name	VIRDET

	title	VIRDET -- detects the Jerusalem virus in RAM
;
;	Looks for the string: E9 92 00 73 55 4D, in RAM and returns with
;	errorlevel 1 if it finds it, otherwise returns with 0.
;
START	segment	word public 'CODE'

	org	100h

	assume	CS:START,DS:START,SS:START

search	proc	near
	mov	ax,0
	mov	es,ax
;
;	Use ES as the segement for the target
;
	cld			;set to move forward
	mov bx,-0ffeh		;initialize search segment
	mov ax,7000h		;record current segment in AX
init2:	add bx,0ffeh		;increment search segment
	cmp ax,bx		;reached current segment?
	jb passed		;yes, then signature not found
	mov es,bx		;point ES to search segment
	mov di,0		;point DI to memory
	mov al,intro		;point SI to the string
	mov cx,0ffffh		;check 16 characters
init3:	repne scasb		;look for intro character
	jne init2		;continue search if compare failed
;
;	check for the rest of the string
;
	cmp	cx,16
	jb	init2		;don't go over boundary
	push	di		;save the pointer
	push	cx		;save the counter
	mov	cx,str_len
	mov	si,offset str	;remainder of string
	repe	cmpsb		;compare remainder of string
	pop	cx
	pop	di		;restore if search must go on
	jne	init3
;
fail:	mov	ax,4c01h
	int	21h	

passed:	mov	ax,4c00h
	int	21h

search	endp

str	db	92h,0,73h,55h,4Dh	;the rest of the string
str_len	equ	$-str

intro	db	0e9h		;the introductory character

START	ends

	end	search