------------------------
     Amiga Virus Encyclopedia
     Lisa Fuck Up v2.0
     ------------------------

 
     - LiSA 2.0 Trojan destruction
            No bent vectors
            Not reset-proof
            68040: Yes

        Known file names:
                - 020_Upgrader.exe L: 1660 bytes
                - 020_Upgrader.dat (unimportant)

        According to FileID, files in the C-dir. be touched up.
        In truth, the files in C: are destroyed with INTENTION. There are

        NO rescue.
        e.g. Add buffers:
            before, afterwards:
        00: 000003f3 00000000 ........: 284c6953 415e4655 (LiSA ^ FU
        08: 00000001 00000000 ........: 434b5550 2076322e CKUP v2.
        10: 00000000 00000066 ....... f: 4f206279 204e6f4e O by NoN
        18: 000003e9 00000066 ....... f: 616d652f 4c697361 ame / Lisa
        20: 4e55ffdc 48e73332 NU..H.32: 2955ffdc 48e73332) U..H.32
        It is a script file that comes with a program in one
        executable file was converted.

        Procedure:
        - RexxMast MUST be loaded.
        - The file decodes itself
        - Two files are created in RAM:
         - Upgrade.dat (is the delete file from c :)
         - UpDate.temp (is a list with the files in c :)
        - The list is run through and in each file at the beginning
          written a text.
        - After the done message you should carry out a reset.

        VT only offers delete for 020_Upgrader.exe.
        VT offers only delete for defective files in c :.
        It is easier if you yourself the C-Verz. reload.

        Note 07/21/96:
         Another antivirus program is currently detecting
         a LiSA Trojan in many REXX programs. Here
         it is very often MISS detections. In July 96
         so far only ONE REAL Trojan (name see above) is known. I
         assume that the error will be fixed in the next update
         will be.


        Original test by Heiner Schneegold
        Translated from german to english by Google translate