------------------------
Amiga Virus Encyclopedia
ViruskillerVirus
------------------------
================== Computer Virus Catalog 2.0: ViruskillerVirus (14.12.1993) ==================
Alias..........................: CLI-Manager
Strain.........................: ViruskillerVirus
detected when..................: --
where..........................: --
detected when..................:
where..........................:
Classification.................: System virus (bootblock), resident
Length.........................: 1. Length on storage medium: 1024 byte
2. Length in RAM: 1024 byte
--------------------------------- Preconditions ------------------------------------------------
Operating System(s).............: AMIGA-OS
Version/Release.................: all system releases
Computer model(s)...............: all models
Caroname........................: VirusKillerVirus
--------------------------------- Attributes ----------------------------------------------------
Easy identification.............: Typical text: 'CLI-Manager -> Virus-Killer-BootBlock'
Type of Infection...............:
Infection Technique.............:
Infection Trigger...............: booting from infected disk
Storage Media affected..........:
Interrupts hooked...............:
Stealth.........................:
Tunneling/Selfprot..............:
Oligo/Polymorphism..............:
Encoding Method.................:
Damage..........................: Permanent damage: overwriting bootblock with a copy of the virus
Transient damage:
1) clearing all Captures (CoolCapture, WarmCapture, ...)
2) overwriting KickTagPtr and KickMemPtr
3) overwriting BeginIO call
4) stopping all operations and showing Alert
Damage Trigger..................: Permanent damage: Read IO call reading the first $200 bytes of
the bootblock of a not infected disk.
Transient damage:
1) booting and finding at least one Capture set
2) booting and finding KickTagPtr not pointing at the kickTag
structure of the virus
3) every boot and reset
4) see Permanent damage
Particularities.................: This is a stupid virus. It waits for read calls reading the
bootblock to infect the disk. But it first writes itself to disk,
before performing the request. So you will get a copy of the
virus in return.
Similarities....................: ---
--------------------------------- Agents ----------------------------------------------------------
Countermeasures.................: VirusZ II 1.09, VT 2.67, Virus Checker 6.43, Virus Workshop 3.6
Standard means..................: VirusZ II 1.09, VT 2.67, Virus Checker 6.43, Virus Workshop 3.6
--------------------------------- Acknowledgements ------------------------------------------------
Location........................: Virus Test Center, University Hamburg, Germany
Classification by...............: Jens Vogler
Documentation by................: Jens Vogler
Date............................: 1-July-1994
Information Source--------------: reverse engeneering of original virus
================================= End of ViruskillerVirus =========================================
Ascii of ViruskillerVirus (CLI-Manager) virus:
