Fuzz Trojan - Amiga Virus Encyclopedia


     Amiga Virus Encyclopedia
     Fuzz Trojan
     Other name: FuZZ Script #1, #2 & #3

     ..........................  VIRUS HELP TEAM  ........................

     Hi All....                                              11 april 2020

     We have just recived this archive.  It is said to be a demo for ECS &
     AGA machines. But if you run this demo, your Amiga system will in C:,
     S:, Devs:, L; Libs:, will be renamed
     We are not really sure how old this trojan are but at this time there
     is NO ANTIVIRUS program that can find it. So watch out for it.
     Here is some info about the trojan:
     Trojan name... : Fuzz
     Trojan file... : Many files do damage
     Trojan size... : Many files
     Trojan archive : Stellarx.lha
     Archive size.. : 444.898 bytes
     Archive info.. : 'Stellar X' Demo - ECS & AGA Machines

     There is an  ReadMe.txt in the archive, with  an add from  a Canadian
     BBS, called 'Peace Courier Canadian HQ', saying  they use a 14.4  USR
     Dual modem.
     So we guess it must be an old trojan, there aint many BBS'es left.

     The trojan bomb is named 'Stellar X Demo' When you start the Demo, it
     looks like this:
     Yo! Fuk-Dat-Boyee... UpTheAss
     Yo! Fuk-Diz-Boyee... >nil: -m6 Wigger!
     navel creditz

     The FuZZ trojan archive contains many other files:

     BooYaKa               = Script-File
     BooYaka.info          = Icon
     ReadMe.txt            = BBS add
     DATA/Boyee            = Rename-Command
     DATA/Yo!              = Run-Command
     DATA/Fuk-Dat-Boyee... = CLI Show-Command (Picture-Shower)
     DATA/navel            = Execute-Command
     DATA/Fuk-Diz-Boyee... = Noiseplayer (Module-Player)
     DATA/Wigger!          = Soundmodule
     DATA/fuzzy            = List-Command
     DATA/creditz          = Script-File
     DATA/Dude             = Dir-Command
     DATA/BooYaKa          = Script-File
     DATA/UpTheAss         = Picture

     If you start the trojan, it executes the Script-File 'BooYaKa':

     Where you can read this in the script:
     cd data         
     execute booyaka

     This means that the trojan will execute the file
     'DATA/BooYaKa'. This file contains:

     Yo! Fuk-Dat-Boyee... UpTheAss
     Yo! Fuk-Diz-Boyee... >nil: -m6 Wigger!
     navel creditz         

     Now the trojan displays the picture 'UpTheAss'.
     Then the module Wigger!.
     And executes the script-file creditz:

     Now the trojan will rename every file in:
     And deletes the command c:rename

     Removal: VirusZ III, and also Xvs.library must be installed

          __      Jan Andersen
     __  ///     ---------------
     \\\///      Virus Help Team
      \XX/        www.vht-dk.dk


Virum Help Team
Denmark & Canada
Copyright © All rights reserved