MAD II Virus - Amiga Virus Encyclopedia

VIRUS HELP TEAM
 



------------------------
Amiga Virus Encyclopedia
MAD II Virus
------------------------

         
======== Computer Virus Catalog 1.2: MAD II Virus (20-FEB-1993) ========
Entry...............: MAD II Virus
Alias(es)...........: ---
Virus Strain........: ---
Virus detected when.: ---
              where.: North Germany
Classification......: System Virus (Bootblock, Resident)
Length of Virus.....: 1.Length on storage medium 1024 Byte
                      2.Length  in RAM           1024+20 Byte
--------------------- Preconditions ------------------------------------
Operating System(s).: AMIGA-DOS
Version/Release.....: 1.2 Only (Absolute DoIO)
Computer model(s)...: AMIGA 500,1000,2000
--------------------- Attributes ---------------------------------------
Easy Identification.: Bootblock dump: "MAD II Virus ,..."
Type of infection...: Bootblock, Resident, Overwriting any unprotected
                         disk-bootblock (no harddisks)
Infection Trigger...: Reset, disk-access on block 0
Storage media affected: Diskettes
Interrupts hooked...: Pointers: Kicktag, Coolcap, Coldcap
Damage..............: Overwriting bootblock
                      Overwriting disk-data (only on special systems,
                         see below)
Damage Trigger......: 13 resets
Particularities.....: Destruction routine seems to use illegal
                         undocumented op-codes. This routine will
                         only work on Amigas with a special version of
                         the 68000 Processor.
Similarities........: Gadaffi, Mad-Strain (only name)
--------------------- Agents -------------------------------------------
Countermeasures.....: Names of tested products of Category 1-6:
                      Category 1: AVM0.235
                      Category 2: AVM0.235
                      Category 3: AVM0.235,VC6.03,VT2.40,VIRUSZ
                      Category 4: Impossible
                      Category 5: ---
                      Category 6: Impossible
Countermeasures successful: AVM0.235, VC6.03,VT2.40,VIRUSZ
Standard means......: VT2.40
--------------------- Acknowledgement ----------------------------------
Location............: Virus Test Center, University Hamburg, FRG
Classification by...: Soenke Freitag
Documentation by....: Soenke Freitag
Date................: 17-December-1992
Information Source..: ---
===================== End of MAD II Virus ==============================

Antivirus...........: Kickstart 1.2 & 1.3 : VT-Schutz v3.17
                      Kickstart all others: VirusZ III v1.04B or higher, and also Xvs.library v33.47 or higher


Ascii of Mad II virus:
Virum Help Team
Denmark & Canada
Copyright © All rights reserved
www.vht.dk