-----BEGIN PGP SIGNED MESSAGE----- GV1 v1.01 - Good Virus #1 v1.01 (c) 1994 By Stormbringer, Phalcon/Skism User-Friendly, Menu-Controlled Self-Replicating Encryption Utility! WARNING: THE AUTHOR OF THIS PROGRAM IS NOT RESPONSIBILE FOR ANY DAMAGES CAUSED DIRECTLY OR INDIRECTLY FOR THE USE OF THIS PROGRAM. THE USER ACCEPTS ALL RISKS OF USAGE BY POSSESSING THIS PROGRAM. Good Virus #1 v1.01 is now released as freeware to the public. Basics ~~~~~~ GV1 is a simple file encryption utility that uses one of the strongest encryption algorithms available today, the International Data Enryption Algorithm (IDEA). It is memory resident, allowing the user to simply press its hot-keys (CTRL-ALT-V) to pop up its menu, allowing the user to encrypt/decrypt files at any time simply by entering the filename and password. GV1 is also self-replicating, although ONLY AT THE COMMAND OF THE USER. If instructed to do so, GV1 will attach itself OR REMOVE ITSELF from .COM files as they are executed. This gives it a flexability to be used in places where encryption programs are unwelcome and looked for, as infected programs will seem "normal" to all but the most expert analysts. For example, many governments have recently taken it upon themselves to limit, in one way or another, the availability of encryptions to their people. In some of these cases, good cryptographic protection is completely outlawed and even searched for. While a person in this situation may choose to use PGP or another established program, this can often be dangerous as one can simply look for the PGP.EXE file. GV1 is at an advantage here because it can be attached to almost any .COM file and pass through normal inspections unnoticed. Main Menu ~~~~~~~~~ Below is the main user menu of the virus, with basically two parts, the Infection Modes and the Encryption Commands. It is activated by pressing CTRL-ALT-V from any text-based screen while the virus is in memory (which happens the first time an infected program is run). ÉÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ» º Good Virus #1 1.01 º º [GV1] º º (c) 1994 by Stormbringer [P/S] º º º º Infection Mode: º º [N]one º º [I]nfect Files º º [D]isinfect Files º º º º Encryption Commands: º º [E]ncrypt File º º De[C]rypt File º º º º Press [ESC] To Exit Menu º ÈÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍͼ Infection Modes ~~~~~~~~~~~~~~~ The infection mode of the virus is selected while on the menu simply by pressing N, I, or D. When first run, the virus defaults to [N]one and will therefore not infect (or disinfect) any files. If GV1 is set to [I]nfect files, it will infect any valid .COM files as they are executed from DOS. In [D]isinfect mode, GV1 will _disinfect_ any infected .COM files as they are executed. SHOULD A PROGRAM EVER FAIL TO WORK PROPERLY AFTER BEING INFECTED, FOLLOW THE FOLLOWING STEPS: 1.) Reboot the computer. 2.) Execute an infected program OTHER than the problem file. 3.) Set GV1 to disinfect by pressing CTRL-ALT-V, then D. 4.) Execute the problem file. It should now execute fine. Encryption Commands ~~~~~~~~~~~~~~~~~~~ GV1 has two encryption commands, [E]ncrypt File and De[C]rypt File. For each, one is prompted for a filename (include FULL path to file if it is not within the current directory) and a password. REMEMBER YOUR PASSWORDS AND TYPE THEM CAREFULLY! GV1 does no password checking and has NO backdoors. If you forget or mistype a password, the file is lost. Remember this when you are using it - GV1 is very secure, and should be treated with care. GV1 creates no headers on the files, nor does it mark files it encrypts in any way. One advantage of this is that one can not determine _anything_ from a GV1 encrypted file, EVEN THE FACT THAT IT IS ENCRYPTED DATA RATHER THAN SIMPLE GARBAGE. However, this also means that you MUST get the password correct the FIRST time to retreive your data, as GV1 has no record of the original password and will "decrypt" the file with whatever password you give it. Extra Security Features ~~~~~~~~~~~~~~~~~~~~~~~ GV1 makes no backups, nor does it leave a "deleted" copy of the file it is used to encrypt on the drive. When a file is encrypted, it is encrypted and no trace of its unencrypted form is left, making GV1 suitable for protecting even sensitive data. Validity of This File ~~~~~~~~~~~~~~~~~~~~~ I have included a copy of my PGP key, and have signed this document and included a pgp-signed version of the executable for GV1 to enable PGP users to ensure the authenticity of these files. Future updates of GV1 will also be signed for verification with the key included in this file to ensure that the virus is coming from a secure source. Greetings ~~~~~~~~~ Greets to: King of Hearts (whose IDEA code is used by the virus), Mark Ludwig, Fred Cohen, Musad Kafir, Dark Angel, Urnst Kouch, Phalcon/Skism, Trident, Hermanni, Trinity, and all the rest of you in the virus/ antivirus scene (I mean, really, if I listed ALL you guys that are cool here...heh.). -Stormbringer, Phalcon/Skism - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQCNAi0o+dUAAAEEAJSwQUugNUAWBK41zfxlixKQoYNs3YUOflAmc3HD5YG/Zlhr cyD4PxIH/Qs8nljHE9XJkV1Va4Xm9faM8bhpEbNDS/0UvqnQKueptazbOsMyJqij j47OKbBfZR6VbRM0h/9Qte39vyhYfrbfjognrMNIYWVN/UMTnkYqE9PU9e0dAAUR tBxTdG9ybWJyaW5nZXIgW1BoYWxjb24vU2tpc21d =wzsK - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLh3EEEYqE9PU9e0dAQEdlQQAhIJQs3LjSfxwbW73eZcykVXKNT9VG8hh p3P9pWc1jlCwVcfEKaQ8a+lh+jBcp18NlXidc/dWAkZjmjih0Tc8DOpzFXULtjuH f2vh73cL2PY+2pXICqVURg/080AIpM34phEPEpQMN4/Vh8Ka0PNl1GRrKG2q3LND utRbrM8lpXg= =9egw -----END PGP SIGNATURE-----