'Game Over' Bootblock virus - Amiga Virus Encyclopedia

VIRUS HELP TEAM
 


     ------------------------
     Amiga Virus Encyclopedia
     Game Over Virus
     ------------------------

     
     Name         : Game Over

     Aliases      : No Aliases

     Type         : Bootblock
     
     Size         : 1024 bytes

     Clones       : No Clones

     Symptoms     : No Sypmtoms

     Discovered   : 21 december 2020

     Way to infect: Boot infection

     Rating       : Dangerous, due to no antivirus program can find it

     Kickstarts   : 1.2
                    1.3
                    2.0
                    3.0
                    3.1

     Damage       : Writes itself into original bootblock

     Removal      : Install a new bootblock

     Comments     : After booting the virus changes the CoolCapture-Vector to stay resident
                    in memory at ($000058DC).  Then  the virus patches the DoIO ($000059B6)
                    Vector to infect other disks.
                    
                    The virus  injects  code (116 bytes)  into the original  bootblock at a
                    variable position (harder to detect!).  It writes its code in sectors 3
                    to 5 and a copy of the original bootblock in sectors 6 to 7.
                    
                    The virus  installs its  code and the original bootblock where there is
                    room on the host disk So it does not overwrite any data. The virus does
                    not infect a disk that does not have enough room for its data.
                    
                    The virus overwrites the original bootblock so potentially, any one!
                    Moreover, since its position is variable, the number of combinations is
                    almost unlimited.
                    
                    At the height of luxury, it protects its data from being overwritten by
                    updating the BAM (block availability map).
                    
                    At  launch  it  installs  it's code in memory and launches the original
                    bootblock to  make it  look like all is  well.  Unlike  other  viruses,
                    it recognizes an already infected disk.

                    After infection a blue screen can appear with a white skull will pop up
                    with a text saying 'GAME OVER'.

                    The checksum of the bootblock changes with each mutation, so that means
                    that there could be a lot of mutations out there. Take care.
                    
     VHT Info     : Due to the many so mutations it is impossible to add 'Game Over' to the
                    'VirusZ_III.Bootblocks', but the virus mutations we have will be added.
                    
     Info         : This virus was found on an .afd archive, with the name 'Appel Catcher'

     Test made by : CrashDisk & Jan Andersen, Virus Help Team

     Thanks to    : Ivan Sergeevich, for sending this virus to Virus Help Team
                    CrashDisk, for testing the virus


     Picture of 'Game Over' virus:
     

     Ascii of 'Game Over' virus:
     
     
     Ascii of 'Game Over' virus, infected in a normal X-Copy bootblock:
Virum Help Team
Denmark & Canada
Copyright © All rights reserved
www.vht.dk