------------------------
     Amiga Virus Encyclopedia
     STD Vaginitis 2 Trojan
     ------------------------
     
     
     - STD Vag2 trojan
           File extension: always # 800 bytes
           Filename: only c: mount
           Not reset-proof
           From KS2.04
           Bent vectors: LoadSeg

       Decoded can be read in the link section:
                             536e6f6f 70446f73 SnoopDos
           20537570 706f7274 2050726f 63657373 Support Process
           00433a4d 6f756e74 0072756e 203e4e49 .C: Mount.run> NI
           4c3a206e 65777368 656c6c20 54435000 L: newshell TCP.
           32353531 00005354 44207072 6573656e 2551..STD presen
           7473202d 20566167 696e6974 69732023 ts - vaginitis #
           32202d2d 2066696c 74687920 77686f72 2 - filthy whor
           6521 e!
 
       Memory anchoring:
           - FindTask changed - end
           - Examine changed - end
           - SnoopDos in memory - CCR is changed
           - Loadseg is bent
   
       Link operation:
           - behind the 1st hunk of mount
           - coding with EOR
           - Findtask not changed
           - Examine not changed
           - Search for RTS only in the last long word of the 1st hunk and
             Replace with NOP (therefore no "100% correct" removal
             construction possible cf. also fungus)
           - Write back FileDate
      
       Damage:
           - Search TCP in DosList
           - Put a colon after TCP (see above)
           - DosExecute run> NIL: .....
           - So it should probably be a third party access to the
             Computers are enabled
     
       See also all other STD variants and fungus
       Thought: a newer Trojan variant (3) is attached to one
       older libversion (0.27) and vice versa ????


     Original test by Heiner Schneegold
     Translated from german to english by Google translate