PSION CD 2

home *** CD-ROM | disk | FTP | other *** search
/ PSION CD 2 / PsionCDVol2.iso / Programs / 204 / VLIST.SIS < prev
EPOC Installation Package | 1998-08-12 | 595.7 KB
open in:
MacOS 8.1 extracted |
Win98 extracted |
DOS extracted
browse contents |
view JSON data |
view as text

This file was processed as: EPOC Installation Package (archive/epocInstallationPackage).
Confidence	Program	Detection	Match Type	Support
`100%`	dexvert	EPOC Installation Package `(archive/epocInstallationPackage)`	magic	Supported
`1%`	dexvert	Symbian Series 3 Installation file `(other/symbianSeries3InstallationFile)`	ext	Unsupported
`100%`	file	Symbian installation file (EPOC release 3/4/5)	default
`99%`	file	data	default
`100%`	TrID	EPOC Installation package (rel. 2,3,5)	default
`100%`	gt2	Kopftext: ' 4 Sm'	default (weak)
`100%`	xdgMime	application/vnd.symbian.install	default
hex view
+--------+-------------------------+-------------------------+--------+--------+
|00000000| 20 34 20 53 6d 00 00 10 | 19 04 00 10 03 e4 5b 4f | 4 Sm...|......[O|
|00000010| b2 2e 01 00 02 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|00000020| 64 00 00 00 00 00 00 00 | 01 00 00 00 00 00 00 00 |d.......|........|
|00000030| 44 00 00 00 46 00 00 00 | 8e 00 00 00 00 00 00 00 |D...F...|........|
|00000040| 8e 00 00 00 01 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|00000050| 00 00 10 00 00 00 96 00 | 00 00 18 00 00 00 a6 00 |........|........|
|00000060| 00 00 38 4b 09 00 f8 00 | 00 00 00 00 00 00 01 00 |..8K....|........|
|00000070| 00 00 02 00 00 00 12 00 | 00 00 be 00 00 00 1a 00 |........|........|
|00000080| 00 00 d0 00 00 00 88 02 | 00 00 30 4c 09 00 0e 00 |........|..0L....|
|00000090| 00 00 ea 00 00 00 43 3a | 5c 53 69 73 74 65 6d 70 |......C:|\Sistemp|
|000000a0| 5c 76 6c 69 73 74 21 3a | 5c 50 73 69 6f 6e 35 43 |\vlist!:|\Psion5C|
|000000b0| 44 31 5c 56 6c 69 73 74 | 5c 76 6c 69 73 74 43 3a |D1\Vlist|\vlistC:|
|000000c0| 5c 53 69 73 74 65 6d 70 | 5c 42 69 73 2e 74 78 74 |\Sistemp|\Bis.txt|
|000000d0| 21 3a 5c 50 73 69 6f 6e | 35 43 44 31 5c 56 6c 69 |!:\Psion|5CD1\Vli|
|000000e0| 73 74 5c 42 69 73 2e 74 | 78 74 56 6c 69 73 74 20 |st\Bis.t|xtVlist |
|000000f0| 35 39 34 2e 38 20 6b 42 | 37 00 00 10 6d 00 00 10 |594.8 kB|7...m...|
|00000100| 88 00 00 10 a8 15 08 55 | 0f 4b 09 00 02 00 00 00 |.......U|.K......|
|00000110| 00 00 00 00 00 00 0f 0a | 00 58 02 00 00 e8 03 00 |........|.X......|
|00000120| 00 01 00 00 00 00 00 00 | 00 01 00 00 00 00 00 00 |........|........|
|00000130| 00 01 00 00 00 d0 02 00 | 00 d0 02 00 00 a0 05 00 |........|........|
|00000140| 00 a0 05 00 00 a0 05 00 | 00 a0 05 00 00 01 00 00 |........|........|
|00000150| 00 00 00 00 00 00 00 00 | 00 00 5c 00 00 10 63 00 |........|..\...c.|
|00000160| 00 10 29 00 00 00 65 00 | 00 10 00 00 00 00 66 00 |..)...e.|......f.|
|00000170| 00 10 00 00 00 00 64 00 | 00 10 02 06 01 00 00 00 |......d.|........|
|00000180| 00 00 00 00 00 00 00 00 | 00 5c 00 00 10 63 00 00 |........|.\...c..|
|00000190| 10 31 00 00 00 65 00 00 | 10 00 00 00 00 66 00 00 |.1...e..|.....f..|
|000001a0| 10 00 00 00 00 64 00 00 | 10 02 06 fd 00 00 10 82 |.....d..|........|
|000001b0| 2e 00 00 c6 41 00 00 00 | 02 00 03 02 00 02 12 00 |....A...|........|
|000001c0| 02 07 02 00 00 00 06 01 | 0d 00 00 00 1c 8c 00 00 |........|........|
|000001d0| 00 22 06 41 72 69 61 6c | 00 02 00 04 02 02 07 04 |.".Arial|........|
|000001e0| 00 00 00 05 00 06 01 08 | 00 00 00 22 06 41 72 69 |........|...".Ari|
|000001f0| 61 6c 00 02 00 04 04 02 | 07 04 00 00 00 05 00 06 |al......|........|
|00000200| 01 08 00 00 00 22 06 41 | 72 69 61 6c 00 02 00 04 |.....".A|rial....|
|00000210| 06 02 07 04 00 00 00 05 | 00 06 01 08 00 00 00 22 |........|......."|
|00000220| 06 41 72 69 61 6c 00 02 | 00 04 08 02 07 04 00 00 |.Arial..|........|
|00000230| 00 05 00 06 01 08 00 00 | 00 22 06 41 72 69 61 6c |........|.".Arial|
|00000240| 00 02 00 04 0a 02 07 04 | 00 00 00 05 00 06 01 08 |........|........|
|00000250| 00 00 00 22 06 41 72 69 | 61 6c 00 02 00 04 0c 02 |...".Ari|al......|
|00000260| 07 04 00 00 00 05 00 06 | 01 08 00 00 00 22 06 41 |........|.....".A|
|00000270| 72 69 61 6c 00 02 00 04 | 0e 02 07 04 00 00 00 05 |rial....|........|
|00000280| 00 06 01 08 00 00 00 22 | 06 41 72 69 61 6c 00 02 |......."|.Arial..|
|00000290| 00 04 10 02 07 06 00 00 | 00 05 00 06 00 0f 01 19 |........|........|
|000002a0| 00 00 00 1c 90 01 00 00 | 1e 01 22 10 54 69 6d 65 |........|..".Time|
|000002b0| 73 20 4e 65 77 20 52 6f | 6d 61 6e 03 02 00 04 02 |s New Ro|man.....|
|000002c0| 00 02 00 01 7b 00 00 00 | b4 92 41 6e 74 69 2d 56 |....{...|..Anti-V|
|000002d0| 69 72 75 73 20 45 6e 63 | 79 63 6c 6f 70 65 64 69 |irus Enc|yclopedi|
|000002e0| 61 20 28 57 69 6c 64 20 | 6c 69 73 74 29 20 02 02 |a (Wild |list) ..|
|000002f0| 0f 00 00 00 1c 08 02 00 | 00 1e 01 22 06 41 72 69 |........|...".Ari|
|00000300| 61 6c 00 04 00 00 04 08 | 00 00 04 0c 00 00 04 10 |al......|........|
|00000310| 00 00 04 14 00 00 04 18 | 00 00 04 1c 00 00 04 20 |........|....... |
|00000320| 00 00 04 00 04 00 b4 6d | 02 54 68 69 73 20 73 70 |.......m|.This sp|
|00000330| 72 65 61 64 20 73 68 65 | 65 74 20 63 6f 6e 74 61 |read she|et conta|
|00000340| 69 6e 73 20 74 68 65 20 | 4a 6f 65 20 77 65 6c 6c |ins the |Joe well|
|00000350| 73 20 27 77 69 6c 64 20 | 6c 69 73 74 27 20 63 75 |s 'wild |list' cu|
|00000360| 72 72 65 6e 74 20 61 73 | 20 61 74 20 41 70 72 69 |rrent as| at Apri|
|00000370| 6c 20 27 39 38 2e 02 02 | 0d 00 00 00 1c 18 01 00 |l '98...|........|
|00000380| 00 22 06 41 72 69 61 6c | 00 04 04 00 04 08 04 00 |.".Arial|........|
|00000390| 04 0c 04 00 04 10 04 00 | 04 14 04 00 04 18 04 00 |........|........|
|000003a0| 04 00 08 00 b4 45 02 41 | 74 20 74 68 65 20 6d 6f |.....E.A|t the mo|
|000003b0| 6d 65 6e 74 20 74 68 65 | 72 65 20 61 72 65 20 6f |ment the|re are o|
|000003c0| 76 65 72 20 31 38 2c 30 | 30 30 20 76 69 72 75 73 |ver 18,0|00 virus|
|000003d0| 27 73 20 6f 66 20 77 68 | 69 63 68 20 31 31 31 30 |'s of wh|ich 1110|
|000003e0| 20 61 72 65 20 63 6f 6e | 73 69 64 65 72 65 64 02 | are con|sidered.|
|000003f0| 02 0d 00 00 00 1c 18 01 | 00 00 22 06 41 72 69 61 |........|..".Aria|
|00000400| 6c 00 04 08 00 04 08 08 | 00 04 0c 08 00 04 10 08 |l.......|........|
|00000410| 00 04 14 08 00 04 18 08 | 00 04 00 0c 00 b4 15 02 |........|........|
|00000420| 74 6f 20 62 65 20 27 69 | 6e 20 74 68 65 20 77 69 |to be 'i|n the wi|
|00000430| 6c 64 27 20 62 61 73 65 | 64 20 6f 6e 20 72 65 63 |ld' base|d on rec|
|00000440| 65 6e 74 20 72 65 70 6f | 72 74 73 20 74 6f 20 61 |ent repo|rts to a|
|00000450| 6e 74 69 2d 76 69 72 75 | 73 20 76 65 6e 64 6f 72 |nti-viru|s vendor|
|00000460| 73 2e 02 02 0d 00 00 00 | 1c 18 01 00 00 22 06 41 |s.......|.....".A|
|00000470| 72 69 61 6c 00 04 0c 00 | 04 08 0c 00 04 0c 0c 00 |rial....|........|
|00000480| 04 10 0c 00 04 14 0c 00 | 04 18 0c 00 04 00 10 00 |........|........|
|00000490| b4 5d 02 50 6c 65 61 73 | 65 20 6e 6f 74 65 20 74 |.].Pleas|e note t|
|000004a0| 68 61 74 20 74 68 65 20 | 77 69 6c 64 20 6c 69 73 |hat the |wild lis|
|000004b0| 74 20 63 68 61 6e 67 65 | 73 20 65 76 65 72 79 20 |t change|s every |
|000004c0| 6d 6f 6e 74 68 2c 20 74 | 68 69 73 20 73 70 72 65 |month, t|his spre|
|000004d0| 61 64 73 68 65 65 74 20 | 73 68 6f 75 6c 64 02 02 |adsheet |should..|
|000004e0| 0d 00 00 00 1c 18 01 00 | 00 22 06 41 72 69 61 6c |........|.".Arial|
|000004f0| 00 04 10 00 04 08 10 00 | 04 0c 10 00 04 10 10 00 |........|........|
|00000500| 04 14 10 00 04 18 10 00 | 04 00 14 00 b4 ba 6f 6e |........|......on|
|00000510| 6c 79 20 62 65 20 63 6f | 6e 73 69 64 65 72 65 64 |ly be co|nsidered|
|00000520| 20 61 20 27 73 6e 61 70 | 73 68 6f 74 27 20 6f 66 | a 'snap|shot' of|
|00000530| 20 41 70 72 69 6c 20 31 | 39 39 38 2e 02 02 0d 00 | April 1|998.....|
|00000540| 00 00 1c 18 01 00 00 22 | 06 41 72 69 61 6c 00 04 |......."|.Arial..|
|00000550| 14 00 04 08 14 00 04 0c | 14 00 04 10 14 00 04 14 |........|........|
|00000560| 14 00 04 18 14 00 04 00 | 18 00 a4 85 02 4e 6f 74 |........|.....Not|
|00000570| 65 3a 20 49 20 73 74 72 | 6f 6e 67 6c 79 20 72 65 |e: I str|ongly re|
|00000580| 63 6f 6d 6d 65 6e 64 20 | 75 73 69 6e 67 20 73 65 |commend |using se|
|00000590| 61 72 63 68 20 74 6f 20 | 67 65 74 20 74 68 65 20 |arch to |get the |
|000005a0| 62 65 73 74 20 6f 75 74 | 20 6f 66 20 74 68 69 73 |best out| of this|
|000005b0| 20 73 70 72 65 61 64 73 | 68 65 65 74 2e 04 18 00 | spreads|heet....|
|000005c0| 04 08 18 00 04 0c 18 00 | 04 10 18 00 04 14 18 00 |........|........|
|000005d0| 04 18 18 00 04 00 1c 00 | a4 65 02 50 61 75 6c 20 |........|.e.Paul |
|000005e0| 47 61 72 74 73 69 64 65 | 20 20 20 20 20 68 74 74 |Gartside|     htt|
|000005f0| 70 3a 2f 2f 77 77 77 2e | 70 61 75 6c 2d 67 2e 64 |p://www.|paul-g.d|
|00000600| 65 6d 6f 6e 2e 63 6f 2e | 75 6b 20 20 20 20 20 67 |emon.co.|uk     g|
|00000610| 61 72 74 79 40 70 61 75 | 6c 2d 67 2e 64 65 6d 6f |arty@pau|l-g.demo|
|00000620| 6e 2e 63 6f 2e 75 6b 04 | 1c 00 04 08 1c 00 04 0c |n.co.uk.|........|
|00000630| 1c 00 04 10 1c 00 04 14 | 1c 00 04 18 1c 00 04 00 |........|........|
|00000640| 20 00 a4 12 4e 61 6d 65 | 04 20 00 a4 12 54 79 70 | ...Name|. ...Typ|
|00000650| 65 08 20 00 a4 1e 49 6e | 66 65 63 74 73 0c 20 00 |e. ...In|fects. .|
|00000660| a4 1a 47 72 6f 77 74 68 | 10 20 00 a4 2e 44 65 73 |..Growth|. ...Des|
|00000670| 63 72 69 70 74 69 6f 6e | 14 20 00 04 18 20 00 04 |cription|. ... ..|
|00000680| 1c 20 00 00 20 20 00 00 | 00 24 00 b4 ba 20 28 4d |. ..  ..|.$... (M|
|00000690| 63 41 66 65 65 27 73 20 | 53 43 41 4e 20 63 61 6c |cAfee's |SCAN cal|
|000006a0| 6c 73 20 69 74 20 53 54 | 4f 4e 45 44 2e 4d 49 43 |ls it ST|ONED.MIC|
|000006b0| 48 45 4c 4c 41 4e 47 45 | 4c 4f 29 02 02 10 00 00 |HELLANGE|LO).....|
|000006c0| 00 22 0e 4d 53 20 53 61 | 6e 73 20 53 65 72 69 66 |.".MS Sa|ns Serif|
|000006d0| 03 04 24 00 b4 46 42 6f | 6f 74 20 73 65 63 74 6f |..$..FBo|ot secto|
|000006e0| 72 20 76 69 72 75 73 02 | 02 10 00 00 00 22 0e 4d |r virus.|.....".M|
|000006f0| 53 20 53 61 6e 73 20 53 | 65 72 69 66 03 08 24 00 |S Sans S|erif..$.|
|00000700| b4 dd 03 54 68 65 20 62 | 6f 6f 74 20 73 65 63 74 |...The b|oot sect|
|00000710| 6f 72 20 6f 66 20 66 6c | 6f 70 70 79 20 64 69 73 |or of fl|oppy dis|
|00000720| 6b 73 20 61 6e 64 20 74 | 68 65 20 70 61 72 74 69 |ks and t|he parti|
|00000730| 74 69 6f 6e 20 73 65 63 | 74 6f 72 20 6f 66 20 68 |tion sec|tor of h|
|00000740| 61 72 64 20 64 69 73 6b | 73 2c 20 77 68 65 6e 20 |ard disk|s, when |
|00000750| 74 68 65 20 50 43 20 69 | 73 20 62 6f 6f 74 65 64 |the PC i|s booted|
|00000760| 20 66 72 6f 6d 20 61 6e | 20 69 6e 66 65 63 74 65 | from an| infecte|
|00000770| 64 20 66 6c 6f 70 70 79 | 20 64 69 73 6b 2e 02 02 |d floppy| disk...|
|00000780| 10 00 00 00 22 0e 4d 53 | 20 53 61 6e 73 20 53 65 |....".MS| Sans Se|
|00000790| 72 69 66 03 0c 24 00 b4 | 06 2d 02 02 10 00 00 00 |rif..$..|.-......|
|000007a0| 22 0e 4d 53 20 53 61 6e | 73 20 53 65 72 69 66 03 |".MS San|s Serif.|
|000007b0| 10 24 00 b4 fd 07 4f 6e | 20 74 68 65 20 68 61 72 |.$....On| the har|
|000007c0| 64 20 64 69 73 6b 2c 20 | 74 68 65 20 6f 72 69 67 |d disk, |the orig|
|000007d0| 69 6e 61 6c 20 70 61 72 | 74 69 74 69 6f 6e 20 73 |inal par|tition s|
|000007e0| 65 63 74 6f 72 20 69 73 | 20 72 65 2d 6c 6f 63 61 |ector is| re-loca|
|000007f0| 74 65 64 20 74 6f 20 63 | 79 6c 69 6e 64 65 72 20 |ted to c|ylinder |
|00000800| 30 2c 20 68 65 61 64 20 | 30 2c 20 73 65 63 74 6f |0, head |0, secto|
|00000810| 72 20 37 2e 20 20 49 74 | 20 75 73 65 73 20 73 74 |r 7.  It| uses st|
|00000820| 65 61 6c 74 68 20 74 6f | 20 63 6f 6e 63 65 61 6c |ealth to| conceal|
|00000830| 20 69 74 73 65 6c 66 20 | 77 68 65 6e 20 6d 65 6d | itself |when mem|
|00000840| 6f 72 79 20 72 65 73 69 | 64 65 6e 74 2e 3c 70 3e |ory resi|dent.<p>|
|00000850| 0d 0a 54 68 65 20 76 69 | 72 75 73 20 75 73 65 73 |..The vi|rus uses|
|00000860| 20 31 4b 62 20 6f 66 20 | 52 41 4d 2e 20 20 54 68 | 1Kb of |RAM.  Th|
|00000870| 69 73 20 69 73 20 76 69 | 73 69 62 6c 65 20 77 68 |is is vi|sible wh|
|00000880| 65 6e 20 75 73 69 6e 67 | 20 74 68 65 20 44 4f 53 |en using| the DOS|
|00000890| 20 63 6f 6d 6d 61 6e 64 | 20 4d 45 4d 20 28 77 68 | command| MEM (wh|
|000008a0| 69 63 68 20 72 65 70 6f | 72 74 73 20 6c 65 73 73 |ich repo|rts less|
|000008b0| 20 74 68 61 6e 02 02 10 | 00 00 00 22 0e 4d 53 20 | than...|...".MS |
|000008c0| 53 61 6e 73 20 53 65 72 | 69 66 03 14 24 00 14 02 |Sans Ser|if..$...|
|000008d0| 06 10 00 00 00 22 0e 4d | 53 20 53 61 6e 73 20 53 |.....".M|S Sans S|
|000008e0| 65 72 69 66 03 02 16 04 | 18 24 00 04 00 28 00 b4 |erif....|.$...(..|
|000008f0| 1a 31 2d 69 6e 2d 38 02 | 02 10 00 00 00 22 0e 4d |.1-in-8.|.....".M|
|00000900| 53 20 53 61 6e 73 20 53 | 65 72 69 66 03 04 28 00 |S Sans S|erif..(.|
|00000910| b4 2e 46 69 6c 65 20 76 | 69 72 75 73 2e 02 02 10 |..File v|irus....|
|00000920| 00 00 00 22 0e 4d 53 20 | 53 61 6e 73 20 53 65 72 |...".MS |Sans Ser|
|00000930| 69 66 03 08 28 00 b4 1d | 04 54 68 65 20 6e 65 78 |if..(...|.The nex|
|00000940| 74 20 75 6e 69 6e 66 65 | 63 74 65 64 20 43 4f 4d |t uninfe|cted COM|
|00000950| 20 66 69 6c 65 2c 20 69 | 6e 20 74 68 65 20 63 75 | file, i|n the cu|
|00000960| 72 72 65 6e 74 20 64 69 | 72 65 63 74 6f 72 79 20 |rrent di|rectory |
|00000970| 6f 72 20 61 63 63 65 73 | 73 65 64 20 76 69 61 20 |or acces|sed via |
|00000980| 74 68 65 20 50 41 54 48 | 2c 20 6f 6e 20 65 78 65 |the PATH|, on exe|
|00000990| 63 75 74 69 6f 6e 20 6f | 66 20 61 6e 20 69 6e 66 |cution o|f an inf|
|000009a0| 65 63 74 65 64 20 66 69 | 6c 65 20 69 6e 20 61 6e |ected fi|le in an|
|000009b0| 79 20 64 69 72 65 63 74 | 6f 72 79 2e 02 02 10 00 |y direct|ory.....|
|000009c0| 00 00 22 0e 4d 53 20 53 | 61 6e 73 20 53 65 72 69 |..".MS S|ans Seri|
|000009d0| 66 03 0c 28 00 b4 2a 36 | 34 38 20 62 79 74 65 73 |f..(..*6|48 bytes|
|000009e0| 2e 02 02 10 00 00 00 22 | 0e 4d 53 20 53 61 6e 73 |......."|.MS Sans|
|000009f0| 20 53 65 72 69 66 03 10 | 28 00 b4 fd 07 4f 6e 65 | Serif..|(....One|
|00000a00| 2d 69 6e 2d 65 69 67 68 | 74 20 69 6e 66 65 63 74 |-in-eigh|t infect|
|00000a10| 69 6f 6e 73 20 6d 61 6b | 65 20 74 68 65 20 66 69 |ions mak|e the fi|
|00000a20| 6c 65 20 75 6e 75 73 61 | 62 6c 65 20 62 79 20 70 |le unusa|ble by p|
|00000a30| 61 74 63 68 69 6e 67 20 | 63 6f 64 65 20 66 6f 72 |atching |code for|
|00000a40| 20 61 20 72 65 2d 62 6f | 6f 74 20 61 74 20 74 68 | a re-bo|ot at th|
|00000a50| 65 20 62 65 67 69 6e 6e | 69 6e 67 20 6f 66 20 74 |e beginn|ing of t|
|00000a60| 68 65 20 66 69 6c 65 2e | 20 45 76 65 6e 74 75 61 |he file.| Eventua|
|00000a70| 6c 6c 79 20 43 4f 4d 4d | 41 4e 44 2e 43 4f 4d 20 |lly COMM|AND.COM |
|00000a80| 69 73 20 69 6e 66 65 63 | 74 65 64 2c 20 73 6f 20 |is infec|ted, so |
|00000a90| 74 68 61 74 20 77 68 65 | 6e 65 76 65 72 20 74 68 |that whe|never th|
|00000aa0| 65 20 50 43 20 69 73 20 | 73 74 61 72 74 65 64 20 |e PC is |started |
|00000ab0| 75 70 20 69 74 20 6a 75 | 73 74 20 6b 65 65 70 73 |up it ju|st keeps|
|00000ac0| 20 72 65 2d 62 6f 6f 74 | 69 6e 67 2e 20 54 68 65 | re-boot|ing. The|
|00000ad0| 20 73 65 63 6f 6e 64 73 | 20 66 69 65 6c 64 20 6f | seconds| field o|
|00000ae0| 66 20 74 68 65 20 64 69 | 72 65 63 74 6f 72 79 20 |f the di|rectory |
|00000af0| 69 73 20 75 73 65 64 20 | 74 6f 20 73 02 02 10 00 |is used |to s....|
|00000b00| 00 00 22 0e 4d 53 20 53 | 61 6e 73 20 53 65 72 69 |..".MS S|ans Seri|
|00000b10| 66 03 14 28 00 14 02 06 | 10 00 00 00 22 0e 4d 53 |f..(....|....".MS|
|00000b20| 20 53 61 6e 73 20 53 65 | 72 69 66 03 02 16 04 18 | Sans Se|rif.....|
|00000b30| 28 00 04 00 2c 00 b4 26 | 31 30 20 50 61 73 74 20 |(...,..&|10 Past |
|00000b40| 33 02 02 10 00 00 00 22 | 0e 4d 53 20 53 61 6e 73 |3......"|.MS Sans|
|00000b50| 20 53 65 72 69 66 03 04 | 2c 00 b4 6e 4d 65 6d 6f | Serif..|,..nMemo|
