VIRUS HELP TEAM
Denmark & Canada


Index - News - Download - Warnings - Link - Virus Help - About VHT - Encyclopedia - Miscellaneous - Contact


    ------------------------
    Amiga Virus Encyclopedia
    Diskrepair BBS Virus
    ------------------------
    
 
    Infected Diskrepair BBS Virus:
    
    Again another trojan horse for the AmiExpress BBS system. This virus
    is linked BEHIND a new version of DISKREPAIR.The used linking system
    is the $4eb9 linker as used in many other trojan horses against  AX.
    The new thing in  this virus is that is  not linked in front of  the
    file.

    In this case the viruspart is imploded and is decrunched 10244 bytes
    long.


    The  directories  BBS and BBS:Utils/ will be  scanned for a  special
    filelength(ca.200000 bytes) and the SNOOPDOS task will be  searched.
    I cannot say what this virus exactly makes because I  have no  AmiEx
    release.
        

    Some resourced virusparts:

    Snoopdos_Search
            PEA        snoopname(PC)
            JSR        FindTask(PC)
    NoSnoopDos        
            ...

    snoopname       DC.B        'SnoopDos',0
    bbsname1        DC.B        'BBS',0
    bbsname2        DC.B        'BBS:',0
    bbsname3        DC.B        'BBS:',0
    bbsname4        DC.B        'BBS',0
    bbsname5        DC.B        'BBS:',0
    bbsname6        DC.B        'BBS:Utils/',0


    A utilitie, which does not work,if SnoopDos is active ? Not normal.
    

                                         Detection tested on 29.05.1993.


    Infected WhiteBox BBS Virus:
    ----------------------------

    This virus is very similar to the virus linked behind Diskrepair.
    The viruscode is more optimized and it will be searched for  some
    more  filelengths.The  used linker is the  4eb9 linker Who  does
    have such a linker ?

    If  a Sysop with the AmiExpress system finds such a virus  please
    reinstall the AmiExpress mainfile.


                                        Detection tested on 06.06.1993.


    The "Whitebox" and the "Diskrepair" viruses does only work  with
    some versions of AmiExpress(ca.5 releases).I do not think that
    they touch AmiExpress 3.03 or AmiExpress 3.04. If you`ve a list
    with lengths of all the AmiExpress releases then please let me
    know it.


    Test by Markus Schmall....


    

Virus Help Team
Denmark & Canada
Copyright © 1994-2020