------------------------
Amiga Virus Encyclopedia
Digital Dream Virus
------------------------
Name : Digital Dream
Aliases : No Aliases
Clones : No Clones
Type : Bootblock
Size : 2048 bytes
Symptoms : No Symptoms
Discovered : 27 november 1993
Way to infect: Boot infection
Rating : Dangerous
Kickstarts : 1.2
1.3
2.0
Damage : Overwrites boot and Block 2,3
Comments : The Digital Dream virus is a new sort of bootblock
virus. It saves the OriginalBB to block 2,3 so that
the virus can load it even after an infection. But
if a file used the blocks 2,3 it will be damaged.
(You will get a checksum error; read/write error)
Forget this file, you can`t repair it !!!!!
Imagine you are booting with an infected disk, the
virus does the following:
2) It copies itself to $7F400.
1) It sets the KICK-Vectors to the virusvalue, to
stay resident in memory.
2) After that the virus patches the Supervisor()
and the DoIO()-Vector.
3) Now, the virus loads the original bootblock from
block 2,3 to address $7E000 and executes it.
The Supervisor() patch sets the KICK-Vectors always
to the virusvalue.
The DoIO() patch is used to infect other disks.
Imagine you are inserting a uninfected & unprotected
disk:
1) The virus loads the bootblock from the disk to
$7FC00.
2) Then it checks for "already-infected".
3) After that it cryptes the whole virus bootblock with
a byte taken out from the DFF006 register.
4) Saves 2048 bytes... Block 2,3 = DEAD!
In the decrypted bootblock you can read:
">>DIGITAL DREAM<< by Max of StarLight"
The KICK-Indentification-String is:
">>DIGITAL DREAM<<"
Removal : Kickstart 1.2 & 1.3 : VT-Schutz v3.17
Kickstart all others: VirusZ III with Xvs.library installed
Test made by : Safe Hex International
Ascii of Digital Dream virus:
