| Alias: | --- |
| Strain: | --- |
| detected when: | January 1989 |
| where: | Elmshorn, FRG |
| Classification: | link virus (extending), resident |
| Length: | 1. length on storage medium: 1060 byte + 36 byte (hunk) 2. length in RAM : 1060 byte + 36 byte (hunk) |
Preconditions | |
| Operating System(s): | AMIGA-DOS |
| Version/Release: | 1.2/33.166, 1.2/33.180 and 1.3/34.20 |
| Computer model(s): | AMIGA 500, AMIGA 1000, AMIGA 2000A, AMIGA 2000B |
| Caroname: | IRQ.1 |
Attributes | |
| Easy identification: | typical text: --- others: allocates 100.000 byte of workspace during infection of files |
Type of Infection: | self-identification method: $fffe6100 at 2nd word of virus (without hunk table) system infection: extending executable file, RAM resident, reset resident, EXEC library |
| Infection Technique: | |
| Infection Trigger: | usage of OldOpenLibrary routine of exec library |
| Storage Media affected: | any available storage medium |
| Interrupts hooked: | --- |
| Stealth: | |
| Tunneling/Selfprot: | |
| Oligo/Polymorphism: | |
| Encoding Method: | |
| Damage: | permanent damage: causes some overlay programs to malfunction because of altered offsets in hunk table; DIR command of CLI is infected (stan- dard file); 1st file used in startup-sequence of inserted disk is infected (random file); use of a nearly full disk may cause a read/write error when the infected file won't fit on disk, this disk may not be repaired. transient damage: screen buffer manipulation: changes window title of actual window: 'AmigaDOS presents:a new virus by the IRQ-Team V41.0' |
| Damage Trigger: | permanent damage: usage of OldOpenLibrary routine of exec library transient damage: by random |
| Particularities: | only infects files with a maximum length of 99.999 byte; uses SetFunction routine of exec library to modify entry of the OldOpenLibrary routine; other resident programs using the system resident list (KickTagPointer, KickMemPointer) are shut down. |
| Similarities: | --- |
Agents | |
| Countermeasures: | 'CHECKVECTORS 2.2' with 'RemIRQ', 'KV', 'LINKKILLER' or 'IRQKILLER', 'VIRUSX 4.0', 'DVICE PLUS' |
| Standard means: | 'CHECKVECTORS 2.2', 'IRQKILLER' |
Acknowledgements | |
| Location: | Virus Test Center, University Hamburg, FRG |
| Classification by: | Alfred Manthey Rojas |
| Documentation by: | Alfred Manthey Rojas |
| Date: | 5-June-1990 |
| Information Source: | --- |
(c) 1996 Virus-Test-Center, University of Hamburg