------------------------
Amiga Virus Encyclopedia
Eleni 3 Virus
------------------------
Name : Eleni 3
Other name : MessAngel
Clones : No Clones
Type : Bootblock
Size : 1024 bytes
Symptoms : No Symptoms
Discovered : 23 april 1994
Way to infect: Boot Infection
Rating : Dangerous
Kickstarts : 2.0
3.0+
Damage : Damages LoadFiles
Comments : If you`re starting the Eleni 3 virus it allocates
20000 byte Chip-memory as long as there isn`t any Chip
memory anymore. The the virus copies itself into the
last available chip-area.
Then the virus patches the DoIO()-Vector to infect
other disks. If you`re now inserting a disk the virus
checks if the disk is already infected by loading the
bootblock at address $70000. If the disk is already
infected the virus subs 1 from a special address,
which is on some AMIGAS the Clock-Address (A2000, I
think). But all this will be done if there was a
bootblock READ-Access. If a WRITE-Access is requested,
the virus patches the LoadSeg()-Vector from the
"dos.library".
This LoadSeg-patch will do the following:
If a file will be loaded the virus checks for the
Clock Address. If this address reached the value 1 the
virus insert a new name for LoadSeg, "ELENI!". In the
CLI you will get this error:
`Unknown command: "ELENI!"`
If the Clock-Address reached 0 the virus loads the
actual file into address $70000 und some bytes in this
file will be changed. You will see a GURU.
Removal : Kickstart 1.2 & 1.3 : VT-Schutz v3.17
Kickstart all others: VirusZ III with Xvs.library installed
Test made by : Safe Hex International
Thanks to : Jason & Jordan Smith, for sending this bootblock virus
to Virus Help Team
Ascii of Eleni 3 (MessAngel) virus:
