Introduction
Disk-Herpes is a computer virus written for the Commodore Amiga. It is an old bootvirus written 1987.
Summary
- Overwrites the original bootblock of any unprotected disk while booting
- Uses DoIO()-vector of the exec.library for infection
- Stays resident in memory by using the CoolCapture
- It is not encrypted
Details
After booting with an infected disk the virus copies itself to ChipRAM location $7EC00 without allocation. Then it makes itself resident by using the CoolCapture-vector.
On next reset the virus hooks the DoIO()-vector of the exec.library. This hook becomes active next time the Amiga will be booted by a disk and does the following:
Resets the DoIO()-vector to its original state. Destroys the disk by writing memory-garbage to its rootblock (block 880):
killroot:
move.w #3,$1C(a1)
move.l #$5000,$24(a1)
move.l #$60000,$28(a1)
move.l #$6E000,$2C(a1)
jsr -$1C8(a6)
After that the disk will be infected.
If you enter such a destroyed disk in your Amiga floppydrive you will get the following screen:
You can try to rescue some files with DiskSalv.
Each time a disk will be infected a counter will be increased. If this counter reaches the value 20 a graphical output will be shown:
As a sidenote I would like to mention that:
tshteopghraanptha really means thephantastograph
After pressing the left mousebutton, the Amiga will be resetted.
If you are booting a disk and pressing left mousebutton and the joystick-button simultaneously the virus will deinstall itself from memory and shows above output.
