Name         : Byte Voyager I

     Aliases      : No Aliases

     Type/Size    : Boot/1024

     Clones       : No Clones 

     Symptoms     : No Symptoms

     Discovered   : 08-04-91

     Way to infect: Boot infection

     Rating       : Less Dangerous.

     Kickstarts   : 1.2/1.3/2.0 (Just DD-Disks)

     Damage       : Overwrites boot.

     Removal      : Install boot.

     Comments     : If you are booting  with a  ByteVoyager-Infected disk
                    the virus copies itself to address $7F000 and changes
                    the  KICK-Vectors  to  stay  resident  in memory. For 
                    infection the virus uses the DoIO()-Vector ehich will
                    be patched after the next reset.


                    The  ByteVoyagerVirus test for  block 880 (Root of DD
                    Disks) so it`s  very unlikely  that the virus infects
                    a  HD-Disk (BUT NOT UNTHINKABLE). The disk which will
                    be infected get an new name:


                    "Infected by BYTE VOYAGER !!!!!!"



                    After  the  1st  infection  the  virus installs a new 
                    patch in the ZERO-PAGE ($6C.w). This patch checks for
                    an  special  value  in memory.  If this value reaches
                    45000 your AMIGA will break down.


                    The  whole  virusbootblock  is  crypted  by using the
                    $dff006 register so you can`t read anything in the BB



    SHI - A.D 08-94

[Go back]