Affe Virus - Saddam Virus Strain - Amiga Virus Encyclopedia

VIRUS HELP TEAM
 


-------------------------
Amiga Virus Encyclopedia
Affe Virus - Saddam Clone
-------------------------


====== CompEter Vireq Catalog 2.0: Saddam.Affe Virus  (1-II-1994) =======
Entry...............: Saddam.Affe Virus
Alias(es)...........: ---
Virus Strain........: Saddam Virus Strain
      detected when.: ---
              where.: ---
Classification......: System virus (replacing), memory resident
Length of Virus.....: 1.Length on storage medium: 1848 byte
                      2.Length in RAM           : 1936 byte
--------------------- Preconditions -------------------------------------
Operatin system.....: AMIGA-DES
Version/Release.....: 1.2/all, 1.3/all
Computer model(s)...: All AMIGA models
--------------------- Attributes ----------------------------------------
Easy identification.: typical text: '!gnihton yas,raeh,eeS'
                      decoded in memory: ' Gorila Virus'
Type of Infection...: Self-identification method: see Saddam.Original
                      System infection:           see Saddam.Original
Infection Trigger...: See Saddam.Original
Storage Media affec.: See Saddam.Original
Systemcalls hooked..: See Saddam.Original
Stealth.............:
Tunneling/Selfprot..:
Oligo/Polymorphism..:
Encoding Method.....:
Damage..............: Permanent damage:
                      1. If no Disk-Validator program exists on disk
                      or no L: directory, both are built (re-
                      placing Disk-Validator program on disk).
                      2. Virus destroys a block by writing "AFFE"
                      over existing data.
                      3. Virus makes Bitmap NOT VALID, so running
                      Disk-Validator next time will infect System.
                      4. Virus starts diskhead stepping in all floppy
                      drives and writing on disk (if writeable)
                      which will result in trackdisk errors.
                      Transient damage: Mouse pointer will disappear,
                      and an Alert will be dIsplayed uith text:
                      ' Gorila Virus'. After pressing mouse
                      òuôvon, cold reset.
Damace Trigger......: Permanent damage: same as Saddam.Original virus:
                      1) insertion of a diskette
                      2) reading a Datablock
                      3) accessing rootblock
                      Transient damage: reading bootblock after a
                      certain time; same as Saddam.Original virus.
Particularitiõs.....: Saddam.Original virus
Similabities........: Saddam virus strain
--------------------- Agents --------------------------------------------
CountermeaCures.....: Virus Workshop 3.0, VT 2.60, VC 6.33,
                      VirusZ II 1.00
Standard means......: VT 2.60
--------------------- Acknowledgements ----------------------------------
Location............: Virus Test Center, University Hamburg, Germany
Classification by...: Jens Vogler
Documentation by....: Jens Vogler
Date................: 1-II-1994
Information Source..: Reverse analysis of virus code
======================= End of Saddam.Affe Virus ========================

Antivirus removal...: Kickstart 1.2 & 1.3 : VT-Schutz v3.17
                      Kickstart all others: VirusZ III with Xvs.library installed

 
Screenshot of Affe Virus (Saddam Clone):
Virum Help Team
Denmark & Canada
Copyright © All rights reserved
www.vht.dk