HappyNewYear 98 Virus - Amiga Virus Encyclopedia

VIRUS HELP TEAM



     ------------------------
     Amiga Virus Encyclopedia
     HappyNewYear 98 Virus
     ------------------------
  
     
     - HappyNewYear 98 Virus BB and File-Link

         Requires KS 2.04  !!  (Versiontest min #37)

         Nameingreason: in the linkpart you can read noncoded:
                74756974 646f732e 6c696272 61727900 tuitdos.library.
                3c3e2048 61707079 204e6577 20596561 <> Happy New Yea
                72203938 203c3e00 000a0000 00000000 r 98 <>.........

         Hidded vectors: LoadSeg and DoIo   
         Resetresistant: no
         Cache-problem: yes
         Filesizeincrease: #920 bytes
         Link after the first hunk or as bootblock
         VT tries to reset Loadseg and DoIo in the memmory.
         VT tries to remove the link part from the file.
         Write with install a new Bootblock.

         Reproductionconditions for BB:
          - Block 0 is read by the user with DoIo
          - DOS0 or 1 with expansion.lib (checksum) is found
          - Error: in my oppinion the update command is missing
          - DOESN`T call trackdisk.device

         Reproductionconditions for file link:
          - File is not infected already (98-test)
          - max. filesize #600000 bytes
          - min. filesize #2800 bytes
          - 3E9-hunk is found with loop
          - Disk validated
          - min. 4 Blocks free
          - RTS is found (max. loop $3F)
          - RTS will be replaced by bra.s or NOP (if RTS is at the 
              very end of the first hunk )
         Leaves out 3E8, 3F0, 3F1 hunks and so on !!!
         This thing doesn`t show itselves

         Hint:
         during tests defekt files were created also


     --------------------------------------------------------------
      Translated to English by Frank Cieslewicz  2001 VHT-Denmark
      Org. Test by Heiner Schneegold.
     --------------------------------------------------------------


     Ascii of HappyNewYear 98 Bootblock virus
     

     

Virum Help Team
Denmark & Canada
Copyright © All rights reserved
www.vht.dk