VIRUS HELP TEAM Amiga Antivirus Website www.vht-dk.dk
--------------------------
Amiga Virus Encyclopedia
Menems Revenge 1 Virus
--------------------------
Name : Menems Revenge 1
Aliases : No aliases
Type : Link virus
Size : 3056 bytes
Clone : No Clones
Symptoms : Shows an alert after a delay.
Discovered : 22 april 1992
Way to infect: Link infection
Rating : Less Dangerous
Kickstarts : 1.2/1.3/2.0
Damage : Files can be defective (after infection).
Removal : Remove Link with the help of a good viruskiller.
Comments : The virus patches the LoadSeg()-Vector from the
dos.library and installs a Task with the name:
" " (=$20). After a delay an alert appeares:
Menem`s revenge has arrived !!
Argentinia still alive !!
The way how the virus infect other files is new:
If you are starting a file, Menem "remembers" the
name of it and first does nothing.
If you are now executing another file, Menem infects
the file which it has "remembered" berore. So please
Info : An infected file becomes 3076 bytes longer
-two hunks will be added
$3e9 hunk ($2b6)
$3ea hunk ($23)
Only some bytes were changed from the first version
to the next version. The first version appeared (I
think) 1992 and the new version appeared 1994.
The virus contains a checkroutine for files, which
are longer than 60000 bytes. LoadSeg will be patched.
No resetvectors will be touched. A new process with
the name of a normal BLANK will be started.
On some testconfigurations the files could not be
repaired, because they contained pure garbage. Sorry.
Sometimes a DisplayAlert routine shows you a text saying:
Argentinia still lives...
This text is crypted in the file with a asr command.
No real destruction routine (except for the linking itself)
was found in the virus.
Antivirus : Kickstart 1.2 & 1.3..... : VT-Schutz
Kickstart 2.0 and higher : VirusZ III, with the new Xvs.library installed
Test made by : Markus Schmall
