------------------------
  Amiga Virus Encyclopedia
  Aibon 2 Installer
  ------------------------
    

  - Aibon2-Mount2-Clone:
    
    A Toolsdaemon V2.2 has appeared, infected with this clone part.
    
    File length infected: 7128 bytes
    Trojan removed: 4896 bytes
    
    This part was linked using the Hunklab method.
    
    Differences to Aibon:
    - mount is copied to s (length 784 bytes)
    - s:startup-sequence is shortened to ONE line s:mount,$0a,$0a.
    - Files are shortened to 42 bytes and filled with memory content from

    $0 (yes, zero page). Example file with KS1.3:
    0000: 00000000 00000676 00fc0818 00fc081a .......v........
    0010: 00fc081c 00fc081e 00fc0820 00fc0822 ........... ..."
    0020: 00fc090e 00fc0826 00fc .......&..

    - The Trojan file reads:
       00000000 00000000 00000000 7379733a ............sys:
       00686430 3a006466 303a0064 66323a00 .hd0:.df0:.df2:.
       646f732e 6c696272 61727900 00000000 dos.library.....
       ;.....
       03eb0000 00000000 03f2733a 6d6f756e ..........s:moun
       740a0a73 3a737461 72747570 2d736571 t..s:startup-seq
       75656e63 6500733a 6d6f756e 74000000 uence.s:mount...
       ;.....
       00000000 00006864 303a0073 79733a00 ......hd0:.sys:.
       72616d3a 00646f73 2e6c6962 72617279 ram:.dos.library
       00736572 2e726561 6400646f 732e6c69 .ser.read.dos.li
       62726172 79000000 00000000 0000646f brary.........do
       732e6c69 62726172 79004261 636b4772 s.library.BackGr
       6f756e64 5f50726f 63657373 00000000 ound_Process....

    Also minor changes to the drives.

    A GURU must be expected.
    The installation process has a DOS delay ($29bf8 = almost
    an hour). For the rest, see the express description above.


    Removal: Kickstart 1.2 & 1.3 : VT-Schutz v3.17
             Kickstart all others: VirusZ III with Xvs.library installed
 
 
    Orginal text by Heiner Schneegold
    Translated from german to english, with use of Google translate