ST NEWS Disk Magazine

                            PART III
            THE ULTIMATE VIRUS KILLER BOOK APPENDICES

A - THE KNOWN VIRUSES ON ATARI TOS COMPUTERS AND THEIR SYMPTOMS


This  is  a  systematic  description of  all  viruses  that  are
recognised  by  the  "Ultimate  Virus  Killer".   It  is   rather
technical;  in case you are interested but you don't know what to
do  with all the various phrases you get hurled  at  you,  please
refer to appendix J, "The Glossary".

Name:  Official  name  of  the  virus.  When  several  different
versions of one virus exist, their difference is indicated by one
additional character - "A" for the earliest or most widely spread
version, "B" for the next, etc.
Type: The description of the virus fitting the classification in
"The Book" chapter 2.
Discovery date: The date when the virus was earliest reported to
be  seen.  If  the discoverer is known,  his/her  name  is  added
between brackets.
Virus  can copy to drive(s): This indicates to which drives  the
virus  can copy itself.  "Current drive" implies that  the  virus
copies to the drive that is currently in use of the ones listed.
Virus  attaches  itself to:  Here it is mentioned  which  system
vector(s)  the  virus attaches itself to.  Please  refer  to  the
appropriate appendices for further explanation. When indicated to
be  'undocumented  reset-proof',   this  refers  to  the   method
explained in "The Book" chapter 2.2.1.
Disks  can be immunized against it:  Informs of whether a  virus
cannot  be  immunized against,  or whether it  can  be  immunized
against. In the latter case, it is indicated how one can immunize
against  it.  The format of the immunization  method  is:  Offset
(hexadecimal),  Byte/Word/Longword,  and  the  hexadecimal  value
expected at that offset.
Disks  can  be immunized with UVK:  Indicates whether or  not  a
particular virus' immunization was capable of being including  in
the "Ultimate Virus Killer" advanced disk immunization method.
What can happen:  Lists the effect that the virus is  programmed
to cause to occur.
When  does  that happen:  Specifies when the above  will  happen
(ahem).
Reset-proof:  Tells  you whether or not the virus can survive  a
warm reset.
Can  copy to hard disk:  Tells you...er...well...this is  pretty
obvious, actually.
Remarks:  Here all the other things worth mentioning,  too,  are
summed up.

I'd  like  to apologise for possible rude  language  here.  Some
viruses  have rather profane names and/or display on  the  screen
rather rude messages.  These have all been supplied for reference
only. I didn't get off on it.

BOOTSECTOR VIRUSES

Virus #1

Name: Signum/BPL Virus A.
Type: Memory-resident bootsector virus.
Discovery date: November 22nd 1987 (Klaus Seligmann).
Virus can copy to drive(s): A or B (current drive).
Virus attaches itself to: Hdv_bpb vector.
Disks can be immunized against it: Yes (0.W $6038).
Immunizable with UVK: Yes.
What can happen: Not known.
When  does that happen:  When key is found on other disks  (this
has never been found - yet).
Reset-proof: No.
Can copy to hard disk: No.
Remark:  This  is the most widely spread  virus;  an  approximate
estimate brings it to at least 1.5 million copies worldwide!  It
is also known as the Emil 1A Virus.

Virus #2

Name: Mad Virus A.
Type: Memory-resident bootsector virus.
Discovery date: March 26th 1988 (Eerk Hofmeester).
Virus can copy to drive(s): A or B (current drive).
Virus attaches itself to: Hdv_rw vector.
Disks can be immunized against it: Yes (0.B $60).
Immunizable with UVK: Yes.
What  can  happen:  Fools around with screen or bleeps  with  the
sound chip.
When does that happen: After it makes five copies of itself,  and
then at every disk access.
Reset-proof: No.
Can copy to hard disk: No.
Remark:  A  relatively harmless virus,  therefore also  sometimes
referred to as 'FUN Virus'.  This is improper, however, as there
already is a virus sometimes called 'Fun Virus', too (the Merlin
Mad Virus,  #60).  For more remarks on the 'Mad Virus',  see Mad
Virus B (#49).  Weirdly,  the Mad Virus is also known as Emil 2A
Virus.

Virus #3

Name: Signum/BPL Virus B.
Discovery date: Summer 1988 (Anton Raves).
Symptoms: Disk on which the virus is present is unreadable due to
a damaged BPB.
Remark:  This  is  no  true other virus,  but a  virus  that  was
corrupted  while  active in the system.  For more info  see  the
Signum/BPL Virus A.

Virus #4

Name: ACA Virus.
Type: Reset-proof memory-resident bootsector virus.
Discovery date: June 29th 1988 (Little Joe).
Virus can copy to drive(s): Boot device.
Virus attaches itself to: Undocumented reset-resistant.
Disks can be immunized against it: Yes (0.B $60 or 4.W $4143)
Immunizable with UVK: Yes.
What can happen:  Track 0 is cleared (BPB,  bootsector and  FAT).
Data is then irretrievably lost.
When  does that happen:  After it has made 10 copies  of  itself.
This is done each time you press reset.
Reset-proof: Yes.
Can copy to hard disk: No.
Remark:  This virus is made by the ACA crew (ACA stands for  Anti
Copyright  Association)  from Sweden.  In April 1990  it  became
known  that this ACA crew also made a virus killer  (with  lotsa
graphics and a scroller in the lower border).  This killer could
allegedly  also  SPREAD viruses when you pressed a  certain  key
combination!  In  a  1988 issue of the German  "ST  Magazin"  an
interview with ACA was published,  in which they stated to  have
written (but not spread) even worse viruses.  Crazily, there was
even  one claimed to be able to write on  write-protected  disks
(nonsense, see "The Book", chapter 5.1).

Virus #5

Name: Freeze Virus.
Type: Memory-resident bootsector virus.
Discovery date: July 12th 1988 (Carsten Frischkorn).
Virus can copy to drive(s): A or B (current drive).
Virus  attaches  itself to:  Hdv_rw  vector;  also  installs  MFP
interrupt.
Disks can be immunized against it: Yes (0.B $60).
Immunizable with UVK: Yes.
What can happen:  The system slows down more and more,  until  it
freezes.
When does that happen: Right from the beginning on, increasing at
every  access of logical sector 11 (where the disk directory  is
located).
Reset-proof: No.
Can copy to hard disk: No.

Virus #6

Name: Screen Virus.
Type: Memory-resident bootsector virus.
Discovery date: July 12th 1988 (Carsten Frischkorn).
Virus can copy to drive(s): A.
Virus  attaches itself to:  Hdv_bpb vector;  200 Hz System  Clock
vector; Etv_critic vector.
Disks can be immunized against it: Yes (executable).
Immunizable with UVK: Yes.
What can happen: Screen is blackened.
When does that happen: 54 minutes after virus installation.
Reset-proof: No.
Can copy to hard disk: No.
Remark: Only works on 02.06.1986 ROMs (German TOS 1.00).

Virus #7

Name: C'T Virus.
Type: Reset-proof memory-resident bootsector virus.
Discovery date: Summer 1988 (Wim Nottroth).
Virus can copy to drive(s): Any (including hard disk).
Virus attaches itself to: Undocumented RESET resistant.
Disks can be immunized against it: Yes (executable).
Immunizable with UVK: Yes.
What  can happen:  Deletes FAT of floppy-and hard disk (all  data
irretrievably lost).
When does that happen: If date stamp is 1987.
Reset-proof: Yes.
Can copy to hard disk: Yes.
Remark:  This  virus  was featured in a  German  magazine  called
"Computer & Technik".  The author claims he 'found it' on one of
his  disks.  A  listing  was  included,  so  that  people  could
reproduce and adapt the virus with ease.  It writes the  message
"ARRRGGGHHH  Diskvirus  hat wieder zugeschlagen" on  the  screen
when it is activated.  Due to the fact that it forgets to  check
whether or not the device is higher than "B",  it can also  copy
itself  to  hard disk (which will most  likely  cause  permanent
damage).

Virus #8

Name: Maulwurf I Virus B (English TOS version).
Type: Reset-proof memory-resident bootsector virus.
Discovery date: September 3rd 1988 (Joerg Kruse).
Virus can copy to drive(s): A of B (current drive).
Virus attaches itself to:  Reset vector,  Hdv_bpb vector and  VBL
vector (this virus operates out of the VBL!).
Disks can be immunized against it:  Yes (0.W $601C or 2.W  $001C,
and must be executable).
Immunizable with UVK: Yes.
What can happen:  Message on screen "Maulwurf I - SSG (Subversive
Software Group)" and computer locks up.
When  does  that  happen:  If  original  Hdv_bpb  vector  is  re-
installed, or when someone changes the Hz200 counter.
Reset-proof: Yes.
Can copy to hard disk: No.
Remark:  This virus was made by the Subversive Software Group  in
Germany.  It  is also called Caterpillar Virus,  as that is  its
name in English.

Virus #9

Name: Bayrische Hacker Post (BHP) Virus.
Type: Memory-resident bootsector virus.
Discovery date: September 10th 1988 (Henrik Alt).
Virus can copy to drive(s): A or B (current drive).
Virus attaches itself to: Hdv_bpb vector.
Disks can be immunized against it: Yes (ANY value on 0.W).
Immunizable with UVK: Yes.
What can happen: Nothing. It only copies itself.
When does that happen: Never (how could it?).
Reset-proof: No.
Can copy to hard disk: No.
Remark:  Made  by  the Bayrische Hacker Post.  This  is  a  small
computer  user's  group in Germany that also publishes  a  small
club magazine.  In that magazine,  the virus was said to  reset-
proof, and that it would 'write through the write-protect notch'
(haha!).  None if this is true. It checks disk write-protection,
however,  in  a way that only works successfully on TOS  version
1.00.

Virus #10

Name: Lab-Virus.
Type: Memory-resident bootsector virus.
Discovery date: September 10th 1988 (Henrik Alt).
Virus can copy to drive(s): A or B (current drive).
Virus attaches itself to: Hdv_bpb vector.
Disks can be immunized against it: No.
What can happen: Screen is made entirely black.
When does that happen: After copying itself 10 times.
Reset-proof: No.
Can copy to hard disk: No.
Remark:  Checks  the write-protect status address in  an  illegal
way,  and  will therefore not work correctly on any TOS  version
above 1.04. This virus seems to be an adapted version of the BHP
Virus.

