ConMan LoadWB+Installer:
       ------------------------

       Needs Kickstart V37.XXX or higher to work.

       Trojan:      12088 Bytes
                               (somekind of encryption tool, not packed)
       new LoadWB : 2088 Bytes (packed with TurboSqueezer 6.1)
                               (unpacked 2124 Bytes)


       Archivname:  dpl-dc99.lha


       This trojan was linked using the 4eb9 linker. Euronymous/TRSi tested
       this file and found the 4eb9 stuff and informed me, thanks a lot !!!
       The trojan searchs for a task called "CLI(0):no command loaded" and
       creates a process under this name, if it is not existing.

       A new LoadWB command will be written, which contains the destruction
       routine. It will be waited about $5500 ticks and after this it will
       be checked for a file "s:conman". If this file is existing, the
       trojan will not work. If the file is not existing, it will be tried
       to format your sys: device. All data is lost, I am sorry to say this.

       After the destruction process, a Intuition alert will pop up and
       show show you the following text:

       'SYSKILLER MESSAGE: YOU BETTER TAKE CARE DOODIE - '
                    'SOFTWARE-PIRACY IS A CRIME! '.



       IMPORTANT: The virus tries to install a new process called
       "CLI(0): no command loaded", if this is not already existing
       (from system). I could not install this task on an A500+
       and on a A4000/40, so I could not write a repairroutine for
       it. Result: If VirusWorkshop finds this infected LoadWB file,
       THEN delete this file and reset your machine ! Thanks !
       You have $5000/50/60 Minutes (+- 6 minutes) before this
       destruction part will be activated !!!


       Markus Schmall                 Detection tested 26.01.1995.

[Go back]