------------------------
Amiga Virus Encyclopedia
DiskDoctors v1.2 Virus
------------------------
===== Computer Virus Catalog 1.2: DISK DOKTORS Virus (5-June-1990) ====
Entry...............: DISK DOKTORS Virus
Alias(es)...........: CRACKRIGHT Virus
Virus Strain........: --
Virus detected when.: February 1989
where.: Elmshorn, FRG
Classification......: system virus (bootblock), resident
Length of Virus.....: 1. length on storage medium: 1024 byte
2. length in RAM : 1024 byte
--------------------- Preconditions -----------------------------------
Operating System(s).: AMIGA-DOS
Version/Release.....: 1.2/33.180
Computer model(s)...: AMIGA 500, AMIGA 1000, AMIGA 2000A, AMIGA 2000B
--------------------- Attributes --------------------------------------
Easy Identification.: typical text: '(C)rackright by Disk-Doktors'
others: free memory shown on the workbench changes
every time a new unprotected disk is inserted
into any disk drive
Type of infection...: self-identification method: compares word at
dress set in cold capture vector plus offset
of 20 decimal for matching value hex. $424D
system infection: RAM resident, reset resident,
bootblock
Infection Trigger...: reset (CONTROL + Left-AMIGA + RIGHT-AMIGA)
operation: any disk access
Storage media affected: floppy disks (3.5" and 5.25")
Interrupts hooked...: ---
Damage..............: permanent damage: overwriting bootblock,
formatting disk after 2000 infections from
track 40 (root directory) for 35 tracks;
causing a system reset after 2000 infections
and 30 minutes
transient damage: ---
Damage Trigger......: permanent damage: overwriting bootblock: reset
operation: any disk access formatting disks:
after 2000 infections every 5th disk will be
formatted from track 40 (root directory) for
35 tracks, causing a system reset: after 2000
infections and 30 minutes
transient damage: ---
Particularities.....: uses DoIOVector
a resident program using ColdCapture or
CoolCapture vector is shut down;
WarmCaptureVector is cleared;
virus opens a task named 'clipboard.device',
normally a system device used by some
programs to cut or paste text or graphic parts,
so task list facility shows a task list, which
seems to be normal, this task manages the copy
of the virus to another location in system
after every infection; the task slows down the
AMIGA, after the 5th reset the virus wastes
(number of resets *10 KB) of memory;
virus shuts down itself by moving the joystick
in port 1 up or down and booting an infected
disk with an uninfected system;
when the virus starts, interrupts are dis-
abled, using the inactivation facility via
joystick up or down (port 2) causes the virus
to exit without enabling the system interrupts,
so the system interrupt enable counter isn't
refreshed
Similarities........: ---
--------------------- Agents ------------------------------------------
Countermeasures.....: Names of tested products of Category 1-6:
Category 1: .2 Monitoring System Vectors:
'CHECKVECTORS 1.6'
.3 Monitoring System Areas:
'CHECKVECTORS 2.2','GUARDIAN 1.2',
'VIRUSX 3.20'
Category 2: Alteration Detection: ---
Category 3: Eradication: 'CHECKVECTORS 2.2',
'VIEWBOOT 1.01', 'VIRUSX 4.0'
Category 4: Vaccine: ---
Category 5: Hardware Methods: ---
Category 6: Cryptographic Methods: ---
Countermeasures successful: with restrictions: 'CHECKVECTORS 2.2',
'GUARDIAN 1.2'
Standard means......: with restrictions:
'CHECKVECTORS 2.2' (restoring bootblock)
'GUARDIAN 1.2' (restoring bootblock)
--------------------- Acknowledgement ---------------------------------
Location............: Virus Test Center, University Hamburg, FRG
Classification by...: Wolfram Schmidt
Documentation by....: Alfred Manthey Rojas
Date................: 5-June-1990
Information Source..: ---
===================== End of DISK DOKTORS Virus =======================
Antivirus removal...: Kickstart 1.2 & 1.3 : VT-Schutz v3.17
Kickstart all others: VirusZ III with Xvs.library installed
Ascii of Disk Doctors (Crackright) virus:
