Hochofen Virus (31-July-1993)
Entry...............: Hochofen Virus
Alias(es)...........: Trabbi Virus
Virus Strain........: ---
Virus detected when.: January 1992
              where.: 
Classification......: Link Virus (Extending), Direct Action
Length of Virus.....: Length on storage medium: 3000 bytes
--------------------- Preconditions -----------------------------------
Operating System(s).: AMIGA-DOS
Version/Release.....: 1.2,1.3,2.04,3.0
Computer model(s)...: All Amigas
--------------------- Attributes -------------------------------------
Easy Identification.: Typical texts in file (first Hunk):
                         "Fasten seat-belt!",0
                         "Greetings to Hochofen",0
                      Screen Messages: the typical texts are displayed,
                         with Black/Red/Yellow rasterbeam display.
Type of infection...: Self-Identification methods:
                         test-longword($2e5) at $14(File)
                      Executable File infection:
                         extending infected files by 3000 Bytes in
                         direct action during infected program start
                      Infection preconditions:
                         1) File smaller than 200000 Bytes
                         2) File stored in c: or df0:
                         3) Disk validated
                         4) File not infected
Infection Trigger...: Execution of an infected file
Storage media affected: All media
Interrupts hooked...: ---
Damage..............: Permanent Damage: none
                      Transient Damage: screen buffer manipulation, 
                          displaying text mentioned above
                      Transient/Permanent damage: some infected programs
                          will not execute or even crash the system as
                          virus cannot handle some Hunk Types correctly 
                          due to a bug in the infection routine.
Damage Trigger......: ---
Particularities.....: Virus author's programming abilities are rather
                        poor, very likely a beginner.
Similarities........: ---
--------------------- Agents -------------------------------------------
Countermeasures.....: VT2.54, VirusZ
Countermeasures successful: VT2.54, VirusZ
Standard means......: VT2.54
--------------------- Acknowledgement ----------------------------------
Location............: Virus Test Center, University Hamburg, FRG
Classification by...: Soenke Freitag
Documentation by....: Soenke Freitag
Date................: 31-July-1993
Information Source..: H.Schneegold, SHI, reverse-analysis

.