Datalock 1.01 & Datalock 1.02 viruses - Amiga Virus Encyclopedia

VIRUS HELP TEAM



    -------------------------- 
    Amiga Virus Encyclopedia    
    DataLock 1.01 & 1.02 Virus
    --------------------------

 
    Datalock 1.01 and Datalock 1.02 viruses :

    Both viruses are VERY agressive and contain very powerfull destructionroutines

    Both  viruses  use  direct  adress  accessing  to $7fXXX  and do  not need the
    "trackdisk.device".  I have killed two of my harddiscs (one including my WHOLE
    VirusWorkshop sources) but I had luckily made a backup 4 days ago. Phew.

    DoIo always at $7f858
    Kicktag always at $7fade

    Very tricky new decoding routine, which will be changed before. Nice...
    The viruses killed  my RDB on  a SCSI-II harddisc and  killed some  sectors by
    overwriting it with some stuff.

    The bootblock  and another 1024  bytes (V1.02) will be written. At V1.02 there
    will be 4 KB written to the bootblock. A very wide destruction.

    The  V1.01 has  an additional  destruction routine,  which  kills  the sectors
    890-893. At sector 880 there is on  normal DD discs the ROOTBLOCK (directory).
    It`s therefore possible that very important directory blocks will be killed by
    this virus.

    The V1.02 has a different destruction  outine. 4 blocks, which will calculated
    using a random routine will be killed by overwriting some memorygarbage.

    At the end of the virus, you can read (decrypted):

    "Datalock 1.1 (C) `94 ALL (?) code by Deathcode."


    Test by Markus Schmall                          Detection tested on 08.02.1994


    Ascii of Datalock 1.01 virus:
    

    Ascii of Datalock 1.02 virus:
    
    
    


Virum Help Team
Denmark & Canada
Copyright © All rights reserved
www.vht.dk