| Alias: | --- |
| Strain: | --- |
| detected when: | --- |
| where: | --- |
| Classification: | system virus (bootblock), resident |
| Length: | 1. Length on storage medium: 1024 bytes 2. Length in RAM: 1032 bytes |
Preconditions | |
| Operating System(s): | AMIGA-OS |
| Version/Release: | all system releases |
| Computer model(s): | all models |
| Caroname: | BlackFlash_2_0.Original |
Attributes | |
| Easy identification: | text visible in bootblock: "blackflash virus V2.0" |
Type of Infection: | System infection: RAM resident, reset resident, bootblock |
| Infection Technique: | |
| Infection Trigger: | reset |
| Storage Media affected: | only floppy disks |
| Interrupts hooked: | DoIO vector of exec-library, CoolCapture |
| Stealth: | |
| Tunneling/Selfprot: | |
| Oligo/Polymorphism: | |
| Encoding Method: | |
| Damage: | Permanent damage: overwriting bootblock Transient damage: screen buffer manipulation; virus shows graphical demo displaying the text: "HELLO, I AM AMIGA ! PLEASE HELP ME ! I FEEL STICK ! I HAVE A VIRUS ! ! BY BLACKFLASH !" |
| Damage Trigger: | Permanent damage: reset Transient damage: 19th disk access via DoIO |
| Particularities: | a resident program using the CoolCapture vector is shut down; virus allocates its memory after first reset via AllocAbs(); screen buffer manipulation is done using system calls rather than direct hardware access |
| Similarities: | --- |
Agents | |
| Countermeasures: | Virus Workshop V3.0, VirusChecker V6.33, VT 2.58, VirusZ 3.07 |
| Standard means: | VT 2.58, Virus Workshop V3.0 |
Acknowledgements | |
| Location: | Virus Test Center, University of Hamburg, Germany |
| Classification by: | Karim Senoucci |
| Documentation by: | Karim Senoucci |
| Date: | 14-December-1993 |
| Information Source: | Virus analysis |
(c) 1996 Virus-Test-Center, University of Hamburg