------------------------
Amiga Virus Encyclopedia
Sachsen 3 Virus
------------------------
Name : Sachsen 3
Aliases : No Aliases
Type : Bootblock
Size : 2048 bytes
Symptoms : No Symptoms
Discovered : ?
Way to infect: Boot infection
Rating : Dangerous
Kickstarts : 1.2
1.3
2.0
Damage : Overwrites boot + block 2,3 + other blocks (!!)
Manifestation: -
Removal : Kickstart 1.2 & 1.3 : VT-Schutz v3.17
Kickstart all others: VirusZ III v1.04ß or higher, and also Xvs.library v33.47 or higher
Comments : The Sachsen 3-Virus consits of 2 Parts.
1) The Loader-Routine-Part for the Main-Part.
(=>Block 0,1)
2) The MAIN-Part with infection-Routines.
(=>Block 2,3)
The virus copies itself to $78000 and changes the
Cool-Capture to stay resident in memory. To infect
other disks the virus patches to DoIO()-Vector.
Additionally the virus patches the Wait()-Vector.
Imagine you are inserting an uprotected, clean disk:
1) The virus checks the infectionvalue. If this value
is greater than 3 the virus calculates a block
depending of $DFF006 and destroys it with the
string "SACHSEN3". If the value is greater than
12 the virus shows an alert:
"SACHSEN VIRUS NO.3 in Generation : XXXXX is running..."
(The X depends of the Generation !)
2) The Virus relabels the disk in "SACHSEN VIRUS NO.3
ON DISK !!!" by loading block 370 (!!!!)
(That means for HD-Disk Users = Block 370
DESTROYED!)
3) The virus writes 2048 bytes. (Loader+Main-part)
Block 2,3 = DESTROYED !!
Test made by : Safe Hex International
Screenshot of Sachsen NO.3 virus:
Ascii of Sachsen 3 virus:
Ascii of Sachsen 3 virus:
