------------------------
Amiga Virus Encyclopedia
Liberator v3.0
------------------------
Liberator 3.0 Virus:
Filelength: 10712
This virus patches the startupsequence and writes itself in
it.
Original end of the startup:
(40.42 Startup-Sequence)
Resident Execute REMOVE
Resident Assign REMOVE
C:LoadWB -debug
EndCLI >NIL:
Modified end of the startup:
(40.42 Startup-Sequence)
Resident Execute REMOVE
Resident Assign REMOVE
C:LoadWB -debug
cv >NIL:
EndCLI >NIL:
The tests were performed with 3 drives (SYQ= Syquest 105 MB,
DF0 and DF2 as normal diskdrives).
On @{b}all@{ub} 3 devices the Startup-Sequence was changed in one
step. If a .fastdir file, which will be created by the virus,
will reach a special value (99) , then the following text
will be shown:
' Congratulations your hard disk has been'
' liberated of virus protection!! '
' Hello from the Liberator virus v3.0 '
' - Digital Deviant '
' The anti-anti-virus is here again ! '
' Lets play trash the hard disk '
' and ram the disk heads '
' Only hardcore belgi an rave can '
' truely liberate the mind! '
' The liberator 15/01/92 '
The .fastdir was not created on DF2, but on the other
devices. Startvalue from this 2 byte long file is: $310a. The
virus itself was not copied, but due to the filename "cv" and
the startupmessage I think that the real name is Check-
Vectors:
'Check Vectors rev 5.1 '
'All Rights Reserved '
'more TUPperware © by Mike Hansel'
'Reset vectors ok, Nothing resident'
', Trackdisk.device not intercepted, ',0
'DoIO ok, VBlank ok, dos.library not inte'
'rcepted.'
'System appears to be free of viruses and'
' trojans!'
Test By Markus Schmall Detection retested 16.07.1994
HEX dump of Liberator v3.00 virus:
|
