Modemcheck Virus - Amiga Virus Encyclopedia

VIRUS HELP TEAM
 



    ------------------------
    Amiga Virus Encyclopedia
    Modemcheck Virus
    ------------------------
    
                      
    Modemcheck Virus:
    -----------------

    This virus installs a new "c:loadwb" command,which needs OS2.++.This
    new  "c:loadwb"  command  starts  a   new  process  with  the   name 
    "Diskdriver.proc".After waiting some minutes (ca.3) a  routine  will
    be started, which kills a single cylinder on a device by  writing  a
    memoryblock filled up with the longword "FUCK". This  damage  cannot
    be fixed.What makes VW, if it detects the virus in memory ?It simply
    fills up all DOIO commands with NOPs  and the virus  is not able  to
    the destroying  diskaccess.The process itself  will  not  be touched.
    What to do ? Simply check your disk for viruses and afterwards reset
    your AMIGA. All should work correct by now.

    VT goes a different way and removes the  complete process.As  stated
    in the VT-Kennt document it is very complicated to remove  the  full
    process. I just searched for the easier way of disabling the  virus.


                    Memorycheck routine tested on 17.5.93.
             Modemcheck Install detect routine tested on 16.5.93.
            Modemcheck "c:loadwb" detect routine tested on 16.5.93.


    Comment 06.06.1993.:In the Fidonet the virus is called "FUCK" Virus.
    There appeared a special Fuckvirus killer on the boards,which claims
    that other viruskiller would not detect it in memory.Just run VT2.53
    or  VW2.0b  (both released more than one week earlier) and you  will
    see that the virus is recognized and deactivated.


    Test by Markus Schmall
Virum Help Team
Denmark & Canada
Copyright © All rights reserved
www.vht.dk