COP PHA-XMAS Trojan - Amiga Virus Encyclopedia

VIRUS HELP TEAM
 


  ------------------------------
  Amiga Virus Encyclopedia    
  COP PHA-XMAS Trojan
  Other name: Circle Of Power 12
  ------------------------------


  Hi All

  The archiv "PHA-XMAS.lha" contains a new trojan.  The code looks like
  the COP trojans,  but this time no word from them.  Via the access of
  DosLists it will be tried to access the files and overwrite them with
  a $1f byte long string, which look like this:

  "+46-620-13141 - DUNGEON OF DOOM"

  A swedish number, I suppose.

  If the sys partition is protected, the following text will be up:

  'Phenomena DOS-Extender V1.1 ',$A9,'1993 by Photon'
  'Unable to write Swapfile. Remove write-protection and retry'
  'Creating new Swapfile. Please hold...'

  Of course Photon has nothing to do with it.

  The FileID of this files looks like this:

  .------------------------------------------.
  : Phenomena presents ' merry x-mas ! '     :
  : Pha's very last production on the Amiga! :
  :                                          :
  : Code & Graphics : Photon, Color & Twins  :
  : Music           : Tip & Mantronix        :
  `------------------------------------------'

  But it`s only a little lame trojan.


  The archive already popped up in Germany on 24.12., but the archive
  was corrupted.  2 days later  I found it  as intact  archive on the
  D-o-E BBS,  where I want to thank Mercury for his freedl, otherwise
  I wouldn`t have been able to analyse this one.

  Some people  had real luck. E.g.  Hitpoint downloaded the corrupted
  archive and could so not start the shit (hi Dieter !)...

  Ok, that is all for now, it`s morning time and I want to sleep...


  Removal: Kickstart 1.2 & 1.3 : VT-Schutz v3.17
           Kickstart all others: VirusZ III, and also Xvs.library must be installed


  Greets
  M.Schmall (Programmer of VirusWorkshop)
Virum Help Team
Denmark & Canada
Copyright © All rights reserved
www.vht.dk