Neurotic Death 4 Inst. - Amiga Virus Encyclopedia

VIRUS HELP TEAM
Amiga Antivirus Website
www.vht-dk.dk


     ------------------------    
     Amiga Virus Encyclopedia    
     Neurotic Death 4 Inst.
     ------------------------

    
     Name         : Neurotic Death 4 Inst.

     Other name   : Mutagen 2E

     Aliases      : No Aliases
     
     File name 1  : DMS WBENCH v2.04
     
     File size 1  : 106.664 bytes
                    106.796 bytes

     File name 2  : asl.library 39.4 (18.8.92)

     File size 2  : 47.096 bytes

     Original     : -

     Type         : Trojan
     
     Size         : 2.936 bytes

     Symptoms     : No Sypmtoms

     Discovered   : June 1997

     Way to infect: Data destruction: Every  3 reads from  the  current drive, the  virus randomly
                    selects a number and  overwrites a random sector  with this number on the disk
                    with random data.
                    Hiding in memory: The virus detects the activity of popular antivirus programs
                    and does not  infect if they are  running. If an infected  file is run and the
                    antivirus program is active, the virus installs itself in memory and waits for
                    it to  finish.  If the  virus was  launched  before the antivirus  program, it
                    detects the fact that it was launched, removes its modifications and waits for
                    the antivirus program to finish.  In addition, the virus code is 95% encrypted
                    in memory.

     Rating       : Dangerous

     Kickstarts   : 1.3 infected programs hang
                    2.0
                    3.0

     Damage       : ND is *BIG*, *HIGHLY* polymorphic, partly stealth and destructive  virus coded
                    in Poland.  Virus  patches  LoadSeg() vector.  Length is  random;  implemented
                    [MutaGen2]_E polymorphic  module. ND (like 'Elbereth' viruses)  kick  out from
                    memory  ANY patch  installed  on patched  vectors  in memory  before  virus by
                    calculation value of  original adress  of LoadSeg in ROM.  Additionally DoIO()
                    vector was patched to annihilate Your HD.

     Removal      : VirusZ III with Xvs.library installed

     Test made by : Jan Andersen - Virus Help Team
     

     

Virus Help Team
Denmark & Canada
Copyright © All rights reserved
www.vht-dk.dk