========== Computer Virus Catalog 1.2: IRQ Virus (5-June-1990) ======== Entry...............: IRQ Virus Alias(es)...........: --- Virus Strain........: --- Virus detected when.: January 1989 where.: Elmshorn, FRG Classification......: link virus (extending), resident Length of Virus.....: 1. length on storage medium: 1060 byte + 36 byte (hunk) 2. length in RAM : 1060 byte + 36 byte (hunk) --------------------- Preconditions ----------------------------------- Operating System(s).: AMIGA-DOS Version/Release.....: 1.2/33.166, 1.2/33.180 and 1.3/34.20 Computer model(s)...: AMIGA 500, AMIGA 1000, AMIGA 2000A, AMIGA 2000B --------------------- Attributes -------------------------------------- Easy Identification.: typical text: --- others: allocates 100.000 byte of workspace during infection of files Type of infection...: self-identification method: $fffe6100 at 2nd word of virus (without hunk table) system infection: extending executable file, RAM resident, reset resident, EXEC library Infection Trigger...: usage of OldOpenLibrary routine of exec library Storage media affected: any available storage medium Interrupts hooked...: --- Damage..............: permanent damage: causes some overlay programs to malfunction because of altered offsets in hunk table; DIR command of CLI is infected (stan- dard file); 1st file used in startup-sequence of inserted disk is infected (random file); use of a nearly full disk may cause a read/write error when the infected file won't fit on disk, this disk may not be repaired. transient damage: screen buffer manipulation: changes window title of actual window: 'AmigaDOS presents:a new virus by the IRQ-Team V41.0' Damage Trigger......: permanent damage: usage of OldOpenLibrary routine of exec library transient damage: by random Particularities.....: only infects files with a maximum length of 99.999 byte; uses SetFunction routine of exec library to modify entry of the OldOpenLibrary routine; other resident programs using the system resident list (KickTagPointer, KickMemPointer) are shut down. Similarities........: --- --------------------- Agents ------------------------------------------ Countermeasures.....: Names of tested products of Category 1-6: Category 1: .2 Monitoring System Vectors: 'CHECKVECTORS 2.2' .3 Monitoring System Areas: 'CHECKVECTORS 2.2','GUARDIAN 1.2', 'VIRUSX 4.0' Category 2: Alteration Detection: --- Category 3: Eradication: 'CHECKVECTORS 2.2', 'RemIRQ', 'KV', 'IRQKILLER', 'LINKKILLER', 'VIRUSX 4.0', 'DVICE PLUS' Category 4: Vaccine: --- Category 5: Hardware Methods: --- Category 6: Cryptographic Methods: --- Countermeasures successful: 'CHECKVECTORS 2.2' with 'RemIRQ', 'KV', 'LINKKILLER' or 'IRQKILLER', 'VIRUSX 4.0', 'DVICE PLUS' Standard means......: 'CHECKVECTORS 2.2', 'IRQKILLER' --------------------- Acknowledgement --------------------------------- Location............: Virus Test Center, University Hamburg, FRG Classification by...: Alfred Manthey Rojas Documentation by....: Alfred Manthey Rojas Date................: 5-June-1990 Information Source..: --- ===================== End of IRQ Virus ================================ [Go back]