Kill v1.0 Virus - Amiga Virus Encyclopedia

VIRUS HELP TEAM




------------------------    
Amiga Virus Encyclopedia
VKill v1.0 Virus
------------------------


====== Computer Virus Catalog 1.2: VKILL 1.0 Virus (5-June-1990) ======
Entry...............: VKILL 1.0 Virus
Alias(es)...........: ---
Virus Strain........: ---
Virus detected when.: March 1989
              where.: Elmshorn, FRG
Classification......: system virus (bootblock), resident
Length of Virus.....: 1. length on storage medium: 1024 byte
                      2. length in RAM           : 1024 byte
--------------------- Preconditions -----------------------------------
Operating System(s).: AMIGA-DOS
Version/Release.....: 1.2/33.166, 1.2/33.180, 1.3/34.5
Computer model(s)...: AMIGA 500, AMIGA 1000, AMIGA 2000A, AMIGA 2000B
--------------------- Attributes --------------------------------------
Easy Identification.: typical text: --
                      virus feature: 'VKILL 1.0' requester before
                         opening CLI and detecting a virus or a non-
                         standard bootblock (see below)
Type of infection...: self-identification method: ---
                      system infection: RAM resident, reset resident,
                         bootblock
Infection Trigger...: reset (CONTROL + Left-AMIGA + RIGHT-AMIGA)
                      operation: on bootable standard bootblocks:
                         any access on bootblock sectors (blocks 0,1)
                         created using normal file system and new fast
                         file system;
                         on nonstandard bootblocks: when detecting a
                         virus or a nonstandard bootblock AND
                         'VKILL 1.0' request AND positive answer
Storage media affected: only floppy disks (3.5" and 5.25")
Interrupts hooked...: ---
Damage..............: permanent damage: overwrites bootable standard
                         bootblocks; simulates bootable standard boot-
                         blocks when examined with any tool
                      transient damage: screen buffer manipulation:
                         'VKILL 1.0' requester before opening CLI and
                         detecting a virus or a nonstandard bootblock
                         (see below)
Damage Trigger......: permanent damage: reset
                         operation on bootable standard bootblocks:
                         any access on bootblock sectors (blocks 0,1)
                         operation on nonstandard bootblocks: when
                         detecting a known virus or a nonstandard boot-
                         block (see below) AND 'VKILL 1.0' request
                         AND positive answer
                      transient damage: when detecting a known virus
                         or a nonstandard bootblock (see below)
Particularities.....: a resident program using the CoolCaptureVector is
                         shut down; detects BYTE BANDIT, SCA (and SCA
                         clones) and nonstandard bootblocks; detects
                         standard bootblocks of the new fast filing
                         system ('DOS' + $01); virus encodes itself
                         using ascii characters ' Ken' as key
Similarities........: ---
--------------------- Agents ------------------------------------------
Countermeasures.....: Names of tested products of Category 1-6:
                      Category 1: .2 Monitoring System Vectors:
                                     'CHECKVECTORS 2.2'
                                  .3 Monitoring System Areas:
                                     'CHECKVECTORS 2.2','GUARDIAN 1.2',
                                     'VIRUSX 4.0'
                      Category 2: Alteration Detection: ---
                      Category 3: Eradication: 'CHECKVECTORS 2.2',
                                     'VIRUSX 4.0'
                      Category 4: Vaccine: ---
                      Category 5: Hardware Methods: ---
                      Category 6: Cryptographic Methods: ---
Countermeasures successful: without restrictions:
                             'CHECKVECTORS 2.2', 'VIRUSX 4.0'
                            with restrictions: 'GUARDIAN 1.2'
Standard means......: 'CHECKVECTORS 2.2'
--------------------- Acknowledgement ---------------------------------
Location............: Virus Test Center, University Hamburg, FRG
Classification by...: Wolfram Schmidt
Documentation by....: Alfred Manthey Rojas
Date................: 5-June-1990
Information Source..: ---
===================== End of VKILL 1.0 Virus ==========================


Screenshot of Vkill 1.0 Virus:
 


Ascii of Vkill 1.0 virus:
 




Virum Help Team
Denmark & Canada
Copyright © All rights reserved
www.vht.dk