Miscellaneous - The virus in the IS-DOS.

5mD VIRUS IN IP-DOS (C) 1997 Mechanic 
________________________________ I've heard that some people 
consider viruses naSpectrum'e frivolous thing. Indeed, when it 
comes to "Tape LoadingError System", talking about viruses 
neumes-ten. But when it comes to TR-DOS, IS-DOS, or another 
system, where lyubayaprogramma able to reach out to these 
programs, it is absolutely not related, noimeyuschih the 
honorary title of her neighbors in the on-kopitelyu to talk 
about viruses have. I met him One day, looking for new programs 
to distributivs IS-DOS Classic 4.5, I B-status and in turn ran 
all the *. com files that could. And then, quite randomly, find 
that one program izchisla my faithful trusted softavdrug change 
the length. Notice this meta-morphosis helped that prog-then 
this NADI Sal I, and well remember that in neynikak can not be 
2 blocks of length ... Here I was "struck" - Virus! This! I 
remember something in such cases, the Board-to-shaft Figurnov 
in their textbooks, and accurate, but copying a file on a 
couple of drives, kotoryhmne not too bad (no joke - live 
su-postat:-o). Then rebooting to staruyuispytannuyu version 
from 4/24/1994, and began to study-operate "trophy." What was 
found in this file, byloimenno with what I was there and was 
looking for. There sat ... yes, it is a virus, most such 
sebenastoyaschy. At first I was of course wildly Obrad-valsya: 
"Hurray .. finally .. .. It is finished now and we have .." and 
then - "Idiot! Chemuradueshsya?". This is where I began to 
realize that now all and sundry to become pi-write such 
"Microsoft" and poke their ku-da or falling. I also have now 
bo-rotsya a new challenge, without which, for bankers, it would 
be boring, but - calm-it. Previously, I have come across the 
program who can do all sorts of mischief, but they are 
non-breeding, like any normal virus.Etot same in infected files 
svoyutochnuyu creates a copy, so it's hard to understand 
ktoimenno someone infected. Since I made this kind of software 
be referred to as either the author's name or the name of the 
dock-General, who found a way to treat and avtorukazan was not, 
the parasite was nazvanvir00mc. Since the infected files I 
obnaruzhilesche in 2 other directories, then had to write to 
him, antivirus, which Guy and applications in the hope that it 
will put in the annex of. Who is he itself is quite harmless 
program-valued - all of her work is chtobyzarazit file his 
copy. It does not attempt to write a profanity-Xia, format 
dis-ki, pump passwords for E-mail:) it.d. It just so happens 
that when dopisy Vania-virus program to exebat.com 
village-glacial loses efficiency - all eerabota reduced to a 
system reset. Due-mined by the fact that exebat (and some 
other-Gia programs) have a length-critical faylaili other 
features that prevent them from well defined to work with such 
a "makeweight. Responds to the virus files rasshireniemc? M 
(com, cum, cam etc), which, when a start-infected programs are 
those-kuschem directory. The current directory - the ka-Taloga 
in which the cursor is (the description of loops which sits in 
a vector faylovoysluzhby), and not necessarily that 
Zara-adjoint *. com start up precisely because the virus 
travels nego.Tak directories iustroystvam. File number of the 
victim is taken from schetchikapreryvany keyboard driver and 
rounded up to us to 32. For normal zarazheniyafayla, open 
manner, the first 3bayta it should contain commands LD C, 
NOMER_RESTARTA RST # 10, which begins with the lion's share of 
all the *. com files in the IS-DOS. In addition, all 
opera-radio read / write should go without oshi-side - if any 
error occurs prirabote virus immediately gives 
upravlenieprogramme carrier. Using counter interrupt is ensured 
by accidental contamination of a file, each vedne same time 
there just sitting nuzhnyyc? M. After the opening, and 
determine if first file the commands, the virus zamenyaetih 
command CALL VIRUS, computes some necessary bias (for CALL 
VIRUS - too), extends file-sacrifice up to 255 bytes 
(inogdadlya that he has to translate the file vsegmentirovanny 
form) and then podgotav- they establish their body to unload, 
zapominaetv It has everything you need for a new virus-sa, 
unloads his new copy of elongated LIMITED file and restores the 
number restart the WSS body to work properly svoegosobstvennogo 
media (not just wages-adjoint), hiding the traces of work, 
vyzyvaetrezidenta team @ calc, opens a file that was opened 
before the launch of the virus (the no-action was a precaution 
read from $ FNUMB), and finally returns upravlenienositelyu, 
running first for his stolen-ing a team from the beginning of 
the file. Interestingly, the first team to unrecoverable, and 
theoretically possible but that the infected *. com with 
neodnokratnomperezapuske of entry points can zarazitneskolko 
files from one load to the PA-mashing. When working vir00mc 
uses the virtual disk, restart levels DOS, DUD iCOM, and also 
causes the resident zadachu.I all this in 255 bytes! We can 
only say that the virus NADI-san really cool, and to express 
gratitude zaeto its creators. About virus protection IP-DOSmogu 
advise reading these instruc-tions to the user IBM PC 
[replacing "IBMPC" to "ZX-Spectrum", a name nenapi-sled all 
programs: (accompanied by a transition of initial sigh]. All 
other ukazannyetam precautions will be superfluous-mi. I want 
to hope that the editors ZX-POWERbudet continue to collect and 
introduce chi-Tutelo with the latest virus industry, which 
should save all a lot of time inervov. Sincerely, Mechanic / 
X-Project E-mail: konstantin_k @ 
hotmail.com________________________________0 and 1,725,000