------------------------
Amiga Virus Encyclopedia
Liberator v3.0
------------------------
Name : Liberator V3.0
Aliases : -
Type : File
Size : 10712 bytes
Incidence : 18-07-92
Discovered : 18-10-92
Way to infect: This virus patches the startupsequence and writes itself
in it.
Original end of the startup:
(40.42 Startup-Sequence)
Resident Execute REMOVE
Resident Assign REMOVE
C:LoadWB -debug
EndCLI >NIL:
Modified end of the startup:
(40.42 Startup-Sequence)
Resident Execute REMOVE
Resident Assign REMOVE
C:LoadWB -debug
cv >NIL:
EndCLI >NIL:
Rating : Dangeruos
Kickstarts : KS2.04: 68030:
Damage : Tries to hide its evil purpose by the following menu:
Testet on 3 devices the Startup-Sequence was changed in one
step. If a .fastdir file, which will be created by the virus,
will reach a special value (99) , then the following text
will be shown:
' Congratulations your hard disk has been'
' liberated of virus protection!! '
' Hello from the Liberator virus v3.0 '
' - Digital Deviant '
' The anti-anti-virus is here again ! '
' Lets play trash the hard disk '
' and ram the disk heads '
' Only hardcore belgi an rave can '
' truely liberate the mind! '
' The liberator 15/01/92 '
The .fastdir was not created on DF2, but on the other
devices. Startvalue from this 2 byte long file is: $310a. The
virus itself was not copied, but due to the filename "cv" and
the startupmessage I think that the real name is Check-
Vectors:
'Check Vectors rev 5.1 '
'All Rights Reserved '
'more TUPperware © by Mike Hansel'
'Reset vectors ok, Nothing resident'
', Trackdisk.device not intercepted, ',0
'DoIO ok, VBlank ok, dos.library not inte'
'rcepted.'
'System appears to be free of viruses and'
' trojans!'
Remowal : Remove the Liberator 3 virus,
all .fastdir and s.-seq.
Remember to change back the startup-sequence
to good old original ones.
Comments : Does NOT survive in the memory after changing of
fastdir
Test made by : Markus Schmall
HEX dump of Liberator v3.00 virus:
|
