| Alias: | -- |
| Strain: | |
| detected when: | |
| where: | |
| Classification: | linkvirus (extending) |
| Length: | 2320 bytes |
Preconditions | |
| Operating System(s): | AMIGA-OS |
| Version/Release: | all system releases |
| Computer model(s): | all models |
| Caroname: | Qrdl_1_1 |
Attributes | |
| Easy identification: | -- |
Type of Infection: | |
| Infection Technique: | |
| Infection Trigger: | starting of infected program |
| Storage Media affected: | |
| Interrupts hooked: | |
| Stealth: | |
| Tunneling/Selfprot: | |
| Oligo/Polymorphism: | |
| Encoding Method: | |
| Damage: | Permanent damage: 1) infects first program called in the "df0:startup-sequence" 2) marking disk as full by overwriting the disk BitMap Transient damage: clearing CoolCapture Vector |
| Damage Trigger: | Permanent damage: 1) first OpenWindow call 2) unsuccessfull try of 1) Transient damage: starting of infected program |
| Particularities: | The hooked system calls are only used ones. The first call to each of them results into an dehooking of the particular system call. |
| Similarities: | -- |
Agents | |
| Countermeasures: | VirusChecker 6.55 (calls it "QrdlV"), VirusZ II 1.15, VirusWorkshop 5.1 (calls it "Qrd 1.1"), VT 2.74, SiegFried AP 1.2 |
| Standard means: | VirusWorkshop 5.1, VT 2.74 |
Acknowledgements | |
| Location: | Virus Test Center, University Hamburg, Germany |
| Classification by: | Karim Senoucci & Jens Vogler |
| Documentation by: | Jens Vogler |
| Date: | 27. VI. 1995 |
| Information Source: | reverse engeneering of original virus |
(c) 1996 Virus-Test-Center, University of Hamburg