home *** CD-ROM | disk | FTP | other *** search
- Name : Digital Dream
-
- Aliases : No Aliases
-
- Type/Size : Boot/2048
-
- Clones : No Clones
-
- Symptoms : No Symptoms
-
- Discovered : ?
-
- Way to infect: Boot infection
-
- Rating : Dangerous
-
- Kickstarts : 1.2/1.3/2.0
-
- Damage : Overwrites boot + Block 2,3 !
-
- Manifestation: -
-
- Removal : Install boot.
-
- Comments : The Digital Dream virus is a new sort of bootblock
- virus. It saves the OriginalBB to block 2,3 so that
- the virus can load it even after an infection. But
- if a file used the blocks 2,3 it will be damaged.
- (You will get a checksum error; read/write error)
- Forget this file, you can`t repair it !!!!!
- Imagine you are booting with an infected disk, the
- virus does the following:
-
- 2) It copies itself to $7F400.
-
- 1) It sets the KICK-Vectors to the virusvalue, to
- stay resident in memory.
-
- 2) After that the virus patches the Supervisor()
- and the DoIO()-Vector.
-
- 3) Now, the virus loads the original bootblock from
- block 2,3 to address $7E000 and executes it.
-
- The Supervisor() patch sets the KICK-Vectors always
- to the virusvalue.
-
- The DoIO() patch is used to infect other disks.
- Imagine you are inserting a uninfected & unprotected
- disk:
-
- 1) The virus loads the bootblock from the disk to
- $7FC00.
-
- 2) Then it checks for "already-infected".
-
- 3) After that it cryptes the whole virus bootblock with
- a byte taken out from the DFF006 register.
-
- 4) Saves 2048 bytes... Block 2,3 = DEAD!
-
- In the decrypted bootblock you can read:
-
- ">>DIGITAL DREAM<< by Max of StarLight"
-
- The KICK-Indentification-String is:
-
- ">>DIGITAL DREAM<<"
-
- A.D 07-94
-
