| Alias: | --- |
| Strain: | (Weakly related to Lamer strain) |
| detected when: | --- |
| where: | --- |
| Classification: | System Virus (Bootblock,Resident) |
| Length: | 1.Length(Byte)on storage medium:1024 Byte 2.Length(Byte)in RAM: 30 Byte at $60000 + $500 Byte at $7f300 |
Preconditions | |
| Operating System(s): | AMIGA-DOS |
| Version/Release: | 1.2 only (absolute DoIO) |
| Computer model(s): | AMIGA 500,1000,2000 |
| Caroname: | Lamer.Hilly |
Attributes | |
| Easy identification: | --- |
Type of Infection: | Bootblock, overwriting without checks |
| Infection Technique: | |
| Infection Trigger: | Reset |
| Storage Media affected: | All devices controlled through DOIO-requests Diskettes + some harddisks |
| Interrupts hooked: | VBI hooked to reserved function calls in Sysbase |
| Stealth: | |
| Tunneling/Selfprot: | |
| Oligo/Polymorphism: | |
| Encoding Method: | |
| Damage: | Overwriting bootblocks, every second infection generates a random number and overwrites this block with the virus code. Overwriting memory sections without previous allocation. |
| Damage Trigger: | 2nd infection (2nd boot with unprotected media) |
| Particularities: | Checks for special kickstart version (patched at $fc0090) |
| Similarities: | Damage routing adapted from Lamer bootvirus strain. |
Agents | |
| Countermeasures: | AVM0.235(internal product),VT2.40,VC6.03 |
| Standard means: | VC6.03 |
Acknowledgements | |
| Location: | Virus Test Center, University Hamburg, FRG |
| Classification by: | S. Freitag |
| Documentation by: | S. Freitag |
| Date: | 17.12.1992 |
| Information Source: | Original virus code |
(c) 1996 Virus-Test-Center, University of Hamburg