home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Amiga Plus 1995 #3 & #4
/
Amiga Plus CD - 1995 - No. 3 and 4.iso
/
pd
/
anti-virus
/
vib
/
virus
/
i
/
irq 1 or 2
< prev
Wrap
Text File
|
1995-07-20
|
2KB
|
54 lines
Name : IRQ 1 + 2
Aliases : No Aliases
Clone : No Clones
Type/size : Link/1060
Symptoms : The actual window title will be changed.
Discovered : 19-10-92
Way to infect: Link infection
Rating : Less Dangerous
Kickstarts : 1.2/1.3
Damage : Files can be defective (after infection).
Removal : Use a good Viruskiller or delete file.
Comments : The IRQ-Virus uses the Kick-Vectors to stay
resident in memory. If you are starting a
infected programm, the virus decodes a text
and the string "dos.library.s:/startup-sequence"
with a simple eor-loop:
A infected program will be increased by 1060
bytes. The virus patches the OldOpenLibrary-Vector
from the exec.library.
When you are booting with an unprotected disk, the
virus tries to open the actual startup-sequence.
If it exists, the virus infects the first file in
the startup-seq.
Sometimes (depending of $dff005) the virus change
the title of to actual window in:
"AmigaDOS presents: a new virus by the IRQ-TeamV41.0"
A file can`t be infected two times because the virus
searches for a hex-code:
CMP.L #FFFE6100,$1E(A4,D6.L)
It exists another IRQ-variant (=IRQ2) which infects
the first file in the startup-sequence till the
current disk is full !!
That means no check for infected files.
A.D 02-94
