VCKey 1.10 Trojan (WireFace) - Amiga Virus Encyclopedia

VIRUS HELP TEAM
 



  ----------------------------
  Amiga Virus Encyclopedia
  VCKey 1.10 Trojan (WireFace)
  ----------------------------

         
  VCKey 1.10 Trojan:
  ------------------

  other possible names: none
  Kickstart: V37 and higher
  Filelength: 9088 bytes (partly packed)
  found in/when: VkKey110.lha/Jul95


  This is said to be a cracked keyfile creator for the wellknown Virus-
  Checker antivirusprogramm.

  The FILE ID looks like this:

  "
  MakeKey v1.10 Keyfilemaker
  for Virus Checker Cracked.
  -----------------------( EAGLE's NEST! )----
  "


  In reality this file contains a nasty trojan, which tries to format
  your SYS: device (DOS1 bootcode) and give it the new name "Snupp!".
  If I can read my autodocs correct, only a quickformat will be done.
  Try to use Disksalv to recover the data on your sys: device.

  In the unpacked code you can read:

  "WiREFACE / dEMONS oF tHE pENTAGRAM * WHiPPED YOUR HD, SUKKAH !! We Look "
  "Down Your Nose (Laughter)!"

  The dangerous code was linked using the 4eb9 linking method on the normal
  makekey programm from the actual VirusChecker distribution. The dangerous
  code is packed with powerpacker 4.0 (5848 bytes long). This was probably
  done to shorten the whole file and to crypt the visible texts. The unpacked
  viruscode is 7588 bytes long.

  (Do you really think that such a lame protection can stop a good antivirus-
   researcher from doing its job ????)

  VT 2.74 and VW 5.2 atleast recognize a $4eb9 linker in the file. Another
  viruskiller, which claims to recognize 4eb9 files, does not detect it.


  There is a little document in this archive called MakeKey.readme:
  -----------------------------------------------------------------

  MakeKey v1.00 cracked... presenting MakeKey v1.10 :)

  This is a specially written program to allow users who have
  registered to make a keyfile from the information they recieve.

  *** But now you can enter any serial numbers you want ! ***
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  It can be run from SHELL or WORKBENCH and opens a GUI.
  It requires WB2.04 or better to run. Enter the data into the
  gadgets and click on MakeKey and the keyfile will be generated.


  Test by Markus Schmall
Virum Help Team
Denmark & Canada
Copyright © All rights reserved
www.vht.dk