| Alias: | --- |
| Strain: | --- |
| detected when: | March 1989 |
| where: | Elmshorn, FRG |
| Classification: | system virus (bootblock), resident |
| Length: | 1. length on storage medium: 1024 byte 2. length in RAM : 1024 byte |
Preconditions | |
| Operating System(s): | AMIGA-DOS |
| Version/Release: | 1.2/33.166, 1.2/33.180, 1.3/34.5 |
| Computer model(s): | AMIGA 500, AMIGA 1000, AMIGA 2000A, AMIGA 2000B |
| Caroname: | Vkill.1 |
Attributes | |
| Easy identification: | typical text: -- virus feature: 'VKILL 1.0' requester before opening CLI and detecting a virus or a non- standard bootblock (see below) |
Type of Infection: | self-identification method: --- system infection: RAM resident, reset resident, bootblock |
| Infection Technique: | |
| Infection Trigger: | reset (CONTROL + Left-AMIGA + RIGHT-AMIGA) operation: on bootable standard bootblocks: any access on bootblock sectors (blocks 0,1) created using normal file system and new fast file system; on nonstandard bootblocks: when detecting a virus or a nonstandard bootblock AND 'VKILL 1.0' request AND positive answer |
| Storage Media affected: | only floppy disks (3.5" and 5.25") |
| Interrupts hooked: | --- |
| Stealth: | |
| Tunneling/Selfprot: | |
| Oligo/Polymorphism: | |
| Encoding Method: | |
| Damage: | permanent damage: overwrites bootable standard bootblocks; simulates bootable standard boot- blocks when examined with any tool transient damage: screen buffer manipulation: 'VKILL 1.0' requester before opening CLI and detecting a virus or a nonstandard bootblock (see below) |
| Damage Trigger: | permanent damage: reset operation on bootable standard bootblocks: any access on bootblock sectors (blocks 0,1) operation on nonstandard bootblocks: when detecting a known virus or a nonstandard boot- block (see below) AND 'VKILL 1.0' request AND positive answer transient damage: when detecting a known virus or a nonstandard bootblock (see below) |
| Particularities: | a resident program using the CoolCaptureVector is shut down; detects BYTE BANDIT, SCA (and SCA clones) and nonstandard bootblocks; detects standard bootblocks of the new fast filing system ('DOS' + $01); virus encodes itself using ascii characters ' Ken' as key |
| Similarities: | --- |
Agents | |
| Countermeasures: | without restrictions: 'CHECKVECTORS 2.2', 'VIRUSX 4.0' with restrictions: 'GUARDIAN 1.2' |
| Standard means: | 'CHECKVECTORS 2.2' |
Acknowledgements | |
| Location: | Virus Test Center, University Hamburg, FRG |
| Classification by: | Wolfram Schmidt |
| Documentation by: | Alfred Manthey Rojas |
| Date: | 5-June-1990 |
| Information Source: | --- |
(c) 1996 Virus-Test-Center, University of Hamburg