| Alias: | "Virus 2A" = mad Virus |
| Strain: | --- |
| detected when: | 1987? |
| where: | FR Germany |
| Classification: | System (Boot Sector) Virus |
| Length: | 512 Byte |
Preconditions | |
| Operating System(s): | ATARI-TOS |
| Version/Release: | 1.0, 1.2 (TOS 1.4 not tested) |
| Computer model(s): | All ATARI ST Computer models |
| Caroname: | Emil_2A |
Attributes | |
| Easy identification: | First byte in infected boot sector is $60. |
Type of Infection: | Infects the boot sector of a disk, if it is regarded as not yet infected (value other than $60 in first byte) and increments a variable. |
| Infection Technique: | |
| Infection Trigger: | Every access to non-infected floppy disk. |
| Storage Media affected: | |
| Interrupts hooked: | No Interrupts used; hdv_rw vector changed to infect new disks. |
| Stealth: | |
| Tunneling/Selfprot: | |
| Oligo/Polymorphism: | |
| Encoding Method: | |
| Damage: | Permanent Damage: overwrites Boot sectors. Transient damage: After each 5th infection, the screen is randomly shifted (upside down) or inverted, together with a beep. |
| Damage Trigger: | Random. |
| Particularities: | Evidently, this is a "Demo Virus"; but it may easily be changed to a dangerous one with only moderate programming experiences. |
| Similarities: | See Emil 1A Virus. |
Agents | |
| Countermeasures: | --- |
| Standard means: | Write protect the disk. Write a well-known program to the boot sector; 'manually' change the checksum to a value other than $1234. Reboot the system with a 'clean' disk. |
Acknowledgements | |
| Location: | Virus Test Center, University Hamburg, FRG |
| Classification by: | Ralf Stegen |
| Documentation by: | Ralf Stegen |
| Date: | July 30, 1989 |
| Information Source: | --- |
(c) 1996 Virus-Test-Center, University of Hamburg