2012 - 05:04 PM, said:

it doesn't cover if someone uses rawset to change a function from what i've seen />
also seems you could write a new function and do

function myFunc() end
rs.setOutput = myFunc

or

rawset(rs,"setOutput", function() end )

One could also encode their functions as hex, decimal, binary or whatsoever and have the code generated and executed at runtime
Or one could use compiled lua + loadstring
etc

Well.... I'll add support for rawset and os.function = myfunction. But as for encoding code, I'll just wait until I see one and add it to the database XD

[Exerro]

i want to download this to test my virus but dont know how...can you upload the file pls?

[1lann]

awsumben13, on 14 July 2012 - 12:51 PM, said:

i want to download this to test my virus but dont know how...can you upload the file pls?

sure, http://pastebin.com/....php?i=hLnnpXtZ

[Exerro]

it didnt work??? it says attempt to index (a nil value)

[1lann]

awsumben13, on 15 July 2012 - 08:55 AM, said:

it didnt work??? it says attempt to index (a nil value)

You sure you have the HTTP API Enabled?

[Exerro]

how do you enable it? i dont think its enabled

[1lann]

awsumben13, on 15 July 2012 - 06:11 PM, said:

how do you enable it? i dont think its enabled

Go to
.minecraft/config/ComputerCraft.cfg
And make sure enableHTTPAPI is set to 1
(or something like that)
I made some changes recently so you may have to re-download it.

[dragoon2]

i have the same problem but i have httpapi enabled to 1

[1lann]

dragoon2, on 17 July 2012 - 03:36 AM, said:

i have the same problem but i have httpapi enabled to 1

Telling me what line the error occurs would be helpful />
Go to the lua prompt
(type lua into shell)
then type "http" (without the quotes) and hit enter
what does it return?

[FUNCTION MAN!]

Can i include this in Aurora OS (Sorry no question mark)

[rickydaan]

To prevent errors, add at the top of the script:

if http == false then print("HTTP API required. Please change this in the config.") error() end

Might help you

[Orwell]

rickydaan, on 14 December 2012 - 01:41 AM, said:

To prevent errors, add at the top of the script:

if http == false then print("HTTP API required. Please change this in the config.") error() end

Might help you

Wouldn't you rather do:

if not http then error("HTTP API required. Please change this in the config.") end

I don't think http ever equals false, rather nil.

[Cranium]

I personally like it written like this.

if not http then print("HTTP API required. Please change this in the config.") return end

It looks cleaner, because you don't actually error out the console, you just exit the program.