------------------------
Amiga Virus Encyclopedia
Saddam Bootblock Virus
------------------------
===== Computer Virus Catalog 1.2: SADDAM_boot Virus (31-July-1993) =====
Entry...............: SADDAM_boot Bootblock Virus
Alias(es)...........: ---
Virus Strain........: --- !NOT related to SADDAM strain!
Virus detected when.: ---
where.: ---
Classification......: System virus (bootblock infector), memory resident
Length of Virus.....: On media/in RAM: 1024 bytes
--------------------- Preconditions ------------------------------------
Operating System(s).: AMIGA-DOS
Version/Release.....: 1.3/all
Computer model(s)...: Only A500 and A2000 models with memory at
$C00000, but without fast memory.
--------------------- Attributes ---------------------------------------
Easy Identification.: Typical text: "A2000 MB Memory Controller V2"
Type of infection...: RAM resident, reset resident, bootblock infector,
changes: 1) after Booting: KickTagPtr,
KickCheckSum, CoolCapture (cleared)
2) after RESET: DoIo
3) after first "read Rootblock"-Command:
DoIo (he writes the original back),
Level 3 Interrupt
Infection Trigger...: 1) Booting from an infected disk;
2) first "read Rootblock"-Command after RESET.
Storage media affected: Floppy disks only
Interrupts hooked...: Hardware Interrupt 3 (Blitter ready / beginning
of vertical blanking / Copper Interrupts)
Damage..............: When virus writes itself to Bootblock, system will
crash when virus attempts to show an alert in
Level 3 Interrupt.
Damage Trigger......: $7530th Level 3 Interrupt call,
first "read Rootblock"-Command after RESET
Particularities.....: Virus copies itself to $7F000.
Similarities........: NOT related to SADDAM virus strain!
--------------------- Agents -------------------------------------------
Countermeasures.....: VirusZ 3.06, VT 2.54, VirusChecker 6.28
Countermeasures successful: VirusZ 3.06, VT 2.54, VirusChecker 6.28
Standard means......: VT 2.54
--------------------- Acknowledgement ----------------------------------
Location............: Virus Test Center, University Hamburg, FRG
Classification by...: Jens Vogler
Documentation by....: Jens Vogler
Date................: 31-July-1993
Information Source..: Reverse analysis of virus code
===================== End of SADDAM_boot Virus =========================
Antivirus...........: Kickstart 1.2 & 1.3 : VT-Schutz v3.17
Kickstart all others: VirusZ III v1.04B or higher, and also Xvs.library v33.47 or higher
Ascii of Saddam Bootblock virus: