| Alias: | REDX-Virus |
| Strain: | |
| detected when: | West-Germany |
| where: | June 1990 |
| Classification: | Program virus, direct action COM infector |
| Length: | 796 bytes added to COM files |
Preconditions | |
| Operating System(s): | MS-DOS |
| Version/Release: | 2.0 and up |
| Computer model(s): | Any IBM-compatibles |
| Caroname: | Ambulance.A |
Attributes | |
| Easy identification: | --- |
Type of Infection: | Direct action COM infection. The virus tries to find two victims which it randomly selects in the current directory or via the PATH variable in the environment. Thus by in- voking an infected file, either none, one or two files can be infected. |
| Infection Technique: | |
| Infection Trigger: | Loading of an infected file. |
| Storage Media affected: | |
| Interrupts hooked: | --- |
| Stealth: | |
| Tunneling/Selfprot: | |
| Oligo/Polymorphism: | |
| Encoding Method: | |
| Damage: | If the lowest 3 bits of the generation counter (incremented upon each infection attempt) contain 110b (110 is the German police phone number), an ambulance car is running from left to right across the bottom of the screen and the typical siren sound is played by the speaker. The car is made up of block graphic characters and has a flashing light on top. A flag is set, and the police car will not run until the next bootup. |
| Damage Trigger: | |
| Particularities: | The inhibit flag for the car collides with the LPT3: base address. (This will usually not be not installed.) |
| Similarities: | |
Agents | |
| Countermeasures: | |
| Standard means: | |
Acknowledgements | |
| Location: | Micro-BIT Virus Center RZ Universitaet Karlsruhe |
| Classification by: | Christoph Fischer |
| Documentation by: | Christoph Fischer |
| Date: | 24-June-1990 |
| Information Source: | |
(c) 1996 Virus-Test-Center, University of Hamburg