===== Computer Virus Catalog 1.2: SYSTEM Z 4.0 Virus (5-June-1990) ==== Entry...............: SYSTEM Z 4.0 Antivirus Virus Alias(es)...........: -- Virus Strain........: SYSTEM Z Virus Virus detected when.: January 1989 where.: Elmshorn, FRG Classification......: system virus (bootblock), resident Length of Virus.....: 1. length on storage medium: 1024 byte 2. length in RAM : 1024 byte --------------------- Preconditions ----------------------------------- Operating System(s).: AMIGA-DOS Version/Release.....: 1.2/33.166, 1.2/33.180 and 1.3/34.20 Computer model(s)...: AMIGA 500, AMIGA 1000, AMIGA 2000A, AMIGA 2000B --------------------- Attributes -------------------------------------- Easy Identification.: typical text: 'SYSTEM Z VIRUS PROTECTOR V4.0', 'Warning: This disk is infected with a Virus!' 'Left MouseButton: Kill the virus, Right MouseButton: Continue', 'This disk is infected with the 'ANTI'Virus of NorthStar', 'This disk contains an old VirusProtector', 'Send new Viruses to: P. van Leuven Koestraat 47, 5688 AG Oirschot, Holland' Type of infection...: self-identification method: 2nd longword =$50564c2e='PVL.'=checksum of SYSTEM Z viruses system infection: RAM resident, reset resident, bootblock Infection Trigger...: 'Kill VIRUS' request after reset (CONTROL + Left-AMIGA + Right-AMIGA) with positive answer Storage media affected: only floppy disks (3.5" and 5.25") Interrupts hooked...: --- Damage..............: permanent damage: overwriting bootblock after 'Kill VIRUS' request with positive answer transient damage: screen buffer manipulation: message when detecting a known virus,see above Damage Trigger......: permanent damage: 'Kill VIRUS' request after reset (CONTROL + Left-AMIGA + Right-AMIGA) with positive answer transient damage: message when detecting a known virus (see above) Particularities.....: uses StartIOVector; other resident programs using the system resident list (KickTagPointer, KickMemPointer) are shut down, screen gets orange; programs using the CoolCapture vector are shut down, too; detects BYTE BANDIT, SCA (and SCA clones), BYTE WARRIOR, SYSTEM Z 3.0, NORTH STAR II and an older version of itself; pressing left mouse/fire button in port 1 during system reboot causes the virus to in- stall itself on the disk's bootblock without any request pressing right mouse/fire button in port 2 during system reboot causes the virus to shut down itself; detecting a virus causes SYSTEM Z to produce a sound; detected as 'H.C.S.' by some antiviruses; tests itself by building a checksum (hex. $50564C2E = ascii 'PVL.'), if this fails, the virus shuts down by restoring the KickTag pointer to system default value else the screen gets colored depending to a couple the tones which are played. Similarities........: SYSTEM Z antivirus virus strain --------------------- Agents ------------------------------------------ Countermeasures.....: Names of tested products of Category 1-6: Category 1: .2 Monitoring System Vectors: 'CHECKVECTORS 2.2' .3 Monitoring System Areas: 'CHECKVECTORS 2.2','GUARDIAN 1.2', 'VIRUSX 4.0' Category 2: Alteration Detection: --- Category 3: Eradication: 'CHECKVECTORS 2.2', 'VIRUSX 4.0' Category 4: Vaccine: --- Category 5: Hardware Methods: --- Category 6: Cryptographic Methods: --- Countermeasures successful: 'CHECKVECTORS 2.2', 'GUARDIAN 1.2', 'VIRUSX 4.0' Standard means......: 'CHECKVECTORS 2.2' --------------------- Acknowledgement --------------------------------- Location............: Virus Test Center, University Hamburg, FRG Classification by...: Alfred Manthey Rojas Documentation by....: Alfred Manthey Rojas Date................: 5-June-1990 Information Source..: --- ===================== End of SYSTEM Z 4.0 Virus ======================= [Go back]