home *** CD-ROM | disk | FTP | other *** search
- Name : CCCP
-
- Aliases : No Aliases
-
- Type/Size : Boot+Link/1024+1044
-
- Clones : DATA CRIME
-
- Symptoms : No Symptoms
-
- Discovered : ?
-
- Way to infect: Link infection
-
- Rating : Dangerous
-
- Kickstarts : 1.2/1.3 NOT properly with Kick2.0
-
- Damage : Some infected files can cause a GURU !!!
-
- Manifestation: -
-
- Removal : Delete File AND INSTALL BOOT !!!
-
- Comments : The CCCP-Virus is a new sort of virus. Its the
- first virus which can spread itself by two different
- infection-methods, Link-Method and Boot-Method.
-
-
- The virus allocates 1192 bytes of chip-mem and copies
- itself into that area. After that the virus changes
- the CoolCapture-Vector to stay resident in memory.
-
-
- Furthermore the virus patches the DoIO() and the
- Zero-Page ($6C). The DoIO()-Vector is used to infect
- other disks and the $6C-Patch sets always the Cool-
- Capture-Vector to the virusvalue. After a reset the
- virus patches the OpenLib()-Vector from the exec.lib.
-
-
- If the OpenLib()-Vector is now used from the system,
- the virus patches the OpenWindow()-Vector from the
- intuition.library. If this (now patched) vector is
- used the virus scan the c-dir for executable files
- to infect them. In the Bootblock and in every
- infected file you can read:
-
- "CCCP VIRUS"
-
- A.D 07-94
-
