| Alias: | --- |
| Strain: | --- |
| detected when: | AUGUST 1990 (when VTC received virus copy) |
| where: | North Germany |
| Classification: | system virus (bootblock), resident |
| Length: | 1. length on storage medium: 1024 byte 2. length in RAM : 1024 byte |
Preconditions | |
| Operating System(s): | AMIGA-DOS |
| Version/Release: | 1.2/33.166, 1.2/33.180 and 1.3/34.20 |
| Computer model(s): | AMIGA 500, AMIGA 1000, AMIGA 2000A, AMIGA 2000B |
| Caroname: | Jitr.Original |
Attributes | |
| Easy identification: | typical text: "JITR" at 3rd bootblock longword, and "Copy count :", "I'm a safe virus! Dont kill me! I want to travel! And now a joke : ATARI ST This virus is a product of JITR" at the end of bootblock |
Type of Infection: | self-identification method: testing 2nd longword (=>bootblock checksum for matching own one); system infection: RAM resident, reset resident, bootblock |
| Infection Technique: | |
| Infection Trigger: | every access to unprotected disks |
| Storage Media affected: | only floppy disks (3.5" and 5.25") |
| Interrupts hooked: | --- |
| Stealth: | |
| Tunneling/Selfprot: | |
| Oligo/Polymorphism: | |
| Encoding Method: | |
| Damage: | permanent damage: overwriting bootblock transient damage: --- |
| Damage Trigger: | permanent damage: every access to unprotected disks |
| Particularities: | a resident program using the CoolCaptureVector is shutdown, DoIO is modified and points to virus DoIO routine first; JITR seems to be shortest AMIGA virus, occupying only 498 byte of bootblock, though 1024 bytes are allocated in RAM; copy counter at offset $017A |
| Similarities: | --- |
Agents | |
| Countermeasures: | CHECKVECTORS 2.2, GUARDIAN 1.2, VIRUS-DETEKTOR 1.1 |
| Standard means: | CHECKVECTORS 2.3 |
Acknowledgements | |
| Location: | Virus Test Center, University Hamburg, Germany |
| Classification by: | Alfred Manthey Rojas |
| Documentation by: | Alfred Manthey Rojas |
| Date: | 10-February-1991 |
| Information Source: | --- |
(c) 1996 Virus-Test-Center, University of Hamburg