VIRUS HELP TEAM Amiga Antivirus Website www.vht-dk.dk
------------------------
Amiga Virus Encyclopedia
QRDL v1.1 Link Virus
------------------------
Name : QRDL v1.1
Aliases : No Aliases
Type : Link
Size : 2320 Bytes
Clones : No Clones
Symptoms : No Symptoms
Discovered : 21.11.92
Way to infect: This virus makes an infected file 2300 bytes longer.
It creates an own first hunk (like the like CCCP and
Smily Cancer).
The CoolCapture is set sometimes. The following pointers
will be used:
- Exec: DoIO / NewOpenLibrary
- Intuition: OpenWindow (-$CA)
- $78 (Exec)
Rating : Dangerous
Kickstarts : 1.3 NO FastMEM
Damage : Searches BitMapBlock and deletes Block-entries.
Manifestation: -
Removal : Delete file or use GOOD Viruskiller.
Comments : The QRDL-Virus is a very bad-coded linkvirus.
So the virus only works with Kick1.3 and 512KB Chip.
The virus is crypted. The virus changes the Cool
Vector to stay resident in memory. The DoIO(),
NewOpenLib, OpenWindow and $78(a6) vector will be
patched, too. The virus links itself at the first
file in the Startup-Sequence. Decrypted you can read:
"(C)1992-04-16 QRDL. Release 1.1 Born in Poland, Grt
to Jack"
All what I said about this virus is ALL theoretic,
because I couldn`t infect other files. But several
people said that this virus really works with A500
Kick1.3 without Fastmem and 68000 Prozessor !!
Sometimes the bitmap of the just inserted disk will
be filled with $FFFFFF. This routine will only be
started if an old filesystem disk (DOS0) will be
used. The result is that the OS thinks that the disk
is empty and if you write on the disk, all other
files on disk became cleared.
Test made by : Markus Schmall & Safe Hex International
