Glasnost.FastEddie.Infector

Alias:-
Strain:Glasnost
detected when:-
where:-
Classification:systemvirus (bootblock), resident
Length:1. Length on storage medium: 1024 bytes 2. Length in RAM: 2048bytes

Preconditions

Operating System(s):AMIGA-OS
Version/Release:all system releases
Computer model(s):all models
Caroname:Glasnost.Fast_eddie.Infector

Attributes

Easy identification:typical text: '!IN!'

Type of Infection:

Infection Technique:
Infection Trigger:booting from infected disk
Storage Media affected:
Interrupts hooked:
Stealth:
Tunneling/Selfprot:
Oligo/Polymorphism:
Encoding Method:
Damage:Permanent damage: overwriting bootblock and a part of a second block up to bock 1530 (this second block will be named by a random number) Transient damage: 1) overwriting memory at $7f000, clearing CoolCapture Vector, overwriting KickTag Pointer 2) hooking DoIO 3) hooking Interrupt Level 3 call 4) overwriting the colour registers 1 to 3 with zeros and the colour register 0 with the actual vertical beam position and locking up the computer with an endless loop (refreshing only the colour 0 value) 5) writing $FF to address $BFEE00 which may confuse system timing
Damage Trigger:Permanent damage: reading rootblock of uninfected and unwriteprotected disk Transient damage: 1) booting from infected disk 2) Reset 3) first reading of a rootblock 4) 60000th Interrupt 3 5) 45000th Interrupt 3
Particularities:This is just a primitive Glasnost.FastEddie.Original clone. Only the texts in the coded part (and the "typical text") has been changed.
Similarities:---

Agents

Countermeasures:VirusChecker 6.55, VScan V2.4, VT 2.74, VirusZ II 1.15, VirusWorkshop 5.1, SiegFried AP 1.2 (most of them calls it FastEddi)
Standard means:VirusWorkshop 5.1, VT 2.74

Acknowledgements

Location:Virus Test Center, University Hamburg, Germany
Classification by:Jens Vogler
Documentation by:Jens Vogler
Date:26. VI. 1995
Information Source:reverse engeneering of original virus

(c) 1996 Virus-Test-Center, University of Hamburg