Contents | < Browse | Browse >
==========================================================================
                             SAFE HEX WARNING
  Safe Hex International                                     hlau@dou.dk
==========================================================================

                                                                  18-03-95
                            SAFE HEX WARNING 
 
 
The  DMS  archive named  "Network90.DMS" is an AGA demo, which contains the
Commander link virus in the file C/Fileloader.
 
 
ABOUT THE COMMANDER VIRUS
-------------------------
Here you have some info about the Commander virus from the Program Virus 
Info Base 1.33 made by SHI:
 
 
  If you`re starting an Commander infected file the virus first searches
  for the task "DH0".  If this task is in memory the virus tries to infect
  the file "DH0:C/LoadWB".  After that the virus patches the following
  vectors from the dos.library:
 
                    - Open()
                    - Rename()
                    - Lock()
                    - Examine()
                    - ExNext()
                    - LoadSeg()
                    - SetComment()
                    - SetProtection()
 
  These vectors are all used to infect other files.  As one result the
  Amiga gets little slower by disk access.
 
  The virus just infects files which doesn`t have the letter "V" or "v" as
  the first in the filename.  And it only gets active if the actual drive
  isn`t write protected and only if there are at last 10 free blocks on it.

  For infection the virus searches for Offsetjumps or BSR.l [JSR -XXX(a6)
  or BSR.L XXX].  These jumps will be manipulated so that they first will
  activate the virus.
 
  The  virus itself is crypted by useing dff00X. In memory you can read:
 
                    "reqtools.library reqtools 38.888"
 
  But there is another crypted message in the virus which says after
  decrypting:
 
                    "-<( COMMANDER )>- by Bra!N BlaSTer in 1994."
 
  All in all a very primitive virus.  I can`t find any special routine
  which is very good coded.  But this virus is tricky. 
 
  This virus description is made by Alex Dimitriadis

     CHECK OUT THAT YOU DON'T SPREAD OR RUN THIS NASTY ONE.
 
                                                         Kind Regards 
 
                                                       Erik Loevendahl 
                                                    SAFE HEX INTERNATIONAL