Purge Virus & Installer - Amiga Virus Encyclopedia

VIRUS HELP TEAM



    ------------------------
    Amiga Virus Encyclopedia
    Purge Virus & Installer
    ------------------------

    
    Purge Installer + Purge Virus:
    
    Purge Installer: length  9812 (imploded)
                            14862 (unpacked)

    Purge Virus:     length  5300 (imploded)
                            14776 (unpacked)

    (VirusWorkshop recognizes all the files)


    This is a simple trojan with manipulates all .info files on the
    started device. The virus installs it`s code on every reachable
    device and  changes  the  sequences,  so if you have found this
    virus, then check  your  User-Startup,  Startup- Sequence  (the
    added string will be mentioned later).

    If  the  virus  installed itself completly, the later mentioned
    text will appear. The virus itself is very lame coded/optimized
    and was probably written in AMIGA-E.


    All manipulated/new created files:
    ----------------------------------
    'DH0:WBStartup/Purge',0
    'DH1:WBStartup/Purge',0
    'DH2:WBStartup/Purge',0
    'DH3:WBStartup/Purge',0
    'HD0:WBStartup/Purge',0
    'HD1:WBStartup/Purge',0
    'HD2:WBStartup/Purge',0
    'HD3:WBStartup/Purge',0
    'DF0:WBStartup/Purge',0
    'DF1:WBStartup/Purge',0
    'DF2:WBStartup/Purge',0
    'DF3:WBStartup/Purge',0
    'A:WBStartup/Purge',0
    'B:WBStartup/Purge',0
    'DH0:C/Purge',0
    'DH1:C/Purge',0
    'DH2:C/Purge',0
    'DH3:C/Purge',0
    'HD0:C/Purge',0
    'HD1:C/Purge',0
    'HD2:C/Purge',0
    'HD3:C/Purge',0
    'DF0:C/Purge',0
    'DF1:C/Purge',0
    'DF2:C/Purge',0
    'DF3:C/Purge',0
    'DH0:S/User-Startup',0
    'DH1:S/User-Startup',0
    'DH2:S/User-Startup',0
    'DH3:S/User-Startup',0
    'HD0:S/User-Startup',0
    'HD1:S/User-Startup',0
    'HD2:S/User-Startup',0
    'HD3:S/User-Startup',0
    'DF0:S/User-Startup',0
    'DF1:S/User-Startup',0
    'DF2:S/User-Startup',0
    'DF3:S/User-Startup',0
    'DH0:S/Startup-Sequence',0
    'DH1:S/Startup-Sequence',0
    'DH2:S/Startup-Sequence',0
    'DH3:S/Startup-Sequence',0
    'HD0:S/Startup-Sequence',0
    'HD1:S/Startup-Sequence',0
    'HD2:S/Startup-Sequence',0
    'HD3:S/Startup-Sequence',0
    'DF0:S/Startup-Sequence',0
    'DF1:S/Startup-Sequence',0
    'DF2:S/Startup-Sequence',0
    'DF3:S/Startup-Sequence',0


    Name/Size of the new opened window:

    'con:70/64/500/128/ Antipirat/NOSIZE/NODRAG/NODEPTH'

    Text written in this window:
        
    "Friend of Terminator is there !!!"
    "ANTIPIRAT"
    "Power of Destroying !!!"
    "My ultimate answer against all the fucking"
    "softwarepirats !"
    "Hi Anatol,Cycledom,Primitive,Björn,Dead Homer, Brian,"
    "Gigant,Termination 8,Hardball & Slimeck"
    "Worked on all available devices...!"
    "Ready..."

    The following files will be manipulated on the devices:
    '.INFO'
    'DISK.INFO'

    The following string will be added to the sequences:
    'Run >NIL: Purge'

    Text at the end of the installer:
    'FUCK=YES'


    Test by Markus Schmall    -    Detection tested 19.09.1994


    

Virum Help Team
Denmark & Canada
Copyright © All rights reserved
www.vht.dk