Infected Diskrepair BBS Virus:

        Again another trojan horse for the AmiExpress BBS system. This virus
        is linked BEHIND a new version of DISKREPAIR.The used linking system
        is the $4eb9 linker as used in many other trojan horses against  AX.
        The new thing in  this virus is that is  not linked in front of  the

        In this case the viruspart is imploded and is decrunched 10244 bytes

        The  directories  BBS and BBS:Utils/ will be  scanned for a  special
        filelength(ca.200000 bytes) and the SNOOPDOS task will be  searched.
        I cannot say what this virus exactly makes because I  have no  AmiEx

        Some resourced virusparts:

                PEA        snoopname(PC)
                JSR        FindTask(PC)

        snoopname       DC.B        'SnoopDos',0
        bbsname1        DC.B        'BBS',0
        bbsname2        DC.B        'BBS:',0
        bbsname3        DC.B        'BBS:',0
        bbsname4        DC.B        'BBS',0
        bbsname5        DC.B        'BBS:',0
        bbsname6        DC.B        'BBS:Utils/',0

        A utilitie, which does not work,if SnoopDos is active ? Not normal.

                                             Detection tested on 29.05.1993.

        Infected WhiteBox BBS Virus:

        This virus is very similar to the virus linked behind Diskrepair.
        The viruscode is more optimized and it will be searched for  some
        more  filelengths.The  used linker is the  4eb9 linker Who  does
        have such a linker ?

        If  a Sysop with the AmiExpress system finds such a virus  please
        reinstall the AmiExpress mainfile.

                                            Detection tested on 06.06.1993.

        The "Whitebox" and the "Diskrepair" viruses does only work  with
        some versions of AmiExpress(ca.5 releases).I do not think that
        they touch AmiExpress 3.03 or AmiExpress 3.04. If you`ve a list
        with lengths of all the AmiExpress releases then please let me
        know it.

        Test by Markus Schmall....

[Go back]