| Alias: | |
| Strain: | Silly Willy (Trojan/Virus) Strain |
| detected when: | March 92 |
| where: | Munich, Germany |
| Classification: | Trojan |
| Length: | 803 Bytes |
Preconditions | |
| Operating System(s): | IBM PC & Compatibles |
| Version/Release: | DOS 2.x and above |
| Computer model(s): | IBM PC, XT, AT and upwards, and compatibles |
| Caroname: | Silly_Willy.Killed |
Attributes | |
| Easy identification: | --- |
Type of Infection: | --- |
| Infection Technique: | |
| Infection Trigger: | --- |
| Storage Media affected: | Any floppy diskette, hard disk |
| Interrupts hooked: | --- |
| Stealth: | |
| Tunneling/Selfprot: | |
| Oligo/Polymorphism: | |
| Encoding Method: | |
| Damage: | Transient/Permanent damage: The trojan displays a face, telling that he is Silly Willy and right now formatting the hard disk. But instead, it writes a hidden file, so the user observes some hard disk activities. The hidden file has a length between 154,622 and 459,952 bytes and contains the text "The User of This Computer Is Stupid!". After some time, another message will appear: "ERROR: o SYSTEM found! No Files on drive C: Insert SYSTEM diskette in drive A: and push a key!" After pushing a key, the first 9 sectors on the first five tracks will be overwritten with the text "The User of This Computer Is Stupid!" Then, the system hangs. |
| Damage Trigger: | Starting a trojanized EXE-file |
| Particularities: | Silly Willy Trojan is dropped by Silly Willy Virus which overwrites EXE files with trojan. |
| Similarities: | --- |
Agents | |
| Countermeasures: | Solomon FindViru 4.23, Antivir from H&B-EDV |
| Standard means: | Delete/replace trojanized files with clean ones. |
Acknowledgements | |
| Location: | Virus Test Center, University Hamburg, Germany Siemens Nixdo |
| Classification by: | Toralv Dirro (VTC), Ralph Dombach (SNI) |
| Documentation by: | Toralv Dirro |
| Date: | 16-July-92 |
| Information Source: | Original virus analysis |
(c) 1996 Virus-Test-Center, University of Hamburg