Debugger Virus - Amiga Virus Encyclopedia


    Amiga Virus Encyclopedia    
    Debugger Virus

    Debugger (04191994) Virus:

    An infected file becomes 1088 bytes long.
    Changed vectors: DosWrite and DosLoadSeg
    Kickstart: 2.04 and higher
    other possible name: Fjpg Virus 1.11 (based on the first
    infected programm)

    The virus does not work on Kickstart versions under 2.0, because
    of the patchroutines. A new way to infect files:

    186 bytes from the first hunk will be copied in a new created
    $3f1 hunk behind the file and a part of the virus will be
    copied at this position in the first hunk. The length of the
    first hunk will be not changed but the length entries in the
    hunkheader will be changed (probably to irritate antivirus-
    programmers and resourcers). This will be done with a random
    value !!!

    The virus contains a destruction routine ! No format but a
    destructive WRITE command !

    VirusWorkshop can remove the virus completely. Please make a
    backup before repairing such a file !

    A normal hunkheader looks like this:

    number of hunks
    number of starthunk
    number of endhunk
    n longwords containing the lengths of the hunks

    $3e9 (hunk_code)
    length for this hunk

    ATTENTION: Some crunchers (Turbo Imploder e.g.) write 2 different
    lengths in the table of hunklengths and behind the $3e9 ! I
    expect in this special case problems !

    At the end of an infected file you can read the string "DEBUGGER".
    The whole virus looks like the work of a better coder (in my

    This virus was send to me by Jan Bo Andersen of SHI Denmark. The
    sending contained the whole documantated source and a little
    text from the author of this virus:


        Anarchy Unlimited - Virus Technology Centre - +358-0-PRIVATE

                      Amiga & PC viruses online


    Thank you for downloading Debugger V2 virus package!

    Debugger02.s.asc  - PGP signed asm source of Debugger virus
    EvilJesus.asc     - Public PGP key
    FJPEG111.lha      - Infected fjpeg, version number bumped up to 1.11
     NewAge.s.asc      - PGP signed asm source of NewAge virus

    Upload fjpeg only to systems which do not have networks! Those systems
    will have lowest information level and sysop are mostly dummies who bought
    modem week ago and decided to run bbs because "It's so cool" :)

    With this kind of approach virus will have best chance to reach users who
    want to upload it immediately. There is also a big chance that such users
     will trash their hd's in no time. So nice...

    So no network system as information about infection will spread very fast
    degrading overall chance of succesful destruction.

    Sincerely yours, Evil Jesus


    Even more irritating is, that PGP keys are in the package, too. I
    cannot understand this. The virus is dated 19.04.1994.

    Test by Markus Schmall          Detection tested 27-28.04.1994.
                                    (again a night with only 3 hours
                                     of sleep)

Virum Help Team
Denmark & Canada
Copyright © All rights reserved