Big Ben Virus - Amiga Virus Encyclopedia

VIRUS HELP TEAM
 


    ------------------------
    Amiga Virus Encyclopedia
    Big Ben Virus
    ------------------------

       
    Big Ben Virus:
    
    The virus was sent  me as Big Ben virus,  I cannot follow the name of
    this virus, it appears only a clocktime sometimes on the screen.

    Kickstart 2.x and higher is required to run this virus.

    Patched vectors: Exec() CoolDoIO, Exec() Findname, Exec() Replymsg,
                     Exec() Waitport, Exec() DoIO

    The virus tries to read the time  from a hardware chip,  which is not
    located at  this adress on newer machines.  The virus  allocates it`s
    memory correct and tests,  if the  catched  DoIO call  comes from the
    "trackdisk.device" or not.  So only diskdrives  will  be infected and
    NOT harddrives.

    The way of patching the vectors is new on AMIGA.  The way of patching
    will be used on Intel Windows machines in conjunction with background
    programms (Thanks Ingo for this hint). This routine is buggy, but
    works.

                            Detection and memory repair tested 01.12.1994

    Test by Markus Schmall


    Screenshot of Big Ben virus:
Virum Help Team
Denmark & Canada
Copyright © All rights reserved
www.vht.dk