Amiga ISO Collection

home *** CD-ROM | disk | FTP | other *** search

/ Amiga ISO Collection / AmigaUtilCD2.iso / Virus / vIRUSwARNINGS! / flake026.txt < prev next >

Wrap

Text File | 1977-12-31 | 13.1 KB | 315 lines

÷===========================================================================÷ ________________________ . .. ............... _( )__ tURBo. (_ dEATh fIELd ÷ a4000/040 )_ _( 18Mb ÷ 3.0GiG ÷ 2 NdZ ÷ __) nODe#1: +90-212-ASK4IT! (___sIMPLY tHE fAZTEZt aROUNd__) nODe#2: +90-212-6242242 . (___ ________) .::::::::::::::. (____________) _ .::::::::::::::::. . (_) :::::: :::::: . ::: ::: : ___________ o :: .---. .---. :: ! |.---------.| o !: | | | | :! ) | ||o || |: | _ | | _ | :| ( | || dEATh || | |(_)| |(_)| | ) | || fIELd || |_,`---( )---'._| ( | |l_________|| ( ( .::::::. ) ( ) ! _|___________|_ ) .----\ : ---- : /----. ) : |o4o | ) / \_: :_/ \ .; . | ====| ( ) `::::::' \ // l_______________|__ ) ( ( ) \ // . | \\ \\\ \\\\ \\ \ \ __/_)_ / sAINTS.. WHQ \ _ //____ : __|___________________)__ _| |/ fCI..... THQ \ (__(____ ) | _______________________ (_| cAy | CANNABIS THQ ) (____ _) | | | | | (__| ' |\ / \(___ _) | _|_| ____________|_|___(_`------'/_____________________\__ (____)___ _j (____) ÷===========================================================================÷ -« uPLOADED oN: 22-May-96 aT: 21:48:42 »-----------------« rOAD-aDDER V1.0 »- ______ _____ _____ ___.-___ __ _____ _____ ______ _) _Y _Y _Y (__) | _Y __Y _Y (_ \_ | \_ | \_ l_\_ _/\_ \_ _/\_ l_\_ | _/ | | | | | | l | | | l | | | | | l__| l_____l__| l__ l__| l__ l__| l__| | `--' `--' `--' `--' `--' ______ _____ ___.-______ _____ _____ _) ._ Y_ _Y (__) _Y _Y __| \_ |/ / | \_ | \_ | \_ |_\_ _/_ | __/ . | l | . | l | l | l__| l__| l__ l__| l__ l__ | 2F `--' `--' `--' `--' `--' 3nds Ringdown loaded with AMIGA/ASCII/CONSOLE/PSX/MAC 4040 26mb 2.5gb cd-rom 33.6ds 33.6ds 28.8ds * MOT!ON HQ * ROYAL DKHQ * TRADERS DREAM HQ * STYLE HQ * * TRSI RECORDZ DKHQ * DREAMCHART HQ * HOODLUM DK HQ * * DATA DIVISION EHQ * POLKA BROS.WHQ * PUZZLE WHQ * THE PROTECTORS ARE: ZINKO^PLAYMATE^SISko^BILBO BAGGIn^NEIL/FLT^BLACK PANTHER/PSG UFOK/MsT^LsD^PsG^iHS^FURY/PSG/M!/SYS/HLM^DELIVERYMAN <0> +45 58ASK4IT <0> .. . oo OOOOOOOO oo . .. Virus Help Team Denmark .. . oo OOOOOOOO oo . .. ^^^^^^^^^^^^^^^^^^^^^^^ BBS : +45 4659 6867 SysOp: Jan Andersen Modem : USR 33.6 V.FC AmyNET: 39:141/142.0 Open : 24 Hours VirNET: 9:451/247.0 Country: Denmark FidoNET: 2:235/112.0 Please support us with all the new and old virus that you find so that we can support the antivirus programmers. You are very welcome to mail to our BBS. Every Amiga Virus that is uploaded to Virus Help Team Denmark's BBS, will be send directly to the anti-virus programmers all over the world. Every PC Virus that is uploaded to Virus Help Team Denmark's BBS will be send to Virus Test Center, in Hamburg, Germany. ------------------------------------------------------------------------ Hi #? A new linkvirus appeared on 17.05. in Austria, Finland and Sweden. it`s called Hitch Hiker 1.10 linkvirus. Here the analyse of it: Entry...............: Hitch Hiker 1.10 Alias(es)...........: none Virus Strain........: - Virus detected when.: 18.05.1996 where.: Austria, Finland Classification......: Linkvirus,memory-resident, not reset-resident Length of Virus.....: 1. Length on storage medium: ca. 1700 Bytes (uses a primitiv polymorphic technic) 2. Length in RAM: 3000 Bytes --------------------- Preconditions ------------------------------------ Operating System(s).: AMIGA-DOS Version/Release.....: 2.04 and above (V37+) Computer model(s)...: all models/processors (MC68000-MC68060) --------------------- Attributes --------------------------------------- Easy Identification.: none Type of infection...: Self-identification method in files: - none Self-identification method in memory: - searches for $ABBAFAb4 at LastAlert(Exec) System infection: - infects the following functions: Dos LoadSeg(), Dos Write() (librarychecksum will be recalculated) Infection preconditions: - Device must have more than 8000 sectors and is smaller than $20000 bytes or file is bigger than $8000 bytes - HUNK_HEADER and HUNK_CODE are found - device is validated - 10 free blocks on the device - hunk_code must contain the same length as in the header. Infection Trigger...: Accessing files via LoadSeg() or Write() Files containing a "." or a "-" will be not infected. Storage media affected: all DOS-devices Interrupts hooked...: None Damage..............: Permanent damage: - none Transient damage: - none Damage Trigger......: Permanent damage: - none Transient damage: - None Particularities.....: The crypt/decrypt routines are partly aware of processor caches. The cryptroutine are