_________    _                ______      _____    _  ____      _
  ____/"""./###/____)\_____________  \   ./ ____/"""./____)\/""./______)\
 /"""/   //_______   /"""/""./"___/_  \ // /""./   //""____/  //_______  \
/   /   //"""/"  / //   /  //____   \_ \/ /  //   //  ____/  //"./""""/ //
\      //   /  ____/   /  //""""/X\@!/   /  //   //  /"""/     //    ___/
 \_____/\__/___/_""\______/_________/   /___/____/\_____/\_____/\___/::.
                /____/
                              Team Denmark
  >>>>>>>>>>>>>>>>>>>>>>>>>>>--------------<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
                               10-06-1995

 Trojan found in: slinkv10.lha


 Analyse:
 --------

 other possible names: none
 kickstart: V37 and higher
 Filelength: 8040 bytes (partly packed)
 found in/when: slinkv10.lha/Jul95

 should be a new type a linkvirus scanner of SHI.. Programmed by ELS..

 The FILE_ID.diz looks like this:

 ~~~|~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ScanLink v1.0 - Latest hack in the war
    against viruses! This one can detect
    linkviruses yet unknown using new antivir
    technology. Latest from S.H.I
    |
 ~~~|~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 this file contains a fucking trojan.. Formats sys: .. If i'm correct it is
 a quick format.. creates files containing the text:

 "WiREFACE / dEMONS oF tHE pENTAGRAM * WHiPPED YOUR HD, SUKKAH !! 
 We Look Down Your Nose (Laughter)!"

 100 times

 file name: pruppX
 Length : 99 bytes...

 where X is a number between 0-99

 Furthermore files with the name: bajsX

 will be created.. contains memory garbage..

 X is a number between 0-??

 (Test disk was full..)

 Sorry for the very quick analizing.. Had no more time.. seems there is a
 new trojan progammer around.. This look very much the same as the VCkey110
 trojan..

 Extra: After the format it looks for the assign 'WiREFACE:'

 Thanx must go to Remko Wiersma for providing this info and the archive!


Greetz,

Jan Hendrik Lots.  Virus Help Team The Netherlands

[Go back]