-----BEGIN PGP SIGNED MESSAGE----- ........................... VIRUS HELP DENMARK ....................... -------------------- 10 June 2001 Hi All.... What we think is the installer of the new linkvirus 'Bobek2' has been found. It was on Aminet but has been removed now. But there just might be a few more installers our there, so take care.... Okay, here is what we know so far: Archive name : Footro.lha Archive size : 2.924 bytes Archive info : Borntro from new A500 team Footro is looking for skilled A500 coders. Installer name: 4k Installer size: 2.784 bytes (packed with stonecracker 4.04) Installer size: 3.316 bytes (unpacked) Virus name : Bobek2 linkvirus Virus size : About 1036 bytes (uses polimorphic engine) In the unpacked file of '4k', you can read: >------------------------------ CUT TEXT ------------------------------ xxxxxxxxxxx proudly presents BOBEK2 - The first binary virus for Amiga! Credits - main coding by xxxxxxxx, polyengine by xxxxxx, installer-tool and timer.device coding by xxxxxx! We are the best! Powered by Asm-One! Enjoy! That is only preview of our metamorphic engine! >------------------------------ CUT TEXT ------------------------------ (VHT-DK has removed part of the names, and replaced them with 'xxxx' we will not promote names of virus programmers, they should make use of there programming skills and make some usefull programs) We did have some trouble with the file, we could not get it to run, so we rigged up the old Amiga500, and we got the virus to spread to other files. Right now that is no cure for the 'Bobek2' virus, but Jan Erik Olausen is working for a way to make an recog for the 'Bobek2' linkvirus. I'll get back to you as soon as we have some news. Thanks to 'Jan Erik Olausen' the programmer of VirusExecutor for the about this archive. Regards.... __ Jan Andersen E-Mail..: vht-dk@post4.tele.dk __ /// ------------ FidoNet.: 2:237/38.100 \\\/// Virus Help Denmark AmyNet..: 39:140/127.100 \XX/ www.vht-dk.dk VirNet..: 9:451/247.0 ... Did you know, that the newest version of VirusExecutor is v2.18 - ------------------------------------------------------- Archive has been checked and a .sig file has been added so you can verify there was no tampering with the file after placed on the server. MD5SUMS and Readme PGP signed by: Charlene e-mail: ml-clm@mailandnews.com md5sum: ftp.vapor.com/pub/3rdparty/ [Start md5sum checksum file]----------------------- af8781a388cbbc0574db8eca9d8a81af *file_id.diz 049c4afd282487dd231eb366638aa72d *VHT-DK.txt 33a1ad8fde4b75df6f3fd0688a9d3ad7 *VHT-DK101.TXT [End md5sum checksum file]----------------------- -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv Comment: Signed by Charlene, using PGPAmiga iQCVAwUBOyRNCvrh//oWbqdVAQEYUwP/UAre8SYamlqGDrEIY1yO7srQxPdZeE7K AWOjUrI6djuZOkDOItu/4UVibc5ubFVmfNkJC5X642cJlR88Ku6SDppcVVrE96Ue SdMrauBAw0FbhAhEuxsaFJ1JEB1zueqQ87UXQpe8hdJ2guII6A3TeQs3rMNt1ZUd 7usZYx8xpv4= =xCOI -----END PGP SIGNATURE-----