COP 4 Trojan (Circle Of Power) - Amiga Virus Encyclopedia
VIRUS HELP TEAM Amiga Antivirus Website www.vht-dk.dk
Amiga Virus Encyclopedia
------------------------------
Amiga Virus Encyclopedia
COP 4 Trojan (Circle Of Power)
------------------------------
Please do not equalize this with Biomechanic.
Biomechanic-variants do Not shorten files. It changes at least five bytes
inside file, not in start!
Groupbuild: Files were shortened with 3E9-Trojanbegin. Files with the same
Trojancodelength and the same Destruktiontext were give a Type
-> Circle Of Power 4:
Known filename : SInfo
Trojan warning : Read our warning
File size : 2.852 Bytes
Archive name : SINFO10.LHA
Archive size : 4.432 Bytes
FILE_ID.DIZ : .------------------------------------------.
| SYSTEMINFO V1.0 BY JURGEN HUNSMANN 1995! |
| A VERY GOOD REPLACEMENT OF THE INFO CMD! |
`----------------------------------(baron)-'
Info : Trojan-part is unknown, only one Hunk.
Filelength after destruction: 5 Bytes.
No corrupted vectors
The file cannot replicate itself.
Difference from other COP types:
Standalone program and NOT linked.
The Trojan part is partially encoded.
The startup sequence is changed:
So, a few lines are inserted before the actual startup sequence.
These lines are processed first after a reset.
A file cop is created in RAM with the following contents at the end: cop!
Sorry, there's nothing left to salvage.
Damage : SInfo will replace every file in your S:, Libs: and C: with a new file,
with a size of 5 bytes, in this file you can read 'cop!'. This is another
program from 'CIRCLE OF POWER!'. The same programmer that has written the
other COP trojans 'NComm32.LHA', 'OPUS5.LHA', 'LHA30.LHA' and 'CED4.LHA'.
Comments : There is another thing, SInfo v1.0 will ask for 'SINFO.library', and the
library is in the archive, BUT it is not 'Sinfo.library', it is the reel
'Bootblock.library v3.1' from SHI, why this ????????
