VIRUS HELP TEAM


------------------------
Amiga Virus Encyclopedia
Devil 11 Backdoor Virus
------------------------
    
 
- Devil_11_B.Door

   I know of three file that got this thing:
    - DLog V1.8  size of infected file: 23452
    - ULog V 1.8 size of infected file: 23452
    - MsgTop V 1.0 size of infected file, packed once  : 17884
                                          packed twice : 13548

    All three programms infected on an A4000 = GURU 4
    BackDoor-part removed, but without BBS = Fehler -1
    When you unpack the BackDoor part, you find at the very beginning:

           000003e9 0000093d 4efa09ac 42425300 .......=N...BBS.
           44483000 44483100 4844303a 00484431 DH0.DH1.HD0:.HD1
           3a004448 30004448 31004844 303a0048 :.DH0.DH1.HD0:.H
           44313a00 4242533a 00444830 3a424253 D1:.BBS:.DH0:BBS
           2f004448 313a4242 532f0048 44303a42 /.DH1:BBS/.HD0:B
           42532f00 4844313a 4242532f 00444830 BS/.HD1:BBS/.DH0
           3a004448 313a0048 44303a00 4844313a :.DH1:.HD0:.HD1:

    You can follow this up with SnoopDos.
    Damage: (I took over the following words)
    Searches for files with a size of 1972 bytes and changes them
    in a way, that beginning with level 10 account edit and sysop
    download are possible. Since it doesn`t replicate itselves it
    is not a virus by definition. Explanation for nameing it: A
    group (or a single person) is accused to be responsible for
    those BBS-burglarys. I don`t know if this is true.
 
    VT offers the removal.

    addition 25.03.95: see also ZINE-Disk-Validator
    addition 15.04.95: see also VScan-BBS-Trojan

    --------------------------------------------------------
    Translated to English by Frank Cieslevwicz  2001 VHT-DK.
    Org. text by Heiner Schneegold (VT-Kennt)
    --------------------------------------------------------


    

Virum Help Team
Denmark & Canada
Copyright © All rights reserved
www.vht.dk