Gandalf Virus - Amiga Virus Encyclopedia

VIRUS HELP TEAM
 



     ------------------------
     Amiga Virus Encyclopedia
     Gandalf Virus
     ------------------------
     
     
     Name         : Gandalf

     Aliases      : Gandalf's Rache

     Type         : Bootblock
     
     Size         : 1024 bytes

     Symptoms     : No Symptoms

     Discovered   : 29 december 1991

     Way to infect: Boot infection

     Rating       : Less Dangerous

     Kickstarts   : 1.2
                    1.3

     Damage       : Overwrites boot

     Comments     : Some  copies  pops up a requester while others makes a
                    display beep. Sometimes  Gandalf virus will format the
                    disk when counter is incremented to 7. DisplayAlert or
                    nothing before disk is running  ihibited.

                    The  Gandalf-Virus  uses the coolcapturevector to stay
                    resident  in  memory.  The  PutMsg-Vecto r is used to 
                    infect other disks. Additionally the ExitIntr()-Vector
                    is  used  to set the coolcapture and the DoIO()-Vector
                    always to the virusvalue.

                    In the decoded bootblock (eor-loop) you can read:

                    Gandalf`s Rache 1.5.90 - Ser.Nr. B00128 -
                    Hi Butonic & Angel!

     Removal      : Kickstart 1.2 & 1.3 : VT-Schutz v3.17
                    Kickstart all others: VirusZ III, and also Xvs.library must be installed

     Test made by : Safe Hex International
     
     
     Ascii of Gandalf virus (Decoded):
Virum Help Team
Denmark & Canada
Copyright © All rights reserved
www.vht.dk