------------------------
Amiga Virus Encyclopedia
BBS.$4EB9-Link.First
------------------------
- $ 4EB9 link ??
File excerpt:
0000: 000003f3 00000000 0000000d 00000000 ................
0010: 0000000c 00000004 00000014 00000630 ............... P
0020: 400000cc 00000001 0000007c 0000042a @ .............. +
0030: 00000486 00000014 000026d8 0000007c .......... & .....
0040: 000013aa 00000923 000003e9 00000004 ....... # ........
0050: 4eb90000 00004eb9 00000000 70004e75 N ..... N ..... p.Nu
0060: 000003ec 00000001 00000001 00000002 ................
0070: 00000001 00000008 00000008 00000000 ................
0080: 000003f2 000003e9 00000014 48e7ffff ............ H ...
Recently, this structure has appeared more and more frequently in the context of
linked viruses. The viruses are usually around "old" parts that are not recognized
because the test longwords are in a different place.
Presumably the structure was developed by a scene group, to be able to link an
intro to a program.
This structure is now being copied (or it even exists a program for it ??).
So PLEASE, PLEASE do not delete every $ 4eb9 immediately, but rather think
about it and first copy the file to another disc.
Most of the programs found will likely be assigned to the scene, d. H. the game will
stop after deleting DO NOT walk anymore. Please help to create the virus programs
filter out and send the programs to me, please. If it works with Tel. No.. I'll call you
back as soon as I do that Part have deciphered. I reaffirm that both Telephone
numbers as well as addresses after completing the work in like the trash can.
Structure:
The linked virus part starts at $ 84
The trigger hunk starts at $ 48. It is very short (4) and contains only 2 jump
commands jsr ($ 4EB9), moveq 0, d0 (7000) and a rts (4e75). This is followed by a
reloc hunk for the jsr commands.
Sequence:
The 1st jsr command installs the virus part and returns.
The 2nd jsr command executes the utility program and returns after loading end of
the program back. Then d0 is deleted and with rts finished the whole file. As simple
as that.
Note 06/07/93:
4EB9 links have also surfaced with the virus part with the 2nd jsr command is installed.
ALL linked virus parts were packed, probably to minimize reloc problems.
NOTE from VT2.54:
You can now switch off part 1 or 2 in the file requester.
Link1off - switches off program part 1.
Link2off - switches off program part 2.
Of course, this can only be an EMERGENCY NAIL. It is better if you send me the
contaminated part and ease it even more show me my work in case you happen to be
using the program have an unlinked state.
Please make two copies of the linked program different name copies on an otherwise
empty disc. Switching then click link 1 on copy 1 and link 2 on copy 2.
If you are lucky, a working program is without it Virus part or without an intro !!
But !!! It is also possible that the main program is NOT more is running. Why ?
Example: A group has linked an intro to a game. Then can in this intro already changes
on the computer (FastRam from switching, etc.), which the game requires.
Without the intro, the game will logically not run. able to. Examples are known !!!!
NOTE: A file with the LINK switched off will NOT be passed on!
Note 06/28/93:
The generator program for the $ 4EB9 link seems to have been found.
A program called: Chain V0.23
Thanks for the hint
Note 9/24/93: A new 4EB9 variant is said to have appeared.
46696c65 2d636861 696e2069 6e636c75 File-chain inclu
64696e67 3a20006d 656e7500 77640000 thing: .menu.wd ..
000003e9 00000007 48e7fffe 4eb90000 ........ H ... N ...
00004cd7 7fff4eb9 00000000 4cdf7fff ..L. .N ..... L..
70004e75 000003ec 00000001 00000001 p.Nu ............
You can switch off part 1 or 2 in the file requester. Please
read a few lines above.
Addendum 04.94:
The producer program seems to have been found. File Chainer V1.3
Thanks for the hint.
------------------------------------------------------
Translated to English by M0rpheus © 2001 VHT-Denmark
Org. Test by Heiner Schneegold.
------------------------------------------------------