Virus #11

Name: FAT Virus.
Type: Reset-proof memory-resident bootsector call virus.
Discovery date: May 1st 1988 (Stephen E. Schneider).
Virus can copy to drive(s): A.
Virus attaches itself to: Hdv_bpb and reset vector.
Disks can be immunized against it: Yes (executable).
Immunizable with UVK: Yes.
What  can  happen:  Random memory accesses,  resulting  in  blots
appearing on the screen and current program running crashing.
When does that happen:  After three hours,  and then at the first
time  $114 is changed from its original value (this is  the  MFP
Interrupt 5 vector).
Reset-proof: Yes.
Can copy to hard disk: No.
Remark:  Only works on 02-06-1986 ROMs (German TOS 1.00). It uses
time  delays  to make it more difficult to  detect.  This  virus
spreads  easily  and  rapidly.   It  is  bigger  than  just  one
bootsector and also uses the last FAT sector to write itself on.
It  is probably made in Switzerland,  and is also  called  Swiss
Virus or Blot Virus.

Virus #12

Name: Ghost Virus A.
Type: Reset-proof memory-resident bootsector virus.
Discovery date: November 20th 1988 (Carmen Brunner).
Virus can copy to drive(s): A or B (current drive).
Virus attaches itself to:  Hdv_bpb and resvector; it is also non-
documented reset-resistant.
Disks can be immunized against it: No.
What can happen: Mouse Y directions are inverted.
When does that happen: After copying itself 10 times.
Reset-proof: Yes.
Can copy to hard disk: No.
Remark:  England.  It  is very widely spread  (England,  Holland,
Sweden and West Germany in particular).  It is also known as the
Mouse Virus and Inversion Virus..

Virus #13

Name: 5th Generation Virus.
Type: Memory-resident bootsector virus.
Discovery date: December 6th 1988.
Virus can copy to drive(s): A.
Virus attaches itself to: Trap #13 vector.
Disks can be immunized against it: Yes (executable).
Immunizable with UVK: Yes.
What can happen:  Writes trash in the first 34 sectors of a disk,
lethally corrupting the bootsector, FAT, and directory.
When  does  that happen:  When the virus has  reached  its  fifth
generation.
Reset-proof: No.
Can copy to hard disk: No.

Virus #14

Name: OLI Virus.
Type: Reset-proof memory-resident bootsector virus.
Discovery date: December 10th 1988.
Virus can copy to drive(s): Boot device.
Virus attaches itself to:  Hdv_rw and trap #14 vector;  also non-
documented reset-resistant.
Disks can be immunized against it: No.
What can happen:  The text "OLI-VIRUS installed ." appears on the
screen. Then, it starts slowing down the ST by hooking itself on
an interrupt vector.  In certain cases, it can also corrupt disk
data.
When does that happen: After having made 20 copies of itself.
Reset-proof: Yes.
Can copy to hard disk: No.

Virus #15

Name: Maulwurf I Virus A (German TOS version).
Discovery date: January 1st 1989.
Symptoms and remark:  See virus #8.  Only three branch  addresses
are different, so as to work on German instead of English TOS.

Virus #16

Name: Kobold #2 Virus A.
Type: Reset-proof memory-resident bootsector virus.
Discovery date: January 2nd 1989.
Virus can copy to drive(s): A (?).
Virus attaches itself to: Hdv_bpb and resvector; Vbl_queue;  also
undocumented reset-resistant.
Disks can be immunized against it: No.
Immunizable with UVK: No.
What  can  happen:  The  mouse UP and  LEFT  directions  will  be
slightly distorted,  resulting in the user slowly moving it  off
the desk.
When does that happen: Whenever XBIOS functions are called.
Reset-proof: Yes.
Can copy to hard disk: No.
Remark:  This is the toughest virus yet.  Not many statements can
be made about it with certainty. It installs itself in memory on
booting,  and  only  after  ANOTHER reset will  it  install  the
vectors  mentioned  above.  Then,  it will also print  the  text
"KOBOLD#2  AKTIV!" (this leads to the belief that the  virus  is
German).
Confusingly,  there  is  also a "Kobold AntiVirus".  This  is  a
"virus  free" disk written by the German fast file copy  program
"Kobold". It is no true Antivirus.

Virus #17

Name: Mad Virus C.
Discovery date: January 1989 (Frits Couwenberg).
Symptoms: See virus #2.
Remark:  Some  of the last screen fiddle/sound routines  in  this
virus have been corrupted by alien code. It will therefore crash
when these routines are executed.

Virus #18

Name: Mutant Anti-Virus #1 A.
Discovery date: January 28th 1989.
Symptoms:  Copies  itself  to other disks  (except  when  they're
executable). Some of the latter half of its code is corrupted by
alien code, however, and may/will result in a system crash.
Remark: Read further for more info about anti-viruses.

Virus #19

Name: Goblin Virus.
Type: Reset-proof memory-resident bootsector virus.
Discovery date: April 3rd 1989 (Clive Duberley).
Virus  can copy to drive(s):  A or B (drive used by  disk  access
call).
Virus  attaches  itself to:  Hdv_bpb  and  resvector;  also  non-
documented reset- resistant.
Disks can be immunized against it: Yes (1A2.L $27182818).
Immunizable with UVK: Yes.
What  can happen:  It puts the message "The Green Goblins  Strike
Again" on the screen; it can also mess up the display.
When  does that happen:  The message appears after 128 copies  of
itself  have been made;  the messing up of the display  is  done
after 16 copies of itself have been made.
Reset-proof: Yes.
Can copy to hard disk: No.
Remark: Probably made in England.

Virus #20

Name: Mutant Anti-Virus #1 B.
Discovery Date: March 6th 1989 (Thomas Gathen).
Symptoms:  System crashes,  mainly.  This is just a  gigantically
busted Anti-Virus #1,  and really can't do anything decent. Most
probably doesn't even multiply...

Virus #21

Name: Counter Virus.
Type: Memory-resident bootsector virus.
Discovery Date: May 1989.
Virus can copy to drive(s): A or B (current drive).
Virus attaches itself to: ?.
Disks can be immunized against it: ?.
Immunizable with UVK: ?.
What can happen: Nothing.
When does that happen: Never (would it?).
Reset-proof: No.
Can copy to hard disk: No.
Symptoms:  This virus keeps a generation counter,  but doesn't do
anything more.

Virus #22

Name: Help Virus.
Type: Memory-resident bootsector virus.
Discovery date: September 1988.
Virus can copy to drive(s): None.
Virus attaches itself to: ?.
Disks can be immunized against it: ?.
Immunizable with UVK: ?.
What can happen: Screen is filled with bombs.
When does that happen: At booting.
Reset-proof: No.
Can copy to hard disk: No.
Remark:  No  real  virus,  because it  actually  cannot  multiply
without external help. Since it resides in the bootsector, since
another  virus  killer classified it as a 'virus' and  since  it
does  something  a computer user would not  like,  it  is  still
listed here as a 'virus'.

Virus #23

Name: Exception Virus.
Type: Reset-proof memory-resident bootsector virus.
Discovery date: September 1988.
Virus can copy to drive(s): A or B (current drive).
Virus  attaches itself to:  Hdv_bpb vector,  undocumented  reset-
resistant.
Disks can be immunized against it: No.
What can happen:  System crashes due to random values written  to
random memory locations.
When  does that happen:  About 22 minutes after a vbl routine  is
installed,  which happens after accessing a non-write  protected
disk in drive A or B.
Reset-proof: Yes.
Can copy to hard disk: No.
Remark:  Does  not work when Hdv_bpb points at an  address  below
hexadecimal  address  $FFFF (generally this is the case  when  a
hard disk driver is installed).  It was previously also known as
Random Virus, and it only works on TOS 1.00 and 1.02.

Virus #24

Name: Gauweiler Virus.
Type: Reset-proof memory-resident bootsector virus.
Discovery date: July 12th 1989 (Harald Wend).
Virus can copy to drive(s): A or B (current drive).
Virus attaches itself to: Hdv_bpb; undocumented reset-resistant.
Disks can be immunized against it: No.
What can happen:  Writes "AIDS?" on the screen and zeroes track 1
of a floppy disk (irretrievably destroying bootsector,  FAT, and
directory).
When does that happen: After the first reset after booting it.
Reset-proof: Yes.
Can copy to hard disk: No.
Remark:  Version  3.0 of this virus (version number contained  in
boot  code) is supposed to be programmed on July 7th 1988  (also
contained in boot code).  So it was almost exactly one year  old
when it was discovered...

Virus #25

Name: Evil Virus.
Type: Reset-proof memory-resident bootsector virus.
Discovery date: May 23rd 1989 (Jeremy Hughes).
Virus can copy to drive(s): A or B (current drive).
Virus attaches itself to: Resvector and Hdv_bpb.
Disks can be immunized against it: Yes (0.L $60380666).
Immunizable with UVK: No.
What can happen: Screen colours inverted.
When does that happen: After 100 copies of itself have been made.
Reset-proof: Yes.
Can copy to hard disk: No.
Remarks:  Contains the text " EVIL !  - A Gift from Old Nick". It
is written in England.  Obviously, the author acquired a copy of
an earlier version of the "Ultimate Virus Killer" - he made sure
the virus was recognised as an Atari system disk!  Very cleverly
done,  by  using  the recognition bytes somewhere in  the  virus
code. I am glad to say that we're now at least ONE step ahead of
this guy!
This virus is very often found in Scandinavian countries.

Virus #26

Name: P.M.S. Virus.
Type: Reset-proof memory-resident bootsector virus.
Discovery date: May 20th 1989 (Chris Dudley).
Virus can copy to drive(s): A.
Virus attaches itself to: XBIOS trap vector and reset vector.
Disks can be immunized against it: Yes (1B4.L $2A2A2A20).
Immunizable with UVK: Yes.
What  can happen:  Text "*** The Pirate Trap ***,  * Youre  being
watched *, *** (C) P.M.S. 1987 ***" (sic) appears on the screen.
When  does that happen:  At each fiftieth copy of itself that  is
made.
Reset-proof: Yes.
Can copy to hard disk: No.
Remark:  Contains  a copyright message for 1987 (!).  This  virus
might  thus be VERY old and it is a miracle that is had  slipped
through  the  attention of ALL virus killers  thus  far.  It  is
thought to have been made by a software vendor to prevent people
from copying software in his shop. Due to obvious reasons, it is
also called Pirate Trap Virus.
This  virus  patched the XBIOS vector in such an  effective  way
that,  once the virus is in memory,  it even patches  bootsector
reads  to  hide its presence.  It copies itself at each  use  of
Floprd (XBIOS 8)!

Virus #27

Name: Ghost Virus B.
Discovery date: June 15th 1989 (R. de Groen).
Symptoms:  See  Virus  #12 (Ghost Virus).  This virus has  a  few
damaged bytes and will therefore crash easily.

Virus #28

Name: Arnold/Rambo Virus.
Type: Memory-resident bootsector virus.
Discovery date: November 1989.
Virus can copy to drive(s): A or B (current drive).
Virus attaches itself to: Hdv_bpb vector.
Disks can be immunized against it: Yes (0.B $60).
Immunizable with UVK: Yes.
What can happen: Nothing.
When does that happen: After five copies were made.
Reset-proof: No.
Can copy to hard disk: No.
Remark:  This  virus was actually designed to have precisely  the
same effects as the Mad Virus,  but due to a wrong branch and  a
non-working counter this does not work.

