Virus Mem Kill 3.00 Trojan - Amiga Virus Encyclopedia

VIRUS HELP TEAM
Amiga Antivirus Website
www.vht-dk.dk
 



     --------------------------
     Amiga Virus Encyclopedia
     Virus Mem Kill 3.00 Trojan
     --------------------------


     Name         : VMK3.0

     Aliases      : No Aliases

     Type         : Trojan

     Size         : 2620 Bytes

     Clones       : No Clones 

     Symptoms     : No Symptoms

     Discovered   : 03-09-94
     
     Archive      : vmk30.lha

     Way to infect: No Infection

     Rating       : Very Dangerous

     Kickstarts   : 2.X/3.X

     Damage       : Overwrites the RDSK-Block of your harddisk.

     Removal      : Delete this file immediately.

     Comments     : The  orign of this new bomb is the original VMK (Virus
                    Memory  Kill)  version 1.10, 2.388 bytes made by Chris
                    Hames. 

                    A  lame guy have now add a destroy-routine and changed
                    the  version  number to  3.0. If you are starting this
                    nasty  trojan you wil get the following message on the
                    top of your screen:

                         Virus Memory Kill V3.00 © Chris Hames.

                    Very simple but unfortunately  DANGEROUS. The original
                    VMK was reassembled  by the  programmer. The  destroy-
                    routine is simple: If  your starting the bomb it scans
                    for the  "scsi.device", so you can see that especially
                    A1200 and A4000 are affected  by this  devil.  If  the
                    device will be found the  virus loads the 1st block of
                    the harddisk  and subs a  special value in this block.
                    If  the  value  reaches zero  the virus overwrites the
                    RDSK-Block   and   the  partitions-block  behind  with
                    memory-garbage.

     Other info   : This is a fucking HD formatter and nothing else.

                    The programm will open scsi.device at unit 0 and loads the
                    RDB.  It will add 1 to the third longwort and decrease the
                    offset $2b of the RDB.  If this value reaches 0, the first
                    100kb  from  your  HD, starting  with  the  RDB,  will  be
                    formatted using memory from adress 0.
    
                    No rescue for the DATA is possible. Sorry.  Try to restore
                    the RDB and to rescue as much files as possible (best with
                    DiskSalv).  The  first  100  KB are lost and the partition
                    datas, too.  Try  your  harddisc software  and restore the
                    partition datas.

                    The offset $2b in the RDB  describes some of the hardware-
                    abilities of the harddisc.

    Antivirus     : Kickstart 1.2 & 1.3..... : VT-Schutz
                    Kickstart 2.0 and higher : VirusZ III, with the new Xvs.library installed
                    
    Test made by  : Markus Schmall & Safe Hex International
Virus Help Team
Denmark & Canada
Copyright © All Rights Reserved