[marcodiego]

I really admire techniques that were used on DOS viruses. Resident viruses that could hide themselves (stealth) and able to use boot as a transmission vector were very advanced. This combined with polymorphic techniques made the virus very resistant, basically reboot resistant.

[LocalH]

Amiga viruses (especially earlier ones) had a much easier time of resisting reboot, as they could simply hook the CoolCapture vector to remain running. This was an otherwise officially supported mechanism - Commodore’s own “recoverable ramdisk” (RAD:) hooked CoolCapture to allow the OS to even boot from RAD: (useful on floppy-only, high-RAM systems to enhance system performance by literally diskcopying the boot disk onto RAD:, as it was usually set up to be the exact same size as a floppy, although this could be changed). Popular virus scanners like VirusX and VirusZ quickly became able to detect these hooks and optionally restore the vector to the OS default (which would kill RAD: on the next reboot if one was using it, but as hard drives became more common, fewer people used RAD: in this fashion, so it was less of a problem).