Name         : Coder

     Aliases      : No Aliases

     Type/Size    : Boot/1024

     Clones       : BadByte5

     Symptoms     : No Symptoms

     Discovered   : 26-12-90

     Way to infect: Boot infection

     Rating       : Less Dangerous

     Kickstarts   : 1.2/1.3/2.0

     Damage       : Overwrites boot.

     Manifestation: Pretends to be a viruskiller-boot.

     Removal      : Install boot.

     Comments     : The CODER-virus is a very simple one. To stay resident
                    in  memory  the  virus  uses  the  KICK  vectors.  For
                    Infection  the  virus  uses the DoIO() vector from the
                    exec.library.   Additionally  it patches the Zero-Page
                    ($68).  This  interrupt  will be used if you press any
                    key (or button).


                    In the Bootblock you can read:

                    "Bootblock installed with 'CODER' the ultimate"
                    "viruskiller !!"


                    The  virus  copies  itself  always  to the same memory
                    address ($7F600).  There is a crypted text in the boot
                    block,  which the virus decrypts to $7FA00.  There you
                    can read this text:


                    "Something WONDERFUL has happened !! your Amiga"
                    "is alive and it is infected with the"
                    "'Coders Nightmare Virus'. - The ultimate key-"
                    "killer, masterminded by the megamighty Mr. N"
                    "of PowerBomb Systems !!"


                    The  new  installed  patch  in $68 (Zero-Page!) always
                    registrates  if you are pressing a key or mousebutton.
                    If the registrator-value reaches 2560 you get a RESET.



     SHI - A.D 04-94

[Go back]