------------------------
Amiga Virus Encyclopedia
North Star II Virus
------------------------
==== Computer Virus Catalog 1.2: NORTH STAR II Virus (5-June-1990) ====
Entry...............: NORTH STAR II Antivirus Virus
Alias(es)...........: ---
Virus Strain........: NORTH STAR Antivirus Virus
Virus detected when.: October 1988
where.: Elmshorn, FRG
Classification......: system virus (bootblock), resident
Length of Virus.....: 1. length on storage medium: 1024 byte
2. length in RAM : 1024 byte
--------------------- Preconditions -----------------------------------
Operating System(s).: AMIGA-DOS
Version/Release.....: 1.2/33.166, 1.2/33.180 and 1.3/34.20
Computer model(s)...: AMIGA 500, AMIGA 1000, AMIGA 2000A, AMIGA 2000B
--------------------- Attributes --------------------------------------
Easy Identification.: typical text: 'VIRUS Detected on Disk! STARFIRE/
NORTH STAR', 'OLD AntiVirus. STARFIRE/NORTH
STAR', 'My AntiVirus is Better! STARFIRE/
NORTH STAR'
virus feature: pressing left mouse/fire button of
port 2 during system reboot, causes the power
LED to blink fast; detection of some viruses
(see below)
Type of infection...: self-identification method: 'Nort' at 19th byte,
'Star' at 25th byte, 15th word (version)
system infection: RAM resident, reset resident,
bootblock
Infection Trigger...: reset (CONTROL + Left-AMIGA + RIGHT-AMIGA)
Storage media affected: only floppy disks (3.5" and 5.25")
Interrupts hooked...: ---
Damage..............: permanent damage: overwrites bootblock; disks
infected with a known virus can't be booted
without deprotecting (and infecting) them
transient damage: screen buffer manipulation:
alert box when detecting a known virus or an
older version of this virus
Damage Trigger......: permanent damage: reset
transient damage: detecting a known virus (see
below)
Particularities.....: resident programs using the CoolCaptureVector or
the KickTagPointer are shut down
version id: 15th word
copy counter: 16th word
detects and counts following viruses:
SCA and clones: counter (17th word)
BYTE BANDIT: counter (18th word)
NORTH STAR I: counter (19th word)
SYSTEM Z lower than V3.0: counter (20th word)
Similarities........: NORTH STAR I virus
--------------------- Agents ------------------------------------------
Countermeasures.....: Names of tested products of Category 1-6:
Category 1: .2 Monitoring System Vectors:
'CHECKVECTORS 2.2'
.3 Monitoring System Areas:
'CHECKVECTORS 2.2','GUARDIAN 1.2',
'VIRUSX 4.0'
Category 2: Alteration Detection: ---
Category 3: Eradication: 'CHECKVECTORS 2.2',
'VIRUSX 4.0'
Category 4: Vaccine: ---
Category 5: Hardware Methods: ---
Category 6: Cryptographic Methods: ---
Countermeasures successful: 'CHECKVECTORS 2.2', 'GUARDIAN 1.2',
'VIRUSX 4.0'
Standard means......: 'CHECKVECTORS 2.2'
--------------------- Acknowledgement ---------------------------------
Location............: Virus Test Center, University Hamburg, FRG
Classification by...: Oliver Meng
Documentation by....: Alfred Manthey Rojas
Date................: 5-June-1990
Information Source..: ---
===================== End of NORTH STAR II Virus ======================
Antivirus...........: Kickstart 1.2 & 1.3 : VT-Schutz v3.17
Kickstart all others: VirusZ III v1.04B or higher, and also Xvs.library v33.47 or higher
Screenshot of NorthStar II Virus:
Ascii of North Star II virus:
Ascii of North Star II virus:
