English Amiga Board


Go Back   English Amiga Board > News

 
 
Thread Tools
Old 14 April 2020, 03:28   #21
Hewitson
Registered User
Hewitson's Avatar
 
Join Date: Feb 2007
Location: Melbourne, Australia
Age: 37
Posts: 3,681
Quote:
Originally Posted by zipper View Post
Keep pressed 10 seconds.
Pretty sure this doesn't work. If you really want to be safe, the machine should be powered off.
Hewitson is offline  
Old 14 April 2020, 19:31   #22
Photon
Moderator

Photon's Avatar
 
Join Date: Nov 2004
Location: Eksjö / Sweden
Posts: 4,819
Stellarx/X by Stellar/etc seems to be not preserved on the major sites, and very hard to find outside those sites. Someone has the Coronafile. OK, good to know, don't spread it.
Photon is offline  
Old 30 April 2020, 14:23   #23
Crashdisk
Moderator

Crashdisk's Avatar
 
Join Date: Jun 2009
Location: France
Age: 42
Posts: 1,378
New alert!
A new trojan has appeared.
If you have downloaded a program called VProtect v1.0 that appeared on Aminet on 2020-04-30, please remove it as it is malicious and undetectable with VirusZ III and VT.
The program is now removed from the site!

Last edited by Crashdisk; 30 April 2020 at 14:29.
Crashdisk is offline  
Old 30 April 2020, 16:21   #24
Hedeon
PPC Hacker

 
Join Date: Mar 2012
Location: Leiden / The Netherlands
Posts: 1,219
Does it install a known bootblock virus? Or a new one? <shudder>
Hedeon is offline  
Old 30 April 2020, 16:26   #25
Crashdisk
Moderator

Crashdisk's Avatar
 
Join Date: Jun 2009
Location: France
Age: 42
Posts: 1,378
The virus is similar to the XCopy bootblock (visually). It's basic but new. ...
Code:
 ----------------------------------------------------------------------
| Bootblock                                                            |
 ----------------------------------------------------------------------
|$0000|DOS.ê¢+R...p,y....Cú.¸p.N®þh,@"z.äN®ÿ: z.àp."<...@t.N®þz z.Ê"z.Ê|
|$0040|!I.. |..ï.#H..0<.PB~QÈÿü"z.ªp.r.N®ÿ."z.žAú.tp.N®ÿÄ |..î€$HCú..p.|
|$0080| ÙQÈÿüAù.ßð.!J.€Bh.ˆ1|ƒ..–r.NqQÈÿüQÉÿø!n.&.€Bh.ˆa..š,y....Cú.;N®|
|$00C0|ÿ  @ h..p.Nugraphics.library.ÿNO VIRUS ON BOOTBLOCK!  ÿdos.libra|
|$0100|ry.®..î...îP.à...âï...ÿþ.€.ù.‚.ù€.ÿþ.€..Œ.ÿþ....”.ÿþ.... .ÿþ.€.ù|
|$0140|¡.ÿþ.€..ÿÿÿþAúþ²Cù..ð.&<...ÿ.ØQËÿü,y....B.N®ÿ(äˆB.N®ÿ:Cù..ð.Óü..|
|$0180|.ø,y....#îþ:..óà-Iþ:Nu.J.E.R.E.M.Y./.C.O.R.O.N.A.!BY!THE!JACKAL!|
|$01C0|2020....f.nb.ej}jbv.v`z}.i}fjak.a`.yf}z|.`a.m``{mc`ld....€....f.|
|$0200|.P.i....f..F.©.....,f..:a..ÄHç..Iù..ð.*i.(&<...K.ÜQËÿü&<...³B.QË|
|$0240|ÿüLß0.3|....a....©.....,f...a..€.©.....,f...a..p.©..à..,f..dHçÿþ|
|$0280|3é...À.Î#é.$.À.Ð#é.(.À.Ô#é.,.À.Ø,y....3|....a..0J©. f...,y....3||
|$02C0|....a...J©. f..ì.¹......óòe..:Hç..IúþäKúýö&<.....ƒ.....œ.../QËÿø|
|$0300|#ü......óòLß0.a..>Nú.tHç..IúþÄKúý¾&<.....ƒ.....œ.../QËÿø.¹......|
|$0340|óòLß0.a...Nú.<.¹......óòHçÿþAù..ð."HB¨..2<.ÿp.Ð~d...R€QÉÿöF€#À..|
|$0380|ð.Lß.ÿNu,y....3|....#|..ð..(#|.....$#|.....,a..03|....a..&3y.À.Î|
|$03C0|..#y.À.Ð.$#y.À.Ô.(#y.À.Ø.,Lß.ÿNù.ü......................XCOPY!..|
 ----------------------------------------------------------------------
Crashdisk is offline  
Old 30 April 2020, 20:19   #26
Foul
Registered User

Foul's Avatar
 
Join Date: Jun 2009
Location: Perigueux/France
Age: 45
Posts: 1,466
Send a message via ICQ to Foul Send a message via MSN to Foul
downloaded .. and deleted...

thx !
Foul is offline  
Old 30 April 2020, 23:40   #27
Crashdisk
Moderator

Crashdisk's Avatar
 
Join Date: Jun 2009
Location: France
Age: 42
Posts: 1,378
Here's the VHT report on the last trojan discovered :

https://vht-dk.dk/amiga/desc/txt/jackal-drop.htm

Code:
     ..........................  VIRUS HELP TEAM  ........................


     Hi All....                                              30 april 2020

     An new trojan has been found. It was shortly on Aminet, but have been
     removed now, by the admins.
     
     The trojan will install a bootblock virus, where you can read this:
     
     J.E.R.E.M.Y./C.O.R.O.N.A.!BY!THE.JACKAL!2020
     
     Here is some info about the trojan:
     ----------------------------------------------------------------------
     Trojan name... : Jackal dropper
     Trojan file... : vprot10
     Trojan size... : 1884 bytes (packed with CrunchMania)
                    : 2284 bytes (unpacked)
     Trojan archive : vprot.lha
     Archive size.. : 4.322 bytes
     Archive info.. : * Small utility that stays in background and detects
                        any change on resident memory vectors. Very easy to
                        use. Just put VPROTECT in your startup-sequence file
                      * Doesn't work from Workbench.
                      * TIP: if you click both mouse buttons on VPROTECT
                        window it will scan resident memory vectors again. 
                        If nothing happends memory is ok.
                      * Not tested on KS higher than 1.3
                                                               Johan Jyllson
     -----------------------------------------------------------------------

     When I testing the bootblock virus. Under Kickstart 2.0 and 3.1,  after
     I rebootet with the virus  in memory and booted  from the floppydisk, I
     did get  Checksum errors on the  both floppy  disk. If it is the virus,
     I'm not sure, but I tried it twice and got same error.

     At this time there are NO antivirus program  that will find this trojan
     or bootblock virus.
     
     Virus Help Team have been thinking about releasing the file from VirusZ
     III, from our own Amiga's.  We have made recognition for  many utility, 
     demo, and even  some new bootblock viruses  and a lot of other harmfull
     bootblocks  not known to any anti-virus programs.  If we release it you 
     can find it at our website under VirusZ III.
     
     It is not there yet, but keep looking.

     Thanks to CrashDisk for informing us about this trojan.
     

     Regards....
          __      Jan Andersen
     __  ///     ---------------
     \\\///      Virus Help Team
      \XX/        www.vht-dk.dk
Crashdisk is offline  
Old 01 May 2020, 17:20   #28
BarryB
Amigaholic

 
Join Date: Dec 2009
Location: UK
Posts: 3,300
So, we still have asswipes creating viruses

Hope VHT release that file, would be nice to have an updated xvs.library that detects the many 'unknown bootblock' warnings that VirusZ III throws up!
BarryB is online now  
Old 01 May 2020, 19:06   #29
kamelito
Zone Friend
kamelito's Avatar
 
Join Date: May 2006
Location: France
Posts: 1,139
I’d like to disassemble them care to share? Thx
kamelito is offline  
Old 02 May 2020, 16:29   #30
Superman
Registered User

Superman's Avatar
 
Join Date: Sep 2014
Location: Wakefield
Age: 44
Posts: 799
New VirusZ file updated to detect Jackal

https://www.vht-dk.dk/amiga/news.htm...FqH-YA1gMq0nq4
Superman is online now  
Old 02 May 2020, 17:30   #31
Crashdisk
Moderator

Crashdisk's Avatar
 
Join Date: Jun 2009
Location: France
Age: 42
Posts: 1,378
Unfortunately, this is not 100% functional because of VirusZ's signature registration method
Crashdisk is offline  
Old 02 May 2020, 17:32   #32
Havie
Registered User
 
Join Date: Mar 2012
Location: UK
Posts: 605
In some ways it's nice to see that someone thinks the Amiga is important enough to bother making a virus...
Havie is online now  
Old 02 May 2020, 17:35   #33
Crashdisk
Moderator

Crashdisk's Avatar
 
Join Date: Jun 2009
Location: France
Age: 42
Posts: 1,378
He may be on this forum to see comments on his work!
Come on, confess! ^^
Crashdisk is offline  
Old 03 May 2020, 01:01   #34
redblade
Zone Friend

redblade's Avatar
 
Join Date: Mar 2004
Location: Middle Earth
Age: 36
Posts: 1,501
Quote:
Originally Posted by Crashdisk View Post
He may be on this forum to see comments on his work!
Come on, confess! ^^
That's what I was thinking too. They must be on one of the Amiga forums. Is that Jeremy/Corona supposed to be Jeremy/corban

I wonder if they are a native English speaker or they used English so they could shift the blame to another region?? If I did it, I would of had put it in German or French to shift the blame there.

I haven't seen that handle the Jackal before and the last Amiga Virus text I saw was in a russian ezine called x25 or in Phrack magazine. Janeway doesn't bring up much either
redblade is offline  
 


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Similar Threads
Thread Thread Starter Forum Replies Last Post
vasm treat warnings as errors? hop Coders. Asm / Hardware 3 30 April 2019 22:32
Warnings after uploading in The Zone! eLowar project.EAB 12 12 October 2007 23:10
When's the last time you had a virus on your Amiga? Paul_s Nostalgia & memories 21 31 January 2007 11:06
Virus on my Amiga Disks Andrew request.Apps 14 12 December 2004 19:18
Amiga Virus Help madduck Amiga websites reviews 1 11 September 2002 19:15

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +2. The time now is 23:16.


Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2020, vBulletin Solutions Inc.
Page generated in 0.08663 seconds with 16 queries