Links| Forums| Comments| Report news
Chat| Polls| Newsticker| Archive

[Login] [Register] [Forgot your password??]

< Next messagePrior message >
Jan Andersen (E-Mail)

Virus Help Denmark: Installer of SMEG 2 Virus found
The installer of the new 'SMEG 2' linkvirus was found. It was found in the faked keyfiles of MiamiDLX but it is possibly included in other files. Now read the details:

»We have now found the installer of the new 'SMEG 2' linkvirus. If the info text from the archive is correct, the 'SMEG 2' virus has been around since February 2001.

The archive has only been on Elite BBS'es or Elite websites.

Jan Erik Olausen the programmer of VirusExecutor & xvs.library, has made a recog for the virus, but is having problems with removing the virus from memory. As soon as Jan has solved this virus, a new update of xvs.library will be released.

There is "NO" cure for this virus right now. But with the help of the program 'Safe v16.2', you can find infected files, but not remove the virus, you will have to replace the infected files with new clean files. This virus will infect everything that is executed. And on my test A1200 over 200 files, was infected in under 5 minutes.

The programmer of 'Safe' (Zbigniew Trzcionkowski) has written this about the new 'SMEG 2' virus:

Released probably by mistake. Non crypted version of the next one. Code is almost equal to old SMEG, but this time author invented NEW WAY of patching PRIVATE routine of device task. This routine handles receiving of dos packets.
Virus patch is stealing packets and sending them to the supervisor task called 'SMG'. I have never seen such advanced digging code that works properly. This means also that no visible changes are seen in the system beside one new task.
I have noticed that freezing of SMG task stops spreading of the virus, so at the moment Safe does only that. I will add removal of the 'magic' patches if I found it necessary.
File repair was as easy as Penetrator files - one move.l 4.w,a6 was replaced with jump to virus.

Hidden text (decoder was included, but not used by virus code):

Smeg! it's a Hostile TakeOver! (Again!)
And just when you thought it was safe..
Flake and Georg have left the building!
-= On Tour 1995-2001 =-

This is what we know of the virus:

Virus Type.... : Linkvirus
Virus name.... : SMEG 2a & SMEG 2b
Virus size.... : SMEG 2a: 1556 bytes & SMEG 2b: 1604 bytes
Archive name.. : MIAMIDLX.LZX
Archive size.. : 3.427 bytes (lzx packed)

There might just be more installers of the 'SMEG 2' virus out there, so do not install these fake-keys.

Thank to the person that send the archive to Jan Erik Olausen, and to Zbigniew Trzcionkowski for the first test of this virus.« (ps) (Translation: dr)

[News message: 01. Aug. 2001, 14:22] [Comments: 0]
[Send via e-mail]  [Print version]  [ASCII version]
< Next messagePrior message >

Masthead | Privacy policy | Netiquette | Advertising | Contact
Copyright © 1998-2021 by - all rights reserved.