TURK Virus

Alias:---
Strain:---
detected when:APRIL 1990
where:Australia
Classification:System virus (bootblock), memory resident
Length:1.Length on storage medium: 1024 byte 2.Length in RAM : 1024 byte

Preconditions

Operating System(s):AMIGA-DOS
Version/Release:1.2/all, 1.3/all, 2.0/all, 3.0/all
Computer model(s):All AMIGA models (see particularities)
Caroname:Turk.Original

Attributes

Easy identification:Typical text: "TURK", "Amiga Failure... Cause: TURK VIRUS Version 1.3!"

Type of Infection:

System infection: RAM resident, reset resident, bootblock

Infection Technique:
Infection Trigger:1) Reset (CONTROL+Left-AMIGA+RIGHT-AMIGA) 2) Operation: any disk access
Storage Media affected:Only floppy disks (3.5" and 5.25")
Interrupts hooked:---
Stealth:
Tunneling/Selfprot:
Oligo/Polymorphism:
Encoding Method:
Damage:Permanent Damage: virus overwrites bootblock and destroys 880 blocks by overwriting them with unformated sequence of data from RAM thus causing read/write error on affected storage media. Transient Damage: screen buffer manipulation: alert box after formating a disk.
Damage Trigger:Permanent damage: reset. Transient damage: any disk access.
Particularities:1) Resident programs using the CoolCaptureVector or KickTagPointer are shutdown. 2) Virus overwrites autovectors 64, 192, 200 and 201 to store data. 3) Problems may arise on machines which set VBR of CPU to a non-zero value as the autovector addresses used in virus point to public memory.
Similarities:See TURK.Color Dropper Trojan (dropping this virus)

Agents

Countermeasures:VT 2.54
Standard means:VT 2.54

Acknowledgements

Location:Virus Test Center, University Hamburg, Germany
Classification by:Original entry: Oliver Meng (February 20,1990) Update:
Documentation by:Oliver Meng, Karim Senoucci
Date:31-July-1993
Information Source:Reverse analysis of virus / SHI

(c) 1996 Virus-Test-Center, University of Hamburg