ByteParasite.3

Alias:--
Strain:ByteParasite detected when.: -- where.: --
detected when:
where:
Classification:bomb (=destructive program)
Length:1. Length on storage medium: 2160 byte 2. Length in RAM: 11760 byte

Preconditions

Operating System(s):AMIGA-OS
Version/Release:all system releases
Computer model(s):all models
Caroname:Byteparasite.3

Attributes

Easy identification:Typical text: 'BYTEPARASITE III in 9.91 by Hacker & Cracker GmbH',0 ' GERMANY',0,0 'Virus-Checker V3.0 by Michael Ortmanns',0 'Checking DF0: For Viruses',0

Type of Infection:

Infection Technique:
Infection Trigger:start to program
Storage Media affected:
Interrupts hooked:
Stealth:
Tunneling/Selfprot:
Oligo/Polymorphism:
Encoding Method:
Damage:Permanent damage: 1) deleting existing copies of original Virus-Checker 2) writing 2000 bytes at a random place of disk df0: Transient damage: 1) overwriting KickMemPtr, CoolCapture and Level3 Irq 2) clearing ColdCapture, WarmCapture and KickTagPtr, overwriting KickMemPtr 3) overwriting CoolCapture and KickCheckSum
Damage Trigger:Permanent damage: 1) inserting a disk or reseting the computer 2) every 7th successful try to copy the bomb as: 'c/Virus-Checker',0 Transient damage: 1) during the "normal" program execution 2) during CoolCapture routine (after a reset) and every Level 3 interrupt 3) every Level 3 interrupt
Particularities:this bomb (tries to) imitates the Virus-Checker
Similarities:looks like a prerelease of the Compuphagozyte.1_1452

Agents

Countermeasures:VirusZ II 1.09, VT 2.67, Virus Checker 6.43, Virus Workshop 3.6
Standard means:VirusZ II 1.09, VT 2.67, Virus Checker 6.43, Virus Workshop 3.6

Acknowledgements

Location:Virus Test Center, University Hamburg, Germany
Classification by:Jens Vogler
Documentation by:Jens Vogler
Date:1-July-1994
Information Source:reverse engeneering of original bomb

(c) 1996 Virus-Test-Center, University of Hamburg