COP Variants generaly - Amiga Virus Encyclopedia

VIRUS HELP TEAM


Amiga Virus Encyclopedia



- COP-Variants generaly.

Destruction: Files a shortened, and overwriten with a text.

Please do not equalize this with Biomechanic (ref.) Biomechanic-variants
do Not shorten files. It changes at least five Bytes inside file, not in
start!

Groupbuild: Files were shortened with 3E9-Trojanbegin. Files with the same
            Trojancodelength and the same Destruktiontext were give a Type

    -> Type-A
     Trojan-part is two Hunks, 1920 Bytes.
     Filelength after destruction: 21 Bytes.
     Known filename:  NComm32, 121896 Bytes.

    -> Type-B
     Trojan-part is two Hunks, 1904 Bytes.
     Filelength after destruction: 19 Bytes.
     Known filename:  LHA3.0, 69888 Bytes.
                      CED4, 174500 Bytes.

    -> Type-C
     Trojan-part is two Hunks, 1860 Bytes.
     Filelength after destruction: 6 Bytes.
     Known filenames: DOpus5, 347296 Bytes.

    -> Type-D
     Trojan-part is unknown, only one Hunk.
     Filelength after destruction: 5 Bytes.
     Known filenames: SInfo, 2852 Bytes.

    -> Type-E
     Trojan-part is unknown, only one Hunk.
     Filelength after destruction: 38 Bytes.
     Known filenames: FutureTracker, 317608 Bytes.
                      Virusworkshop V5.0, 135744 Bytes.

    -> Type-F
     Trojan-part is unknown, no 4EB9.
     Filelength after destruction: 20 Bytes.
     Known filenames: acp, 71904 Bytes.

    -> Type-G
     Trojan-part is two Hunks, 460 Bytes.
     Filelength after destruktion: 31 Bytes.
     Known filenames: CopKiller, 8428 Bytes.
                      cALLERSLOG.SFX, 8428 Bytes.
     The two file have the same content!

    -> Type-H
     Trojan-part is unknown, no 4EB9.
     Filelength after destruktion: 63 Bytes.
     Known filenames: LZX130_680000EC, 67680 Bytes.
                      LZX130_680020, 64896 Bytes.
                      LZX130_680040, 65385 Bytes.

    -> Type-I
     Trojan-part is unknown, no 4EB9.
     Filelength after destruction: 75 Bytes.
     Known filenames: ProTracker 4.0b, 336804 Bytes.
                      LZX125_68000EC, 68492 Bytes.
                      LZX125_68020, 65708 Bytes.
                      LZX125_68040, 65456 Bytes.

    -> Type-J
     Trojan-part is unknown, no 4EB9.
     Filelength after destruction: 71 Bytes.
     Known filenames: ACP-4.20, 62384 Bytes.
                      EXPRESS_4.20 Bytes.

    -> Type-K
     Trojan-part is two Hunks, 432 Bytes.
     Filelength after destruction: 41 Bytes.
     Known filenames: dmv05.exe, 36480 Bytes.
                      TETRIS.EXE, 21244 Bytes.
                      TETRIS2.EXE, 21244 Bytes
     The two TETRIS.EXE have the same content!

    -> Type-L
     Trojan-part is unknown, no 4EB9.
     Filelength after destruction: 31 Bytes.
     Known filenames: TP5_Andromeda.exe, 40216 Bytes.
                      TP5_Parallax.exe, 39980 Bytes.
                      TP5_SilentsDK.exe, 39440 Bytes.
                      TP5_Spaceballs.exe, 38060 Bytes.
                      TP5_TRSI.exe, 37412 Bytes.*
                      BlueSky2.exe, 37412 Bytes.*
     The two files marked *, have the same content!

    -> Type-M
     Trojan-part is unknown, no 4EB9.
     Filelength after destruction: 31 Bytes.
     Known filenames: PHA_XMAS.EXE, 461384 Bytes.

    -> Type-N
     Trojan-part is unknown, no 4EB9.
     Filelength after destruction: 75 Bytes.
     Known filenames: QBTools3, 227716 Bytes.


     Removal: Kickstart 1.2 & 1.3 : VT-Schutz v3.17
              Kickstart all others: VirusZ III, and also Xvs.library must be installed


------------------------------------------------------------
 Translated to English by Steen Jacobsen © 2001 VHT-Denmark
 Org. Test by Heiner Schneegold.
------------------------------------------------------------
Virum Help Team
Denmark & Canada
Copyright © All rights reserved
www.vht.dk