Amiga Virus Encyclopedia
    Rastenbork v2.0 Virus

    - Rastenbork-Virus  BB

         Type B:      (rAStENboRk)
         Version: 2.0
         Changed vectors: Cool, DoIo
         Reset resistant.
         Does NOT need trackdisk.device.
         THe BB says (to fool you):
             50616e7a 65722074 6f74616c 20616e74 Panzer total ant
             69207669 72757320 73797374 656d0056 i virus system.V
             69727573 20646573 74726f79 65642100 irus destroyed!.
         a) Increases through BB.
         b) As soon as a counter register has reached the value $B
            it tries to change an area starting with $6E000 and with
            a length of $6400 with "add.b #7". $6E000 is only a root
            cylinder on a DD disk.
            Block before:    880
          0000: 00000002 00000000 00000000 00000048 ...............H
          0010: 00000000 1d397726 00000000 00000000 .....9w&........
            and so on
            Block later:    880
          0000: 07070709 07070707 07070707 0707074f ...............O
          0010: 07070707 24407e2d 07070707 07070707 ....$@~-........
            and so on
          So it is possible to "back code" this area.
            After this a BB part is decoded with EOR.L D1,D0 and shown
            with DisplayAlert:
              rAStENboRk cAShEr vIRUs v2.0
               ...another Christmas`94 present!
              Your disk isn't damaged,but it has just been coded.
              Try to find coding routine.
              If got any problems,contact Santa Claus
              or just PePe/tRSi
              Bonus disks are welcome!
          The programmer wrote Rastenborg with "k".

          Note 2: If VT-RootBlock shows "von rAStENboRk cod." cancel it.
          Open VT-Prefs and disable the security requester. Then check
          the disk with BlockITest. It asks you if you want to decode
          block 880 to 929. (yes, it takes a while but if it is an
          unimportant disk you could just reformat it insteadt.) VT might
          not find the BitMap Block which is most likely in the coded part.
          As soon as BlockITest has finished remove the disk for a short
          time. Ehen you put it back in the OS should repair the BitMap
          Block - I hope so. You should do all tests with this disk again.
          Also BlockKette !!!!Diese Disk sollten Sie noch einmal allen
          Tests unterziehen.

          Note 3: At a few tries not only the root area was coded but also
          the BB ewas filled with trash. In such a case install DOS0-BB
          on the disk first. Thanks

          Translated to English by Thomas Steffens  2001 VHT-Denmark
          Org. Test by Heiner Schneegold.

     Ascii of Rastenbork v2.0 virus:

Virum Help Team
Denmark & Canada
Copyright © All rights reserved