Quote:
Originally Posted by malko
@crashdisk: any signature which detect them to provide to us by any chance ?
|
I will soon release a new ADF-Workshop beta that will be able to detect all the viruses mentioned.
For my latest discovery, they all come from the same batch:
File selected : Udo v1.0 - vermeer_german_quartex.adf
Code:
----------------------------------------------------------------------
| Bootblock |
----------------------------------------------------------------------
|$0000|DOS...î™...pHçÿþa..Ö` TYRANNOVIRUS REX! 000000000029 q.Y‚Y~.„¦¦|
|$0040|+l.>‰f.·¦‚cDYøã>?jà.§D;pà.Yê;v8.{là¿<t.Ц..ÐYX.ª8..¡&.9bs.YPz.ZT|
|$0080|YVz.Y8YR.ЧFs.YV.“Yr.„Yf.ЦÞ.þ>ty>y.Yh)~..)...=.*P5.;.8. ~-.8.2.|
|$00C0|0.2P=./.:.Yså~Y~]~YJ..X .„¦ž.Ч’y>.–¦š...„Zd..u.Y~Yzy.YDs68v.“Xh|
|$0100|y.Zn.„§„yBY~Y.y¤.¶¦‚...„¦®t6YP.ÿ..Y\)h‹&.¶¦‚.?d?Y,8Þ.„[¦.ô.„[°.ì|
|$0140|.„Y..„[¾yЧDt4§D.„[Ð}ÐYê.„[.t5YêyD¦.+|.ЦD.„[Øyþ.„Z~yv_þY~Y0.„[æ|
|$0180|r>Y@r6YDr>YHB.Y.YvB.¦ÿYw.„[..„[H.„¦8.Ч~...¡&.vD[(...™¦€.×YR?’yW|
|$01C0|YZéĦt>vUþY~[~?¤IWYcU~Y|>xU~Y}?´vWYZFWYcvWYVJ.YpYcs.[l.ë.×Y^?~Y¤|
|$0200|J.Y|Ycz.[tYVz.§¾YZz.Yx¹~YR.ë}.XŠUìY~Y|?.UÔY~Y.X‚?8.).Ĥ´~.¤°Yv.„|
|$0240|§*)[Ž‚Y~YrO¤.¶¦‚y)8~XN8.?r.„§diÂ9b8~Yòz!YVJ!Ycz!YZ.¡&....×YR.ë..|
|$0280|Xì{mëĤ.?0.„X"Ž‚Y~Z–+kAeád?t.·¦†8V?`9l8\?PJ.Y}Ycz.§fYR.ë.„¤ÂiÂ..|
|$02C0|8Pz.§xYR9lJ.YqYc.ë.×Y^...×YRz!YVJ!Ycz!YZ.¡&.9~§¾'u.„¤KUVYGYu?rH.|
|$0300|YNYu.ö.±¦..VYu.„Y.gn¸1GGY¡©yiù8~¤žy.Y.ˆ‚Y~YH8~YÀ80.×YRJ.Y}Yc.ë.„|
|$0340|YºU.Yv<Hy.Y¶wBY~Y+y‚.1.7i‚._.±¦Š.ùGGY¡©y—‚Yy—‚[~z9YRz.Y~[~YZ.ë..|
|$0380|y.Yî}6.ÖYz{BY~Y..þ‰æ=|.þ.·¦†.þ|>Yz..u.Y~Yz.Ð[X.ÐYT.„¤Jt6YP.„¤†t6|
|$03C0|§D.„Yjt6Yêy.Y<yÄYD..8°9‚.™¦€8¸.¡&.vDYb..AúüL0:.."<...رXQÉÿüNuY~|
----------------------------------------------------------------------
PS:it changes shape with each duplication but the header remains the same