====== Computer Virus Catalog 1.2: SENDARIAN Virus (15-July-1991) ==== Entry...............: SENDARIAN Virus Alias(es)...........: --- Virus Strain........: REVENGE 1.2G Virus Strain Virus detected when.: where.: Australia Classification......: System virus (bootblock), resident Length of Virus.....: 1. Length on storage medium: 1024 byte 2. Length in RAM : 1024 byte --------------------- Preconditions ---------------------------------- Operating System(s).: AMIGA-DOS Version/Release.....: 1.2/33.180 Computer model(s)...: AMIGA 500, AMIGA 1000, AMIGA 2000A, AMIGA 2000B --------------------- Attributes ------------------------------------- Easy Identification.: Typical text: 'fuck','off','Sendarian #1! Count' Self-identification.: Test of 5th longword ($ 49443932 = ascii 'ID92') Type of infection...: System infection: RAM resident, reset resident, bootblock Infection Trigger...: reset (CONTROL+Left-AMIGA+Right-AMIGA) operation: any disk access Storage media affected: only floppy disks (3.5" and 5.25") Interrupts hooked...: Vertical Blank interrupt (IV 5) Damage..............: Permanent damage: overwriting bootblock Transient damage: after infecting a disk and next reset, mouse pointer will look like a penis after one minute. Damage Trigger......: Permanent damage: reset; any disk access Transient damage: infecting a disk followed by reset and 1 minute delay. Particularities.....: Resident programs using the CoolCaptureVector are shutdown; virus uses DoIOVector and counts vertical blanks until he will bring up his new pointer; Virus behaves as Antivirus-Virus detecting BYTE BANDIT, SCA and SCA clones. Built-in elimination: Built-in features allow to stop and eliminate virus from memory: Stop virus action: holding down joystick button (port 2) during system reboot will shutdown virus (visible by red screen); Eliminate virus from memory: pressing joy- stick button AND mouse button (port 1) will remove virus from RAM and turn screen blue. Similarities........: REVENGE 1.2G virus strain --------------------- Agents ----------------------------------------- Countermeasures.....: Names of tested products of Category 1-6: Category 1: .2 Monitoring System Vectors: CHECKVECTORS 2.2 .3 Monitoring System Areas: CHECKVECTORS 2.2, GUARDIAN 1.2, VIRUSX 4.0 Category 2: Alteration Detection: --- Category 3: Eradication: CHECKVECTORS 2.2, VIRUSX 4.0 Category 4: Vaccine: --- Category 5: Hardware Methods: --- Category 6: Cryptographic Methods: --- Countermeasures successful: CHECKVECTORS 2.2,GUARDIAN 1.2,VIRUSX 4.0, own suicide function (see elimination) Standard means......: CHECKVECTORS 2.2 --------------------- Acknowledgement -------------------------------- Location............: Virus Test Center, University Hamburg, Germany Classification by...: Wolfram Schmidt Documentation by....: Wolfram Schmidt Date................: 15-July-1991 Information Source..: --- ===================== End of SENDARIAN Virus ========================= [Go back]