Fungus Virus - Amiga Virus Encyclopedia

VIRUS HELP TEAM
 



------------------------
Amiga Virus Encyclopedia
Fungus Virus
-------------------------

---------------------------------------------------------------------------     
Entry...............: Fungus/LSD
Alias(es)...........: .
Virus Strain........: Vaginitis and so on
Virus detected when.: -
              where.: -
Classification......: System/Linkvirus, memory-resident, not reset-resident
Length of Virus.....: 1. Length on storage medium:         760 Bytes
                      2. Length in RAM:                   2048 Bytes

--------------------- Preconditions ---------------------------------------

Operating System(s).: AMIGA-DOS Version/Release..: 2.04 and above (V37+)
Computer model(s)...: all models/processors (MC68000-MC68060)

--------------------- Attributes ------------------------------------------

Easy Identification.: none

Type of infection...: Self-identification method in files:

                      - none

                      Self-identification method in memory:

                      - checks for $261f at LoadSeg patch offset -4

                      System infection:
                      -  infects the following function:
                         Dos LoadSeg()

                      Infection preconditions:

                      - Hunk Code is found
                      - File is not infected already (double
                        infections are impossible)
                      - device is validated
                      - device contains free blocks

Infection Trigger...: executing files

Storage media affected:
                      all dos devices

Interrupts hooked...: None

Damage..............: Permanent damage:
                      - none
                      Transient damage:
                      - none
Damage Trigger......: Permanent damage:
                      - none
                      Transient damage:
                      - none

Particularities.....: The virus performs:
                      run >nil: newshell TCP:1666
                      
Similarities........: Link-method is first hunk increasing.
                      Last RTS will be rewritten with nop.

Stealth.............: -

Armouring...........: very simply eor crypter with static key $DEAD

Comments............: many variations of that virus were on the spread
                      some were spreading (Vaginitis) when some were
                      infecting only C:MOUNT... The newshell command
                      creates so called port that lets for hacking of
                      the machine from an outside.

--------------------- Acknowledgement -------------------------------------

Location............: Pawlowice, Poland  12.2001
Classification by...: Zbigniew Trzcionkowski
Documentation by....: Zbigniew Trzcionkowski
Date................: 12.2001
Information Source..: Virus disassembly
Copyright...........: This documentation is public domain

======================== End of LSD/Fungus ================================

Antivirus rRemoval..: Kickstart 1.2 & 1.3 : VT-Schutz v3.17
                      Kickstart all others: VirusZ III, and also Xvs.library must be installed
Virus Help Team
Denmark & Canada
Copyright © All rights reserved
www.vht.dk