Lamer exterminator

Lamer Exterminator is a computer virus which was developed for the Commodore Amiga . The virus was first discovered in Germany in 1989. It is a boot virus .

Versions and derivatives

A total of 10 variants are known. However, these are almost identical and basically work in the same way.

behavior

• Overwrites the original boot block of a non-write-protected floppy disk inserted in the floppy disk drive with the virus code.
• The virus writes itself in encrypted form on the boot block of the host disk.
• Remains reset-proof in the RAM .
• Changes certain operating system entries, which otherwise point to the Amiga Kickstart ROM , to itself.
• Randomly destroys blocks of the host floppy disk by overwriting the block with the character string LAMER!(in some variants also Lamer!).

Details

The encryption and decryption routine of a variant of the virus:

;Motorola 680x0 Assembler
decode_virus:
  lea     cryptstart(pc),a0 ; Begin of crypted area
  lea     cryptend(pc),a2   ; Endaddress of crypted area
  move.b  (a2),d0           ; Decode-byte for XOR

.loop:
  eor.b   d0,(a0)+          ; Decode Virus code with a simple XOR
  cmpa.l  a0,a2             ; Until Startaddress not reached endaddress...
  bne.s   .loop             ; ...loop

Decrypted you can see the following text in the boot block (HEX editor excerpt):

0360h: 24 D8 51 C8 FF FC 4E 75 74 72 61 63 6B 64 69 73 ; $ØQÈÿüNutrackdis
0370h: 6B 2E 64 65 76 69 63 65 00 00 54 68 65 20 4C 41 ; k.device..The LA
0380h: 4D 45 52 20 45 78 74 65 72 6D 69 6E 61 74 6F 72 ; MER Exterminator
0390h: 20 21 21 21 00 0D AB CD 00 FC 0A 78 00 FE 9C 3E ; !!!..«Í.ü.x.þœ>

Individual evidence

1. ↑ VT_DocFiles.lha, VT.Kennt_L-Z.txt, line 93 VT protection documentation

Web links

• Virus description at AGN - Informatik, Uni Hamburg (English)
• Virus description In: Amiga Virus Encyclopedia (English)