|00000b60| 72 79 20 72 65 73 69 64 | 65 6e 74 20 66 69 6c 65 |ry resid|ent file|
|00000b70| 20 76 69 72 75 73 2e 02 | 02 10 00 00 00 22 0e 4d | virus..|.....".M|
|00000b80| 53 20 53 61 6e 73 20 53 | 65 72 69 66 03 08 2c 00 |S Sans S|erif..,.|
|00000b90| b4 5d 02 43 4f 4d 20 66 | 69 6c 65 73 20 6f 6e 20 |.].COM f|iles on |
|00000ba0| 65 78 65 63 75 74 69 6f | 6e 2e 20 4f 6e 6c 79 20 |executio|n. Only |
|00000bb0| 66 69 6c 65 73 20 62 65 | 74 77 65 65 6e 20 34 20 |files be|tween 4 |
|00000bc0| 61 6e 64 20 36 34 2c 34 | 39 36 20 62 79 74 65 73 |and 64,4|96 bytes|
|00000bd0| 20 61 72 65 20 69 6e 66 | 65 63 74 65 64 2e 02 02 | are inf|ected...|
|00000be0| 10 00 00 00 22 0e 4d 53 | 20 53 61 6e 73 20 53 65 |....".MS| Sans Se|
|00000bf0| 72 69 66 03 0c 2c 00 b4 | 2a 37 34 38 20 62 79 74 |rif..,..|*748 byt|
|00000c00| 65 73 2e 02 02 10 00 00 | 00 22 0e 4d 53 20 53 61 |es......|.".MS Sa|
|00000c10| 6e 73 20 53 65 72 69 66 | 03 10 2c 00 b4 fd 07 4f |ns Serif|..,....O|
|00000c20| 6e 20 74 68 65 20 32 32 | 6e 64 20 6f 66 20 65 61 |n the 22|nd of ea|
|00000c30| 63 68 20 6d 6f 6e 74 68 | 2c 20 74 68 65 20 50 43 |ch month|, the PC|
|00000c40| 20 72 65 2d 62 6f 6f 74 | 73 2e 20 4f 6e 20 76 61 | re-boot|s. On va|
|00000c50| 72 69 6f 75 73 20 64 61 | 74 65 73 2c 20 76 61 72 |rious da|tes, var|
|00000c60| 69 6f 75 73 20 70 65 72 | 69 70 68 65 72 61 6c 73 |ious per|ipherals|
|00000c70| 20 61 72 65 20 64 69 73 | 61 62 6c 65 64 20 6f 72 | are dis|abled or|
|00000c80| 20 6d 61 64 65 20 75 6e | 72 65 6c 69 61 62 6c 65 | made un|reliable|
|00000c90| 3a 3c 70 3e 0d 0a 31 73 | 74 09 09 09 4b 65 79 62 |:<p>..1s|t...Keyb|
|00000ca0| 6f 61 72 64 3c 70 3e 0d | 0a 31 30 74 68 09 48 61 |oard<p>.|.10th.Ha|
|00000cb0| 72 64 20 64 69 73 6b 3c | 70 3e 0d 0a 31 36 74 68 |rd disk<|p>..16th|
|00000cc0| 09 4d 6f 6e 69 74 6f 72 | 3c 70 3e 0d 0a 32 39 74 |.Monitor|<p>..29t|
|00000cd0| 68 09 44 69 73 6b 73 3c | 70 3e 0d 0a 42 65 74 77 |h.Disks<|p>..Betw|
|00000ce0| 65 65 6e 20 31 35 3a 31 | 30 20 61 6e 64 20 31 35 |een 15:1|0 and 15|
|00000cf0| 3a 31 33 20 65 61 63 68 | 20 64 61 79 2c 20 61 20 |:13 each| day, a |
|00000d00| 6b 65 79 62 6f 61 72 64 | 20 74 72 69 63 6b 20 69 |keyboard| trick i|
|00000d10| 73 20 69 6e 73 74 61 6c | 6c 65 64 20 77 68 02 02 |s instal|led wh..|
|00000d20| 10 00 00 00 22 0e 4d 53 | 20 53 61 6e 73 20 53 65 |....".MS| Sans Se|
|00000d30| 72 69 66 03 14 2c 00 14 | 02 06 10 00 00 00 22 0e |rif..,..|......".|
|00000d40| 4d 53 20 53 61 6e 73 20 | 53 65 72 69 66 03 02 16 |MS Sans |Serif...|
|00000d50| 04 18 2c 00 04 00 30 00 | b4 26 31 30 30 20 59 65 |..,...0.|.&100 Ye|
|00000d60| 61 72 73 02 02 10 00 00 | 00 22 0e 4d 53 20 53 61 |ars.....|.".MS Sa|
|00000d70| 6e 73 20 53 65 72 69 66 | 03 04 30 00 b4 6e 4d 65 |ns Serif|..0..nMe|
|00000d80| 6d 6f 72 79 20 72 65 73 | 69 64 65 6e 74 20 66 69 |mory res|ident fi|
|00000d90| 6c 65 20 76 69 72 75 73 | 2e 02 02 10 00 00 00 22 |le virus|......."|
|00000da0| 0e 4d 53 20 53 61 6e 73 | 20 53 65 72 69 66 03 08 |.MS Sans| Serif..|
|00000db0| 30 00 b4 aa 43 4f 4d 20 | 61 6e 64 20 45 58 45 20 |0...COM |and EXE |
|00000dc0| 66 69 6c 65 73 20 6f 6e | 20 61 6c 6d 6f 73 74 20 |files on| almost |
|00000dd0| 61 6e 79 20 6f 70 65 72 | 61 74 69 6f 6e 2e 02 02 |any oper|ation...|
|00000de0| 10 00 00 00 22 0e 4d 53 | 20 53 61 6e 73 20 53 65 |....".MS| Sans Se|
|00000df0| 72 69 66 03 0c 30 00 b4 | bd 03 34 2c 30 39 36 20 |rif..0..|..4,096 |
|00000e00| 62 79 74 65 73 2e 20 57 | 68 65 6e 20 74 68 65 20 |bytes. W|hen the |
|00000e10| 76 69 72 75 73 20 69 73 | 20 6d 65 6d 6f 72 79 20 |virus is| memory |
|00000e20| 72 65 73 69 64 65 6e 74 | 2c 20 69 74 20 75 73 65 |resident|, it use|
|00000e30| 73 20 73 74 65 61 6c 74 | 68 20 74 6f 20 63 6f 6e |s stealt|h to con|
|00000e40| 63 65 61 6c 20 74 68 65 | 20 69 6e 63 72 65 61 73 |ceal the| increas|
|00000e50| 65 20 69 6e 20 66 69 6c | 65 20 73 69 7a 65 20 6f |e in fil|e size o|
|00000e60| 66 20 69 6e 66 65 63 74 | 65 64 20 66 69 6c 65 73 |f infect|ed files|
|00000e70| 2e 02 02 10 00 00 00 22 | 0e 4d 53 20 53 61 6e 73 |......."|.MS Sans|
|00000e80| 20 53 65 72 69 66 03 10 | 30 00 b4 fd 07 46 72 6f | Serif..|0....Fro|
|00000e90| 64 6f 20 67 6f 65 73 20 | 6d 65 6d 6f 72 79 20 72 |do goes |memory r|
|00000ea0| 65 73 69 64 65 6e 74 20 | 77 68 65 6e 20 61 6e 20 |esident |when an |
|00000eb0| 69 6e 66 65 63 74 65 64 | 20 70 72 6f 67 72 61 6d |infected| program|
|00000ec0| 20 69 73 20 72 75 6e 2e | 20 49 74 20 74 68 65 6e | is run.| It then|
|00000ed0| 20 69 6e 66 65 63 74 73 | 20 43 4f 4d 20 61 6e 64 | infects| COM and|
|00000ee0| 20 45 58 45 20 66 69 6c | 65 73 20 6f 6e 20 61 6c | EXE fil|es on al|
|00000ef0| 6d 6f 73 74 20 61 6e 79 | 20 6f 70 65 72 61 74 69 |most any| operati|
|00000f00| 6f 6e 2e 20 46 72 6f 64 | 6f 20 61 64 64 73 20 31 |on. Frod|o adds 1|
|00000f10| 30 30 20 79 65 61 72 73 | 20 74 6f 20 74 68 65 20 |00 years| to the |
|00000f20| 66 69 6c 65 20 64 61 74 | 65 20 61 73 20 61 20 73 |file dat|e as a s|
|00000f30| 65 6c 66 20 72 65 63 6f | 67 6e 69 74 69 6f 6e 20 |elf reco|gnition |
|00000f40| 28 44 4f 53 20 64 69 73 | 70 6c 61 79 73 20 6f 6e |(DOS dis|plays on|
|00000f50| 6c 79 20 74 68 65 20 6c | 61 73 74 20 74 77 6f 20 |ly the l|ast two |
|00000f60| 64 69 67 69 74 73 2c 20 | 73 6f 20 74 68 69 73 20 |digits, |so this |
|00000f70| 63 68 61 6e 67 65 20 69 | 73 20 6e 6f 74 20 6e 6f |change i|s not no|
|00000f80| 74 69 63 65 61 62 6c 65 | 3b 20 61 6e 02 02 10 00 |ticeable|; an....|
|00000f90| 00 00 22 0e 4d 53 20 53 | 61 6e 73 20 53 65 72 69 |..".MS S|ans Seri|
|00000fa0| 66 03 14 30 00 14 02 06 | 10 00 00 00 22 0e 4d 53 |f..0....|....".MS|
|00000fb0| 20 53 61 6e 73 20 53 65 | 72 69 66 03 02 16 04 18 | Sans Se|rif.....|
|00000fc0| 30 00 04 00 34 00 b4 12 | 31 30 39 39 02 02 10 00 |0...4...|1099....|
|00000fd0| 00 00 22 0e 4d 53 20 53 | 61 6e 73 20 53 65 72 69 |..".MS S|ans Seri|
|00000fe0| 66 03 04 34 00 b4 6e 4d | 65 6d 6f 72 79 20 72 65 |f..4..nM|emory re|
|00000ff0| 73 69 64 65 6e 74 20 66 | 69 6c 65 20 76 69 72 75 |sident f|ile viru|
|00001000| 73 2e 02 02 10 00 00 00 | 22 0e 4d 53 20 53 61 6e |s.......|".MS San|
|00001010| 73 20 53 65 72 69 66 03 | 08 34 00 b4 4a 43 4f 4d |s Serif.|.4..JCOM|
|00001020| 20 61 6e 64 20 45 58 45 | 20 66 69 6c 65 73 2e 02 | and EXE| files..|
|00001030| 02 10 00 00 00 22 0e 4d | 53 20 53 61 6e 73 20 53 |.....".M|S Sans S|
|00001040| 65 72 69 66 03 0c 34 00 | b4 56 31 2c 30 39 39 20 |erif..4.|.V1,099 |
|00001050| 74 6f 20 31 2c 31 31 35 | 20 62 79 74 65 73 2e 02 |to 1,115| bytes..|
|00001060| 02 10 00 00 00 22 0e 4d | 53 20 53 61 6e 73 20 53 |.....".M|S Sans S|
|00001070| 65 72 69 66 03 10 34 00 | b4 fd 07 54 68 69 73 20 |erif..4.|...This |
|00001080| 76 69 72 75 73 20 67 6f | 65 73 20 6d 65 6d 6f 72 |virus go|es memor|
|00001090| 79 20 72 65 73 69 64 65 | 6e 74 20 69 6e 20 74 68 |y reside|nt in th|
|000010a0| 65 20 60 54 77 69 78 74 | 27 20 72 65 67 69 6f 6e |e `Twixt|' region|
|000010b0| 20 6f 66 20 6d 65 6d 6f | 72 79 20 28 61 62 6f 76 | of memo|ry (abov|
|000010c0| 65 20 44 4f 53 20 6d 65 | 6d 6f 72 79 20 62 75 74 |e DOS me|mory but|
|000010d0| 20 62 65 6c 6f 77 20 74 | 68 65 20 74 6f 70 20 6f | below t|he top o|
|000010e0| 66 20 42 49 4f 53 20 6d | 65 6d 6f 72 79 29 20 62 |f BIOS m|emory) b|
|000010f0| 79 20 73 68 72 69 6e 6b | 69 6e 67 20 74 68 65 20 |y shrink|ing the |
|00001100| 6c 61 73 74 20 44 4f 53 | 20 4d 43 42 20 74 6f 20 |last DOS| MCB to |
|00001110| 6d 61 6b 65 20 72 6f 6f | 6d 20 66 6f 72 20 69 74 |make roo|m for it|
|00001120| 2e 20 49 74 20 64 6f 65 | 73 20 6e 6f 74 20 68 61 |. It doe|s not ha|
|00001130| 76 65 20 61 6e 79 20 73 | 74 65 61 6c 74 68 20 6d |ve any s|tealth m|
|00001140| 65 63 68 61 6e 69 73 6d | 20 73 6f 20 74 68 65 20 |echanism| so the |
|00001150| 66 69 6c 65 20 67 72 6f | 77 74 68 20 69 73 20 65 |file gro|wth is e|
|00001160| 61 73 69 6c 79 20 76 69 | 73 69 62 6c 65 2e 3c 70 |asily vi|sible.<p|
|00001170| 3e 0d 0a 57 68 65 6e 20 | 69 74 02 02 10 00 00 00 |>..When |it......|
|00001180| 22 0e 4d 53 20 53 61 6e | 73 20 53 65 72 69 66 03 |".MS San|s Serif.|
|00001190| 14 34 00 14 02 06 10 00 | 00 00 22 0e 4d 53 20 53 |.4......|..".MS S|
|000011a0| 61 6e 73 20 53 65 72 69 | 66 03 02 16 04 18 34 00 |ans Seri|f.....4.|
|000011b0| 04 00 38 00 b4 12 31 30 | 41 4d 02 02 10 00 00 00 |..8...10|AM......|
|000011c0| 22 0e 4d 53 20 53 61 6e | 73 20 53 65 72 69 66 03 |".MS San|s Serif.|
|000011d0| 04 38 00 b4 6e 4d 65 6d | 6f 72 79 20 72 65 73 69 |.8..nMem|ory resi|
|000011e0| 64 65 6e 74 20 66 69 6c | 65 20 76 69 72 75 73 2e |dent fil|e virus.|
|000011f0| 02 02 10 00 00 00 22 0e | 4d 53 20 53 61 6e 73 20 |......".|MS Sans |
|00001200| 53 65 72 69 66 03 08 38 | 00 b4 0d 07 43 4f 4d 20 |Serif..8|....COM |
|00001210| 61 6e 64 20 45 58 45 20 | 66 69 6c 65 73 20 6f 6e |and EXE |files on|
|00001220| 20 65 78 65 63 75 74 69 | 6f 6e 20 61 6e 64 20 63 | executi|on and c|
|00001230| 6f 70 79 69 6e 67 2c 20 | 65 78 63 65 70 74 20 74 |opying, |except t|
|00001240| 68 6f 73 65 20 73 6d 61 | 6c 6c 65 72 20 74 68 61 |hose sma|ller tha|
|00001250| 6e 20 74 68 65 20 76 69 | 72 75 73 20 69 74 73 65 |n the vi|rus itse|
|00001260| 6c 66 20 61 6e 64 20 74 | 68 6f 73 65 20 73 65 74 |lf and t|hose set|
|00001270| 20 74 6f 20 72 65 61 64 | 2d 6f 6e 6c 79 2e 20 43 | to read|-only. C|
|00001280| 4f 4d 4d 41 4e 44 2e 43 | 4f 4d 20 69 73 20 69 6e |OMMAND.C|OM is in|
|00001290| 66 65 63 74 65 64 20 69 | 6d 6d 65 64 69 61 74 65 |fected i|mmediate|
|000012a0| 6c 79 2c 20 73 6f 20 63 | 6f 6e 74 72 6f 6c 20 69 |ly, so c|ontrol i|
|000012b0| 73 20 74 61 6b 65 6e 20 | 61 73 20 73 6f 6f 6e 20 |s taken |as soon |
|000012c0| 61 73 20 74 68 65 20 50 | 43 20 69 73 20 62 6f 6f |as the P|C is boo|
|000012d0| 74 65 64 2e 20 44 61 74 | 65 2f 74 69 6d 65 20 61 |ted. Dat|e/time a|
|000012e0| 72 65 20 70 72 65 73 65 | 72 76 65 64 2e 02 02 10 |re prese|rved....|
|000012f0| 00 00 00 22 0e 4d 53 20 | 53 61 6e 73 20 53 65 72 |...".MS |Sans Ser|
|00001300| 69 66 03 0c 38 00 b4 c2 | 4d 75 72 70 68 79 2d 31 |if..8...|Murphy-1|
|00001310| 3a 20 31 2c 32 37 37 20 | 62 79 74 65 73 2e 3c 62 |: 1,277 |bytes.<b|
|00001320| 72 3e 4d 75 72 70 68 79 | 2d 32 3a 20 31 2c 35 32 |r>Murphy|-2: 1,52|
|00001330| 31 20 62 79 74 65 73 2e | 02 02 10 00 00 00 22 0e |1 bytes.|......".|
|00001340| 4d 53 20 53 61 6e 73 20 | 53 65 72 69 66 03 10 38 |MS Sans |Serif..8|
|00001350| 00 b4 fd 07 44 69 73 6b | 20 65 72 72 6f 72 20 6d |....Disk| error m|
|00001360| 65 73 73 61 67 65 73 20 | 61 72 65 20 64 69 73 61 |essages |are disa|
|00001370| 62 6c 65 64 2c 20 62 75 | 74 20 62 65 63 61 75 73 |bled, bu|t becaus|
|00001380| 65 20 6f 66 20 62 75 67 | 73 20 69 6e 20 74 68 65 |e of bug|s in the|
|00001390| 20 63 6f 64 65 20 74 68 | 65 20 44 4f 53 20 57 72 | code th|e DOS Wr|
|000013a0| 69 74 65 20 70 72 6f 74 | 65 63 74 20 65 72 72 6f |ite prot|ect erro|
|000013b0| 72 20 77 72 69 74 69 6e | 67 20 64 72 69 76 65 20 |r writin|g drive |
|000013c0| 58 3a 20 41 62 6f 72 74 | 2c 20 52 65 74 72 79 2c |X: Abort|, Retry,|
|000013d0| 20 49 67 6e 6f 72 65 3f | 20 6d 65 73 73 61 67 65 | Ignore?| message|
|000013e0| 20 6d 61 79 20 62 65 20 | 64 69 73 70 6c 61 79 65 | may be |displaye|
|000013f0| 64 20 73 65 76 65 72 61 | 6c 20 74 69 6d 65 73 20 |d severa|l times |
|00001400| 69 66 20 74 68 65 20 76 | 69 72 75 73 20 74 72 69 |if the v|irus tri|
|00001410| 65 73 20 74 6f 20 69 6e | 66 65 63 74 20 20 61 20 |es to in|fect  a |
|00001420| 77 72 69 74 65 2d 70 72 | 6f 74 65 63 74 65 64 20 |write-pr|otected |
|00001430| 64 69 73 6b 2e 3c 70 3e | 0d 0a 42 6f 74 68 20 76 |disk.<p>|..Both v|
|00001440| 61 72 69 61 6e 74 73 20 | 74 72 69 67 67 65 72 20 |ariants |trigger |
|00001450| 77 68 65 02 02 10 00 00 | 00 22 0e 4d 53 20 53 61 |whe.....|.".MS Sa|
|00001460| 6e 73 20 53 65 72 69 66 | 03 14 38 00 14 02 06 10 |ns Serif|..8.....|
|00001470| 00 00 00 22 0e 4d 53 20 | 53 61 6e 73 20 53 65 72 |...".MS |Sans Ser|
|00001480| 69 66 03 02 16 04 18 38 | 00 04 00 3c 00 b4 12 31 |if.....8|...<...1|
|00001490| 32 31 30 02 02 10 00 00 | 00 22 0e 4d 53 20 53 61 |210.....|.".MS Sa|
|000014a0| 6e 73 20 53 65 72 69 66 | 03 04 3c 00 b4 2e 46 69 |ns Serif|..<...Fi|
|000014b0| 6c 65 20 76 69 72 75 73 | 2e 02 02 10 00 00 00 22 |le virus|......."|
|000014c0| 0e 4d 53 20 53 61 6e 73 | 20 53 65 72 69 66 03 08 |.MS Sans| Serif..|
|000014d0| 3c 00 b4 d5 05 54 68 65 | 20 6e 65 78 74 20 45 58 |<....The| next EX|
|000014e0| 45 20 66 69 6c 65 20 6f | 6e 20 65 78 65 63 75 74 |E file o|n execut|
|000014f0| 69 6f 6e 20 6f 66 20 61 | 6e 20 69 6e 66 65 63 74 |ion of a|n infect|
|00001500| 65 64 20 66 69 6c 65 2e | 20 44 61 74 65 2f 74 69 |ed file.| Date/ti|
|00001510| 6d 65 20 61 72 65 20 6e | 6f 74 20 70 72 65 73 65 |me are n|ot prese|
|00001520| 72 76 65 64 2e 20 49 66 | 20 74 68 65 20 73 75 62 |rved. If| the sub|
|00001530| 2d 64 69 72 65 63 74 6f | 72 79 20 6e 61 6d 65 20 |-directo|ry name |
|00001540| 68 61 73 20 61 6e 20 65 | 78 74 65 6e 73 69 6f 6e |has an e|xtension|
|00001550| 2c 20 66 69 6c 65 73 20 | 77 69 74 68 69 6e 20 69 |, files |within i|
|00001560| 74 20 61 6e 64 20 6c 6f | 77 65 72 20 64 6f 77 6e |t and lo|wer down|
|00001570| 20 74 68 65 20 74 72 65 | 65 20 77 69 6c 6c 20 6e | the tre|e will n|
|00001580| 6f 74 20 62 65 20 69 6e | 66 65 63 74 65 64 2e 02 |ot be in|fected..|
|00001590| 02 10 00 00 00 22 0e 4d | 53 20 53 61 6e 73 20 53 |.....".M|S Sans S|
|000015a0| 65 72 69 66 03 0c 3c 00 | b4 56 31 2c 32 30 35 20 |erif..<.|.V1,205 |
|000015b0| 74 6f 20 31 2c 32 33 30 | 20 62 79 74 65 73 2e 02 |to 1,230| bytes..|
|000015c0| 02 10 00 00 00 22 0e 4d | 53 20 53 61 6e 73 20 53 |.....".M|S Sans S|
|000015d0| 65 72 69 66 03 10 3c 00 | b4 fd 07 54 68 65 20 76 |erif..<.|...The v|
|000015e0| 69 72 75 73 20 63 6f 6e | 74 61 69 6e 73 20 74 68 |irus con|tains th|
|000015f0| 65 20 65 6e 63 72 79 70 | 74 65 64 20 6d 65 73 73 |e encryp|ted mess|
|00001600| 61 67 65 20 23 20 50 72 | 75 64 65 6e 74 73 20 76 |age # Pr|udents v|
|00001610| 69 72 75 73 2e 20 42 61 | 72 63 65 6c 6f 6e 61 20 |irus. Ba|rcelona |
|00001620| 32 30 32 38 32 38 39 20 | 23 20 77 68 69 63 68 20 |2028289 |# which |
|00001630| 69 73 20 64 65 63 72 79 | 70 74 65 64 20 77 68 65 |is decry|pted whe|
|00001640| 6e 20 74 68 65 20 76 69 | 72 75 73 20 72 75 6e 73 |n the vi|rus runs|
|00001650| 2c 20 62 75 74 20 69 73 | 20 6e 6f 74 20 64 69 73 |, but is| not dis|
|00001660| 70 6c 61 79 65 64 2e 3c | 70 3e 0d 0a 49 66 20 74 |played.<|p>..If t|
|00001670| 68 65 20 79 65 61 72 20 | 69 73 20 6e 6f 74 20 31 |he year |is not 1|
|00001680| 39 38 39 2c 20 74 68 65 | 20 6d 6f 6e 74 68 20 69 |989, the| month i|
|00001690| 73 20 62 65 74 77 65 65 | 6e 20 4d 61 79 20 61 6e |s betwee|n May an|
|000016a0| 64 20 44 65 63 65 6d 62 | 65 72 2c 20 61 6e 64 20 |d Decemb|er, and |
|000016b0| 69 74 20 69 73 20 74 68 | 65 20 31 73 74 2c 20 32 |it is th|e 1st, 2|
|000016c0| 6e 64 20 6f 72 20 33 72 | 64 2c 20 74 68 65 20 70 |nd or 3r|d, the p|
|000016d0| 61 79 6c 6f 61 64 20 69 | 73 20 02 02 10 00 00 00 |ayload i|s ......|
|000016e0| 22 0e 4d 53 20 53 61 6e | 73 20 53 65 72 69 66 03 |".MS San|s Serif.|
|000016f0| 14 3c 00 14 02 06 10 00 | 00 00 22 0e 4d 53 20 53 |.<......|..".MS S|
|00001700| 61 6e 73 20 53 65 72 69 | 66 03 02 16 04 18 3c 00 |ans Seri|f.....<.|
|00001710| 04 00 40 00 b4 12 31 32 | 34 34 02 02 10 00 00 00 |..@...12|44......|
|00001720| 22 0e 4d 53 20 53 61 6e | 73 20 53 65 72 69 66 03 |".MS San|s Serif.|
|00001730| 04 40 00 b4 6e 4d 65 6d | 6f 72 79 20 72 65 73 69 |.@..nMem|ory resi|
|00001740| 64 65 6e 74 20 66 69 6c | 65 20 76 69 72 75 73 2e |dent fil|e virus.|
|00001750| 02 02 10 00 00 00 22 0e | 4d 53 20 53 61 6e 73 20 |......".|MS Sans |
|00001760| 53 65 72 69 66 03 08 40 | 00 b4 ce 43 4f 4d 20 61 |Serif..@|...COM a|
