Silly Willy Trojan (25-07-1992)
Entry...............: Silly Willy Trojan
Standard CARO Name..: Silly_Willy Trojan
Alias(es)...........: ---
Virus Strain........: Silly Willy (Trojan/Virus) Strain
Virus detected when.: March 92
              where.: Munich, Germany
Classification......: Trojan
Length of Virus.....: 803 Bytes
--------------------- Preconditions ----------------------------------
Operating System(s).: IBM PC & Compatibles
Version/Release.....: DOS 2.x and above
Computer model(s)...: IBM PC, XT, AT and upwards, and compatibles
--------------------- Attributes -------------------------------------
Easy Identification.: ---
Scan signature......: The string: 0e 1f b0 49 be 11 00 b9 24 03 2b ce
                      28 04 can be found at begin of an trojanized
                      file.
Type of infection...: ---
Infection Trigger...: ---
Storage media affected: Any floppy diskette, hard disk
Interrupts hooked...: ---
Damage..............: Transient/Permanent damage: The trojan displays 
                         a face, telling that he is Silly Willy and 
                         right now formatting the hard disk. But 
                         instead, it writes a hidden file, so the 
                         user observes some hard disk activities. The 
                         hidden file has a length between 154,622 and 
                         459,952 bytes and contains the text 
                            "The User of This Computer Is Stupid!".
                         After some time, another message will appear:
                            "ERROR: o SYSTEM found!
                             No Files on drive C:
                             Insert SYSTEM diskette in drive A: 
                                and push a key!"
                         After pushing a key, the first 9 sectors on 
                         the first five tracks will be overwritten 
                         with the text
                            "The User of This Computer Is Stupid!"
                         Then, the system hangs.
Damage Trigger......: Starting a trojanized EXE-file
Particularities.....: Silly Willy Trojan is dropped by Silly Willy 
                         Virus which overwrites EXE files with trojan.
Similarities........: ---
--------------------- Agents -----------------------------------------
Countermeasures.....: Solomon FindViru 4.23, Antivir from H&B-EDV
Standard means......: Delete/replace trojanized files with clean ones.
--------------------- Acknowledgement --------------------------------
Location............: Virus Test Center, University Hamburg, Germany
                      Siemens Nixdorf AG (SNI), Munich
Classification by...: Toralv Dirro (VTC), Ralph Dombach (SNI)
Documentation by....: Toralv Dirro
Date................: 16-July-92
Information Source..: Original virus analysis 

.