home *** CD-ROM | disk | FTP | other *** search
- Name : Sachsen NO.3
-
- Aliases : No Aliases
-
- Type/Size : Boot/2048
-
- Clones : No Clones
-
- Symptoms : No Symptoms
-
- Discovered : ?
-
- Way to infect: Boot infection
-
- Rating : Dangerous
-
- Kickstarts : 1.2/1.3/2.0
-
- Damage : Overwrites boot + block 2,3 + other blocks (!!)
-
- Manifestation: -
-
- Removal : Install boot.
-
- Comments : The Sachsen 3-Virus consits of 2 Parts.
-
- 1) The Loader-Routine-Part for the Main-Part.
- (=>Block 0,1)
-
- 2) The MAIN-Part with infection-Routines.
- (=>Block 2,3)
-
- The virus copies itself to $78000 and changes the
- Cool-Capture to stay resident in memory. To infect
- other disks the virus patches to DoIO()-Vector.
- Additionally the virus patches the Wait()-Vector.
- Imagine you are inserting an uprotected, clean disk:
-
- 1) The virus checks the infectionvalue. If this value
- is greater than 3 the virus calculates a block
- depending of $DFF006 and destroys it with the
- string "SACHSEN3". If the value is greater than
- 12 the virus shows an alert:
-
- "SACHSEN VIRUS NO.3 in Generation : XXXXX is running..."
-
- (The X depends of the Generation !)
-
- 2) The Virus relabels the disk in "SACHSEN VIRUS NO.3
- ON DISK !!!" by loading block 370 (!!!!)
- (That means for HD-Disk Users = Block 370
- DESTROYED!)
-
- 3) The virus writes 2048 bytes. (Loader+Main-part)
- Block 2,3 = DESTROYED !!
-
- A.D 08-94
-