|00001770| 6e 64 20 45 58 45 20 66 | 69 6c 65 73 20 6f 6e 20 |nd EXE f|iles on |
|00001780| 65 78 65 63 75 74 69 6f | 6e 2c 20 65 78 63 65 70 |executio|n, excep|
|00001790| 74 20 43 4f 4d 4d 41 4e | 44 2e 43 4f 4d 2e 02 02 |t COMMAN|D.COM...|
|000017a0| 10 00 00 00 22 0e 4d 53 | 20 53 61 6e 73 20 53 65 |....".MS| Sans Se|
|000017b0| 72 69 66 03 0c 40 00 b4 | f5 07 43 4f 4d 3a 20 31 |rif..@..|..COM: 1|
|000017c0| 2c 38 31 33 20 62 79 74 | 65 73 2e 20 43 4f 4d 20 |,813 byt|es. COM |
|000017d0| 66 69 6c 65 73 20 61 72 | 65 20 6e 6f 74 20 72 65 |files ar|e not re|
|000017e0| 2d 69 6e 66 65 63 74 65 | 64 2e 20 45 58 45 3a 20 |-infecte|d. EXE: |
|000017f0| 31 2c 38 30 38 20 74 6f | 20 31 2c 38 32 33 20 62 |1,808 to| 1,823 b|
|00001800| 79 74 65 73 2e 20 45 58 | 45 20 66 69 6c 65 73 20 |ytes. EX|E files |
|00001810| 67 72 6f 77 20 65 61 63 | 68 20 74 69 6d 65 20 74 |grow eac|h time t|
|00001820| 68 65 79 20 61 72 65 20 | 69 6e 66 65 63 74 65 64 |hey are |infected|
|00001830| 20 75 6e 74 69 6c 20 74 | 68 65 79 20 61 72 65 20 | until t|hey are |
|00001840| 74 6f 6f 20 6c 61 72 67 | 65 20 74 6f 20 6c 6f 61 |too larg|e to loa|
|00001850| 64 20 69 6e 74 6f 20 6d | 65 6d 6f 72 79 2e 20 53 |d into m|emory. S|
|00001860| 6f 6d 65 20 45 58 45 20 | 66 69 6c 65 73 20 61 72 |ome EXE |files ar|
|00001870| 65 20 69 6e 66 65 63 74 | 65 64 2c 20 77 69 74 68 |e infect|ed, with|
|00001880| 6f 75 74 20 67 72 6f 77 | 69 6e 67 2c 20 75 73 75 |out grow|ing, usu|
|00001890| 61 6c 6c 79 20 62 65 63 | 61 75 73 65 20 74 68 65 |ally bec|ause the|
|000018a0| 20 67 65 6e 75 69 6e 65 | 20 45 58 45 20 69 73 20 | genuine| EXE is |
|000018b0| 66 6f 6c 6c 6f 77 65 64 | 02 02 10 00 00 00 22 0e |followed|......".|
|000018c0| 4d 53 20 53 61 6e 73 20 | 53 65 72 69 66 03 10 40 |MS Sans |Serif..@|
|000018d0| 00 b4 fd 07 45 76 65 72 | 79 20 46 72 69 64 61 79 |....Ever|y Friday|
|000018e0| 20 31 33 74 68 2c 20 77 | 68 65 6e 20 61 20 70 72 | 13th, w|hen a pr|
|000018f0| 6f 67 72 61 6d 20 69 73 | 20 72 75 6e 2c 20 69 74 |ogram is| run, it|
|00001900| 20 69 73 20 64 65 6c 65 | 74 65 64 2e 20 4f 6e 20 | is dele|ted. On |
|00001910| 61 6e 79 20 64 61 74 65 | 2c 20 33 30 20 6d 69 6e |any date|, 30 min|
|00001920| 75 74 65 73 20 61 66 74 | 65 72 20 74 68 65 20 76 |utes aft|er the v|
|00001930| 69 72 75 73 20 68 61 73 | 20 69 6e 73 74 61 6c 6c |irus has| install|
|00001940| 65 64 20 69 74 73 65 6c | 66 2c 20 61 20 50 43 20 |ed itsel|f, a PC |
|00001950| 58 54 20 73 79 73 74 65 | 6d 20 73 6c 6f 77 73 20 |XT syste|m slows |
|00001960| 64 6f 77 6e 20 74 6f 20 | 61 20 66 69 66 74 68 20 |down to |a fifth |
|00001970| 6f 66 20 6e 6f 72 6d 61 | 6c 20 73 70 65 65 64 2e |of norma|l speed.|
|00001980| 20 4f 6e 20 66 61 73 74 | 65 72 20 6d 61 63 68 69 | On fast|er machi|
|00001990| 6e 65 73 20 74 68 65 20 | 73 6c 6f 77 64 6f 77 6e |nes the |slowdown|
|000019a0| 20 69 73 20 6e 6f 74 20 | 61 73 20 6e 6f 74 69 63 | is not |as notic|
|000019b0| 65 61 62 6c 65 2e 20 41 | 74 20 74 68 65 20 73 61 |eable. A|t the sa|
|000019c0| 6d 65 20 74 69 6d 65 2c | 20 69 66 20 74 68 65 20 |me time,| if the |
|000019d0| 73 79 73 02 02 10 00 00 | 00 22 0e 4d 53 20 53 61 |sys.....|.".MS Sa|
|000019e0| 6e 73 20 53 65 72 69 66 | 03 14 40 00 14 02 06 10 |ns Serif|..@.....|
|000019f0| 00 00 00 22 0e 4d 53 20 | 53 61 6e 73 20 53 65 72 |...".MS |Sans Ser|
|00001a00| 69 66 03 02 16 04 18 40 | 00 04 00 44 00 b4 12 31 |if.....@|...D...1|
|00001a10| 32 36 30 02 02 10 00 00 | 00 22 0e 4d 53 20 53 61 |260.....|.".MS Sa|
|00001a20| 6e 73 20 53 65 72 69 66 | 03 04 44 00 b4 2e 46 69 |ns Serif|..D...Fi|
|00001a30| 6c 65 20 76 69 72 75 73 | 2e 02 02 10 00 00 00 22 |le virus|......."|
|00001a40| 0e 4d 53 20 53 61 6e 73 | 20 53 65 72 69 66 03 08 |.MS Sans| Serif..|
|00001a50| 44 00 b4 4d 02 41 20 43 | 4f 4d 20 66 69 6c 65 20 |D..M.A C|OM file |
|00001a60| 69 6e 20 74 68 65 20 63 | 75 72 72 65 6e 74 20 73 |in the c|urrent s|
|00001a70| 75 62 2d 64 69 72 65 63 | 74 6f 72 79 20 6f 6e 20 |ub-direc|tory on |
|00001a80| 65 78 65 63 75 74 69 6f | 6e 20 6f 66 20 61 6e 20 |executio|n of an |
|00001a90| 69 6e 66 65 63 74 65 64 | 20 66 69 6c 65 2e 02 02 |infected| file...|
|00001aa0| 10 00 00 00 22 0e 4d 53 | 20 53 61 6e 73 20 53 65 |....".MS| Sans Se|
|00001ab0| 72 69 66 03 0c 44 00 b4 | 6a 41 70 70 72 6f 78 69 |rif..D..|jApproxi|
|00001ac0| 6d 61 74 65 6c 79 20 31 | 2c 32 36 30 20 62 79 74 |mately 1|,260 byt|
|00001ad0| 65 73 2e 02 02 10 00 00 | 00 22 0e 4d 53 20 53 61 |es......|.".MS Sa|
|00001ae0| 6e 73 20 53 65 72 69 66 | 03 10 44 00 b4 fd 07 54 |ns Serif|..D....T|
|00001af0| 68 69 73 20 76 69 72 75 | 73 20 69 73 20 62 61 73 |his viru|s is bas|
|00001b00| 65 64 20 6f 6e 20 61 20 | 76 65 72 73 69 6f 6e 20 |ed on a |version |
|00001b10| 6f 66 20 74 68 65 20 36 | 34 38 20 76 69 72 75 73 |of the 6|48 virus|
|00001b20| 20 74 68 61 74 20 77 61 | 73 20 70 75 62 6c 69 73 | that wa|s publis|
|00001b30| 68 65 64 20 69 6e 20 61 | 20 62 6f 6f 6b 2e 20 49 |hed in a| book. I|
|00001b40| 74 20 69 73 20 77 72 69 | 74 74 65 6e 20 62 79 20 |t is wri|tten by |
|00001b50| 74 68 65 20 73 61 6d 65 | 20 61 75 74 68 6f 72 20 |the same| author |
|00001b60| 61 73 20 56 32 50 36 20 | 2d 20 4d 61 72 6b 20 57 |as V2P6 |- Mark W|
|00001b70| 61 73 68 62 75 72 6e 20 | 6f 66 20 74 68 65 20 55 |ashburn |of the U|
|00001b80| 53 41 2e 20 49 74 20 61 | 70 70 65 61 72 73 20 74 |SA. It a|ppears t|
|00001b90| 6f 20 68 61 76 65 20 62 | 65 65 6e 20 77 72 69 74 |o have b|een writ|
|00001ba0| 74 65 6e 20 74 6f 20 63 | 68 61 6c 6c 65 6e 67 65 |ten to c|hallenge|
|00001bb0| 20 61 6e 74 69 2d 76 69 | 72 75 73 20 72 65 73 65 | anti-vi|rus rese|
|00001bc0| 61 72 63 68 65 72 73 2c | 20 61 6e 64 20 68 61 73 |archers,| and has|
|00001bd0| 20 62 65 65 6e 20 65 6e | 63 72 79 70 74 65 64 20 | been en|crypted |
|00001be0| 6f 6e 20 73 65 76 65 72 | 61 6c 20 6c 65 76 02 02 |on sever|al lev..|
|00001bf0| 10 00 00 00 22 0e 4d 53 | 20 53 61 6e 73 20 53 65 |....".MS| Sans Se|
|00001c00| 72 69 66 03 14 44 00 14 | 02 06 10 00 00 00 22 0e |rif..D..|......".|
|00001c10| 4d 53 20 53 61 6e 73 20 | 53 65 72 69 66 03 02 16 |MS Sans |Serif...|
|00001c20| 04 18 44 00 04 00 48 00 | b4 12 31 33 37 36 02 02 |..D...H.|..1376..|
|00001c30| 10 00 00 00 22 0e 4d 53 | 20 53 61 6e 73 20 53 65 |....".MS| Sans Se|
|00001c40| 72 69 66 03 04 48 00 b4 | 6e 4d 65 6d 6f 72 79 20 |rif..H..|nMemory |
|00001c50| 72 65 73 69 64 65 6e 74 | 20 66 69 6c 65 20 76 69 |resident| file vi|
|00001c60| 72 75 73 2e 02 02 10 00 | 00 00 22 0e 4d 53 20 53 |rus.....|..".MS S|
|00001c70| 61 6e 73 20 53 65 72 69 | 66 03 08 48 00 b4 4a 43 |ans Seri|f..H..JC|
|00001c80| 4f 4d 20 61 6e 64 20 45 | 58 45 20 66 69 6c 65 73 |OM and E|XE files|
|00001c90| 2e 02 02 10 00 00 00 22 | 0e 4d 53 20 53 61 6e 73 |......."|.MS Sans|
|00001ca0| 20 53 65 72 69 66 03 0c | 48 00 b4 06 2d 02 02 10 | Serif..|H...-...|
|00001cb0| 00 00 00 22 0e 4d 53 20 | 53 61 6e 73 20 53 65 72 |...".MS |Sans Ser|
|00001cc0| 69 66 03 10 48 00 b4 fd | 07 54 68 65 20 76 69 72 |if..H...|.The vir|
|00001cd0| 75 73 20 68 61 73 20 61 | 20 6d 65 6d 6f 72 79 20 |us has a| memory |
|00001ce0| 72 65 73 69 64 65 6e 74 | 20 70 61 79 6c 6f 61 64 |resident| payload|
|00001cf0| 20 61 6e 64 20 69 6e 66 | 65 63 74 69 6f 6e 20 73 | and inf|ection s|
|00001d00| 79 73 74 65 6d 2e 20 49 | 74 20 68 61 73 20 6d 69 |ystem. I|t has mi|
|00001d10| 6e 69 6d 75 6d 20 73 74 | 65 61 6c 74 68 20 63 61 |nimum st|ealth ca|
|00001d20| 70 61 62 69 6c 69 74 79 | 2e 20 53 6f 6d 65 20 6d |pability|. Some m|
|00001d30| 65 73 73 61 67 65 73 20 | 69 6e 20 74 68 65 20 76 |essages |in the v|
|00001d40| 69 72 75 73 20 61 72 65 | 20 65 6e 63 72 79 70 74 |irus are| encrypt|
|00001d50| 65 64 2e 20 54 68 65 20 | 76 69 72 75 73 20 65 76 |ed. The |virus ev|
|00001d60| 61 64 65 73 20 6f 72 20 | 61 74 74 61 63 6b 73 20 |ades or |attacks |
|00001d70| 73 6f 6d 65 20 61 6e 74 | 69 2d 76 69 72 75 73 20 |some ant|i-virus |
|00001d80| 70 72 6f 67 72 61 6d 73 | 2e 3c 70 3e 0d 0a 3c 68 |programs|.<p>..<h|
|00001d90| 33 3e 20 56 61 72 69 61 | 6e 74 73 3c 2f 68 33 3e |3> Varia|nts</h3>|
|00001da0| 0d 0a 31 31 38 32 2c 20 | 31 33 37 36 2e 61 2d 66 |..1182, |1376.a-f|
|00001db0| 3c 70 3e 0d 0a 56 61 72 | 69 61 6e 74 20 31 31 38 |<p>..Var|iant 118|
|00001dc0| 32 20 68 61 73 20 61 6e | 02 02 10 00 00 00 22 0e |2 has an|......".|
|00001dd0| 4d 53 20 53 61 6e 73 20 | 53 65 72 69 66 03 14 48 |MS Sans |Serif..H|
|00001de0| 00 14 02 06 10 00 00 00 | 22 0e 4d 53 20 53 61 6e |........|".MS San|
|00001df0| 73 20 53 65 72 69 66 03 | 02 16 04 18 48 00 04 00 |s Serif.|....H...|
|00001e00| 4c 00 b4 12 31 33 38 31 | 02 02 10 00 00 00 22 0e |L...1381|......".|
|00001e10| 4d 53 20 53 61 6e 73 20 | 53 65 72 69 66 03 04 4c |MS Sans |Serif..L|
|00001e20| 00 b4 2e 46 69 6c 65 20 | 76 69 72 75 73 2e 02 02 |...File |virus...|
|00001e30| 10 00 00 00 22 0e 4d 53 | 20 53 61 6e 73 20 53 65 |....".MS| Sans Se|
|00001e40| 72 69 66 03 08 4c 00 b4 | b5 03 45 58 45 20 66 69 |rif..L..|..EXE fi|
|00001e50| 6c 65 73 20 28 63 68 6f | 73 65 6e 20 72 61 6e 64 |les (cho|sen rand|
|00001e60| 6f 6d 6c 79 29 20 6f 6e | 20 65 78 65 63 75 74 69 |omly) on| executi|
|00001e70| 6f 6e 20 6f 66 20 61 6e | 20 69 6e 66 65 63 74 65 |on of an| infecte|
|00001e80| 64 20 66 69 6c 65 2e 20 | 54 68 65 20 66 69 6c 65 |d file. |The file|
|00001e90| 73 20 69 6e 66 65 63 74 | 65 64 20 64 65 70 65 6e |s infect|ed depen|
|00001ea0| 64 20 6f 6e 20 74 68 65 | 20 63 6f 6e 74 65 6e 74 |d on the| content|
|00001eb0| 73 20 6f 66 20 74 68 65 | 20 68 65 61 64 65 72 2e |s of the| header.|
|00001ec0| 02 02 10 00 00 00 22 0e | 4d 53 20 53 61 6e 73 20 |......".|MS Sans |
|00001ed0| 53 65 72 69 66 03 0c 4c | 00 b4 56 31 2c 33 38 31 |Serif..L|..V1,381|
|00001ee0| 20 74 6f 20 31 2c 34 36 | 37 20 62 79 74 65 73 2e | to 1,46|7 bytes.|
|00001ef0| 02 02 10 00 00 00 22 0e | 4d 53 20 53 61 6e 73 20 |......".|MS Sans |
|00001f00| 53 65 72 69 66 03 10 4c | 00 b4 fd 07 49 66 20 61 |Serif..L|....If a|
|00001f10| 6e 20 69 6e 66 65 63 74 | 65 64 20 66 69 6c 65 20 |n infect|ed file |
|00001f20| 69 73 20 72 75 6e 20 39 | 30 20 64 61 79 73 20 6f |is run 9|0 days o|
|00001f30| 72 20 6d 6f 72 65 20 61 | 66 74 65 72 20 74 68 65 |r more a|fter the|
|00001f40| 20 69 6e 66 65 63 74 69 | 6f 6e 2c 20 74 68 65 20 | infecti|on, the |
|00001f50| 74 72 6f 6a 61 6e 20 69 | 73 20 74 72 69 67 67 65 |trojan i|s trigge|
|00001f60| 72 65 64 2e 20 54 68 69 | 73 20 63 6f 6e 73 69 73 |red. Thi|s consis|
|00001f70| 74 73 20 6f 66 20 61 20 | 6c 65 74 74 65 72 66 61 |ts of a |letterfa|
|00001f80| 6c 6c 20 66 6f 6c 6c 6f | 77 65 64 20 62 79 20 74 |ll follo|wed by t|
|00001f90| 68 65 20 6d 65 73 73 61 | 67 65 3a 3c 70 3e 0d 0a |he messa|ge:<p>..|
|00001fa0| 49 4e 54 45 52 4e 41 4c | 20 45 52 52 4f 52 20 30 |INTERNAL| ERROR 0|
|00001fb0| 32 43 48 3c 70 3e 0d 0a | 50 4c 45 41 53 45 20 43 |2CH<p>..|PLEASE C|
|00001fc0| 4f 4e 54 41 43 54 20 59 | 4f 55 52 20 48 41 52 44 |ONTACT Y|OUR HARD|
|00001fd0| 57 41 52 45 20 4d 41 4e | 55 46 41 43 54 55 52 45 |WARE MAN|UFACTURE|
|00001fe0| 52 20 49 4d 4d 45 44 49 | 41 54 45 4c 59 21 3c 70 |R IMMEDI|ATELY!<p|
|00001ff0| 3e 0d 0a 44 4f 20 4e 4f | 54 20 46 4f 52 47 45 54 |>..DO NO|T FORGET|
|00002000| 20 54 4f 20 52 45 50 4f | 52 54 20 02 02 10 00 00 | TO REPO|RT .....|
|00002010| 00 22 0e 4d 53 20 53 61 | 6e 73 20 53 65 72 69 66 |.".MS Sa|ns Serif|
|00002020| 03 14 4c 00 14 02 06 10 | 00 00 00 22 0e 4d 53 20 |..L.....|...".MS |
|00002030| 53 61 6e 73 20 53 65 72 | 69 66 03 02 16 04 18 4c |Sans Ser|if.....L|
|00002040| 00 04 00 50 00 b4 12 31 | 33 39 32 02 02 10 00 00 |...P...1|392.....|
|00002050| 00 22 0e 4d 53 20 53 61 | 6e 73 20 53 65 72 69 66 |.".MS Sa|ns Serif|
|00002060| 03 04 50 00 b4 6e 4d 65 | 6d 6f 72 79 20 72 65 73 |..P..nMe|mory res|
|00002070| 69 64 65 6e 74 20 66 69 | 6c 65 20 76 69 72 75 73 |ident fi|le virus|
|00002080| 2e 02 02 10 00 00 00 22 | 0e 4d 53 20 53 61 6e 73 |......."|.MS Sans|
|00002090| 20 53 65 72 69 66 03 08 | 50 00 b4 75 05 43 4f 4d | Serif..|P..u.COM|
|000020a0| 20 61 6e 64 20 45 58 45 | 20 66 69 6c 65 73 20 6f | and EXE| files o|
|000020b0| 6e 20 65 78 65 63 75 74 | 69 6f 6e 2e 20 43 4f 4d |n execut|ion. COM|
|000020c0| 20 66 69 6c 65 73 20 73 | 6d 61 6c 6c 65 72 20 74 | files s|maller t|
|000020d0| 68 61 6e 20 35 31 32 20 | 62 79 74 65 73 20 61 6e |han 512 |bytes an|
|000020e0| 64 20 6c 61 72 67 65 72 | 20 74 68 61 6e 20 36 30 |d larger| than 60|
|000020f0| 4b 62 20 62 79 74 65 73 | 20 61 72 65 20 6e 6f 74 |Kb bytes| are not|
|00002100| 20 69 6e 66 65 63 74 65 | 64 2e 3c 62 72 3e 44 61 | infecte|d.<br>Da|
|00002110| 74 65 2f 74 69 6d 65 20 | 61 6e 64 20 72 65 61 64 |te/time |and read|
|00002120| 2f 77 72 69 74 65 2f 68 | 69 64 64 65 6e 20 61 74 |/write/h|idden at|
|00002130| 74 72 69 62 75 74 65 73 | 20 61 72 65 20 6e 6f 74 |tributes| are not|
|00002140| 20 70 72 65 73 65 72 76 | 65 64 2e 02 02 10 00 00 | preserv|ed......|
|00002150| 00 22 0e 4d 53 20 53 61 | 6e 73 20 53 65 72 69 66 |.".MS Sa|ns Serif|
|00002160| 03 0c 50 00 b4 56 31 2c | 33 39 32 20 74 6f 20 31 |..P..V1,|392 to 1|
|00002170| 2c 34 30 37 20 62 79 74 | 65 73 2e 02 02 10 00 00 |,407 byt|es......|
|00002180| 00 22 0e 4d 53 20 53 61 | 6e 73 20 53 65 72 69 66 |.".MS Sa|ns Serif|
|00002190| 03 10 50 00 b4 a5 06 54 | 68 65 20 76 69 72 75 73 |..P....T|he virus|
|000021a0| 20 63 6f 6e 74 61 69 6e | 73 20 4b 48 45 54 41 50 | contain|s KHETAP|
|000021b0| 55 4e 4b 20 2d 20 4e 4f | 55 56 45 4c 20 42 61 6e |UNK - NO|UVEL Ban|
|000021c0| 64 20 41 2e 4d 2e 4f 2e | 45 2e 42 2e 41 2e 20 62 |d A.M.O.|E.B.A. b|
|000021d0| 79 20 50 72 69 6d 65 53 | 6f 66 74 20 49 6e 63 20 |y PrimeS|oft Inc |
|000021e0| 69 6e 20 65 6e 63 72 79 | 70 74 65 64 20 66 6f 72 |in encry|pted for|
|000021f0| 6d 2e 20 54 68 65 20 76 | 69 72 75 73 20 74 61 6b |m. The v|irus tak|
|00002200| 65 73 20 75 70 20 33 4b | 62 20 6f 66 20 6d 65 6d |es up 3K|b of mem|
|00002210| 6f 72 79 20 77 68 65 6e | 20 72 65 73 69 64 65 6e |ory when| residen|
|00002220| 74 2e 3c 70 3e 0d 0a 54 | 68 65 72 65 20 61 72 65 |t.<p>..T|here are|
|00002230| 20 6e 6f 20 6e 6f 74 69 | 63 65 61 62 6c 65 20 65 | no noti|ceable e|
|00002240| 66 66 65 63 74 73 20 62 | 65 63 61 75 73 65 20 6f |ffects b|ecause o|
|00002250| 66 20 62 75 67 73 20 69 | 6e 20 74 68 65 20 63 6f |f bugs i|n the co|
|00002260| 64 65 2e 3c 70 3e 0d 0a | 3c 70 3e 02 02 10 00 00 |de.<p>..|<p>.....|
|00002270| 00 22 0e 4d 53 20 53 61 | 6e 73 20 53 65 72 69 66 |.".MS Sa|ns Serif|
|00002280| 03 14 50 00 14 02 06 10 | 00 00 00 22 0e 4d 53 20 |..P.....|...".MS |
|00002290| 53 61 6e 73 20 53 65 72 | 69 66 03 02 16 04 18 50 |Sans Ser|if.....P|
|000022a0| 00 04 00 54 00 b4 22 31 | 35 20 59 65 61 72 73 02 |...T.."1|5 Years.|
|000022b0| 02 10 00 00 00 22 0e 4d | 53 20 53 61 6e 73 20 53 |.....".M|S Sans S|
|000022c0| 65 72 69 66 03 04 54 00 | b4 4a 42 6f 6f 74 20 73 |erif..T.|.JBoot s|
|000022d0| 65 63 74 6f 72 20 76 69 | 72 75 73 2e 02 02 10 00 |ector vi|rus.....|
|000022e0| 00 00 22 0e 4d 53 20 53 | 61 6e 73 20 53 65 72 69 |..".MS S|ans Seri|
|000022f0| 66 03 08 54 00 b4 dd 03 | 54 68 65 20 62 6f 6f 74 |f..T....|The boot|
|00002300| 20 73 65 63 74 6f 72 20 | 6f 66 20 66 6c 6f 70 70 | sector |of flopp|
|00002310| 79 20 64 69 73 6b 73 20 | 61 6e 64 20 74 68 65 20 |y disks |and the |
|00002320| 70 61 72 74 69 74 69 6f | 6e 20 73 65 63 74 6f 72 |partitio|n sector|
|00002330| 20 6f 66 20 68 61 72 64 | 20 64 69 73 6b 73 2c 20 | of hard| disks, |
|00002340| 77 68 65 6e 20 74 68 65 | 20 50 43 20 69 73 20 62 |when the| PC is b|
|00002350| 6f 6f 74 65 64 20 66 72 | 6f 6d 20 61 6e 20 69 6e |ooted fr|om an in|
|00002360| 66 65 63 74 65 64 20 66 | 6c 6f 70 70 79 20 64 69 |fected f|loppy di|
|00002370| 73 6b 2e 02 02 10 00 00 | 00 22 0e 4d 53 20 53 61 |sk......|.".MS Sa|
|00002380| 6e 73 20 53 65 72 69 66 | 03 0c 54 00 b4 06 2d 02 |ns Serif|..T...-.|
