| Alias: | - |
| Strain: | - |
| detected when: | October 1988 |
| where: | Helmond (Netherlands) |
| Classification: | Boot sector virus |
| Length: | 512 Bytes |
Preconditions | |
| Operating System(s): | Atari TOS |
| Version/Release: | All versions |
| Computer model(s): | All Atari ST |
| Caroname: | MAD |
Attributes | |
| Easy identification: | $7FE,$80F,$8100,$400 can be found on boot sector at Byte $1D6, and in memory at phystop-$300+$1D6. |
Type of Infection: | Any Boot sector that can be written to. |
| Infection Technique: | |
| Infection Trigger: | Execution of BIOS disk functions. |
| Storage Media affected: | Floppy disk drive with device 0 (A:) or 1 (B:). |
| Interrupts hooked: | hdv_rw vector (used by BIOS disk functions). |
| Stealth: | |
| Tunneling/Selfprot: | |
| Oligo/Polymorphism: | |
| Encoding Method: | |
| Damage: | Only screen damage: -Change screen address -Rotate screen bytes -Invert screen -Split screen into upper and lower half and change them -Make a sound (beep) |
| Damage Trigger: | Copy counter = 6 (6 bootsectors infected). |
| Particularities: | --- |
| Similarities: | "Anti-2" Virus |
Agents | |
| Countermeasures: | Make sure that the virus is not in memory. Modify the last byte in boot sector to other value. |
| Standard means: | Clear all bytes in boot sector beginning at offset 30 decimal. |
Acknowledgements | |
| Location: | Virus Test Center, University of Hamburg, FRG |
| Classification by: | Andre' Schaper |
| Documentation by: | Andre' Schaper |
| Date: | 5-June-1990 |
| Information Source: | George R. Woodside |
(c) 1996 Virus-Test-Center, University of Hamburg