Virus #29

Name: Monitor Virus.
Type: Reset-proof memory-resident bootsector virus.
Discovery date: November 1989.
Virus can copy to drive(s): A or B.
Virus attaches itself to: ?.
Disks can be immunized against it: ?.
What can happen: Random lines are put on the screen.
When does that happen: ?.
Reset-proof: Yes.
Can copy to hard disk: No.
Symptoms:  Some  random lines are put on the  screen,  which  are
probably  meant to hint at a busted  monitor.  Of  course,  this
virus doesn't harm the monitor at all.

Virus #30

Name: Anti-ACA Virus.
Type: Memory-resident bootsector virus.
Discovery date: December 28th 1989.
Virus can copy to drive(s): A or B (current drive).
Virus attaches itself to: GEMDOS trap vector.
Disks can be immunized against it: Yes (0.W $601C).
Immunizable with UVK: No.
What can happen:  Text "GREETINGS TO ACA,  THE FIRST GROUP TO  BE
GREETED IN A VIRUS!  (AND THEY ARE THE GUYS WHO MADE THE 1ST  ST
VIRUS" on screen, followed by the computer crashing.
When does that happen: After four copies of itself are made.
Reset-proof: No.
Can copy to hard disk: No.
Remarks:  This  virus  was written in Norway  by  someone  called
himself  The  Lazy Lion (as  were  viruses  #31-36!).  Actually,
unlike this virus claims, the first virus on the ST was not that
of the ACA (but who cares).
All  these viruses patch the GEMDOS trap vector,  and  will  get
active  and/or  copy themselves at any Fopen or  Fsfirst  GEMDOS
call. Quite unlogical for a bootsector virus.

Virus #31

Name: Chopin Virus.
Type: Memory-resident bootsector virus.
Discovery date: December 28th 1989.
Virus can copy to drive(s): A.
Virus attaches itself to: GEMDOS trap vector.
Disks can be immunized against it: No.
What  can happen:  Music of Chopin's Death March  starts  playing
endlessly and system freezes to a halt.  At each music  end,  it
also  prints  the message "FUCK!  YOU'VE GOT A  VIRUS!"  on  the
screen.
When does that happen: After 26 copies of itself are made.
Reset-proof: No.
Can copy to hard disk: No.

Virus #32

Name: Cookie Monster Virus A.
Type: Memory-resident bootsector virus.
Discovery date: December 28th 1989.
Virus can copy to drive(s): A.
Virus attaches itself to: GEMDOS trap vector.
Disks can be immunized against it: No.
What can happen:  Writes "YOU KNOW WHAT? I WANT A COOKIE!" on the
screen, and then waits for the user to type COOKIE. After having
done this,  it will enable the user to continue whatever he  was
doing.
When does that happen:  After 30 copies of itself are made,  then
after each  20th copy.
Reset-proof: No.
Can copy to hard disk: No.

Virus #33

Name: Cookie Monster Virus B.
Type: Reset-proof memory-resident bootsector virus.
Discovery date: December 28th 1989.
Virus can copy to drive(s): A.
Virus attaches itself to: GEMDOS trap vector and resvector.
Disks can be immunized against it: No.
What can happen: See virus #32.
When does that happen: See virus #32.
Reset-proof: Yes.
Can copy to hard disk: No.
Remark:  The only difference with virus #32 is that it is  reset-
proof.

Virus #34

Name: Puke Virus A.
Type: Memory-resident bootsector virus.
Discovery date: December 28th 1989.
Virus can copy to drive(s): A or B (current drive).
Virus attaches itself to: GEMDOS trap vector.
Disks can be immunized against it: Yes (0.W $601C).
Immunizable with UVK: No.
What can happen: First file deleted from current floppy drive.
When does that happen: After five copies of itself are made.
Reset-proof: No.
Can copy to hard disk: No.
Remark:  The boot code also includes the address of a  well-known
member of the Atari society,  who was supposed to be blackmailed
using this virus (but who did NOT write it!).

Virus #35

Name: Puke Virus B.
Type: Memory-resident bootsector virus.
Discovery date: December 28th 1989.
Virus can copy to drive(s): A or B (current drive).
Virus attaches itself to: XBIOS trap vector.
Disks can be immunized against it: Yes (19E.L $70756B65).
Immunizable with UVK: Yes.
What  can  happen:  Track 1 gets the memory  contents  of  $78000
(screen   memory   on   half  meg  machines)   written   on   it
(irretrievably   corrupting  bootsector,   FAT   and   directory
sectors).
When does that happen:  After making five copies of  itself,  and
then after each  second copy.
Reset-proof: No.
Can copy to hard disk: No.
Remark: See virus #34. The immunization code is actually the word
"puke",  which can be seen in immunized bootsectors.  So there's
the  explanation  for the occurrence of that nasty  word  there,
Mary Whitehouse!

Virus #36

Name: Upside Down Virus.
Type: Memory-resident bootsector virus.
Discovery date: December 28th 1989.
Virus can copy to drive(s): A or B (current drive).
Virus attaches itself to: GEMDOS trap vector.
Disks can be immunized against it: Yes (0.W $601C).
Immunizable with UVK: No.
What can happen: Screen turns upside down.
When does that happen:  After four copies of itself are made, and
then after  each second copy.
Reset-proof: No.
Can copy to hard disk: No.
Remark: Due to a small bug, it seems to write only non-executable
copies of itself?

Virus #37

Name: Mutant Anti-Virus #4.
Discovery date: Autumn 1989.
Symptoms:  As this is an anti-virus with almost 50 percent of its
code destroyed, it probably only crashes the system on boot-up.

Virus #38

Name: G-DATA Virus.
Type: Memory-resident bootsector virus.
Discovery date: May 5th 1990.
Virus can copy to drive(s): A or B (current drive).
Virus attaches itself to: Hdv_bpb vector.
Disks can be immunized against it: Yes (0.B $60).
Immunizable with UVK: Yes.
What can happen: Nothing.
Reset-proof: No.
Can copy to hard disk: No.
Remark:  This virus was not written by G-Data (which is a  German
company that also used to do a virus killer),  but owes its name
to  the fact that it contains the message "ANTI-VIREN KIT  3KEIN
VIRUS IM BOOTSECTOR" (translation:  "ANTI-VIREN KIT 3NO VIRUS IN
THE BOOTSECTOR"),  suggesting that it is a disk immunized by the
G-Data virus killer (which,  of course, it isn't). It's based on
the Exception Virus. It's also called G-DATA Laxy Virus.

Virus #39

Name: Media Change Virus.
Type: Reset-proof memory-resident bootsector viruses.
Discovery date: October 27th 1989.
Virus can copy to drive(s): All boot devices.
Virus  attaches itself to:  Mediach (Media  Change)  vector,  and
undocumented reset-resistant.
Disks can be immunized against it: Yes (executable).
Immunizable with UVK: Yes.
What can happen: Text turns to screen colour.
When does that happen: Every fifth copy.
Reset-proof: Yes.
Can copy to hard disk: Yes.
Remark:  Since  it does not check for drives higher than  B,  and
since it uses the BIOS Rwabs call, it can also copy to hard disk
when you have booted from that!

Virus #40

Name: Ghost Virus C.
Discovery date: March 9th 1990.
Remark:  A  version  of the original Ghost Virus in  which  three
bytes  have  been  corrupted,  causing the branch  to  be  (non-
fatally) misled and the mouse reversion routine to  malfunction.
It  copies without any problems,  though,  and is indeed  reset-
proof.

Virus #41

Name: Bat Virus.
Type:  Non-executable reset-proof memory-resident bootsector call
virus.
Discovery date: March 17th 1990 (George Woodside).
Virus can copy to drive(s): Current drive.
Virus attaches itself to:  Hdv_bpb vector,  timer vectors,  reset
vector. Also undocumented reset-resistant.
Disks can be immunized against it: No.
What  can happen:  Last sectors of directory can be destroyed  if
the directory is very long.  The mouse pointer will turn into  a
Batman logo.
When does that happen:  The directory bit can happen each time it
copies itself; the mouse pointer will change after one hour.
Reset-proof: Yes.
Can copy to hard disk: ?.
Remark:  Written  by some kid for a French  journalist.  He's  an
author who has e.g.  written articles about viruses,  and he has
probably done this virus to check how fast they can multiply and
to check how good virus killers are.  Previously, this virus was
considered  to  be  100%  safe by  ALL  virus  killers,  as  the
bootsector is NOT executable - yet it is a bootsector virus!  It
is  really  a very ingenious viruses,  but the  "Ultimate  Virus
Killer" is ahead of its prey!

Virus #42

Name: Grim Reaper Virus.
Type: Memory-resident bootsector virus.
Discovery date: May 9th 1990 (John).
Virus can copy to drive(s): Drive A only.
Virus attaches itself to: Hdv_bpb vector.
Disks can be immunized against it: Yes (0.W $6A38, 3A.W $41FA).
Immunizable with UVK: No.
What can happen: De-installs itself, screws up the screen, prints
garbage on the screen and writes to contents of memory at $78000
(screen  address  on  half megabyte machines) to  the  first  20
sectors  of  a disk,  lethally corrupting  bootsector,  FAT  and
directory.
When does that happen: After 47 copies of itself are made.
Reset-proof: No.
Can copy to hard disk: No.
Remark:  A nasty one,  this virus.  Its installation structure is
identical with George Woodside's anti-virus "VKill  Guard".  The
bootsector also contains the text " -= The Jumper strikes  again
=- Pirates, the grim reaper draws near ".

Virus #43

Name: Megacunt V2.0 virus.
Type: Memory-resident bootsector virus.
Discovery date: December 1989 (Dave Moss).
Virus can copy to drive(s): Current drive (floppy only), and only
to immunized disks.
Virus attaches itself to: Hdv_bpb vector.
Disks can be immunized against it: No.
What  can happen:  Acid-colours will be on the background  screen
colour, done by  the level 4 interrupt.
When does that happen: After 20 copies of itself are made.
Reset-proof: No.
Can copy to hard disk: No.
Remark:  Written  by  a chap calling himself Genital  Grinder  of
Alcoholica,  and  only  copies to  immunized  disks  (!crikey!).
Several other versions of this virus are believed to exist,  but
none have been sighted.

Virus #44

Name: Horror Virus.
Type:  Non-executable reset-proof memory-resident bootsector call
virus.
Discovery date: August 23rd 1990.
Virus can copy to drive(s): Drive A.
Virus attaches itself to:  Hdv_bpb vector,  timer C vector.  Also
undocumented reset-resistant.
Disks can be immunized against it: No.
What can happen: Screen will switch colours, sound will be heard.
When  does that happen:  At a certain time after  copying  itself
five times.
Reset-proof: Yes.
Can copy to hard disk: No.
Remark:  Written  by  a member of ULM from  Luxemburg,  for  test
purposes.  He  did  this early spring 1990.  It has  never  been
spread,  but he gave it to me 'just in case'.  Previously,  this
virus  was considered to be 100% safe by ALL virus  killers,  as
the bootsector is NOT executable - yet it is a bootsector  virus
(see Batman Virus)!

Virus #45

Name: DJA Virus.
Type: Memory-resident bootsector virus.
Discovery date: Summer 1990.
Virus can copy to drive(s): Current drive.
Virus attaches itself to: Hdv_bpb vector.
Disks can be immunized against it: Yes (0.W $6038).
Immunizable with UVK: Yes.
What  can  happen:  Message will be displayed on screen  ("Du  ar
smetted  av DJA viruset Generatio....(generation  number)")  and
system  will lock up.  This text means "You are infected by  the
DJA virus generation x".
When  does  that happen:  After a fourth disk is found  with  the
virus  on  it  (or  any disk starting  with  $6038  -  including
immunized ones!).
Reset-proof: No.
Can copy to hard disk: Yes.
Remark:  Written in Scandinavia, as the text it prints means "You
are  infected by the DJA virus" in a Scandinavian  language).  A
good  thing  is that it does not copy to immunized disks  -  but
unfortunately these immunized disks do trigger the 'destruction'
routine!

Virus #46

Name: TOI Virus.
Type: Reset-proof memory-resident bootsector virus.
Discovery date: November 10th 1990 (George Woodside).
Virus can copy to drive(s): Current drive.
Virus attaches itself to:  Hdv_bpb and resvector; it is also non-
documented reset-resistant.
Disks can be immunized against it: No.
What can happen:  Inverts the vertical mouse movements (just like
the Ghost Virus,  which is its pre-virus).  After that,  it also
toggles  the  bits of a random memory location  (this  leads  to
unpredictable crashes and small things going wrong).
When  does  that happen:  After five copies of itself  have  been
made.
Reset-proof: Yes.
Can copy to hard disk: No.
Remark:  An  adapted version of the Ghost Virus.  The name  comes
from the TOI programming group in Denver, Colorado, USA, who are
reported to be responsible for this one.

Virus #47

Name: Flying Chimp Virus.
Type: Memory-resident bootsector virus.
Discovery date: December 15th 1990 (Les Neidig).
Virus can copy to drive(s): Drive A.
Virus attaches itself to: Hdv_bpb vector.
Disks can be immunized against it: No.
What can happen:  Message will be displayed on screen ("Zapped by
Waldo the Flying Chimp!").
When does that happen: After it has multiplied itself five times,
or when it has had 20 bootsector accesses.
Reset-proof: No.
Can copy to hard disk: No.
Remark:  Thought to have been written in the USA.  Also known  as
the Waldo Virus.

Virus #48

Name: Reset Virus.
Type: Memory-resident bootsector virus.
Discovery date: Summer 1988 (Volker Söhnitz).
Virus can copy to drive(s): ?.
Virus  attaches  itself  to:   Hdv_bpb,  Hdv_rw  and  Hdv_mediach
vectors.
Disks can be immunized against it: No.
What  can  happen:  It writes a message "Ihr  Rechner  hat  Aids"
(German  for  "Your computer has AIDS") on the screen  and  then
freezes the system.
When does that happen: Three hours after booting.
Reset-proof: No.
Can copy to hard disk: No.
Remark:  Strangely enough,  this virus will not copy itself  when
you've  got  a  cartridge  installed with  the  word  "Dent"  at
cartridge memory address $FA0066. Odd.

Virus #49

Name: MAD Virus B.
Discovery date: December 1987 (Volker Söhnitz).
Symptoms: See virus #2.
Remark:  Published in a magazine called "Atari Spezial" (German),
and  therefore  also known under the name Atari  Spezial  Virus.
This is the original MAD Virus, which is exactly the same as MAD
Virus  A  (which was spread the most) except for the  offset  of
most code. It was written by J. Schuppener, and it was published
towards the end of the year 1987 in the mentioned magazine.  The
magazine now seems to be defunct,  but the publisher used to  be
CAV-GmbH.

Virus #50

Name: Ghost Virus D.
Discovery date: February 17th 1990.
Symptoms:  See  virus  #12 (Ghost Virus).  This virus has  a  few
damaged bytes and  will not work properly - may even crash.

Virus #51

Name: Ghost Virus E.
Discovery date: April 1991.
Symptoms: Principally it's the same as the Ghost Virus (#12), but
the symptoms are different.  It does something with the vertical
blank  queue  and  leaves the  mouse  alone.  Unfortunately  the
precise  symptoms are unknown as the copies of this  virus  that
were found were both damaged.

Virus #52

Name: Ghost Virus F.
Discovery date: April 1991.
Symptoms:  See virus #12 (Ghost Virus),  Unfortunately,  there is
some  corrupted  code in the virus copy routine so that  it  can
cause  a  disk to be corrupted (the bootsector  can  be  written
wrongly,   not   corrupting  the  actual  data  but  making   it
inaccessible).

Virus #53

Name: Megaguru & Argo 2 Virus.
Type: Memory-resident bootsector virus.
Discovery date: June 22nd 1991 (Paolo Munarin).
Virus can copy to drive(s): A or B (current drive).
Virus attaches itself to: Hdv_bpb vector.
Disks can be immunized against it: No.
What can happen: At booting, writes the text "* MEGAGURU & ARGO 2
001 * ANTEPRIME ATARI E AMIGA PRESENTANO :" on the screen.  When
things go 'wrong' the screen inverts and a bleep sounds.
When does that happen: At each disk with an executable bootsector
that  is  accessed - with the exception of disks that  have  the
virus itself on them.
Reset-proof: No.
Can copy to hard disk: No.
Remark:  This virus is from Italy.  It was found on a disk  which
contained a text file from a hacker called Megaguru, who (quote)
"would  like  to swap Amiga and ST  software".  Even  his  phone
number was on it.

Virus #54

Name: Ghost Virus G.
Discovery date: June 1991 (Kai Holst).
Symptoms:  See  virus  #12 (Ghost Virus).  This seems  to  be  an
adapted  version of the Ghost Virus,  and the pre-virus to  most
recent  versions  of   mutant Ghost Virus (of  which  there  are
rather an absurd lot).

Virus #55

Name: Finland Virus.
Type: Memory-resident reset-proof bootsector virus.
Discovery date: Early July 1991 (Steffen Fischer).
Virus can copy to drive(s): A.
Virus  attaches  itself  to:   Hdv_bpb  vector,  resvector.  Also
undocumented reset- resistant.
Disks can be immunized against it: Yes (executable).
Immunizable with UVK: Yes.
What  can happen:  Fiddling with the screen colours  (this  comes
down  to  the  green  and white colours  of  the  desktop  being
reversed when in colour mode).
When  does  that  happen:  After it has done each  12th  copy  of
itself.  The  virus  only copies  to  non-executable  disks,  or
executable  disks that have viral symptoms (i.e.  other  viruses
and   itself)  or  that  have  the  word  'Boot'  contained   at
hexadecimal offset $82 (any disk 'protected' by the boot program
of the German PD virus killer "Sagrotan" has the word 'Boot'  at
this offset!).
Reset-proof: Yes.
Can copy to hard disk: No.
Remark:  This virus was coded by a chap called Toubab,  on August
30th  1990.  It got sent to me by two people almost at the  same
time after the virus was almost one year old!  Both occurrences,
however,  were  in  Scandinavia (i.e.  disks  from  Finland  and
Norway)  so  this  leads  me  to  believe  it  was  written   in
Scandinavia.  It was a real pain in the posterior, as it started
with a longword '00000000' value,  that lead the "Ultimate Virus
Killer" to not finding it suspect!

Virus #56

Name: Ghost Virus H.
Discovery date: August 5th 1991 (Harald Uenzelmann).
Symptoms:  See  virus  #12 (Ghost  Virus).  This  is  principally
exactly  the  same  as the standard  Ghost  Virus,  but  someone
apparently  found  it necessary to change the  Branch  into  BLS
instead  of  BRA - which has the same result when  executed  but
which effectively caused it not to be recognised.

Virus #57

Name: Signum Virus C.
Discovery date: September 25th 1991 (Darren Laidler).
Symptoms: See virus #1 (Signum Virus A). This is exactly the same
with  regard to symptoms and the way it works.  The only  reason
why it is basically different is that someone (probably  someone
in  England)  optimised  it  a  bit,   and  some  machine   code
instructions have been replaced by others.
Virus #58

Name: Joe Virus.
Type: Memory-resident bootsector virus.
Discovery date: November 25th 1991 (ACN).
Virus can copy to drive(s): Current floppy drive (A or B).
Virus attaches itself to: Hdv_bpb vector.
Disks can be immunized against it: Yes (0.W $4E71).
Immunizable with UVK: No.
What  can happen:  When it finds itself with a specific value  in
the  fourth  and  fifth byte,  it  will  execute  itself  again,
probably cluttering up the system.
When does that happen: When it finds itself again, and then every
second time.
Reset-proof: No.
Can copy to hard disk: No.
Remark:  As this virus has no particular characteristics,  it was
called  Joe Virus as I was listening to Jimi Hendrix' "Hey  Joe"
when I disassembled it.

Virus #59

Name: Directory Waster Virus.
Type: Reset-proof memory-resident bootsector virus.
Discovery date: Unknown (Michael Schussler).
Virus can copy to drive(s): Current floppy drive (A or B).
Virus  attaches  itself  to:   Hdv_bpb  vector,  resvector;  also
undocumented reset-resistant.
Disks can be immunized against it: No.
What can happen:  First twenty tracks of your disk get  destroyed
(both side 0 and side 1!).
When  does  that happen:  After each twentieth copy  it  made  of
itself.
Reset-proof: Yes.
Can copy to hard disk: No.
Remark: The name is quite improper, as it destroys about 25% of a
disk  and not just the directory.  Initially,  this  virus  only
installs  itself on the standard reset vector.  After the  first
reset,  it bends the hdv_bpb vector and becomes  reset-resistant
in the undocumented way.

