===== Computer Virus Catalog 1.2: SYSTEM Z 3.0 Virus (5-June1990) =====
Entry...............: SYSTEM Z 3.0 Antivirus Virus
Alias(es)...........: ---
Virus Strain........: SYSTEM Z Virus
Virus detected when.: January 1989
              where.: Elmshorn, FRG
Classification......: system virus (bootblock), resident
Length of Virus.....: 1. length on storage medium: 1024 byte
                      2. length in RAM           : 1024 byte
--------------------- Preconditions -----------------------------------
Operating System(s).: AMIGA-DOS
Version/Release.....: 1.2/33.166, 1.2/33.180 and 1.3/34.20
Computer model(s)...: AMIGA 500, AMIGA 1000, AMIGA 2000A, AMIGA 2000B
--------------------- Attributes --------------------------------------
Easy Identification.: typical texts: 'SYSTEM Z VIRUS PROTECTOR V3.0',
                         'Warning: This disk is infected with the Byte
                         Bandit-Virus!', 'Warning: This disk is
                         infected with the SCA-Virus','Left MouseButton:
                         Kill the virus, Right MouseButton: Continue'
Type of infection...: self-identification method: 2nd longword
                         =$50564c2e='PVL.'=checksum of SYSTEM Z viruses
                      system infection: RAM resident, reset resident,
                         bootblock
Infection Trigger...: 'Kill VIRUS' request after reset (CONTROL +
                       Left-AMIGA + Right-AMIGA) with positive answer
Storage media affected: only floppy disks (3.5" and 5.25")
Interrupts hooked...: ---
Damage..............: permanent damage: overwriting bootblock after
                         'Kill VIRUS' request with positive answer
                      transient damage: screen buffer manipulation:
                         message when detecting a known virus
                         (see above)
Damage Trigger......: permanent damage: 'Kill VIRUS' request after
                         reset (CONTROL + Left-AMIGA + Right-AMIGA)
                         with positive answer
                      transient damage: message when detecting a known
                         virus (see above)
Particularities.....: uses StartIOVector; other resident programs using
                         the system resident list (KickTagPointer,
                         KickMemPointer) are shut down, screen gets
                         green; programs using the CoolCapture vector
                         are shut down, too; detects BYTE BANDIT, SCA
                         (and SCA clones) and older versions of itself;
                         pressing left mouse/fire button in port 1
                         during system reboot causes the virus to in-
                         stall itself on the disk's bootblock without
                         any request, pressing right mouse/fire button
                         in port 2 during system reboot causes the virus
                         to shut down itself; detecting a virus causes
                         SYSTEM Z to produce a sound;
                         detected as 'H.C.S.' by some antiviruses;
                         tests itself by building a checksum (hex.
                         $50564C2E = ascii 'PVL.'), if this fails, the
                         virus shuts down by restoring the KickTag
                         pointer to system default value else screen
                         gets light blue and a couple of tones are
                         played.
Similarities........: SYSTEM Z (antivirus) virus strain
--------------------- Agents ------------------------------------------
Countermeasures.....: Names of tested products of Category 1-6:
                      Category 1: .2 Monitoring System Vectors:
                                     'CHECKVECTORS 2.2'
                                  .3 Monitoring System Areas:
                                     'CHECKVECTORS 2.2','GUARDIAN 1.2',
                                     'VIRUSX 4.0'
                      Category 2: Alteration Detection: ---
                      Category 3: Eradication: 'CHECKVECTORS 2.2',
                                     'VIRUSX 4.0'
                      Category 4: Vaccine: ---
                      Category 5: Hardware Methods: ---
                      Category 6: Cryptographic Methods: ---
Countermeasures successful: 'CHECKVECTORS 2.2', 'GUARDIAN 1.2',
                            'VIRUSX 4.0'
Standard means......: 'CHECKVECTORS 2.2'
--------------------- Acknowledgement ---------------------------------
Location............: Virus Test Center, University Hamburg, FRG
Classification by...: Alfred Manthey Rojas
Documentation by....: Alfred Manthey Rojas
Date................: 5-June-1990
Information Source..: ---
===================== End of SYSTEM Z 3.0 Virus =======================

[Go back]