home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Amiga Plus 1995 #3 & #4
/
Amiga Plus CD - 1995 - No. 3 and 4.iso
/
pd
/
anti-virus
/
vib
/
virus
/
t
/
traveller 1.0
< prev
next >
Wrap
Text File
|
1995-07-20
|
2KB
|
66 lines
Name : Traveller V1.0
Aliases : No Aliases
Type/Size : Boot/1024
Clones : No Clones
Symptoms : No Symptoms
Discovered : 08-04-91
Way to infect: Boot infection
Rating : Harmless
Kickstarts : 1.2/1.3/2.0
Damage : Overwrites boot.
Removal : Install boot.
Comments : This virus code and the code of Saddam Hussein boot
block virus is very similar. Only the following text:
"A2000 MB Memory Controller V2"
from the Saddam BB was removed and a GFX-Message was
insert in the virus.
This virus is made by of these Pseudo-Coders. In the
code there are many signs of a LAME-CODE. But, this is
another story.
The virus just copies itself to $7F000 and changes the
KICK-Vector-Pointer to the virusvalue. After a reset
the virus patches the DoIO()-Vector which is used to
infect disks. In the infection-routine the virus scans
for the block 880 but this is only the rootblock of
DD-Disks.
It`s very unlikely that the virus affects HD-Disks.
After the 1.st infection the virus installs a new
interrupt by patching the ZERO-PAGE $6C. This
interrupt will show an GFX-Message after a value
reaches 30000:
"NEVER HEARED OF VIRUSPROTECTION ??? -LAMER!!!"
You must reset your AMIGA now becasue the virus ends
in an endless-routine. The Alert-text is crypted and
therefore you can`t read this text in the bootblock.
In the end of the Bootblock you can read:
"Traveller 1.0"
A.D 08-94