|00002390| 02 10 00 00 00 22 0e 4d | 53 20 53 61 6e 73 20 53 |.....".M|S Sans S|
|000023a0| 65 72 69 66 03 10 54 00 | b4 fd 07 57 68 65 6e 20 |erif..T.|...When |
|000023b0| 74 68 65 20 76 69 72 75 | 73 20 69 73 20 6d 65 6d |the viru|s is mem|
|000023c0| 6f 72 79 20 72 65 73 69 | 64 65 6e 74 2c 20 69 74 |ory resi|dent, it|
|000023d0| 20 69 6e 66 65 63 74 73 | 20 61 6e 79 20 66 6c 6f | infects| any flo|
|000023e0| 70 70 79 20 64 69 73 6b | 73 20 61 63 63 65 73 73 |ppy disk|s access|
|000023f0| 65 64 20 28 66 6f 72 20 | 65 78 61 6d 70 6c 65 2c |ed (for |example,|
|00002400| 20 77 69 74 68 20 74 68 | 65 20 44 49 52 20 6f 72 | with th|e DIR or|
|00002410| 20 43 4f 50 59 20 63 6f | 6d 6d 61 6e 64 73 29 2e | COPY co|mmands).|
|00002420| 3c 70 3e 0d 0a 4f 6e 20 | 74 68 65 20 37 74 68 20 |<p>..On |the 7th |
|00002430| 41 70 72 69 6c 2c 20 6f | 72 20 61 6e 79 20 6f 74 |April, o|r any ot|
|00002440| 68 65 72 20 64 61 74 65 | 20 69 66 20 74 68 65 20 |her date| if the |
|00002450| 76 69 72 75 73 20 69 6e | 66 65 63 74 65 64 20 74 |virus in|fected t|
|00002460| 65 6e 20 64 69 73 6b 73 | 20 73 69 6e 63 65 20 74 |en disks| since t|
|00002470| 68 65 20 6c 61 73 74 20 | 62 6f 6f 74 2c 20 74 68 |he last |boot, th|
|00002480| 65 20 76 69 72 75 73 20 | 74 72 69 67 67 65 72 73 |e virus |triggers|
|00002490| 20 61 6e 64 20 73 77 69 | 74 63 68 65 73 20 74 6f | and swi|tches to|
|000024a0| 20 69 74 73 20 64 65 73 | 74 72 02 02 10 00 00 00 | its des|tr......|
|000024b0| 22 0e 4d 53 20 53 61 6e | 73 20 53 65 72 69 66 03 |".MS San|s Serif.|
|000024c0| 14 54 00 14 02 06 10 00 | 00 00 22 0e 4d 53 20 53 |.T......|..".MS S|
|000024d0| 61 6e 73 20 53 65 72 69 | 66 03 02 16 04 18 54 00 |ans Seri|f.....T.|
|000024e0| 04 00 58 00 b4 12 31 35 | 35 34 02 02 10 00 00 00 |..X...15|54......|
|000024f0| 22 0e 4d 53 20 53 61 6e | 73 20 53 65 72 69 66 03 |".MS San|s Serif.|
|00002500| 04 58 00 b4 6e 4d 65 6d | 6f 72 79 20 72 65 73 69 |.X..nMem|ory resi|
|00002510| 64 65 6e 74 20 66 69 6c | 65 20 76 69 72 75 73 2e |dent fil|e virus.|
|00002520| 02 02 10 00 00 00 22 0e | 4d 53 20 53 61 6e 73 20 |......".|MS Sans |
|00002530| 53 65 72 69 66 03 08 58 | 00 b4 05 04 43 4f 4d 20 |Serif..X|....COM |
|00002540| 66 69 6c 65 73 20 28 67 | 72 65 61 74 65 72 20 74 |files (g|reater t|
|00002550| 68 61 6e 20 31 2c 30 30 | 30 20 62 79 74 65 73 29 |han 1,00|0 bytes)|
|00002560| 20 61 6e 64 20 45 58 45 | 20 66 69 6c 65 73 20 28 | and EXE| files (|
|00002570| 67 72 65 61 74 65 72 20 | 74 68 61 6e 20 31 2c 30 |greater |than 1,0|
|00002580| 32 34 20 62 79 74 65 73 | 29 20 6f 6e 20 65 78 65 |24 bytes|) on exe|
|00002590| 63 75 74 69 6f 6e 2e 20 | 52 65 61 64 2f 77 72 69 |cution. |Read/wri|
|000025a0| 74 65 20 61 74 74 72 69 | 62 75 74 65 73 20 61 72 |te attri|butes ar|
|000025b0| 65 20 70 72 65 73 65 72 | 76 65 64 2e 02 02 10 00 |e preser|ved.....|
|000025c0| 00 00 22 0e 4d 53 20 53 | 61 6e 73 20 53 65 72 69 |..".MS S|ans Seri|
|000025d0| 66 03 0c 58 00 b4 e2 43 | 4f 4d 3a 20 31 2c 35 35 |f..X...C|OM: 1,55|
|000025e0| 34 20 74 6f 20 31 2c 35 | 36 39 20 62 79 74 65 73 |4 to 1,5|69 bytes|
|000025f0| 2e 3c 62 72 3e 45 58 45 | 3a 20 31 2c 35 31 34 20 |.<br>EXE|: 1,514 |
|00002600| 74 6f 20 31 2c 35 32 39 | 20 62 79 74 65 73 2e 02 |to 1,529| bytes..|
|00002610| 02 10 00 00 00 22 0e 4d | 53 20 53 61 6e 73 20 53 |.....".M|S Sans S|
|00002620| 65 72 69 66 03 10 58 00 | b4 fd 07 42 65 74 77 65 |erif..X.|...Betwe|
|00002630| 65 6e 20 53 65 70 74 65 | 6d 62 65 72 20 61 6e 64 |en Septe|mber and|
|00002640| 20 44 65 63 65 6d 62 65 | 72 2c 20 77 68 65 6e 65 | Decembe|r, whene|
|00002650| 76 65 72 20 44 4f 53 20 | 77 72 69 74 65 73 20 74 |ver DOS |writes t|
|00002660| 6f 20 61 20 66 69 6c 65 | 2c 20 74 68 65 20 66 69 |o a file|, the fi|
|00002670| 72 73 74 20 31 30 20 62 | 79 74 65 73 20 61 72 65 |rst 10 b|ytes are|
|00002680| 20 6f 6d 69 74 74 65 64 | 20 61 6e 64 20 31 30 20 | omitted| and 10 |
|00002690| 62 79 74 65 73 20 6f 66 | 20 67 61 72 62 61 67 65 |bytes of| garbage|
|000026a0| 20 61 72 65 20 61 64 64 | 65 64 20 61 74 20 74 68 | are add|ed at th|
|000026b0| 65 20 65 6e 64 2e 20 50 | 72 6f 67 72 61 6d 20 61 |e end. P|rogram a|
|000026c0| 6e 64 20 64 61 74 61 20 | 66 69 6c 65 73 20 61 72 |nd data |files ar|
|000026d0| 65 20 69 6e 66 65 63 74 | 65 64 2e 3c 70 3e 0d 0a |e infect|ed.<p>..|
|000026e0| 54 68 65 20 6d 65 6d 6f | 72 79 20 72 65 73 69 64 |The memo|ry resid|
|000026f0| 65 6e 74 20 70 61 72 74 | 20 6f 66 20 74 68 69 73 |ent part| of this|
|00002700| 20 76 69 72 75 73 20 69 | 73 20 69 6e 20 6d 65 6d | virus i|s in mem|
|00002710| 6f 72 79 20 74 68 61 74 | 20 68 61 73 20 6e 6f 74 |ory that| has not|
|00002720| 20 62 65 65 6e 20 72 65 | 73 65 02 02 10 00 00 00 | been re|se......|
|00002730| 22 0e 4d 53 20 53 61 6e | 73 20 53 65 72 69 66 03 |".MS San|s Serif.|
|00002740| 14 58 00 14 02 06 10 00 | 00 00 22 0e 4d 53 20 53 |.X......|..".MS S|
|00002750| 61 6e 73 20 53 65 72 69 | 66 03 02 16 04 18 58 00 |ans Seri|f.....X.|
|00002760| 04 00 5c 00 b4 12 31 35 | 35 39 02 02 10 00 00 00 |..\...15|59......|
|00002770| 22 0e 4d 53 20 53 61 6e | 73 20 53 65 72 69 66 03 |".MS San|s Serif.|
|00002780| 04 5c 00 b4 6e 4d 65 6d | 6f 72 79 20 72 65 73 69 |.\..nMem|ory resi|
|00002790| 64 65 6e 74 20 66 69 6c | 65 20 76 69 72 75 73 2e |dent fil|e virus.|
|000027a0| 02 02 10 00 00 00 22 0e | 4d 53 20 53 61 6e 73 20 |......".|MS Sans |
|000027b0| 53 65 72 69 66 03 08 5c | 00 b4 05 04 43 4f 4d 20 |Serif..\|....COM |
|000027c0| 66 69 6c 65 73 20 28 67 | 72 65 61 74 65 72 20 74 |files (g|reater t|
|000027d0| 68 61 6e 20 31 2c 30 30 | 30 20 62 79 74 65 73 29 |han 1,00|0 bytes)|
|000027e0| 20 61 6e 64 20 45 58 45 | 20 66 69 6c 65 73 20 28 | and EXE| files (|
|000027f0| 67 72 65 61 74 65 72 20 | 74 68 61 6e 20 31 2c 30 |greater |than 1,0|
|00002800| 32 34 20 62 79 74 65 73 | 29 20 6f 6e 20 65 78 65 |24 bytes|) on exe|
|00002810| 63 75 74 69 6f 6e 2e 20 | 52 65 61 64 2f 77 72 69 |cution. |Read/wri|
|00002820| 74 65 20 61 74 74 72 69 | 62 75 74 65 73 20 61 72 |te attri|butes ar|
|00002830| 65 20 70 72 65 73 65 72 | 76 65 64 2e 02 02 10 00 |e preser|ved.....|
|00002840| 00 00 22 0e 4d 53 20 53 | 61 6e 73 20 53 65 72 69 |..".MS S|ans Seri|
|00002850| 66 03 0c 5c 00 b4 e2 43 | 4f 4d 3a 20 31 2c 35 35 |f..\...C|OM: 1,55|
|00002860| 34 20 74 6f 20 31 2c 35 | 36 39 20 62 79 74 65 73 |4 to 1,5|69 bytes|
|00002870| 2e 3c 62 72 3e 45 58 45 | 3a 20 31 2c 35 31 34 20 |.<br>EXE|: 1,514 |
|00002880| 74 6f 20 31 2c 35 32 39 | 20 62 79 74 65 73 2e 02 |to 1,529| bytes..|
|00002890| 02 10 00 00 00 22 0e 4d | 53 20 53 61 6e 73 20 53 |.....".M|S Sans S|
|000028a0| 65 72 69 66 03 10 5c 00 | b4 fd 07 42 65 74 77 65 |erif..\.|...Betwe|
|000028b0| 65 6e 20 53 65 70 74 65 | 6d 62 65 72 20 61 6e 64 |en Septe|mber and|
|000028c0| 20 44 65 63 65 6d 62 65 | 72 2c 20 77 68 65 6e 65 | Decembe|r, whene|
|000028d0| 76 65 72 20 44 4f 53 20 | 77 72 69 74 65 73 20 74 |ver DOS |writes t|
|000028e0| 6f 20 61 20 66 69 6c 65 | 2c 20 74 68 65 20 66 69 |o a file|, the fi|
|000028f0| 72 73 74 20 31 30 20 62 | 79 74 65 73 20 61 72 65 |rst 10 b|ytes are|
|00002900| 20 6f 6d 69 74 74 65 64 | 20 61 6e 64 20 31 30 20 | omitted| and 10 |
|00002910| 62 79 74 65 73 20 6f 66 | 20 67 61 72 62 61 67 65 |bytes of| garbage|
|00002920| 20 61 72 65 20 61 64 64 | 65 64 20 61 74 20 74 68 | are add|ed at th|
|00002930| 65 20 65 6e 64 2e 20 50 | 72 6f 67 72 61 6d 20 61 |e end. P|rogram a|
|00002940| 6e 64 20 64 61 74 61 20 | 66 69 6c 65 73 20 61 72 |nd data |files ar|
|00002950| 65 20 69 6e 66 65 63 74 | 65 64 2e 3c 70 3e 0d 0a |e infect|ed.<p>..|
|00002960| 54 68 65 20 6d 65 6d 6f | 72 79 20 72 65 73 69 64 |The memo|ry resid|
|00002970| 65 6e 74 20 70 61 72 74 | 20 6f 66 20 74 68 69 73 |ent part| of this|
|00002980| 20 76 69 72 75 73 20 69 | 73 20 69 6e 20 6d 65 6d | virus i|s in mem|
|00002990| 6f 72 79 20 74 68 61 74 | 20 68 61 73 20 6e 6f 74 |ory that| has not|
|000029a0| 20 62 65 65 6e 20 72 65 | 73 65 02 02 10 00 00 00 | been re|se......|
|000029b0| 22 0e 4d 53 20 53 61 6e | 73 20 53 65 72 69 66 03 |".MS San|s Serif.|
|000029c0| 14 5c 00 14 02 06 10 00 | 00 00 22 0e 4d 53 20 53 |.\......|..".MS S|
|000029d0| 61 6e 73 20 53 65 72 69 | 66 03 02 16 04 18 5c 00 |ans Seri|f.....\.|
|000029e0| 04 00 60 00 b4 12 31 35 | 37 35 02 02 10 00 00 00 |..`...15|75......|
|000029f0| 22 0e 4d 53 20 53 61 6e | 73 20 53 65 72 69 66 03 |".MS San|s Serif.|
|00002a00| 04 60 00 b4 6e 4d 65 6d | 6f 72 79 20 72 65 73 69 |.`..nMem|ory resi|
|00002a10| 64 65 6e 74 20 66 69 6c | 65 20 76 69 72 75 73 2e |dent fil|e virus.|
|00002a20| 02 02 10 00 00 00 22 0e | 4d 53 20 53 61 6e 73 20 |......".|MS Sans |
|00002a30| 53 65 72 69 66 03 08 60 | 00 b4 65 05 43 4f 4d 20 |Serif..`|..e.COM |
|00002a40| 61 6e 64 20 45 58 45 20 | 66 69 6c 65 73 20 77 68 |and EXE |files wh|
|00002a50| 65 6e 20 61 20 64 69 72 | 65 63 74 6f 72 79 20 69 |en a dir|ectory i|
|00002a60| 73 20 65 78 61 6d 69 6e | 65 64 2e 20 54 68 65 20 |s examin|ed. The |
|00002a70| 6e 65 78 74 20 75 6e 69 | 6e 66 65 63 74 65 64 20 |next uni|nfected |
|00002a80| 65 78 65 63 75 74 61 62 | 6c 65 20 66 69 6c 65 20 |executab|le file |
|00002a90| 69 6e 20 74 68 61 74 20 | 64 69 72 65 63 74 6f 72 |in that |director|
|00002aa0| 79 20 69 73 20 69 6e 66 | 65 63 74 65 64 2e 20 54 |y is inf|ected. T|
|00002ab0| 68 69 73 20 76 69 72 75 | 73 20 77 6f 72 6b 73 20 |his viru|s works |
|00002ac0| 6f 6e 6c 79 20 6f 6e 20 | 61 6e 20 41 54 20 6f 72 |only on |an AT or|
|00002ad0| 20 50 53 2f 32 20 77 69 | 74 68 20 61 20 43 4d 4f | PS/2 wi|th a CMO|
|00002ae0| 53 20 63 6c 6f 63 6b 2e | 02 02 10 00 00 00 22 0e |S clock.|......".|
|00002af0| 4d 53 20 53 61 6e 73 20 | 53 65 72 69 66 03 0c 60 |MS Sans |Serif..`|
|00002b00| 00 b4 15 02 43 4f 4d 3a | 20 31 2c 35 38 33 20 74 |....COM:| 1,583 t|
|00002b10| 6f 20 31 2c 35 39 31 20 | 62 79 74 65 73 2e 20 3c |o 1,591 |bytes. <|
|00002b20| 62 72 3e 45 58 45 3a 20 | 61 73 20 43 4f 4d 2c 20 |br>EXE: |as COM, |
|00002b30| 62 75 74 20 6d 61 79 20 | 76 61 72 79 20 73 6c 69 |but may |vary sli|
|00002b40| 67 68 74 6c 79 2e 02 02 | 10 00 00 00 22 0e 4d 53 |ghtly...|....".MS|
|00002b50| 20 53 61 6e 73 20 53 65 | 72 69 66 03 10 60 00 b4 | Sans Se|rif..`..|
|00002b60| fd 07 41 74 20 61 6e 79 | 20 74 69 6d 65 20 61 66 |..At any| time af|
|00002b70| 74 65 72 20 74 77 6f 20 | 6d 6f 6e 74 68 73 20 66 |ter two |months f|
|00002b80| 72 6f 6d 20 74 68 65 20 | 64 61 74 65 20 6f 66 20 |rom the |date of |
|00002b90| 69 6e 66 65 63 74 69 6f | 6e 2c 20 70 72 6f 76 69 |infectio|n, provi|
|00002ba0| 64 65 64 20 74 68 65 20 | 73 63 72 65 65 6e 20 69 |ded the |screen i|
|00002bb0| 73 20 6e 6f 74 20 6d 6f | 6e 6f 20 4d 44 41 2c 20 |s not mo|no MDA, |
|00002bc0| 74 68 65 20 63 61 74 65 | 72 70 69 6c 6c 61 72 20 |the cate|rpillar |
|00002bd0| 69 73 20 74 72 69 67 67 | 65 72 65 64 2e 20 54 68 |is trigg|ered. Th|
|00002be0| 65 20 63 61 74 65 72 70 | 69 6c 6c 61 72 20 68 61 |e caterp|illar ha|
|00002bf0| 73 20 61 20 67 72 65 65 | 6e 20 62 6f 64 79 2c 20 |s a gree|n body, |
|00002c00| 61 20 79 65 6c 6c 6f 77 | 20 68 65 61 64 20 61 6e |a yellow| head an|
|00002c10| 64 20 61 20 72 65 64 20 | 6d 6f 75 74 68 2e 20 49 |d a red |mouth. I|
|00002c20| 74 20 73 74 61 72 74 73 | 20 61 74 20 74 68 65 20 |t starts| at the |
|00002c30| 74 6f 70 20 6c 65 66 74 | 20 6f 66 20 74 68 65 20 |top left| of the |
|00002c40| 73 63 72 65 65 6e 20 61 | 6e 64 20 77 6f 72 6b 73 |screen a|nd works|
|00002c50| 20 69 74 73 20 77 61 79 | 20 61 63 72 6f 73 73 2c | its way| across,|
|00002c60| 20 02 02 10 00 00 00 22 | 0e 4d 53 20 53 61 6e 73 | ......"|.MS Sans|
|00002c70| 20 53 65 72 69 66 03 14 | 60 00 14 02 06 10 00 00 | Serif..|`.......|
|00002c80| 00 22 0e 4d 53 20 53 61 | 6e 73 20 53 65 72 69 66 |.".MS Sa|ns Serif|
|00002c90| 03 02 16 04 18 60 00 04 | 00 64 00 b4 12 31 35 39 |.....`..|.d...159|
|00002ca0| 31 02 02 10 00 00 00 22 | 0e 4d 53 20 53 61 6e 73 |1......"|.MS Sans|
|00002cb0| 20 53 65 72 69 66 03 04 | 64 00 b4 6e 4d 65 6d 6f | Serif..|d..nMemo|
|00002cc0| 72 79 20 72 65 73 69 64 | 65 6e 74 20 66 69 6c 65 |ry resid|ent file|
|00002cd0| 20 76 69 72 75 73 2e 02 | 02 10 00 00 00 22 0e 4d | virus..|.....".M|
|00002ce0| 53 20 53 61 6e 73 20 53 | 65 72 69 66 03 08 64 00 |S Sans S|erif..d.|
|00002cf0| b4 65 05 43 4f 4d 20 61 | 6e 64 20 45 58 45 20 66 |.e.COM a|nd EXE f|
|00002d00| 69 6c 65 73 20 77 68 65 | 6e 20 61 20 64 69 72 65 |iles whe|n a dire|
|00002d10| 63 74 6f 72 79 20 69 73 | 20 65 78 61 6d 69 6e 65 |ctory is| examine|
|00002d20| 64 2e 20 54 68 65 20 6e | 65 78 74 20 75 6e 69 6e |d. The n|ext unin|
|00002d30| 66 65 63 74 65 64 20 65 | 78 65 63 75 74 61 62 6c |fected e|xecutabl|
|00002d40| 65 20 66 69 6c 65 20 69 | 6e 20 74 68 61 74 20 64 |e file i|n that d|
|00002d50| 69 72 65 63 74 6f 72 79 | 20 69 73 20 69 6e 66 65 |irectory| is infe|
|00002d60| 63 74 65 64 2e 20 54 68 | 69 73 20 76 69 72 75 73 |cted. Th|is virus|
|00002d70| 20 77 6f 72 6b 73 20 6f | 6e 6c 79 20 6f 6e 20 61 | works o|nly on a|
|00002d80| 6e 20 41 54 20 6f 72 20 | 50 53 2f 32 20 77 69 74 |n AT or |PS/2 wit|
|00002d90| 68 20 61 20 43 4d 4f 53 | 20 63 6c 6f 63 6b 2e 02 |h a CMOS| clock..|
|00002da0| 02 10 00 00 00 22 0e 4d | 53 20 53 61 6e 73 20 53 |.....".M|S Sans S|
|00002db0| 65 72 69 66 03 0c 64 00 | b4 15 02 43 4f 4d 3a 20 |erif..d.|...COM: |
|00002dc0| 31 2c 35 38 33 20 74 6f | 20 31 2c 35 39 31 20 62 |1,583 to| 1,591 b|
|00002dd0| 79 74 65 73 2e 20 3c 62 | 72 3e 45 58 45 3a 20 61 |ytes. <b|r>EXE: a|
|00002de0| 73 20 43 4f 4d 2c 20 62 | 75 74 20 6d 61 79 20 76 |s COM, b|ut may v|
|00002df0| 61 72 79 20 73 6c 69 67 | 68 74 6c 79 2e 02 02 10 |ary slig|htly....|
|00002e00| 00 00 00 22 0e 4d 53 20 | 53 61 6e 73 20 53 65 72 |...".MS |Sans Ser|
|00002e10| 69 66 03 10 64 00 b4 fd | 07 41 74 20 61 6e 79 20 |if..d...|.At any |
|00002e20| 74 69 6d 65 20 61 66 74 | 65 72 20 74 77 6f 20 6d |time aft|er two m|
|00002e30| 6f 6e 74 68 73 20 66 72 | 6f 6d 20 74 68 65 20 64 |onths fr|om the d|
|00002e40| 61 74 65 20 6f 66 20 69 | 6e 66 65 63 74 69 6f 6e |ate of i|nfection|
|00002e50| 2c 20 70 72 6f 76 69 64 | 65 64 20 74 68 65 20 73 |, provid|ed the s|
|00002e60| 63 72 65 65 6e 20 69 73 | 20 6e 6f 74 20 6d 6f 6e |creen is| not mon|
|00002e70| 6f 20 4d 44 41 2c 20 74 | 68 65 20 63 61 74 65 72 |o MDA, t|he cater|
|00002e80| 70 69 6c 6c 61 72 20 69 | 73 20 74 72 69 67 67 65 |pillar i|s trigge|
|00002e90| 72 65 64 2e 20 54 68 65 | 20 63 61 74 65 72 70 69 |red. The| caterpi|
|00002ea0| 6c 6c 61 72 20 68 61 73 | 20 61 20 67 72 65 65 6e |llar has| a green|
|00002eb0| 20 62 6f 64 79 2c 20 61 | 20 79 65 6c 6c 6f 77 20 | body, a| yellow |
|00002ec0| 68 65 61 64 20 61 6e 64 | 20 61 20 72 65 64 20 6d |head and| a red m|
|00002ed0| 6f 75 74 68 2e 20 49 74 | 20 73 74 61 72 74 73 20 |outh. It| starts |
|00002ee0| 61 74 20 74 68 65 20 74 | 6f 70 20 6c 65 66 74 20 |at the t|op left |
|00002ef0| 6f 66 20 74 68 65 20 73 | 63 72 65 65 6e 20 61 6e |of the s|creen an|
|00002f00| 64 20 77 6f 72 6b 73 20 | 69 74 73 20 77 61 79 20 |d works |its way |
|00002f10| 61 63 72 6f 73 73 2c 20 | 02 02 10 00 00 00 22 0e |across, |......".|
|00002f20| 4d 53 20 53 61 6e 73 20 | 53 65 72 69 66 03 14 64 |MS Sans |Serif..d|
|00002f30| 00 14 02 06 10 00 00 00 | 22 0e 4d 53 20 53 61 6e |........|".MS San|
|00002f40| 73 20 53 65 72 69 66 03 | 02 16 04 18 64 00 04 00 |s Serif.|....d...|
|00002f50| 68 00 b4 12 31 37 30 31 | 02 02 10 00 00 00 22 0e |h...1701|......".|
|00002f60| 4d 53 20 53 61 6e 73 20 | 53 65 72 69 66 03 04 68 |MS Sans |Serif..h|
|00002f70| 00 b4 6e 4d 65 6d 6f 72 | 79 20 72 65 73 69 64 65 |..nMemor|y reside|
|00002f80| 6e 74 20 66 69 6c 65 20 | 76 69 72 75 73 2e 02 02 |nt file |virus...|
|00002f90| 10 00 00 00 22 0e 4d 53 | 20 53 61 6e 73 20 53 65 |....".MS| Sans Se|
