------------------------
Amiga Virus Encyclopedia
STD Craps 1
------------------------
- STD-Crabs1-LVirus link virus
File extension: # 772-832 bytes
Not reset-proof
From KS2.04
Bent vectors: LoadSeg
Destruction: Depending on $ DFF009, a NOP in
wrote the file. Since the original value and position are NOT
to be saved, expansion does NOT make sense. Some different
infected files are running. The majority create a guru. VT
only offers delete.
after you before
0f8: 70012b40 fe44602c p. + @. D`, 0f8: 70012b40 fe444e71 p. + @. DNq
^^^^ ^^^^
delete before after
080: 2c4a4eae fce22f40, JN ... / @ 080: 4e714eae fce22f40 NqN ... / @
^^^^ ^^^^
Decoded can be read in the link section:
536e 6f6f7044 SnoopD
6f732053 7570706f 72742050 726f6365 os Support Proce
73730053 54442070 72657365 6e747320 ss.STD presents
2d2d2d20 43726162 73202331 202d2049 --- Crabs # 1 - I
74636879 20596574 3f00 tchy Yet ?.
Memory anchoring:
- FindTask bent - end
- Examine bent - end
- SnoopDos in memory - CCR is changed
- Loadseg is bent
Link operation:
- Behind the 1st hunk with LoadSeg
- length variable depending on one cell,
that always changes its value (addition)
- Always new coding with EOR and this cell
value change
- Findtask not changed
- Examine not changed
- Filename does not contain "." or "-"
- Medium validated
- 3 blocks free
- File larger than 1024 bytes
- File smaller NO limit
- Search for RTS only in the last long word of the 1st hunk and
Replace with NOP
- Depending on $ DFF009 a NOP in the 1st hunk
write.
- Write back FileDate
Recommendation: If you find linked files and original files
have to play back.
VTprefs / filetest requester according to df0: test
Click all requesters.
You will then have a list of all the files you have
have to play again.
Original test by Heiner Schneegold
Translated from german to english by Google translate
