= Computer Virus Catalog 1.2: TURK.COLOR_DROPPER Trojan (31-July-1993) = Entry...............: Turk.Color_Dropper Trojan Alias(es)...........: Color Virus Carrier=Color Demo=Installer of Turk Virus Strain........: --- Virus detected when.: --- where.: --- Classification......: TURK Virus dropping Trojan Horse Length of Virus.....: 1.Length on storage medium: 2196 bytes 2.Length in RAM: 4258 bytes --------------------- Preconditions ------------------------------------ Operating System(s).: AMIGA-OS Version/Release.....: 1.2/all, 1.3/all, 2.0/all, 3.0/all Computer model(s)...: All AMIGA models (see particularities) --------------------- Attributes --------------------------------------- Easy Identification.: Typical text, visible in file: "Hope you enjoy this proggie! It was put together in ten minutes ... Press Left Mouse Button for the demo ... ** Press Right Mouse Button to end **" Type of infection...: System infection: bootblock, RAM resident, reset resident,changes CoolCapture- and DoIO-vectors Infection Trigger...: Bootblock infection: DoIO-call requesting read or write access to bootblock Other infections: executing trojan horse Storage media affected: Only floppy disks Interrupts hooked...: --- Damage..............: Permanent damage: overwriting bootblock with TURK boot virus (see TURK virus). Transient damage: overwriting 80k Bytes of main memory with the string "TURK" and halting system. Damage Trigger......: Permanent damage: DoIO-call as described above Transient damage: reset Particularities.....: 1) Uses memory at $70000 without allocating it; overwrites autovectors 64, 148, 200 and 201. 2) Resident programs using CoolCaptureVector or KickTagPointer are shutdown. 3) Problems may arise on machines which set VBR of CPU to a non-zero value as the autovector adresses used in virus point to public memory. Similarities........: TURK Virus --------------------- Agents ------------------------------------------- Countermeasures.....: VT 2.54, VirusZ 3.06, VirusChecker 6.28 Countermeasures successful: VT 2.54, VirusZ 3.06, VirusChecker 6.28 Standard means......: VT 2.54 --------------------- Acknowledgement ---------------------------------- Location............: Virus Test Center, University Hamburg, FRG Classification by...: Karim Senoucci Documentation by....: Karim Senoucci Date................: 6-July-1993 Information Source..: Virus Disassembly / SHI / Heiner Schneegold ===================== End of TURK.COLOR_DROPPER Trojan ================= [Go back]