| Alias: | --- |
| Strain: | --- |
| detected when: | --- |
| where: | --- |
| Classification: | BootBlock (System), Reset-Resident |
| Length: | 1.Length (1024) on storage medium 2.Length (1040) in RAM |
Preconditions | |
| Operating System(s): | AMIGA-DOS |
| Version/Release: | 1.2, 1.3, 2.0, 3.0 |
| Computer model(s): | All Amigas |
| Caroname: | JINX |
Attributes | |
| Easy identification: | - |
Type of Infection: | Self-Identification methods: - Virus checks Byte $42(Bootblock) System infection: - RAM-Resident (Vertb, Sumkickdata,td_globalvec - Reset-Resident (KickTag,KickCheckSum) |
| Infection Technique: | |
| Infection Trigger: | Acessing any floppy disk |
| Storage Media affected: | Diskettes |
| Interrupts hooked: | KICKTAG, KICKCHECKSUM, IV_VERTB, SUMKICKDATA, TD_GLOBALVEC |
| Stealth: | |
| Tunneling/Selfprot: | |
| Oligo/Polymorphism: | |
| Encoding Method: | |
| Damage: | Permanent Damage: - overwriting bootblock - headstep (trashing disk) Transient Damage: - Transient/Permanent damage: - Due to not allocating used memory-areas in the stack raange the system will probably crash. |
| Damage Trigger: | Disk-Acess, Counter |
| Particularities: | The virus is encrypted with a variable key and has stealth capabilities. The virus catches specific format-disk commands and replys an error on them. |
| Similarities: | The stealth-routine is related to the lamer strain. |
Agents | |
| Countermeasures: | VT 2.67, VW 4.0 |
| Standard means: | Replace the original bootblock with "install" |
Acknowledgements | |
| Location: | Virus Test Center, University Hamburg, FRG |
| Classification by: | S. Freitag |
| Documentation by: | S. Freitag |
| Date: | 12.7.1994 |
| Information Source: | Reverse analysis of virus-code |
(c) 1996 Virus-Test-Center, University of Hamburg