Revenge Of The Lamer Exterminator - Amiga Virus Encyclopedia
VIRUS HELP TEAM
---------------------------------
Amiga Virus Encyclopedia
Revenge Of The Lamer Exterminator
---------------------------------
== Computer Virus Catalog 1.2: REVENGE OF THE LAMER EXTERMINATOR Virus (10-February-1991)=======
Entry...............: REVENGE OF THE LAMER EXTERMINATOR Virus
Alias(es)...........: ---
Virus Strain........: LAMER link virus strain
Virus detected when.: ---
where.: Australia
Classification......: link virus (directory type), resident
Length of Virus.....: 1. length on storage medium: 4448 byte
2. length in RAM : 4412 byte
--------------------- Preconditions ----------------------------------
Operating System(s).: AMIGA-DOS
Version/Release.....: 1.2/33.166, 1.2/33.180, 1.3/34.5
Computer model(s)...: AMIGA 500, AMIGA 1000, AMIGA 2000A, AMIGA 2000B
--------------------- Attributes -------------------------------------
Easy Identification.: typical text: ---
identification by the following entry (invisible
in ASCII) in startup-sequence as first entry:
"$A0,$A0,$A0,$A0,$A0,$00" (hex);
identification by using a disk manager: existing
file entry in the root directory "no name"
(invisible) with length=4448 byte;
identification by an alert message (3 pages)
after destroying a disk:
"Page 1
RED ALERT
It has come to my attention that the person using this
computer is a LAMER. (*)
We the people, who are responsible for the
"Revenge Of The LAMER EXTERMINATOR" Virus,
believe that only intelligent folk are fit to use
the AMIGA Personal Computer
Since you were apparently not smart enough to prevent
infection of your computer and software by this virus,
(You should have used a condom),
we must assume that you are a LAMER (a.k.a LOSER)
and therefore we had no alternative but to erase
your floppy disk(s), in order to get your attention.
- Press Any Mousebutton -
Page 2
We are eagerly looking forward to the First Amiga
magazine that explains the inner workings of this
brilliant (at least we think so) virus.
However, we are not very confident, since the
three versions of the original "LAMER EXTERMINATOR"
Virus have never really been properly analysed
in any Amiga magazine
We have made this virus a little bit more aggressive
so that more people will recognize it and hopefully
will learn something so as to overcome the dreadful
disease of LAMERism
By the way, the A in LAMER is pronounced
like the A in DAY. (LAMER people do not
know proper English in our experience )
- Press any Mousebutton -
Page 3
Signed:
Foundation for the Exterminator of LAMERS. (**)
(*) You can recognize a LAMER or LOSER as someone
who can only use the Ctrl-Amiga-Amiga keys on his
Amiga, and might even know how to load X-Copy...
(**) Due to the primitive and violent nature of some
LAMERS, we have decided against revealing our real
identities, so as to prevent unnecessary
visits to the hospital on our part !
Coming soon to a theatre near you:
*** The LAMER Exterminator - A New Beginning ***
- Press any Mousebutton To Continue Being a LAMER -"
(end of 3 pages text)
Type of infection...: self-identification method: virus searches for
following entry in startup-sequence:
"$A0,$A0,$A0,$A0,$A0,$00"(invisible in ASCII)
system infection: RAM resident, reset resident
Infection Trigger...: using unprotected disk-like devices
Storage media affected: all disk-like devices
Interrupts hooked...: vertical blank interrupt (VBI)
Damage..............: permanent damage: formatting disk-like devices;
transient damage: alert message after destroying
a disk (see above)
Damage Trigger......: permanent damage: 6 resets after infection or
8 minutes and 11.52 seconds (via VBI);
transient damage: formatting device after 6
infections
Particularities.....: other resident programs using system resident
list (KickTagPointer, KickMemPointer) are
not shutdown, because virus installs itself
correctly to the system's resident list;
name of resident task is "clist.library";
trying to format a disk after 6 infections
with a protected device causes virus to
force a reboot;
virus patches the following system entries:
KickSumData (virus inserts itself to the
system's resident list when deleted by
managing this routine which is used to
correct checksum over resident list);
AvailMem (free memory seems to be ok when
asked for because the virus handles this
routine);
OpenWindow (every file read is misused to
check whether startup-sequence of requested
device is already changed by virus or not;
if not, virus is copied to disk and startup-
sequence is modified; OpenWindow is used
also to count number of resets since virus
infection;
DOSRead (used by OpenWindow routine of
virus: an OpenWindow demand followed by a
DOS Read command causes virus to act as
described above: see OpenWindow);
DoIO (tests whether a blockblock is affected
by a DoIO or not; if not, normal DoIO is
executed; if yes, CloseDevice routine is
modified, so that every CloseDevice command
is extended [see below]); DoIO is extended
to set the KickCheckSum's MSB);
CloseDevice (extended to clear the KickCheck-
Sum's MSB);
DoIO and CloseDevice -> virus killer's do
not registrate modification of KickCheckSum;
BeginIO (patched to format disks when other
commands like CMD_READ, CMD_WRITE or boot-
block access are demanded);
VBI routine (misused to count VBIs, 6000
passes =8 minutes and 11.52 seconds)
Similarities........: ---
--------------------- Agents -----------------------------------------
Countermeasures.....: Names of tested products of Category 1-6:
Category 1: .2 Monitoring System Vectors:
CHECKVECTORS 2.3, VT 1.94
.3 Monitoring System Areas:
CHECKVECTORS 2.3, GUARDIAN 1.2,
VIRUS-DETEKTOR 1.1, VT 1.94
Category 2: Alteration Detection: ---
Category 3: Eradication: CHECKVECTORS 2.3,
BGS9-PROTECTOR,VIRUS-DETEKTOR 1.1
Category 4: Vaccine: BGS9-PROTECTOR
Category 5: Hardware Methods: ---
Category 6: Cryptographic Methods: ---
Countermeasures successful: CHECKVECTORS 2.3, VT 1.94
Standard means......: CHECKVECTORS 2.3 or VT 1.94 with deletion of
"no name" file entry (see above) with a disk
manager and correction of startup-sequence
--------------------- Acknowledgement --------------------------------
Location............: Virus Test Center, University Hamburg, Germany
Classification by...: Alfred Manthey Rojas, Brian Logan (Australia)
Documentation by....: Alfred Manthey Rojas
Date................: 10-February-1991
Information Source..: ---
==================== End of REVENGE OF THE LAMER EXTERMINATOR Virus ==
Antivirus...........: Kickstart 1.2 & 1.3 : VT-Schutz v3.17
Kickstart all others: VirusZ III v1.04B or higher, and also Xvs.library v33.47 or higher
Screenshot 1 of Revenge Of The Lamer Exterminator virus:
Screenshot 2 of Revenge Of The Lamer Exterminator virus:
Screenshot 3 of Revenge Of The Lamer Exterminator virus:
Screenshot 2 of Revenge Of The Lamer Exterminator virus:
Screenshot 3 of Revenge Of The Lamer Exterminator virus:
