------------------------
     Amiga Virus Encyclopedia
     Waft Virus
     ------------------------

 
     Name         : Waft

     Aliases      : No Aliases
     
     Clones       : No Clones      

     Type         : Bootblock
     
     Size         : 1024 bytes

     Symptoms     : No Symptoms

     Discovered   : 22 december 1991

     Way to infect: Boot infection

     Rating       : Harmless

     Kickstarts   : 1.2
                    1.3
                    2.0

     Damage       : Overwrites boot

     Removal      : Install boot

     Comments     : The Waft-Virus allocates Chip-Memory and copies itself
                    into that area.  Furthermore the CoolCapture Vektor is
                    used to stay resdient in memory. 

                    To  infect  other  disks  the virus patches the DoIO()
                    Vector.  But  NO danger for HD Users: The virus checks
                    for  the  trackdisk.device.  If the virus is active in
                    memory  it  always  shows you an original clean DOS1.3
                    bootblock. 

                    ATTENTION:  'THAT'  means  if  you  want  to  see your
                    bootblock  with  a  bootblock utility, you will always
                    see a normal standard one. 

                    This  unik  stealth-method was first used by the Lamer
                    Exterminator  viruses.  Depending  of  infections  the
                    virus gives out the following alert:

                    = = = = oderint dum metuant = = = =
                              ! ! WAFT  ! !
                       Quality made in West-Germany
                       
     Test made by : Safe Hex International                   


     Screenshot of Waft Virus:
     


     Ascii of Waft virus (Decoded):