-COP-Acp-Trojan    Type F    Destruktion file.

acp length= 71904 Bytes
No hidden vectors.
No multiplying.
Tries to fool by using File-ID: AmiExpress 5.0
Looks very much like type E.
Uncoded (NOT.B D0) can be read in file:
     434f4e3a 302f3030 2f313030 30302f35 CON:0/00/10000/5
     302f436f 64656420 6279204b 68616e61 0/Coded by Khana
     6e202620 4772616a 73616820 2863292d n & Grajsah (c)-
       ;.......
     20202020 20202020 3a5b634f 705d0a5b         :[cOp].[
     634f705d 3a204b68 616e616e 203a5b63 cOp]: Khanan :[c
     4f705d64 6576733a 00733a00 6262733a Op]devs:.s:.bbs:
     004c3a00 4e434f4d 4d3a0000 20245645 .L:.NCOMM:.. $VE
     523a2041 43502056 352e3020 2843292d R: ACP V5.0 (C)-

Run sequence:
It opens a window, and prints a COP-text. This MUST get the users attention. Recomended is a immediate RESET. This might limit the damage. Beware: this could cause HD-validation problems.
Files in devs, s, bbs, L and NCOMM is reduced to 20 Bytes. Afterwards the content is something like this:
      printer.device
    0000: 5b634f70 5d3a204b 68616e61 6e203a5b [cOp]: Khanan :[
    0010: 634f705d                            cOp]

Sorry, the damage can not be repaired.
VT can only delete it, as ACP V5.0 proberly is a fake.


------------------------------------------------------------
 Translated to English by Steen Jacobsen  2001 VHT-Denmark
 Org. Test by Heiner Schneegold.
------------------------------------------------------------

[Go back]