------------------------
Amiga Virus Encyclopedia
Bobek 2 Virus Dropper
------------------------
Hi All.... 10 June 2001
What we think is the installer of the new linkvirus 'Bobek2' has been
found. It was on Aminet but has been removed now. But there just might
be a few more installers our there, so take care....
Okay, here is what we know so far:
Archive name : Footro.lha
Archive size : 2.924 bytes
Archive info : Borntro from new A500 team
Footro is looking for skilled A500 coders.
Installer name: 4k
Installer size: 2.784 bytes (packed with stonecracker 4.04)
Installer size: 3.316 bytes (unpacked)
Virus name : Bobek2 linkvirus
Virus size : About 1036 bytes (uses polimorphic engine)
In the unpacked file of '4k', you can read:
------------------------------ CUT TEXT -------------------------------
xxxxxxxxxxx proudly presents BOBEK2 - The first binary virus for Amiga!
Credits - main coding by xxxxxxxx, polyengine by xxxxxx, installer-tool
and timer.device coding by xxxxxx! We are the best! Powered by Asm-One!
Enjoy! That is only preview of our metamorphic engine!
------------------------------ CUT TEXT -------------------------------
(VHT-DK has removed part of the names, and replaced them with 'xxxx' we
will not promote names of virus programmers, they should make use of
there programming skills and make some usefull programs)
We did have some trouble with the file, we could not get it to run, so
we rigged up the old Amiga500, and we got the virus to spread to other
files.
Right now that is no cure for the 'Bobek2' virus, but Jan Erik Olausen
is working for a way to make an recog for the 'Bobek2' linkvirus. I'll
get back to you as soon as we have some news.
Thanks to 'Jan Erik Olausen' the programmer of VirusExecutor for the
about this archive.
Antivirus removal: Kickstart 1.2 & 1.3 : VT-Schutz v3.17
Kickstart all others: VirusZ III with Xvs.library installed
Regards....
__ Jan Andersen
__ /// ------------
\\\/// Virus Help Denmark
\XX/ www.vht-dk.dk