-----------------------------
Amiga Virus Encyclopedia
Terrorists Virus (BGS9 Clone)
-----------------------------
=== Computer Virus Catalog 1.2: TERRORISTS Virus (10-February-1991) ==
Entry...............: TERRORISTS Virus
Alias(es)...........: ---
Virus Strain........: BGS 9 virus strain
Virus detected when.: MAY 1990 (when VTC received virus code)
where.: North Germany
Classification......: link virus (renaming), resident
Length of Virus.....: 1. length on storage medium: 2608 byte
2. length in RAM : 2608 byte
--------------------- Preconditions ----------------------------------
Operating System(s).: AMIGA-DOS
Version/Release.....: 1.2/33.166, 1.2/33.180, 1.3/34.5
Computer model(s)...: AMIGA 500, AMIGA 1000, AMIGA 2000A, AMIGA 2000B
--------------------- Attributes -------------------------------------
Easy Identification.: typical text: "TTV1" at end of virus
(length=2608 byte)
identification on disk: a file in ROOT- and/or
DEVS-directory is named with following
unprintable string: $A0,$20,$20,$20,$A0,$20,
$20,$A0,$20,$A0,$A0; length of first command
in startup-sequence seems to be altered to
2608 byte (because file isnot original anymore)
Type of infection...: self-identification method: virus searches for a
file in devs- or root directory named with
this unprintable string: $A0,$20,$20,$20,$A0,
$20,$20,$A0,$20,$A0,$A0
system infection: RAM resident, reset resident
Infection Trigger...: reset (CONTROL+Left-AMIGA+Right-AMIGA)
Storage media affected: bootable floppy disks (3.5" and 5.25"),
bootable RAM disks, bootable hard disks
Interrupts hooked...: ---
Damage..............: permanent damage: overwriting bootblock;
transient damage: screen buffer manipulation:
screen becomes black, a graphic with fol-
lowing text is displayed:
"a computer virus is a disease
terrorism is a transgression
software piracy is a crime
this is the cure BGS9
Bundesgrenzschutz Sektion 9
Sonderkommando 'EDV' "
Damage Trigger......: permanent damage: reset (CONTROL+LEFT-AMIGA
+RIGHT-AMIGA)
transient damage: 4 resets (to be run
until initial CLI window appears)
Particularities.....: other resident programs using the system
resident list (KickTagPointer, KickMem
Pointer) are shutdown; name of resident
task is "TTV1" (see string in bootblock);
when virus doesn't find a DEVS directory,
it uses the root; first command in startup-
sequence is renamed to a file named with
following unprintable string:
$A0,$20,$20,$20,$A0,$20,$20,$A0,$20,$A0,$A0
(in DEVS- or root directory if available),
and virus is written to directory the
command comes from using the same name;
next time, virus will be called first
before original command is executed
Similarities........: 100% clone of the BGS 9 virus, only name of
the relocated carrier (DEVS:) is different
(see above); problems show when other
resident programs suc as harddisk devices
are installed; same problem (=guru medita-
tion when started from startup-sequence)
also occurs with BGS 9
--------------------- Agents -----------------------------------------
Countermeasures.....: Names of tested products of Category 1-6:
Category 1: .2 Monitoring System Vectors:
CHECKVECTORS 2.3
.3 Monitoring System Areas:
CHECKVECTORS 2.3, GUARDIAN 1.2,
VIRUS-DETEKTOR 1.1
Category 2: Alteration Detection: ---
Category 3: Eradication: CHECKVECTORS 2.3,
BGS9-PROTECTOR, VIRUS-DETEKTOR 1.1
Category 4: Vaccine: BGS9-PROTECTOR
Category 5: Hardware Methods: ---
Category 6: Cryptographic Methods: ---
Countermeasures successful: CHECKVECTORS 2.3, BGS9-PROTECTOR
Standard means......: CHECKVECTORS 2.3 with deletion of "no name" file
entry (see above) using a disk manager and
correction of startup-sequence (removal)
and creating two filesðnamed w¹th the
following unprintable string "$A0,$20,$20,
$20,$A0,$20,$20,$A0ü$20,$A0¼$A0" to vaccinate
disk (one file has to be placed in ROOT-, the
other in DEVS-directory); BGS9-PROTECTOR
--------------------- Acknowledgement --------------------------------
Location............: Virus Test Center, University Hamburg, Germany
Classification by...: Alfred Manthey Rojas
Documntation by.....: Alfred Manthey Rojas
Date................: 10-February-1991
Information Source..: ---
===================== End of Terrorists Virus ========================
Screenshot of Terrorists Virus:
