DKG Blum Trojan - Amiga Virus Encyclopedia

VIRUS HELP TEAM
 



 ------------------------
 Amiga Virus Encyclopedia
 DKG Blum Trojan
 ------------------------


 Hi All....                                         19 December 2000

 Today we recived a new 'lame' trojan. This trojan will only execute
 it self if you have named your hard-disk "DH0" & "DH1".  The trojan
 is spread in  and archive with  the name "DKG-BLUM.LHA". If you run
 the  "DKG-BLUM.exe",  the trojan  will replace  your c:loadwb  with
 another loadwb (size: 3560 bytes) and replace c:assign with another
 assign (size: 2408 bytes),  and the screen will tell you that there
 is not enough memory,  and you will have  to restart, then it looks
 like the trojan will delete DH1:.
 The trojan also  adds or replaces 2 other files, "LIBS:asi.library"
 & "DEVS:ASI.device".

 The cure right now (If you have lost your DH1:  to bad......), then
 replace the trojan files with clean ones, here is the trojan sizes:

 c:loadwb         ( 3560 bytes)
 c:assign         ( 2408 bytes)
 libs:asi.library (24548 bytes - delete if you dont have clean file)
 devs:asi.device  ( 2408 bytes - delete if you dont have clean file)


 Here is some info about the infected archive:

 Virus Type.... : Trojan
 Archive name.. : dkg-blum.lha
 Archive size.. : 28.535 bytes (lha packet)

 Removal: Kickstart 1.2 & 1.3 : VT-Schutz v3.17
          Kickstart all others: VirusZ III, and also Xvs.library must be installed

 This archive has been send to all the antivirus programers.....

 Thanx to Peter Gordon & Urban for the info and sending the archive
 to us.......


   Regards....
      __          Jan Andersen
 __  ///          ------------
 \\\///        Virus Help Denmark
  \XX/            www.vht-dk.dk
Virum Help Team
Denmark & Canada
Copyright © All rights reserved
www.vht.dk