home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Amiga MA Magazine 1998 #3
/
amigamamagazinepolishissue1998.iso
/
bazy
/
virus_base
/
virus
/
s
/
saddam hussein bootvirus
< prev
next >
Wrap
Text File
|
1994-08-13
|
2KB
|
68 lines
Name : Saddam Hussein boot virus
Aliases : No Aliases
Type/Size : Boot/1024
Clones : No Clones
Symptoms : No Symptoms
Discovered : ?
Way to infect: Boot infection
Rating : Harmless
Kickstarts : 1.2/1.3/2.0
Damage : Overwrites boot.
Manifestation: Pretends to be a Utility-Bootblock.
Removal : Install boot.
Comments : This virus is made by one of these Pseudo-Coders. In
the code there are many signs of a LAME-CODE. But,
this is another story.
The virus just copies itself to $7F000 and changes the
KICK-Vector-Pointer to the virusvalue. After a reset
the virus patches the DoIO()-Vector which is used to
infect disks.
In the infection-routine the virus scans for the block
880, but this is only the rootblock of DD-Disks. It`s
very unlikely that the virus affects HD-Disks.
After the 1.st infection the virus installs a new
interrupt by patching the ZERO-PAGE $6C. This
interrupt will show the following alert after a value
reaches 30000:
"TOO BAD BROTHER ... SADDAM HUSSEIN STRIKES BACK !"
"THE ONLY ESCAPE IS TO TURN THE POWER OFF !!!"
After this alert you must reset your AMIGA becasue the
virus ends in a endless-routine. The Alert-text is
crypted and therefore you can`t read this text in the
the Bootblock.
Anyway, the virus tries to confuse the user with a
text in the top of the bootblock:
"A2000 MB Memory Controller V2"
The virus tries to pretend that it is a utility-bb.
NOTE: This code (the whole virus) is very similar to
the BlowJob-Virus. It was probably the same "coder".
A.D 08-94
