------------------------
Amiga Virus Encyclopedia
Suntronic Virus
------------------------
====== Computer Virus Catalog 1.2: SUNTRONIC Virus (5-June-1990) ======
Entry...............: SUNTRONIC Antivirus Virus
Alias(es)...........: ---
Virus Strain........: SUNTRONIC Virus
Virus detected when.: October 1989
where.: Elmshorn, FRG
Classification......: system virus (bootblock), resident
Length of Virus.....: 1. length on storage medium: 1024 byte
2. length in RAM : 1024 byte
--------------------- Preconditions -----------------------------------
Operating System(s).: AMIGA-DOS
Version/Release.....: 1.2/33.180
Computer model(s)...: AMIGA 500, AMIGA 1000, AMIGA 2000A, AMIGA 2000B
--------------------- Attributes --------------------------------------
Easy Identification.: typical texts: '(C) by Suntronic', 'VORSICHT!
KEIN STANDARD BOOTBLOCK', 'Linke Maustaste =
Weiter', 'Rechte Maustaste = Disk
installieren', 'SCHREIBSCHUTZ AN!', 'Linke
Maustaste = Weiter','Rechte Maustaste = Neuer
Versuch','Rechte Maustaste = Checker inaktiv'
Type of infection...: self-identification method: in bootblock at byte
752 ascii 'Sunt' (hex. $02F0)
system infection: RAM resident, reset resident,
bootblock
Infection Trigger...: reset, any disk access
Storage media affected: only floppy disks (3.5" and 5.25")
Interrupts hooked...: ---
Damage..............: permanent damage: overwriting bootblock after
detecting a non standard bootblock and re-
questing for bootblock installation
transient damage: screen buffer manipulation:
(see above) while detecting a non standard
bootblock
Damage Trigger......: permanent damage: reset, detecting a virus and
using the 'KILL VIRUS' option
transient damage: (see above)
Particularities.....: detecting a virus causes SUNTRONIC to ask for a
bootblock installation, but SUNTRONIC is
written and not a standard bootblock, so a
boot loader may be destroyed; if no instal-
lation is requested, SUNTRONIC asks whether
it shall be removed from system, in this case
memory is cleared (but not allocated) and
CoolCapture vector is reset to default
($00000000); interrupt vectors 3 and 6,
DoIO() entry and KickTag pointer are set to
the default values of KICKSTART 1.2
(release 33.180); ColdCapture vector isn't
changed nor tested; memory range ($0007E000 ..
$0007FA00) is cleared because a lot of the
known viruses use this region.
Similarities........: ---
--------------------- Agents ------------------------------------------
Countermeasures.....: Names of tested products of Category 1-6:
Category 1: .2 Monitoring System Vectors:
'CHECKVECTORS 2.2'
.3 Monitoring System Areas:
'CHECKVECTORS 2.2','GUARDIAN 1.2',
'VIRUSX 4.0'
Category 2: Alteration Detection: ---
Category 3: Eradication: 'CHECKVECTORS 2.2',
'VIRUSX 4.0'
Category 4: Vaccine: ---
Category 5: Hardware Methods: ---
Category 6: Cryptographic Methods: ---
Countermeasures successful: 'CHECKVECTORS 2.2', 'GUARDIAN 1.2',
'VIRUSX 4.0'
Standard means......: 'CHECKVECTORS 2.2'
--------------------- Acknowledgement ---------------------------------
Location............: Virus Test Center, University Hamburg, FRG
Classification by...: Alfred Manthey Rojas
Documentation by....: Alfred Manthey Rojas
Date................: 5-June-1990
Information Source..: --
===================== End of SUNTRONIC Virus ==========================
Antivirus removal...: Kickstart 1.2 & 1.3 : VT-Schutz v3.17
Kickstart all others: VirusZ III, and also Xvs.library must be installed
Ascii of Suntronic virus:
