Zenker Bootblock Virus:
        -----------------------

        This virus is a new type of virus. It only uses a loaderroutine in
        the ordinary bootsectors and all the virusparts are put in the sec.
        from 896-898. The original BB will be written to the sectors 898-
        900. That means that the sectordata 896-900 will be destroyed 100%
        and cannot be fixed. What  happens, if the headerblocks and  other
        structures are in this sectors ? You can forget this files. VW
        offers you the possibility to rewrite the BB from 898 to sector 0.
        In some cases this might work(for games with bootloaders ect.) but
        in the most cases your disc is damaged and not useable anymore.

        It can happen that the RDB block from your harddisc becomes over-
        written. In this case it is too late. You can only restore the
        backup of your RDB sectors (you surely have one!) and hope that
        the information on sector 896-900 were not too important.


        The virus uses some memory  without allocating it.It uses  $7f500
        without allocating this memory space.



                                     Detection tested on 23.3.93.
                                     Block-0 tested on   23.3.93.

        The Virus tries  to  look like a normal bootblockloader  with the
        string        "COMMODORE Bootblockloader ....)....



        Comment 28.11.1993: It appeared a Zenker Clone called INGO. Only
        the visible texts were changed.
        In the bootblock you can read now:
                        "Bootloader by Ingo(16 Feb.1993)
                        .....FUCKFUCKFUCK               "


        In the block 897 you can read:

                        "Now I am the 29 Generation"

        In Block 989 you can read at 0-11 "== INGO!! ==".


                                     Detection tested on 28.11.93.
                                     Block-0 tested on   28.11.93.

        Test by Markus Schmall

[Go back]