| Alias: | --- |
| Strain: | --- |
| detected when: | --- |
| where: | --- |
| Classification: | Bomb |
| Length: | 936 bytes (+ 1 byte in "virustest.data") |
Preconditions | |
| Operating System(s): | AMIGA-OS |
| Version/Release: | 1.2/all, 1.3/all |
| Computer model(s): | All AMIGA models |
| Caroname: | Virustest_936 |
Attributes | |
| Easy identification: | There is a "startup-sequence" entry called "virustest", and there is always a 2nd file called "virustest.data" with 1 byte length in root directory. If diskette is write protected, bomb will write to Shell: "User Request : Please remove write Protection and press left Mouse Button to continue.." |
Type of Infection: | --- (damage only) |
| Infection Technique: | |
| Infection Trigger: | --- |
| Storage Media affected: | Floppy disks only |
| Interrupts hooked: | --- |
| Stealth: | |
| Tunneling/Selfprot: | |
| Oligo/Polymorphism: | |
| Encoding Method: | |
| Damage: | Permanent damage: formating the floppy disk |
| Damage Trigger: | Permanent damage: starting this program with the byte in "virustest.data" counted down to zero. |
| Particularities: | Calling DosFunction with Dosbase in A5 Register can crash recent Operating System versions. |
| Similarities: | TimeBomb V0.9 (seems to be a new version) |
Agents | |
| Countermeasures: | VirusZ 3.06, VT 2.54, VirusChecker 6.26 |
| Standard means: | Delete the files "virustest", "virustest.data", and "startup-sequence" entry, or use VT 2.54. |
Acknowledgements | |
| Location: | Virus Test Center, University Hamburg, Germany |
| Classification by: | Jens Vogler |
| Documentation by: | Jens Vogler |
| Date: | 31-July-1993 |
| Information Source: | Reverse analysis of virus code |
(c) 1996 Virus-Test-Center, University of Hamburg