Scansystem Trojan:
   ------------------

   other possible names: none
   Filelength: 10720 bytes (unpacked)
   Found in  : scansystem.lha
   Found     : Jun`95

   This is another typical trojan. It pretends to be a system optimizer,
   which should enable a MMU emulation (pure bullshit).

   Here the FILE_ID.DIZ:

               A Fast Optimizer For 68020-68030 Motorola
               System +7% Faster ! Patch System Routines
               and allow you to create a MMU Simulation!
               Speed For ALL! Optimize your system !
               This Famous Tool has been written in ASM
               by CheckIn of NewIntelligent Tools Prod!


   If you start it, it will open a window with the name:

        'CON:0/0/1280/1280/ SystemScan v0.6 by CheckIn ! in 1995'


   Afterwards some messages appear and the directories "sys:libs","sys:devs",
   "sys:c","sys:s" and "sys:L" will be investigated. The programm pretends
   just to scan the files, in reality, all deletable files will be deleted.
   If the programm fails to delete a file, it will give you a "FAILED..." How
   nice.

   As "replacement" the programm writes a file called "SYS:FUCK!" on the
   disc, which probably should make it unpossible to recover the files. If
   this file already exists, the programm will exit with the comment:

   ' System Already Scaned !'


   Other messages, which appear during the scan, are e.g.:

   ' Scan Integrity of the System ! Please Wait ...'

   The code was probably done using a highlevel compiler and not normal asm-
   code (I hate to dissassemble compilercode).


   Test By Markus Schmall                       Detection tested 30.06.1995.

[Go back]