------------------------
Amiga Virus Encyclopedia
BGS 9 (1) Virus
------------------------
======= Computer Virus Catalog 1.2: "BGS 9" Virus (5-June-1990) =======
Entry...............: "BGS 9" (=Bundesgrenzschutz Sektion 9) Virus
Alias(es)...........: ---
Virus Strain........: ---
Virus detected when.: June 1989
where.: Elmshorn, FRG
Classification......: link virus (renaming), resident
Length of Virus.....: 1. length on storage medium: 2608 byte
2. length in RAM : 2608 byte
--------------------- Preconditions -----------------------------------
Operating System(s).: AMIGA-DOS
Version/Release.....: 1.2/33.166, 1.2/33.180, 1.3/34.5
Computer model(s)...: AMIGA 500, AMIGA 1000, AMIGA 2000A, AMIGA 2000B
--------------------- Attributes --------------------------------------
Easy Identification.: typical text: 'TTV1' at the end of the virus
(length is 2608 byte)
identification on disk: a file in ROOT- and/or
DEVS-directory is named with the following
unprintable string:
$A0,$A0,$A0,$20,$20,$20,$A0,$20,$20,$20,$A0,
length of first command in startup-sequence
seems to be altered to 2608 byte (because the
file isn't the original anymore)
Type of infection...: self-identification method: virus searches for a
file in devs- or root directory named with
the following unprintable string:
$A0,$A0,$A0,$20,$20,$20,$A0,$20,$20,$20,$A0
system infection: RAM resident, reset resident
Infection Trigger...: reset (CONTROL + Left-AMIGA + Right-AMIGA)
Storage media affected: bootable floppy disks ( 3.5'' and 5.25'' ),
bootable ram disks, bootable hard disks
Interrupts hooked...: ---
Damage..............: permanent damage: overwriting bootblock
transient damage: screen buffer manipulation:
screen becomes black, a graphic with following
text is shown:
'a computer virus is a disease
terrorism is a transgression
software piracy is a crime
this is the cure BGS9
Bundesgrenzschutz Sektion 9
Sonderkommando "EDV" '
Damage Trigger......: permanent damage: reset (CONTROL + LEFT-AMIGA +
RIGHT-AMIGA)
transient damage: 4 resets (have to be run until
initial CLI window appears )
Particularities.....: other resident programs using the system resident
list (KickTagPointer,KickMemPointer) are
shutdown; name of its resident task is 'TTV1'
(see string in bootblock code) when the virus
doesn't find a DEVS directory, it uses the
root.
first command in startup-sequence is renamed to
a file named with the following unprintable
string: '$A0,$A0,$A0,$20,$20,$20,$A0,$20,$20,
$20,$A0' (in DEVS- or in root directory if
available) and the Virus is written to the
directory. the command comes from using the
same name, next time the virus will be called
first before the original command is executed.
Similarities........: ---
--------------------- Agents ------------------------------------------
Countermeasures.....: Names of tested products of Category 1-6:
Category 1: .2 Monitoring System Vectors:
'CHECKVECTORS 2.2'
.3 Monitoring System Areas:
'CHECKVECTORS 2.2','GUARDIAN 1.2',
'VIRUSX 4.0'
Category 2: Alteration Detection: ---
Category 3: Eradication: 'CHECKVECTORS 2.2',
'BGS9-PROTECTOR', 'VIRUSX 4.0'
Category 4: Vaccine: 'BGS9-PROTECTOR'
Category 5: Hardware Methods: --
Category 6: Cryptographic Methods: ---
Countermeasures successful: 'CHECKVECTORS 2.2', 'BGS9-PROTECTOR'
Standard means......: 'CHECKVECTORS 2.2' (removal)
and creating two files named with the following
unprintable string '$A0,$A0,$A0,$20,$20,$20,$A0,
$20,$20,$20,$A0' for vaccinate disk (one file
has to be placed in the ROOT- and one in DEVS-
directory),
'BGS9-PROTECTOR'
--------------------- Acknowledgement ---------------------------------
Location............: Virus Test Center, University Hamburg, FRG
Classification by...: Wolfram Schmidt, Alfred Manthey Rojas
Documentation by....: Alfred Manthey Rojas
Date................: 5-June1990
Information Source..: ---
====================================== End of "BGS 9" Virus ============================================
Antivirus removal...: Kickstart 1.2 & 1.3 : VT-Schutz v3.17
Kickstart all others: VirusZ III with Xvs.library installed
Animated picture of the BGS 9 Virus:
