VIRUS HELP TEAM
Denmark & Canada


Index - News - Download - Warnings - Link - Virus Help - About VHT - Encyclopedia - Miscellaneous - Contact



-------------------------
Amiga Virus Encyclopedia
IRQ I Virus
-------------------------
  
            
========== Computer Virus Catalog 1.2: IRQ Virus (5-June-1990) ========
Entry...............: IRQ Virus
Alias(es)...........: ---
Virus Strain........: ---
Virus detected when.: January 1989
              where.: Elmshorn, FRG
Classification......: link virus (extending), resident
Length of Virus.....: 1. length on storage medium: 1060 byte
                                                   + 36 byte (hunk)
                      2. length in RAM           : 1060 byte
                                                   + 36 byte (hunk)
--------------------- Preconditions -----------------------------------
Operating System(s).: AMIGA-DOS
Version/Release.....: 1.2/33.166, 1.2/33.180 and 1.3/34.20
Computer model(s)...: AMIGA 500, AMIGA 1000, AMIGA 2000A, AMIGA 2000B
--------------------- Attributes --------------------------------------
Easy Identification.: typical text: ---
                      others: allocates 100.000 byte of workspace
                         during infection of files
Type of infection...: self-identification method: $fffe6100 at 2nd word
                         of virus (without hunk table)
                      system infection: extending executable file,
                          RAM resident, reset resident, EXEC library
Infection Trigger...: usage of OldOpenLibrary routine of exec library
Storage media affected: any available storage medium
Interrupts hooked...: ---
Damage..............: permanent damage: causes some overlay programs to
                         malfunction because of altered offsets in hunk
                         table; DIR command of CLI is infected (stan-
                         dard file); 1st file used in startup-sequence
                         of inserted disk is infected (random file);
                         use of a nearly full disk may cause a
                         read/write error when the infected file won't
                         fit on disk, this disk may not be repaired.
                      transient damage: screen buffer manipulation:
                         changes window title of actual window:
                         'AmigaDOS presents:a new virus by the
                         IRQ-Team V41.0'
Damage Trigger......: permanent damage: usage of OldOpenLibrary routine
                         of exec library
                      transient damage: by random
Particularities.....: only infects files with a maximum length of
                         99.999 byte; uses SetFunction routine of exec
                         library to modify entry of the OldOpenLibrary
                         routine; other resident programs using the
                         system resident list (KickTagPointer,
                         KickMemPointer) are shut down.
Similarities........: ---
--------------------- Agents ------------------------------------------
Countermeasures.....: Names of tested products of Category 1-6:
                      Category 1: .2 Monitoring System Vectors:
                                     'CHECKVECTORS 2.2'
                                  .3 Monitoring System Areas:
                                     'CHECKVECTORS 2.2','GUARDIAN 1.2',
                                     'VIRUSX 4.0'
                      Category 2: Alteration Detection: ---
                      Category 3: Eradication: 'CHECKVECTORS 2.2',
                                     'RemIRQ', 'KV', 'IRQKILLER',
                                     'LINKKILLER', 'VIRUSX 4.0',
                                     'DVICE PLUS'
                      Category 4: Vaccine: ---
                      Category 5: Hardware Methods: ---
                      Category 6: Cryptographic Methods: ---
Countermeasures successful:  'CHECKVECTORS 2.2' with 'RemIRQ', 'KV',
                                      'LINKKILLER' or 'IRQKILLER',
                                      'VIRUSX 4.0', 'DVICE PLUS'
Standard means......: 'CHECKVECTORS 2.2', 'IRQKILLER'
--------------------- Acknowledgement ---------------------------------
Location............: Virus Test Center, University Hamburg, FRG
Classification by...: Alfred Manthey Rojas
Documentation by....: Alfred Manthey Rojas
Date................: 5-June-1990
Information Source..: ---
===================== End of IRQ Virus ================================




Virus Help Team
Denmark & Canada
Copyright © 1994-2020