| Alias: | --- |
| Strain: | --- |
| detected when: | unknown |
| where: | unknown |
| Classification: | system virus (bootblock), resident |
| Length: | 1. Length on storage medium: 1024 bytes 2. Length in RAM: 2048 bytes |
Preconditions | |
| Operating System(s): | AMIGA-DOS |
| Version/Release: | all system releases |
| Computer model(s): | all models |
| Caroname: | ULVD8 |
Attributes | |
| Easy identification: | text visible in bootblock: "ULDV8" |
Type of Infection: | Self-identification method: checks if VertB interrupt already points to virus routine System infection: RAM resident, reset resident, bootblock |
| Infection Technique: | |
| Infection Trigger: | read or write access to bootblock of floppy |
| Storage Media affected: | only floppies |
| Interrupts hooked: | CoolCapture, KickTag, BeginIO und VertB vectors |
| Stealth: | |
| Tunneling/Selfprot: | |
| Oligo/Polymorphism: | |
| Encoding Method: | |
| Damage: | Permanent damage: overwriting bootblock; Transient damage: screen buffer manipulation; display is made unreadable due to writing of garbage into VHPOS |
| Damage Trigger: | Permanent damage: see "Infection" Transient damage: 55900th vertical blank call (equals 18 min 28 sec in PAL screenmode) |
| Particularities: | virus uses KickTag for calling a routine which only incerements an unused counter; Transient damage routine includes a buggy part which should end transient damage effects by pressing LeftAlt, s and F6 |
| Similarities: | none |
Agents | |
| Countermeasures: | VT2.68, VirusWorkshop 4.6, Virus Checker 6.50, VirusZ_II 1.10 |
| Standard means: | VirusWorkshop 4.6 |
Acknowledgements | |
| Location: | Virus Test Center, University of Hamburg, Germany |
| Classification by: | Karim Senoucci |
| Documentation by: | Karim Senoucci |
| Date: | 31-May-1995 |
| Information Source: | Virus analysis, Heiner Schneegold, Markus Schmall |
(c) 1996 Virus-Test-Center, University of Hamburg