VIRUS HELP TEAM



     ------------------------
     Amiga Virus Encyclopedia
     Yam Message 2 Trojan
     ------------------------
     
     
     - YAMmsg.2-Trojan destruction
     
             Other name: SehrJung
             Known file name: YAM.msg.2
             Name reason: Filename taken over
             File length: # 216296 bytes
             Not reset-proof
             No bent vectors

        Procedure:
             The program ends with a requester
             "Illegal Instruction"
             In reality, a new loadwb file was written.
             Name: lOAdwB Length: 40544
        
        The file reads:
             45523a20 6c6f6164 77622033 392e3920 ER: loadwb 39.9
             2833302e 30332e39 3529266d 80102f0b (30.03.95) & m ../.
        
             This file again contains two files for writing AND
        To run:
          - Orig-Loadwb length: 1136 bytes
          - Format length packed: 9312 bytes
                         Unpacked length: 13368 bytes
        
        VT only offers delete.


     Original test by Heiner Schneegold
     Translated from german to english by Google translate
     

     

Virum Help Team
Denmark & Canada
Copyright © All rights reserved
www.vht.dk