English Amiga Board


Go Back   English Amiga Board > News

 
 
Thread Tools
Old 14 April 2020, 03:28   #21
Hewitson
Registered User
Hewitson's Avatar
 
Join Date: Feb 2007
Location: Melbourne, Australia
Age: 38
Posts: 3,747
Quote:
Originally Posted by zipper View Post
Keep pressed 10 seconds.
Pretty sure this doesn't work. If you really want to be safe, the machine should be powered off.
Hewitson is offline  
Old 14 April 2020, 19:31   #22
Photon
Moderator

Photon's Avatar
 
Join Date: Nov 2004
Location: Eksjö / Sweden
Posts: 4,954
Stellarx/X by Stellar/etc seems to be not preserved on the major sites, and very hard to find outside those sites. Someone has the Coronafile. OK, good to know, don't spread it.
Photon is offline  
Old 30 April 2020, 14:23   #23
Crashdisk
Moderator

Crashdisk's Avatar
 
Join Date: Jun 2009
Location: France
Age: 43
Posts: 1,482
New alert!
A new trojan has appeared.
If you have downloaded a program called VProtect v1.0 that appeared on Aminet on 2020-04-30, please remove it as it is malicious and undetectable with VirusZ III and VT.
The program is now removed from the site!

Last edited by Crashdisk; 30 April 2020 at 14:29.
Crashdisk is offline  
Old 30 April 2020, 16:21   #24
Hedeon
PPC Hacker

 
Join Date: Mar 2012
Location: Leiden / The Netherlands
Posts: 1,510
Does it install a known bootblock virus? Or a new one? <shudder>
Hedeon is offline  
Old 30 April 2020, 16:26   #25
Crashdisk
Moderator

Crashdisk's Avatar
 
Join Date: Jun 2009
Location: France
Age: 43
Posts: 1,482
The virus is similar to the XCopy bootblock (visually). It's basic but new. ...
Code:
 ----------------------------------------------------------------------
| Bootblock                                                            |
 ----------------------------------------------------------------------
|$0000|DOS.ê¢+R...p,y....Cú.¸p.N®þh,@"z.äN®ÿ: z.àp."<...@t.N®þz z.Ê"z.Ê|
|$0040|!I.. |..ï.#H..0<.PB~QÈÿü"z.ªp.r.N®ÿ."z.žAú.tp.N®ÿÄ |..î€$HCú..p.|
|$0080| ÙQÈÿüAù.ßð.!J.€Bh.ˆ1|ƒ..–r.NqQÈÿüQÉÿø!n.&.€Bh.ˆa..š,y....Cú.;N®|
|$00C0|ÿ  @ h..p.Nugraphics.library.ÿNO VIRUS ON BOOTBLOCK!  ÿdos.libra|
|$0100|ry.®..î...îP.à...âï...ÿþ.€.ù.‚.ù€.ÿþ.€..Œ.ÿþ....”.ÿþ.... .ÿþ.€.ù|
|$0140|¡.ÿþ.€..ÿÿÿþAúþ²Cù..ð.&<...ÿ.ØQËÿü,y....B.N®ÿ(äˆB.N®ÿ:Cù..ð.Óü..|
|$0180|.ø,y....#îþ:..óà-Iþ:Nu.J.E.R.E.M.Y./.C.O.R.O.N.A.!BY!THE!JACKAL!|
|$01C0|2020....f.nb.ej}jbv.v`z}.i}fjak.a`.yf}z|.`a.m``{mc`ld....€....f.|
|$0200|.P.i....f..F.©.....,f..:a..ÄHç..Iù..ð.*i.(&<...K.ÜQËÿü&<...³B.QË|
|$0240|ÿüLß0.3|....a....©.....,f...a..€.©.....,f...a..p.©..à..,f..dHçÿþ|
|$0280|3é...À.Î#é.$.À.Ð#é.(.À.Ô#é.,.À.Ø,y....3|....a..0J©. f...,y....3||
|$02C0|....a...J©. f..ì.¹......óòe..:Hç..IúþäKúýö&<.....ƒ.....œ.../QËÿø|
|$0300|#ü......óòLß0.a..>Nú.tHç..IúþÄKúý¾&<.....ƒ.....œ.../QËÿø.¹......|
|$0340|óòLß0.a...Nú.<.¹......óòHçÿþAù..ð."HB¨..2<.ÿp.Ð~d...R€QÉÿöF€#À..|
|$0380|ð.Lß.ÿNu,y....3|....#|..ð..(#|.....$#|.....,a..03|....a..&3y.À.Î|
|$03C0|..#y.À.Ð.$#y.À.Ô.(#y.À.Ø.,Lß.ÿNù.ü......................XCOPY!..|
 ----------------------------------------------------------------------
Crashdisk is offline  
Old 30 April 2020, 20:19   #26
Foul
Registered User

Foul's Avatar
 
Join Date: Jun 2009
Location: Perigueux/France
Age: 46
Posts: 1,509
Send a message via ICQ to Foul Send a message via MSN to Foul
downloaded .. and deleted...

thx !
Foul is offline  
Old 30 April 2020, 23:40   #27
Crashdisk
Moderator

Crashdisk's Avatar
 
Join Date: Jun 2009
Location: France
Age: 43
Posts: 1,482
Here's the VHT report on the last trojan discovered :

https://vht-dk.dk/amiga/desc/txt/jackal-drop.htm

Code:
     ..........................  VIRUS HELP TEAM  ........................


     Hi All....                                              30 april 2020

     An new trojan has been found. It was shortly on Aminet, but have been
     removed now, by the admins.
     
     The trojan will install a bootblock virus, where you can read this:
     
     J.E.R.E.M.Y./C.O.R.O.N.A.!BY!THE.JACKAL!2020
     
     Here is some info about the trojan:
     ----------------------------------------------------------------------
     Trojan name... : Jackal dropper
     Trojan file... : vprot10
     Trojan size... : 1884 bytes (packed with CrunchMania)
                    : 2284 bytes (unpacked)
     Trojan archive : vprot.lha
     Archive size.. : 4.322 bytes
     Archive info.. : * Small utility that stays in background and detects
                        any change on resident memory vectors. Very easy to
                        use. Just put VPROTECT in your startup-sequence file
                      * Doesn't work from Workbench.
                      * TIP: if you click both mouse buttons on VPROTECT
                        window it will scan resident memory vectors again. 
                        If nothing happends memory is ok.
                      * Not tested on KS higher than 1.3
                                                               Johan Jyllson
     -----------------------------------------------------------------------

     When I testing the bootblock virus. Under Kickstart 2.0 and 3.1,  after
     I rebootet with the virus  in memory and booted  from the floppydisk, I
     did get  Checksum errors on the  both floppy  disk. If it is the virus,
     I'm not sure, but I tried it twice and got same error.

     At this time there are NO antivirus program  that will find this trojan
     or bootblock virus.
     
     Virus Help Team have been thinking about releasing the file from VirusZ
     III, from our own Amiga's.  We have made recognition for  many utility, 
     demo, and even  some new bootblock viruses  and a lot of other harmfull
     bootblocks  not known to any anti-virus programs.  If we release it you 
     can find it at our website under VirusZ III.
     
     It is not there yet, but keep looking.

     Thanks to CrashDisk for informing us about this trojan.
     

     Regards....
          __      Jan Andersen
     __  ///     ---------------
     \\\///      Virus Help Team
      \XX/        www.vht-dk.dk
Crashdisk is offline  
Old 01 May 2020, 17:20   #28
BarryB
Amigaholic

 
Join Date: Dec 2009
Location: UK
Posts: 3,599
So, we still have asswipes creating viruses

Hope VHT release that file, would be nice to have an updated xvs.library that detects the many 'unknown bootblock' warnings that VirusZ III throws up!
BarryB is offline  
Old 01 May 2020, 19:06   #29
kamelito
Zone Friend

kamelito's Avatar
 
Join Date: May 2006
Location: France
Posts: 1,383
I’d like to disassemble them care to share? Thx
kamelito is offline  
Old 02 May 2020, 16:29   #30
Superman
Registered User

Superman's Avatar
 
Join Date: Sep 2014
Location: Wakefield
Age: 46
Posts: 971
New VirusZ file updated to detect Jackal

https://www.vht-dk.dk/amiga/news.htm...FqH-YA1gMq0nq4
Superman is offline  
Old 02 May 2020, 17:30   #31
Crashdisk
Moderator

Crashdisk's Avatar
 
Join Date: Jun 2009
Location: France
Age: 43
Posts: 1,482
Unfortunately, this is not 100% functional because of VirusZ's signature registration method
Crashdisk is offline  
Old 02 May 2020, 17:32   #32
Havie
Registered User
Havie's Avatar
 
