........................... VIRUS HELP DENMARK ........................
Hi All.... 22 december 2020
We have recived an .adf archive, with a new virus on the bootblock, this
bootblock will change The checksum of the bootblock with each mutation,
so that means that there could be a lot of mutations out there. So please
take care.
Here is some info about the infected archives:
Archive name.....: AppelCatcher.adf
Archive size.....: 901.920 bytes
After booting the virus changes the CoolCapture-Vector to stay resident
in memory at ($000058DC). Then the virus patches the DoIO ($000059B6)
Vector to infect other disks
The virus injects code (112 bytes) into the original bootblock at a
variable position (harder to detect!). It writes its code in sectors 3
to 5 and a copy of the original bootblock in sectors 6 to 7.
The checksum of the bootblock changes with each mutation, so that means
that there could be a lot of mutations out there. Take care.
At the height of luxury, it protects its data from being overwritten by
updating the BAM (block availability map).
At launch it installs it's code in memory and launches the original
bootblock to make it look like all is well. Unlike other viruses,
it recognizes an already infected disk.
Reat the test of this virus from Virus Help Team, right here.
Thanx to Ivan Sergeevich for sending the file to Virus Help Team.
Thanx to CrashDisk, for the test of this virus.
Regards....
__ Jan Andersen
__ /// --------------
\\\/// Virus Help Team Denmark
\XX/ http://www.vht-dk.dk