ScanLink v1.0 Trojan - Amiga Virus Encyclopedia

VIRUS HELP TEAM
 



 
 ------------------------    
 Amiga Virus Encyclopedia    
 ScanLink v1.0 Trojan
 ------------------------

        
 Trojan found in: slinkv10.lha                              10-06-1995

 Analyse:
 --------

 other possible names: none
 kickstart: V37 and higher
 Filelength: 8040 bytes (partly packed)
 found in/when: slinkv10.lha/Jul95

 should be a new type a linkvirus scanner of SHI.. Programmed by ELS..

 The FILE_ID.diz looks like this:

 ~~~|~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ScanLink v1.0 - Latest hack in the war
    against viruses! This one can detect
    linkviruses yet unknown using new antivir
    technology. Latest from S.H.I
    |
 ~~~|~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 this file contains a fucking trojan.. Formats sys: .. If i'm correct it is
 a quick format.. creates files containing the text:

 "WiREFACE / dEMONS oF tHE pENTAGRAM * WHiPPED YOUR HD, SUKKAH !! 
 We Look Down Your Nose (Laughter)!"

 100 times

 file name: pruppX
 Length : 99 bytes...

 where X is a number between 0-99

 Furthermore files with the name: bajsX

 will be created.. contains memory garbage..

 X is a number between 0-??

 (Test disk was full..)

 Sorry for the very quick analizing.. Had no more time.. seems there is a
 new trojan progammer around.. This look very much the same as the VCkey110
 trojan..

 Extra: After the format it looks for the assign 'WiREFACE:'

 Thanx must go to Remko Wiersma for providing this info and the archive!


 Greetz,
 Jan Hendrik Lots.  Virus Help Team The Netherlands
Virum Help Team
Denmark & Canada
Copyright © All rights reserved
www.vht.dk