| Alias: | --- |
| Strain: | Glasnost |
| detected when: | --- |
| where: | --- |
| Classification: | systemvirus (bootblock), resident |
| Length: | 1. Length on storage medium: 2048 bytes 2. Length in RAM: 2048bytes |
Preconditions | |
| Operating System(s): | AMIGA-OS |
| Version/Release: | all system releases |
| Computer model(s): | all models |
| Caroname: | Glasnost.Original |
Attributes | |
| Easy identification: | typical text: 'Glasnost VIRUS by Gorba!! First release' (can be found in the second diskblock) |
Type of Infection: | |
| Infection Technique: | |
| Infection Trigger: | booting from infected disk |
| Storage Media affected: | |
| Interrupts hooked: | |
| Stealth: | |
| Tunneling/Selfprot: | |
| Oligo/Polymorphism: | |
| Encoding Method: | |
| Damage: | Permanent damage: overwriting bootblock and a part of a second block up to block 1530 (this second block will be named by a random number) Transient damage: 1) overwriting memory at $7f000, clearing CoolCapture Vector, overwriting KickTag Pointer 2) hooking DoIO 3) hooking Interrupt Level 3 call 4) locking up the computer 5) writing $FF to address $BFEE00 which may confuse system timing |
| Damage Trigger: | Permanent damage: reading rootblock of uninfected and unwriteprotected disk Transient damage: 1) booting from infected disk 2) Reset 3) first reading of a rootblock 4) 60000th Interrupt 3 5) 45000th Interrupt 3 |
| Particularities: | The virus uses two diskblocks for code that could be placed into one (what has been done in later versions). |
| Similarities: | --- |
Agents | |
| Countermeasures: | VirusChecker 6.55, VScan V2.4, VT 2.74, VirusZ II 1.15, VirusWorkshop 5.1, SiegFried AP 1.2 |
| Standard means: | VirusWorkshop 5.1, VT 2.74 |
Acknowledgements | |
| Location: | Virus Test Center, University Hamburg, Germany |
| Classification by: | Jens Vogler |
| Documentation by: | Jens Vogler |
| Date: | 26. VI. 1995 |
| Information Source: | reverse engeneering of original virus |
(c) 1996 Virus-Test-Center, University of Hamburg