Virus #60

Name: Merlin's Mad Virus.
Type: Memory-resident bootsector virus.
Discovery date: Unknown (Mike Mee).
Virus can copy to drive(s): Not at all.
Virus attaches itself to: Nowhere.
Disks can be immunized against it: No need to immunize.
Immunizable with UVK: Not applicable.
What can happen: See the Mad Virus - it does the same things with
the screen and/or makes a sound.
When does that happen:  When booting with a disk containing  this
'virus'.
Reset-proof: Not applicable (i.e. "no").
Can copy to hard disk: Not applicable.
Remark:  This is no virus at all, but it has been classified here
as  Mike Mee sent it to me who classifies it as a virus  in  his
"Professional  Virus Killer" program.  It was written by  Merlin
the  Welsh Wizard,  and it's TOTALLY HARMLESS.  It can not  copy
itself,  and  only  fiddles around with the screen in  the  same
fashion as the Mad Virus after which it is called.
9[...................................................]0110

Virus #61

Name: Wolf Virus.
Type: Memory-resident bootsector virus.
Discovery date: February 4th 1991 (Carsten Frischkorn).
Virus can copy to drive(s): Current floppy drive (A or B).
Virus attaches itself to: BIOS vector.
Disks can be immunized against it: Yes (0.W $EB34).
Immunizable with UVK: No.
What can happen: RAM memory amount it halved (this does not imply
you actually LOSE RAM,  it just means that it makes the computer
THINK it has less RAM!).
When does that happen: After the eighth generation is found.
Reset-proof: No.
Can copy to hard disk: No.
Remark:  A rather nasty virus.  For starters,  it starts off with
the bytes you'd normally find on an MS-DOS disk,  i.e. all virus
killers think it's an MS-DOS bootsector.  Second,  it fools  the
user  by putting the message "Kein Virus im bootsector!" on  the
screen  at booting.  This is the boot message of the  virus-free
bootsector of the German virus killer "Sagrotan". It de-installs
itself  after three infections (i.e.  your computer  will  think
you've got 1/8th of your actual amount of RAM memory by then!).

Virus #62

Name: Ghost Virus I.
Discovery date: October 5th 1991 (Frank Jonkers).
Symptoms:  See virus #12 (Ghost Virus),  Unfortunately,  there is
some  corrupted  code in the virus copy routine so that  it  can
cause  a  disk to be corrupted (the bootsector  can  be  written
wrongly,   not   corrupting  the  actual  data  but  making   it
inaccessible).

Virus #63

Name: Menace Virus.
Type: Reset-proof memory-resident bootsector call virus.
Discovery date: Spring 1992 (David of H-Street).
Virus can copy to drive(s): Current floppy drive (A or B).
Virus  attaches  itself to:  XBIOS  vector,  Hdv_bpb  vector  and
interrupt level 4 interrupt; also undocumented reset-resistant.
Disks can be immunized against it: No.
What  can happen:  Overwrites the bootsector of your floppy  disk
with a message in an Elfish language (Tolkien).
When does that happen: After having made ten copies of itself.
Reset-proof: Yes.
Can copy to hard disk: No.
Remark:  This  virus uses TWO sectors on disk,  sector 1 and  10.
It's  rather  cleverly written and thought to come  from  Malta.
Several versions are believed to exist.

Virus #64

Name: Ashton Nirvana Virus.
Type: Reset-proof memory-resident bootsector virus.
Discovery date: Spring 1992 (David of H-Street).
Virus can copy to drive(s): Current floppy drive (A or B).
Virus  attaches  itself to:  Hdv_bpb  vector;  also  undocumented
reset-resistant.
Disks can be immunized against it: No.
What  can happen:  Random sectors will be read from  the  current
drive  (including  hard disk!) and written back  with  the  word
"ASHTON"  in  it.  This obviously corrupts your  media,  at  one
sector per Hdv_bpb use.
When does that happen:  Each time a floppy/hard disk is read from
or written to.
Reset-proof: Yes.
Can copy to hard disk: No. But it can damage data in it!
Remark:  Perhaps this virus was written by the same person as the
Menace Virus.  It's a nasty one as it can corrupt hard disks  as
well!

Virus #65

Name: Lietuva Virus.
Type: Reset-proof memory-resident bootsector virus.
Discovery date: Spring 1992 (Paragraph Headquarters).
Virus can copy to drive(s): Current floppy drive (A or B).
Virus  attaches  itself  to:   Vbl   queue,   resetvector;   also
undocumented reset-resistant.
Disks can be immunized against it: No.
What can happen: Bootsector will be zeroed.
When does that happen: After the first eight copies of itself are
made, and every six copies afterwards. A copy is made every time
a disk's bootsector is read/written.
Reset-proof: Yes.
Can copy to hard disk: No.
Remark: Written by a chap in the former U.S.S.R. who now lives in
Lithuania.  It  does not bend any actual system  variable  which
makes it rather revolutionary.

Virus #66

Name: Signum Virus D
Discovery date: March 25th 1992 (Volker Söhnitz)
Remark:  This  is an optimised version of the original  Signum  A
Virus,  which is also somewhat smaller in size.  It is no longer
immunizable  with the standard Signum immunization  (0.W  $6038)
but  instead  requires  to be immunized  with  2.W  $07C4.  This
effectively  makes  it  impossible  to  immunize  it  with   the
"Ultimate Virus Killer"...

Virus #67

Name: Zorro Virus A.
Type: Reset-proof memory-resident bootsector virus.
Discovery date: June 1992 (P. van Zanten)
Virus can copy to drive(s): Current floppy drive (A or B).
Virus attaches itself to:  Hdv_rw,  Hdv_bpb,  resvector and  also
undocumented reset-resistant.
Disks can be immunized against it: No.
What can happen: System will lock itself.
When  does  that happen:  After a specific number of  copies  are
made.
Reset-proof: Yes.
Can copy to hard disk: No.
Remark: A very complex virus that evaded virus killers previously
by  being  recognised  as an  MS-DOS  bootsector.  It's  heavily
encoded and installs itself in memory in a very complex way.  On
top  of that it seems capable of installing differently  encoded
versions  of  itself so that per definition each  copy  of  this
virus differs from all other copies of it.

Virus #68

Name: Zoch Virus.
Type: Memory-resident bootsector virus.
Discovery date: December 1992.
Virus can copy to drive(s): Current floppy drive (A or B).
Virus attaches itself to: Hdv_bpb.
Disks can be immunized against it: Yes (0.L $5A4F4348, "ZOCH").
Immunizable with UVK: No.
What can happen:  Text on screen ("The Night Force Virus  Breaker
by Zoch"), and copies itself.
When does that happen:  Text appears on installation.  It  copies
itself to all disks it is not on already.
Reset-proof: No.
Can copy to hard disk: No.
Remark:  To  all intent and purpose this virus was written as  an
anti-virus.   Unfortunately   it   copies  itself   across   ALL
bootsectors it finds with the exception of ones it finds  itself
on.  This means that it will destroy any previous program in the
bootsector, whether needed or virus!

Virus #69

Name: Macumba 3.3 Virus.
Type: Reset-proof memory-resident bootsector virus.
Discovery date: February 1993 (Chris Brookes).
Virus can copy to drive(s): Current floppy drive (A or B).
Virus attaches itself to: Hdv_bpb, undocumented reset-resistant.
Disks can be immunized against it: No.
What can happen: The system freezes totally and abruptly.
When  does that happen:  After a specific number of  copies  have
been made of itself.
Reset-proof: Yes.
Can copy to hard disk: No.
Remark:  This  virus also encodes itself and also fakes to be  an
MS-DOS disk (just like the Zorro Virus). Quite naughty.

Virus #70

Name: Zorro Virus B.
Discovery date: February 17th 1993 (Kenneth Elofsson)
Remark:  Virtually  identical  to  Zorro Virus  A,  so  refer  to
information given there. Only a few bytes have been changed.

Virus #71

Name: Beilstein Virus.
Type: Reset-proof memory-resident bootsector call virus.
Discovery date: March 16th 1993 (Volker Söhnitz).
Virus can copy to drive(s): Current floppy drive (A or B).
Virus attaches itself to:  Hdv_bpb,  Vbl_queue, Hdv_rw, Hdv_boot,
GEMDOS, XBIOS, regularly reset-resistant AND undocumented reset-
resistant.
Disks can be immunized against it: No.
What can happen,  and when:  1) It can delete specific files when
'MDISK', 'FCOPYIII', 'FCOPY3??', 'DISKUS', 'DISKDEMO', 'TED_???'
and  'G_COPY',  2) It can clear partition "C" of your hard  disk
when the virus in memory discovers that you are trying to  trace
it (trace bit set,  for example in a debugger), 3) It can create
garbage on your screen,  4) Keyboard,  mouse and joystick can be
disabled,  5)  Mouse  movements can be inverted (like  with  the
Ghost  Virus),  6)  Printer output can be  corrupted,  7)  Modem
output can be corrupted,  8) A bomb error can be created, 9) The
system can be frozen until you enter the password  "Apokalypse",
10) Memory can be cleared,  followed by a reset,  11) The  first
hundred sectors of a floppy disk can be cleared,  and 12) It can
delete a folder. These are quite an amount of things that can go
wrong!
Reset-proof: Yes.
Can copy to hard disk: No.
Remarks:  This virus also encodes itself and also fakes to be  an
MS-DOS disk (just like the Zorro Virus).  On top of that it uses
an  ingenious system where bits of its code are  swapped  around
and  where different bootsector offsets are used to make  things
extra difficult.  Even when not yet encoded,  there are at least
10  different versions that this virus can generate  of  itself.
With  encoding added,  over 650,000 versions of this  virus  can
exist. But that's not everything: The bootsector that was on the
disk before it got infected (e.g.  a virus free disk) is  stored
somewhere  else  and executed after the virus  installs  itself.
This  means  that the message "this is a virus free  disk"  will
STILL appear even after the disk has been infected! It is a very
complex virus that,  apart from the bootsector,  uses four other
sectors  on  disk that are marked BAD in the FAT  to  make  sure
they're  not overwritten.  The use of these four  extra  sectors
enable  the  virus  to  be  bigger  (hence  the  many  different
destruction  routines) and also allow it to buffer the  original
bootsector previously present on the disk.  The last naughty bit
about  this virus is that,  when it bends system  variables,  it
supplies regular XBRA ID codes of popular harmless  applications
to itself (for example HABO,  VREP,  VIRA, CB2K, SBTS and WINZ).
The "Ultimate Virus Killer" correctly recognises it anyway!
This  was without a doubt the most nasty virus so  far.  It  was
written  by a student from Beilstein,  a town in  South  Germany
(hence  its  name).  Officially,  it has only been  supplied  to
specific virus killer programmers.

Virus #72

Name: Temporary Madness Virus.
Type: Reset-proof memory-resident bootsector virus.
Discovery date: March 16th 1993 (Volker Söhnitz).
Virus can copy to drive(s): Current floppy drive (A or B).
Virus attaches itself to: Hdv_bpb, undocumented reset-resistant.
Disks can be immunized against it: No.
What can happen, and when: Every 65536 vertical blanks (on colour
that  means  about  every  22 minutes)  the  mouse  movement  is
inverted for about 10 seconds.
Reset-proof: Yes.
Can copy to hard disk: No.
Remark:  In  Germany,  this  virus  is also known  as  the  Mouse
Coordinate Virus.

Virus #73

Name: Darkness Virus (Nightmare of Brooklyn #2 'Darkness').
Type: Reset-proof memory-resident bootsector virus.
Discovery date: July 17th 1993 (Piotr Kowalczyk).
Virus can copy to drive(s): Current floppy drive (A or B).
Virus attaches itself to:  Hdv_bpb, undocumented reset-resistant,
resvector, vbl_queue.
Disks can be immunized against it: No.
What can happen: It can write garbage on the first 9 sectors of a
random track between 1 and 79.  The first of those sectors  will
then  contain  the text "Nightmare of Brooklyn  #2  'Darkness'".
Additionally, the virus can make the screen black.
When  does that happen:  The disk track garbage  writing  happens
every  other  8  copies that it writes  of  itself.  The  screen
blackening happens every 32768 vertical blanks (i.e. after about
11 minutes on colour monitors, about 7.5 minutes on monochrome).
Reset-proof: Yes.
Can copy to hard disk: No.
Remark:  First discovered in Poland. This virus uses an intricate
encoding method which,  like other recent viruses,  allows it to
create hundreds of differently recognisable versions of itself.

Virus #74

Name: Small Virus.
Type: Memory-resident bootsector virus.
Discovery date: Autumn 1993 (Chris Brookes).
Virus can copy to drive(s): Current floppy drive (A or B).
Virus attaches itself to: Hdv_bpb.
Disks can be immunized against it: No.
What can happen:  Nothing harmful actually. It has no destruction
routine nor a trigger routine.
When does that happen: Never.
Reset-proof: No.
Can copy to hard disk: No.
Remark:  Named  after the fact that it is very small,  less  than
half the bootsector size. Only copies itself. Nothing else.

Virus #75

Name: Ghost Virus J.
Type: Reset-proof memory-resident bootsector virus.
Discovery date: Autumn 1993 (ORQ Computer Group).
Virus can copy to drive(s): Current floppy drive (A or B).
Virus attaches itself to:  Hdv_bpb and resvector; it is also non-
documented reset-resistant.
Disks can be immunized against it: No.
What  can  happen:  Most likely nothing.  It is changed  (or  has
mutated) so that it manipulates a wrong memory value.  The mouse
pointer Y direction is NOT inverted.
When does that happen: After copying itself 10 times.
Reset-proof: Yes.
Can copy to hard disk: No.
Remark:  It is almost identical to Ghost Virus A,  much more than
the other variations.  It was discovered in Australia,  and also
known as Silent Virus.

Virus #76

Name: Zorro Virus C.
Type: Reset-proof memory-resident bootsector virus.
Discovery date: November 2nd 1993 (Piotr Kowalczyk)
Virus can copy to drive(s): Current floppy drive (A or B).
Virus attaches itself to:  Hdv_rw,  Hdv_bpb,  resvector and  also
undocumented reset-resistant.
Disks can be immunized against it: No.
What can happen: System will lock itself.
When  does that happen:  After a specific number of  copies  have
been made.
Reset-proof: Yes.
Can copy to hard disk: No.
Remark:  Although it does almost exactly the same as Zorro  Virus
A,  it  is much more different from it than Zorro Virus  B.  For
starters all its individual routines are  interchanged,  causing
the  unencoded virus start to be quite different  too.  It  also
installs itself on a different location in memory. This virus is
believed  to have been done in Poland,  which seems to  indicate
that  all version of the Zorro Virus were coded there.  It  also
goes  by  the  name  of Wredniak (which  is  Polish  for  "Nasty
Virus").

Virus #77

Name: Lucky Lady 1.02 Virus.
Type: Memory-resident bootsector virus.
Discovery date: February 1994.
Virus can copy to drive(s): Floppy drive A only.
Virus attaches itself to: Hdv_bpb and vbl queue.
Disks can be immunized against it: No.
What  can  happen:  A message ("Lucky Lady  rules  forever!")  is
printed on the screen continuously, locking your system. A reset
is the only way out.
When does that happen:  After about an hour (on monochrome 70 Hz)
or an hour and fifteen minutes (colour 50 Hz).
Reset-proof: No.
Can copy to hard disk: No.
Remark:  Coded  by  a female programmer who goes by the  name  of
Lucky Lady of Sector MP Inc. from Ljubljana, Slovenia (in former
Yugoslavia).  She has initiated some sort of bizarre 'war',  and
has vowed to write many more viruses to test both her talent  at
writing  them  and my talents at killing  them.  She  sends  her
latest creations to me by registered mail without  specification
of the sender.  Nothing much more is known about her, other than
that she studies at Ljubljana University. This virus is actually
prettily clumsily written, and used to get a VPF of 220% because
it used three separate instances of "rwabs", among other things.

Virus #78

Name: Lucky Lady 4.12 Virus.
Type: Reset-proof memory-resident bootsector call virus.
Discovery date: March 1994.
Virus can copy to drive(s): Floppy drive A only.
Virus attaches itself to: Hdv_bpb, resvector, vbl_queue.
Disks can be immunized against it: No.
What  can happen:  1) It puts message "Lucky Lady forbids you  to
load the UVK!" on screen,  then erases "UVK_x_x.PRG" files  from
current  drive when you try to load the "Ultimate Virus  Killer"
2)  Mouse cursor is changed from TOS arrow to Lucky Lady's  logo
(LL)  3) Screws up the screen 4) Logical clusters 351 & 352  are
overwritten and marked as 'bad' in the FAT (Every cluster  entry
after  351 is thus a "floating entry" if there was a file  (data
lost) present before on a disk).
When does that happen:  Message and "Ultimate Virus Killer"  file
erasing happens every time you want to load the "Ultimate  Virus
Killer".  Mouse cursor is changed after approximately 35 minutes
on monochrome (a bit longer on colour).  Clusters 351 & 352  are
lost during cloning i.e. during every drive A access.
Reset-proof: Yes.
Can copy to hard disk: No.
Remark:  Like  Lucky Lady 1.02,  this virus is written by a  girl
from  Slovenia as part of her bizarre 'war' (see previous  virus
remarks).  It's not called Lucky Lady B and the other one  Lucky
Lady  A because the viruses are totally different despite  their
similar  name.  This virus is much more complex and also  a  lot
more dangerous. It seems only to work on English versions of TOS
1.00,  where the file name of the file currently being loaded is
at a specific location.

Virus #79

Name: Anaconda Virus A.
Type: Reset-proof memory-resident bootsector virus.
Discovery date: February 1994.
Virus can copy to drive(s): Current floppy drive (A or B).
Virus   attaches  itself  to:   Hdv_bpb,   resvector   and   also
undocumented reset-resistant.
Disks can be immunized against it: No.
What  can  happen:  The  virus seems to be designed  to  print  a
message on the screen,  "MAUI viens de vous niquer" (this  means
something like "MAUI has just made fun of you",  only in  rather
more explicit French).  However,  there is reason to believe  it
will  in fact get fed a bogus text address and will  thus  print
garbage on the screen instead.
When  does that happen:  After 10 successful copies are  made  of
itself, and after that every 5 copies.
Reset-proof: Yes.
Can copy to hard disk: No.
Remark:  Virus is located at $140,  but after the first reset  it
relocates to phystop-$8200.  It is believed to have been written
by the Replicants,  a cracking group from France, but this is in
no  way  certain.  The text seems to indicate  a  French  origin
anyway.

Virus #80

Name: Lucky Lady Virus 1.03.
Type: Reset-proof memory-resident bootsector virus.
Discovery date: April 1994.
Virus can copy to drive(s): A.
Virus attaches itself to:  Hdv_bpb, undocumented reset-resistant,
resvector,  vbl_queue.
Disks can be immunized against it: No.
What can happen:  The message "Lucky Lady's your empress" appears
on screen after which your system locks up.
When does that happen: Virus activates itself after approximately
80-110 seconds; the system will lock itself somewhere between 45
and 65 minutes.
Reset-proof: Yes.
Can copy to hard disk: No.
Remark:  Like  the  other viruses of a  similar  name,  this  was
written  by  a Slovenian girl calling  herself  Lucky  Lady.  It
cleverly  disguises  itself as an "ST Format Cover Disk"  -  the
virus  is  a personal revenge against "ST Format"  writer  Clive
Parker  (who  once slagged off virus authors) - and  is  Falcon-
compatible.

Virus #81

Name: Anaconda Virus B.
Type: Reset-proof memory-resident bootsector virus.
Discovery date: Spring 1994.
Virus can copy to drive(s): Current floppy drive (A or B).
Virus   attaches  itself  to:   Hdv_bpb,   resvector   and   also
undocumented reset-resistant.
Disks can be immunized against it: No.
What  can  happen:  The virus prints the text "AKO-PADS"  on  the
screen.  Also, the virus will corrupt the disks it copies itself
to.
When  does that happen:  After 10 successful copies are  made  of
itself, and  after that after every 5 copies.
Reset-proof: Yes.
Can copy to hard disk: No.
Remark:  This is either an adapted version of Anaconda A,  or the
other way around.  There is no way to proof either. The virus is
also known as Ako Pads Virus.

Virus #82

Name: Pashley Virus.
Type: Memory-resident bootsector virus.
Discovery date: December 4th 1993.
Virus can copy to drive(s): Current floppy drive (A or B).
Virus attaches itself to: Hdv_bpb.
Disks can be immunized against it: Yes (executable).
Immunizable with UVK: Yes.
What can happen: Screen flashing red.
When  does that happen:  The flashing happens each time you  boot
with an infected disk in the boot drive.
Reset-proof: No.
Can copy to hard disk: No.
Remark:  Contains  the  texts "VIRUS KILLED BY  S.C.PASHLEY"  and
"ENGLAND" which are never printed on the screen. Hence the virus
name.  Virus bootsectors are actually left alone by the supposed
anti-virus as they are normally executable. Maybe this virus was
written by S.C.Pashley,  but probably not.  It is *not* an anti-
virus because it copies itself and does nothing against  viruses
as such.

Virus #83

Name: Gotcha Xeno Virus.
Type: Reset-proof memory-resident bootsector virus.
Discovery date: July 4th 1994 (Pawel Parys).
Virus can copy to drive(s): Current floppy drive (A or B).
Virus   attaches  itself  to:   Hdv_bpb,   resvector   and   also
undocumented reset-resistant.
Disks can be immunized against it: Yes ($1E.L $263C0000).
Immunizable with UVK: No.
What can happen: The virus will write garbage, headed by the text
"GOTCHA!"  on  random  tracks (1-64)  and  sectors  (0-7),  thus
damaging data.
When  does that happen:  After 10 successful copies are  made  of
itself, and after that after every 5 copies.
Reset-proof: Yes.
Can copy to hard disk: No.
Remark:  It is unclear whether this is actually the pre-virus  of
Anaconda,  or perhaps just another virus developed from it. Some
of its characteristics (such as the fact that it fully works and
that   it   can  principally  be  immunized   against)   warrant
classifying it as a separate virus.
The reason that it can not be immunized against by the "Ultimate
Virus  Killer"  despite location $1E not being occupied  by  any
other bits of the immunization scheme is that,  officially (i.e.
according to Atari's standards),  bootsector programs should not
start  prior to offset $3A.  To rule out  possible  problems,  I
decided to avoid it altogether.

Virus #84

Name: UVD Virus.
Type: Potentially reset-proof memory-resident bootsector virus.
Discovery date: October 1994.
Virus can copy to drive(s): Current floppy drive (A or B).
Virus attaches itself to: Hdv_bpb or hdv_mediach.
Disks can be immunized against it: No.
What can happen: The screen will display a text. Depending on its
configuration it can lock up the system afterwards.
When  does that happen:  After about 45 (monochrome 70 Hz) to  65
(colour 50 Hz)  minutes.
Reset-proof: Depends on its configuration.
Can copy to hard disk: No.
Remark: This  is a series of viruses that can be created  by  the
"Ultimate  Virus Designer",  a program written by the  Slovenian
Stonewashing  Organisation.   It  claims  almost  200  different
versions of this can be made,  depending on various configurable
parameters such as "offset",  "reset-proof yes/no", "hide behind
MS-DOS header yes/no",  "location in memory", "attach to hdv_bpb
or hdv_mediach" as well as two different 'destruction'  routines
or  'no'  destruction  routine.   All  these  versions  can   be
recognised.

Virus #85

Name: Tiny Virus.
Type: Memory-resident bootsector virus.
Discovery date: September 1994.
Virus can copy to drive(s): Floppy drive A only.
Virus attaches itself to: Hdv_bpb and vbl_queue
Disks can be immunized against it: No.
What can happen: Nothing. This virus just copies itself.
When does that happen: Well...never.
Reset-proof: No.
Can copy to hard disk: No.
Remark:  This is the smallest virus so far, occupying only 34% of
a bootsector. It was written by Lucky Lady.

Virus #86

Name: Kobold #2 Virus B.
Type: Memory-resident reset-proof bootsector virus.
Discovery date: October 10th 1994 (Dejan Orehek).
Virus can copy to drive(s): A (?).
Virus attaches itself to:  Hdv_bpb and resvector, vbl_queue; also
undocumented reset-resistant.
Disks can be immunized against it: No.
What  can happen:  The message "I LOVE JADRANKA" appears  on  the
screen.
When does that happen: Upon installation.
Reset-proof: Yes.
Can copy to hard disk: No.
Remark:  This is an adapted version of the Kobold #2 Virus, which
will henceforth be known as Kobold #2 Virus A.  The  destruction
routine  was removed so all this virus does it copy  itself  and
display  that message at startup.  The text message  is  encoded
within the virus with a hexadecimal decoding value of $21111968,
which  would  lead to thinking that November 21st  1968  is  the
birth  date  of either the author of Kobold #2 Virus B  or  this
mysterious girl, Jadranka.
This virus is probably of Balkan origin,  and might be as old as
from 1991.

Virus #87

Name: Signum Virus E.
Discovery date: September 19th 1994 (Mike Holmes).
Remark:  This  is  a  corrupt version of  the  original,  with  a
different  branch offset and faulty startup  code,  most  likely
leading to a system crash upon installation.  It cannot multiply
effectively.

Virus #88

Name: Macumba 5.2 Virus.
Type: Memory-resident reset-proof bootsector virus.
Discovery date: August 1994.
Virus can copy to drive(s): A or B (current drive).
Virus  attaches  itself  to:   Hdv_bpb  and  undocumented  reset-
resistant.
Disks  can  be  immunized against  it:  Yes  (executable  or  0.L
$EB909047).
Immunizable with UVK: Yes.
What can happen: This is not exactly known. Probably a crash?
When does that happen: Probably not too long after a reset.
Reset-proof: Yes.
Can copy to harddisk: No.
Remark:  To my shock,  I ran across a collection of Macumba Virus
installation  and recognition files,  leading to  the  following
conclusions.  First  of all,  it's written by someone  from  the
Netherlands.  Second, there are at least *19* different versions
of virus (0.9,  0.9a, 1.0, 2.0, 3.0, 3.1 TT, 3.2 TT, 3.3 TT, 3.4
TT, 3.5 TT, 3.6 TT, 3.7 TT, 3.8 TT, 3.9 TT, 4.0 TT, 4.0b TT, 5.0
Falcon  and 5.2 Falcon).  It seems we are dealing with  some  TT
compatible and Falcon compatible viruses here. Viruses 0.9, 0.9a
and 1.0 have bugs in them, so might not work/multiply properly.
I am currently trying hard to get my hands on the versions  that
are not yet recognised by the "Ultimate Virus Killer" (i.e.  all
of them with the exception of 3.3 TT and 5.2 Falcon).

Virus #89

Name: Vaccin-Gillus Virus.
Type: Memory-resident reset-proof bootsector virus.
Discovery date: August 18th 1994 (Mike Holmes).
Virus can copy to drive(s): Current floppy drive (A or B).
Virus attaches itself to:  Hdv_bpb,  resvector,  and undocumented
reset-resistant.
Disks can be immunized against it: No.
What  can happen:  Prints the text "VACCIN-GILLUS" on the  screen
whilst showing  wobbly colour thingy bars.
When does that happen: At booting with an infected disk.
Reset-proof: Yes.
Can copy to hard disk: No.
Remark:  This  was probably supposed to be an anti-virus,  or  at
least to look like one.  It copies itself right across any other
bootsector,  however,  and  does  not  work  against  any  other
viruses.

Virus #90

Name: Valkyrie Virus.
Type:  Memory-resident  reset-proof  (?)  bootsector'n'link  call
virus.
Discovery date: Late 1994.
Virus can copy to drive(s):  Current drive (A,  B or C). Can also
copy via LAN or MIDI networks.
Virus attaches itself to: Xbios and vbl_queue.
Disks can be immunized against it: No.
Immunizable with UVK: No.
What can happen: A variety of things. The part of this particular
version  that  was found will cause the Kobold #2  Virus  to  be
found on a disk upon reading the bootsector,  and the Lucky Lady
1.03 Virus to be written when writing to the bootsector.
When does that happen: During bootsector access.
Resetproof: Not known.
Can  copy  to  harddisk:  The virus as  a  whole  can,  but  this
particular segment only affects floppy disk drives.
Remark:  This  virus has not been properly encountered.  The  UVK
does  not recognise it on disk but only recognises  the  segment
that  attaches  itself to the XBIOS vector,  when the  virus  is
already in memory.

Virus #91

Name: Goblin Virus B.
Discovery date: May 1995.
Remark:  See Goblin Virus A (#19).  The only thing changed  about
this  version  if the initial branch code,  now preceeded  by  a
longword zero,  with an adapted BRA.  This virus,  together with
the  next two,  was sent in one batch by someone  anonymous  who
probably made these variations himself.  They all have in common
that  only the branch commands have been  modified,  effectively
disabling them from recognition by the UVK so far.

Virus #92

Name: Tiny Virus B.
Discovery date: May 1995.
Remark:  See  Tiny Virus A (#85) and Goblin Virus  B  (#91).  The
branch  was  changed to a NOP followed by  the  regular  branch,
adapted.

Virus #93

Name: Darkness Virus B (Nightmare of Brooklyn #2 'Darkness').
Discovery date: May 1995.
Remark:  See Darkness Virus A (#73) and Goblin Virus B (#91). The
branch was changed to BPL.

LINK VIRUSES

Virus #1

Name: Milzbrand.
Type: Non-resident non-overwriting link virus.
Discovery date: Spring 1988 (Wim Nottroth).
Symptoms:  When the date stamp is set to 1987,  it clears track 0
of  your floppy disk,  destroying all FAT data and  filling  the
bootsector  with  a message "Dies ist ein Virus!"  ("This  is  a
virus!").  Symptoms can vary because the virus was offered as a,
fully  documented,  type-in-listing (!) in the  German  magazine
"Computer  &  Technik"  and the reader could  easily  adapt  the
routines himself.
Remark:  This virus was written by Eckhard Krabel,  who lives  in
Berlin,  Germany.  It's  also  called Anthrax  Virus  (which  is
English for the original name in German).

Virus #2

Name: Virus Construction Set Part II.
Type: Non-resident non-overwriting link virus.
Discovery date: September 4th 1988 (Frank Lemmen).
Symptoms:  These  vary from the message "You have ten seconds  to
find  out  how  to prevent a reset"  (after  which  a  countdown
follows and a reset) to routines that can be written by the user
himself  - the "Virus Construction Set" is a program with  which
the  user  can create his own viruses!  Symptoms  are  therefore
without limit.
Remark: The "Virus Construction Set Part II" was published by GFE
R.  Becker KG,  Bad Soden am Taunus, West Germany. It used to be
for sale, but isn't any more.

Virus #3

Virus #3

Name: Uluru.
Type: Memory-resident non-overwriting link virus.
Discovery date: November 1988.
Symptoms:  Installs itself in memory but is not  reset-resistant.
It infects every programme that will be started once an infected
programme has caused it to be installed,  and only does this  on
drive  A or B,  and on files that are at least 10,000  bytes  in
size.  After a certain time, it writes a dummy text file on disk
when infecting a file. This text file contains the sentence ";-)
As MAD Zimmermann will be watching you )-;".
Remark: Also called Mad Zimmermann Virus, for obvious  reasons.

Virus #4

Name: Papa & Garfield.
Type: Memory-resistant reset-proof non-overwriting link virus.
Discovery date: November 1988.
Symptoms:  This is a reset-proof virus,  that installs itself  in
memory  when an infected program is loaded.  After  that,  every
other program that is loaded into memory is infected.  It can be
recognised  by  a flashing pixel in the left top corner  of  the
screen and the message "Garfield and Papa was here", preceded by
a bleep sound.
Remark:  Probably only works on one megabyte machines (or higher)
since it uses the absolute hexadecimal screen address $F8000.

Virus #5

Name: Crash.
Type: Memory-resident reset-proof non-overwriting link virus.
Discovery Date: March 20th 1989 (Claus-Peter Moeller).
Symptoms:  A reset-proof virus, that also installs itself in your
system and then infects every program you load in afterwards. Is
only active on the current drive,  but can copy itself into  any
folder. It's the only link virus that can even infect files that
have been immunized with the "Ultimate Virus Killer", i.e. files
with read-only status.
Remark: Probably programmed in Switzerland.

ANTI-VIRUSES

Anti-virus #1

Name: AntiVirus.
Remark:  There are sixteen different versions of this  AntiVirus,
which  were  all written by Helmut  Neunkirchen.  The  following
table  includes  them  all.  They  are  all  recognised  by  the
"Ultimate Virus Killer",  and the English versions of 5.1 can be
written using the 'REPAIR DISK' option.  The texts vary slightly
and are not specified here.  None of them copy to hard disk, and
none of them are reset-proof.
* Version 3.0GB
Discovery date: August 8th 1988.
Written on May 3rd 1988.
Symptoms:  On system boot-up,  a message appears on your  screen:
"This  Anti-virus beeps and flashes if the actual bootsector  is
executable then that might be a virus! Remove this Anti-virus by
reset!"  It multiplies itself to  other,  non-executable  floppy
disks.
* Version 3.0NL
Remark: This was a simple translation job by yours truly.
* Version 4.0
Written on August 21st 1988.
* Version 4.1
Written on September 21st 1988.
Remark:  Also  recognises  IBM disks on which it  does  not  copy
itself.
* Version 4.2
Written on September 21st 1988.
Remark:  A  version  of 4.2 that does not copy  itself  to  other
disks.
* Version 4.5
Written on October 18th 1988.
Remark: There are German and English versions of this AntiVirus.
* Version 4.6
Written on October 18th 1988.
Remark:  A  version  of 4.5 that does not copy  itself  to  other
disks.
* Version 4.8
Written on December 5th 1988.
Remark: Uses XBRA structures, completely reprogrammed.
* Version 5.0
Written on May 12th 1989.
Remark:  This  was a version released by  mistake,  and  actually
older than 4.10.
* Version 4.10
Written on May 19th 1989.
Remark: Calls itself 'VirusLähmer'.
* Version 4.11
Written on June 24th 1989.
Remark:  A  version  of 4.10 that does not copy itself  to  other
disks.
* Version 5.1
Written on April 23rd 1990.
Remark:  There  are  cloning  and non-cloning  versions  of  this
AntiVirus,   each  in  in  a  German  and  an  English  version.
Recognises  mutation,  and recognises disks that  are  immunized
using the "Ultimate Virus Killer".
If someone has remarks or suggestions about this  AntiVirus,  he
is  invited  to  write to  Helmut  at  Bönnersdyk  63,  D-47803,
Krefeld,   Germany.   Email  address:   hn@pool.informatik.rwth-
aachen.de.

Anti-virus #2

Name: Anti-Virus #2.
Discovery date: September 10th 1988.
Symptoms:  On system boot-up, a message appears on your screen at
the top line:  "ANTI-VIRUS".  It multiplies itself to other non-
executable disks, except when it's already present on them. When
an  executable bootsector is found,  it inverts all colours  and
bleeps.

Anti-virus #3

Name: Anti-Virus User V1.4.
Discovery date: May 30th 1989 (Carmen Brunner).
Symptoms:  Installs itself in memory and warns you when it  finds
certain disks:  RED = Virus 1 (Signum Virus),  PURPLE = Virus  2
(Mad Virus),  BLUE = Bootsector,  WHITE = Nothing. It multiplies
itself to WHITE disks on drive A only.  Its virus recognition is
very bad,  and many other disks are also suspected of being  RED
or PURPLE - including perfectly harmless ones.
Remark: Written by someone called Le Fele.

Anti-virus #4

Name: Anti-Virus #4.
Discovery date: June 28th 1989 (Wim Maarse).
Symptoms:  This anti-virus is reset-proof. It probably only works
on German Blitter TOS (TOS 1.02 version from 22.04.87), since it
uses an absolute ROM jump address to the Get_BPB routine of that
TOS. It copies to other disks.

Anti-virus #5

Name: Terminator V1.0.
Discovery date: March 1990.
Symptoms: Does not copy itself, and is reset-proof. Automatically
checks disks for executable bootsectors,  and checks memory  for
resident programs.
Remark:  Written  by  Claus-Georg  Frein for  a  commercial  copy
program called "Turbobooster".

Anti-virus #6

Name: Pashley Anti-Virus.
Discovery date: January 18th 1990 (Terry Simmons).
Symptoms: Copies itself to other disks, and will flash the screen
and beep when an executable bootsector is found.
Remark: Written by Simeon Pashley.

Anti-virus #7

Name: Powell Anti-Virus.
Discovery date: July 30th 1989 (George Woodside).
Symptoms:  Does  not copy itself to other disks.  Will bleep  and
flash the screen when an executable bootsector is found.
Remark: Written by virus killer programmer Mark S. Powell.

Anti-virus #8

Name: The Killer V2.0.
Discovery date: March 18th 1990 (George Woodside).
Symptoms:  Does not copy itself.  Outputs messages in French when
an executable bootsector is found.
Remark: Written by Emmanuel Collignon/Omikron France.

Anti-virus #9

Name: VKill Guard.
Discovery date: May 14th 1990.
Symptoms: Does not copy itself, yet installs itself in memory and
flashes  and beeps when executable bootsectors  are  found.  Its
sign-on message is 'This Guard remains active until reset. If it
detects  an executable bootsector,  it will beep and  flash  the
screen.'
Remark: Written by George Woodside for his program "VKill".

Anti-virus #10

Name: New Order Anti-Virus 1.02.
Discovery date: May 22nd 1990 (Glenn Robison).
Symptoms:  Prints message and locks up the computer when a  virus
is  found  to bend a vector.  It checks the  following  vectors:
Hdv_init,  Hdv_bpb,  Hdv_rw,  Hdv_boot,  Hdv_mediach,  BIOS  and
XBIOS.

Anti-virus #11

Name: Floppyshop Anti-Virus.
Disovery date: April 29th 1990 (Kevin Brown).
Symptoms:  Beeps  and  flashes  the  screen  when  an  executable
bootsector  is  found   that  doesn't  contain  itself.  Doesn't
multiply.

Anti-virus #12

Name: Protector II Anti-Virus.

Anti-virus #13

Name: Incoder Anti-Virus.
Discovery date: July 1990.
Symptoms: Checks the bootsector for the occurrence of the Hdv_bpb
address ($472). Checks if Hdv_bpb points at $FCxxxx or not (will
therefore imply something is wrong when you work on an  STE,  ST
Book, Falcon, or when you use a hard disk). If things are wrong,
it colours the screen and locks the system.  If things are OK it
will print "The Incoders - safe boot" and flash one colour.

Anti-virus #14

Name: Auntie-Virus.
Discovery date: Summer 1990 (David Heiland).
Symptoms:  Same  as  anti-virus  #1.  Only the  texts  have  been
changed.
Remark: Probably made in England.

Anti-virus #15

Name: Shadow Anti-Virus.
Discovery date: July 1990.
Symptoms:  Checks  the  system for  reset-resistant  programs  in
memory on boot-up. Not resident, does not copy itself.
Remark: Written by the Shadow of the Dynamic Duo, England.

Anti-virus #16

Name: Fury Anti-Virus.
Discovery date: August 24th 1990.
Symptoms:  Same  as  anti-virus #13,  of which it is  an  adapted
version.
Remark: Made by Fury of Legacy.

Anti-virus #17

Name: Unicorn Anti-Virus-Reset Anti-Virus.
Discovery date: December 11th 1990.
Symptoms:  It  is  a resident program that will clear  all  reset
vectors upon reset.
Remark: Probably written in Holland.

Anti-virus #18

Name: Zarko Berberski Anti-Virus.
Discovery date: Unknown (Mike Mee).
Symptoms:  There are two different versions of this.  One  copies
itself and one doesn't. They both have the additional ability to
wait 'x' seconds until the hard disk has finished booting.
Remark: Written by Zarko Berberski from Yugoslavia in a time when
it was still called Yugoslavia.

Anti-virus #19

Name: Odie Anti-Virus.
Discovery date: Unknown (Mike Mee).
Symptoms:  Puts  a picture of Odie (dog character  in  "Garfield"
cartoons) on the screen.  Is resident, and checks for executable
disks.  It will copy itself on non-executable disks, and it will
warn when it finds an executable disk that does not have  itself
on it (the screen is turned red).
Remark: Uses the XBRA protocol.

Anti-virus #20

Name: TDT 4.0 Antighost.
Discovery date: June 1992.
Symptoms:  Is  a resident anti-virus that copies itself across  a
bootsector that  it finds the Ghost Virus on.
Remark: Written by Altair in France.

Anti-virus #21

Name: Caledonia Exorcist 2.0.
Discovery date: December 1992.
Symptoms:  At startup it will put the message "Caledonia Exorcist
2.0" on the screen.  Whenever an executable bootsector is  found
during  it being resident in memory,  it will warn you.  At  any
time  you  can press ALT-HELP to have  this  anti-virus  install
itself on the current disk.  It will not copy itself without you
wanting it to.
Remark: Written for/by the Caledonia PD library. The copy routine
crashes  on my system.  Not to be confused with some virus  free
disks of the same name made by some French hackers.

Anti-virus #22

Name: Agrajag Boot 2.
Discovery date: July 1993.
Symptoms:  At startup it will put the message "AGRABOOT 2" on the
screen.  Whenever an executable bootsector is found while it  is
present in memory, the screen will flash. It will flash RED when
such a bootsector is suspicious. Upon starting it will also find
reset-proof  programs and the like.  It will not copy itself  to
any other disks of its own accord.
Remark: Written by Michael James from Glasgow, autumn 1992. Quite
a good anti-virus actually.

VIRUSES   KNOWN  TO  EXIST  BUT  NOT  RECOGNISED   BECAUSE   NOT
ENCOUNTERED YET

Unknown virus #1-#17: Macumba Virus

Several  different  versions of the Macumba Virus  (Cf.)  exist,
none  of which have been spotted so far and can therefore not  be
recognised  yet.  The following versions are known to  exist  but
cannot be recognised:  0.9,  0.9a, 1.0, 2.0, 3.0, 3.1 TT, 3.2 TT,
3.4 TT,  3.5 TT,  3.6 TT, 3.7 TT, 3.8 TT, 3.9 TT, 4.0 TT, 4.0b TT
and 5.0 Falcon.

Unknown virus #18: Valkyrie Virus

This  is an especially dangerous hybrid kind of  bootsector/link
virus  that spreads to hard disk files,  floppy disk  bootsectors
and,  via LAN or MIDI networks,  even to other systems connected.
It hides itself effectively,  and there are a few versions of  it
that  have  varying  destruction  routine  symptoms.  The  common
denominator was that, on January 8th (birthday of its programmer,
Lucky Lady from Slovenia), the screen would clear and the message
"I will never love again!" would appear on the screen.  A  system
infected  with the Valkyrie Virus will have a partition C  volume
name  with  "VLKY" encoded in it;  files infected  with  it  have
"VLKY" as last longword value.

A: Virus List