VIRUS HELP TEAM Amiga Antivirus Website www.vht-dk.dk
--------------------------
Amiga Virus Encyclopedia
Menems Revenge 2 Virus
--------------------------
Name : Menem's Revenge 2
Aliases : No aliases
Type : Link virus
Size : 4168 bytes
Incidence : Spread
Discovered : 1994
Way to infect: Links to file executed BEFORE the current one
Rating : Dangerous
Kickstarts : 1.3/2.04
Damage : Damages all data files infected under 1.3
WARNING! This devil can link to data files too!
Under 1.3, this will permanently damage the files!
Manifestation: dc.b 0,$50,$10,"MENEM'S REVENGE HAS ARRIVED !!!"
dc.b 0,1,0," ARGENTINA STILL ALIVE",0,0
Comments : ATTENTION don't use some of the programs, which patch
the LoadSeg, then the Menems virus becomes hidden, but
is still active, if executed before that program!!
Info : An infected file becomes 3124 bytes longer
-two hunks will be added
$3e9 hunk ($2c2)
$3ea hunk ($23)
Only some bytes were changed from the first version
to the next version. The first version appeared (I
think) 1992 and the new version appeared 1994.
The virus contains a checkroutine for files, which
are longer than 60000 bytes. LoadSeg will be patched.
No resetvectors will be touched. A new process with
the name of a normal BLANK will be started.
On some testconfigurations the files could not be
repaired, because they contained pure garbage. Sorry.
Sometimes a DisplayAlert routine shows you a text saying:
Argentinia still lives...
This text is crypted in the file with a asr command.
No real destruction routine (except for the linking itself)
was found in the virus.
Antivirus : Kickstart 1.2 & 1.3..... : VT-Schutz
Kickstart 2.0 and higher : VirusZ III, with the new Xvs.library installed
Test made by : Markus Schmall
