VIRUS HELP TEAM Amiga Antivirus Website www.vht-dk.dk
------------------------
Amiga Virus Encyclopedia
Jinx Virus
------------------------
Name : Jinx
Aliases : No Aliases
Type : Boot
Size : 1024 bytesa
Clones : No Clones
Symptoms : No Symptoms
Discovered : 17 april 1994
Way to infect: Boot infection
Rating : Less Dangerous
Kickstarts : 1.2/1.3 | 2.0 or higher = guru!
Damage : Overwrites boot.
Manifestation: If the virus is active it always shows you a
normal DOS1.3-BB.
Removal : Install boot.
Comments : This virus uses the KICK-Vectors to stay resident.
It changes the BeginIO()-vector from the
trackdisk.device to infect other disks (No danger
for HD-Users!). Additionally it patches the
KickChkSum()-Vector from the exec.library to make
sure that no other programm can install itself
over the KICK-Vectors. Many routines in the virus
are "stolen" from the Lamer Ext. Viruses. The
memory-adress of the virus depends of the
Sysstklower -> $3A(a6). The whole BB is crypted
with depending of $DFF007-register.
In the end of the virus you can read this four
letters: "JINX". No alert or something like that.
Info : Patches Kickchecksum, KickTagPointer, KickSumData,
TD BeginIO, Exec VBI.
This is a very tricky bootblockvirus, which looks
for me like a Lamer Exterminator virus but more
tricky (Hi Soenke).
If the bootblockvirus is on your disk and you boot
with this writeprotected disc, a requester appears,
which says, that your the disc is a non DOS disc.
If you remove the write-protection everything is
allright again.
The read access will be patched and the bootcode
will be hidden. Little bug: Even if you read the
directory via TD device, the original bootblock will
be shown.
The bootblock will be crypted randomly and in the
end of the decoded bootblock you can see the text:
"JINX....trackdisk.device....".
Antivirus : Kickstart 1.2 & 1.3..... : VT-Schutz
Kickstart 2.0 and higher : VirusZ III, with the new Xvs.library installed
Test made by : Markus Schmall & Safe Hex International
Ascii of Jinx Bootblock virus (Decoded):
