Sendarian Virus (Revenge v1.2G Clone) - Amiga Virus Encyclopedia

VIRUS HELP TEAM




 -------------------------------------
 Amiga Virus Encyclopedia
 Sendarian Virus (Revenge v1.2G Clone)
 -------------------------------------

          
====== Computer Virus Catalog 1.2: SENDARIAN Virus (15-July-1991) ====
Entry...............: SENDARIAN Virus
Alias(es)...........: ---
Virus Strain........: REVENGE 1.2G Virus Strain
Virus detected when.:
              where.: Australia
Classification......: System virus (bootblock), resident
Length of Virus.....: 1. Length on storage medium: 1024 byte
                      2. Length in RAM           : 1024 byte
--------------------- Preconditions ----------------------------------
Operating System(s).: AMIGA-DOS
Version/Release.....: 1.2/33.180
Computer model(s)...: AMIGA 500, AMIGA 1000, AMIGA 2000A, AMIGA 2000B
--------------------- Attributes -------------------------------------
Easy Identification.: Typical text: 'fuck','off','Sendarian #1! Count'
Self-identification.: Test of 5th longword ($ 49443932 = ascii 'ID92')
Type of infection...: System infection: RAM resident, reset resident,
                                        bootblock
Infection Trigger...: reset (CONTROL+Left-AMIGA+Right-AMIGA)
                      operation: any disk access
Storage media affected: only floppy disks (3.5" and 5.25")
Interrupts hooked...: Vertical Blank interrupt (IV 5)
Damage..............: Permanent damage: overwriting bootblock
                      Transient damage: after infecting a disk and
                         next reset, mouse pointer will look like
                         a penis after one minute.
Damage Trigger......: Permanent damage: reset; any disk access
                      Transient damage: infecting a disk followed
                         by reset and 1 minute delay.
Particularities.....: Resident programs using the CoolCaptureVector
                         are shutdown; virus uses DoIOVector and
                         counts vertical blanks until he will bring
                         up his new pointer;
                      Virus behaves as Antivirus-Virus detecting
                         BYTE BANDIT, SCA and SCA clones.
Built-in elimination: Built-in features allow to stop and eliminate
                         virus from memory:
                         Stop virus action: holding down joystick
                         button (port 2) during system reboot will
                         shutdown virus (visible by red screen);
                         Eliminate virus from memory: pressing joy-
                         stick button AND mouse button (port 1) will
                         remove virus from RAM and turn screen blue.
Similarities........: REVENGE 1.2G virus strain
--------------------- Agents -----------------------------------------
Countermeasures.....: Names of tested products of Category 1-6:
                      Category 1: .2 Monitoring System Vectors:
                                     CHECKVECTORS 2.2
                                  .3 Monitoring System Areas:
                                     CHECKVECTORS 2.2, GUARDIAN 1.2,
                                     VIRUSX 4.0
                      Category 2: Alteration Detection: ---
                      Category 3: Eradication: CHECKVECTORS 2.2,
                                               VIRUSX 4.0
                      Category 4: Vaccine: ---
                      Category 5: Hardware Methods: ---
                      Category 6: Cryptographic Methods: ---

Countermeasures successful: CHECKVECTORS 2.2,GUARDIAN 1.2,VIRUSX 4.0,
                            own suicide function (see elimination)
Standard means......: CHECKVECTORS 2.2
--------------------- Acknowledgement --------------------------------
Location............: Virus Test Center, University Hamburg, Germany
Classification by...: Wolfram Schmidt
Documentation by....: Wolfram Schmidt
Date................: 15-July-1991
Information Source..: ---
===================== End of SENDARIAN Virus =========================

Antivirus...........: Kickstart 1.2 & 1.3 : VT-Schutz v3.17
                      Kickstart all others: VirusZ III v1.04B or higher, and also Xvs.library v33.47 or higher


Ascii of Sendarian (Revenge v1.2G) virus:

     



Virum Help Team
Denmark & Canada
Copyright © All rights reserved
www.vht.dk