Darth Vader v1.1 Virus - Amiga Virus Encyclopedia

VIRUS HELP TEAM




------------------------
Amiga Virus Encyclopedia
Darth Vader v1.1 Virus
------------------------

 
== Computer Virus Catalog 1.2: DARTH VADER (V1.1) Virus (31-July-1993) =
Entry...............: Darth Vader (V1.1) Virus
Alias(es)...........: ---
Virus Strain........: ---
Virus detected when.: ---
              where.: ---
Classification......: Memory resident File virus
Length of Virus.....: 1.Length on storage medium: 784 bytes
                      2.Length in RAM           : 627 bytes.
--------------------- Preconditions ------------------------------------
Operating System(s).: AMIGA-OS
Version/Release.....: 1.2/all, 1.3/all, 2.0/all, 3.0/all
Computer model(s)...: All Amiga models
--------------------- Attributes ---------------------------------------
Easy Identification.: Virus can be found in root directory and at
                         beginning of "startup-sequence"; it is named
                         < AlternateSpace > ($A0). Typical text in file:
                         "VIRUS(V1.1) BY DARTH VADER".
Type of infection...: RAM resident, reset resident
Infection Trigger...: Booting (startup-sequence), starting an infected
                         program, OldOpenLib call.
Storage media affected: All
Interrupts hooked...: Virus changes the following vectors:
                         CoolCapture (program start), OldOpenLib (RESET)
Damage..............: Transient: text output
                      Permanent: corrupted startup-sequence written
                                 to disk.
Damage Trigger......: OldOpenLib call
Particularities.....: Starting with 5th RESET, virus writes on every
                         OldOpenLib call the following text:
                         "VIRUS(V1.1) BY DARTH VADER" to STD-Output and
                         waits for left mousebutton to be pressed.
Similarities........: ---
--------------------- Agents -------------------------------------------
Countermeasures.....: VirusZ 3.06, VT 2.54, VirusChecker 6.28
Countermeasures successful: VirusZ 3.06, VT 2.54
Standard means......: Delete file $A0 from root Directory, delete
                         filename $A0 from startup-sequence, turn
                         computer off and on again. Or: use VT 2.54.
--------------------- Acknowledgement ----------------------------------
Location............: Virus Test Center, University Hamburg, Germany
Classification by...: Jens Vogler
Documentation by....: Jens Vogler
Date................: 31-July-1993
Information Source..: Reverse-engineering of virus code.
===================== End of Darth Vader (V1.1) Virus ==================

Antivirus removal...: Kickstart 1.2 & 1.3 : VT-Schutz v3.17
                      Kickstart all others: VirusZ III with Xvs.library installed





Virum Help Team
Denmark & Canada
Copyright © All rights reserved
www.vht.dk