Game Over bootblock virus - Amiga Virus Encyclopedia

VIRUS HELP TEAM
 


     -------------------------
     Amiga Virus Encyclopedia
     Game Over Bootblock Virus
     -------------------------

     
     Name         : Game Over

     Aliases      : No Aliases

     Type         : Bootblock
     
     Size         : 1024 bytes

     Clones       : No Clones

     Symptoms     : No Sypmtoms

     Discovered   : 21 december 2020

     Way to infect: Boot infection

     Rating       : Very dangerous. The virus installs its code over the original bootblock
                    where there is room on the host disk. So it does not overwrite any data
                    but writes the virus code into the  original bootblock is  there is any
                    empty space for the code. The virus  does not  infect a disk  that does
                    not have enough room for its data. No antivirus program is abel to find
                    the 'Game Over' virus.

     Kickstarts   : 1.2
                    1.3
                    2.0
                    3.0
                    3.1

     Damage       : Writes it self into the original bootblock

     Removal      : Install a new bootblock

     Comments     : After booting the virus changes the CoolCapture-Vector to stay resident
                    in memory at ($000058DC).  Then  the virus patches the DoIO ($000059B6)
                    Vector to infect other disks.
                    
                    The virus  injects  code (116 bytes)  into the original  bootblock at a
                    variable position (harder to detect!).  It writes its code in sectors 3
                    to 5 and a copy of the original bootblock in sectors 6 to 7.
                    
                    The virus  installs its  code and the original bootblock where there is
                    room on the host disk So it does not overwrite any data. The virus does
                    not infect a disk that does not have enough room for its data.
                    
                    The virus overwrites the original bootblock so potentially, any one!
                    Moreover, since its position is variable, the number of combinations is
                    almost unlimited.
                    
                    At the height of luxury, it protects its data from being overwritten by
                    updating the BAM (block availability map).
                    
                    At  launch  it  installs  it's code in memory and launches the original
                    bootblock to  make it  look like all is  well.  Unlike  other  viruses,
                    it recognizes an already infected disk.

                    After infection a blue screen can appear with a white skull will pop up
                    with a text saying 'GAME OVER'.

                    The checksum of the bootblock changes with each mutation, so that means
                    that there could be a lot of mutations out there. Take care.
                    
     VHT Info     : Due to the many so mutations it is impossible to add 'Game Over' to the
                    'VirusZ_III.Bootblocks', but the virus mutations we have will be added.
                    
     Info         : This virus was found on an .afd archive, with the name 'Appel Catcher'

     Test made by : CrashDisk & Jan Andersen, Virus Help Team

     Thanks to    : Ivan Sergeevich, for sending this virus to Virus Help Team
                    CrashDisk, for testing the virus


     Animated gif of 'Game Over' virus:
     

     Picture of 'Game Over' virus:
     

     Ascii of 'Game Over' virus:
     
     
     Ascii of 'Game Over' virus, infected in a normal X-Copy bootblock:
Virum Help Team
Denmark & Canada
Copyright © All rights reserved
www.vht.dk