Can anyone explain this kind of virus to me?

[andreas]

Hi,

looking through another private collection, I found LOTS of "broken" disks which could be easily fixed in a blink of an eye, so that they work 100% afterwards.
Each disk had a provoked checksum error on Block 2.
(Codetapper, that's the same kind of thing that "infected" the Gridiron disk you cracked months ago).
The "fix" is trivial: just take a disk editor and change the 00000000 ( = nothing) at the beginning of the block to 00000008 (= data block).
There are NO OTHER modifications needed, even the checksum is the same like before, which means that some "routine" must obviously have been programmed to aim directly on block 2 and thus overwrite the data block signature with eight zeroes, whilst leaving every other stuff untouched. After that, the disk works without any further problems.
This must definitely be a common virus, but which?

[andreas]

s4murai, I believe it can be removed with DiskSalv as well, but that's not why I started this thread. I'd like to know the exact name of that beast (..... virus). Which viruskiller do you know that can definitely tell me more about this?

[RetroMan]

@andreas

I would mail the guys from Virus Help Denmark ( http://home4.inet.tele.dk/vht-dk/amiga/amiga.htm ), they may have a clue to your quest ..... also there are some Utils for download (like Virus Checker) which don´t kill the Virus, but identify them ..... and they also have a superb Amiga Virus Database on their site

[andreas]

thanks for the link first of all.
It's a pain that I'm currently on Linux here and can't use webspider-like tools (eg Offline Explorer). Because, if I download the virus encyclopaedia, then I'm gonna get the whole one at a time.

[Amiga1992]

Yes, VirusChecker has a nice database. I wold also recommend BootX, I think this one is not developed anymore.

[Overdoc]

I remember this virus called 'Lamer Exterminator' which I think didn't really do anything harmful, but nevertheless made disks sometimes unusable.
The funny thing however was that once the virus got removed from the bootblock, the disk would work again !
Maybe your virus is something similar ?

[Codetapper]

Although this could indeed be the work of a virus, it may also be a form of copy protection.

Do these disks with that checksum error on actually use that sector for any important data? It could be that the publishers put a deliberate error on a sector which isn't needed by the game purely so if someone tries to copy the disk, most copying programs will say "checksum error on track 0" and abort the copy.

The smarter programs would either automatically repair it or just copy it with the incorrect checksum.

My guess would be this situation occurs on the oldest games from around 1988 when people used to copy disks with the Workbench Disk Copy command. This deliberate error probably prevented that from working, thus possibly increasing sales of the original a bit.

The other thing to consider is if the game in question uses it's own MFM loader it can happily ignore all the checksum information and load the game anyway, knowing that it won't match. The checksum is only used by AmigaDos to verify the file is OK.

I assume from the investigation done that it does stuff up the games so they don't load, otherwise you probably wouldn't bother to post here.

I could be completely wrong of course and it maybe a virus but it seems to be a pretty stupid virus if that is all it does!

[MethodGit]

Speaking of checksum-modifying, is there any way to manually fix ADFs made from disk2fdi which are mostly riddled with tons of checksum errors (some kind of fault on the imaging process there I think)? The games appear to load and play as if they're absolutely OK, but when it comes to trying the copy the files to hard-disk (that is if the disk is dos-formatted, of course ), you will be denied from copying most of them because the system complains of a checksum error in them.

[andreas]

@Overdoc
I know Lamer Exterminator very well.
But Lamer came in two main types: the one made a random block UNUSABLE by filling it with LAMER!LAMER!LAMER!... crap.
As far as I remember, the block data previously contained in it was irreparably lost (unless it was an unused block, lucky you!).
The other type altered the boot-code: it changed the disk from bootable to non-bootable, making the WB hand show up at the start. If you installed a fresh AmigaDOS bootblock on it, it booted again.

@Codetapper

Well, sorta stupid virus it is, undoubtedly.
But I do NOT think this has something to do with copy-protection. I repeat again: the checksum IS CORRECT, the error happens because block #11 (for example) has a pointer to the next block, which is block #2 in this example! And as you know, if the data block chain (example: 11 - 2 - 3 - 4) gets broken up by an NON-DATA block (00000000, thus treated as "unreadable" [in this case block #2]!), AmigaDOS spits out a checksum error.
And I say it again, just change the 00000000 to 00000008 and the disk works again. without having to modify ANYTHING ELSE (including the checksum).

Quote:

I assume from the investigation done that it does stuff up the games so they don't load

Exactly. And they load again if you "repair" the block by giving the "data block status" back to it. Well you cracked Gridiron back then, so just look at the uncracked disk image originally posted here. It's the same thing as with the disks I'm currently checking.

This is either a virus OR it was a means in the past by cracking groups to make disks unreadable for others (yes that's a verified true story, I did get some disks into my hands from a (former) group member that had an intentional checksum error on block #881 - all the Amigas of the group members were equipped with a PATCHED (!) kickstart ROM).