Amiga MA Magazine 1998 #3

home *** CD-ROM | disk | FTP | other *** search

/ Amiga MA Magazine 1998 #3 / amigamamagazinepolishissue1998.iso / bazy / virus_base / virus / t / telecom < prev next >

Wrap

Text File | 1995-01-25 | 2KB | 50 lines

Name : TeleCom Aliases : No aliases Clone : No clone Type/size : File/756 Discovered : 04-03-93 Way to infect: File infection Rating : Less Dangerous Kickstarts : only 1.3 with Ranger RAM ($C00000) Removal : Delete file. Comments : The virus uses the CoolCapture to stay resident in memory. It is always at the same adress in memory ($C71000). After a reset the virus patches the DoIO(), FindResident(), and later the Open- Window() vectors. If you are booting with a disk the virus does the following: a) It checks with the help of DoIO() if the disk is write protected. If not the virus moves a value at memory adress. This value will later be used from the OpenWindow-Patch to check if the disk was write protected. b) The virus patches the FindResident() vector. This new patch installs some time later a new patch in the OpenWindow()-vector. c) This new patch infects the root-dir of the disk while it creates the virusfile ($A0) and modifies the startup-sequence. The string "s/startup-sequence" in the virus is coded with a simple EOR-loop (eor.b #$27,(a1)+). In the decoded virus you can read "TeleCom". NOTE: I wonder how such a virus could spread itself. ^^^^^ -> The memory Ranger RAM is rare. I think this virus must be an older one. A.D 12-93