home *** CD-ROM | disk | FTP | other *** search
/ telefisk.org / virusCollection.lzx / VirusCollectie / vir_only.lha / JINX / JINX.VTC < prev   
Text File  |  1994-06-30  |  3KB  |  73 lines
  1. ------ Computer Virus Catalog 1.2: "JINX" (12.7.1994) -----------------
  2.  
  3. Entry...............: JINX
  4. Alias(es)...........: 
  5. Virus Strain........:  
  6. Virus detected when.: 
  7.               where.: 
  8. Classification......: BootBlock (System), Reset-Resident
  9. Length of Virus.....: 1.Length (1024) on storage medium
  10.                       2.Length (1040) in RAM
  11.  
  12. --------------------- Preconditions -----------------------------------
  13.  
  14. Operating System(s).: AMIGA-DOS
  15. Version/Release.....: 1.2, 1.3, 2.0, 3.0
  16. Computer model(s)...: All Amigas
  17.  
  18. --------------------- Attributes -------------------------------------
  19.  
  20. Easy Identification.: -
  21.  
  22. Type of infection...: Self-Identification methods:
  23.                       -   Virus checks Byte $42(Bootblock)
  24.                       System infection: 
  25.                       -   RAM-Resident (Vertb, Sumkickdata,td_globalvec
  26.                       -   Reset-Resident (KickTag,KickCheckSum)
  27.  
  28. Infection Trigger...: Acessing any floppy disk
  29.  
  30. Storage media affected: Diskettes
  31.  
  32. Interrupts hooked...: KICKTAG, KICKCHECKSUM, IV_VERTB, SUMKICKDATA, 
  33.                       TD_GLOBALVEC
  34.  
  35. Damage..............: Permanent Damage: 
  36.                       -  overwriting bootblock
  37.                       -  headstep (trashing disk)
  38.                       Transient Damage: -
  39.                       Transient/Permanent damage: 
  40.                       - Due to not allocating used memory-areas in the
  41.                         stack raange the system will probably crash.
  42.  
  43. Damage Trigger......: Disk-Acess, Counter
  44.  
  45. Particularities.....: The virus is encrypted with a variable key and
  46.                       has stealth capabilities. The virus catches 
  47.                       specific format-disk commands and replys an error
  48.                       on them. 
  49.  
  50. Stealth.............: The virus hides itself from normal disk-editors
  51.                       with stealth-capabilities
  52.  
  53. Similarities........: The stealth-routine is related to the lamer
  54.                       strain.
  55.  
  56.  
  57. --------------------- Agents ------------------------------------------
  58.  
  59. Countermeasures.....: VT 2.64, VW 3.7
  60. Countermeasures successful: All of the above
  61. Standard means......: Replace the original bootblock with "install"
  62.  
  63. --------------------- Acknowledgement ---------------------------------
  64.  
  65. Location............: Virus Test Center, University Hamburg, FRG
  66. Classification by...: Soenke Freitag
  67. Documentation by....: Soenke Freitag
  68. Date................: 12.7.1994
  69. Information Source..: Reverse analysis of virus-code
  70.  
  71. --------------------------End of "JINX"-Virus--------------------------
  72.  
  73.