Christmas Linkvirus:
        The infected file becomes 1056 bytes longer.  The virus adds a hunk
        to the infected file.  The virus does only work, if you have Ranger
        memory  from  $C00000-$C80000  because the virus uses direct memory
        adresses  in  this range and at the end of the first 512 kbyte chip


      cmpi.l        #$0007E07A,$00C002A4.L        ; 2 Direct memory adresses
                                                  ; in one assembler command
     beq.b        L_2
       lea        L_8C(pc),a0
       lea        $0007FB84.L,a2
    move.w        #$0400,d0
     .loop        move.b        (a0)+,(a2)+                ; The CopyLoop
      dbra        d0,.loop
    move.l        #$0000633A,$0007FE80.L

   The  only  visible  text  in  the virus is:  > Generation:  0000 <.
   Other textparts are not visible.

                   DC.B        'Nu > Generation: 008 <',0

   The  repair routine was only tested with one file because I did not
   succeed  in  spreading the virus on my test disks.  Does anyone has
   an  infected file which is longer then 2000 bytes?  I need now your

                     Detection and Repairroutine tested on 01.01.1993.

        Test by Markus Schmall

[Go back]