sulistio@sutro.SFSU.EDU (Sulistio Muljadi) (09/02/90)
This is the translated version of an article in an Indonesian
Computer Magazine, as I noted in a posting of VIRUS-L edition
Friday, August 31, 1990 about mysterious message. In the
magazine, also shown the picture of the author of SEMLOHE AND
KEONGZ virus. No more information I have instead of this one.
=========================================================================
INDONESIAN VIRUS
* HACKER
Hacker is come from Bandung, Indonesia. A rectangle will
appear from a line and then it will become bigger
horizontally. Inside the rectangle, written Bandung and the
author, Hacker. There is no damage from this virus.
* DENZUKO
With a nice graphic, come from left and right, the
computer write DENZUKO in the monitor screen. The author of
this virus is the same with HACKER. Those 2 viruses are
the cause of boot-sector viruses in Indonesia. No damage
come from this virus.
From these viruses come many modification. Modification
usually made on the graphics which is uniqe. And also there
is a program which will change the graphic DENZUKO into the
graphics you would like to be.
* PC CLUB
With a different technique, without warm-boot (ctrl-alt-
del), a message will appear every 30 minutes. To eliminate
this virus is using SYS command. No major damage caused by
this virus.
* MARDI BROS
Is a boot-sector virus and appear by warm-boot. This
virus made from a University in Jakarta, Indonesia. There
may be another version of this virus which will damage hard-
disk.
* AREMA
This virus is come from Malang, Indonesia. AREMA is an
abbreviation of "Arek-Arek Malang" or in English mean
"People of Malang." No clear idea who made this virus, but
it seems that this virus is a modification of DENZUKO.
* SEMLOHE and KEONGZ
This virus once grow very fast in East Java, Indonesia.
The author, Sigit Wasista, live in Surabaya, Indonesia said
that this virus made only for experiment only. After there
are CBrain, Hacker, and Denzuko viruses, Sigit tried to view
and analyize those viruses and add background song when the
viruses come and finally SEMLOHE AND KEONGZ created.
* PC MONSTAR
PC MONSTAR virus made by Handiyanto, a student of one
University in Indonesia in computer major. TOETOE RULIANDA
also from one University in Indonesia with the same major.
This virus grow in East Java, and it has the same style and
appearnace looks like Denzuko
* ROBERT/NARWIN
This virus using the same method as PC CLUB. But it is
using graphics instead of text. The letters that appear
looks like Japanese character (Katakana), so it is called
Japan Virus
* SUPERNOVA
The author Fen Tjin, a student from a university in
Jakarta, Indonesia. This is the first local virus that made
some damages, reformat the diskette. This virus will
format the diskette when there is instruction to print to
the printer. And there will be message in the printer, and
then it stop.
* FREDDY
Freddy was made by one of a student in a academy of
computer in Indonesia. It infected the program, not a boot
sector virus. The program infected is IBMBIO.COM
The characteristic of this virus is the appearance of
FREDDY in a box.
* AMOEBA
This is a .COM and .EXE virus. This virus infect when
using disk access, such as copy, dir, etc.
When "DIR" command is instructed, the virus will search
for COMMAND.COM and if that file is free of virus, it will
infect.
When it is active, it will appear a message "SMA KHETAPUNK
- NOUVEL Band A.M.O.E.B.A. by PrimeSoft Inc." This message
only appear on CGA. "SMA KHETAPHUNK" is an Indonesian
Senior High School, the name of the school is "SMA
KETAPANG."
* MYSTIK
This virus will infect .EXE and .COM file. To find out if
a file is infected, we can use "TYPE" command to one of the
file that is suspected. If we did it, the message "- MYSTIC
- COPYRIGHT (C) 1989 - 2000 by SsAsMsUsEsL"
This is a new virus and there is no vaccine. The author,
Samuel, this year, he just graduated from Senior High
School. He is working in one of the center of Computer
business in Jakarta, Indonesia.
=================================================================
Disclaimer: This article is translated freely without
permission from an Indonesian computer magazine, "
InfoKomputer ", July 1990. Most of the article is
not translated exactly words by words.
And I don't have any other information about this
viruses. And I don't have these viruses.
Mul
sulistio@sutro.sfsu.edufrisk@rhi.hi.is (Fridrik Skulason) (09/05/90)
Some comments about the Indonesian viruses... > * HACKER This one is known as "Ohio" elsewhere in the world - It is closely related to The next one - using the same "buggy" method of formatting track 40 and storing the virus code there. > * DENZUKO Known as Den Zuk. In addition to the information in the original message it must be added that the virus removes "Brain" and "Ohio" from diskettes, replacing them with copies of itself. The virus changes the volume label into Y.C.1.E.R.P, but as YC1ERP is the call-sign of a radio-amateur in Bandung, Indonesia, he is suspected of being the author. Both viruses are not able to format 1.2M or 3.5" diskettes properly - damaging the contents instead - the claim that "No damage come from this virus." is far from being correct. > * MARDI BROS Reported in France, and originally believed to have been written there. This virus contains the text "sudah ada vaksin" (Vaccine already exists), which I recently asked about. > * AMOEBA This virus has been known for some time, and detection/disinfection programs are available. > * MYSTIK This virus is known under the name of "Liberty". Detection and disinfection programs are available. > * PC CLUB > * AREMA > * SEMLOHE and KEONGZ > * PC MONSTAR > * ROBERT/NARWIN > * SUPERNOVA > * FREDDY None of those viruses are yet known in the West - maybe we can expect a flood of Indonesian viruses soon..... :-( - -frisk