Max of Starlight`93 Virus:
        --------------------------

        Kickstart 1.x: NO
        MC68040      : YES

        Patched vectors: Exec-GetMsg(), Exec-DoIO(), Intuition-Displayalert
        and Kicktagptr.

        This is an ordinary crypted bootblockvirus. The crypt-routine is an
        ordinary eor-loop which depends of the rasterbeam register.

        The memory will be allocated and there is no check for the calling
        device-> I destroyed a 40 MB scsi drive with it. The RDB was over-
        written by this virus.

        The virus clears Coolcapture and Coldcapture, probably to make sure,
        that it`s the only code resident in memory !

        The displayalertpatch is buggy or idiotic. No backjumpadress will be
        saved. Only a zero will be given back and no jump to the original
        routine.

        The infection and destruction routines will be only activated, if

        1. access to Rootblock (880)
        2. access to bootblock (0)
        3. read(2) or write(3) command



        The destructive routine tries to overwrite a random block with
        the double-longword :INSANE!!. Only datablocks (recognition
        longword 8 will be affected by it. This means less destruction
        on FFS.

        The virus contains no textroutine....



        At the end of the virus you can read (after decrypting it):
        -----------------------------------------------------------

        'The Max of StarLight Virus`93'
        'intuition.library',0



        Test by Markus Schmall

[Go back]