Threat Description

VLamiX

Details

Aliases: VLamiX, Die_Lamer
Category: Malware
Type: Virus
Platform: W32

Summary



The VLamiX virus spread through BBS systems in August 1994 in an archive called A30!PWA.ZIP. The archive was supposed to contain the version 3.0 of the popular ARJ archiver. Robert Jung, the author of ARJ, confirmed that ARJ 3.0 has not been released.



Removal



Automatic Disinfection

Allow F-Secure Anti-Virus to disinfect the relevant files.

For more general information on disinfection, please see Removal Instructions.



Technical Details



VLamiX is a simple resident file virus; it infects EXE files when they are opened, and appends an encrypted copy of itself. It uses a simple encryption routine with a 16-bit decryption key which changes between infections. However, the decryption routine does not change and it makes the virus easy to spot.

The virus contains several bugs. It often manages to corrupt files irreparably instead of infecting them.

The name VLamiX is taken from a text string found underneath an encryption layer:

smartc*.cps
         chklist.*
         -=*@DIE_LAMER@*=-
         CHKLIST ???
         CHKLIST.CPS
         VLamiX-1

VLamiX attacks CPAV and MSAV by deleting their checksum files. It also activates when it sees the text -=*@DIE_LAMER@*=- on-screen. At that time, it will overwrite a floppy in the B: drive, if such exists.





Description Created: Mikko Hypponen, F-Secure


SUBMIT A SAMPLE

Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

Learn More