UA Dialer 2.8g BBS Trojan - Amiga Virus Encyclopedia

VIRUS HELP TEAM



    -------------------------
    Amiga Virus Encyclopedia
    UA Dialer 2.8g BBS Trojan
    -------------------------
    

    Dialer 2.8g Virus:
    Other name: BBS NoCallerAt300
    
    This is a trojan horse for  AmiExpress. The SysopPW  will be  taken
    and put in the file "nocallersat300". Now the hacker can simply get
    the PW (when getting connected with 300 baud) and enter the BBS.
    The UADialer 2.8 is a bluebox. Therefore I did not code  a  repair-
    routine for this virus.  Blueboxing is a crime and I do not want to
    support it.
    Due to the fact that it is spread in a crunched executable file, VW
    will only recognize the crunched file.

    The crunched  executable  file does  not work  an a A4000 (MC68040)
    with activated CACHES.


    VirusStart:
    dosbase         DC.B        0
                    DC.B        0
                    DC.W        0
    filehandle      DC.W        0
                    DC.W        0
    destfilehandle  DC.W        0
                    DC.W        0
    memblock
                    dcb.l        40,0
    dosname         DC.B        'dos.library',0
    username        DC.B        'bbs:user.data',0
    desttext        DC.B        'bbs:node1/NOCALLERSAT300',0


    A little script,made with DosTouch,which shows us the inner
    workings of the Dialer28g:


              Load   ram:dialer
    ->        Open   bbs:user.data             Openmode:OLD
    ->        Open   bbs:node1/NOCALLERSAT300  Openmode:OLD
              CProc  DIALER-TASK
              Open   s:UADial.pref             Openmode:OLD
              Open   s:UADial.prefs            Openmode:OLD
              Open   s:UADial.conf             Openmode:OLD


    Detection and Termination tested on 18.03.93.

    This virus (like most BBS trojans) should only work with AmiExpress
    1.x and 2.x because the  structures of  AmiExpress 3.x are a little
    bit different, aren`t they ?

    Removal: Kickstart 1.2 & 1.3 : VT-Schutz v3.17
             Kickstart all others: VirusZ III with Xvs.library installed


    Test by Markus Schmall


    


Virum Help Team
Denmark & Canada
Copyright © All rights reserved
www.vht.dk