Introduction
Perverse I is a computer virus written for the Commodore Amiga. It is a bootvirus.
Summary
- Overwriting the original bootblock of any unprotected disk inserted in drive df0: only
- The virus is not encrypted
- Adds ports
- Registers a handler on the input.device
- Makes itself reset resident by using the KickTag
Details
After booting with an infected disk the virus checks if it is already active in memory by searching for a resident module identified by string "BootX-Viruskiller by P.Stuer"1 (using FindResident() of the exec.library). If not found the virus allocates 2048 byte of ChipMem and copies itself to this location. Then it makes itself resident by using the KickTag while registering itself with above mentioned string. Finally the virus installs a port using AddPort() and registers a handler on the input.device (device command 9, IND_ADDHANDLER).
Now the virus will be notified by the AmigaOS if a disk is insterted in the floppy drive df0:. If yes the virus infects it by setting up a trackdisk.device structure. It will not check if the disk inserted is write-protected this results in unwanted(?) system-requesters.
Meanwhile a counter will be increased. If this counter reaches 6000 the virus takes control over the keyboard inputs (using the input.device) and from now on matter which key the user presses the virus will give out the following message (each keypress one more character of the message appears) until one can see the following output:
In the virus-bootblock you can see the following text:
0270h: 0C 68 00 40 00 06 64 0C 4A 68 00 06 67 06 04 68 ; .h.@..d.Jh..g..h
0280h: 00 01 00 06 20 08 4E 75 42 6F 6F 74 58 2D 56 69 ; .... .NuBootX-Vi
0290h: 72 75 73 6B 69 6C 6C 65 72 20 62 79 20 50 2E 53 ; ruskiller by P.S
02a0h: 74 75 65 72 00 21 18 23 14 11 20 13 12 0B 19 17 ; tuer.!.#.. .....
Clones and variants
None
1: Peter Stuer is the author of the well-known anti-virus programm BootX on the Amiga.
