ConMan LoadWB & Installer - Amiga Virus Encyclopedia

VIRUS HELP TEAM


    -------------------------
    Amiga Virus Encyclopedia    
    ConMan LoadWB & Installer
    -------------------------


    ConMan LoadWB+Installer:

    Needs Kickstart V37.XXX or higher to work.

    Trojan:      12088 Bytes
                 (somekind of encryption tool, not packed)
    new LoadWB : 2088 Bytes (packed with TurboSqueezer 6.1)
                 (unpacked 2124 Bytes)


    Archivname:  dpl-dc99.lha


    This trojan was linked using the 4eb9 linker. Euronymous/TRSi tested
    this file and found the 4eb9 stuff and informed me, thanks a lot !!!
    The trojan searchs for a task called "CLI(0):no command loaded" and
    creates a process under this name, if it is not existing.

    A new LoadWB command will be written, which contains the destruction
    routine. It will be waited about $5500 ticks and after this it will
    be checked for a file "s:conman". If this file is existing, the
    trojan will not work. If the file is not existing, it will be tried
    to format your sys: device. All data is lost, I am sorry to say this.

    After the destruction process, a Intuition alert will pop up and
    show show you the following text:

    'SYSKILLER MESSAGE: YOU BETTER TAKE CARE DOODIE - '
          'SOFTWARE-PIRACY IS A CRIME! '.



    IMPORTANT: The virus tries to install a new process called
    "CLI(0): no command loaded", if this is not already existing
    (from system). I could not install this task on an A500+
    and on a A4000/40, so I could not write a repairroutine for
    it. Result: If VirusWorkshop finds this infected LoadWB file,
    THEN delete this file and reset your machine ! Thanks !
    You have $5000/50/60 Minutes (+- 6 minutes) before this
    destruction part will be activated !!!


    Markus Schmall                        Detection tested 26.01.1995.

    

Virum Help Team
Denmark & Canada
Copyright © All rights reserved
www.vht.dk