====== Computer Virus Catalog 1.2: SADDAM.][ Virus (31-July-1993) ====== Entry...............: SADDAM.][ Virus Alias(es)...........: --- Virus Strain........: SADDAM Virus Strain Virus detected when.: --- where.: --- Classification......: System virus (replacing), memory resident Length of Virus.....: 1.Length on storage medium: 1848 byte 2.Length in RAM : 1936 byte --------------------- Preconditions ------------------------------------ Operating System(s).: AMIGA-DOS Version/Release.....: 1.2/all, 1.3/all Computer model(s)...: All AMIGA models --------------------- Attributes --------------------------------------- Easy Identification.: --- Type of infection...: Self-identification method: see SADDAM virus. System infection: see SADDAM virus. Infection Trigger...: see SADDAM virus. Storage media affected: see SADDAM virus. Interrupts hooked...: see SADDAM virus. Damage..............: Permanent damage: 1-4 same as SADDAM virus: 1. If no Disk-Validator program exists on disk or no L: directory, both are built (re- placing Disk-Validator program on disk). 2. Virus destroys a block by writing "IRAK" over existing data. 3. Virus makes Bitmap NOT VALID, so running Disk-Validator next time will infect System. 4. Virus starts diskhead stepping in all floppy drives and writing on disk (if writeable) which will result in trackdisk errors. Transient damage: Mouse pointer will disappear, and an Alert will be displayed with text: "SADDAM ][". After pressing mouse button, cold reset; different from SADDAM v. Damage Trigger......: Permanent damage: 1) insertion of a diskette 2) reading a Datablock 3) accessing rootblock Transient damage: reading bootblock after a certain time. Particularities.....: see SADDAM virus. Similarities........: Minor variant (clone) of original SADDAM virus --------------------- Agents ------------------------------------------- Countermeasures.....: VirusZ 3.06, VT 2.54, VirusChecker 6.28 Countermeasures successful: VirusZ 3.06, VT 2.54 Standard means......: VT 2.54 --------------------- Acknowledgement ---------------------------------- Location............: Virus Test Center, University Hamburg, Germany Classification by...: Jens Vogler Documentation by....: Jens Vogler Date................: 31-July-1993 Information Source..: Reverse analysis of virus code ===================== End of SADDAM.][ Virus =========================== [Go back]