------------------------
Amiga Virus Encyclopedia
Zinko Trojan
------------------------
- ZINKO Trojan destruction
Filename maybe: FlowerPower.exe L: 166992 bytes
VT only offers deletions
Compare also: VoxelSvind Trojan
Procedure:
A picture is shown:
Dark, wide diagonal bar with light letters
Iris presents
I can't do anything with the text. In reality
are made on sys: changes.
Damage:
A text section is attached to files behind 3F2
variable length:
000003f2 5a494e4b 4f204d41 44452054 .... ZINCO MADE T
48495321 20492052 554c4521 20484148 HIS! I RULE! HAH
41484148 41484148 4121204e 4f525448 AHAHAHAHA! NORTH
45524e20 50414c41 43453a20 2b343520 ERN PALACE: +45
35383530 20363038 31005a49 4e4b4f20 5850 6081.ZINKO
Directories before:
s / startup-sequence
7 13-09-95
devs / parallel.device
1812 13-09-95
devs / printer.device
26964 13-09-95
devs / printers / Nec
6732 13-09-95
devs / system configuration
232 13-09-95
Directories after:
s / 000000000111000110100001110011
18150 20-12-96
s / 000000000110110100100111100000
6528 20-12-96
s / 000000000110110011001101100100
2554 20-12-96
devs / 000000000011000100101100111111
147 20-12-96
devs / 000000000111010100001100000011
19202 20-12-96
devs / 000000001000100100010100010111
3038 20-12-96
So not only the names are changed and text changed
hung, but also copied back and forth between the dirs.
e.g. None of the files in the modified s-Dir is the startup
sequence. I don't see any rescue option here with one
reasonable time. You can easily with one
File monitor cut off the text, but not in every file
is an ASCII string through which you assign the file name
can. I'm sorry.
Original test by Heiner Schneegold
Translated from german to english by Google translate
