20 October 2009, 16:45 | #1 |
Zone Friend
|
False virus alerts...?
Hi there renamers,
if one has his own tool to check things, he prefers to not believe in already renamed ones - same with me. I tried to scan a handful of images with THREE different Amiga tools and could not find a SADDAM virus. Neither did I with my own tool. Lo' and behold: the only tool that did alert a SADDAM infection was T. W.'s ADFscan running on Win32. I'm beginning to believe that these are false alarms, since not even VT-Schutz, VirusX, VirusZ (et al) seem able to detect a SADDAM in there. Could anyone please recheck the following images whether they really contain a SADDAM or not? Star Wars - The Empire Strikes Back (1988)(Domark)[cr QTX][v Saddam 1] 189FB896 Ancient Battles (1990)(CCS)[cr CLS - RZR][v Saddam 1] FF48FE04 Ancient Battles (1990)(CCS)[cr CLS - RZR][v Saddam 1][a] 252A2F17 Ancient Battles (1990)(CCS)[cr CLS - RZR][v Saddam 1][a2] 38173314 Ancient Battles (1990)(CCS)[cr CLS - RZR][v Saddam 1][a3] FC501FFB Monster Business (1992)(Eclipse)[cr VF][v Saddam 1] 68B319FF Monster Business (1992)(Eclipse)[cr VF][v Saddam 1][a] 9A8A05EA Last edited by andreas; 13 November 2009 at 20:41. |
20 October 2009, 16:52 | #2 |
The 1 who ribbits
|
did`t saddam hide its self Disk-Validator ?? so if thats not on the disk then saddam cant be there, been a long time can you confirm this ???
|
20 October 2009, 17:49 | #3 |
Zone Friend
|
Not 100%, since there are too many variants. But both VirusX and VirusZ ought to know all variants by now. That aside...yes: the most known type uses a bogus disk validator and modifies data blocks by replacing the data longword $00000008 (on the block header) by "IRAK" *AND* encoding the rest of it using a certain algorithm.
Last edited by andreas; 20 October 2009 at 19:28. |
08 November 2009, 20:24 | #4 |
Registered User
Join Date: Feb 2008
Location: Federativnaya Respublika Germaniya
Posts: 4,994
|
I have just checked:
Star Wars - The Empire Strikes Back (1988)(Domark)[cr QTX][v Saddam 1] 189FB896 on my real A1200 with three different Antivirus tools. (VT-Schutz, VirusZ III, Virusexecutor) None of these programs was able to detect any virus. |
08 November 2009, 21:16 | #5 |
Registered User
Join Date: May 2007
Location: Alicante/Spain
Posts: 192
|
Saddam Virus is hidden in Disk-Validator. If the disks aren't this file, the Saddam are dead, but perhaps some of the effects of the virus are in these disks.
One form of test if the virus infect some disk is insert the souspicious disk in diskdrive, and then insert a normal workbench disk WITHOUT Disk-validator, wait a bit and then, if the file appear in the disk, you have a Saddam. |
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
Thread Tools | |
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
virus (or false positive) on CARE site! | BuckoA51 | project.CARE | 7 | 20 September 2011 23:08 |
ASM: false int vector ($60) | Asman | Coders. General | 2 | 13 September 2010 09:22 |
False weblinks for CyberRace | Another World | HOL data problems | 0 | 22 August 2008 19:49 |
False entry ? | Another World | HOL data problems | 1 | 21 August 2008 22:12 |
|
|