|00002fa0| 72 69 66 03 08 68 00 b4 | ba 43 4f 4d 20 66 69 6c |rif..h..|.COM fil|
|00002fb0| 65 73 20 6f 6e 20 65 78 | 65 63 75 74 69 6f 6e 2c |es on ex|ecution,|
|00002fc0| 20 69 6e 63 6c 75 64 69 | 6e 67 20 43 4f 4d 4d 41 | includi|ng COMMA|
|00002fd0| 4e 44 2e 43 4f 4d 2e 02 | 02 10 00 00 00 22 0e 4d |ND.COM..|.....".M|
|00002fe0| 53 20 53 61 6e 73 20 53 | 65 72 69 66 03 0c 68 00 |S Sans S|erif..h.|
|00002ff0| b4 ae 31 2c 36 32 31 20 | 74 6f 20 31 2c 37 30 36 |..1,621 |to 1,706|
|00003000| 20 62 79 74 65 73 2c 20 | 64 65 70 65 6e 64 69 6e | bytes, |dependin|
|00003010| 67 20 6f 6e 20 76 61 72 | 69 61 6e 74 2e 02 02 10 |g on var|iant....|
|00003020| 00 00 00 22 0e 4d 53 20 | 53 61 6e 73 20 53 65 72 |...".MS |Sans Ser|
|00003030| 69 66 03 10 68 00 b4 fd | 07 49 66 20 74 68 65 20 |if..h...|.If the |
|00003040| 76 69 72 75 73 20 74 72 | 69 65 73 20 74 6f 20 69 |virus tr|ies to i|
|00003050| 6e 66 65 63 74 20 61 20 | 77 72 69 74 65 2d 70 72 |nfect a |write-pr|
|00003060| 6f 74 65 63 74 65 64 20 | 64 69 73 6b 20 74 68 65 |otected |disk the|
|00003070| 20 44 4f 53 20 57 72 69 | 74 65 20 70 72 6f 74 65 | DOS Wri|te prote|
|00003080| 63 74 20 65 72 72 6f 72 | 20 77 72 69 74 69 6e 67 |ct error| writing|
|00003090| 20 64 72 69 76 65 20 58 | 3a 20 41 62 6f 72 74 2c | drive X|: Abort,|
|000030a0| 20 52 65 74 72 79 2c 20 | 49 67 6e 6f 72 65 3f 20 | Retry, |Ignore? |
|000030b0| 6d 65 73 73 61 67 65 20 | 69 73 20 64 69 73 70 6c |message |is displ|
|000030c0| 61 79 65 64 2e 20 43 61 | 73 63 61 64 65 20 74 61 |ayed. Ca|scade ta|
|000030d0| 6b 65 73 20 75 70 20 32 | 4b 62 20 6f 66 20 6d 65 |kes up 2|Kb of me|
|000030e0| 6d 6f 72 79 20 77 68 65 | 6e 20 72 65 73 69 64 65 |mory whe|n reside|
|000030f0| 6e 74 2e 3c 70 3e 0d 0a | 49 66 20 74 68 65 20 73 |nt.<p>..|If the s|
|00003100| 79 73 74 65 6d 20 64 61 | 74 65 20 69 73 20 62 65 |ystem da|te is be|
|00003110| 74 77 65 65 6e 20 4f 63 | 74 6f 62 65 72 20 61 6e |tween Oc|tober an|
|00003120| 64 20 44 65 63 65 6d 62 | 65 72 20 31 39 38 38 2c |d Decemb|er 1988,|
|00003130| 20 6f 72 20 74 68 65 20 | 02 02 10 00 00 00 22 0e | or the |......".|
|00003140| 4d 53 20 53 61 6e 73 20 | 53 65 72 69 66 03 14 68 |MS Sans |Serif..h|
|00003150| 00 14 02 06 10 00 00 00 | 22 0e 4d 53 20 53 61 6e |........|".MS San|
|00003160| 73 20 53 65 72 69 66 03 | 02 16 04 18 68 00 04 00 |s Serif.|....h...|
|00003170| 6c 00 b4 12 31 37 30 34 | 02 02 10 00 00 00 22 0e |l...1704|......".|
|00003180| 4d 53 20 53 61 6e 73 20 | 53 65 72 69 66 03 04 6c |MS Sans |Serif..l|
|00003190| 00 b4 6e 4d 65 6d 6f 72 | 79 20 72 65 73 69 64 65 |..nMemor|y reside|
|000031a0| 6e 74 20 66 69 6c 65 20 | 76 69 72 75 73 2e 02 02 |nt file |virus...|
|000031b0| 10 00 00 00 22 0e 4d 53 | 20 53 61 6e 73 20 53 65 |....".MS| Sans Se|
|000031c0| 72 69 66 03 08 6c 00 b4 | ba 43 4f 4d 20 66 69 6c |rif..l..|.COM fil|
|000031d0| 65 73 20 6f 6e 20 65 78 | 65 63 75 74 69 6f 6e 2c |es on ex|ecution,|
|000031e0| 20 69 6e 63 6c 75 64 69 | 6e 67 20 43 4f 4d 4d 41 | includi|ng COMMA|
|000031f0| 4e 44 2e 43 4f 4d 2e 02 | 02 10 00 00 00 22 0e 4d |ND.COM..|.....".M|
|00003200| 53 20 53 61 6e 73 20 53 | 65 72 69 66 03 0c 6c 00 |S Sans S|erif..l.|
|00003210| b4 ae 31 2c 36 32 31 20 | 74 6f 20 31 2c 37 30 36 |..1,621 |to 1,706|
|00003220| 20 62 79 74 65 73 2c 20 | 64 65 70 65 6e 64 69 6e | bytes, |dependin|
|00003230| 67 20 6f 6e 20 76 61 72 | 69 61 6e 74 2e 02 02 10 |g on var|iant....|
|00003240| 00 00 00 22 0e 4d 53 20 | 53 61 6e 73 20 53 65 72 |...".MS |Sans Ser|
|00003250| 69 66 03 10 6c 00 b4 fd | 07 49 66 20 74 68 65 20 |if..l...|.If the |
|00003260| 76 69 72 75 73 20 74 72 | 69 65 73 20 74 6f 20 69 |virus tr|ies to i|
|00003270| 6e 66 65 63 74 20 61 20 | 77 72 69 74 65 2d 70 72 |nfect a |write-pr|
|00003280| 6f 74 65 63 74 65 64 20 | 64 69 73 6b 20 74 68 65 |otected |disk the|
|00003290| 20 44 4f 53 20 57 72 69 | 74 65 20 70 72 6f 74 65 | DOS Wri|te prote|
|000032a0| 63 74 20 65 72 72 6f 72 | 20 77 72 69 74 69 6e 67 |ct error| writing|
|000032b0| 20 64 72 69 76 65 20 58 | 3a 20 41 62 6f 72 74 2c | drive X|: Abort,|
|000032c0| 20 52 65 74 72 79 2c 20 | 49 67 6e 6f 72 65 3f 20 | Retry, |Ignore? |
|000032d0| 6d 65 73 73 61 67 65 20 | 69 73 20 64 69 73 70 6c |message |is displ|
|000032e0| 61 79 65 64 2e 20 43 61 | 73 63 61 64 65 20 74 61 |ayed. Ca|scade ta|
|000032f0| 6b 65 73 20 75 70 20 32 | 4b 62 20 6f 66 20 6d 65 |kes up 2|Kb of me|
|00003300| 6d 6f 72 79 20 77 68 65 | 6e 20 72 65 73 69 64 65 |mory whe|n reside|
|00003310| 6e 74 2e 3c 70 3e 0d 0a | 49 66 20 74 68 65 20 73 |nt.<p>..|If the s|
|00003320| 79 73 74 65 6d 20 64 61 | 74 65 20 69 73 20 62 65 |ystem da|te is be|
|00003330| 74 77 65 65 6e 20 4f 63 | 74 6f 62 65 72 20 61 6e |tween Oc|tober an|
|00003340| 64 20 44 65 63 65 6d 62 | 65 72 20 31 39 38 38 2c |d Decemb|er 1988,|
|00003350| 20 6f 72 20 74 68 65 20 | 02 02 10 00 00 00 22 0e | or the |......".|
|00003360| 4d 53 20 53 61 6e 73 20 | 53 65 72 69 66 03 14 6c |MS Sans |Serif..l|
|00003370| 00 14 02 06 10 00 00 00 | 22 0e 4d 53 20 53 61 6e |........|".MS San|
|00003380| 73 20 53 65 72 69 66 03 | 02 16 04 18 6c 00 04 00 |s Serif.|....l...|
|00003390| 70 00 b4 12 31 38 30 38 | 02 02 10 00 00 00 22 0e |p...1808|......".|
|000033a0| 4d 53 20 53 61 6e 73 20 | 53 65 72 69 66 03 04 70 |MS Sans |Serif..p|
|000033b0| 00 b4 6e 4d 65 6d 6f 72 | 79 20 72 65 73 69 64 65 |..nMemor|y reside|
|000033c0| 6e 74 20 66 69 6c 65 20 | 76 69 72 75 73 2e 02 02 |nt file |virus...|
|000033d0| 10 00 00 00 22 0e 4d 53 | 20 53 61 6e 73 20 53 65 |....".MS| Sans Se|
|000033e0| 72 69 66 03 08 70 00 b4 | ce 43 4f 4d 20 61 6e 64 |rif..p..|.COM and|
|000033f0| 20 45 58 45 20 66 69 6c | 65 73 20 6f 6e 20 65 78 | EXE fil|es on ex|
|00003400| 65 63 75 74 69 6f 6e 2c | 20 65 78 63 65 70 74 20 |ecution,| except |
|00003410| 43 4f 4d 4d 41 4e 44 2e | 43 4f 4d 2e 02 02 10 00 |COMMAND.|COM.....|
|00003420| 00 00 22 0e 4d 53 20 53 | 61 6e 73 20 53 65 72 69 |..".MS S|ans Seri|
|00003430| 66 03 0c 70 00 b4 f5 07 | 43 4f 4d 3a 20 31 2c 38 |f..p....|COM: 1,8|
|00003440| 31 33 20 62 79 74 65 73 | 2e 20 43 4f 4d 20 66 69 |13 bytes|. COM fi|
|00003450| 6c 65 73 20 61 72 65 20 | 6e 6f 74 20 72 65 2d 69 |les are |not re-i|
|00003460| 6e 66 65 63 74 65 64 2e | 20 45 58 45 3a 20 31 2c |nfected.| EXE: 1,|
|00003470| 38 30 38 20 74 6f 20 31 | 2c 38 32 33 20 62 79 74 |808 to 1|,823 byt|
|00003480| 65 73 2e 20 45 58 45 20 | 66 69 6c 65 73 20 67 72 |es. EXE |files gr|
|00003490| 6f 77 20 65 61 63 68 20 | 74 69 6d 65 20 74 68 65 |ow each |time the|
|000034a0| 79 20 61 72 65 20 69 6e | 66 65 63 74 65 64 20 75 |y are in|fected u|
|000034b0| 6e 74 69 6c 20 74 68 65 | 79 20 61 72 65 20 74 6f |ntil the|y are to|
|000034c0| 6f 20 6c 61 72 67 65 20 | 74 6f 20 6c 6f 61 64 20 |o large |to load |
|000034d0| 69 6e 74 6f 20 6d 65 6d | 6f 72 79 2e 20 53 6f 6d |into mem|ory. Som|
|000034e0| 65 20 45 58 45 20 66 69 | 6c 65 73 20 61 72 65 20 |e EXE fi|les are |
|000034f0| 69 6e 66 65 63 74 65 64 | 2c 20 77 69 74 68 6f 75 |infected|, withou|
|00003500| 74 20 67 72 6f 77 69 6e | 67 2c 20 75 73 75 61 6c |t growin|g, usual|
|00003510| 6c 79 20 62 65 63 61 75 | 73 65 20 74 68 65 20 67 |ly becau|se the g|
|00003520| 65 6e 75 69 6e 65 20 45 | 58 45 20 69 73 20 66 6f |enuine E|XE is fo|
|00003530| 6c 6c 6f 77 65 64 02 02 | 10 00 00 00 22 0e 4d 53 |llowed..|....".MS|
|00003540| 20 53 61 6e 73 20 53 65 | 72 69 66 03 10 70 00 b4 | Sans Se|rif..p..|
|00003550| fd 07 45 76 65 72 79 20 | 46 72 69 64 61 79 20 31 |..Every |Friday 1|
|00003560| 33 74 68 2c 20 77 68 65 | 6e 20 61 20 70 72 6f 67 |3th, whe|n a prog|
|00003570| 72 61 6d 20 69 73 20 72 | 75 6e 2c 20 69 74 20 69 |ram is r|un, it i|
|00003580| 73 20 64 65 6c 65 74 65 | 64 2e 20 4f 6e 20 61 6e |s delete|d. On an|
|00003590| 79 20 64 61 74 65 2c 20 | 33 30 20 6d 69 6e 75 74 |y date, |30 minut|
|000035a0| 65 73 20 61 66 74 65 72 | 20 74 68 65 20 76 69 72 |es after| the vir|
|000035b0| 75 73 20 68 61 73 20 69 | 6e 73 74 61 6c 6c 65 64 |us has i|nstalled|
|000035c0| 20 69 74 73 65 6c 66 2c | 20 61 20 50 43 20 58 54 | itself,| a PC XT|
|000035d0| 20 73 79 73 74 65 6d 20 | 73 6c 6f 77 73 20 64 6f | system |slows do|
|000035e0| 77 6e 20 74 6f 20 61 20 | 66 69 66 74 68 20 6f 66 |wn to a |fifth of|
|000035f0| 20 6e 6f 72 6d 61 6c 20 | 73 70 65 65 64 2e 20 4f | normal |speed. O|
|00003600| 6e 20 66 61 73 74 65 72 | 20 6d 61 63 68 69 6e 65 |n faster| machine|
|00003610| 73 20 74 68 65 20 73 6c | 6f 77 64 6f 77 6e 20 69 |s the sl|owdown i|
|00003620| 73 20 6e 6f 74 20 61 73 | 20 6e 6f 74 69 63 65 61 |s not as| noticea|
|00003630| 62 6c 65 2e 20 41 74 20 | 74 68 65 20 73 61 6d 65 |ble. At |the same|
|00003640| 20 74 69 6d 65 2c 20 69 | 66 20 74 68 65 20 73 79 | time, i|f the sy|
|00003650| 73 02 02 10 00 00 00 22 | 0e 4d 53 20 53 61 6e 73 |s......"|.MS Sans|
|00003660| 20 53 65 72 69 66 03 14 | 70 00 14 02 06 10 00 00 | Serif..|p.......|
|00003670| 00 22 0e 4d 53 20 53 61 | 6e 73 20 53 65 72 69 66 |.".MS Sa|ns Serif|
|00003680| 03 02 16 04 18 70 00 04 | 00 74 00 b4 12 31 38 31 |.....p..|.t...181|
|00003690| 33 02 02 10 00 00 00 22 | 0e 4d 53 20 53 61 6e 73 |3......"|.MS Sans|
|000036a0| 20 53 65 72 69 66 03 04 | 74 00 b4 6e 4d 65 6d 6f | Serif..|t..nMemo|
|000036b0| 72 79 20 72 65 73 69 64 | 65 6e 74 20 66 69 6c 65 |ry resid|ent file|
|000036c0| 20 76 69 72 75 73 2e 02 | 02 10 00 00 00 22 0e 4d | virus..|.....".M|
|000036d0| 53 20 53 61 6e 73 20 53 | 65 72 69 66 03 08 74 00 |S Sans S|erif..t.|
|000036e0| b4 ce 43 4f 4d 20 61 6e | 64 20 45 58 45 20 66 69 |..COM an|d EXE fi|
|000036f0| 6c 65 73 20 6f 6e 20 65 | 78 65 63 75 74 69 6f 6e |les on e|xecution|
|00003700| 2c 20 65 78 63 65 70 74 | 20 43 4f 4d 4d 41 4e 44 |, except| COMMAND|
|00003710| 2e 43 4f 4d 2e 02 02 10 | 00 00 00 22 0e 4d 53 20 |.COM....|...".MS |
|00003720| 53 61 6e 73 20 53 65 72 | 69 66 03 0c 74 00 b4 f5 |Sans Ser|if..t...|
|00003730| 07 43 4f 4d 3a 20 31 2c | 38 31 33 20 62 79 74 65 |.COM: 1,|813 byte|
|00003740| 73 2e 20 43 4f 4d 20 66 | 69 6c 65 73 20 61 72 65 |s. COM f|iles are|
|00003750| 20 6e 6f 74 20 72 65 2d | 69 6e 66 65 63 74 65 64 | not re-|infected|
|00003760| 2e 20 45 58 45 3a 20 31 | 2c 38 30 38 20 74 6f 20 |. EXE: 1|,808 to |
|00003770| 31 2c 38 32 33 20 62 79 | 74 65 73 2e 20 45 58 45 |1,823 by|tes. EXE|
|00003780| 20 66 69 6c 65 73 20 67 | 72 6f 77 20 65 61 63 68 | files g|row each|
|00003790| 20 74 69 6d 65 20 74 68 | 65 79 20 61 72 65 20 69 | time th|ey are i|
|000037a0| 6e 66 65 63 74 65 64 20 | 75 6e 74 69 6c 20 74 68 |nfected |until th|
|000037b0| 65 79 20 61 72 65 20 74 | 6f 6f 20 6c 61 72 67 65 |ey are t|oo large|
|000037c0| 20 74 6f 20 6c 6f 61 64 | 20 69 6e 74 6f 20 6d 65 | to load| into me|
|000037d0| 6d 6f 72 79 2e 20 53 6f | 6d 65 20 45 58 45 20 66 |mory. So|me EXE f|
|000037e0| 69 6c 65 73 20 61 72 65 | 20 69 6e 66 65 63 74 65 |iles are| infecte|
|000037f0| 64 2c 20 77 69 74 68 6f | 75 74 20 67 72 6f 77 69 |d, witho|ut growi|
|00003800| 6e 67 2c 20 75 73 75 61 | 6c 6c 79 20 62 65 63 61 |ng, usua|lly beca|
|00003810| 75 73 65 20 74 68 65 20 | 67 65 6e 75 69 6e 65 20 |use the |genuine |
|00003820| 45 58 45 20 69 73 20 66 | 6f 6c 6c 6f 77 65 64 02 |EXE is f|ollowed.|
|00003830| 02 10 00 00 00 22 0e 4d | 53 20 53 61 6e 73 20 53 |.....".M|S Sans S|
|00003840| 65 72 69 66 03 10 74 00 | b4 fd 07 45 76 65 72 79 |erif..t.|...Every|
|00003850| 20 46 72 69 64 61 79 20 | 31 33 74 68 2c 20 77 68 | Friday |13th, wh|
|00003860| 65 6e 20 61 20 70 72 6f | 67 72 61 6d 20 69 73 20 |en a pro|gram is |
|00003870| 72 75 6e 2c 20 69 74 20 | 69 73 20 64 65 6c 65 74 |run, it |is delet|
|00003880| 65 64 2e 20 4f 6e 20 61 | 6e 79 20 64 61 74 65 2c |ed. On a|ny date,|
|00003890| 20 33 30 20 6d 69 6e 75 | 74 65 73 20 61 66 74 65 | 30 minu|tes afte|
|000038a0| 72 20 74 68 65 20 76 69 | 72 75 73 20 68 61 73 20 |r the vi|rus has |
|000038b0| 69 6e 73 74 61 6c 6c 65 | 64 20 69 74 73 65 6c 66 |installe|d itself|
|000038c0| 2c 20 61 20 50 43 20 58 | 54 20 73 79 73 74 65 6d |, a PC X|T system|
|000038d0| 20 73 6c 6f 77 73 20 64 | 6f 77 6e 20 74 6f 20 61 | slows d|own to a|
|000038e0| 20 66 69 66 74 68 20 6f | 66 20 6e 6f 72 6d 61 6c | fifth o|f normal|
|000038f0| 20 73 70 65 65 64 2e 20 | 4f 6e 20 66 61 73 74 65 | speed. |On faste|
|00003900| 72 20 6d 61 63 68 69 6e | 65 73 20 74 68 65 20 73 |r machin|es the s|
|00003910| 6c 6f 77 64 6f 77 6e 20 | 69 73 20 6e 6f 74 20 61 |lowdown |is not a|
|00003920| 73 20 6e 6f 74 69 63 65 | 61 62 6c 65 2e 20 41 74 |s notice|able. At|
|00003930| 20 74 68 65 20 73 61 6d | 65 20 74 69 6d 65 2c 20 | the sam|e time, |
|00003940| 69 66 20 74 68 65 20 73 | 79 73 02 02 10 00 00 00 |if the s|ys......|
|00003950| 22 0e 4d 53 20 53 61 6e | 73 20 53 65 72 69 66 03 |".MS San|s Serif.|
|00003960| 14 74 00 14 02 06 10 00 | 00 00 22 0e 4d 53 20 53 |.t......|..".MS S|
|00003970| 61 6e 73 20 53 65 72 69 | 66 03 02 16 04 18 74 00 |ans Seri|f.....t.|
|00003980| 04 00 78 00 b4 12 31 39 | 37 31 02 02 10 00 00 00 |..x...19|71......|
|00003990| 22 0e 4d 53 20 53 61 6e | 73 20 53 65 72 69 66 03 |".MS San|s Serif.|
|000039a0| 04 78 00 b4 6e 4d 65 6d | 6f 72 79 20 72 65 73 69 |.x..nMem|ory resi|
|000039b0| 64 65 6e 74 20 66 69 6c | 65 20 76 69 72 75 73 2e |dent fil|e virus.|
|000039c0| 02 02 10 00 00 00 22 0e | 4d 53 20 53 61 6e 73 20 |......".|MS Sans |
|000039d0| 53 65 72 69 66 03 08 78 | 00 b4 9d 05 43 4f 4d 20 |Serif..x|....COM |
|000039e0| 61 6e 64 20 45 58 45 20 | 66 69 6c 65 73 20 6f 6e |and EXE |files on|
|000039f0| 20 65 78 65 63 75 74 69 | 6f 6e 2e 20 43 4f 4d 20 | executi|on. COM |
|00003a00| 66 69 6c 65 73 20 62 65 | 74 77 65 65 6e 20 38 2c |files be|tween 8,|
|00003a10| 31 37 37 20 61 6e 64 20 | 36 33 2c 33 31 30 20 62 |177 and |63,310 b|
|00003a20| 79 74 65 73 20 61 6e 64 | 20 45 58 45 20 66 69 6c |ytes and| EXE fil|
|00003a30| 65 73 20 6f 66 20 67 72 | 65 61 74 65 72 20 74 68 |es of gr|eater th|
|00003a40| 61 6e 20 38 2c 31 37 37 | 20 62 79 74 65 73 20 61 |an 8,177| bytes a|
|00003a50| 72 65 20 69 6e 66 65 63 | 74 65 64 2e 20 44 61 74 |re infec|ted. Dat|
|00003a60| 65 2f 74 69 6d 65 20 61 | 6e 64 20 72 65 61 64 2f |e/time a|nd read/|
|00003a70| 77 72 69 74 65 20 61 74 | 74 72 69 62 75 74 65 73 |write at|tributes|
|00003a80| 20 61 72 65 20 70 72 65 | 73 65 72 76 65 64 2e 02 | are pre|served..|
|00003a90| 02 10 00 00 00 22 0e 4d | 53 20 53 61 6e 73 20 53 |.....".M|S Sans S|
|00003aa0| 65 72 69 66 03 0c 78 00 | b4 32 31 2c 39 37 31 20 |erif..x.|.21,971 |
|00003ab0| 62 79 74 65 73 2e 02 02 | 10 00 00 00 22 0e 4d 53 |bytes...|....".MS|
|00003ac0| 20 53 61 6e 73 20 53 65 | 72 69 66 03 10 78 00 b4 | Sans Se|rif..x..|
|00003ad0| fd 07 57 68 65 6e 20 61 | 20 66 69 6c 65 20 69 73 |..When a| file is|
|00003ae0| 20 66 69 72 73 74 20 69 | 6e 66 65 63 74 65 64 2c | first i|nfected,|
|00003af0| 20 74 68 65 20 76 69 72 | 75 73 20 73 74 6f 72 65 | the vir|us store|
|00003b00| 73 20 74 68 65 20 63 75 | 72 72 65 6e 74 20 64 61 |s the cu|rrent da|
|00003b10| 74 65 20 61 73 20 74 68 | 65 20 6e 75 6d 62 65 72 |te as th|e number|
|00003b20| 20 6f 66 20 64 61 79 73 | 20 73 69 6e 63 65 20 4a | of days| since J|
|00003b30| 61 6e 75 61 72 79 20 31 | 73 74 20 31 39 38 34 2e |anuary 1|st 1984.|
|00003b40| 20 57 68 65 6e 20 61 6e | 20 69 6e 66 65 63 74 65 | When an| infecte|
|00003b50| 64 20 66 69 6c 65 20 69 | 73 20 72 75 6e 20 61 6e |d file i|s run an|
|00003b60| 64 20 74 68 65 20 73 79 | 73 74 65 6d 20 64 61 74 |d the sy|stem dat|
|00003b70| 65 20 69 73 20 39 31 20 | 64 61 79 73 20 6f 72 20 |e is 91 |days or |
|00003b80| 6d 6f 72 65 20 61 66 74 | 65 72 20 74 68 61 74 2c |more aft|er that,|
|00003b90| 20 69 74 20 63 68 6f 6f | 73 65 73 20 61 20 74 75 | it choo|ses a tu|
|00003ba0| 6e 65 20 66 72 6f 6d 20 | 61 20 72 65 70 65 72 74 |ne from |a repert|
