| Alias: | --- |
| Strain: | NORTH STAR Antivirus Virus |
| detected when: | October 1988 |
| where: | Elmshorn, FRG |
| Classification: | system virus (bootblock), resident |
| Length: | 1. length on storage medium: 1024 byte 2. length in RAM : 1024 byte |
Preconditions | |
| Operating System(s): | AMIGA-DOS |
| Version/Release: | 1.2/33.166, 1.2/33.180 and 1.3/34.20 |
| Computer model(s): | AMIGA 500, AMIGA 1000, AMIGA 2000A, AMIGA 2000B |
| Caroname: | NorthStar.2 |
Attributes | |
| Easy identification: | typical text: 'VIRUS Detected on Disk! STARFIRE/ NORTH STAR', 'OLD AntiVirus. STARFIRE/NORTH STAR', 'My AntiVirus is Better! STARFIRE/ NORTH STAR' virus feature: pressing left mouse/fire button of port 2 during system reboot, causes the power LED to blink fast; detection of some viruses (see below) |
Type of Infection: | self-identification method: 'Nort' at 19th byte, 'Star' at 25th byte, 15th word (version) system infection: RAM resident, reset resident, bootblock |
| Infection Technique: | |
| Infection Trigger: | reset (CONTROL + Left-AMIGA + RIGHT-AMIGA) |
| Storage Media affected: | only floppy disks (3.5" and 5.25") |
| Interrupts hooked: | --- |
| Stealth: | |
| Tunneling/Selfprot: | |
| Oligo/Polymorphism: | |
| Encoding Method: | |
| Damage: | permanent damage: overwrites bootblock; disks infected with a known virus can't be booted without deprotecting (and infecting) them transient damage: screen buffer manipulation: alert box when detecting a known virus or an older version of this virus |
| Damage Trigger: | permanent damage: reset transient damage: detecting a known virus (see below) |
| Particularities: | resident programs using the CoolCaptureVector or the KickTagPointer are shut down version id: 15th word copy counter: 16th word detects and counts following viruses: SCA and clones: counter (17th word) BYTE BANDIT: counter (18th word) NORTH STAR I: counter (19th word) SYSTEM Z lower than V3.0: counter (20th word) |
| Similarities: | NORTH STAR I virus |
Agents | |
| Countermeasures: | 'CHECKVECTORS 2.2', 'GUARDIAN 1.2', 'VIRUSX 4.0' |
| Standard means: | 'CHECKVECTORS 2.2' |
Acknowledgements | |
| Location: | Virus Test Center, University Hamburg, FRG |
| Classification by: | Oliver Meng |
| Documentation by: | Alfred Manthey Rojas |
| Date: | 5-June-1990 |
| Information Source: | --- |
(c) 1996 Virus-Test-Center, University of Hamburg