Virus Warning - Virus Help Team

VIRUS HELP TEAM
Denmark & Canada



Game Over Bootblock Virus

 ...........................  VIRUS HELP DENMARK  ........................

 Hi All....                                               22 december 2020

 We have recived an .adf archive, with a new virus on the bootblock,  this
 bootblock will change  The checksum of the  bootblock with each mutation,
 so that means that there could be a lot of mutations out there. So please
 take care.

 Here is some info about the infected archives:

 Archive name.....: AppelCatcher.adf
 Archive size.....: 901.920 bytes

 After  booting the virus  changes the CoolCapture-Vector to stay resident
 in memory  at ($000058DC).  Then  the virus  patches the DoIO ($000059B6)
 Vector to infect other disks
                    
 The  virus  injects  code (112 bytes)  into  the original  bootblock at a
 variable  position (harder to detect!).  It writes  its code in sectors 3
 to 5 and a copy of the original bootblock in sectors 6 to 7.
                    
 The checksum of the bootblock changes with each mutation, so that means
 that there could be a lot of mutations out there. Take care.
                    
 At the  height of luxury,  it protects its data from being overwritten by
 updating the BAM (block availability map).
                    
 At  launch  it  installs  it's code  in memory  and launches the original
 bootblock to  make  it  look  like all is  well.  Unlike  other  viruses,
 it recognizes an already infected disk.

 Reat the test of this virus from Virus Help Team, right here.

 Thanx to Ivan Sergeevich for sending the file to Virus Help Team.
 Thanx to CrashDisk, for the test of this virus.


   Regards....
      __           Jan Andersen 
 __  ///          --------------
 \\\///       Virus Help Team Denmark
  \XX/         http://www.vht-dk.dk




Virus Help Team
Denmark & Canada
Copyright © All rights reserved
www.vht-dk.dk