Max of Starlight`93 Virus - Amiga Virus Encyclopedia

VIRUS HELP TEAM
 



    -------------------------
    Amiga Virus Encyclopedia
    Max of Starlight`93 Virus
    -------------------------
    
    
    Max of Starlight`93 Virus:
    
    Kickstart 1.x: NO
    MC68040      : YES

    Patched vectors: Exec-GetMsg(), Exec-DoIO(), Intuition-Displayalert
    and Kicktagptr.

    This is an ordinary crypted bootblockvirus. The crypt-routine is an
    ordinary eor-loop which depends of the rasterbeam register.

    The memory will be  allocated and there is no check for the calling
    device-> I destroyed a 40 MB scsi drive with it.  The RDB was over-
    written by this virus.

    The virus clears Coolcapture and Coldcapture, probably to make sure
    that it`s the only code resident in memory !

    The displayalertpatch is buggy or idiotic.  No backjumpadress  will
    be saved. Only  zero will be given back and no jump to the original
    routine.

    The infection and destruction routines will be only activated, if:

    1. access to Rootblock (880)
    2. access to bootblock (0)
    3. read(2) or write(3) command


    The destructive  routine  tries to  overwrite  a random  block with
    the double-longword :INSANE!!.
    Only datablocks (recognition longword 8 will be affected by it.
    This means less destruction on FFS.

    The virus contains no textroutine....


    At the end of the virus you can read (after decrypting it):
    -----------------------------------------------------------
    The Max of StarLight Virus`93
    intuition.library

    Removal:
    Kickstart 1.2 & 1.3 : VT-Schutz v3.17
    Kickstart all others: VirusZ III v1.04ß or higher, and also Xvs.library v33.47 or higher


    Test by Markus Schmall


    Ascii of Max of StarLight Bootblock virus:
Virum Help Team
Denmark & Canada
Copyright © All rights reserved
www.vht.dk