"Lisbon" Virus

 


             *********************************************

             ***   Reports collected and collated by   ***

             ***            PC-Virus Index             ***

             ***      with full acknowledgements       ***

             ***            to the authors             ***

             *********************************************


 

 

===== Computer Virus Catalog 1.2: "Lisbon Virus" (5-June-1989) ======


Entry...............: "Lisbon" Virus

Alias(es)...........: ---

Virus strain........: Vienna Virus strain

Virus detected when.: ---

              where.: ---

Classification......: Program virus (extending), direct action

Length of virus.....: 648 bytes


--------------------- Preconditions ----------------------------------


Operating system(s).: MS-DOS

Version/release.....: 2.0 and higher

Computer model(s)...: All MS-DOS machines


--------------------- Attributes -------------------------------------


Easy identification.: Last five bytes of file = "@AIDS" (Ascii)


Type of infection...: Self-Identification: The time stamp of an

                           infected file is changed: the seconds are

                           set to 62 (= 2 * 1Fh).

                           When infected file is executed, .COM-files

                           in the current directory as well as in the

                           directories in the DOS-PATH are extended by

                           appending the viral code; no infection if

                           the file size<10 or file size>64000 bytes.


Infection trigger...: A selected .COM-file is infected by "random" IF

                           (system seconds AND 58h) <> 0 ELSE damaged!


Storage media affected: Current media and media accessed via DOS-PATH.


Interrupts hooked...: --


Damage..............: A selected .COM-file is damaged permanently:

                           Overwriting the first five bytes by "@AIDS"


Damage trigger......: IF (system seconds AND 58h) = 0, ELSE infection!


Particularities.....: The virus ignores READ-ONLY and HIDDEN

                      attributes.


Similarities........: Dissimilarities to Vienna:

                           Different trigger byte (7);

                           the five damage bytes are changed.


--------------------- Agents -----------------------------------------


Countermeasures.....: Category 3: ANTI!LIS.EXE (d:) (/f)


Countermeasures successful: My Antivirus ANTI!LIS.EXE looks for

                           infected files on a given drive (d:) and

                           optionally removes the virus (if /f given).


Standard means......: ---


--------------------- Acknowledgement -------------------------------


Location............: Virus Test Center, University Hamburg, FRG

Classification by...: Daniel Loeffler

Documentation by....: Daniel Loeffler

Date................: June 5, 1990

Information Source..: ---



===================== End of "Lisbon"-Virus =========================

 


  ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

  ++++++++++++++++++++++++++ end of reports ++++++++++++++++++++++++

  ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++



Comments

Post a Comment

Popular posts from this blog

WHAT THE WATCH TOWER BIBLE AND TRACT SOCIETY OF PENNSYLVANIA HAD TO SAY ABOUT WHAT WERE SUPPOSED TO HAVE HAPPENED in 1874

  AWAKEN                                                     Issue #33   1874 - WHAT THE WATCH TOWER BIBLE AND TRACT SOCIETY OF PENNSYLVANIA        HAD TO SAY ABOUT WHAT WERE SUPPOSED TO HAVE HAPPENED THEN.   This issue will comprise mainly of quotes from Watch Tower publications. Present day Jehovah's Witnesses are unlikely to be aware of any of this material. Why ? The Watch Tower had changed it's theology and does not bother to let it's followers know facts about the past especially since the present theology is totally contradictory to what was promoted in the past. Both sets of incompatible conjectures were promoted as being found  and proven in Scriptures. Prior to 1943 if a follower of the Watch Tower questioned any of the Watch Tower's teaching about 1874, that person risked getting kicked out of the group ...
Read more

Uninterruptable Power Source (UPS) FAQ

Article 61549 of news.answers: Xref: freenet.carleton.ca comp.misc:25723 comp.sys.hp.hardware:5708 comp.sys.sun.hardware:24796 comp.sys.sgi.hardware:9261 comp.sys.next.hardware:16000 comp.sys.dec:27561 comp.unix.admin:28511 comp.answers:8765 news.answers:33422 Path: freenet.carleton.ca!cunews!nott!bcarh189.bnr.ca!bcarh8ac.bnr.ca!bnr.co.uk!pipex!howland.reston.ans.net!news.cac.psu.edu!news.pop.psu.edu!hudson.lm.com!netline-fddi.jpl.nasa.gov!phoebe.jpl.nasa.gov!root From: ups@navigator.jpl.nasa.gov Newsgroups: comp.misc,comp.sys.hp.hardware,comp.sys.sun.hardware,comp.sys.sgi.hardware,comp.sys.next.hardware,comp.sys.ibm.hardware,comp.sys.dec,comp.unix.admin,comp.answers,news.answers Subject: Uninterruptible Power Source FAQ Followup-To: comp.misc Date: 10 Dec 1994 13:09:38 GMT Organization: Jet Propulsion Laboratory, Pasadena, CA Lines: 1346 Approved: news-answers-request@MIT.Edu Distribution: world Message-ID: <3cc9ai$fus@phoebe.jpl.nasa.gov> Reply-To: npc@minotaur.j...
Read more

Blade Runner FAQ

Archive-Name: movies/bladerunner-faq Version: 1.4 (May 1993) -------------------------------------------------------------------------------                                  BLADE RUNNER                            Frequently Asked Questions                        Copyright (C) 1993 Murray Chapman ------------------------------------------------------------------------------- Compiled by Murray Chapman (muzzle@cs.uq.oz.au), from sources too numerous to mention.  Thank-you one and all.                                INTRODUCTION                                ------------ The movie "Blade Runner"...
Read more