VIRUS HELP TEAM



    ------------------------
    Amiga Virus Encyclopedia
    Overkill Virus
    ------------------------

          
    - Overkill VIRUS BB Block 0-3 also KS2.04, always from $ 7F700
         Cool, KickCheckSum, SumKickData, DoIo
         does NOT ask trackdisk.device = also HD !!!!!!!

         Name reasons:
         decoded can be read in the memory: Overkill by the ENEMY!

         Decoding routine part:
                        sub.b d6, d5
                        move.b d5, (a5) +
         fetches 4 blocks:
         Block 0 u. 1 = virus
         Block 2 u. 3 = OrigBB not coded
         Propagation:
         Recodes every virus for BB depending on $ DFF006
         stores 4 blocks, i.e. a file the block 2 u. 3 occupied,
         is destroyed.

         Damage: (also HD !!!!!!!!)
         - Determines a block number via $ DFF006
         - Writes TWO blocks (is new) with memory content.
           i.e. in the worst case, Block1 is at the end of a file
           and Block2 at the beginning of a second file.
           These files cannot be saved. In the 1st destruction block
           is available from $ 22 Overkill by the ENEMY!. Since NO block
           evaluation can also be a Dir-Block, ListBlock etc.
           to be destroyed. Please try to save with disksalv,
           what is still useful.
           Cyl 0 block 55
               ^
         0000: 0007f708 00000000 4afc0007 f7080007 ........ J .......
         0010: ff00011f 00450007 f7220007 f7220007 ..... E ... "..." ..
         0020: f7d64f76 65726b69 6c6c2062 79207468 ..Overkill by th
         0030: 6520454e 454d5920 21002879 0007fab0 e ENEMY!. (Y ....

           You see: It can also hit the rigid area !!!

           With OrigBB you can copy Block2-3 to Block0-1
           and save.
           VT knows BB and Speicher: 10/17/92


         Original test by Heiner Schneegold
         Translated from german to english by Google translate
    
        --------------------------------------------------------------------
    
        This  virus  works with all Kickstarts and even on turboboards.  It
        writes the original bootblock to the block 2-3 and destroys in this
        way some possible data on this tracks.

        Changed  vectors:   DoIO, CoolCapture, ColdCapture (always with the
        same adresses).

        Warning:   This virus clears sometimes sectors on devices.  Danger!
        You  can  loose  your  RigidDiskBlock of your HD or the bootsectors
        because of some bugs in the DoIO routines(no security check for the
        trackdisk device).


        Test by Markus Schmall


        Ascii of Overkill Bootblock virus (Decoded):
        
     
     
        

Virum Help Team
Denmark & Canada
Copyright © All rights reserved
www.vht.dk