BootX Killer Virus - Amiga Virus Encyclopedia

VIRUS HELP TEAM


     ------------------------
     Amiga Virus Encyclopedia
     BootX Killer Virus 
     ------------------------


     Name         : BootX Killer

     Aliases      : No Aliases

     Type         : Bootblock
     
     Size         : 1024 bytes

     Clones       : No Clones

     Symptoms     : No Symptoms

     Discovered   : 5 january 1992

     Way to infect: Via bootblock

     Rating       : Dangerous

     Kickstarts   : 1.2
                    1.3
                    2.0

     Damage       : Overwrites Boot, Datablocks

     Manifestation: A virus alert appears

     Removal      : Install boot.

     Visible text :            "This is virus - BootX Killer"
                      "Fuck to all (I)diotic (B)ullshit (M)achine users"
                        "Send bug report to: Mr. Larmer of Wanted Team"
                                           "Poland"
                                           
     Comments     : The  BootXKiller virus  copies itself to addres $7FC00
                    and  changes the  Coolcapture to stay resident in mem-
                    ory.

                    First, the  virus  patches  the WaitPort()-Vector from
                    the   exec.library.   This   patch  is  just  used  to
                    initialize  the  Coolcapture  and  the  DoIo().

                    Then  the  virus  patches the OldOpenLibrary()-Vector.
                    The next library which  will  be opened beginning with
                    the letters "in" will be patched as following. Imagine
                    the "intuition.library" will  be opened, the virus now
                    patches the SetMenuStrip  and  the  Alert  Vector from
                    this  library.  When the  SetMenuStrip-Vector  will be
                    used the  next time, the virus checks for "Boot Tools"
                    as  the  title. If "Boot Tools" is the title to be set
                    the virus changes it into "BootX Killer". If this will
                    happen 3 times the virus will give out an alert.

                    To  infect  other  disks  the virus patches the DoIO()
                    vector from the exec.library:

                    The  next  time  a  Data-block  will  be  read  and  a
                    special  value  isn`t  zero  the  virus destroys it by
                    filling the block up with "BootXKiller".

                    Such blocks cannot be repaired....
                    
     Test made by : Safe Hex International
     

     Ascii of BootX Killer virus:
     

    

Virum Help Team
Denmark & Canada
Copyright © All rights reserved
www.vht.dk