------------------------    
Amiga Virus Encyclopedia    
Smeg 2 Virus Dropper
------------------------


Hi All....                                              1 August 2001

We have now found the installer of the new 'SMEG 2' linkvirus. If the
info text  from the archive  is correct,  the 'SMEG 2' virus has been
around since February 2001.

The archive has only been on Elite BBS'es or Elite websites.

Jan Erik Olausen the  programmer of  VirusExecutor & xvs.library, has
made a recog  for the virus, but is having problems with removing the
virus from memory. As soon as Jan has solved this virus, a new update
of xvs.library will be relased.

There is "NO" cure for this virus right now. But with the help of the
program 'Safe v16.2', you can find infected files, but not remove the
virus, you  will  have to replace the  infected  files with new clean
files. This virus will infect  everything that is executed. And on my
test A1200 over 200 files, was infected in under 5 minutes.

The  programmer  of 'Safe' (Zbigniew Trzcionkowski) has  written this
about the new 'SMEG 2' virus:

Released  probably  by mistake.  Non crypted version of the next one.
Code  is almost  equal to old SMEG, but this time author invented NEW
WAY of patching PRIVATE routine of device task. This routine  handles
receiving of dos packets.
Virus  patch  is stealing packets  and sending them to the supervisor
task called 'SMG'. I  have never seen such advanced digging code that
works  properly.  This means also that no visible changes are seen in
the system beside one new task.
I  have  noticed  that  freezing  of SMG task stops  spreading of the
virus, so at  the moment  Safe  does only that. I will add removal of
the 'magic' patches if I found it necessary.
File repair was  as easy as  Penetrator files - one move.l 4.w,a6 was
replaced with jump to virus.

Hidden text (decoder was included, but not used by virus code):

Smeg! it's a Hostile TakeOver! (Again!)
And just when you thought it was safe..
Flake and Georg have left the building!
-= On Tour 1995-2001 =-


This is what we know of the virus:

Virus Type.... : Linkvirus
Virus name.... : SMEG 2a & SMEG 2b
Virus size.... : SMEG 2a: 1556 bytes & SMEG 2b: 1604 bytes
Archive name.. : MIAMIDLX.LZX
Archive size.. : 3.427 bytes (lzx packed)
Archive info.. :         .________________
                     ____¦____  (   _____/__  - -------------
                   _/     ___/ _/\_  T     ¬\_ ·  diGiTAL   ·
                 .-\     ¦/    7--7  l       / · cORRUPTiON ·
                 |  \____.-----¦  ¦----.____/------- -  -   -
                 |   ¯¯¯¯¯             ¯¯¯¯¯
                 |           Miami DeLuxe
                 |           Keygenerator
                 |         Made by xxxxxxxxx
                 `----------------------------- Design: JRYder


(VHT-DK has removed the name and replaced it with 'xxxxxxxxx')

There  might just be more installers of the 'SMEG 2' virus out
there, so do not install these fake-keys.

Thank to the person that send the archive to Jan Erik Olausen,
and to Zbigniew Trzcionkowski for the first test of this virus


 Regards....
      __      Jan Andersen     
 __  ///      ------------        
 \\\///    Virus Help Denmark       
  \XX/        www.vht-dk.dk