Lamer Exterminator
Lamer Exterminator is a computer virus which has been developed for the Commodore Amiga. The virus was first discovered in Germany in 1989. It is a boot virus.
Symptoms
- Overrides the original boot block of another in the floppy drive inserted, not write- protected floppy disk with the virus code
- The virus writes itself encrypted on the boot block of the host disk
- If reset by the RAM consist
- Changes certain Betriebssystemeinsprünge, which otherwise show on the Amiga Kickstart ROM on yourself
- Destroy randomly blocks the host disk, where it symbolizes the block with the string ' LAMER! ' ( with some versions, ' Lamer !') overrides
Details
The encryption and decryption routine of a variant of the virus:
, Motorola 680x0 assembly language decode_virus: lea cryptstart (pc), a0; Begin of crypted area lea cryptend (PC ), a2; Endaddress of crypted area move.b (a2), d0; Decode byte for XOR . loop: eor.b d0, (a0) ; Decode virus code with a simple XOR cmpa.l A0, A2; Until StartAddress not reached endaddress ... bne.s loop. ; loop ... Decrypts can use the following in the boot block Recognize Text (HEX Editor -neck ):
0360h: 24 D8 51 C8 FF FC 4E 75 74 72 61 63 6B 64 69 73; $ ØQÈÿüNutrackdis 0370h: 6B 2E 64 65 76 69 63 65 00 00 54 68 65 20 4C 41; k.device .. The LA 0380h: 4D 45 52 20 45 78 74 65 72 6D 69 6E 61 74 6F 72; MER Exterminator 0390H: 20 21 21 21 00 0D AB CD 00 FC 0A 78 00 FE 9C 3E; ! .. " Í.ü.x.þœ > variants
There are a total of 10 known variants. However, these are almost identical and operate in principle the same.