COP 02 Trojan (Circle Of Power) - Amiga Virus Encyclopedia
VIRUS HELP TEAM Amiga Antivirus Website www.vht-dk.dk
Amiga Virus Encyclopedia
------------------------------
Amiga Virus Encyclopedia
COP 2 Trojan (Circle Of Power)
------------------------------
Please do not equalize this with Biomechanic.
Biomechanic-variants do Not shorten files. It changes at least five bytes
inside file, not in start!
Groupbuild: Files were shortened with 3E9-Trojanbegin. Files with the same
Trojancodelength and the same Destruktiontext were give a Type
-> Circle Of Power 2:
Known filename : LHA3.0
Trojan warning : Read our warning
File size packed : 69.888 Bytes
File size unpacked : 105.808 Bytes
Archive name : LHA30.LHA
Archive size : 69.981 Bytes
FILE_ID.DIZ : LHA 3.0 FROM STEFAN BOBERG
Info : Length of the destruction part: 1904 bytes
: Trojan-part is two Hunks, 1904 Bytes
: Filelength after destruction: 19 Bytes
Damage : LHA started in the S: directory replacing the data's in EVERY file with the
text 'CIRCLE OF POWER 1995:', so the startup-sequence and rest of the files
in the S dir was totally destroyed.
Known filename : CED4
Trojan warning : Read our warning
File size packed : 174.500 Bytes
File size unpacked : 214.216 Bytes (Powerpacked)
Archive name : CED4.LHA
Archive size : 174.590 Bytes
FILE_ID.DIZ : CYGNUS EDITOR V4.0 (MAIN)
Info : Packed length + 3E8-*Art-Hunk: 174500 bytes
So, here, a 3E8-*Art-Hunk was even added to make packer detection more difficult.
Damage : CED started in the S: directory replacing the data's in EVERY file with the
text 'CIRCLE OF POWER 1995:', so the startup-sequence and rest of the files
in the S dir was totally destroyed. This goes for all the files in your 'DEVS'
directory to.
