======= Computer Virus Catalog 1.2: GADDAFI Virus (5-June-1990) =======
Entry...............: GADDAFI Virus
Alias(es)...........: --
Virus Strain........: --
Virus detected when.: January 1989
              where.: Elmshorn, FRG
Classification......: system virus (bootblock), resident
Length of Virus.....: 1. length on storage medium: 1024 byte
                      2. length in RAM           : 1024 byte
--------------------- Preconditions -----------------------------------
Operating System(s).: AMIGA-DOS
Version/Release.....: 1.2/33.180
Computer model(s)...: AMIGA 500, AMIGA 1000, AMIGA 2000A, AMIGA 2000B
--------------------- Attributes --------------------------------------
Easy Identification.: typical text: 'GADDAFI VIRUS ! Spreading strictly
                         forbitten !!!(c)88 JG   For update service
                         call:0222/1597' (phone number of the austrian
                         lotto association)
Type of infection...: self-identification method: ---
                      system infection: RAM resident, reset resident,
                         bootblock
Infection Trigger...: reset (CONTROL + Left-AMIGA + Right-AMIGA)
                      operation: any access on bootblock (sectors 0/1)
Storage media affected: only floppy disks (3.5" and 5.25")
Interrupts hooked...: ---
Damage..............: permanent damage: overwriting bootblock
                         possibly malfunction of drives DF0: or DF1:
                         by misusing their stepper motors
                      transient damage: stepper motors of drives DF0:
                         and DF1: are used after 7th reset to produce
                         some 'sounds'
Damage Trigger......: permanent damage: reset
                         operation: any access on bootblock
                      transient damage: after 7th reset
Particularities.....: uses DoIOVector
                      other resident programs using the system resident
                         list (KickTagPointer, KickMemPointer) or one
                         of the capture vectors are shut down, CoolCap-
                         ture vector is used as entry to initialize the
                         resident structure for the virus
                      ColdCapture and CoolCapture vector are initia-
                         lized with adress $00040258 (after 7th reset)
                         where a program may lay or not, normally causes
                         an error in execbase structure (yellow screen
                         during system reboot)
Similarities........: ---
--------------------- Agents ------------------------------------------
Countermeasures.....: Names of tested products of Category 1-6:
                      Category 1: .2 Monitoring System Vectors:
                                     'CHECKVECTORS 2.2'
                                  .3 Monitoring System Areas:
                                     'CHECKVECTORS 2.2','GUARDIAN 1.2',
                                     'VIRUSX 4.0'
                      Category 2: Alteration Detection: ---
                      Category 3: Eradication: 'VCHECKVECTORS 2.2'
                                               'VIRUSX 4.0'
                      Category 4: Vaccine: ---
                      Category 5: Hardware Methods: ---
                      Category 6: Cryptographic Methods: ---
Countermeasures successful: 'CHECKVECTORS 2.2','GUARDIAN 1.2',
                            'VIRUSX 4.0'
Standard means......: 'CHECKVECTORS 2.2'
--------------------- Acknowledgement ---------------------------------
Location............: Virus Test Center, University Hamburg, FRG
Classification by...: Oliver Meng, Wolfram Schmidt
Documentation by....: Alfred Manthey Rojas
Date................: 5-June-1990
Information Source..: ---
===================== End of GADDAFI Virus ============================

[Go back]