14 April 2020, 03:28 | #21 |
Registered User
Join Date: Feb 2007
Location: Melbourne, Australia
Age: 41
Posts: 3,772
|
|
14 April 2020, 19:31 | #22 |
Moderator
Join Date: Nov 2004
Location: Eksjö / Sweden
Posts: 5,602
|
Stellarx/X by Stellar/etc seems to be not preserved on the major sites, and very hard to find outside those sites. Someone has the Coronafile. OK, good to know, don't spread it.
|
30 April 2020, 14:23 | #23 |
Moderator
Join Date: Jun 2009
Location: France
Age: 46
Posts: 1,982
|
New alert!
A new trojan has appeared. If you have downloaded a program called VProtect v1.0 that appeared on Aminet on 2020-04-30, please remove it as it is malicious and undetectable with VirusZ III and VT. The program is now removed from the site! Last edited by Crashdisk; 30 April 2020 at 14:29. |
30 April 2020, 16:21 | #24 |
Semi-Retired
Join Date: Mar 2012
Location: Leiden / The Netherlands
Posts: 1,994
|
Does it install a known bootblock virus? Or a new one? <shudder>
|
30 April 2020, 16:26 | #25 |
Moderator
Join Date: Jun 2009
Location: France
Age: 46
Posts: 1,982
|
The virus is similar to the XCopy bootblock (visually). It's basic but new. ...
Code:
---------------------------------------------------------------------- | Bootblock | ---------------------------------------------------------------------- |$0000|DOS.ê¢+R...p,y....Cú.¸p.N®þh,@"z.äN®ÿ: z.àp."<...@t.N®þz z.Ê"z.Ê| |$0040|!I.. |..ï.#H..0<.PB~QÈÿü"z.ªp.r.N®ÿ."z.žAú.tp.N®ÿÄ |..î€$HCú..p.| |$0080| ÙQÈÿüAù.ßð.!J.€Bh.ˆ1|ƒ..–r.NqQÈÿüQÉÿø!n.&.€Bh.ˆa..š,y....Cú.;N®| |$00C0|ÿ @ h..p.Nugraphics.library.ÿNO VIRUS ON BOOTBLOCK! ÿdos.libra| |$0100|ry.®..î...îP.à...âï...ÿþ.€.ù.‚.ù€.ÿþ.€..Œ.ÿþ....”.ÿþ.... .ÿþ.€.ù| |$0140|¡.ÿþ.€..ÿÿÿþAúþ²Cù..ð.&<...ÿ.ØQËÿü,y....B.N®ÿ(äˆB.N®ÿ:Cù..ð.Óü..| |$0180|.ø,y....#îþ:..óà-Iþ:Nu.J.E.R.E.M.Y./.C.O.R.O.N.A.!BY!THE!JACKAL!| |$01C0|2020....f.nb.ej}jbv.v`z}.i}fjak.a`.yf}z|.`a.m``{mc`ld....€....f.| |$0200|.P.i....f..F.©.....,f..:a..ÄHç..Iù..ð.*i.(&<...K.ÜQËÿü&<...³B.QË| |$0240|ÿüLß0.3|....a....©.....,f...a..€.©.....,f...a..p.©..à..,f..dHçÿþ| |$0280|3é...À.Î#é.$.À.Ð#é.(.À.Ô#é.,.À.Ø,y....3|....a..0J©. f...,y....3|| |$02C0|....a...J©. f..ì.¹......óòe..:Hç..IúþäKúýö&<.....ƒ.....œ.../QËÿø| |$0300|#ü......óòLß0.a..>Nú.tHç..IúþÄKúý¾&<.....ƒ.....œ.../QËÿø.¹......| |$0340|óòLß0.a...Nú.<.¹......óòHçÿþAù..ð."HB¨..2<.ÿp.Ð~d...R€QÉÿöF€#À..| |$0380|ð.Lß.ÿNu,y....3|....#|..ð..(#|.....$#|.....,a..03|....a..&3y.À.Î| |$03C0|..#y.À.Ð.$#y.À.Ô.(#y.À.Ø.,Lß.ÿNù.ü......................XCOPY!..| ---------------------------------------------------------------------- |
30 April 2020, 20:19 | #26 |
Registered User
|
downloaded .. and deleted...
