Page 1 of 1

Amiexpress Virus

PostPosted: Fri May 02, 2014 5:33 pm
by Black Beard
I had this virus back in the day, and nothing would detect it at the time.
I ended up shutting down my bbs out of frustration and the internet was taking over anyways.


http://www.vht-dk.dk/amiga/desc/txt/bbs-diskrepair.htm

Infected Diskrepair BBS Virus:
------------------------------

Again another trojan horse for the AmiExpress BBS system. This virus
is linked BEHIND a new version of DISKREPAIR.The used linking system
is the $4eb9 linker as used in many other trojan horses against AX.
The new thing in this virus is that is not linked in front of the
file.

In this case the viruspart is imploded and is decrunched 10244 bytes
long.


The directories BBS and BBS:Utils/ will be scanned for a special
filelength(ca.200000 bytes) and the SNOOPDOS task will be searched.
I cannot say what this virus exactly makes because I have no AmiEx
release.


Some resourced virusparts:

Snoopdos_Search
PEA snoopname(PC)
JSR FindTask(PC)
NoSnoopDos
...

snoopname DC.B 'SnoopDos',0
bbsname1 DC.B 'BBS',0
bbsname2 DC.B 'BBS:',0
bbsname3 DC.B 'BBS:',0
bbsname4 DC.B 'BBS',0
bbsname5 DC.B 'BBS:',0
bbsname6 DC.B 'BBS:Utils/',0


A utilitie, which does not work,if SnoopDos is active ? Not normal.




Detection tested on 29.05.1993.



Infected WhiteBox BBS Virus:
----------------------------


This virus is very similar to the virus linked behind Diskrepair.
The viruscode is more optimized and it will be searched for some
more filelengths.The used linker is the 4eb9 linker Who does
have such a linker ?

If a Sysop with the AmiExpress system finds such a virus please
reinstall the AmiExpress mainfile.


Detection tested on 06.06.1993.






The "Whitebox" and the "Diskrepair" viruses does only work with
some versions of AmiExpress(ca.5 releases).I do not think that
they touch AmiExpress 3.03 or AmiExpress 3.04. If you`ve a list
with lengths of all the AmiExpress releases then please let me
know it.



Test by Markus Schmall....