------------------------
Amiga Virus Encyclopedia
BootX Killer Virus
------------------------
Name : BootX Killer
Aliases : No Aliases
Type : Bootblock
Size : 1024 bytes
Clones : No Clones
Symptoms : No Symptoms
Discovered : 5 january 1992
Way to infect: Via bootblock
Rating : Dangerous
Kickstarts : 1.2
1.3
2.0
Damage : Overwrites Boot, Datablocks
Manifestation: A virus alert appears
Visible text : "This is virus - BootX Killer"
"Fuck to all (I)diotic (B)ullshit (M)achine users"
"Send bug report to: Mr. Larmer of Wanted Team"
"Poland"
Comments : The BootXKiller virus copies itself to addres $7FC00
and changes the Coolcapture to stay resident in mem-
ory.
First, the virus patches the WaitPort()-Vector from
the exec.library. This patch is just used to
initialize the Coolcapture and the DoIo().
Then the virus patches the OldOpenLibrary()-Vector.
The next library which will be opened beginning with
the letters "in" will be patched as following. Imagine
the "intuition.library" will be opened, the virus now
patches the SetMenuStrip and the Alert Vector from
this library. When the SetMenuStrip-Vector will be
used the next time, the virus checks for "Boot Tools"
as the title. If "Boot Tools" is the title to be set
the virus changes it into "BootX Killer". If this will
happen 3 times the virus will give out an alert.
To infect other disks the virus patches the DoIO()
vector from the exec.library:
The next time a Data-block will be read and a
special value isn`t zero the virus destroys it by
filling the block up with "BootXKiller".
Such blocks cannot be repaired....
Removal : Kickstart 1.2 & 1.3 : VT-Schutz v3.17
Kickstart all others: VirusZ III with Xvs.library installed
Test made by : Safe Hex International
Ascii of BootX Killer virus:
