------------------------
Amiga Virus Encyclopedia
Disaster Master v2 virus
------------------------
= Computer Virus Catalog 1.2: DISASTER-MASTER V2 Virus (14-JAN-1991) =
Entry...............: DISASTER-MASTER V2 Virus
Alias(es)...........: ---
Virus Strain........: ---
Virus detected when.: ---
where.: Australia
Classification......: link virus, resident
Length of Virus.....: 1. length on storage medium: 1740 byte
2. length in RAM : ?? byte
--------------------- Preconditions ----------------------------------
Operating System(s).: AMIGA-DOS
Version/Release.....: 1.2/33.166, 1.2/33.180, 1.3/34.5
Computer model(s)...: AMIGA 500, AMIGA 1000, AMIGA 2000A, AMIGA 2000B
--------------------- Attributes -------------------------------------
Easy Identification.: typical text: ??
identification by examining, using disk manager,
the startup-sequence: if its first entry is
"cls" and a file named "cls" exists in "c"
or root directory with a length of 1740 byte
$A0,$A0,$A0,$20,$9B,$41 (invisible in ASCII
editors)
Type of infection...: self-identification method: virus searches for
the following entry in startup-sequence:
"cls" AND a file "cls" in the c or root
directory with length of 1740 byte;
system infection: RAM resident, reset resident
Infection Trigger...: using unprotected disk-like devices
Storage media affected: all bootable and disk-like devices
Interrupts hooked...: ---
Damage..............: permanent damage: destroys directory structure
transient damage: manipulation if window titles;
following alert is displayed after destroying
the structure of a bootable device: "Software
Failure. Press Left Mouse Button to Continue
Guru Meditation #00000002.06001989" and
"Incoming special Message Your Amiga is in-
fected by DISASTER-MASTER V2!!! probably the
best virus created by mankind....
Left = continue Right = self-destruction"
Damage Trigger......: permanent damage: (details to be analysed)
transient damage: (details to be analysed)
Particularities.....: KickTag pointer are misused, ColdCapture and
CoolCapture vectors are cleared; DoIO vector
is used (details to be analysed)
Similarities........: (details to be analysed)
--------------------- Agents -----------------------------------------
Countermeasures.....: Names of tested products of Category 1-6:
Category 1: .2 Monitoring System Vectors:
CHECKVECTORS 2.3, VT 1.94
.3 Monitoring System Areas:
CHECKVECTORS 2.3, GUARDIAN 1.2,
VIRUS-DETEKTOR 1.1, VT 1.94
Category 2: Alteration Detection: ---
Category 3: Eradication: CHECKVECTORS 2.3,
BGS9-PROTECTOR, VIRUS-DETEKTOR 1.1
Category 4: Vaccine: BGS9-PROTECTOR
Category 5: Hardware Methods: ---
Category 6: Cryptographic Methods: ---
Countermeasures successful: CHECKVECTORS 2.3, VT 1.94
Standard means......: CHECKVECTORS 2.3 or VT 1.94 with deletion of
"cls" file entry (see above) with a disk
manager and correction of the startup-sequence
--------------------- Acknowledgement --------------------------------
Location............: Virus Test Center, University Hamburg, Germany
Classification by...: Alfred Manthey Rojas, Brian Logan
Documentation by....: Alfred Manthey Rojas
Date................: 10-February-1991
Information Source..: Brian Logan, Australia
=================================== End of DISASTER-MASTER V2 virus ====================================
Antivirus removal...: Kickstart 1.2 & 1.3 : VT-Schutz v3.17
Kickstart all others: VirusZ III with Xvs.library installed
Animated picture of the Disaster-Master v2 Virus:
