Fuzz Macro - Amiga Virus Encyclopedia

VIRUS HELP TEAM
Amiga Antivirus Website
 



     -----------------------------------
     Amiga Virus Encyclopedia
     Fuzz Macro
     Other name: FuZZ Script #1, #2 & #3
     -----------------------------------
     

     ..........................  VIRUS HELP TEAM  ........................

     Hi All....                                              11 april 2020

     We have just recived this archive.  It is said to be a demo for ECS &
     AGA machines. But if you run this demo, your Amiga system will in C:,
     S:, Devs:, L; Libs:, will be renamed
     
     Here is some info about the trojan:
     ------------------------------------------------------
     Trojan name... : Fuzz
     Trojan file... : Many files do damage
     Trojan size... : Many files
     Trojan archive : Stellarx.lha
     Archive size.. : 444.898 bytes
     Archive info.. : 'Stellar X' Demo - ECS & AGA Machines
     ------------------------------------------------------

     There is an  ReadMe.txt in the archive, with  an add from  a Canadian
     BBS, called 'Peace Courier Canadian HQ', saying  they use a 14.4  USR
     Dual modem.
     So we guess it must be an old trojan, there aint many BBS'es left.


     The trojan bomb is named 'Stellar X Demo' When you start the Demo, it
     looks like this:
     Yo! Fuk-Dat-Boyee... UpTheAss
     Yo! Fuk-Diz-Boyee... >nil: -m6 Wigger!
     navel creditz


     The FuZZ trojan archive contains many other files:

     BooYaKa               = Script-File
     BooYaka.info          = Icon
     ReadMe.txt            = BBS add
     DATA/Boyee            = Rename-Command
     DATA/Yo!              = Run-Command
     DATA/Fuk-Dat-Boyee... = CLI Show-Command (Picture-Shower)
     DATA/navel            = Execute-Command
     DATA/Fuk-Diz-Boyee... = Noiseplayer (Module-Player)
     DATA/Wigger!          = Soundmodule
     DATA/fuzzy            = List-Command
     DATA/creditz          = Script-File
     DATA/Dude             = Dir-Command
     DATA/BooYaKa          = Script-File
     DATA/UpTheAss         = Picture


     If you start the macro, it executes the Script-File 'BooYaKa':

     Where you can read this in the script:
     cd data         
     execute booyaka

     This means that the trojan will execute the file
     'DATA/BooYaKa'. This file contains:

     Yo! Fuk-Dat-Boyee... UpTheAss
     Yo! Fuk-Diz-Boyee... >nil: -m6 Wigger!
     navel creditz         

     Now the trojan displays the picture 'UpTheAss'.
     Then the module Wigger!.
     And executes the script-file creditz:

     Now the trojan will rename every file in:
     S:
     C:
     Fonts:
     Libs:
     L:
     Devs:
     And deletes the command c:rename

     Removal: VirusZ III, and also Xvs.library must be installed


     Regards....
          __      Jan Andersen
     __  ///     ---------------
     \\\///      Virus Help Team
      \XX/        www.vht-dk.dk
Virum Help Team
Denmark & Canada
Copyright © All rights reserved
www.vht.dk