UA Dialer 2.8g BBS Trojan - Amiga Virus Encyclopedia
VIRUS HELP TEAM
-------------------------
Amiga Virus Encyclopedia
UA Dialer 2.8g BBS Trojan
-------------------------
Dialer 2.8g Virus:
Other name: BBS NoCallerAt300
This is a trojan horse for AmiExpress. The SysopPW will be taken
and put in the file "nocallersat300". Now the hacker can simply get
the PW (when getting connected with 300 baud) and enter the BBS.
The UADialer 2.8 is a bluebox. Therefore I did not code a repair-
routine for this virus. Blueboxing is a crime and I do not want to
support it.
Due to the fact that it is spread in a crunched executable file, VW
will only recognize the crunched file.
The crunched executable file does not work an a A4000 (MC68040)
with activated CACHES.
VirusStart:
dosbase DC.B 0
DC.B 0
DC.W 0
filehandle DC.W 0
DC.W 0
destfilehandle DC.W 0
DC.W 0
memblock
dcb.l 40,0
dosname DC.B 'dos.library',0
username DC.B 'bbs:user.data',0
desttext DC.B 'bbs:node1/NOCALLERSAT300',0
A little script,made with DosTouch,which shows us the inner
workings of the Dialer28g:
Load ram:dialer
-> Open bbs:user.data Openmode:OLD
-> Open bbs:node1/NOCALLERSAT300 Openmode:OLD
CProc DIALER-TASK
Open s:UADial.pref Openmode:OLD
Open s:UADial.prefs Openmode:OLD
Open s:UADial.conf Openmode:OLD
Detection and Termination tested on 18.03.93.
This virus (like most BBS trojans) should only work with AmiExpress
1.x and 2.x because the structures of AmiExpress 3.x are a little
bit different, aren`t they ?
Removal: Kickstart 1.2 & 1.3 : VT-Schutz v3.17
Kickstart all others: VirusZ III with Xvs.library installed
Test by Markus Schmall