thx ! |
30 April 2020, 23:40 | #27 |
Moderator
Join Date: Jun 2009
Location: France
Age: 46
Posts: 1,982
|
Here's the VHT report on the last trojan discovered :
https://vht-dk.dk/amiga/desc/txt/jackal-drop.htm Code:
.......................... VIRUS HELP TEAM ........................ Hi All.... 30 april 2020 An new trojan has been found. It was shortly on Aminet, but have been removed now, by the admins. The trojan will install a bootblock virus, where you can read this: J.E.R.E.M.Y./C.O.R.O.N.A.!BY!THE.JACKAL!2020 Here is some info about the trojan: ---------------------------------------------------------------------- Trojan name... : Jackal dropper Trojan file... : vprot10 Trojan size... : 1884 bytes (packed with CrunchMania) : 2284 bytes (unpacked) Trojan archive : vprot.lha Archive size.. : 4.322 bytes Archive info.. : * Small utility that stays in background and detects any change on resident memory vectors. Very easy to use. Just put VPROTECT in your startup-sequence file * Doesn't work from Workbench. * TIP: if you click both mouse buttons on VPROTECT window it will scan resident memory vectors again. If nothing happends memory is ok. * Not tested on KS higher than 1.3 Johan Jyllson ----------------------------------------------------------------------- When I testing the bootblock virus. Under Kickstart 2.0 and 3.1, after I rebootet with the virus in memory and booted from the floppydisk, I did get Checksum errors on the both floppy disk. If it is the virus, I'm not sure, but I tried it twice and got same error. At this time there are NO antivirus program that will find this trojan or bootblock virus. Virus Help Team have been thinking about releasing the file from VirusZ III, from our own Amiga's. We have made recognition for many utility, demo, and even some new bootblock viruses and a lot of other harmfull bootblocks not known to any anti-virus programs. If we release it you can find it at our website under VirusZ III. It is not there yet, but keep looking. Thanks to CrashDisk for informing us about this trojan. Regards.... __ Jan Andersen __ /// --------------- \\\/// Virus Help Team \XX/ www.vht-dk.dk |
01 May 2020, 17:20 | #28 |
Amigaholic
Join Date: Dec 2009
Location: UK
Posts: 4,677
|
So, we still have asswipes creating viruses
Hope VHT release that file, would be nice to have an updated xvs.library that detects the many 'unknown bootblock' warnings that VirusZ III throws up! |
01 May 2020, 19:06 | #29 |
Zone Friend
Join Date: May 2006
Location: France
Posts: 1,801
|
I’d like to disassemble them care to share? Thx
|
02 May 2020, 16:29 | #30 |
Super Member
Join Date: Sep 2014
Location: Wakefield
Age: 48
Posts: 1,334
|
|
02 May 2020, 17:30 | #31 |
Moderator
Join Date: Jun 2009
Location: France
Age: 46
Posts: 1,982
|
Unfortunately, this is not 100% functional because of VirusZ's signature registration method
|
02 May 2020, 17:32 | #32 |
Registered User
Join Date: Mar 2012
Location: UK
Posts: 1,893
|
In some ways it's nice to see that someone thinks the Amiga is important enough to bother making a virus...
|
02 May 2020, 17:35 | #33 |
Moderator
Join Date: Jun 2009
Location: France
Age: 46
Posts: 1,982
|
He may be on this forum to see comments on his work!
Come on, confess! ^^ |
03 May 2020, 01:01 | #34 | |
Zone Friend
Join Date: Mar 2004
Location: Middle Earth
Age: 40
Posts: 2,127
|
Quote:
I wonder if they are a native English speaker or they used English so they could shift the blame to another region?? If I did it, I would of had put it in German or French to shift the blame there. I haven't seen that handle the Jackal before and the last Amiga Virus text I saw was in a russian ezine called x25 or in Phrack magazine. Janeway doesn't bring up much either |
|
12 September 2020, 00:35 | #35 |
Computer Wizard
Join Date: Aug 2007
Location: Ramberg/Norway
Posts: 928
|
VirusZ_III.Bootblocks
Dated 09.08.2020. Read more about it in the above link. |
14 September 2020, 03:07 | #36 |
SYS64738
Join Date: Oct 2014
Location: Australia
Age: 50
Posts: 118
|
Just updated and performing a full scan. Damn these things!
|
14 September 2020, 06:48 | #37 |
Registered User
Join Date: Mar 2018
Location: Hastings, New Zealand
Posts: 2,546
|
|
14 September 2020, 09:50 | #38 | |
Registered User
Join Date: Aug 2014
Location: Brindisi (Italy)
Age: 70
Posts: 8,248
|
Quote:
https://www.vht-dk.dk/amiga/news.htm...FqH-YA1gMq0nq4 |
|
14 September 2020, 18:55 | #39 | |
Registered User
Join Date: Jun 2020
Location: Copenhagen, Denmark
Posts: 23
|
Quote:
https://www.vht-dk.dk/amiga/vz/vhtvzboot.htm |
|
20 September 2020, 11:15 | #40 |
Registered User
Join Date: Jun 2020
Location: Copenhagen, Denmark
Posts: 23
|
New VirusZ_III.bootblocks released today. (20 september 2020).
19 virus bootblock added 238 harmless bootblocks added https://www.vht-dk.dk/amiga/vz/vhtvzboot.htm |
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
Thread Tools | |
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
vasm treat warnings as errors? | hop | Coders. Asm / Hardware | 3 | 30 April 2019 22:32 |
Warnings after uploading in The Zone! | eLowar | project.EAB | 12 | 12 October 2007 23:10 |
When's the last time you had a virus on your Amiga? | Paul_s | Nostalgia & memories | 21 | 31 January 2007 11:06 |
Virus on my Amiga Disks | Andrew | request.Apps | 14 | 12 December 2004 19:18 |
Amiga Virus Help | madduck | Amiga websites reviews | 1 | 11 September 2002 19:15 |
|
|