Amiga Virus Encyclopedia    
    ConMan LoadWB & Installer

    ConMan LoadWB+Installer:

    Needs Kickstart V37.XXX or higher to work.

    Trojan:      12088 Bytes
                 (somekind of encryption tool, not packed)
    new LoadWB : 2088 Bytes (packed with TurboSqueezer 6.1)
                 (unpacked 2124 Bytes)

    Archivname:  dpl-dc99.lha

    This trojan was linked using the 4eb9.linker. Euronymous/TRSi tested
    this file and found the 4eb9 stuff and informed me, thanks a lot !!!
    The trojan searchs for a task called "CLI(0):no command loaded" and
    creates a process under this name, if it is not existing.

    A new LoadWB command will be written, which contains the destruction
    routine. It will be waited about $5500 ticks and after this it will
    be checked for a file "s:conman". If this file is existing, the
    trojan will not work. If the file is not existing, it will be tried
    to format your sys: device. All data is lost, I am sorry to say this.

    After the destruction process, a Intuition alert will pop up and
    show show you the following text:


    IMPORTANT: The virus tries to install a new process called
    "CLI(0): no command loaded", if this is not already existing
    (from system). I could not install this task on an A500+
    and on a A4000/40, so I could not write a repairroutine for
    it. Result: If VirusWorkshop finds this infected LoadWB file,
    THEN delete this file and reset your machine ! Thanks !
    You have $5000/50/60 Minutes (+- 6 minutes) before this
    destruction part will be activated !!!

    Markus Schmall                 Detection tested 26.01.1995.


Virum Help Team
Denmark & Canada
Copyright © All rights reserved