amiga-news.de - Virus Help Denmark: virus warning!

18.Aug.2001
Jan Andersen (email) Virus Help Denmark: virus warning!
We have found another the installer of the new 'Hitch-Hiker 5.00' linkvirus.

Again there is "NO" cure for this virus right now. You can find infected files, you will have to replace the infected files with new clean files. The 'Hitch-Hiker v5.00' virus will add 3732 bytes to every infected file, and place it self in memory, so you will have to watch out for that as well. This virus will infect anything that it can get into. Again I ran a test on my A1200 and it infected will over 400 files, in under 3 minutes.

There is a way to see if the archive you download is an installer of this virus, all you have to do is to unpack the archive, read the file in an texteditor (eg. CygnusEd), and search for this text string in the code (THIS IS ONLY FOR THE INSTALLER):

-=COVAH=-

If you find -=COVAH=- in the code, that is an installer of this virus then please send the archive to us.

The virus size has change this time, now it is 3720 bytes. That tells us that the virus uses polymorph routine, that means that the virus can change in size.

This virus comes from Poland again, just like the other viruses that we have found in the last 6 month. But why don't you guy's program something usefull, that everyone can enjoy?

In the code (decoded), you can read:

Hitch-Hiker Millenium (5.00)
Featuring the 1's Advanced V8sA Op'miz Code
A welcom user of VRU!
-= 1995-2 =-
-= HAVOC =-

The archive was uploaded to AmiNet, but it has been removed now. (Thanks Urban).

This is what we know of the virus:

Virus Type.... : Linkvirus
Virus name.... : Hitch-Hiker 5.00 (Millenium)
Virus size.... : 3720 bytes
Archive name.. : LibBase310.lha
Archive size.. : 47.711 bytes (lha packed)
Installer name : LibBase3.10
Installer size : 42.304 bytes
Archive info.. : Scans Memory for Libs/Tasks etc

There might just be more installers of the 'Hitch-Hiker 5.00' virus out there, today we found 2 archives. If you find anything please send it to us.

The 'xvs.library' (external Virus Scanner library) will be updated as soon as possible. In the mean time, take care...

Thanks to Petra Struck & Alfred, for sending the archive to us.

Editorial:
As the system of Alfred Sturm, who's responsible for the Aminet uploads here at amiga-news.de, has been infected yesterday with this aggressive virus through installing LibBase310.lha and trying it there'll be no updates of the Aminet uploads in the near future.

The virus has unfortunately not only infected his main partition but also the partition with his backup. Some infected files are even not deleteable. He's now forced to install his system from scratch. This may take a while as laboriously self written scripts have passed away and everything has to be collected together again. (ps) (Translation: wk)

[News message: 18. Aug. 2001, 11:50] [Comments: 0]
[Send via e-mail] [Print version] [ASCII version]

< Next message

Prior message >