Hi All !!
Pestilence Bootblockvirus 1.15:
Kickstart 1.x : not working
Kickstart 3.1 and MC68040 : working
Exec-KicksumData (not repairable)
Intuition-DisplayAlert (not repairable)
First appearance (as far as I know): Heilbronn/Germany
This is a new bootblockvirus with some nasty inner workings:
The last both patched vectors cannot be repaired, because the
virus does not store the original value. Sorry guys ! All other
patched vectors can be corrected by VirusWorkshop.
It crypts all read blocks (T-DATA) with an eor-loop. If the
virus is active in memory, all crypted blocks will be decrypted
online. If you remove the virus from memory, several checksum-
errors will appear on your screen. VirusWorkshop 4.6 and higher
are able to repair the crypted blocks, because there is no magic
in this cryptroutine.
Such routines (online-(de)crypting) were first seen on the AMIGA
in the "Saddam" diskvalidator viruses and then in "The Curse of
little Sven" bootblockvirus.
The whole virus is crypted with a simple eor-loop and looks like
the work from a quite sober`n clean programmer. At the end of
the virus you can read (after decrypting it):
'PESTILENCE v1.15 (c) 14/05/94!'