VIRUS HELP TEAM Amiga Antivirus Website www.vht-dk.dk
------------------------
Amiga Virus Encyclopedia
ELENI! Virus
------------------------
Name : ELENI!
Other name : MessAngel, Eleni 3
Clones : No Clones
Type : Bootblock
Size : 1024 bytes
Symptoms : No Symptoms
Discovered : 23 april 1994
Way to infect: Boot Infection
Rating : Dangerous
Kickstarts : 2.0
3.0+
Damage : Damages LoadFiles
Comments : If you`re starting the Eleni 3 virus it allocates
20000 byte Chip-memory as long as there isn`t any Chip
memory anymore. The the virus copies itself into the
last available chip-area.
Then the virus patches the DoIO()-Vector to infect
other disks. If you`re now inserting a disk the virus
checks if the disk is already infected by loading the
bootblock at address $70000. If the disk is already
infected the virus subs 1 from a special address,
which is on some AMIGAS the Clock-Address (A2000, I
think). But all this will be done if there was a
bootblock READ-Access. If a WRITE-Access is requested,
the virus patches the LoadSeg()-Vector from the
"dos.library".
This LoadSeg-patch will do the following:
If a file will be loaded the virus checks for the
Clock Address. If this address reached the value 1 the
virus insert a new name for LoadSeg, "ELENI!". In the
CLI you will get this error:
`Unknown command: "ELENI!"`
If the Clock-Address reached 0 the virus loads the
actual file into address $70000 und some bytes in this
file will be changed. You will see a GURU.
Removal : VirusZ III with Xvs.library installed
Test made by : Virus Help Team
Thanks to : Jason & Jordan Smith, for sending this bootblock virus
to Virus Help Team
Ascii of ELENI! (MessAngel) virus:
