Hilly Virus - Amiga Virus Encyclopedia

VIRUS HELP TEAM



------------------------
Amiga Virus Encyclopedia
Hilly Virus
------------------------
  
  
====== Computer Virus Catalog 1.2: HILLY Virus (20-FEB-1993) ===========
Entry...............: HILLY Virus
Alias(es)...........: ---
Virus Strain........: (Weakly related to Lamer strain)
Virus detected when.: ---
              where.: ---
Classification......: System Virus (Bootblock,Resident)
Length of Virus.....: 1.Length(Byte)on storage medium:1024 Byte
                      2.Length(Byte)in RAM:             30 Byte at $60000
                                                    + $500 Byte at $7f300
--------------------- Preconditions ------------------------------------
Operating System(s).: AMIGA-DOS
Version/Release.....: 1.2 only (absolute DoIO)
Computer model(s)...: AMIGA 500,1000,2000
--------------------- Attributes ---------------------------------------
Easy Identification.: ---
Type of infection...: Bootblock, overwriting without checks
Infection Trigger...: Reset
Storage media affected: All devices controlled through DOIO-requests
                        Diskettes + some harddisks
Interrupts hooked...: VBI hooked to reserved function calls in Sysbase
Damage..............: Overwriting bootblocks, every second infection
                         generates a random number and overwrites this
                         block with the virus code.
                      Overwriting memory sections without previous
                         allocation.
Damage Trigger......: 2nd infection (2nd boot with unprotected media)
Particularities.....: Checks for special kickstart version
                         (patched at $fc0090)
Similarities........: Damage routing adapted from Lamer bootvirus strain.
--------------------- Agents -------------------------------------------
Countermeasures.....: Names of tested products of Category 1-6:
                        Category 1: AVM 0.235
                        Category 2: AVM 0.235
                        Category 3: AVM 0.235,VT2.40,VC6.03
                        Category 4: Impossible
                        Category 5: ---
                        Category 6: ---
Countermeasures successful: AVM0.235(internal product),VT2.40,VC6.03
Standard means......: VC6.03
--------------------- Acknowledgement ----------------------------------
Location............: Virus Test Center, University Hamburg, FRG
Classification by...: Soenke Freitag
Documentation by....: Soenke Freitag
Date................: 17.12.1992
Information Source..: Original virus code
===================== End of HILLY Virus ===============================


Ascii of Hilly virus:




Virum Help Team
Denmark & Canada
Copyright © All rights reserved
www.vht.dk