Animal Virus - Saddam Clone - Amiga Virus Encyclopedia

Amiga Antivirus Website

Amiga Virus Encyclopedia
Animal Virus - Saddam Clone    

==== Computer Virus Catalog 1.2: SADDAM.Animal Virus (31-July-1993) ====
Entry...............: SADDAM.Animal Virus
Alias(es)...........: ---
Virus Strain........: SADDAM Virus Strain
Virus detected when.: ---
              where.: ---
Classification......: System virus (replacing), memory resident
Length of Virus.....: 1.Length on storage medium: 1848 byte
                      2.Length in RAM           : 1936 byte
--------------------- Preconditions ------------------------------------
Operating System(s).: AMIGA-DOS
Version/Release.....: 1.2/all, 1.3/all
Computer model(s)...: All AMIGA models
--------------------- Attributes ---------------------------------------
Easy Identification.: ---
Type of infection...: Self-identification method: see SADDAM virus
                      System infection:           see SADDAM virus
Infection Trigger...: See SADDAM Virus
Storage media affected: See SADDAM virus.
Interrupts hooked...: See SADDAM virus
Damage..............: Permanent damage: (1,3,4 same as SADDAM virus)
                         1. If no Disk-Validator program exists on disk
                            or no L: directory, both are built (re-
                            placing Disk-Validator program on disk).
                         2. Destroys block by writing "666",$A0 over
                            existing data (different from SADDAM virus).
                         3. Virus makes Bitmap NOT VALID, so running
                            Disk-Validator next time will infect System.
                         4. Virus starts diskhead stepping in all floppy
                            drives and writing on disk (if writeable)
                            which will result in trackdisk errors.
                      Transient damage: Mouse pointer will disappear,
                            and an Alert will be displayed with text:
                            "Animal VIRUS". After pressing mouse
                            button, cold reset (text different from
                            SADDAM virus).
Damage Trigger......: Permanent damage: (same as SADDAM virus)
                            1) insertion of a diskette
                            2) reading a Datablock
                            3) accessing rootblock
                      Transient damage: reading bootblock after a
                            certain time (same as SADDAM virus).
Particularities.....: See SADDAM virus.
Similarities........: Minor changes (clone) of SADDAM Virus
--------------------- Agents -------------------------------------------
Countermeasures.....: VT 2.54, VirusZ 3.06, VirusChecker 6.28
Countermeasures successful: VT 2.54, VirusZ 3.06, VirusChecker 6.28
Standard means......: VT 2.54
--------------------- Acknowledgement ----------------------------------
Location............: Virus Test Center, University Hamburg, Germany
Classification by...: Jens Vogler
Documentation by....: Jens Vogler
Date................: 31-July-1993
Information Source..: Analysis of virus code
===================== End of SADDAM.Animal VIRUS =======================

Antivirus removal...: Kickstart 1.2 & 1.3 : VT-Schutz v3.17
                      Kickstart all others: VirusZ III with Xvs.library installed

Virum Help Team
Denmark & Canada
Copyright © All rights reserved