AminetAminet
Search:
84716 packages online
About
Recent
Browse
Search
Upload
Setup
Services

util/virus/DZT.lha

Mirror:Random
Showing:m68k-amigaosppc-amigaosppc-morphosi386-arosi386-amithlonppc-warpupppc-powerupgeneric
No screenshot available
Short:ZAKAPIOR TROJAN De-activator
Author:iain at hashpipe.freeserve.co.uk (Iain Hammond)
Uploader:iain hashpipe freeserve co uk (Iain Hammond)
Type:util/virus
Version:1.2
Architecture:m68k-amigaos
Date:1999-08-01
Download:http://aminet.net/util/virus/DZT.lha - View contents
Readme:http://aminet.net/util/virus/DZT.readme
Downloads:4595

After down-loading "util/sys/PoolMem.lha" (PoolMem Version 1.45) from AMINET
on 14-7-1999 and installing it I found something *VERY* wrong with it. Once
started, A Trojan is installed into memory called "zakapior" :-(((. After
disassembly I discovered after some *VERY* poor de-cryption it just sits
in memory waiting for you to go on-line, Then i repeatedly sends some vulgar
e-mail to "president at amiga.com". Although I am no expert, This is all it
seems to do, But *DON'T* take my word for this!

Any one wanting to read the message that gets sent mail me.

DZT now fixes:
              PoolMem     (v1.45 poolmem.lha)
              FastIPrefs  (v40.37 FastIPrefs4037.lha)


Usage:   DZT FILE

FILE = The full path to the unachived file

DZT will check that it is one of the infected versions and make the
appropriate fix.

DZT will either say:

   File ERROR!                                : If something went wrong :-(
or
   *WARNING* DZT can't fix this file!!!       : Does not recognise file :-(

DZT will then atempt to scan the file for the Trojan, This may not be 100%
accurate but may be of help!

or
   ZAKAPIOR TROJAN De-activated!!!            : If it worked :-)

If all went well you will be able to use either program without the Trojan
being started. Please note that DZT does no remove it from the file just
de-activates it!

If you run DZT with no file name it will tell you if the virus is located in
memory, although at this time DZT can't remove it! Next check if you have
any of the above mentioned files installed and de-activate it. If not try
and find which file is starting it and send it to me so i can update DZT!!!

Does anyone no what "zakapior" means?

I hope this is of some help :-)

email:-  iain at hashpipe.freeserve.co.uk
WWW  :-  www.hashpipe.freeserve.co.uk


Contents of util/virus/DZT.lha
 PERMSSN    UID  GID    PACKED    SIZE  RATIO     CRC       STAMP          NAME
---------- ----------- ------- ------- ------ ---------- ------------ -------------
[generic]                 1089    2252  48.4% -lh5- 1e15 Jul 31  1999 dzt
[generic]                 1029    1982  51.9% -lh5- 645a Jul 31  1999 dzt.readme
---------- ----------- ------- ------- ------ ---------- ------------ -------------
 Total         2 files    2118    4234  50.0%            Aug  1  1999

Aminet © 1992-2024 Urban Müller and the Aminet team. Aminet contact address: <aminetaminet net>