VIRUS HELP TEAM Amiga Antivirus Website www.vht-dk.dk
------------------------
Amiga Virus Encyclopedia
Aibon 2 Installer
------------------------
- Aibon2-Mount2-Clone:
A Toolsdaemon V2.2 has appeared, infected with this clone part.
File length infected: 7128 bytes
Trojan removed: 4896 bytes
This part was linked using the Hunklab method.
Differences to Aibon:
- mount is copied to s (length 784 bytes)
- s:startup-sequence is shortened to ONE line s:mount,$0a,$0a.
- Files are shortened to 42 bytes and filled with memory content from
$0 (yes, zero page). Example file with KS1.3:
0000: 00000000 00000676 00fc0818 00fc081a .......v........
0010: 00fc081c 00fc081e 00fc0820 00fc0822 ........... ..."
0020: 00fc090e 00fc0826 00fc .......&..
- The Trojan file reads:
00000000 00000000 00000000 7379733a ............sys:
00686430 3a006466 303a0064 66323a00 .hd0:.df0:.df2:.
646f732e 6c696272 61727900 00000000 dos.library.....
;.....
03eb0000 00000000 03f2733a 6d6f756e ..........s:moun
740a0a73 3a737461 72747570 2d736571 t..s:startup-seq
75656e63 6500733a 6d6f756e 74000000 uence.s:mount...
;.....
00000000 00006864 303a0073 79733a00 ......hd0:.sys:.
72616d3a 00646f73 2e6c6962 72617279 ram:.dos.library
00736572 2e726561 6400646f 732e6c69 .ser.read.dos.li
62726172 79000000 00000000 0000646f brary.........do
732e6c69 62726172 79004261 636b4772 s.library.BackGr
6f756e64 5f50726f 63657373 00000000 ound_Process....
Also minor changes to the drives.
A GURU must be expected.
The installation process has a DOS delay ($29bf8 = almost
an hour). For the rest, see the express description above.
Removal: Kickstart 1.2 & 1.3 : VT-Schutz v3.17
Kickstart all others: VirusZ III with Xvs.library installed
Orginal text by Heiner Schneegold
Translated from german to english, with use of Google translate
