Amiga Virus Encyclopedia
    Max of Starlight`93 Virus
    Max of Starlight`93 Virus:
    Kickstart 1.x: NO
    MC68040      : YES

    Patched vectors: Exec-GetMsg(), Exec-DoIO(), Intuition-Displayalert
    and Kicktagptr.

    This is an ordinary crypted bootblockvirus. The crypt-routine is an
    ordinary eor-loop which depends of the rasterbeam register.

    The memory will be allocated and there is no check for the calling
    device-> I destroyed a 40 MB scsi drive with it. The RDB was over-
    written by this virus.

    The virus clears Coolcapture and Coldcapture, probably to make sure,
    that it`s the only code resident in memory !

    The displayalertpatch is buggy or idiotic. No backjumpadress will be
    saved. Only a zero will be given back and no jump to the original

    The infection and destruction routines will be only activated, if

    1. access to Rootblock (880)
    2. access to bootblock (0)
    3. read(2) or write(3) command

    The destructive routine tries to overwrite a random block with
    the double-longword :INSANE!!. Only datablocks (recognition
    longword 8 will be affected by it. This means less destruction
    on FFS.

    The virus contains no textroutine....

    At the end of the virus you can read (after decrypting it):

    'The Max of StarLight Virus`93'

    Test by Markus Schmall

    Ascii of Max of StarLight Bootblock virus:


Virum Help Team
Denmark & Canada
Copyright © All rights reserved