VIRUS HELP TEAM
Denmark & Canada


Index - News - Download - Warnings - Link - Virus Help - About VHT - Encyclopedia - Miscellaneous - Contact



    ------------------------
    Amiga Virus Encyclopedia
    UHR Virus

    Virus Help Team are looking for this virus, please send it to us 
    ----------------------------------------------------------------


    The "UHR" Bootblock virus:

    This virus does not work with Kickstart 2.04 and higher.It checks
    the  highest  byte  in  the  $6c vector for $fc.This  is  only  a
    possible value for Kickstart 1.x .If  the  value was not  found,a
    normal bootblock will be executed.

    The virus is crypted on disc with a simple "EOR" loop.It  patches
    the DOIO,the LEVEL3Interrupt and the Coolcapture vectors.

    The "new" thing  in this virus is,that  it  copies  itself  to  a
    special adress,which will be calculated with the following rout.:



                    LEA        $0007F800.L,A1
                    TST.L        $004E(A6)
                    BEQ.B        Abs_Copy
                    MOVEA.L        $004E(A6),A1
                    LEA        -$0800(A1),A1
    Abs_Copy        MOVE.L        A1,-(A7)
                    MOVE.W        #$0398,D0
    Copy_Loop        MOVE.B        (A0)+,(A1)+
                    DBRA        D0,Copy_Loop

    This means that no adress exists,where this virus can be always
    found.The patched DOIO vector does not ask for  the  TRACKDISK-
    device.

    The following adresses will be changed in the next parts of the
    virus:

                            $00BFE601.L
                            $00BFE701.L
                            $00D80002.L
                            $00BFEE01.L

    The $d80002.L register  is (I heard it only) an  old  register
    for the internal clock.The bootblock will be crypted everytime
    new (depending on one special register).



                                    Detection tested on 14.6.1993.
    Test by Markus Schmall.....


    

Virus Help Team
Denmark & Canada
Copyright © 1994-2020