------------------------
Amiga Virus Encyclopedia
Disnomia Virus
------------------------
- Disnomia LVirus link virus
see. also Elbereth3
Namensbegruendung:
In the decoded link part you can read:
00bfd100 60ce3d3d 3d202121 21204469 .... `. === !!! di
736e6f6d 69412021 2121203d 3d3d20a9 snomiA !!! ===.
202a204d 61442072 6f474572 20313939 * MaD roGEr 199
37202a20 506f6c61 6e640054 68697320 7 * Poland.This
File extension: # 1060 bytes
Not reset-proof
Bent vectors: LoadSeg NewLoadSeg
Memory anchoring:
- test if already in memory ($ 2F01)
- Loadseg and NewloadSeg are bent
- Tests later loaded file names for "v" or "V".
It is therefore useful to have your antivirus program for the
private !!!! Rename use, otherwise you could
think your system is clean because the part at "v"
or "V" removed from memory.
Link operation:
- with LoadSeg and NewLoadSeg
- File not yet contaminated (date)
So if you copy a contaminated file and the file
Do not take the date with you, it can lead to multiple contamination
come.
- Medium validated
- 4 blocks free
- File executable ($ 3F3)
- CodeHunk is found ($ 3E9)
- File larger than # 2120 bytes
- File less than # 282286 bytes
- 1st hunk smaller $ 1fff x 4 = # 32764 bytes
- The search is in the 1st Hunks in a range of
# 32736 ($ 3ff0 x 2) to bcc ($ 6v00wxyz), jsr xy ($ 4EBAwxyz)
or jsr -xy (a6) ($ 4EAE wxyz)
- This LW is caused by bsr virus ($ 6100wxyz)
replaced.
- the part is always re-encoded with $ DFF007
Destruction:
If the value $ AA is reached in D7, one should
"Floppy music" can be triggered. Your disk drive will
So take damage through end stops if you don't
react fast.
Removal: Kickstart 1.2 & 1.3 : VT-Schutz v3.17
Kickstart all others: VirusZ III, and also Xvs.library must be installed
Original test by Heiner Schneegold
Translated from german to english by Google translate
