Game Over bootblock virus - Amiga Virus Encyclopedia
VIRUS HELP TEAM
------------------------
Amiga Virus Encyclopedia
Game Over Virus
------------------------
Name : Game Over
Aliases : No Aliases
Type : Bootblock
Size : 1024 bytes
Clones : No Clones
Symptoms : No Sypmtoms
Discovered : 21 december 2020
Way to infect: Boot infection
Rating : Very dangerous. The virus installs its code over the original bootblock
where there is room on the host disk. So it does not overwrite any data
but writes the virus code into the original bootblock is there is any
empty space for the code. The virus does not infect a disk that does
not have enough room for its data. No antivirus program is abel to find
the 'Game Over' virus.
Kickstarts : 1.2
1.3
2.0
3.0
3.1
Damage : Writes itself into original bootblock
Removal : Install a new bootblock
Comments : After booting the virus changes the CoolCapture-Vector to stay resident
in memory at ($000058DC). Then the virus patches the DoIO ($000059B6)
Vector to infect other disks.
The virus injects code (116 bytes) into the original bootblock at a
variable position (harder to detect!). It writes its code in sectors 3
to 5 and a copy of the original bootblock in sectors 6 to 7.
The virus installs its code and the original bootblock where there is
room on the host disk So it does not overwrite any data. The virus does
not infect a disk that does not have enough room for its data.
The virus overwrites the original bootblock so potentially, any one!
Moreover, since its position is variable, the number of combinations is
almost unlimited.
At the height of luxury, it protects its data from being overwritten by
updating the BAM (block availability map).
At launch it installs it's code in memory and launches the original
bootblock to make it look like all is well. Unlike other viruses,
it recognizes an already infected disk.
After infection a blue screen can appear with a white skull will pop up
with a text saying 'GAME OVER'.
The checksum of the bootblock changes with each mutation, so that means
that there could be a lot of mutations out there. Take care.
VHT Info : Due to the many so mutations it is impossible to add 'Game Over' to the
'VirusZ_III.Bootblocks', but the virus mutations we have will be added.
Info : This virus was found on an .afd archive, with the name 'Appel Catcher'
Test made by : CrashDisk & Jan Andersen, Virus Help Team
Thanks to : Ivan Sergeevich, for sending this virus to Virus Help Team
CrashDisk, for testing the virus
Picture of 'Game Over' virus:
Ascii of 'Game Over' virus:
Ascii of 'Game Over' virus, infected in a normal X-Copy bootblock:
Ascii of 'Game Over' virus:
Ascii of 'Game Over' virus, infected in a normal X-Copy bootblock:
