------------------------
Amiga Virus Encyclopedia
Hilly Virus
------------------------
====== Computer Virus Catalog 1.2: HILLY Virus (20-FEB-1993) ===========
Entry...............: HILLY Virus
Alias(es)...........: ---
Virus Strain........: (Weakly related to Lamer strain)
Virus detected when.: ---
where.: ---
Classification......: System Virus (Bootblock,Resident)
Length of Virus.....: 1.Length(Byte)on storage medium:1024 Byte
2.Length(Byte)in RAM: 30 Byte at $60000
+ $500 Byte at $7f300
--------------------- Preconditions ------------------------------------
Operating System(s).: AMIGA-DOS
Version/Release.....: 1.2 only (absolute DoIO)
Computer model(s)...: AMIGA 500,1000,2000
--------------------- Attributes ---------------------------------------
Easy Identification.: ---
Type of infection...: Bootblock, overwriting without checks
Infection Trigger...: Reset
Storage media affected: All devices controlled through DOIO-requests
Diskettes + some harddisks
Interrupts hooked...: VBI hooked to reserved function calls in Sysbase
Damage..............: Overwriting bootblocks, every second infection
generates a random number and overwrites this
block with the virus code.
Overwriting memory sections without previous
allocation.
Damage Trigger......: 2nd infection (2nd boot with unprotected media)
Particularities.....: Checks for special kickstart version
(patched at $fc0090)
Similarities........: Damage routing adapted from Lamer bootvirus strain.
--------------------- Agents -------------------------------------------
Countermeasures.....: Names of tested products of Category 1-6:
Category 1: AVM 0.235
Category 2: AVM 0.235
Category 3: AVM 0.235,VT2.40,VC6.03
Category 4: Impossible
Category 5: ---
Category 6: ---
Countermeasures successful: AVM0.235(internal product),VT2.40,VC6.03
Standard means......: VC6.03
--------------------- Acknowledgement ----------------------------------
Location............: Virus Test Center, University Hamburg, FRG
Classification by...: Soenke Freitag
Documentation by....: Soenke Freitag
Date................: 17.12.1992
Information Source..: Original virus code
===================== End of HILLY Virus ===============================
Antivirus...........: Kickstart 1.2 & 1.3 : VT-Schutz v3.17
Kickstart all others: VirusZ III v1.04B or higher, and also Xvs.library v33.47 or higher
Ascii of Hilly virus:
☣ |
Virum Help Team Denmark & Canada Copyright © All rights reserved www.vht.dk |
☣ |
| |