Trisector 911 Virus - Amiga Virus Encyclopedia

VIRUS HELP TEAM
 



------------------------
Amiga Virus Encyclopedia
Trisector 911 Virus
------------------------

                             
==== Computer Virus Catalog 2.0: TRISECTOR Virus  (1-February-1994) =====
Entry...............: TRISECTOR Virus
Alias(es)...........: TRISECTOR 911
Virus Strain........: ---
      detected when.: ---
              where.: ---
Classification......: system virus (bootblock), resident
Length of Virus.....: 1. Length on storage medium: 1024 bytes
                      2. Length in RAM:
--------------------- Preconditions -------------------------------------
Operating System(s).: AMIGA-OS
Version/Release.....: alle system releases
Computer model(s)...: all models
--------------------- Attributes ----------------------------------------
Easy identification.: texts visible in bootblock: "This disk was
                      installed with the TRISECTOR 911 virus-slayer!",
                      "NO virus is safe for our killer... Signed:
                      TRISECTOR 911","Virus problems???  Call 911
                      (Collect call)"
Type of Infection...: Self-identification method: none
                      System infection: RAM resident, reset
                      resident, bootblock
Infection Trigger...: access to root block of standard disk
Storage Media affec.: only floppy disks
Systemcalls hooked..: KickTagPtr, after first reset:DoIO,
                      after first infection: vertical blanking
                      interrupt (via IVVERTB)
Stealth.............:
Tunneling/Selfprot..:
Oligo/Polymorphism..:
Encoding Method.....:
Damage..............: Permanent damage: overwriting bootblock
                      Transient damage: disturbing running serial I/O
                      by writing to serial control
                      register (ciabcra)
Damage Trigger......: Permanent damage: access to root block of standard
                      disk
                      Transient damage: 15 minutes after first infection
Particularities.....: trigger value for transient damage valid for PAL-
                      Amigas in PAL resolution only as waiting time is
                      calculated by a vertical blank event counter
Similarities........: ---
--------------------- Agents --------------------------------------------
Countermeasures.....: Virus Workshop 3.0, VT 2.60, VC 6.33,
                      VirusZ II 1.00
Standard means......: VT 2.60
--------------------- Acknowledgements ----------------------------------
Location............: Virus Test Center, University Hamburg, Germany
Classification by...: Karim Senoucci
Documentation by....: Karim Senoucci
Date................: 1-February-1994
-------------------------------------------------------------------------

Antivirus removal   : Kickstart 1.2 & 1.3 : VT-Schutz v3.17
                      Kickstart all others: VirusZ III, and also Xvs.library must be installed
                    

Ascii of Trisector 911 (Tristar) virus:
Virum Help Team
Denmark & Canada
Copyright © All rights reserved
www.vht.dk