Datalock 1.01 & Datalock 1.02 viruses - Amiga Virus Encyclopedia


    Amiga Virus Encyclopedia    
    DataLock 1.01 & 1.02 Virus

    Datalock 1.01 and Datalock 1.02 viruses :

    Both viruses are VERY agressive and contain very powerfull destructionroutines

    Both  viruses  use  direct  adress  accessing  to $7fXXX  and do  not need the
    "trackdisk.device".  I have killed two of my harddiscs (one including my WHOLE
    VirusWorkshop sources) but I had luckily made a backup 4 days ago. Phew.

    DoIo always at $7f858
    Kicktag always at $7fade

    Very tricky new decoding routine, which will be changed before. Nice...
    The viruses killed  my RDB on  a SCSI-II harddisc and  killed some  sectors by
    overwriting it with some stuff.

    The bootblock  and another 1024  bytes (V1.02) will be written. At V1.02 there
    will be 4 KB written to the bootblock. A very wide destruction.

    The  V1.01 has  an additional  destruction routine,  which  kills  the sectors
    890-893. At sector 880 there is on  normal DD discs the ROOTBLOCK (directory).
    It`s therefore possible that very important directory blocks will be killed by
    this virus.

    The V1.02 has a different destruction  outine. 4 blocks, which will calculated
    using a random routine will be killed by overwriting some memorygarbage.

    At the end of the virus, you can read (decrypted):

    "Datalock 1.1 (C) `94 ALL (?) code by Deathcode."

    Removal: Kickstart 1.2 & 1.3 : VT-Schutz v3.17
             Kickstart all others: VirusZ III, and also Xvs.library must be installed

    Test by Markus Schmall                          Detection tested on 08.02.1994

    Ascii of Datalock 1.01 virus:

    Ascii of Datalock 1.02 virus:

Virum Help Team
Denmark & Canada
Copyright © All rights reserved