Lamer Link Virus (Gotcha Lamer) - Amiga Virus Encyclopedia
VIRUS HELP TEAM
-------------------------------
Amiga Virus Encyclopedia
Lamer Link Virus (Gotcha Lamer)
-------------------------------
=== Computer Virus Catalog 2.0: LamerLink.gotcha_lamer (31. X. 1993) ===
Entry...............: LamerLink.gotcha_lamer
Alias(es)...........: lamer_bomb, MINIDEMO.EXE
Virus Strain........: LamerLink
detected when.: unknown
where.: unknown
Classification......: link virus (Extending), not resident
Length of Virus.....: 1. length on medium:
a) MINIDEMO.EXE file: 773 byte
b) infected files are 372 bytes longer
2. length in RAM: 1000 byte
--------------------- Preconditions -------------------------------------
Operating System(s).: AMIGA-OS
Version/Release.....: 1.2/33.166, 1.2/33.180, 1.3/34.20
Computer model(s)...: AMIGA 500, AMIGA 1000, AMIGA 2000
--------------------- Attributes ----------------------------------------
Easy identification.: typical text: 'HAHAHE... Gotcha LAMER!!!'
Type of Infection...: a) linking virus into:
dh0:c/dir
dh0:c/run
dh0:c/cd
dh0:c/execute
b) DoIO calls hocked
Infection Trigger...: a) starting the virus dropper MINIDEMO.EXE
b) starting infected dir, run, cd, or execute
Storage Media affec.: a) harddisk dh0: b) only floppy disks
Systemcalls hooked..: Trap 0 is hooked directly before the virus
RESETS the computer.
Stealth.............:
Tunneling/Selfprot..:
Oligo/Polymorphism..:
Encoding Method.....:
Damage..............: Overwrites disk (81 tracks!) with senseless datas,
shows ALERT (text see under: Easy Edentification),
and RESETS the computer.
Damage Trigger......: Performing DoIO call for reading $200 bytes from
the BootBlock of an unwriteprotected disk.
Particularities.....: Newer versions of the AmigaOS CLI/shell have the
named commands build in, in this systems the
virusdropper will not work. Systems having their
commands in a different directory (like all disk-
based systems) will not be infected, too. I ask
myself why the viruswriter use "dh0:c/" and not
"c:" ?
Similarities........: --
--------------------- Agents --------------------------------------------
Countermeasures.....: VT 2.58, VirusZ 3.07
Standard means......: VT 2.58
--------------------- Acknowledgements ----------------------------------
Location............: Virus Test Center, University Hamburg, FRG
Classification by...: Jens Vogler
Documentation by....: Jens Vogler
Date................: 31. X. 1993
Information Source..: virus disassembly
===================== End of LamerLink.gotcha_lamer =====================
Antivirus removal...: Kickstart 1.2 & 1.3 : VT-Schutz v3.17
Kickstart all others: VirusZ III with Xvs.library installed
