| Alias: | --- |
| Strain: | Leviathan detected when.: -- where.: -- |
| detected when: | |
| where: | |
| Classification: | companion virus (directory & bootblock) |
| Length: | 1. Length on storage medium: a) as bootblock: 1024 bytes b) as file: 1056 bytes 2. Length in RAM: 4096 bytes |
Preconditions | |
| Operating System(s): | AMIGA-OS |
| Version/Release: | all system releases |
| Computer model(s): | all models |
| Caroname: | Leviathan |
Attributes | |
| Easy identification: | typical text: '-=- LEVIATHAN -=-' |
Type of Infection: | |
| Infection Technique: | |
| Infection Trigger: | booting from infected drive |
| Storage Media affected: | |
| Interrupts hooked: | |
| Stealth: | |
| Tunneling/Selfprot: | |
| Oligo/Polymorphism: | |
| Encoding Method: | |
| Damage: | Permanent damage: 1) overwrites bootblock 2) new entry into the "startup-sequence" and a new file in the "sys:s" directory Transient damage: overwriting CoolCapture vector |
| Damage Trigger: | Permanent damage: 1) reading rootblock of a non writeprotected disk 2) using OldOpenLibrary system call Transient damage: booting from infected drive |
| Particularities: | -- |
| Similarities: | -- |
Agents | |
| Countermeasures: | VirusChecker 6.55, VirusZ II 1.15, VirusWorkshop 5.1, VT 2.74 |
| Standard means: | VirusWorkshop 5.1, VT 2.74 or use install against bootblock version, delete file with the name ASCII($C0) in SYS:S directory and the startup-sequence entry |
Acknowledgements | |
| Location: | Virus Test Center, University Hamburg, Germany |
| Classification by: | Jens Vogler |
| Documentation by: | Jens Vogler |
| Date: | |
| Information Source: | reverse engeneering of original virus |
(c) 1996 Virus-Test-Center, University of Hamburg