Virus on disk?

[mai]

Can somebody tell me, if the message in the attached screenshot is a clearly sign for a virus?
Unfortunately i have no other proggy to check it closer.
Is there a recommended tool and where to get?
Maybe such a tool is istalled with Amikit, but i am not able to find this.
Tell me please.

[hit]

never used this, but here you can read about it: http://www.psi5.com/~silva/afilter/#afilter

this plugin invokes a virusscanner, i guess AmiKit is installed this way.
back in the days i always used: http://aminet.net/package/util/virus/VT_Binary

[mai]

Is this a real virus?

[OddbOd]

Yes this disk is definitely infected with Liberator 5.01, all of the pv#? files in C: are copies of the virus and the startup-seuence has been changed.

Confirmed using Virus Checker II and by disassembling c/pvl.

[mai]

Thank you for the info,----bad info?
Is there any danger for Amikit startup, or is this a floppydisk virus only?

[hit]

from the description site above, it replace "copy" with "delete" on your harddrive. scan the whole disk. let the virusscanner remove the infected files. and look at s:shell-startup and remove the lines, as described in the virus-description:

Quote:

;liberatorV - controlling me!
alias copy delete
alias delete "echo *"No file to delete, cant find*""

have a look at: http://aminet.net/package/util/virus/VT_DocFiles
VTTest3/Schutz/VT.Dokumente/VT.kennt_L-Z - describes what has to change back, after the machine got infected (s:startup-sequence and s:shell-startup).

[OddbOd]

Quote:

Originally Posted by mai

Thank you for the info,----bad info?
Is there any danger for Amikit startup, or is this a floppydisk virus only?

If the virus has been run while your Amikit volume was mounted then, yes, it could have been infected, assume it is and follow the instructions in the VT documentation from a cold boot. All of the files that get overwritten or modified can easily be replaced with clean copies once you are sure your system is disinfected.

[mai]

I use "VirusZ III 1.02" and this tool dont recognize any virus in Amikit.
My system can only be infected, if i execute the virus, while Amikit is running, right?

[hit]

thats correct. you have to start it, or the file has to be started during boot, from within startup-sequence (for example).
open s:shell-startup with a texteditor and look for these lines:

Quote:

;liberatorV - controlling me!
alias copy delete
alias delete "echo *"No file to delete, cant find*""

if you can't find them, then you are not infected. but it cant be wrong, to use a second virusscanner.

[mai]

Quote:

Originally Posted by hit

thats correct. you have to start it, or the file has to be started during boot, from within startup-sequence (for example).
open s:shell-startup with a texteditor and look for these lines:

if you can't find them, then you are not infected. but it cant be wrong, to use a second virusscanner.

Ah, thank you very much for the efforts, hit.
My system seems to be clean, i have never executed the virus.

[hit]

you're welcome

[mai]

Antivirus software detects another virus, but i am not sure, if this is a real one.
I am not able to find any documetation about this virus.
This time its "SystemZ 6.5" bootblockvirus.
...adding screenshot, please tell me.

[OddbOd]

Yes it's genuinely infected with both SystemZ and Saddam.

[mai]

Quote:

Originally Posted by OddbOd

Yes it's genuinely infected with both SystemZ and Saddam.

Thank you for the information, OddbOd.
It was a little bit confusing, because in the bootblock i can read
something like "Boot Protector".

[mai]

It sounds very dangerouse!
I have seen the alert for this virus the first time, seems to be a rare one.
Maybe its not a real virus, something known about this virus?

screen:

[Retro-Nerd]

http://www.vht-dk.dk/vhtdk/amiga/des...ax-suicide.htm

[mai]

Quote:

Originally Posted by Retro-Nerd

http://www.vht-dk.dk/vhtdk/amiga/des...ax-suicide.htm

Thanks for the link, so its not very dangerouse.

[mai]

Maybe another rare one, but seems to be very dangerouse.
My AV program detects the TimeBomb v0.9 virus.
If you load the disk write enabled, the disk will be formated and you get this message:

Quote:

Hey Looser ! I hate you !

a real bad one.

[sun68]

What? The Time Bomb is not dangerous!

I have found LSD LinkVirus`s in one or more Files.

Is High Infected. The Virus is equal with Happy New Year Virus.

The HD at once (sofort) and fast with Virus Infected all EXE-Files on HD.

Mfg
sun68

P. S. Is on Deluxe Pacman (Version is Crap). Find Now!