| Alias: | --- |
| Strain: | --- |
| detected when: | May 1989 |
| where: | |
| Classification: | System (Boot sector) Virus, Reset-resident |
| Length: | 512 Bytes |
Preconditions | |
| Operating System(s): | Atari TOS |
| Version/Release: | all TOS versions |
| Computer model(s): | All Atari ST |
| Caroname: | PIRATE_TRAP |
Attributes | |
| Easy identification: | In memory behind screen memory and in the boot sector, the following string can be found.: "*** The Pirate Trap *** * Youre being watched * *** [C] P.M.S. 1987 ***" |
Type of Infection: | Boot sector of drive A. |
| Infection Technique: | |
| Infection Trigger: | Execution of XBIOS floprd on bootsector of drive A. Execution of boot code. |
| Storage Media affected: | Drive A. |
| Interrupts hooked: | TRAP #14 XBIOS, reset vector. |
| Stealth: | |
| Tunneling/Selfprot: | |
| Oligo/Polymorphism: | |
| Encoding Method: | |
| Damage: | The the message mentioned above appears on screen, and the computer waits for a keystroke; then, the computer continues execution. |
| Damage Trigger: | Internal counter = 0. |
| Particularities: | A lower counter on disk than the one in memory is not changed. |
| Similarities: | --- |
Agents | |
| Countermeasures: | Make sure that the virus is not in memory. Search boot sector for the string mentioned above. Modify the last byte in boot sector to another value. |
| Standard means: | Clear all bytes in boot sector beginning at offset 30 decimal. |
Acknowledgements | |
| Location: | Virus Test Center, University of Hamburg, FRG |
| Classification by: | Ronald Greinke |
| Documentation by: | Ronald Greinke |
| Date: | 5-June-1990 |
| Information Source: | George R. Woodside |
(c) 1996 Virus-Test-Center, University of Hamburg