VIRUS HELP TEAM
Denmark & Canada


Index - News - Download - Warnings - Link - Virus Help - About VHT - Encyclopedia - Miscellaneous - Contact



    -------------------------
    Amiga Virus Encyclopedia
    Max of Starlight`93 Virus
    -------------------------
    
    
    Max of Starlight`93 Virus:
    
    Kickstart 1.x: NO
    MC68040      : YES

    Patched vectors: Exec-GetMsg(), Exec-DoIO(), Intuition-Displayalert
    and Kicktagptr.

    This is an ordinary crypted bootblockvirus. The crypt-routine is an
    ordinary eor-loop which depends of the rasterbeam register.

    The memory will be allocated and there is no check for the calling
    device-> I destroyed a 40 MB scsi drive with it. The RDB was over-
    written by this virus.

    The virus clears Coolcapture and Coldcapture, probably to make sure,
    that it`s the only code resident in memory !

    The displayalertpatch is buggy or idiotic. No backjumpadress will be
    saved. Only a zero will be given back and no jump to the original
    routine.

    The infection and destruction routines will be only activated, if

    1. access to Rootblock (880)
    2. access to bootblock (0)
    3. read(2) or write(3) command


    The destructive routine tries to overwrite a random block with
    the double-longword :INSANE!!. Only datablocks (recognition
    longword 8 will be affected by it. This means less destruction
    on FFS.

    The virus contains no textroutine....


    At the end of the virus you can read (after decrypting it):
    -----------------------------------------------------------

    'The Max of StarLight Virus`93'
    'intuition.library',0



    Test by Markus Schmall


    

Virus Help Team
Denmark & Canada
Copyright © 1994-2020