Join Date: Mar 2012
Location: UK
Posts: 1,146
In some ways it's nice to see that someone thinks the Amiga is important enough to bother making a virus...
Havie is offline  
Old 02 May 2020, 17:35   #33
Crashdisk
Moderator

Crashdisk's Avatar
 
Join Date: Jun 2009
Location: France
Age: 43
Posts: 1,482
He may be on this forum to see comments on his work!
Come on, confess! ^^
Crashdisk is offline  
Old 03 May 2020, 01:01   #34
redblade
Zone Friend

redblade's Avatar
 
Join Date: Mar 2004
Location: Middle Earth
Age: 37
Posts: 1,741
Quote:
Originally Posted by Crashdisk View Post
He may be on this forum to see comments on his work!
Come on, confess! ^^
That's what I was thinking too. They must be on one of the Amiga forums. Is that Jeremy/Corona supposed to be Jeremy/corban

I wonder if they are a native English speaker or they used English so they could shift the blame to another region?? If I did it, I would of had put it in German or French to shift the blame there.

I haven't seen that handle the Jackal before and the last Amiga Virus text I saw was in a russian ezine called x25 or in Phrack magazine. Janeway doesn't bring up much either
redblade is offline  
Old 12 September 2020, 00:35   #35
ma693541
Computer Wizard

ma693541's Avatar
 
Join Date: Aug 2007
Location: Ramberg/Norway
Posts: 870
VirusZ_III.Bootblocks
Dated 09.08.2020. Read more about it in the above link.
ma693541 is offline  
Old 14 September 2020, 03:07   #36
Storm
SYS64738

Storm's Avatar
 
Join Date: Oct 2014
Location: Australia
Age: 47
Posts: 79
Just updated and performing a full scan. Damn these things!
Storm is offline  
Old 14 September 2020, 06:48   #37
Bruce Abbott
Registered User

Bruce Abbott's Avatar
 
Join Date: Mar 2018
Location: Hastings, New Zealand
Posts: 664
Quote:
Originally Posted by kamelito View Post
I’d like to disassemble them care to share? Thx
I’d like to disassemble the person who made them.
Bruce Abbott is offline  
Old 14 September 2020, 09:50   #38
AMIGASYSTEM
Registered User
AMIGASYSTEM's Avatar
 
Join Date: Aug 2014
Location: Brindisi (Italy)
Posts: 6,585
Quote:
Originally Posted by ma693541 View Post
VirusZ_III.Bootblocks
Dated 09.08.2020. Read more about it in the above link.
Does this update also include a cure for these new viruses ?

https://www.vht-dk.dk/amiga/news.htm...FqH-YA1gMq0nq4
AMIGASYSTEM is online now  
Old 14 September 2020, 18:55   #39
Jan-VHT
Registered User

Jan-VHT's Avatar
 
Join Date: Jun 2020
Location: Copenhagen, Denmark
Posts: 9
Quote:
Originally Posted by AMIGASYSTEM View Post
Does this update also include a cure for these new viruses ?

https://www.vht-dk.dk/amiga/news.htm...FqH-YA1gMq0nq4
With the use of VirusZ III v1.02, it will find new bootblock viruses that is not known to VirusZ III using xvs.library v33.42.

https://www.vht-dk.dk/amiga/vz/vhtvzboot.htm
Jan-VHT is offline  
Old 20 September 2020, 11:15   #40
Jan-VHT
Registered User

Jan-VHT's Avatar
 
Join Date: Jun 2020
Location: Copenhagen, Denmark
Posts: 9
New VirusZ_III.bootblocks released today. (20 september 2020).
19 virus bootblock added
238 harmless bootblocks added

https://www.vht-dk.dk/amiga/vz/vhtvzboot.htm
Jan-VHT is offline  
 


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Similar Threads
Thread Thread Starter Forum Replies Last Post
vasm treat warnings as errors? hop Coders. Asm / Hardware 3 30 April 2019 22:32
Warnings after uploading in The Zone! eLowar project.EAB 12 12 October 2007 23:10
When's the last time you had a virus on your Amiga? Paul_s Nostalgia & memories 21 31 January 2007 11:06
Virus on my Amiga Disks Andrew request.Apps 14 12 December 2004 19:18
Amiga Virus Help madduck Amiga websites reviews 1 11 September 2002 19:15

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +2. The time now is 11:42.


Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2021, vBulletin Solutions Inc.
Page generated in 0.11318 seconds with 16 queries