Warning ! M-hac.lha and Bloody.exe contain LINKVIRUSES ! BE CAREFULL !

  Here a first BETA ANALYSE of it:

  ConMan 1995 Linkvirus:
  ----------------------

  Other possible names: M-Hac Virus, Bloody Virus
  Detected in: M-hac.lha and Bloody.EXE
  Detected when: August 1995/Germany SOS
  Linking method: 4eb9 (!!!!)
  Resident: NO
  Length: 1836 bytes


  This is a new type of linkvirus. There are 2 installers known yet.
  It simply creates a new process with the known CONMAN code , but
  now with different names.

  Possible names are:

  C:DIR
  ramlib
  Background_Process
  RAm
  L:FastFileSystem
  LIBS: gadtools.library
  Workbench
  DF0
  addbuffers
  CON
  LIB:req.library
  CLI(0): no command loaded
  CLI(1): no command loaded

  Please note that several of this takss can appear in normal systems,
  too.

  The speciality of this virus is, that it uses a intern 4eb9 linker
  to link to files. Quite tricky. Viruskillers like VT, VZ_II and
  VW should so be able to detect the infected files.

  The linking routine knows the following hunksymbols: $3f2,$3f3,$3ec
  and $3eb. The code is a little bit dangerous, but I will implent
  in VirusWorkshop a complete reverse analyzed routine, so it should
  be no problem to repair even not working infected files.

  The virus adds 4 hunks to the file and the linked code is partly
  packed. It is packed with StoneCracker 4.04ß and then afterwards
  manipulated.

  The virus is not memory resident.

  Some words about the installers:

  m-hack.lha FILE_ID.DIZ

  .-------------------------------.
  | MASTER AMIEX ONLINE PW HACKER |
  | PREVIOUS VERSION HAVE A BUG!  |
  `-------------------------------'

  The programm hack (4388 bytes long) contains the trojan.

  bloody.exe FILE_ID.DIZ:

  NON DOS DISK READER >>>>-BEST!

  The programm is including this ID 25560 bytes unpacked long.

  Greets
          Markus Schmall (Programmer of VirusWorkShop)

  P.S.: This analyse is copyrighted and strictly forbidden to be used
        in any SHI production....