Dec 182017
 
Detects introduction of virus into system.
File DELOUSE.ZIP from The Programmer’s Corner in
Category System Diagnostics
Detects introduction of virus into system.
File Name File Size Zip Size Zip Type
DELOUSE.CHK 409 213 deflated
DELOUSE.DAT 640 301 deflated
DELOUSE.DOC 10532 3812 deflated
DELOUSE.EXE 11776 6381 deflated
DELOUSE.PAS 10807 3100 deflated

Download File DELOUSE.ZIP Here

Contents of the DELOUSE.DOC file



Documentation for DELOUSE, a program to assist in detection of
disk damage by Trojan or Virus programs. Designed by and for
those of us who are especially paranoid.

Program: DELOUSE
Version level: 0.9 (beta)
Type: Automated File comparison utility
Language: Turbo Pascal v4.0 required.
Author: Phillip M. Nickell
Date: February 28, 1988

Beta-Test Sites:
Metamorphosis PCBoard BBS - Longmont Colorado.
Twin Peaks PCBoard BBS - Longmont Colorado.

All comments and suggestions are welcome. Bug
reports are tolerated. Leave a message for
Phil Nickell.


NOTE:

DELOUSE is distributed with the source code. If the copy you
receive is without source code then perhaps you should be
suspicious of what the .exe file contains. The .exe file
should be 11776 bytes in length for release v0.9.


PURPOSE:

This program is written in response to the threat by trojan
and virus program and the damage that they can cause to a
persons hard disk. This program will NOT prevent damage nor
does it attempt to detect the actual presence of trojan
programs. This program will ASSIST the user in determining
that damage MAY HAVE OCCURRED and will thus allow the user to
take what steps may be necessary to eradicate the bug.

Most trojan and virus programs do their dark deeds by
modifying existing system files that exist on most all MSDos
and PCdos machines. DELOUSE allows you to build a list of
critical system files that are normally subject to attack
and check them periodically for changes. If any changes
have occurred, and if you have not make any changes in those
files yourself, then PERHAPS something else made those
changes for you without your knowledge. You can then
investigate and attempt to find out why the changes occurred.
There is no free lunch or magic potion here. This program
is a tool to be used by the concerned and knowledgeable
computer user. It will not help you if you don't use it, and
like any tool it will not work properly if it is not used
properly. If you are not familiar with files, directories
and drive designators then you should probably get some
assistance from an experienced computer user, as this
program will cause more worry for you than solace.


FILES IN THE ARCHIVE:

DELOUSE.EXE The program.

DELOUSE.DOC This documentation.

DELOUSE.DAT Is a list of files that you wish to test
for errors. This file is just an example
of what you might want to set up. You
should make your own copy with a text
editor. Don't use a word processor.

DELOUSE.CHK is a file that is built and maintained
by DELOUSE. It contains information
about the various files and the checksum
method used. You should know of this
file but you should not modify it unless
you are confident of what you are doing.

DELOUSE.PAS This is the Turbo Pascal source code
file. In this day of trojan programs, it
is really nice to have the source code
so that you can be sure of the program
and how it works. You must have Turbo
Pascal v4.0 to properly compile this
code.


OPERATING DELOUSE:

Syntax: DELOUSE { Make | Check } [ METHOD=n ]

Examples: DELOUSE MAKE
DELOUSE CHECK
DELOUSE MAKE METHOD=2
DELOUSE CHECK >PRN

You must specify either MAKE or CHECK on the
command line. The make option causes DELOUSE to
build a new DELOUSE.CHK file which is used later
to check up on the files.

You can optionally specify METHOD=N where N is 1,
2 or 3. The method number is used by the MAKE
operation and is ignored by the CHECK function.
Read theory of operation for more information.

The last example above shows the check option
screen output being re-directed to the printer.


INSTALLING & RUNNING DELOUSE.

Most users will probably be using DELOUSE on a hard disk.
You should preferably make a separate subdirectory for
DELOUSE. Copy DELOUSE.EXE into the subdirectory. You might
wish to copy DELOUSE.DAT into the subdirectory also. Edit
DELOUSE.DAT with a text editor (edlin, qedit, brief, etc.)
so that it lists all of the system files that you wish to
check on. The distribution copy of DELOUSE.DAT contains a
list of most all the file names that you might want to check
on. Use it to guide your efforts.

After you get the files set up, run DELOUSE MAKE from the
directory where you installed it. DELOUSE expects to find
the DELOUSE.DAT file in the current subdirectory and it will
create DELOUSE.CHK in the same current directory. During
the make operation, DELOUSE will echo the data that it is
writing into the DELOUSE.CHK file. It will also warn you of
any files listed in the DELOUSE.DAT file that it was unable
to open and do a checksum calculation on. You should modify
the DELOUSE.DAT file to correct any problems and run the
make option again.

Now you can run DELOUSE CHECK at any time to check on those
files that you are trying to protect. Move to the
subdirectory where you have DELOUSE installed. Run
DELOUSE check. DELOUSE will read the DELOUSE.CHK file and
compare the data against the files named there. If a file
has been changed, DELOUSE will report that something has
changed. If one of the files is missing, DELOUSE will
report that also. If you have gone ahead and modified the
DELOUSE.CHK file against all warnings and messed it up, then
DELOUSE will attempt to warn you about that also.


THEORY OF OPERATION:

DELOUSE uses a simple checksumming method to detect changes
in the target files. This is not very sophisticated, but is
good enough for what is being done here. We are just trying
to detect that a change took place, not trying to transfer
error-free data across the phones.

DELOUSE actually uses three different checksum algorithms.
All are simple but slightly different in the way they
calculate the checksum. The checksum method is usually
chosen at random when the MAKE option us used. The method
number is recorded in the DELOUSE.CHK file to allow the
proper method to be used when checking the files. You can,
if you wish, force DELOUSE to use one of checksum methods by
putting METHOD=N on the command line, where N is 1, 2 or 3.
This would allow you to manually compare the DELOUSE.CHK
file against an earlier copy of DELOUSE.CHK where the same
checksum method was used. This would be a good method to use
to check for changes several days or weeks apart. Just
remember that the DELOUSE.CHK file is erased and rebuilt
when you run the MAKE option. If you want to save a copy of
the DELOUSE.CHK file make sure you do so before you run the
make again.

Why, might you ask, does DELOUSE use random selection of
checksum method? There is a remote possibility that one of
the Trojan/Virus numbskull programmers would attempt to work
around any one simple checksum method of testing files. The
random selection of checksum methods will just make it a bit
more difficult for them.

DELOUSE is designed to read any system and hidden files.
This includes IBMBIO.COM and IBMDOS.COM. DELOUSE goes to
special efforts to make sure that the files are only read
and never written into - safety comes first here!


FILE FORMATS:

DELOUSE.DAT - This is the file YOU create or modify.

Each line contains a full path name to a file that you
want to check. Comment lines are allowed - They must start
with the word !NOTE (5 characters). Blank lines are ignored.

Example DELOUSE.DAT file.

!note - always check on your command.com files
C:\COMMAND.COM
C:\DOS\COMMAND.COM

!note - IBM PCdos system files are good targets.
c:\ibmbio.com
c:\ibmdos.com

!note - MSDos system files are good targets
c:\io.sys
c:\msdos.sys

!note - device drivers are potential targets
c:\dos\driver.sys
c:\dos\ansi.sys
c:\dos\vdisk.sys

!note - you might want to check on your memory resident programs
!note like CED or SideKick
c:\util\ced.com
c:\sk\sk.com

!note - you can also check files on different drives as you like
a:autoexec.bat
a:command.com
a:config.sys




DELOUSE.CHK - this is the file that is created by DELOUSE and
should not be modified.

The first field is a character which describes the checksum
method used for checksumming the file. It will be 1, 2 or 3.
The second field is the calculated checksum itself. The
third field is the full path name of the file.


Example DELOUSE.CHK file:


!NOTE - This file used by the DELOUSE program. DON'T MODIFY.
1 1075880 C:\COMMAND.COM
1 1075880 C:\DOS\COMMAND.COM
1 904824 C:\IBMBIO.COM
1 1449251 C:\IBMDOS.COM
1 54968 C:\DOS\DRIVER.SYS
1 71679 C:\DOS\ANSI.SYS
1 140431 C:\DOS\VDISK.SYS
1 267197 C:\UTIL\CED.COM
1 2132698 C:\SK\SK.COM
1 256 A:AUTOEXEC.BAT
1 1075880 A:COMMAND.COM


END OF DELOUSE DOCUMENTATION.
Mercy - that's a lot of typing. Phil Nickell.


 December 18, 2017  Add comments

Leave a Reply