|00003bb0| 6f 69 72 65 20 6f 66 20 | 65 69 67 68 74 20 61 6e |oire of |eight an|
|00003bc0| 64 20 70 6c 61 79 73 20 | 69 74 20 61 62 6f 75 74 |d plays |it about|
|00003bd0| 20 02 02 10 00 00 00 22 | 0e 4d 53 20 53 61 6e 73 | ......"|.MS Sans|
|00003be0| 20 53 65 72 69 66 03 14 | 78 00 14 02 06 10 00 00 | Serif..|x.......|
|00003bf0| 00 22 0e 4d 53 20 53 61 | 6e 73 20 53 65 72 69 66 |.".MS Sa|ns Serif|
|00003c00| 03 02 16 04 18 78 00 04 | 00 7c 00 b4 12 32 30 38 |.....x..|.|...208|
|00003c10| 36 02 02 10 00 00 00 22 | 0e 4d 53 20 53 61 6e 73 |6......"|.MS Sans|
|00003c20| 20 53 65 72 69 66 03 04 | 7c 00 b4 6e 4d 65 6d 6f | Serif..||..nMemo|
|00003c30| 72 79 20 72 65 73 69 64 | 65 6e 74 20 66 69 6c 65 |ry resid|ent file|
|00003c40| 20 76 69 72 75 73 2e 02 | 02 10 00 00 00 22 0e 4d | virus..|.....".M|
|00003c50| 53 20 53 61 6e 73 20 53 | 65 72 69 66 03 08 7c 00 |S Sans S|erif..|.|
|00003c60| b4 ce 43 4f 4d 20 61 6e | 64 20 45 58 45 20 66 69 |..COM an|d EXE fi|
|00003c70| 6c 65 73 20 6f 6e 20 65 | 78 65 63 75 74 69 6f 6e |les on e|xecution|
|00003c80| 2c 20 65 78 63 65 70 74 | 20 43 4f 4d 4d 41 4e 44 |, except| COMMAND|
|00003c90| 2e 43 4f 4d 2e 02 02 10 | 00 00 00 22 0e 4d 53 20 |.COM....|...".MS |
|00003ca0| 53 61 6e 73 20 53 65 72 | 69 66 03 0c 7c 00 b4 d2 |Sans Ser|if..|...|
|00003cb0| 32 2c 30 38 36 20 62 79 | 74 65 73 2e 20 45 58 45 |2,086 by|tes. EXE|
|00003cc0| 20 66 69 6c 65 73 20 67 | 72 6f 77 20 62 79 20 32 | files g|row by 2|
|00003cd0| 2c 30 38 30 20 74 6f 20 | 32 2c 30 39 35 20 62 79 |,080 to |2,095 by|
|00003ce0| 74 65 73 2e 02 02 10 00 | 00 00 22 0e 4d 53 20 53 |tes.....|..".MS S|
|00003cf0| 61 6e 73 20 53 65 72 69 | 66 03 10 7c 00 b4 fd 07 |ans Seri|f..|....|
|00003d00| 57 68 65 6e 20 61 20 77 | 61 72 6d 20 62 6f 6f 74 |When a w|arm boot|
|00003d10| 20 69 73 20 70 65 72 66 | 6f 72 6d 65 64 2c 20 74 | is perf|ormed, t|
|00003d20| 68 65 20 6d 65 73 73 61 | 67 65 20 54 68 65 20 77 |he messa|ge The w|
|00003d30| 6f 72 6c 64 20 77 69 6c | 6c 20 68 65 61 72 20 66 |orld wil|l hear f|
|00003d40| 72 6f 6d 20 6d 65 20 61 | 67 61 69 6e 21 20 69 73 |rom me a|gain! is|
|00003d50| 20 64 69 73 70 6c 61 79 | 65 64 2e 20 49 66 20 74 | display|ed. If t|
|00003d60| 68 65 20 64 61 74 65 20 | 69 73 20 61 66 74 65 72 |he date |is after|
|00003d70| 20 41 75 67 75 73 74 20 | 31 73 74 20 31 39 38 39 | August |1st 1989|
|00003d80| 2c 20 74 68 65 20 76 69 | 72 75 73 20 6d 6f 6e 69 |, the vi|rus moni|
|00003d90| 74 6f 72 73 20 74 68 65 | 20 6b 65 79 62 6f 61 72 |tors the| keyboar|
|00003da0| 64 20 62 75 66 66 65 72 | 2e 20 49 66 20 60 46 75 |d buffer|. If `Fu|
|00003db0| 20 4d 61 6e 63 68 75 27 | 20 69 73 20 74 79 70 65 | Manchu'| is type|
|00003dc0| 64 2c 20 74 68 65 20 76 | 69 72 75 73 20 74 79 70 |d, the v|irus typ|
|00003dd0| 65 73 20 62 61 63 6b 20 | 46 75 20 4d 61 6e 63 68 |es back |Fu Manch|
|00003de0| 75 20 76 69 72 75 73 20 | 33 2f 31 30 2f 38 38 20 |u virus |3/10/88 |
|00003df0| 2d 20 6c 61 74 65 73 74 | 20 69 6e 20 74 68 65 02 |- latest| in the.|
|00003e00| 02 10 00 00 00 22 0e 4d | 53 20 53 61 6e 73 20 53 |.....".M|S Sans S|
|00003e10| 65 72 69 66 03 14 7c 00 | 14 02 06 10 00 00 00 22 |erif..|.|......."|
|00003e20| 0e 4d 53 20 53 61 6e 73 | 20 53 65 72 69 66 03 02 |.MS Sans| Serif..|
|00003e30| 16 04 18 7c 00 04 00 80 | 00 b4 0e 32 4b 62 02 02 |...|....|...2Kb..|
|00003e40| 10 00 00 00 22 0e 4d 53 | 20 53 61 6e 73 20 53 65 |....".MS| Sans Se|
|00003e50| 72 69 66 03 04 80 00 b4 | 4a 42 6f 6f 74 20 73 65 |rif.....|JBoot se|
|00003e60| 63 74 6f 72 20 76 69 72 | 75 73 2e 02 02 10 00 00 |ctor vir|us......|
|00003e70| 00 22 0e 4d 53 20 53 61 | 6e 73 20 53 65 72 69 66 |.".MS Sa|ns Serif|
|00003e80| 03 08 80 00 b4 dd 03 54 | 68 65 20 62 6f 6f 74 20 |.......T|he boot |
|00003e90| 73 65 63 74 6f 72 20 6f | 66 20 66 6c 6f 70 70 79 |sector o|f floppy|
|00003ea0| 20 64 69 73 6b 73 20 61 | 6e 64 20 74 68 65 20 70 | disks a|nd the p|
|00003eb0| 61 72 74 69 74 69 6f 6e | 20 73 65 63 74 6f 72 20 |artition| sector |
|00003ec0| 6f 66 20 68 61 72 64 20 | 64 69 73 6b 73 2c 20 77 |of hard |disks, w|
|00003ed0| 68 65 6e 20 74 68 65 20 | 50 43 20 69 73 20 62 6f |hen the |PC is bo|
|00003ee0| 6f 74 65 64 20 66 72 6f | 6d 20 61 6e 20 69 6e 66 |oted fro|m an inf|
|00003ef0| 65 63 74 65 64 20 66 6c | 6f 70 70 79 20 64 69 73 |ected fl|oppy dis|
|00003f00| 6b 2e 02 02 10 00 00 00 | 22 0e 4d 53 20 53 61 6e |k.......|".MS San|
|00003f10| 73 20 53 65 72 69 66 03 | 0c 80 00 b4 06 2d 02 02 |s Serif.|.....-..|
|00003f20| 10 00 00 00 22 0e 4d 53 | 20 53 61 6e 73 20 53 65 |....".MS| Sans Se|
|00003f30| 72 69 66 03 10 80 00 b4 | fd 07 49 66 20 74 68 65 |rif.....|..If the|
|00003f40| 20 50 43 20 69 73 20 62 | 6f 6f 74 65 64 20 66 72 | PC is b|ooted fr|
|00003f50| 6f 6d 20 61 6e 20 69 6e | 66 65 63 74 65 64 20 66 |om an in|fected f|
|00003f60| 6c 6f 70 70 79 20 64 69 | 73 6b 2c 20 74 68 65 20 |loppy di|sk, the |
|00003f70| 76 69 72 75 73 20 67 6f | 65 73 20 6d 65 6d 6f 72 |virus go|es memor|
|00003f80| 79 20 72 65 73 69 64 65 | 6e 74 20 61 6e 64 20 69 |y reside|nt and i|
|00003f90| 6e 66 65 63 74 73 20 74 | 68 65 20 70 61 72 74 69 |nfects t|he parti|
|00003fa0| 74 69 6f 6e 20 73 65 63 | 74 6f 72 20 6f 66 20 74 |tion sec|tor of t|
|00003fb0| 68 65 20 68 61 72 64 20 | 64 69 73 6b 2e 20 54 68 |he hard |disk. Th|
|00003fc0| 65 20 76 69 72 75 73 20 | 69 6e 66 65 63 74 73 20 |e virus |infects |
|00003fd0| 61 6e 79 20 66 6c 6f 70 | 70 79 20 64 69 73 6b 20 |any flop|py disk |
|00003fe0| 77 68 69 63 68 20 69 73 | 20 61 63 63 65 73 73 65 |which is| accesse|
|00003ff0| 64 2e 3c 70 3e 0d 0a 54 | 68 65 20 76 69 72 75 73 |d.<p>..T|he virus|
|00004000| 20 63 6f 70 69 65 73 20 | 74 68 65 20 6f 72 69 67 | copies |the orig|
|00004010| 69 6e 61 6c 20 70 61 72 | 74 69 74 69 6f 6e 20 73 |inal par|tition s|
|00004020| 65 63 74 6f 72 20 74 6f | 20 63 79 6c 69 6e 64 65 |ector to| cylinde|
|00004030| 72 20 30 2c 20 68 65 61 | 64 02 02 10 00 00 00 22 |r 0, hea|d......"|
|00004040| 0e 4d 53 20 53 61 6e 73 | 20 53 65 72 69 66 03 14 |.MS Sans| Serif..|
|00004050| 80 00 14 02 06 10 00 00 | 00 22 0e 4d 53 20 53 61 |........|.".MS Sa|
|00004060| 6e 73 20 53 65 72 69 66 | 03 02 16 04 18 80 00 04 |ns Serif|........|
|00004070| 00 84 00 b4 12 33 30 36 | 36 02 02 10 00 00 00 22 |.....306|6......"|
|00004080| 0e 4d 53 20 53 61 6e 73 | 20 53 65 72 69 66 03 04 |.MS Sans| Serif..|
|00004090| 84 00 b4 9a 4d 65 6d 6f | 72 79 20 72 65 73 69 64 |....Memo|ry resid|
|000040a0| 65 6e 74 20 66 69 6c 65 | 20 76 69 72 75 73 2f 66 |ent file| virus/f|
|000040b0| 69 6c 65 20 76 69 72 75 | 73 2e 02 02 10 00 00 00 |ile viru|s.......|
|000040c0| 22 0e 4d 53 20 53 61 6e | 73 20 53 65 72 69 66 03 |".MS San|s Serif.|
|000040d0| 08 84 00 b4 f5 07 54 68 | 65 72 65 20 61 72 65 20 |......Th|ere are |
|000040e0| 74 77 6f 20 6d 65 63 68 | 61 6e 69 73 6d 73 3a 3c |two mech|anisms:<|
|000040f0| 62 72 3e 4d 65 6d 6f 72 | 79 20 72 65 73 69 64 65 |br>Memor|y reside|
|00004100| 6e 74 2c 20 69 6e 66 65 | 63 74 69 6e 67 20 43 4f |nt, infe|cting CO|
|00004110| 4d 20 61 6e 64 20 45 58 | 45 20 66 69 6c 65 73 20 |M and EX|E files |
|00004120| 6f 6e 20 65 78 65 63 75 | 74 69 6f 6e 3b 3c 62 72 |on execu|tion;<br|
|00004130| 3e 0d 0a 44 69 72 65 63 | 74 20 61 63 74 69 6f 6e |>..Direc|t action|
|00004140| 20 28 61 66 74 65 72 20 | 44 65 63 65 6d 62 65 72 | (after |December|
|00004150| 20 31 39 38 38 29 2c 20 | 69 6e 66 65 63 74 69 6e | 1988), |infectin|
|00004160| 67 20 61 20 43 4f 4d 20 | 6f 72 20 45 58 45 20 66 |g a COM |or EXE f|
|00004170| 69 6c 65 20 6f 6e 20 65 | 78 65 63 75 74 69 6f 6e |ile on e|xecution|
|00004180| 20 6f 66 20 61 6e 20 69 | 6e 66 65 63 74 65 64 20 | of an i|nfected |
|00004190| 70 72 6f 67 72 61 6d 2e | 3c 70 3e 54 68 65 20 72 |program.|<p>The r|
|000041a0| 65 73 69 64 65 6e 74 20 | 70 6f 72 74 69 6f 6e 20 |esident |portion |
|000041b0| 6f 66 20 74 68 65 20 76 | 69 72 75 73 20 6f 63 63 |of the v|irus occ|
|000041c0| 75 70 69 65 73 20 37 4b | 62 20 6f 66 20 6d 65 6d |upies 7K|b of mem|
|000041d0| 6f 72 79 2e 02 02 10 00 | 00 00 22 0e 4d 53 20 53 |ory.....|..".MS S|
|000041e0| 61 6e 73 20 53 65 72 69 | 66 03 0c 84 00 b4 56 33 |ans Seri|f.....V3|
|000041f0| 2c 30 32 39 20 74 6f 20 | 33 2c 30 36 36 20 62 79 |,029 to |3,066 by|
|00004200| 74 65 73 2e 02 02 10 00 | 00 00 22 0e 4d 53 20 53 |tes.....|..".MS S|
|00004210| 61 6e 73 20 53 65 72 69 | 66 03 10 84 00 b4 fd 07 |ans Seri|f.......|
|00004220| 41 6e 20 68 6f 75 72 20 | 61 66 74 65 72 20 74 68 |An hour |after th|
|00004230| 65 20 76 69 72 75 73 20 | 67 6f 65 73 20 6d 65 6d |e virus |goes mem|
|00004240| 6f 72 79 20 72 65 73 69 | 64 65 6e 74 20 61 20 66 |ory resi|dent a f|
|00004250| 61 6c 6c 69 6e 67 20 6c | 65 74 74 65 72 73 20 64 |alling l|etters d|
|00004260| 69 73 70 6c 61 79 20 69 | 73 20 74 72 69 67 67 65 |isplay i|s trigge|
|00004270| 72 65 64 2e 20 54 68 69 | 73 20 69 73 20 64 69 66 |red. Thi|s is dif|
|00004280| 66 65 72 65 6e 74 20 66 | 72 6f 6d 20 43 61 73 63 |ferent f|rom Casc|
|00004290| 61 64 65 20 69 6e 20 74 | 68 61 74 20 74 68 65 20 |ade in t|hat the |
|000042a0| 64 69 73 70 6c 61 79 20 | 69 73 20 73 69 6c 65 6e |display |is silen|
|000042b0| 74 20 61 6e 64 20 74 68 | 65 20 63 68 61 72 61 63 |t and th|e charac|
|000042c0| 74 65 72 73 20 66 61 6c | 6c 20 69 6e 20 61 20 64 |ters fal|l in a d|
|000042d0| 69 66 66 65 72 65 6e 74 | 20 77 61 79 2e 20 54 68 |ifferent| way. Th|
|000042e0| 65 79 20 63 61 6e 20 62 | 65 20 6d 61 64 65 20 74 |ey can b|e made t|
|000042f0| 6f 20 72 69 73 65 20 75 | 70 20 61 67 61 69 6e 20 |o rise u|p again |
|00004300| 62 79 20 70 72 65 73 73 | 69 6e 67 20 6b 65 79 73 |by press|ing keys|
|00004310| 20 75 6e 74 69 6c 20 74 | 68 65 79 20 61 72 65 02 | until t|hey are.|
|00004320| 02 10 00 00 00 22 0e 4d | 53 20 53 61 6e 73 20 53 |.....".M|S Sans S|
|00004330| 65 72 69 66 03 14 84 00 | 14 02 06 10 00 00 00 22 |erif....|......."|
|00004340| 0e 4d 53 20 53 61 6e 73 | 20 53 65 72 69 66 03 02 |.MS Sans| Serif..|
|00004350| 16 04 18 84 00 04 00 88 | 00 b4 12 33 35 35 31 02 |........|...3551.|
|00004360| 02 10 00 00 00 22 0e 4d | 53 20 53 61 6e 73 20 53 |.....".M|S Sans S|
|00004370| 65 72 69 66 03 04 88 00 | b4 2e 46 69 6c 65 20 76 |erif....|..File v|
|00004380| 69 72 75 73 2e 02 02 10 | 00 00 00 22 0e 4d 53 20 |irus....|...".MS |
|00004390| 53 61 6e 73 20 53 65 72 | 69 66 03 08 88 00 b4 fd |Sans Ser|if......|
|000043a0| 07 41 20 43 4f 4d 20 6f | 72 20 45 58 45 20 66 69 |.A COM o|r EXE fi|
|000043b0| 6c 65 20 28 63 68 6f 73 | 65 6e 20 72 61 6e 64 6f |le (chos|en rando|
|000043c0| 6d 6c 79 20 66 72 6f 6d | 20 74 68 65 20 63 75 72 |mly from| the cur|
|000043d0| 72 65 6e 74 20 64 72 69 | 76 65 29 20 6f 6e 20 65 |rent dri|ve) on e|
|000043e0| 78 65 63 75 74 69 6f 6e | 20 6f 66 20 61 6e 20 69 |xecution| of an i|
|000043f0| 6e 66 65 63 74 65 64 20 | 66 69 6c 65 2e 20 54 68 |nfected |file. Th|
|00004400| 65 20 76 69 72 75 73 20 | 69 73 20 65 6e 63 72 79 |e virus |is encry|
|00004410| 70 74 65 64 20 61 6e 64 | 20 64 65 63 72 79 70 74 |pted and| decrypt|
|00004420| 73 20 69 74 73 65 6c 66 | 20 61 74 20 72 75 6e 20 |s itself| at run |
|00004430| 74 69 6d 65 2e 20 54 68 | 65 20 76 69 72 75 73 20 |time. Th|e virus |
|00004440| 6c 6f 6f 6b 73 20 66 6f | 72 20 61 20 44 4f 53 20 |looks fo|r a DOS |
|00004450| 73 75 62 2d 64 69 72 65 | 63 74 6f 72 79 20 6f 66 |sub-dire|ctory of|
|00004460| 66 20 74 68 65 20 72 6f | 6f 74 2c 20 61 6e 64 20 |f the ro|ot, and |
|00004470| 69 66 20 69 74 20 66 69 | 6e 64 73 20 6f 6e 65 20 |if it fi|nds one |
|00004480| 63 72 65 61 74 65 73 20 | 61 20 68 69 64 64 65 6e |creates |a hidden|
|00004490| 20 73 79 73 74 65 6d 20 | 66 69 6c 65 20 63 61 6c | system |file cal|
|000044a0| 02 02 10 00 00 00 22 0e | 4d 53 20 53 61 6e 73 20 |......".|MS Sans |
|000044b0| 53 65 72 69 66 03 0c 88 | 00 b4 56 33 2c 35 35 31 |Serif...|..V3,551|
|000044c0| 20 74 6f 20 33 2c 35 36 | 36 20 62 79 74 65 73 2e | to 3,56|6 bytes.|
|000044d0| 02 02 10 00 00 00 22 0e | 4d 53 20 53 61 6e 73 20 |......".|MS Sans |
|000044e0| 53 65 72 69 66 03 10 88 | 00 b4 fd 07 49 66 20 74 |Serif...|....If t|
|000044f0| 68 65 20 65 6e 76 69 72 | 6f 6e 6d 65 6e 74 20 63 |he envir|onment c|
|00004500| 6f 6e 74 61 69 6e 73 20 | 53 59 53 4c 4f 43 4b 3d |ontains |SYSLOCK=|
|00004510| 40 20 74 68 65 20 76 69 | 72 75 73 20 64 6f 65 73 |@ the vi|rus does|
|00004520| 20 6e 6f 74 68 69 6e 67 | 20 2d 20 69 74 20 64 6f | nothing| - it do|
|00004530| 65 73 20 6e 6f 74 20 65 | 76 65 6e 20 69 6e 66 65 |es not e|ven infe|
|00004540| 63 74 20 66 69 6c 65 73 | 2e 20 4f 74 68 65 72 77 |ct files|. Otherw|
|00004550| 69 73 65 2c 20 69 74 20 | 77 6f 72 6b 73 20 69 74 |ise, it |works it|
|00004560| 73 20 77 61 79 20 64 6f | 77 6e 20 74 68 65 20 64 |s way do|wn the d|
|00004570| 69 73 6b 2c 20 33 32 20 | 73 65 63 74 6f 72 73 20 |isk, 32 |sectors |
|00004580| 61 74 20 61 20 74 69 6d | 65 2c 20 63 6f 6e 76 65 |at a tim|e, conve|
|00004590| 72 74 69 6e 67 20 65 61 | 63 68 20 6f 63 63 75 72 |rting ea|ch occur|
|000045a0| 72 65 6e 63 65 20 6f 66 | 20 74 68 65 20 77 6f 72 |rence of| the wor|
|000045b0| 64 20 4d 69 63 72 6f 73 | 6f 66 74 20 74 6f 20 4d |d Micros|oft to M|
|000045c0| 61 63 72 6f 73 6f 66 74 | 20 28 6f 72 20 4d 61 63 |acrosoft| (or Mac|
|000045d0| 68 6f 73 6f 66 74 20 69 | 6e 20 74 68 65 20 4d 61 |hosoft i|n the Ma|
|000045e0| 63 68 6f 20 76 65 72 73 | 69 6f 6e 02 02 10 00 00 |cho vers|ion.....|
|000045f0| 00 22 0e 4d 53 20 53 61 | 6e 73 20 53 65 72 69 66 |.".MS Sa|ns Serif|
|00004600| 03 14 88 00 14 02 06 10 | 00 00 00 22 0e 4d 53 20 |........|...".MS |
|00004610| 53 61 6e 73 20 53 65 72 | 69 66 03 02 16 04 18 88 |Sans Ser|if......|
|00004620| 00 04 00 8c 00 b4 1a 33 | 41 50 41 33 41 02 02 10 |.......3|APA3A...|
|00004630| 00 00 00 22 0e 4d 53 20 | 53 61 6e 73 20 53 65 72 |...".MS |Sans Ser|
|00004640| 69 66 03 04 8c 00 b4 4a | 42 6f 6f 74 20 73 65 63 |if.....J|Boot sec|
|00004650| 74 6f 72 20 76 69 72 75 | 73 2e 02 02 10 00 00 00 |tor viru|s.......|
|00004660| 22 0e 4d 53 20 53 61 6e | 73 20 53 65 72 69 66 03 |".MS San|s Serif.|
|00004670| 08 8c 00 b4 dd 03 54 68 | 65 20 62 6f 6f 74 20 73 |......Th|e boot s|
|00004680| 65 63 74 6f 72 20 6f 66 | 20 66 6c 6f 70 70 79 20 |ector of| floppy |
|00004690| 64 69 73 6b 73 20 61 6e | 64 20 74 68 65 20 70 61 |disks an|d the pa|
|000046a0| 72 74 69 74 69 6f 6e 20 | 73 65 63 74 6f 72 20 6f |rtition |sector o|
|000046b0| 66 20 68 61 72 64 20 64 | 69 73 6b 73 2c 20 77 68 |f hard d|isks, wh|
|000046c0| 65 6e 20 74 68 65 20 50 | 43 20 69 73 20 62 6f 6f |en the P|C is boo|
|000046d0| 74 65 64 20 66 72 6f 6d | 20 61 6e 20 69 6e 66 65 |ted from| an infe|
|000046e0| 63 74 65 64 20 66 6c 6f | 70 70 79 20 64 69 73 6b |cted flo|ppy disk|
|000046f0| 2e 02 02 10 00 00 00 22 | 0e 4d 53 20 53 61 6e 73 |......."|.MS Sans|
|00004700| 20 53 65 72 69 66 03 0c | 8c 00 b4 06 2d 02 02 10 | Serif..|....-...|
|00004710| 00 00 00 22 0e 4d 53 20 | 53 61 6e 73 20 53 65 72 |...".MS |Sans Ser|
|00004720| 69 66 03 10 8c 00 b4 fd | 07 54 68 65 20 6e 61 6d |if......|.The nam|
|00004730| 65 20 6f 66 20 74 68 65 | 20 76 69 72 75 73 2c 20 |e of the| virus, |
|00004740| 33 41 50 41 33 41 2c 20 | 69 6e 20 52 75 73 73 69 |3APA3A, |in Russi|
|00004750| 61 6e 20 73 6c 61 6e 67 | 20 6d 65 61 6e 73 20 60 |an slang| means `|
|00004760| 69 6e 66 65 63 74 69 6f | 6e 27 2e 20 54 68 65 20 |infectio|n'. The |
|00004770| 61 6c 69 61 73 2c 20 5a | 61 72 61 7a 61 2c 20 69 |alias, Z|araza, i|
|00004780| 73 20 74 68 65 20 52 75 | 73 73 69 61 6e 20 70 72 |s the Ru|ssian pr|
|00004790| 6f 6e 75 6e 63 69 61 74 | 69 6f 6e 20 6f 66 20 33 |onunciat|ion of 3|
|000047a0| 41 50 41 33 41 2e 3c 70 | 3e 0d 0a 33 41 50 41 33 |APA3A.<p|>..3APA3|
|000047b0| 41 20 75 73 65 73 20 61 | 20 63 6f 6d 70 6c 65 78 |A uses a| complex|
|000047c0| 20 69 6e 66 65 63 74 69 | 6f 6e 20 6d 65 74 68 6f | infecti|on metho|
