------------------------
Amiga Virus Encyclopedia
DAG Virus (SCA Clone)
------------------------
======= Computer Virus Catalog 1.2: DAG Virus (10-February-1991) =====
Entry...............: DAG Virus
Alias(es)...........: ---
Virus Strain........: SCA strain
Virus detected when.: MAY 1990 (when VTC received virus code)
where.: North Germany
Classification......: system virus (bootblock), resident
Length of Virus.....: 1. length on storage medium: 1024 byte
2. length in RAM : 1024 byte
--------------------- Preconditions ----------------------------------
Operating System(s).: AMIGA-DOS
Version/Release.....: 1.2/33.166, 1.2/33.180 and 1.3/34.20
Computer model(s)...: AMIGA 500, AMIGA 1000, AMIGA 2000A, AMIGA 2000B
--------------------- Attributes -------------------------------------
Easy Identification.: typical text: "Something wonderful has happened
Your AMIGA is alive !!! and, even better...
Some of your disks are infected by a VIRUS !!!
Try ANTIVIRUS from DAG The Mega-Mighty SCA !!"
and "SCA!SCA!SCA!SCA!SCA!SCA!SCA!"
virus feature: pressing left mouse/fire button of
port 1 during system reboot causes screen to
become green and the virus to shutdown itself
by clearing ColdCapture and CoolCaptureVector
Type of infection...: self-identification method: testing 3rd longword
for matching string "CHW!"
system infection: RAM resident, reset resident,
bootblock
Infection Trigger...: reset (CONTROL+Left-AMIGA+RIGHT-AMIGA)
Storage media affected: only floppy disks (3.5" and 5.25")
Interrupts hooked...: ---
Damage..............: permanent damage: overwriting bootblock
transient damage: screen buffer manipulation:
screen becomes black, message (see above) is
displayed by fading in and out peaces of it
Damage Trigger......: permanent damage: reset
transient damage: 15th infection
Particularities.....: a resident program using the CoolCaptureVector
is shutdown, also using the ColdCaptureVector
when the virus is shutdown by its suicide
function
Similarities........: SCA virus strain
--------------------- Agents -----------------------------------------
Countermeasures.....: Names of tested products of Category 1-6:
Category 1: .2 Monitoring System Vectors:
CHECKVECTORS 2.3
.3 Monitoring System Areas:
CHECKVECTORS 2.3, GUARDIAN 1.2,
VIRUS-KILLER 1.1
Category 2: Alteration Detection: ---
Category 3: Eradication: CHECKVECTORS 2.2,
VIRUS-DETEKTOR 1.1
Category 4: Vaccine: SCA-PROTECTOR 1.0,
VIRUS-DETEKTOR 1.1
Category 5: Hardware Methods: ---
Category 6: Cryptographic Methods: ---
Countermeasures successful: CHECKVECTORS 2.2, GUARDIAN 1.2,
VIRUS-DETEKTOR 1.1, SCA-PROTECTOR 1.0;
own suicide function
Standard means......: CHECKVECTORS 2.3
--------------------- Acknowledgement --------------------------------
Location............: Virus Test Center, University Hamburg, Germany
Classification by...: Oliver Meng
Documentation by....: Alfred Manthey Rojas
Date................: 10-February-1991
Information Source..: ---
===================== End of DAG virus ===============================
Antivirus...........: Kickstart 1.2 & 1.3 : VT-Schutz v3.17
Kickstart all others: VirusZ III v1.04B or higher, and also Xvs.library v33.47 or higher
Ascii of DAG (SCA) virus:
