Category : System Diagnostics for your computer
Archive   : STOP.ZIP
Filename : STOP.DOC

Trojan Stop Deluxe v 1.1
By Carey Nash
The Programmer's Forum
(818) 701-1021

What is this?

Trojan Stop Deluxe is a program I wrote while learning Assembly. It
can successfully stop ANY attempt to do harmful damage to your hard disk or
floppy disk system. If you suspect a program is a trojan, all you have to
do is load Stop.Com before you run it.

How does it work?

Trojan Stop Deluxe hooks on to interrupt 13 hex. Interrupt 13 is
used for ALL low level disk I/O, and any program that accesses the disk must
use it. Stop.Com hooks on to interrupt 13, and checks to see which function
is being requested: Read, Write, or Format. If write or format are requested,
Stop.Com will not allow interrupt 13 to perform the command, but instead, it
return a value to tell the calling program that the write, or format was
successful. It will also place a colored square on the upper right corner of
your screen.

Give us an example?


You have a program which has little documentation, and seems much to
small to do what it should do. You suspect it is a Trojan. First, run
Stop.Com, and then proceed to run the suspected trojan. If the program does
any disk writes, or formats, you will see a little red or blue square on your
screen, and they will be disabled - however the suspected trojan will not know
this. If the program turns out to be O.K. (no nasty messages after it's done),
etc, then everything is fine. However, if it turns out to be a trojan, and
claims to have done harm to your disk, merely reboot your computer, and you're
safe!

How To Activate?
To activate Trojan Stop Deluxe, type Alt-Z. Version 1.1 will remain
in memory, and ALLOW disk writes and formats until activated by Alt-Z. You can
tell if Stop is activated because an 'A' can be seen at all times on the upper
left portion of the screen. To deactivate/activate Stop, just tap Alt-Z. Note:
Stop will ONLY stop writes and formats while activated (there MUST be a blue
'A' at the top of your screen), otherwise, your computer functions like usual.

Suggestion.

Try a test of Stop.Com. Copy some files onto a trash floppy and run
Stop. First activate it (Alt-Z), then perform a "del *.*" command. Following
this, do a directory of the disk.

IT APPEARS THAT THERE ARE NO FILES THERE!!!

Don't worry about this. Each time DOS performs file commands, it
updates the current FAT in memory. That means that the files are still present
on your floppy, but in memory it thinks they are deleted. All you need to
do is reboot your computer, and the disk will be 100% the way it was before
you deleted all of the files.

Disclaimer.

Stop has been tested with everything from the Format command, to
"del *.*", however, I accept no responsibility for what happens to your system
while Stop.Com is in memory. This is just an attempt to supply people with
a way to safeguard themself against Trojans. If you have any questions,
comments, etc, please call the number at the top of this document.