SystemZ Bootblock Virus - Amiga Virus Encyclopedia

VIRUS HELP TEAM
 


     ------------------------
     Amiga Virus Encyclopedia
     SystemZ Bootblock Virus
     ------------------------

    
     Name         : SystemZ

     Aliases      : PVL Virusprotector Virus Strain
     
     Original     : SystemZ Antivirus Virus Strain

     Version      : 4.1, 5.1, 5.4, 6.0, 6.1, 6.2, 6.3, 6.4, 6.5

     Type         : Bootblock
     
     Size         : 1024 bytes

     Symptoms     : No Sypmtoms

     Discovered   : 5 june 1990
     
     Infection    : Self-identification method: 2nd longword =$50564c2e='PVL.' 
                    =checksum of SYSTEM Z viruses system infection: RAM resident,
                    reset resident, bootblock

     Way to infect: Kill VIRUS request after reset (CONTROL + Left-AMIGA + Right-AMIGA)
                    with positive answer

     Damage       : Overwriting bootblock after 'Kill VIRUS' request with positive
                    answer transient damage: screen buffer manipulation: message when
                    detecting a known virus.

     Rating       : Harmless

     Kickstarts   : 1.2
                    1.3
                    2.0
                    3.0

     Damage       : Overwrites Bootblock

     Typical text : VirusProtector Release VX.X A PvL Production,
                    Warning: Disk contains a Virus!
                    Left MouseButton:  Kill the Virus, Right MouseButton: Continue
                    This disk  contains an old VirusProtector', 4.0, 4.1, 5.0, 5.1
                    Send new Viruses to:
                    P. van Leuven Markt 19A, 5688 AJ Oirschot, Holland
                    
     Comments     : Uses StartIOVector;  other resident programs  using the system
                    resident list  (KickTagPointer, KickMemPointer)  are shut down
                    programs using  the  CoolCapture  vectors  are s hut down, too
                    detects  BYTE  BANDIT,  SCA  (and SCA clones),  NORTH STAR II, 
                    BYTE WARRIOR,LAMER EXTERMINATOR 1.0 and 2.0 and older versions
                    of itself.
                    
                    Pressing left mouse/fire button in port 1 during system reboot
                    causes the virus  to  install  itself on the disk's  bootblock
                    without any request pressing right mouse/fire button in port 2
                    during system reboot  causes the virus  to  shut  down itself;
                    detecting a virus causes SYSTEM Z to produce a sound.
                    
                    Detected  as 'H.C.S.' by  some  antiviruses;  tests  itself by
                    building  a  checksum (hex. $50564C2E = ascii 'PVL.'), if this
                    fails,  the virus  shuts down by restoring the KickTag pointer
                    to system default value else the screen gets colored depending
                    to a couple of notes which are played.

     Removal      : Kickstart 1.2 & 1.3 : VT-Schutz v3.17
                    Kickstart all others: VirusZ III, and also Xvs.library must be installed
                      
     Test made by : Virus Test Center Hamburg & Jan Andersen, Virus Help Team  
     

     Ascii of SystemZ v4.1 virus:
     

     Ascii of SystemZ v5.1 virus:
      
     
     Ascii of SystemZ v5.4 virus:
     

     Ascii of SystemZ v6.0 virus:
     
     
     Ascii of SystemZ v6.1 virus:
     
     
     Ascii of SystemZ v6.2 virus:
     
     
     Ascii of SystemZ v6.3 virus:
          

     Ascii of SystemZ v6.4 virus:
     

     Ascii of SystemZ v6.5 virus:
Virum Help Team
Denmark & Canada
Copyright © All rights reserved
www.vht.dk