......................... VIRUS HELP DENMARK ......................
Hi All.... 01.08.2001
We have now found the installer of the new 'SMEG 2' linkvirus. If the
info text from the archive is correct, the 'SMEG 2' virus has been
around since February 2001.
The archive has only been on Elite BBS'es or Elite websites.
Jan Erik Olausen the programmer of VirusExecutor & xvs.library, has
made a recog for the virus, but is having problems with removing the
virus from memory. As soon as Jan has solved this virus, a new update
of xvs.library will be relased.
There is "NO" cure for this virus right now. But with the help of the
program 'Safe v16.2', you can find infected files, but not remove the
virus, you will have to replace the infected files with new clean
files. This virus will infect everything that is executed. And on my
test A1200 over 200 files, was infected in under 5 minutes.
The programmer of 'Safe' (Zbigniew Trzcionkowski) has written this
about the new 'SMEG 2' virus:
Released probably by mistake. Non crypted version of the next one.
Code is almost equal to old SMEG, but this time author invented NEW
WAY of patching PRIVATE routine of device task. This routine handles
receiving of dos packets.
Virus patch is stealing packets and sending them to the supervisor
task called 'SMG'. I have never seen such advanced digging code that
works properly. This means also that no visible changes are seen in
the system beside one new task.
I have noticed that freezing of SMG task stops spreading of the
virus, so at the moment Safe does only that. I will add removal of
the 'magic' patches if I found it necessary.
File repair was as easy as Penetrator files - one move.l 4.w,a6 was
replaced with jump to virus.
Hidden text (decoder was included, but not used by virus code):
Smeg! it's a Hostile TakeOver! (Again!)
And just when you thought it was safe..
Flake and Georg have left the building!
-= On Tour 1995-2001 =-
This is what we know of the virus:
Virus Type.... : Linkvirus
Virus name.... : SMEG 2a & SMEG 2b
Virus size.... : SMEG 2a: 1556 bytes & SMEG 2b: 1604 bytes
Archive name.. : MIAMIDLX.LZX
Archive size.. : 3.427 bytes (lzx packed)
Archive info.. : .________________
____¦____ ( _____/__ - -------------
_/ ___/ _/\_ T ¬\_ · diGiTAL ·
.-\ ¦/ 7--7 l / · cORRUPTiON ·
| \____.-----¦ ¦----.____/------- - - -
| ¯¯¯¯¯ ¯¯¯¯¯
| Miami DeLuxe
| Made by xxxxxxxxx
`----------------------------- Design: JRYder
(VHT-DK has removed the name and replaced it with 'xxxxxxxxx')
There might just be more installers of the 'SMEG 2' virus out
there, so do not install these fake-keys.
Thank to the person that send the archive to Jan Erik Olausen,
and to Zbigniew Trzcionkowski for the first test of this virus
__ Jan Andersen E-Mail..: email@example.com
__ /// ------------ FidoNet.: 2:237/38.100
\\\/// Virus Help Denmark AmyNet..: 39:140/127.100
\XX/ www.vht-dk.dk VirNet..: 9:451/247.0