VIRUS HELP TEAM Amiga Antivirus Website www.vht-dk.dk
------------------------
Amiga Virus Encyclopedia
Leviathan Virus
------------------------
Name : Leviathan
Aliases : No Aliases
Clone : No Clones
Type : Multipartite
Boot size : 1024 bytes
File size : 1056 bytes
Symptoms : ColdCapture, OldOpenLibrary and DoIO will be changed.
The Coldcapture Routine initializes the DoIo and the
Old-Openroutines.
Discovered : 28-10-93
Way to Infect: Boot & Link infection
Rating : Harmless
Kickstarts : 1.2/1.3 -> Kick 2.0 guru at reset
Damage : Overwrites boot
Visible text : In the boot & file you can read "-=- LEVIATHAN -=-"
Removal : Delete file and/or install boot
Comments : The virus Uses the coolcapture to be resident.
There is a coded text in the Boot/File:
"YOU ARE THE OWNER OF A NEW GENERATION OF VIRUS!"
"IT FUCKS UP YOUR STARTUP-SEQUENCE!!"
The virus uses the DoIO(EXEC)-Vector to infect
the boot of the disks.
The virus patches the OldOpenLib(EXEC)-Vector
too. If this vector is used, the virus tries to
create a file (s/$c0) and to modifiy the
startup-sequence with the virusname.
Info : This virus is a quite tricky combination between
BB and file virus. It can be written as a normal
bootblock to disk and it can write a file in the
first position of the Startup-Sequence.
The virus uses the memory from $7f000-$7e000 direct.
At first the viruscode will be copied and after this,
the memoryblock will be allocated.
I have tested this virus with a normal A500+ and an
A4000 but the ResetRoutine of this virus does not
work on this computers, you have to coldreset your
machine.
In this virus was no special destroy routine found
(except the BB write command).
Removal : VirusZ III, and also the newest Xvs.library installed
Test made by : Markus Schmall
Ascii of Leviathan virus:
