Scarface 2 Bootblock Virus - Amiga Virus Encyclopedia

VIRUS HELP TEAM
 



     --------------------------
     Amiga Virus Encyclopedia
     Scarface 2 Bootblock Virus
     --------------------------
     
     
     - SCARFACE 2 BeginIo, KickTag, KickCheckSum, Vec5
            FastMem no
            Propagation: over BB
            Reset routine controlled by Vec5 (counter cell> $ 2710)
            Visible in BB: e.g. SCARFACE
       Note: A Scarface II is kept in a virus collection.
        
       With VT comparisons:
           Scarface: Scarface II
            000: 444f5300 48bddd38 DOS.H..8 000: 444f5300 b1140dbd DOS .....
               a) ^^^^^^^^ ^^^^^^^^
            008: 00000370 60000006 ... p` ... 008: 00000370 60000006 ... p` ...
            010: 00000232 48e77f7f ... 2H ... 010: 00000401 48e77f7f .... H.
               b) ^^^^ ^^^^
            328: 732e6c69 62726172 s.librar 328: 732e6c69 62726172 s.librar
            330: 79000000 00000000 y ....... 330: 79002400 0a825555 y. $ ... UU
               c) ^^^^^^^^^^^^^ ^^^^^^^^^^^^^

           a) Checksum must always change
           b) counter
           c) the area used by the virus portion as a repository; and
              ALWAYS looks different.
           The virus code is otherwise the same up to the c range VOELLIG.
           So you see, there is no reason to make a distinction.


     Original test by Heiner Schneegold
     Translated from german to english by Google translate
     
     
     Ascii of ScarFace 2 virus:
Virum Help Team
Denmark & Canada
Copyright © All rights reserved
www.vht.dk