Iceman & IRQ Virus (SCA Clone) - Amiga Virus Encyclopedia

VIRUS HELP TEAM
 



------------------------------    
Amiga Virus Encyclopedia    
Iceman & IRQ Virus (SCA Clone)
------------------------------

    
==== Computer Virus Catalog 1.2: ICEMAN AND IRQ Virus (20-FEB-1993) ====
Entry...............: ICEMAN AND IRQ Virus
Alias(es)...........: ICE Virus
Virus Strain........: SCA virus strain
Virus detected when.: ---
              where.: ---
Classification......: System virus (bootblock), resident
Length of Virus.....: 1. Length on storage medium: 1024 byte
                      2. Length in RAM:            1024 byte
--------------------- Preconditions ------------------------------------
Operating System(s).: AMIGA-DOS
Version/Release.....: 1.2/all, 1.3/all, 2.0/all
Computer model(s)...: All models
--------------------- Attributes ---------------------------------------
Easy Identification.: Typical text: "Greets from The Iceman & The IRQ"
                                    "The REAL Amiga hackers! hi to "
Type of infection...: Self-identification method: testing 3rd longword
                                        for matching string "CHW!"
                      System infection: RAM resident, reset resident,
                                        bootblock
Infection Trigger...: Reset
Storage media affected: Only floppy disks (3.5" and 5.25")
Interrupts hooked...: ---
Damage..............: Permanent damage: overwriting bootblock
                      Transient damage: screen buffer manipulation:
                                        screen becomes black, message
                                        (see above) is shown by
                                        fading in and out pieces of it.
Damage Trigger......: Permanent damage: reset
                      Transient damage: 15th infection
Particularities.....: Any resident program using the CoolCaptureVector
                        is shut down, also when using ColdCaptureVector
                        when virus is shutdown by its `suicide` function
Similarities........: SCA virus family
--------------------- Agents -------------------------------------------
Countermeasures.....: VirusZ 3.00, VT 2.48, BootX 5.23
Countermeasures successful: VirusZ 3.00, VT 2.48, BootX 5.23
Standard means......: VT 2.48
--------------------- Acknowledgement ----------------------------------
Location............: Virus Test Center, University Hamburg, FRG
Classification by...: Jens Vogler
Documentation by....: Jens Vogler
Date................: 14th December 1992
Information Source..: Virus Analysis
===================== End of ICEMAN AND IRQ Virus ======================

Antivirus...........: Kickstart 1.2 & 1.3 : VT-Schutz v3.17
                      Kickstart all others: VirusZ III v1.04B or higher, and also Xvs.library v33.47 or higher


Ascii of Ice (SCA) virus:
Virum Help Team
Denmark & Canada
Copyright © All rights reserved
www.vht.dk