Modemcheck Virus:
        -----------------

        This virus installs a new "c:loadwb" command,which needs OS2.++.This
        new  "c:loadwb"  command  starts  a   new  process  with  the   name 
        "Diskdriver.proc".After waiting some minutes (ca.3) a  routine  will
        be started, which kills a single cylinder on a device by  writing  a
        memoryblock filled up with the longword "FUCK". This  damage  cannot
        be fixed.What makes VW, if it detects the virus in memory ?It simply
        fills up all DOIO commands with NOPs  and the virus  is not able  to
        the destroying  diskaccess.The process itself  will  not  be touched.
        What to do ? Simply check your disk for viruses and afterwards reset
        your AMIGA. All should work correct by now.

        VT goes a different way and removes the  complete process.As  stated
        in the VT-Kennt document it is very complicated to remove  the  full
        process. I just searched for the easier way of disabling the  virus.




                        Memorycheck routine tested on 17.5.93.
                 Modemcheck Install detect routine tested on 16.5.93.
                Modemcheck "c:loadwb" detect routine tested on 16.5.93.

        

        Comment 06.06.1993.:In the Fidonet the virus is called "FUCK" Virus.
        There appeared a special Fuckvirus killer on the boards,which claims
        that other viruskiller would not detect it in memory.Just run VT2.53
        or  VW2.0b  (both released more than one week earlier) and you  will
        see that the virus is recognized and deactivated.


        Test by Markus Schmall

[Go back]