BBS ScanX Bomb - Amiga Virus Encyclopedia

VIRUS HELP TEAM
 


     ------------------------
     Amiga Virus Encyclopedia
     BBS ScanX Bomb
     ------------------------
     
     
     - Scan.x-BBS-Bomb
       Other name: BossNuke 1.5B
       
         No bent vectors.
         Reset after the destruction routine.
         A bnuke15.lha archive has appeared. Length: 35050 bytes
         This archive contains several files that are useful for BBS
         should be: bossnuke.x 35308, ULOG.X 18560 etc.
         Such a program package with V1.0 really exists
         that is clean.

         A hunk is now attached to ULOG.X at the end. This last one
         Part is coded with EORI.B # $ 12, D1.
         This coded part creates 2 files:

         a: BBS: COMMANDS / BBSCMD / L.info Length: 1060
               This icon reads:
           00000b41 43434553 533d3030 31000000 ... ACCESS = 001 ...
           00164c4f 43415449 4f4e3d64 6f6f7273 ..LOCATION = doors
           3a736361 6e2e7800 0000000d 4d554c54: scan.x ..... MULT
           494e4f44 453d4e4f 00000000 0b505249 INODE = NO ..... PRI
           4f524954 593d3000 0000000b 53544143 ORITY = 0 ..... STAC
           4b3d3430 39360000 00000954 5950453d K = 4096 ..... TYPE =
           58494d00 00000000 00000000 00000000 XIM .............
         So scan.x occurs. The icon image shows a plug-in card.

         b: doors: scan.x length: 712
          This file contains nothing except DOS3 and dos.library
          readable.
          This part contains the destruction routine.
          Procedure:
          LWe are searched for via pointers in the dos.lib. The
          Routine became very similar to the modem virus (FUCK)
          used.

         Through the destruction routine, the blocks with DOS3
         restocked. infra
         Unfortunately there is NO salvation for the medium. It only remains
         Format. Attempts with a Syquest and DiskSalv2 were not
         very successful.
                   pZyl 1 Bl 22
           444f5333 444f5333 444f5333 444f5333 DOS3DOS3DOS3DOS3
           444f5333 444f5333 444f5333 444f5333 DOS3DOS3DOS3DOS3
           444f5333 444f5333 444f5333 444f5333 DOS3DOS3DOS3DOS3
           444f5333 444f5333 444f5333 444f5333 DOS3DOS3DOS3DOS3

         New and bad: The program achieved through subq.w # 2, d1
         also the rigid area (see above pZyl). The modem
         Check virus not yet. The scan.x file also works without
         BBS.

         VT offers delete for:
         ULOG.X, scan.x and L.info.
         Note: if there are errors in FileTest at L.info
         please let me know.
         Detection of the destroyed DOS3 blocks was stopped.
         see, since a format routine might exist that exactly
         formatted like this.

     Note: If you believe that there is any virus part with
           format starts, turn off your computer IMMEDIATELY
            out. With a little luck you will only lose ONE partition.
           This is harmful to the hardware, but stop it

     Removal: Kickstart 1.2 & 1.3 : VT-Schutz v3.17
              Kickstart all others: VirusZ III with Xvs.library installed


     Original test by Heiner Schneegold
     Translated from german to english by Google translate
Virum Help Team
Denmark & Canada
Copyright © All rights reserved
www.vht.dk