AEK Virus (SCA Clone) - Amiga Virus Encyclopedia

VIRUS HELP TEAM




------------------------    
Amiga Virus Encyclopedia    
AEK Virus (SCA Clone)
------------------------

        
========= Computer Virus Catalog 1.2: AEK Virus (5-June-1990) =========
Entry...............: AEK Virus
Alias(es)...........: MICRO-MASTER Virus
Virus Strain........: SCA Virus
Virus detected when.: FEBRUARY 1988
              where.: Elmshorn, FRG
Classification......: system virus (bootblock), resident
Length of Virus.....: 1. length on storage medium: 1024 byte
                      2. length in RAM           : 1024 byte
--------------------- Preconditions -----------------------------------
Operating System(s).: AMIGA-DOS
Version/Release.....: 1.2/33.166, 1.2/33.180 and 1.3/34.20
Computer model(s)...: AMIGA 500, AMIGA 1000, AMIGA 2000A, AMIGA 2000B
--------------------- Attributes --------------------------------------
Easy Identification.: typical text: 'Another Future of programming has
                         begun on Amiga !!!! Don't worry about our
                         great V I R U S !!! Spread by Micro-Master of
                         CCW and Odie from AEK !!!'
                      virus feature: pressing left mouse/fire button of
                         port 1 during system reboot, causes the screen
                         to become green and the virus to shut down it-
                         self by clearing ColdCapture and CoolCapture
                         Vectors
Type of infection...: self-identification method: testing 3rd longword
                         for matching string 'CHW!'
                      system infection: RAM resident, reset resident,
                         bootblock infection
Infection Trigger...: reset (CONTROL + Left-AMIGA + RIGHT-AMIGA)
Storage media affected: only floppy disks (3.5" and 5.25")
Interrupts hooked...: ---
Damage..............: permanent damage: overwriting bootblock
                      transient damage: screen buffer manipulation:
                         screen becomes black, message (see above) is
                         shown by fading in and out peaces of it.
Damage Trigger......: permanent damage: reset
                      transient damage: 15th infection
Particularities.....: a resident program using the CoolCaptureVector is
                         shut down, also such using the ColdCapture
                         Vector when the virus is shut down by its
                         'suicide' function
Similarities........: SCA virus strain
--------------------- Agents ------------------------------------------
Countermeasures.....: Names of tested products of Category 1-6:
                      Category 1: .2 Monitoring System Vectors:
                                     'CHECKVECTORS 2.2'
                                  .3 Monitoring System Areas:
                                     'CHECKVECTORS 2.2','GUARDIAN 1.2',
                                     'VIRUSKILLER 2.0', 'VIRUSX 4.0'
                      Category 2: Alteration Detection: --
                      Category 3: Eradication: 'CHECKVECTORS 2.2',
                                     'VIRUSKILLER 2.0', 'VIRUSX 4.0'
                      Category 4: Vaccine: 'SCA-PROTECTOR 1.0',
                                     'VIRUSKILLER 2.0'
                      Category 5: Hardware Methods: --
                      Category 6: Cryptographic Methods: --
Countermeasures successful: 'CHECKVECTORS 2.2', 'GUARDIAN 1.2',
                            'VIRUSKILLER 2.0', 'SCA-PROTECTOR 1.0',
                            'VIRUSX 4.0'; own suicide function.
Standard means......: 'CHECKVECTORS 2.2'
--------------------- Acknowledgement ---------------------------------
Location............: Virus Test Center, University Hamburg, FRG
Classification by...: Oliver Meng
Documentation by....: Alfred Manthey Rojas
Date................: 5-June-1990
Information Source..: ---
===================== End of AEK-Virus ================================

Antivirus...........: Kickstart 1.2 & 1.3 : VT-Schutz v3.17
                      Kickstart all others: VirusZ III v1.04B or higher, and also Xvs.library v33.47 or higher


Ascii of AEK virus:





Virum Help Team
Denmark & Canada
Copyright © All rights reserved
www.vht.dk