|000047d0| 64 2e 20 49 74 20 69 6e | 66 65 63 74 73 20 62 6f |d. It in|fects bo|
|000047e0| 6f 74 20 73 65 63 74 6f | 72 73 20 6f 66 20 66 6c |ot secto|rs of fl|
|000047f0| 6f 70 70 79 20 64 69 73 | 6b 73 20 69 6e 20 61 20 |oppy dis|ks in a |
|00004800| 73 69 6d 69 6c 61 72 20 | 6d 61 6e 6e 65 72 20 74 |similar |manner t|
|00004810| 6f 20 6f 74 68 65 72 20 | 62 6f 6f 74 20 73 65 63 |o other |boot sec|
|00004820| 74 6f 72 20 76 69 72 75 | 02 02 10 00 00 00 22 0e |tor viru|......".|
|00004830| 4d 53 20 53 61 6e 73 20 | 53 65 72 69 66 03 14 8c |MS Sans |Serif...|
|00004840| 00 14 02 06 10 00 00 00 | 22 0e 4d 53 20 53 61 6e |........|".MS San|
|00004850| 73 20 53 65 72 69 66 03 | 02 16 04 18 8c 00 04 00 |s Serif.|........|
|00004860| 90 00 b4 1a 33 74 75 6e | 65 73 02 02 10 00 00 00 |....3tun|es......|
|00004870| 22 0e 4d 53 20 53 61 6e | 73 20 53 65 72 69 66 03 |".MS San|s Serif.|
|00004880| 04 90 00 b4 6e 4d 65 6d | 6f 72 79 20 72 65 73 69 |....nMem|ory resi|
|00004890| 64 65 6e 74 20 66 69 6c | 65 20 76 69 72 75 73 2e |dent fil|e virus.|
|000048a0| 02 02 10 00 00 00 22 0e | 4d 53 20 53 61 6e 73 20 |......".|MS Sans |
|000048b0| 53 65 72 69 66 03 08 90 | 00 b4 4a 43 4f 4d 20 61 |Serif...|..JCOM a|
|000048c0| 6e 64 20 45 58 45 20 66 | 69 6c 65 73 2e 02 02 10 |nd EXE f|iles....|
|000048d0| 00 00 00 22 0e 4d 53 20 | 53 61 6e 73 20 53 65 72 |...".MS |Sans Ser|
|000048e0| 69 66 03 0c 90 00 b4 06 | 2d 02 02 10 00 00 00 22 |if......|-......"|
|000048f0| 0e 4d 53 20 53 61 6e 73 | 20 53 65 72 69 66 03 10 |.MS Sans| Serif..|
|00004900| 90 00 b4 fd 07 54 68 69 | 73 20 76 69 72 75 73 20 |.....Thi|s virus |
|00004910| 77 61 73 20 66 69 72 73 | 74 20 72 65 70 6f 72 74 |was firs|t report|
|00004920| 65 64 20 69 6e 20 61 20 | 73 6d 61 6c 6c 20 70 72 |ed in a |small pr|
|00004930| 6f 76 69 6e 63 65 20 50 | 69 63 68 69 6e 63 68 61 |ovince P|ichincha|
|00004940| 20 69 6e 20 45 63 75 61 | 64 6f 72 2e 3c 70 3e 0d | in Ecua|dor.<p>.|
|00004950| 0a 54 68 72 65 65 5f 54 | 75 6e 65 73 2e 31 37 38 |.Three_T|unes.178|
|00004960| 34 20 69 73 20 65 6e 63 | 72 79 70 74 65 64 2e 20 |4 is enc|rypted. |
|00004970| 20 49 74 20 75 73 65 73 | 20 73 74 65 61 6c 74 68 | It uses| stealth|
|00004980| 20 74 6f 20 63 6f 6e 63 | 65 61 6c 20 69 74 73 65 | to conc|eal itse|
|00004990| 6c 66 20 77 68 65 6e 20 | 6d 65 6d 6f 72 79 20 72 |lf when |memory r|
|000049a0| 65 73 69 64 65 6e 74 2e | 20 20 49 74 20 69 73 20 |esident.|  It is |
|000049b0| 61 6c 73 6f 20 61 20 66 | 61 73 74 20 69 6e 66 65 |also a f|ast infe|
|000049c0| 63 74 6f 72 2c 20 69 6e | 74 65 72 63 65 70 74 69 |ctor, in|tercepti|
|000049d0| 6e 67 20 4f 70 65 6e 20 | 28 33 64 29 20 61 6e 64 |ng Open |(3d) and|
|000049e0| 20 45 78 65 63 75 74 65 | 20 28 34 42 30 30 29 20 | Execute| (4B00) |
|000049f0| 44 4f 53 20 66 75 6e 63 | 74 69 6f 6e 73 2e 3c 70 |DOS func|tions.<p|
|00004a00| 3e 0d 0a 54 02 02 10 00 | 00 00 22 0e 4d 53 20 53 |>..T....|..".MS S|
|00004a10| 61 6e 73 20 53 65 72 69 | 66 03 14 90 00 14 02 06 |ans Seri|f.......|
|00004a20| 10 00 00 00 22 0e 4d 53 | 20 53 61 6e 73 20 53 65 |....".MS| Sans Se|
|00004a30| 72 69 66 03 02 16 04 18 | 90 00 04 00 94 00 b4 12 |rif.....|........|
|00004a40| 34 30 39 36 02 02 10 00 | 00 00 22 0e 4d 53 20 53 |4096....|..".MS S|
|00004a50| 61 6e 73 20 53 65 72 69 | 66 03 04 94 00 b4 6e 4d |ans Seri|f.....nM|
|00004a60| 65 6d 6f 72 79 20 72 65 | 73 69 64 65 6e 74 20 66 |emory re|sident f|
|00004a70| 69 6c 65 20 76 69 72 75 | 73 2e 02 02 10 00 00 00 |ile viru|s.......|
|00004a80| 22 0e 4d 53 20 53 61 6e | 73 20 53 65 72 69 66 03 |".MS San|s Serif.|
|00004a90| 08 94 00 b4 aa 43 4f 4d | 20 61 6e 64 20 45 58 45 |.....COM| and EXE|
|00004aa0| 20 66 69 6c 65 73 20 6f | 6e 20 61 6c 6d 6f 73 74 | files o|n almost|
|00004ab0| 20 61 6e 79 20 6f 70 65 | 72 61 74 69 6f 6e 2e 02 | any ope|ration..|
|00004ac0| 02 10 00 00 00 22 0e 4d | 53 20 53 61 6e 73 20 53 |.....".M|S Sans S|
|00004ad0| 65 72 69 66 03 0c 94 00 | b4 bd 03 34 2c 30 39 36 |erif....|...4,096|
|00004ae0| 20 62 79 74 65 73 2e 20 | 57 68 65 6e 20 74 68 65 | bytes. |When the|
|00004af0| 20 76 69 72 75 73 20 69 | 73 20 6d 65 6d 6f 72 79 | virus i|s memory|
|00004b00| 20 72 65 73 69 64 65 6e | 74 2c 20 69 74 20 75 73 | residen|t, it us|
|00004b10| 65 73 20 73 74 65 61 6c | 74 68 20 74 6f 20 63 6f |es steal|th to co|
|00004b20| 6e 63 65 61 6c 20 74 68 | 65 20 69 6e 63 72 65 61 |nceal th|e increa|
|00004b30| 73 65 20 69 6e 20 66 69 | 6c 65 20 73 69 7a 65 20 |se in fi|le size |
|00004b40| 6f 66 20 69 6e 66 65 63 | 74 65 64 20 66 69 6c 65 |of infec|ted file|
|00004b50| 73 2e 02 02 10 00 00 00 | 22 0e 4d 53 20 53 61 6e |s.......|".MS San|
|00004b60| 73 20 53 65 72 69 66 03 | 10 94 00 b4 fd 07 46 72 |s Serif.|......Fr|
|00004b70| 6f 64 6f 20 67 6f 65 73 | 20 6d 65 6d 6f 72 79 20 |odo goes| memory |
|00004b80| 72 65 73 69 64 65 6e 74 | 20 77 68 65 6e 20 61 6e |resident| when an|
|00004b90| 20 69 6e 66 65 63 74 65 | 64 20 70 72 6f 67 72 61 | infecte|d progra|
|00004ba0| 6d 20 69 73 20 72 75 6e | 2e 20 49 74 20 74 68 65 |m is run|. It the|
|00004bb0| 6e 20 69 6e 66 65 63 74 | 73 20 43 4f 4d 20 61 6e |n infect|s COM an|
|00004bc0| 64 20 45 58 45 20 66 69 | 6c 65 73 20 6f 6e 20 61 |d EXE fi|les on a|
|00004bd0| 6c 6d 6f 73 74 20 61 6e | 79 20 6f 70 65 72 61 74 |lmost an|y operat|
|00004be0| 69 6f 6e 2e 20 46 72 6f | 64 6f 20 61 64 64 73 20 |ion. Fro|do adds |
|00004bf0| 31 30 30 20 79 65 61 72 | 73 20 74 6f 20 74 68 65 |100 year|s to the|
|00004c00| 20 66 69 6c 65 20 64 61 | 74 65 20 61 73 20 61 20 | file da|te as a |
|00004c10| 73 65 6c 66 20 72 65 63 | 6f 67 6e 69 74 69 6f 6e |self rec|ognition|
|00004c20| 20 28 44 4f 53 20 64 69 | 73 70 6c 61 79 73 20 6f | (DOS di|splays o|
|00004c30| 6e 6c 79 20 74 68 65 20 | 6c 61 73 74 20 74 77 6f |nly the |last two|
|00004c40| 20 64 69 67 69 74 73 2c | 20 73 6f 20 74 68 69 73 | digits,| so this|
|00004c50| 20 63 68 61 6e 67 65 20 | 69 73 20 6e 6f 74 20 6e | change |is not n|
|00004c60| 6f 74 69 63 65 61 62 6c | 65 3b 20 61 6e 02 02 10 |oticeabl|e; an...|
|00004c70| 00 00 00 22 0e 4d 53 20 | 53 61 6e 73 20 53 65 72 |...".MS |Sans Ser|
|00004c80| 69 66 03 14 94 00 14 02 | 06 10 00 00 00 22 0e 4d |if......|.....".M|
|00004c90| 53 20 53 61 6e 73 20 53 | 65 72 69 66 03 02 16 04 |S Sans S|erif....|
|00004ca0| 18 94 00 04 00 98 00 b4 | 0e 34 32 33 02 02 10 00 |........|.423....|
|00004cb0| 00 00 22 0e 4d 53 20 53 | 61 6e 73 20 53 65 72 69 |..".MS S|ans Seri|
|00004cc0| 66 03 04 98 00 b4 2e 46 | 69 6c 65 20 76 69 72 75 |f......F|ile viru|
|00004cd0| 73 2e 02 02 10 00 00 00 | 22 0e 4d 53 20 53 61 6e |s.......|".MS San|
|00004ce0| 73 20 53 65 72 69 66 03 | 08 98 00 b4 fd 07 41 6c |s Serif.|......Al|
|00004cf0| 6c 20 75 6e 69 6e 66 65 | 63 74 65 64 20 43 4f 4d |l uninfe|cted COM|
|00004d00| 20 66 69 6c 65 73 20 69 | 6e 20 74 68 65 20 63 75 | files i|n the cu|
|00004d10| 72 72 65 6e 74 20 64 69 | 72 65 63 74 6f 72 79 20 |rrent di|rectory |
|00004d20| 6f 6e 20 65 78 65 63 75 | 74 69 6f 6e 20 6f 66 20 |on execu|tion of |
|00004d30| 61 6e 20 69 6e 66 65 63 | 74 65 64 20 66 69 6c 65 |an infec|ted file|
|00004d40| 20 69 6e 20 61 6e 79 20 | 64 69 72 65 63 74 6f 72 | in any |director|
|00004d50| 79 2e 20 43 4f 4d 4d 41 | 4e 44 2e 43 4f 4d 20 69 |y. COMMA|ND.COM i|
|00004d60| 73 20 6e 6f 74 20 69 6e | 66 65 63 74 65 64 2e 20 |s not in|fected. |
|00004d70| 44 61 74 65 2f 74 69 6d | 65 20 61 6e 64 20 72 65 |Date/tim|e and re|
|00004d80| 61 64 2f 77 72 69 74 65 | 20 61 74 74 72 69 62 75 |ad/write| attribu|
|00004d90| 74 65 73 20 61 72 65 20 | 6e 6f 74 20 70 72 65 73 |tes are |not pres|
|00004da0| 65 72 76 65 64 2e 20 49 | 66 20 74 68 65 20 76 69 |erved. I|f the vi|
|00004db0| 72 75 73 20 74 72 69 65 | 73 20 74 6f 20 69 6e 66 |rus trie|s to inf|
|00004dc0| 65 63 74 20 61 20 77 72 | 69 74 65 2d 70 72 6f 74 |ect a wr|ite-prot|
|00004dd0| 65 63 74 65 64 20 64 69 | 73 6b 20 74 68 65 20 44 |ected di|sk the D|
|00004de0| 4f 53 20 41 62 6f 72 74 | 2c 20 52 65 74 02 02 10 |OS Abort|, Ret...|
|00004df0| 00 00 00 22 0e 4d 53 20 | 53 61 6e 73 20 53 65 72 |...".MS |Sans Ser|
|00004e00| 69 66 03 0c 98 00 b4 ae | 35 34 30 20 74 6f 20 35 |if......|540 to 5|
|00004e10| 36 30 20 62 79 74 65 73 | 2c 20 61 63 63 6f 72 64 |60 bytes|, accord|
|00004e20| 69 6e 67 20 74 6f 20 74 | 68 65 20 76 65 72 73 69 |ing to t|he versi|
|00004e30| 6f 6e 2e 02 02 10 00 00 | 00 22 0e 4d 53 20 53 61 |on......|.".MS Sa|
|00004e40| 6e 73 20 53 65 72 69 66 | 03 10 98 00 b4 fd 07 45 |ns Serif|.......E|
|00004e50| 76 65 72 79 20 46 72 69 | 64 61 79 20 31 33 74 68 |very Fri|day 13th|
|00004e60| 2c 20 69 6e 66 65 63 74 | 65 64 20 66 69 6c 65 73 |, infect|ed files|
|00004e70| 20 61 72 65 20 64 65 6c | 65 74 65 64 20 61 66 74 | are del|eted aft|
|00004e80| 65 72 20 74 68 65 79 20 | 61 72 65 20 6c 6f 61 64 |er they |are load|
|00004e90| 65 64 20 69 6e 74 6f 20 | 6d 65 6d 6f 72 79 20 61 |ed into |memory a|
|00004ea0| 6e 64 20 65 78 65 63 75 | 74 65 64 2e 20 54 68 69 |nd execu|ted. Thi|
|00004eb0| 73 20 64 6f 65 73 20 6e | 6f 74 20 70 72 65 76 65 |s does n|ot preve|
|00004ec0| 6e 74 20 66 75 72 74 68 | 65 72 20 69 6e 66 65 63 |nt furth|er infec|
|00004ed0| 74 69 6f 6e 2e 3c 70 3e | 0d 0a 56 65 72 73 69 6f |tion.<p>|..Versio|
|00004ee0| 6e 20 31 3a 3c 70 3e 0d | 0a 57 68 65 6e 20 61 6e |n 1:<p>.|.When an|
|00004ef0| 20 69 6e 66 65 63 74 65 | 64 20 66 69 6c 65 20 69 | infecte|d file i|
|00004f00| 73 20 72 75 6e 20 74 68 | 65 20 50 43 20 62 65 65 |s run th|e PC bee|
|00004f10| 70 73 20 61 6e 64 20 74 | 68 65 20 66 6f 6c 6c 6f |ps and t|he follo|
|00004f20| 77 69 6e 67 20 6d 65 73 | 73 61 67 65 20 69 73 20 |wing mes|sage is |
|00004f30| 64 69 73 70 6c 61 79 65 | 64 3a 3c 70 3e 0d 0a 57 |displaye|d:<p>..W|
|00004f40| 41 52 4e 49 4e 47 21 21 | 21 21 20 54 48 49 02 02 |ARNING!!|!! THI..|
|00004f50| 10 00 00 00 22 0e 4d 53 | 20 53 61 6e 73 20 53 65 |....".MS| Sans Se|
|00004f60| 72 69 66 03 14 98 00 14 | 02 06 10 00 00 00 22 0e |rif.....|......".|
|00004f70| 4d 53 20 53 61 6e 73 20 | 53 65 72 69 66 03 02 16 |MS Sans |Serif...|
|00004f80| 04 18 98 00 04 00 9c 00 | b4 0a 34 4b 02 02 10 00 |........|..4K....|
|00004f90| 00 00 22 0e 4d 53 20 53 | 61 6e 73 20 53 65 72 69 |..".MS S|ans Seri|
|00004fa0| 66 03 04 9c 00 b4 6e 4d | 65 6d 6f 72 79 20 72 65 |f.....nM|emory re|
|00004fb0| 73 69 64 65 6e 74 20 66 | 69 6c 65 20 76 69 72 75 |sident f|ile viru|
|00004fc0| 73 2e 02 02 10 00 00 00 | 22 0e 4d 53 20 53 61 6e |s.......|".MS San|
|00004fd0| 73 20 53 65 72 69 66 03 | 08 9c 00 b4 aa 43 4f 4d |s Serif.|.....COM|
|00004fe0| 20 61 6e 64 20 45 58 45 | 20 66 69 6c 65 73 20 6f | and EXE| files o|
|00004ff0| 6e 20 61 6c 6d 6f 73 74 | 20 61 6e 79 20 6f 70 65 |n almost| any ope|
|00005000| 72 61 74 69 6f 6e 2e 02 | 02 10 00 00 00 22 0e 4d |ration..|.....".M|
|00005010| 53 20 53 61 6e 73 20 53 | 65 72 69 66 03 0c 9c 00 |S Sans S|erif....|
|00005020| b4 bd 03 34 2c 30 39 36 | 20 62 79 74 65 73 2e 20 |...4,096| bytes. |
|00005030| 57 68 65 6e 20 74 68 65 | 20 76 69 72 75 73 20 69 |When the| virus i|
|00005040| 73 20 6d 65 6d 6f 72 79 | 20 72 65 73 69 64 65 6e |s memory| residen|
|00005050| 74 2c 20 69 74 20 75 73 | 65 73 20 73 74 65 61 6c |t, it us|es steal|
|00005060| 74 68 20 74 6f 20 63 6f | 6e 63 65 61 6c 20 74 68 |th to co|nceal th|
|00005070| 65 20 69 6e 63 72 65 61 | 73 65 20 69 6e 20 66 69 |e increa|se in fi|
|00005080| 6c 65 20 73 69 7a 65 20 | 6f 66 20 69 6e 66 65 63 |le size |of infec|
|00005090| 74 65 64 20 66 69 6c 65 | 73 2e 02 02 10 00 00 00 |ted file|s.......|
|000050a0| 22 0e 4d 53 20 53 61 6e | 73 20 53 65 72 69 66 03 |".MS San|s Serif.|
|000050b0| 10 9c 00 b4 fd 07 46 72 | 6f 64 6f 20 67 6f 65 73 |......Fr|odo goes|
|000050c0| 20 6d 65 6d 6f 72 79 20 | 72 65 73 69 64 65 6e 74 | memory |resident|
|000050d0| 20 77 68 65 6e 20 61 6e | 20 69 6e 66 65 63 74 65 | when an| infecte|
|000050e0| 64 20 70 72 6f 67 72 61 | 6d 20 69 73 20 72 75 6e |d progra|m is run|
|000050f0| 2e 20 49 74 20 74 68 65 | 6e 20 69 6e 66 65 63 74 |. It the|n infect|
|00005100| 73 20 43 4f 4d 20 61 6e | 64 20 45 58 45 20 66 69 |s COM an|d EXE fi|
|00005110| 6c 65 73 20 6f 6e 20 61 | 6c 6d 6f 73 74 20 61 6e |les on a|lmost an|
|00005120| 79 20 6f 70 65 72 61 74 | 69 6f 6e 2e 20 46 72 6f |y operat|ion. Fro|
|00005130| 64 6f 20 61 64 64 73 20 | 31 30 30 20 79 65 61 72 |do adds |100 year|
|00005140| 73 20 74 6f 20 74 68 65 | 20 66 69 6c 65 20 64 61 |s to the| file da|
|00005150| 74 65 20 61 73 20 61 20 | 73 65 6c 66 20 72 65 63 |te as a |self rec|
|00005160| 6f 67 6e 69 74 69 6f 6e | 20 28 44 4f 53 20 64 69 |ognition| (DOS di|
|00005170| 73 70 6c 61 79 73 20 6f | 6e 6c 79 20 74 68 65 20 |splays o|nly the |
|00005180| 6c 61 73 74 20 74 77 6f | 20 64 69 67 69 74 73 2c |last two| digits,|
|00005190| 20 73 6f 20 74 68 69 73 | 20 63 68 61 6e 67 65 20 | so this| change |
|000051a0| 69 73 20 6e 6f 74 20 6e | 6f 74 69 63 65 61 62 6c |is not n|oticeabl|
|000051b0| 65 3b 20 61 6e 02 02 10 | 00 00 00 22 0e 4d 53 20 |e; an...|...".MS |
|000051c0| 53 61 6e 73 20 53 65 72 | 69 66 03 14 9c 00 14 02 |Sans Ser|if......|
|000051d0| 06 10 00 00 00 22 0e 4d | 53 20 53 61 6e 73 20 53 |.....".M|S Sans S|
|000051e0| 65 72 69 66 03 02 16 04 | 18 9c 00 04 00 a0 00 b4 |erif....|........|
|000051f0| 0e 35 35 35 02 02 10 00 | 00 00 22 0e 4d 53 20 53 |.555....|..".MS S|
|00005200| 61 6e 73 20 53 65 72 69 | 66 03 04 a0 00 b4 6e 4d |ans Seri|f.....nM|
|00005210| 65 6d 6f 72 79 20 72 65 | 73 69 64 65 6e 74 20 66 |emory re|sident f|
|00005220| 69 6c 65 20 76 69 72 75 | 73 2e 02 02 10 00 00 00 |ile viru|s.......|
|00005230| 22 0e 4d 53 20 53 61 6e | 73 20 53 65 72 69 66 03 |".MS San|s Serif.|
|00005240| 08 a0 00 b4 7e 43 4f 4d | 20 61 6e 64 20 45 58 45 |....~COM| and EXE|
|00005250| 20 66 69 6c 65 73 20 6f | 6e 20 65 78 65 63 75 74 | files o|n execut|
|00005260| 69 6f 6e 2e 02 02 10 00 | 00 00 22 0e 4d 53 20 53 |ion.....|..".MS S|
|00005270| 61 6e 73 20 53 65 72 69 | 66 03 0c a0 00 b4 2a 35 |ans Seri|f.....*5|
|00005280| 35 35 20 62 79 74 65 73 | 2e 02 02 10 00 00 00 22 |55 bytes|......."|
|00005290| 0e 4d 53 20 53 61 6e 73 | 20 53 65 72 69 66 03 10 |.MS Sans| Serif..|
|000052a0| a0 00 b4 8d 05 49 66 20 | 74 68 65 20 79 65 61 72 |.....If |the year|
|000052b0| 20 69 73 20 31 39 39 32 | 20 6f 72 20 6c 61 74 65 | is 1992| or late|
|000052c0| 72 2c 20 69 6e 66 65 63 | 74 65 64 20 70 72 6f 67 |r, infec|ted prog|
|000052d0| 72 61 6d 73 20 64 6f 20 | 6e 6f 74 20 72 75 6e 2e |rams do |not run.|
|000052e0| 3c 70 3e 0d 0a 3c 68 33 | 3e 20 56 61 72 69 61 6e |<p>..<h3|> Varian|
|000052f0| 74 73 3c 2f 68 33 3e 0d | 0a 51 75 69 74 2d 31 39 |ts</h3>.|.Quit-19|
|00005300| 39 32 2e 42 3a 3c 70 3e | 0d 0a 54 68 69 73 20 68 |92.B:<p>|..This h|
|00005310| 61 73 20 74 68 65 20 73 | 61 6d 65 20 65 66 66 65 |as the s|ame effe|
|00005320| 63 74 73 2c 20 62 75 74 | 20 74 68 65 72 65 20 69 |cts, but| there i|
|00005330| 73 20 61 20 6d 69 6e 6f | 72 20 64 69 66 66 65 72 |s a mino|r differ|
|00005340| 65 6e 63 65 20 69 6e 20 | 74 68 65 20 63 6f 64 65 |ence in |the code|
|00005350| 2e 3c 70 3e 0d 0a 02 02 | 10 00 00 00 22 0e 4d 53 |.<p>....|....".MS|
|00005360| 20 53 61 6e 73 20 53 65 | 72 69 66 03 14 a0 00 14 | Sans Se|rif.....|
|00005370| 02 06 10 00 00 00 22 0e | 4d 53 20 53 61 6e 73 20 |......".|MS Sans |
|00005380| 53 65 72 69 66 03 02 16 | 04 18 a0 00 04 00 a4 00 |Serif...|........|
|00005390| b4 0e 36 33 37 02 02 10 | 00 00 00 22 0e 4d 53 20 |..637...|...".MS |
|000053a0| 53 61 6e 73 20 53 65 72 | 69 66 03 04 a4 00 b4 6e |Sans Ser|if.....n|
|000053b0| 4d 65 6d 6f 72 79 20 72 | 65 73 69 64 65 6e 74 20 |Memory r|esident |
|000053c0| 66 69 6c 65 20 76 69 72 | 75 73 2e 02 02 10 00 00 |file vir|us......|
|000053d0| 00 22 0e 4d 53 20 53 61 | 6e 73 20 53 65 72 69 66 |.".MS Sa|ns Serif|
