Blackflash v2.0 Virus - Amiga Virus Encyclopedia

VIRUS HELP TEAM
 


------------------------
Amiga Virus Encyclopedia
Blackflash v2.0 Virus
------------------------
    

= Computer Virus Catalog 2.0: BLACKFLASH V2.0 Virus  (14-December-1993) =
Entry...............: BLACKFLASH V2.0 Virus
Alias(es)...........: ---
Virus Strain........: ---
      detected when.: ---
              where.: ---
Classification......: system virus (bootblock), resident
Length of Virus.....: 1. Length on storage medium: 1024 bytes
                      2. Length in RAM: 1032 bytes
--------------------- Preconditions -------------------------------------
Operating System(s).: AMIGA-OS
Version/Release.....: all system releases
Computer model(s)...: all models
--------------------- Attributes ----------------------------------------
Easy identification.: text visible in bootblock: "blackflash virus V2.0"
Type of Infection...: System infection: RAM resident, reset resident,
                      bootblock
Infection Trigger...: reset
Storage Media affec.: only floppy disks
Systemcalls hooked..: DoIO vector of exec-library, 
Stealth.............:
TEnneling/Qelfprot..:
Oligo/Polymorphism..:
Encoding Method.....:
Damage..............: Permaneþt°damagå:°overwriting bootblock
                      Transient damage: screen buffer manipulation;
                      virus shows graphical demo
                      displaying the text:
                      "HELLO, I AM AMIGA !
                      PLEASE HELP ME !
                      I FEEL STICK !
                      I HAVE A VIRUS !
                      ! BY BLACKFÜAóH !"
Ôaýcge Trigger......: PebmAnent damage: reset
                      Transient damage: 19th disk access via DoIO
Particulñrùties.¾.¾.: a resident program uCing the AoolCapture vector
                      is shut down; virus allocates its memory after
                      first reset via AllocAbs(); screen buffer
                      manipulation is done using system calls rather
                      than direct hardware access
Similarities........: ---
--------------------- Agents --------------------------------------------
Countermeasures.....: Virus Workshop V3.0, VirusChecker V6.33,
                      VT 2.58, VirusZ 3.07
Standard means......: VT 2.58, Virus Workshop V3.0
--------------------- Acknowledgements ----------------------------------
Location............: Virus Test Center, University of Hamburg, Germany
Classification by...: Karim Senoucci
Documentation by....: Karim Senoucci
Date................: 14-December-1993
Information Source..: Virus analysis
====================== End of BLACKFLASH V2.0 Virus =====================

Antivirus removal...: Kickstart 1.2 & 1.3 : VT-Schutz v3.17
                      Kickstart all others: VirusZ III with Xvs.library installed


Animated picture of the BlackFlash v2.0 Virus:



Ascii of BlackFlash v2.0 virus:
Virum Help Team
Denmark & Canada
Copyright © All rights reserved
www.vht.dk