VIRUS HELP TEAM



     ------------------------
     Amiga Virus Encyclopedia
     STD Vaginitis 1 Trojan
     ------------------------
     
     
     - STD-Vaginitis 1 trojan

         File extension: always # 800 bytes
         Filename: only c: mount
         Not reset-proof
         From KS2.04
         Bent vectors: LoadSeg

       Decoded can be read in the link section:
                536e 6f6f7044 6f732053 SnoopDos S
                7570706f 72742050 726f6365 73730043 upport Process.C
                3a4d6f75 6e740072 756e203e 4e494c3a: Mount.run> NIL:
                206e6577 7368656c 6c205443 50003232 newshell TCP.22
                32370000 53544420 70726573 656e7473 27..STD presents
                202d2056 6167696e 69746973 20233120 - Vaginitis # 1
                2d2d2064 69727479 206d6f6c 6521 - dirty mole!

       Memory anchoring:
           - FindTask changed - end
           - Examine changed - end
           - SnoopDos in memory - CCR is changed
           - Loadseg is bent
  
       Link operation:
           - behind the 1st hunk of mount
           - coding with EOR
           - Findtask not changed
           - Examine not changed
           - Search for RTS only in the last long word of the 1st hunk and
             Replace with NOP (therefore no "100% correct" removal
             construction possible cf. also fungus)
           - Write back FileDate
   
       Damage:
           - Search TCP in DosList
           - Put a colon after TCP (see above)
           - DosExecute run> NIL: .....
           - So it should probably be a third party access to the
             Computers are enabled


     Original test by Heiner Schneegold
     Translated from german to english by Google translate
     

     

Virum Help Team
Denmark & Canada
Copyright © All rights reserved
www.vht.dk