VIRUS HELP TEAM



------------------------
Amiga Virus Encyclopedia
Turk Dropper
------------------------

    
= Computer Virus Catalog 1.2: TURK.COLOR_DROPPER Trojan (31-July-1993) =
Entry...............: Turk.Color_Dropper Trojan
Alias(es)...........: Color Virus Carrier=Color Demo=Installer of Turk
Virus Strain........: ---
Virus detected when.: ---
              where.: ---
Classification......: TURK Virus dropping Trojan Horse
Length of Virus.....: 1.Length on storage medium: 2196 bytes
                      2.Length in RAM:            4258 bytes
--------------------- Preconditions ------------------------------------
Operating System(s).: AMIGA-OS
Version/Release.....: 1.2/all, 1.3/all, 2.0/all, 3.0/all
Computer model(s)...: All AMIGA models (see particularities)
--------------------- Attributes ---------------------------------------
Easy Identification.: Typical text, visible in file:
                         "Hope you enjoy this proggie!
                          It was put together in ten minutes ...
                          Press Left Mouse Button for the demo ...
                          **  Press Right Mouse Button to end **"
Type of infection...: System infection: bootblock, RAM resident, reset
                         resident,changes CoolCapture- and DoIO-vectors
Infection Trigger...: Bootblock infection: DoIO-call requesting read
                         or write access to bootblock
                      Other infections: executing trojan horse
Storage media affected: Only floppy disks
Interrupts hooked...: ---
Damage..............: Permanent damage: overwriting bootblock with
                                TURK boot virus (see TURK virus).
                      Transient damage: overwriting 80k Bytes of main
                                memory with the string "TURK" and
                                halting system.
Damage Trigger......: Permanent damage: DoIO-call as described above
                      Transient damage: reset
Particularities.....: 1) Uses memory at $70000 without allocating it;
                         overwrites autovectors 64, 148, 200 and 201.
                      2) Resident programs using CoolCaptureVector or
                         KickTagPointer are shutdown.
                      3) Problems may arise on machines which set VBR
                         of CPU to a non-zero value as the autovector
                         adresses used in virus point to public memory.
Similarities........: TURK Virus
--------------------- Agents -------------------------------------------
Countermeasures.....: VT 2.54, VirusZ 3.06, VirusChecker 6.28
Countermeasures successful: VT 2.54, VirusZ 3.06, VirusChecker 6.28
Standard means......: VT 2.54
--------------------- Acknowledgement ----------------------------------
Location............: Virus Test Center, University Hamburg, FRG
Classification by...: Karim Senoucci
Documentation by....: Karim Senoucci
Date................: 6-July-1993
Information Source..: Virus Disassembly / SHI / Heiner Schneegold
===================== End of TURK.COLOR_DROPPER Trojan =================




Virum Help Team
Denmark & Canada
Copyright © All rights reserved
www.vht.dk