ConMan LoadWB & Installer - Amiga Virus Encyclopedia

VIRUS HELP TEAM



    -------------------------
    Amiga Virus Encyclopedia    
    ConMan LoadWB & Installer
    -------------------------


    ConMan LoadWB+Installer:

    Needs Kickstart V37.XXX or higher to work.

    Trojan:      12088 Bytes
                 (somekind of encryption tool, not packed)
    new LoadWB : 2088 Bytes (packed with TurboSqueezer 6.1)
                 (unpacked 2124 Bytes)


    Archivname:  dpl-dc99.lha


    This trojan was linked using the 4eb9.linker. Euronymous/TRSi tested
    this file and found the 4eb9 stuff and informed me, thanks a lot !!!
    The trojan  searchs for a task called "CLI(0):no command loaded" and
    creates a process under this name, if it is not existing.

    A new LoadWB command will be written, which contains the destruction
    routine.  It will be waited about $5500 ticks and after this it will
    be checked  for a file "s:conman".  If this  file  is  existing, the
    trojan will not work.  If the file is not existing, it will be tried
    to format your sys: device. All data is lost, I am sorry to say this

    After the destruction process a Intuition alert will pop up and show
    show you the following text:

    'SYSKILLER MESSAGE: YOU BETTER TAKE CARE DOODIE - '
          'SOFTWARE-PIRACY IS A CRIME! '.


    IMPORTANT: The virus tries to install a new process called
    "CLI(0): no command loaded", if this is not already existing
    (from system). I could not install this task on an A500+
    and on a A4000/40, so I could not write a repairroutine for
    it. Result: If VirusWorkshop finds this infected LoadWB file,
    THEN delete this file and reset your machine ! Thanks !
    You have $5000/50/60 Minutes (+- 6 minutes) before this
    destruction part will be activated !!!


    Markus Schmall                           Detection tested 26.01.1995


    


Virum Help Team
Denmark & Canada
Copyright © All rights reserved
www.vht.dk