VIRUS HELP TEAM
Denmark & Canada


Index - News - Download - Warnings - Link - Virus Help - About VHT - Encyclopedia - Miscellaneous - Contact



    -------------------------- 
    Amiga Virus Encyclopedia    
    DataLock 1.01 & 1.02 Virus
    --------------------------

 
    Datalock 1.01 and Datalock 1.02 viruses :

    Both viruses are VERY agressive and contain very powerfull
    destructionroutines.

    Both viruses use direct adress accessing to $7fXXX and
    do not need the "trackdisk.device". I have killed two of my
    harddiscs (one including my WHOLE VirusWorkshop sources) but
    I had luckily made a backup 4 days ago. Phew.

    DoIo always at $7f858
    Kicktag always at $7fade

    Very tricky new decoding routine, which will be changed before.
    Nice... The viruses killed my RDB on a SCSI-II harddisc and killed
    some sectors by overwriting it with some stuff.

    The bootblock and another 1024 bytes (V1.02) will be written.
    At V1.02 there will be 4 KB written to the bootblock. A very wide
    destruction.

    The V1.01 has an additional destruction routine, which kills the
    sectors 890-893. At sector 880 there is on  normal DD discs  the
    ROOTBLOCK (directory). It`s therefore possible that very important
    directory blocks will be killed by this virus.

    The V1.02  has a  different  destruction  routine. 4 blocks, which
    will calculated using a random routine will be killed by over-
    writing some memorygarbage.

    At the end of the virus, you can read (decrypted):

    "Datalock 1.1 (C) `94 ALL (?) code by Deathcode."



    Test by Markus Schmall              Detection tested on 08.02.1994.


    

Virus Help Team
Denmark & Canada
Copyright © 1994-2020