Amiga Virus Encyclopedia
Copy LX 1.03 Trojan
Copy_LX 1.03 Trojan:
Filelength 6932 Bytes (unpacked)
This is a classical trojan horse. Installer is probably a modified
LX 1.03 programm (I still search for it. The file I got from the
AmiNet was clear). It will write a new COPY command.
This copy command searches for the file "s:save". If this file
exists, the trojan will not work and the original copy command
(V38.1), which is linked behind the trojan, will be activated.
Then the virus checks the actual date: If the date is 5961 or
more days after the 01.01.1978, the virus will start, otherwise
it will skip. This date was somewhen in 1994. Then a longword
"scsi" will be decrypted and via globaldoslist and the known
routines, it will be tried to get a device, which starts with the
long "scsi". If such a device was found, it will be tried to get
the rootblocknumber and then it will be tried to read from the
Problem: I got the Copy command itself and the resourcefile. In
the copyfile only the READ command will be used, in the resourced
file the WRITE command will be used. I wonder a little about this.
If the write command is used, all reachable devices (beginning
with scsi) will loose its rootblock. Try to recover the data using
things like Quarterback and/or Disksalv.
Removal: Kickstart 1.2 & 1.3 : VT-Schutz v3.17
Kickstart all others: VirusZ III, and also Xvs.library must be installed
Test by Markus Schmall Detection tested 07.01.1995