| Alias: | --- |
| Strain: | --- |
| detected when: | October 1988 |
| where: | Utrecht (Netherlands) |
| Classification: | System (Bootsector) Virus, Reset-resident |
| Length: | 512 Bytes |
Preconditions | |
| Operating System(s): | Atari TOS |
| Version/Release: | All versions |
| Computer model(s): | All Atari ST,STE |
| Caroname: | ACA |
Attributes | |
| Easy identification: | If the bootsector is infected, the string "ACA" can be found at bootsector position $04 and $4E. In memory, the same string can be found at $630. |
Type of Infection: | Self-Identification: The Virus tests boot sector- position 4 for String "AC"; if string does not match, virus infects boot sector. Reset-resident at address $600 via magic long- word ($12123456) and checksum ($1234). |
| Infection Technique: | |
| Infection Trigger: | Reset |
| Storage Media affected: | The virus infects drive A,B! |
| Interrupts hooked: | No Interrupts used. No system vectors changed |
| Stealth: | |
| Tunneling/Selfprot: | |
| Oligo/Polymorphism: | |
| Encoding Method: | |
| Damage: | Permanent Damage: Only after reset overwriting boot sectors. Transient Damage: Clearing first track |
| Damage Trigger: | Damage occurs after 10 infections. |
| Particularities: | --- |
| Similarities: | --- |
Agents | |
| Countermeasures: | --- |
| Standard means: | Write-protect the disk. Write a well-known program to the boot sector; 'manually' change the checksum to a value other than $1234. |
Acknowledgements | |
| Location: | Virus Test Center, University Hamburg, FRG |
| Classification by: | Thomas Piehl |
| Documentation by: | Thomas Piehl |
| Date: | 5-June-1990 |
| Information Source: | from George R. Woodside |
(c) 1996 Virus-Test-Center, University of Hamburg