------------------------------------
Amiga Virus Encyclopedia
Power Bomb Virus - Byte Bandit Clone
------------------------------------
==== Computer Virus Catalog 1.2: POWERBOMB Virus (31-January-1992) ====
Entry...............: POWERBOMB Virus
Alias(es)...........: ---
Virus Strain........: BYTE BANDIT Virus Strain
Virus detected when.: JANUARY 1990
where.: Elmshorn, Germany
Classification......: System virus (bootblock), resident
Length of Virus.....: 1. Length on storage medium: 1,024 byte
2. Length in RAM : 1,024 byte
--------------------- Preconditions ----------------------------------
Operating System(s).: AMIGA-DOS
Version/Release.....: 1.2/33.166, 1.2/33.180 and 1.3/34.20
Computer model(s)...: AMIGA 500, AMIGA 1000, AMIGA 2000A, AMIGA 2000B
(and only with those memory expansions of
$0C000000 type)
--------------------- Attributes -------------------------------------
Easy Identification.: Typical text: "POWERBOMB SYSTEMS PRESENTS:
BYTEBANDIT V2.0 !!!COPYS :"
Type of infection...: Self-identification method: ---
System infection: RAM resident, reset resident,
bootblock
Infection Trigger...: Reset (=CONTROL+Left-AMIGA+Right-AMIGA);
Operation: any disk access
Media affected......: Only floppy disks (3.5" and 5.25")
Interrupts hooked...: Vertical blank interupt
Damage..............: Permanent damage: overwriting bootblock, maybe
destroying opened files when screen and key-
board are shut off and user has to restart
system using CONTROL+LEFT-AMIGA+RIGHT-AMIGA
Transient damage: screen buffer manipulation:
screen becomes dark, keyboard seems to mal-
function; transient damage may be interrupted
by pressing a special key combination:
LEFT-ALT+LEFT-AMIGA (on newer AMIGAS the
COMMODORE key)+SPACE+RIGHT-AMIGA+RIGHT ALT
(but the virus will still be active)
Damage Trigger......: Permanent damage: reset; any disk access
Transient damage: only under following condition:
2 resets AND 6 infections AND execution of
BYTE BANDIT's own interrupt routine 5208
times (approx. 7 minutes)
Particularities.....: uses StartIOVector; other resident programs using
the system resident list (KickTagPointer,
KickMemPointer) are shut down
Copy counter: 19th word
Similarities........: BYTE BANDIT Virus Strain
--------------------- Agents -----------------------------------------
Countermeasures.....: Names of tested products of Category 1-6:
Category 1: .2 Monitoring System Vectors:
CHECKVECTORS 2.2
.3 Monitoring System Areas:
CHECKVECTORS 2.2,GUARDIAN 1.2,
VIRUSX 4.0
Category 2: Alteration Detection: ---
Category 3: Eradication: CHECKVECTORS 2.2,
VIRUSX 4.0
Category 4: Vaccine: ---
Category 5: Hardware Methods: ---
Category 6: Cryptographic Methods: ---
Countermeasures successful: CHECKVECTORS 2.2, GUARDIAN 1.2, VIRUSX 4.0
Standard means......: CHECKVECTORS 2.2
--------------------- Acknowledgement --------------------------------
Location............: Virus Test Center, University Hamburg, Germany
Classification by...: Wolfram Schmidt
Documentation by....: Wolfram Schmidt
Date................: 1-NOVEMBER-1991
Information Source..: ---
===================== End of POWERBOMB-Virus =========================
Antivirus removal...: Kickstart 1.2 & 1.3 : VT-Schutz v3.17
Kickstart all others: VirusZ III with Xvs.library installed
Ascii of Powerbomb virus:
