Turk Virus - Amiga Virus Encyclopedia

VIRUS HELP TEAM
 



------------------------
Amiga Virus Encyclopedia
Turk Virus
------------------------


========= Computer Virus Catalog 1.2: TURK Virus (31-July-1993) ========
Entry...............: TURK Virus
Alias(es)...........: ---
Virus Strain........: ---
Virus detected when.: APRIL 1990
              where.: Australia
Classification......: System virus (bootblock), memory resident
Length of Virus.....: 1.Length on storage medium: 1024 byte
                      2.Length in RAM           : 1024 byte
--------------------- Preconditions ------------------------------------
Operating System(s).: AMIGA-DOS
Version/Release.....: 1.2/all, 1.3/all, 2.0/all, 3.0/all
Computer model(s)...: All AMIGA models (see particularities)
--------------------- Attributes ---------------------------------------
Easy Identification.: Typical text: "TURK", "Amiga Failure... Cause:
                                    TURK VIRUS Version 1.3!"
Type of infection...: System infection: RAM resident, reset resident,
                                        bootblock
Infection Trigger...: 1) Reset (CONTROL+Left-AMIGA+RIGHT-AMIGA)
                      2) Operation: any disk access
Storage media affected: Only floppy disks (3.5" and 5.25")
Interrupts hooked...: ---
Damage..............: Permanent Damage: virus overwrites bootblock
                         and destroys 880 blocks by overwriting them
                         with unformated sequence of data from RAM
                         thus causing read/write error on affected
                         storage media.
                      Transient Damage: screen buffer manipulation:
                         alert box after formating a disk.
Damage Trigger......: Permanent damage: reset.
                      Transient damage: any disk access.
Particularities.....: 1) Resident programs using the CoolCaptureVector
                         or KickTagPointer are shutdown.
                      2) Virus overwrites autovectors 64, 192, 200
                         and 201 to store data.
                      3) Problems may arise on machines which set VBR
                         of CPU to a non-zero value as the autovector
                         addresses used in virus point to public memory.
Similarities........: See TURK.Color Dropper Trojan (dropping this virus)
--------------------- Agents -------------------------------------------
Countermeasures.....: VT 2.54
Countermeasures successful: VT 2.54
Standard means......: VT 2.54
--------------------- Acknowledgement ----------------------------------
Location............: Virus Test Center, University Hamburg, Germany
Classification by...: Original entry: Oliver Meng (February 20,1990)
                      Update:         Karim Senoucci
Documentation by....: Oliver Meng, Karim Senoucci
Date................: 31-July-1993
Information Source..: Reverse analysis of virus / SHI
===================== End of TURK virus ================================

Antivirus removal   : Kickstart 1.2 & 1.3 : VT-Schutz v3.17
                      Kickstart all others: VirusZ III, and also Xvs.library must be installed
                    
Screenshot of Turk Virus:



Ascii of Turk virus (Decoded):
Virum Help Team
Denmark & Canada
Copyright © All rights reserved
www.vht.dk