------------------------
    Amiga Virus Encyclopedia
    Mosh 1.0 Bootblock virus
    ------------------------
    
    
    Mosh 1.0 Bootblock virus:
    -------------------------
    There are two viruses with the name Dr.Mosh in circulation, this
    are different ones!!!


    Patched vectors: DOIO, KickTag, -$58(dos)

    Doio is alway pointing at $7f964 and the Kicktag pointer is also
    always pointing to $7fbde.

    This virus works only under Kickstart 2.0 and higher, caused  by
    BCPL.

    This  virus copies its code to $7f800  (without allocation)  and
    overwrites the original bootblock.  Caused by a missing checking
    routine  for "trackdisk.."  the virus is  able to destroy to RDB
    of  your  HD, too.  After 5 infections  the sector  880  will be
    trashed  (exactly this block).  At normal  DD disks, this is the
    location for the rootblock. As a result your disk is not useable
    anymore. Try  to use DiskSalf etc. to recover your data.  In the
    same process the block $2800/$200 will be trashed. A file, which
    is located in this block, is not repairable anymore. Sorry.

    Caution: Due to the missing memoryallocation, it can happen that
    the  patched  DOIO routine will  be  overwritten and the  system
    crashes.

    Example: VirusWorkshop crashed on an A500+ based on this reason.

    The virus contains some texts at the end, which are crypted:

    'dos.library'
    'intuition.library'
    'HEY !  I`M  MOSH version 1.0'
    'FIRST SILESIAN VIRUS'            - other possible Name !?!
    'F2'
    'Written by the best M.G.F'
    'x2 Special greetings to: C.I.A. and K.GARLEJ'
    'FFd Biiig fucking to: KAZIO STEINHOFF and'
    ' D.K.BIT'
    'AND now SERIOUS I LOVE BEATA B my BEST girl'
    'Friend have you AIDS ? if have it fiine'
    'i olso have one'

                                     
    Test by Markus Schmall             Detection tested 24.04.1994
 

    Ascii of Mosh 1 Bootblock virus: