Amiga Virus Encyclopedia
ConMan LoadWB & Installer
Needs Kickstart V37.XXX or higher to work.
Trojan: 12088 Bytes
(somekind of encryption tool, not packed)
new LoadWB : 2088 Bytes (packed with TurboSqueezer 6.1)
(unpacked 2124 Bytes)
This trojan was linked using the 4eb9 linker. Euronymous/TRSi tested
this file and found the 4eb9 stuff and informed me, thanks a lot !!!
The trojan searchs for a task called "CLI(0):no command loaded" and
creates a process under this name, if it is not existing.
A new LoadWB command will be written, which contains the destruction
routine. It will be waited about $5500 ticks and after this it will
be checked for a file "s:conman". If this file is existing, the
trojan will not work. If the file is not existing, it will be tried
to format your sys: device. All data is lost, I am sorry to say this.
After the destruction process, a Intuition alert will pop up and
show show you the following text:
'SYSKILLER MESSAGE: YOU BETTER TAKE CARE DOODIE - '
'SOFTWARE-PIRACY IS A CRIME! '.
IMPORTANT: The virus tries to install a new process called
"CLI(0): no command loaded", if this is not already existing
(from system). I could not install this task on an A500+
and on a A4000/40, so I could not write a repairroutine for
it. Result: If VirusWorkshop finds this infected LoadWB file,
THEN delete this file and reset your machine ! Thanks !
You have $5000/50/60 Minutes (+- 6 minutes) before this
destruction part will be activated !!!
Markus Schmall Detection tested 26.01.1995.