COP 3 Trojan (Circle Of Power) - Amiga Virus Encyclopedia
VIRUS HELP TEAM Amiga Antivirus Website www.vht-dk.dk
Amiga Virus Encyclopedia
------------------------------
Amiga Virus Encyclopedia
COP 3 Trojan (Circle Of Power)
------------------------------
Please do not equalize this with Biomechanic.
Biomechanic-variants do Not shorten files. It changes at least five bytes
inside file, not in start!
Groupbuild: Files were shortened with 3E9-Trojanbegin. Files with the same
Trojancodelength and the same Destruktiontext were give a Type
-> Circle Of Power 3:
Known filename : DOpus5
Trojan warning : Read our warning
File size packed : 347.296 Bytes
File size unpacked : 547.296 Bytes
Archive name : OPUS5.LHA
Archive size : 464.397 Bytes
FILE_ID.DIZ : -------------------------------------------
DIRECTORYOPUS v5.0
-------------------------------------------
* Uses multiple processes for windows.
* Full REXX support
* Faster dir-routines.
* Better archive handeling, supports LZX!
-------------------------------------------
Info : Trojan-part is two Hunks, 1860 Bytes.
Filelength after destruction: 6 Bytes.
Packed length + 3E8-*Art-Hunk: 347296 bytes
So, a 3E8-*Art-Hunk was even added here to make packer detection more difficult.
The file reads: libs:.COP'95..
Files from devs: s: and libs: are truncated to 6 bytes.
Therefore, envarc and ncomm are missing. Such a file would then read: COP'95
Unfortunately, NOTHING can be salvaged.
Damage : CED started in the S: directory replacing the data's in EVERY file with the
text 'CIRCLE OF POWER 1995:', so the startup-sequence and rest of the files
in the S dir was totally destroyed. This goes for all the files in your 'DEVS'
directory to.
