%%File: VIRS0503.TXT
%%Name/Aliases: KOH, StealthBoot-D, King of Hearts, Potassium Hydroxide
%%Platform: PC/MS-DOS
%%Type: Boot sector., 
%%Disk Location: Floppy disk boot sector., Hard disk partition table.
%%Features: Direct acting.
%%Damage: 
%%Size: 
%%See Also: 
%%Notes: It basically encrypts disks for the user using a user-defined 
password - asking permission before infecting hard drives (and 
recommending a backup) and allowing a toggle-key for floppy  infection, 
as well as one for uninstallation from the hard-drive (complete 
decryption, removal of interrupt handlers, and replacement of the old 
Master Boot Record). 

The KOH virus comes in it's initial installation package as a 32000 byte 
COM.  It is a comparitively "user-friendly" virus, with un-installation 
routines and a floppy-infection toggle.  It's purpose is this: when run, 
it asks for a password - it will encrypt the floppy using this password 
and the IDEA encryption algorithm (not yet verified by my disassembly). 
When the floppy is rebooted from, it will ask for permission to infect 
the hard drive, and recommend a backup beforehand.  It will then ask for 
a  password for the Hard-Drive to be encrypted with, and ask whether to 
use IDEA encryption or a simple routine 

After the encryptions have been installed: the virus will ask for 
passwords on bootup for the Hard-drive and floppy - this will be used to  
encrypt/decrypt calls that would read or write to the disk.  The floppy  
password may be changed at any time, allowing the reading of any 
encrypted floppy as long as the user knows the password.  The function-
keys for the virus are as follows:

CTRL-ALT-K      Set new floppy password
CTRL-ALT-O      Toggle Floppy Infect
CTRL-ALT-H      Uninstall Virus From Hard-Drive

Notice that there is no floppy uninstall...