===== Computer Virus Catalog 1.2: NORTH STAR I Virus (5-June-1990) ====
Entry...............: NORTH STAR I Antivirus Virus
Alias(es)...........: ---
Virus Strain........: NORTH STAR Antivirus Virus
Virus detected when.: December 1988
              where.: Elmshorn, FRG
Classification......: system virus (bootblock), resident
Length of Virus.....: 1. length on storage medium: 1024 byte
                      2. length in RAM           : 1024 byte
--------------------- Preconditions -----------------------------------
Operating System(s).: AMIGA-DOS
Version/Release.....: 1.2/33.166, 1.2/33.180 and 1.3/34.20
Computer model(s)...: AMIGA 500, AMIGA 1000, AMIGA 2000A, AMIGA 2000B
--------------------- Attributes --------------------------------------
Easy Identification.: typical text: 'VIRUS detected on this Disk.
                         Reset,WriteProt OFF.Re-Insert', 'AntiVirus
                         (C)1988 STARFIRE / NORTH STAR',
                         'OLD AntiVirus. Please RESET and INVERT
                         WriteProt for UPDATE.', 'AntiVirus (C)1988
                         STARFIRE / NORTH STAR'
                      virus feature: pressing left mouse/fire button of
                         port 2 during system reboot, causes the power
                         LED to blink fast detection of BYTE BANDIT and
                         SCA (and SCA clones).
Type of infection...: self-identification method: 'Nort' at 17th byte,
                         'Star' at 23th byte, 15th word (version) in
                         emory (loc. $0007EC10, $0007EC16,$0007EC1A)
                      system infection: RAM resident, reset resident,
                         bootblock
Infection Trigger...: reset (CONTROL + Left-AMIGA + RIGHT-AMIGA)
Storage media affected: only floppy disks (3.5" and 5.25")
Interrupts hooked...: ---
Damage..............: permanent damage: overwriting bootblock; disks
                         infected with a known virus can't be booted
                         without deprotecting (and infecting) them.
                      transient damage: screen buffer manipulation:
                         alert box when detecting a known virus or an
                         older version of this virus
Damage Trigger......: permanent damage: reset
                      transient damage: detecting known virus,see below
Particularities.....: resident programs using the CoolCaptureVector or
                         the KickTagPointer are shut down;
                         version id:         15th word (used to detect
                                                        older version)
                         generation counter: 16th word
                         detects and counts following viruses:
                         SCA and clones:    counter (17th word)
                         BYTE BANDIT:       counter (18th word)
                         a unknown virus:   counter (19th word), that
                                            virus seems to have the
                                            value hex. $00BFE001 at
                                            longword offset dec. 164
                                            from the beginning of boot-
                                            block
Similarities........: NORTH STAR II
--------------------- Agents ------------------------------------------
Countermeasures.....: Names of tested products of Category 1-6:
                      Category 1: .2 Monitoring System Vectors:
                                     'CHECKVECTORS 2.2'
                                  .3 Monitoring System Areas:
                                     'CHECKVECTORS 2.2','GUARDIAN 1.2',
                                     'VIRUSX 4.0'
                      Category 2: Alteration Detection: ---
                      Category 3: Eradication: 'CHECKVECTORS 2.2',
                                     'VIRUSX 4.0'
                      Category 4: Vaccine: ---
                      Category 5: Hardware Methods: ---
                      Category 6: Cryptographic Methods: ---
Countermeasures successful: 'CHECKVECTORS 2.2', 'GUARDIAN 1.2',
                                     'VIRUSX 4.0'
Standard means......: 'CHECKVECTORS 2.2'
--------------------- Acknowledgement ---------------------------------
Location............: Virus Test Center, University Hamburg, FRG
Classification by...: Oliver Meng, Wolfram Schmidt
Documentation by....: Alfred Manthey Rojas
Date................: 5-June-1990
Information Source..: ---
===================== End of NORTH STAR I Virus =======================

[Go back]