Mutilator Virus - Amiga Virus Encyclopedia


     Amiga Virus Encyclopedia
     Mutilator Virus

     Name         : Mutilator

     Aliases      : Max - Mutilator

     Clones       : No Clones 

     Type         : Bootblock
     Size         : 1024 bytes

     Symptoms     : No Symptoms

     Discovered   : 13 october 1992

     Way to infect: Boot infection

     Rating       : Harmless

     Kickstarts   : Only 1.3 with RANGER RAM ! ($C00000)

     Damage       : Overwrites boot

     Manifestation: A GFX-Routine

     Removal      : Kickstart 1.2 & 1.3 : VT-Schutz v3.17
                    Kickstart all others: VirusZ III v1.04ß or higher, and also Xvs.library v33.47 or higher

     Comments     : The Mutilator  Virus  only  works  on a few systems.
                    As you  can see above the virus  needs Kickstart 1.3
                    and a special (FAST)Ram called `Ranger Ram`.
                    People  who  are  booting  with an infected disk and
                    who can`t afford the above mentioned conditions will
                    see a GURU !  But if you have such a Ram + Kickstart
                    the virus will do the following:

                   1) The virus copies  itself at $7FAD0 and changes the
                      coolcapture-vector to stay resident.
                    After  the next reset the virus patches the DoIO() &
                    the Supervisor()-Vector.

                    The DoIO()-Patch is used to infect other disks.
                    Every time  when the  Supervisor()-Vector is used by
                    the system,  the virus  increases  a value by 1.  If
                    this  value reaches 224 (and an other 160) the virus
                    executes  a  GFX-Routine  with  an endless-loop. But
                    this routine has an programming-error (Color-Initial
                    Routine is the last S..t!), so you will get an black

                    After 3 infects the virus gives out an alert:

                         "THIS IS THE NEW MUTILATOR VIRUS !"
                               "BY MAX OF STARLIGHT!"

                    This text is crypted, you CAN'T read it in the BB.

                    There is  another crypted text  in the BB which says
                    after decryption:

                    Thanx to The Executors for Spreading this GREAT code
                    ! done: -1992-

     Test made by : Safe Hex International
     Screenshot of Mutilator Virus:

     Ascii of Mutilator Bootblock virus (Decoded):