non polymorphic and only consists of some logical stuff. The virus uses some special things at the fileinfection (buggy) and at the library opencode. Similarities........: Link-method is comparable to the method invented with the infiltrator-virus. Stealth.............: no stealth functions found Armouring...........: The virus uses only a single armouring technique to confuse people. It only crypts it`s code and uses a very simple length polymorphism code. The heuristic scanner of VirusWorkshop detects this one already as virus. Comments............: The first infected file is probably lzx121crk.lha. This is the old SHOOT version of LZX1.21r with the infected file. As I got reports from Austria and Finland, I suppose it has gone through internet channels as this file didn`t appear on scene boards. --------------------- Agents ------------------------------------------- Countermeasures.....: VW6.1 above Standard means......: - --------------------- Acknowledgement ---------------------------------- Location............: Hannover, Germany 19.05.1996. Classification by...: Markus Schmall and Heiner Schneegold Documentation by....: Markus Schmall (C) Date................: May,19. 1996 Information Source..: Reverse engineering of original virus Copyright...........: This document is copyrighted and may be not used in any SHI publication ===================== End of Hitch-Hiker 1.10 ========================= VW 6.1 (release on 19.5. in the evening hours) is able to remove this little bastard. Special note: The heuristic scanner of VW 6.0 already detected this one (see v-nl19.txt on the boards). Greets Markus Schmall ------------------------------------------------------------------------- .. . oo OOOOOOOO oo . .. Virus Help Team Denmark .. . oo OOOOOOOO oo . .. ^^^^^^^^^^^^^^^^^^^^^^^ BBS : +45 4659 6867 SysOp: Jan Andersen Modem : USR 33.6 V.FC AmyNET: 39:141/142.0 Open : 24 Hours VirNET: 9:451/247.0 Country: Denmark FidoNET: 2:235/112.0 Please support us with all the new and old virus that you find so that we can support the antivirus programmers. You are very welcome to mail to our BBS. Every Amiga Virus that is uploaded to Virus Help Team Denmark's BBS, will be send directly to the anti-virus programmers all over the world. Every PC Virus that is uploaded to Virus Help Team Denmark's BBS will be send to Virus Test Center, in Hamburg, Germany. . this file has been frozen inside . . : ____ _|_ __ : : \/ \ / \/, : : ______ ______ ______ ____ _____ ______ ______ ______: __) _ (____) __ (____) _ (__) (__ __) /_____) ___( __) _ (__) _ (__ / / _ ( _ __ __/_/ _ / _ __(__/ __ / / \___/ /\____ /\___/ \____ ( \___/ /\____ _____/ \___/ / : )___/gdm-)____/ /____/ )______/ /____/ )____/lkr/____/ )___/: : _ _ : : - - -)_)- P · A · L · A · C · E -(_(- - - : : : `----------------.- t.h.e.n.o.r.t.h.e.r.n.p.a.l.a.c.e -.-----------------' _::_ 3nds ringdown loaded with amiga/ascii/console/psx/mac _::_ \/ 4040 26mb 2.5gb cd-rom 33.6ds 33.6ds 28.8ds \/ motion · royal · traders dream · trsi recordz · dreamchart · hoodlum dkhq style · data division headquarter · polka bros. · puzzle world headquarter! . - - board dedushka-morozes - - . : : zinko · playmate · sisko · bilbo baggins/m! · neil/flt · deliveryman ufok/cqt^mst^lsd^psg^crx · fury/psg/m! · black panther/psg : : . -^- - -santa +45-58aSKyARSELF- - -^- . . . .oO pC > aMIGA cONVERTED wITH FID v3.o bY fLI7e/sAD Oo. .oO dE-rOADHOGGED wITH FID v3.o bY fLI7e/sAD Oo. @BEGIN_FILE_ID.DIZ _________ _ ____/"""./###/____)\_____________ /"""/ //_______ /"""/""./"___/_HELP! / / //"""/" / // / //____ \_ \ // / ____/ / //""""/X\@!/ \_____/\__/___/ ""\______/_________/ --><!VIRUS!<></____/-><>-!WARNING!-<><-- New LinkVirus Found "Hitch Hiker" >>>----------------------------------<<< +:+ Thiz File Leeched From DEATh FIELd! +:+ @END_FILE_ID.DIZ ÷===========================================================================÷ S I M P L Y T H E F A Z T E Z T A R O U N D ! ! .: : : =___ :. :| | l___ _\\\ || !| ____| ____ ____ | \/\ |: || (______| || |__| !. || |:|____||____|:| ____________:__ || |:| o || o |:| /(___/ `-----|__) || ___l.|____||____|.!___ /uZi __|-' || (__ ( `----' ) __) (___ __ ___/__! || / \ `------' / \ / \(__)_/ || / / \__________/ \ \/ \_)__) :. || / (__ __) _/\ |(___)_.: || (__ / dEATh fIELd \ / \\_|___|__): || / /#1:+90-212-ASK4IT!\/ \ \ `---' :! || __/___ ( #2:+90-212-6242242 ) \___/ !| |l(______\__\__________________/______/_______|| l________________________________________tURBo_| ÷[ D E A T H F I E L D ]÷ SAINTS WHQ ÷ FLYING COWS THQ ÷ CANNABIS THQ ÷===========================================================================÷ -« uPLOADED oN: 22-May-96 aT: 21:48:42 »-----------------« rOAD-aDDER V1.0 »-