CLP WOW Virus - Amiga Virus Encyclopedia

VIRUS HELP TEAM



    ------------------------
    Amiga Virus Encyclopedia
    CLP_WOW.exe Virus
    ------------------------
    
    
    CLP_WOW.exe Virus:
    Other name : BBS CLP/InspectorX
    
    The warning  that a destroyerfile  called "CLP_WOW.exe"  is in
    circulation appeared 21.12.1993.  I started searching for this
    virus like hell.  But I did not find it on the german systems.

    On the  24.12.1993.  at 21.00 o`clock  I found  a file  called
    "clpvirus.txt" on a fast german BBS system. The file came from
    the USA  (Planet X) and  contained a  complete dissassembly of
    the virus and a warning.

    A big sorry  to all friends,  who I nerved with always calling
    and asking for this virus.

    The  sourcecode  was  complete  and so I  assembled  it with 4
    assemblers ( OMA 2.05 (opt,nonopt)  ASM-ONE (opt,nonopt))  and
    included the recognition routines for this virus.

    I hope that the  original file will  be recognized. Due to the
    case that the whole source was in this file it`s very possible
    that clones appear.


    Inner workings of this virus:
    -----------------------------

    The S: directory will be scannned and all files will be loaded
    Then the loaded will  be overwritten (ca. the first 200 bytes)
    by a lame text and  the file  will be written back.  No rescue
    for executable files is possible.

    Another point: The virus is so buggy that it crashes at all of
    my systems and  no danger is caused. The  LAMERS made  several
    mistakes.


    This file seems to be spread together with the archive
    "bullet.lha".


    At the end of the file can be read:

    "Isn't CUTE LITTLE PONNIES just a nice group!?... hahahaha!"
    "   Fuck off... Next time we will be even MORE nice...     "
    "   MONO oF CUTE LITTLE PONNIES! HAHAHAHAH!           Oups."
    ".. Hope we didn''t destroy any valuable configs in ure    "
    "S-drawer... ahahhHHAHAHAHAHH!!!!!!!     Ok, have fun, anbd"
    " don''t 4get to call again!  HAHA! '


    Comment 29.12.1993.:
    --------------------
    A  cracked  version of /X 3.19  appeared on the boards. This
    version
    was cracked by Mono of Cute little Ponnies. Same name. I saw
    a warning that this /X release contain a backdoor.


    NOTE to the man who dissassembled this virus:
    ---------------------------------------------
    Never spread a  complete  sourcecode of a virus !  Some lame
    guys could assemble and spread the file again. You are right
    if you say that this virus is VERY lame coded but the damage
    is too big....If you have the original virusfile, I would be
    happy,  if you  could send  it to me. Or upload it to one of
    TRSi`s Boards and ask the Sysop to post it to me....

    I have  tried  to start  the new  assembled  files,  but the
    programm failed.

    Comment 12.3.1994 A lot of such based programms have serious
    problems.


    Removal: Kickstart 1.2 & 1.3 : VT-Schutz v3.17
             Kickstart all others: VirusZ III with Xvs.library installed

    Test by Markus Schmall....


    


Virum Help Team
Denmark & Canada
Copyright © All rights reserved
www.vht.dk