-------------------------
Amiga Virus Encyclopedia
SystemZ v5.3 Virus
-------------------------
===== Computer Virus Catalog 1.2: SYSTEM Z 5.3 Virus (5-June-1990) ====
Entry...............: SYSTEM Z 5.3 Antivirus Virus
Alias(es)...........: ---
Virus Strain........: SYSTEM Z Antivirus Virus
Virus detected when.: September 1989
where.: Elmshorn, FRG
Classification......: system virus (bootblock), resident
Length of Virus.....: 1. length on storage medium: 1024 byte
2. length in RAM : 1024 byte
--------------------- Preconditions -----------------------------------
Operating System(s).: AMIGA-DOS
Version/Release.....: 1.2/33.166, 1.2/33.180 and 1.3/34.20
Computer model(s)...: AMIGA 500, AMIGA 1000, AMIGA 2000A, AMIGA 2000B
--------------------- Attributes --------------------------------------
Easy Identification.: typical text: 'VirusProtector Release V5.3
A PvL Production', 'Warning: Disk contains a
Virus!', 'Left MouseButton: Kill the Virus,
Right MouseButton: Continue', 'This disk
contains an old VirusProtector', '4.0' ...
'4.1' ... '5.0' ... '5.1', 'Send new Viruses
to: P. van Leuven Markt 19A, 5688 AJ Oirschot,
Holland'
Type of infection...: self-identification method: 2nd longword
=$50564c2e='PVL.'=checksum of SYSTEM Z viruses
system infection: RAM resident, reset resident,
bootblock
Infection Trigger...: 'Kill VIRUS' request after reset (CONTROL +
Left-AMIGA + Right-AMIGA) with positive answer
Storage media affected: only floppy disks (3.5" and 5.25")
Interrupts hooked...: ---
Damage..............: permanent damage: overwriting bootblock after
'Kill VIRUS' request with positive answer
transient damage: screen buffer manipulation:
message when detecting a known virus,see above
Damage Trigger......: permanent damage: 'Kill VIRUS' request after
reset (CONTROL + Left-AMIGA + Right-AMIGA)
with positive answer
transient damage: message when detecting a known
virus (see above)
Particularities.....: uses StartIOVector; other resident programs using
the system resident list (KickTagPointer,
KickMemPointer) are shut down; programs using
the CoolCapture vectors are shut down, too;
detects BYTE BANDIT, SCA (and SCA clones),
NORTH STAR II,BYTE WARRIOR,LAMER EXTERMINATOR
1.0 and 2.0 and older versions of itself;
pressing left mouse/fire button in port 1
during system reboot causes the virus to in-
stall itself on the disk's bootblock without
any request; pressing right mouse/fire button
in port 2 during system reboot causes the virus
to shut down itself; detecting a virus causes
SYSTEM Z to produce a sound;
detected as 'H.C.S.' by some antiviruses;
tests itself by building a checksum (hex.
$50564C2E = ascii 'PVL.'), if this fails, the
virus shuts down by restoring the KickTag
pointer to system default value else the screen
gets colored depending to a couple of notes
which are played
Similarities........: SYSTEM Z antivirus virus strain
--------------------- Agents ------------------------------------------
Countermeasures.....: Names of tested products of Category 1-6:
Category 1: .2 Monitoring System Vectors:
'CHECKVECTORS 2.2'
.3 Monitoring System Areas:
'CHECKVECTORS 2.2','GUARDIAN 1.2',
'VIRUSX 4.0'
Category 2: Alteration Detection: ---
Category 3: Eradication: 'CHECKVECTORS 2.2',
'VIRUSX 4.0'
Category 4: Vaccine: ---
Category 5: Hardware Methods: ---
Category 6: Cryptographic Methods: ---
Countermeasures successful: 'CHECKVECTORS 2.2', 'GUARDIAN 1.2',
'VIRUSX 4.0'
Standard means......: 'CHECKVECTORS 2.2'
--------------------- Acknowledgement ---------------------------------
Location............: Virus Test Center, University Hamburg, FRG
Classification by...: Alfred Manthey Rojas
Documentation by....: Alfred Manthey Rojas
Date................: 5-June-1990
Information Source..: ---
===================== End of SYSTEM Z 5.3 Virus =======================
Antivirus removal...: Kickstart 1.2 & 1.3 : VT-Schutz v3.17
Kickstart all others: VirusZ III, and also Xvs.library must be installed
Ascii of SystemZ v5.3 virus:
