Can you link the reset code you are looking at? I just checked elowar
http://amigadev.elowar.com/read/ADCD.../node02E3.html, PDF and the actual book, and they have the same code: reset is longword aligned and shares the same longword with jmp (a0) (which is the idea).
What I'm concerned about is jumping to a RAM address (too soon) after reset. Reset takes 132 cycles so there is plenty to time to fetch the next opcode, but at what point within those cycles is RAM replaced by ROM? Immediatelly, after the next opcode fetch, ...? If you jump into RAM (e.g. lea 2.w,a0 + jmp (a0)) does that work with all hardware profiles? So I consider jumping into ROM ($0fxxxxxx) safer.
About the reboot vectors. Yeah, manual exec nuke from the orbit (e.g. nuke exec base or one of checksumed vectors so the checksum doesn't match) is the only way to be sure. Or fix them and redo the checksum (well, as long as you assume the virus didn't take over your MMU). For example:
Code:
clr.l ColdCapture(a6)
clr.l CoolCapture(a6)
clr.l WarmCapture(a6)
lea SoftVer(a6),a0
moveq #(ChkSum-SoftVer)/2-1,d0
moveq #-1,d1
csum sub.w (a0)+,d1
dbf d0,csum
move.w d1,(a0)