Lamer 2.0 Virus -Amiga Virus Encyclopedia


Amiga Virus Encyclopedia
Lamer 2.0 Virus

====== Computer Virus Catalog 1.2: LAMER 2.0 Virus (5-June-1990) ======
Entry...............: LAMER 2.0 Virus
Alias(es)...........: LAMER EXTERMINATOR Virus
Virus Strain........: LAMER EXTERMINATOR Virus
Virus detected when.: April 1989
              where.: Elmshorn, FRG
Classification......: system virus (bootblock), resident
Length of Virus.....: 1. length on storage medium: 1024 byte
                      2. length in RAM           : 1024 byte
--------------------- Preconditions -----------------------------------
Operating System(s).: AMIGA-DOS
Version/Release.....: 1.2/33.166, 1.2/33.180, 1.3/34.5
Computer model(s)...: AMIGA 500, AMIGA 1000, AMIGA 2000A, AMIGA 2000B
--------------------- Attributes --------------------------------------
Easy Identification.: typical text: bootblock: ---
                         in memory: 'The LAMER Exterminator !!!'
Type of infection...: self-identification method: 423th word ($ABCD)
                         on bootblock kicktag pointer = pointer to
                         virus code
                      system infection: RAM resident, reset resident,
Infection Trigger...: reset (CONTROL + Left-AMIGA + Right-AMIGA)
                      operation: any disk access
Storage media affected: floppy disks (3.5" and 5.25")
Interrupts hooked...: ---
Damage..............: permanent damage: overwrites bootblock; simulates
                         standard bootblocks when examined with any
                         tool; fast formatting disks
                      transient damage: ---
Damage Trigger......: permanent damage: reset
                                        operation: 2 resets and 3 in-
                      transient damage: ---
Particularities.....: uses StartIOVector; other resident programs using
                         the system resident list (KickTagPointer,
                         KickMemPointer) are shut down;
                         virus has also been found in a trojan horse
                         version; virus is linked to the 'LoadWB'
                         command of CLI, so the infection of system
                         and the non-standard bootblocks produced by
                         this virus isn't detected by many virus tools
                         (see above); trojan horse version isn't a link
                         virus! Virus text is uncoded here and may be
                         read with hexdump tools. This version contains
                         a small code section to make the virus resident
                         beside the original LAMER bootblock; after im-
                         plantation of virus the real 'LoadWB' command
                         is executed. Virus encodes itself every new
                         infection from byte 73, first 72 byte remain
                         unchanged except byte 5-8 (bootblock checksum).
Similarities........: LAMER EXTERMINATOR viruses
--------------------- Agents ------------------------------------------
Countermeasures.....: Names of tested products of Category 1-6:
                      Category 1: .2 Monitoring System Vectors:
                                     'CHECKVECTORS 2.2'
                                  .3 Monitoring System Areas:
                                     'CHECKVECTORS 2.2','GUARDIAN 1.2',
                                     'VIRUSX 4.0'
                      Category 2: Alteration Detection: ---
                      Category 3: Eradication: 'CHECKVECTORS 2.2',
                                     'VIRUSX 4.0'
                      Category 4: Vaccine: ---
                      Category 5: Hardware Methods: ---
                      Category 6: Cryptographic Methods: ---
Countermeasures successful: without restrictions: 'CHECKVECTORS 2.2',
                                     'VIRUSX 4.0'
                            with restrictions: 'GUARDIAN 1.2'
Standard means......: 'CHECKVECTORS 2.2'
--------------------- Acknowledgement ---------------------------------
Location............: Virus Test Center, University Hamburg, FRG
Classification by...: Alfred Manthey Rojas
Documentation by....: Alfred Manthey Rojas
Date................: 5-June-1990
Information Source..: ---
===================== End of LAMER (EXTERMINATOR) 2.0 Virus ===========

Ascii of Lamer 2 Bootblock virus:

Virum Help Team
Denmark & Canada
Copyright © All rights reserved