|000053e0| 03 08 a4 00 b4 fd 07 41 | 6e 20 75 6e 69 6e 66 65 |.......A|n uninfe|
|000053f0| 63 74 65 64 20 45 58 45 | 20 66 69 6c 65 20 69 6e |cted EXE| file in|
|00005400| 20 74 68 65 20 63 75 72 | 72 65 6e 74 20 73 75 62 | the cur|rent sub|
|00005410| 2d 64 69 72 65 63 74 6f | 72 79 20 6f 6e 20 65 78 |-directo|ry on ex|
|00005420| 65 63 75 74 69 6f 6e 20 | 6f 66 20 61 6e 20 69 6e |ecution |of an in|
|00005430| 66 65 63 74 65 64 20 66 | 69 6c 65 2e 20 44 75 72 |fected f|ile. Dur|
|00005440| 69 6e 67 20 69 6e 66 65 | 63 74 69 6f 6e 20 66 69 |ing infe|ction fi|
|00005450| 6c 65 73 20 61 72 65 20 | 72 65 6e 61 6d 65 64 20 |les are |renamed |
|00005460| 77 69 74 68 20 6e 6f 20 | 65 78 74 65 6e 73 69 6f |with no |extensio|
|00005470| 6e 2e 20 49 66 20 74 68 | 65 20 73 79 73 74 65 6d |n. If th|e system|
|00005480| 20 68 61 6e 67 73 20 69 | 6e 20 74 68 65 20 6d 69 | hangs i|n the mi|
|00005490| 64 64 6c 65 20 6f 66 20 | 74 68 65 20 69 6e 66 65 |ddle of |the infe|
|000054a0| 63 74 69 6f 6e 20 70 72 | 6f 63 65 73 73 20 74 68 |ction pr|ocess th|
|000054b0| 65 20 75 73 65 72 20 69 | 73 20 6e 6f 74 20 6c 65 |e user i|s not le|
|000054c0| 66 74 20 77 69 74 68 20 | 61 20 70 61 72 74 6c 79 |ft with |a partly|
|000054d0| 20 69 6e 66 65 63 74 65 | 64 20 66 69 6c 65 2e 20 | infecte|d file. |
|000054e0| 52 65 61 64 2f 77 02 02 | 10 00 00 00 22 0e 4d 53 |Read/w..|....".MS|
|000054f0| 20 53 61 6e 73 20 53 65 | 72 69 66 03 0c a4 00 b4 | Sans Se|rif.....|
|00005500| 4e 36 33 37 20 74 6f 20 | 31 2c 31 34 38 20 62 79 |N637 to |1,148 by|
|00005510| 74 65 73 2e 02 02 10 00 | 00 00 22 0e 4d 53 20 53 |tes.....|..".MS S|
|00005520| 61 6e 73 20 53 65 72 69 | 66 03 10 a4 00 b4 fd 07 |ans Seri|f.......|
|00005530| 54 68 65 20 76 69 72 75 | 73 20 69 6e 73 74 61 6c |The viru|s instal|
|00005540| 6c 73 20 61 20 73 6d 61 | 6c 6c 20 72 6f 75 74 69 |ls a sma|ll routi|
|00005550| 6e 65 20 77 68 69 63 68 | 20 63 6f 6e 76 65 72 74 |ne which| convert|
|00005560| 73 20 61 6c 6c 20 64 69 | 73 6b 2d 77 72 69 74 65 |s all di|sk-write|
|00005570| 73 20 74 6f 20 72 65 61 | 64 73 2e 20 54 68 75 73 |s to rea|ds. Thus|
|00005580| 2c 20 61 73 20 6c 6f 6e | 67 20 61 73 20 69 74 20 |, as lon|g as it |
|00005590| 69 73 20 69 6e 20 6d 65 | 6d 6f 72 79 2c 20 74 68 |is in me|mory, th|
|000055a0| 65 20 75 73 65 72 20 63 | 61 6e 6e 6f 74 20 63 72 |e user c|annot cr|
|000055b0| 65 61 74 65 2c 20 63 6f | 70 79 2c 20 63 68 61 6e |eate, co|py, chan|
|000055c0| 67 65 20 6f 72 20 64 65 | 6c 65 74 65 20 61 20 66 |ge or de|lete a f|
|000055d0| 69 6c 65 2e 20 4f 6e 20 | 6d 6f 6e 6f 63 68 72 6f |ile. On |monochro|
|000055e0| 6d 65 20 73 79 73 74 65 | 6d 73 20 74 68 65 20 66 |me syste|ms the f|
|000055f0| 69 72 73 74 20 64 69 73 | 6b 20 61 63 63 65 73 73 |irst dis|k access|
|00005600| 20 77 69 6c 6c 20 68 61 | 6e 67 20 74 68 65 20 73 | will ha|ng the s|
|00005610| 79 73 74 65 6d 2e 20 43 | 47 41 20 6d 6f 6e 69 74 |ystem. C|GA monit|
|00005620| 6f 72 73 20 73 68 6f 77 | 20 61 20 73 6c 69 67 02 |ors show| a slig.|
|00005630| 02 10 00 00 00 22 0e 4d | 53 20 53 61 6e 73 20 53 |.....".M|S Sans S|
|00005640| 65 72 69 66 03 14 a4 00 | 14 02 06 10 00 00 00 22 |erif....|......."|
|00005650| 0e 4d 53 20 53 61 6e 73 | 20 53 65 72 69 66 03 02 |.MS Sans| Serif..|
|00005660| 16 04 18 a4 00 04 00 a8 | 00 b4 0e 36 34 38 02 02 |........|...648..|
|00005670| 10 00 00 00 22 0e 4d 53 | 20 53 61 6e 73 20 53 65 |....".MS| Sans Se|
|00005680| 72 69 66 03 04 a8 00 b4 | 2e 46 69 6c 65 20 76 69 |rif.....|.File vi|
|00005690| 72 75 73 2e 02 02 10 00 | 00 00 22 0e 4d 53 20 53 |rus.....|..".MS S|
|000056a0| 61 6e 73 20 53 65 72 69 | 66 03 08 a8 00 b4 1d 04 |ans Seri|f.......|
|000056b0| 54 68 65 20 6e 65 78 74 | 20 75 6e 69 6e 66 65 63 |The next| uninfec|
|000056c0| 74 65 64 20 43 4f 4d 20 | 66 69 6c 65 2c 20 69 6e |ted COM |file, in|
|000056d0| 20 74 68 65 20 63 75 72 | 72 65 6e 74 20 64 69 72 | the cur|rent dir|
|000056e0| 65 63 74 6f 72 79 20 6f | 72 20 61 63 63 65 73 73 |ectory o|r access|
|000056f0| 65 64 20 76 69 61 20 74 | 68 65 20 50 41 54 48 2c |ed via t|he PATH,|
|00005700| 20 6f 6e 20 65 78 65 63 | 75 74 69 6f 6e 20 6f 66 | on exec|ution of|
|00005710| 20 61 6e 20 69 6e 66 65 | 63 74 65 64 20 66 69 6c | an infe|cted fil|
|00005720| 65 20 69 6e 20 61 6e 79 | 20 64 69 72 65 63 74 6f |e in any| directo|
|00005730| 72 79 2e 02 02 10 00 00 | 00 22 0e 4d 53 20 53 61 |ry......|.".MS Sa|
|00005740| 6e 73 20 53 65 72 69 66 | 03 0c a8 00 b4 2a 36 34 |ns Serif|.....*64|
|00005750| 38 20 62 79 74 65 73 2e | 02 02 10 00 00 00 22 0e |8 bytes.|......".|
|00005760| 4d 53 20 53 61 6e 73 20 | 53 65 72 69 66 03 10 a8 |MS Sans |Serif...|
|00005770| 00 b4 fd 07 4f 6e 65 2d | 69 6e 2d 65 69 67 68 74 |....One-|in-eight|
|00005780| 20 69 6e 66 65 63 74 69 | 6f 6e 73 20 6d 61 6b 65 | infecti|ons make|
|00005790| 20 74 68 65 20 66 69 6c | 65 20 75 6e 75 73 61 62 | the fil|e unusab|
|000057a0| 6c 65 20 62 79 20 70 61 | 74 63 68 69 6e 67 20 63 |le by pa|tching c|
|000057b0| 6f 64 65 20 66 6f 72 20 | 61 20 72 65 2d 62 6f 6f |ode for |a re-boo|
|000057c0| 74 20 61 74 20 74 68 65 | 20 62 65 67 69 6e 6e 69 |t at the| beginni|
|000057d0| 6e 67 20 6f 66 20 74 68 | 65 20 66 69 6c 65 2e 20 |ng of th|e file. |
|000057e0| 45 76 65 6e 74 75 61 6c | 6c 79 20 43 4f 4d 4d 41 |Eventual|ly COMMA|
|000057f0| 4e 44 2e 43 4f 4d 20 69 | 73 20 69 6e 66 65 63 74 |ND.COM i|s infect|
|00005800| 65 64 2c 20 73 6f 20 74 | 68 61 74 20 77 68 65 6e |ed, so t|hat when|
|00005810| 65 76 65 72 20 74 68 65 | 20 50 43 20 69 73 20 73 |ever the| PC is s|
|00005820| 74 61 72 74 65 64 20 75 | 70 20 69 74 20 6a 75 73 |tarted u|p it jus|
|00005830| 74 20 6b 65 65 70 73 20 | 72 65 2d 62 6f 6f 74 69 |t keeps |re-booti|
|00005840| 6e 67 2e 20 54 68 65 20 | 73 65 63 6f 6e 64 73 20 |ng. The |seconds |
|00005850| 66 69 65 6c 64 20 6f 66 | 20 74 68 65 20 64 69 72 |field of| the dir|
|00005860| 65 63 74 6f 72 79 20 69 | 73 20 75 73 65 64 20 74 |ectory i|s used t|
|00005870| 6f 20 73 02 02 10 00 00 | 00 22 0e 4d 53 20 53 61 |o s.....|.".MS Sa|
|00005880| 6e 73 20 53 65 72 69 66 | 03 14 a8 00 14 02 06 10 |ns Serif|........|
|00005890| 00 00 00 22 0e 4d 53 20 | 53 61 6e 73 20 53 65 72 |...".MS |Sans Ser|
|000058a0| 69 66 03 02 16 04 18 a8 | 00 04 00 ac 00 b4 2a 36 |if......|......*6|
|000058b0| 34 38 2d 4c 69 73 62 6f | 6e 02 02 10 00 00 00 22 |48-Lisbo|n......"|
|000058c0| 0e 4d 53 20 53 61 6e 73 | 20 53 65 72 69 66 03 04 |.MS Sans| Serif..|
|000058d0| ac 00 b4 2e 46 69 6c 65 | 20 76 69 72 75 73 2e 02 |....File| virus..|
|000058e0| 02 10 00 00 00 22 0e 4d | 53 20 53 61 6e 73 20 53 |.....".M|S Sans S|
|000058f0| 65 72 69 66 03 08 ac 00 | b4 fd 07 43 4f 4d 20 66 |erif....|...COM f|
|00005900| 69 6c 65 73 20 69 6e 20 | 74 68 65 20 63 75 72 72 |iles in |the curr|
|00005910| 65 6e 74 20 64 69 72 65 | 63 74 6f 72 79 20 6f 6e |ent dire|ctory on|
|00005920| 20 65 78 65 63 75 74 69 | 6f 6e 20 6f 66 20 61 6e | executi|on of an|
|00005930| 20 69 6e 66 65 63 74 65 | 64 20 66 69 6c 65 2c 20 | infecte|d file, |
|00005940| 65 78 63 65 70 74 20 74 | 68 6f 73 65 20 6c 65 73 |except t|hose les|
|00005950| 73 20 74 68 61 6e 20 31 | 30 20 61 6e 64 20 67 72 |s than 1|0 and gr|
|00005960| 65 61 74 65 72 20 74 68 | 61 6e 20 36 34 2c 30 30 |eater th|an 64,00|
|00005970| 30 20 62 79 74 65 73 2e | 20 54 68 65 20 44 4f 53 |0 bytes.| The DOS|
|00005980| 20 57 72 69 74 65 20 70 | 72 6f 74 65 63 74 20 65 | Write p|rotect e|
|00005990| 72 72 6f 72 20 77 72 69 | 74 69 6e 67 20 64 72 69 |rror wri|ting dri|
|000059a0| 76 65 20 58 3a 20 41 62 | 6f 72 74 2c 20 52 65 74 |ve X: Ab|ort, Ret|
|000059b0| 72 79 2c 20 49 67 6e 6f | 72 65 3f 20 6d 65 73 73 |ry, Igno|re? mess|
|000059c0| 61 67 65 20 69 73 20 64 | 69 73 70 6c 61 79 65 64 |age is d|isplayed|
|000059d0| 20 77 68 65 6e 20 74 68 | 65 20 76 69 72 75 73 20 | when th|e virus |
|000059e0| 61 74 74 65 6d 70 74 73 | 20 74 6f 20 69 6e 66 65 |attempts| to infe|
|000059f0| 63 74 20 77 72 69 74 65 | 2d 70 02 02 10 00 00 00 |ct write|-p......|
|00005a00| 22 0e 4d 53 20 53 61 6e | 73 20 53 65 72 69 66 03 |".MS San|s Serif.|
|00005a10| 0c ac 00 b4 2a 36 34 38 | 20 62 79 74 65 73 2e 02 |....*648| bytes..|
|00005a20| 02 10 00 00 00 22 0e 4d | 53 20 53 61 6e 73 20 53 |.....".M|S Sans S|
|00005a30| 65 72 69 66 03 10 ac 00 | b4 fd 07 54 68 65 20 76 |erif....|...The v|
|00005a40| 69 72 75 73 20 75 73 65 | 73 20 74 68 65 20 73 65 |irus use|s the se|
|00005a50| 63 6f 6e 64 73 20 66 69 | 65 6c 64 20 6f 66 20 74 |conds fi|eld of t|
|00005a60| 68 65 20 64 69 72 65 63 | 74 6f 72 79 20 74 6f 20 |he direc|tory to |
|00005a70| 73 74 6f 72 65 20 61 6e | 20 69 6d 70 6f 73 73 69 |store an| impossi|
|00005a80| 62 6c 65 20 76 61 6c 75 | 65 20 6f 66 20 36 32 20 |ble valu|e of 62 |
|00005a90| 73 65 63 6f 6e 64 73 2e | 3c 70 3e 0d 0a 4f 6e 65 |seconds.|<p>..One|
|00005aa0| 20 69 6e 66 65 63 74 69 | 6f 6e 20 69 6e 20 66 6f | infecti|on in fo|
|00005ab0| 75 72 20 6d 61 6b 65 73 | 20 74 68 65 20 66 69 6c |ur makes| the fil|
|00005ac0| 65 20 75 6e 75 73 61 62 | 6c 65 2e 20 45 76 65 6e |e unusab|le. Even|
|00005ad0| 74 75 61 6c 6c 79 20 43 | 4f 4d 4d 41 4e 44 2e 43 |tually C|OMMAND.C|
|00005ae0| 4f 4d 20 69 73 20 69 6e | 66 65 63 74 65 64 2c 20 |OM is in|fected, |
|00005af0| 61 6e 64 20 74 68 65 6e | 20 77 68 65 6e 65 76 65 |and then| wheneve|
|00005b00| 72 20 74 68 65 20 50 43 | 20 69 73 20 73 74 61 72 |r the PC| is star|
|00005b10| 74 65 64 20 69 74 20 68 | 61 6e 67 73 2e 20 49 74 |ted it h|angs. It|
|00005b20| 20 64 6f 65 73 20 74 68 | 69 73 20 62 79 20 70 75 | does th|is by pu|
|00005b30| 74 74 69 6e 67 20 74 68 | 65 20 02 02 10 00 00 00 |tting th|e ......|
|00005b40| 22 0e 4d 53 20 53 61 6e | 73 20 53 65 72 69 66 03 |".MS San|s Serif.|
|00005b50| 14 ac 00 14 02 06 10 00 | 00 00 22 0e 4d 53 20 53 |........|..".MS S|
|00005b60| 61 6e 73 20 53 65 72 69 | 66 03 02 16 04 18 ac 00 |ans Seri|f.......|
|00005b70| 04 00 b0 00 b4 0e 36 36 | 36 02 02 10 00 00 00 22 |......66|6......"|
|00005b80| 0e 4d 53 20 53 61 6e 73 | 20 53 65 72 69 66 03 04 |.MS Sans| Serif..|
|00005b90| b0 00 b4 6e 4d 65 6d 6f | 72 79 20 72 65 73 69 64 |...nMemo|ry resid|
|00005ba0| 65 6e 74 20 66 69 6c 65 | 20 76 69 72 75 73 2e 02 |ent file| virus..|
|00005bb0| 02 10 00 00 00 22 0e 4d | 53 20 53 61 6e 73 20 53 |.....".M|S Sans S|
|00005bc0| 65 72 69 66 03 08 b0 00 | b4 6d 04 43 4f 4d 20 66 |erif....|.m.COM f|
|00005bd0| 69 6c 65 73 20 6f 6e 20 | 65 78 65 63 75 74 69 6f |iles on |executio|
|00005be0| 6e 20 6f 66 20 63 65 72 | 74 61 69 6e 20 44 4f 53 |n of cer|tain DOS|
|00005bf0| 20 66 75 6e 63 74 69 6f | 6e 73 2c 20 66 6f 72 20 | functio|ns, for |
|00005c00| 65 78 61 6d 70 6c 65 2c | 20 63 6f 70 79 69 6e 67 |example,| copying|
|00005c10| 2c 20 65 78 65 63 75 74 | 69 6e 67 2c 20 72 65 61 |, execut|ing, rea|
|00005c20| 64 69 6e 67 2e 20 52 65 | 61 64 2f 77 72 69 74 65 |ding. Re|ad/write|
|00005c30| 20 61 74 74 72 69 62 75 | 74 65 73 20 61 6e 64 20 | attribu|tes and |
|00005c40| 64 61 74 65 2f 74 69 6d | 65 20 61 72 65 20 70 72 |date/tim|e are pr|
|00005c50| 65 73 65 72 76 65 64 2e | 02 02 10 00 00 00 22 0e |eserved.|......".|
|00005c60| 4d 53 20 53 61 6e 73 20 | 53 65 72 69 66 03 0c b0 |MS Sans |Serif...|
|00005c70| 00 b4 15 03 4e 6f 6e 65 | 20 61 70 70 61 72 65 6e |....None| apparen|
|00005c80| 74 2e 20 54 68 65 20 76 | 69 72 75 73 20 69 73 20 |t. The v|irus is |
|00005c90| 69 6e 73 65 72 74 65 64 | 20 69 6e 74 6f 20 75 6e |inserted| into un|
|00005ca0| 75 73 65 64 20 73 70 61 | 63 65 20 61 74 20 74 68 |used spa|ce at th|
|00005cb0| 65 20 65 6e 64 20 6f 66 | 20 74 68 65 20 6c 61 73 |e end of| the las|
|00005cc0| 74 20 63 6c 75 73 74 65 | 72 20 6f 66 20 74 68 65 |t cluste|r of the|
|00005cd0| 20 66 69 6c 65 2e 02 02 | 10 00 00 00 22 0e 4d 53 | file...|....".MS|
|00005ce0| 20 53 61 6e 73 20 53 65 | 72 69 66 03 10 b0 00 b4 | Sans Se|rif.....|
|00005cf0| fd 07 54 68 69 73 20 76 | 69 72 75 73 20 69 73 20 |..This v|irus is |
|00005d00| 61 20 73 74 65 61 6c 74 | 68 20 76 69 72 75 73 20 |a stealt|h virus |
|00005d10| 61 6e 64 20 68 69 64 65 | 73 20 69 74 73 65 6c 66 |and hide|s itself|
|00005d20| 20 76 65 72 79 20 77 65 | 6c 6c 2e 20 53 6f 6d 65 | very we|ll. Some|
|00005d30| 20 44 4f 53 20 75 74 69 | 6c 69 74 69 65 73 20 6d | DOS uti|lities m|
|00005d40| 61 79 20 67 69 76 65 20 | 69 6e 61 70 70 72 6f 70 |ay give |inapprop|
|00005d50| 72 69 61 74 65 20 65 72 | 72 6f 72 20 6d 65 73 73 |riate er|ror mess|
|00005d60| 61 67 65 73 2e 3c 70 3e | 0d 0a 54 68 65 72 65 20 |ages.<p>|..There |
|00005d70| 69 73 20 6e 6f 20 70 61 | 79 6c 6f 61 64 2e 20 49 |is no pa|yload. I|
|00005d80| 74 20 61 70 70 65 61 72 | 73 20 74 6f 20 68 61 76 |t appear|s to hav|
|00005d90| 65 20 62 65 65 6e 20 77 | 72 69 74 74 65 6e 20 61 |e been w|ritten a|
|00005da0| 73 20 61 6e 20 65 78 65 | 72 63 69 73 65 20 69 6e |s an exe|rcise in|
|00005db0| 20 75 73 69 6e 67 20 74 | 68 65 20 69 6e 74 65 72 | using t|he inter|
|00005dc0| 6e 61 6c 20 77 6f 72 6b | 69 6e 67 73 20 6f 66 20 |nal work|ings of |
|00005dd0| 44 4f 53 2e 20 48 6f 77 | 65 76 65 72 2c 20 61 6e |DOS. How|ever, an|
|00005de0| 20 69 6e 66 65 63 74 65 | 64 20 66 69 6c 65 20 77 | infecte|d file w|
|00005df0| 69 02 02 10 00 00 00 22 | 0e 4d 53 20 53 61 6e 73 |i......"|.MS Sans|
|00005e00| 20 53 65 72 69 66 03 14 | b0 00 14 02 06 10 00 00 | Serif..|........|
|00005e10| 00 22 0e 4d 53 20 53 61 | 6e 73 20 53 65 72 69 66 |.".MS Sa|ns Serif|
|00005e20| 03 02 16 04 18 b0 00 04 | 00 b4 00 b4 0a 36 39 02 |........|.....69.|
|00005e30| 02 10 00 00 00 22 0e 4d | 53 20 53 61 6e 73 20 53 |.....".M|S Sans S|
|00005e40| 65 72 69 66 03 04 b4 00 | b4 4a 42 6f 6f 74 20 73 |erif....|.JBoot s|
|00005e50| 65 63 74 6f 72 20 76 69 | 72 75 73 2e 02 02 10 00 |ector vi|rus.....|
|00005e60| 00 00 22 0e 4d 53 20 53 | 61 6e 73 20 53 65 72 69 |..".MS S|ans Seri|
|00005e70| 66 03 08 b4 00 b4 dd 03 | 54 68 65 20 62 6f 6f 74 |f.......|The boot|
|00005e80| 20 73 65 63 74 6f 72 20 | 6f 66 20 66 6c 6f 70 70 | sector |of flopp|
|00005e90| 79 20 64 69 73 6b 73 20 | 61 6e 64 20 74 68 65 20 |y disks |and the |
|00005ea0| 70 61 72 74 69 74 69 6f | 6e 20 73 65 63 74 6f 72 |partitio|n sector|
|00005eb0| 20 6f 66 20 68 61 72 64 | 20 64 69 73 6b 73 2c 20 | of hard| disks, |
|00005ec0| 77 68 65 6e 20 74 68 65 | 20 50 43 20 69 73 20 62 |when the| PC is b|
|00005ed0| 6f 6f 74 65 64 20 66 72 | 6f 6d 20 61 6e 20 69 6e |ooted fr|om an in|
|00005ee0| 66 65 63 74 65 64 20 66 | 6c 6f 70 70 79 20 64 69 |fected f|loppy di|
|00005ef0| 73 6b 2e 02 02 10 00 00 | 00 22 0e 4d 53 20 53 61 |sk......|.".MS Sa|
|00005f00| 6e 73 20 53 65 72 69 66 | 03 0c b4 00 b4 06 2d 02 |ns Serif|......-.|
|00005f10| 02 10 00 00 00 22 0e 4d | 53 20 53 61 6e 73 20 53 |.....".M|S Sans S|
|00005f20| 65 72 69 66 03 10 b4 00 | b4 fd 07 54 68 69 73 20 |erif....|...This |
|00005f30| 76 69 72 75 73 20 69 6e | 66 65 63 74 73 20 74 68 |virus in|fects th|
|00005f40| 65 20 70 61 72 74 69 74 | 69 6f 6e 20 73 65 63 74 |e partit|ion sect|
|00005f50| 6f 72 20 6f 66 20 74 68 | 65 20 68 61 72 64 20 64 |or of th|e hard d|
|00005f60| 69 73 6b 20 77 68 65 6e | 20 62 6f 6f 74 65 64 20 |isk when| booted |
|00005f70| 66 72 6f 6d 20 61 6e 20 | 69 6e 66 65 63 74 65 64 |from an |infected|
|00005f80| 20 66 6c 6f 70 70 79 20 | 64 69 73 6b 2e 20 54 68 | floppy |disk. Th|
|00005f90| 65 6e 20 69 74 20 69 6e | 66 65 63 74 73 20 66 6c |en it in|fects fl|
|00005fa0| 6f 70 70 79 20 64 69 73 | 6b 73 20 6f 6e 20 72 65 |oppy dis|ks on re|
|00005fb0| 61 64 20 61 63 63 65 73 | 73 20 28 66 6f 72 20 65 |ad acces|s (for e|
|00005fc0| 78 61 6d 70 6c 65 2c 20 | 77 69 74 68 20 74 68 65 |xample, |with the|
|00005fd0| 20 44 49 52 20 6f 72 20 | 43 4f 50 59 20 63 6f 6d | DIR or |COPY com|
|00005fe0| 6d 61 6e 64 73 29 2e 3c | 70 3e 0d 0a 57 68 65 6e |mands).<|p>..When|
|00005ff0| 20 61 63 74 69 76 65 20 | 69 6e 20 6d 65 6d 6f 72 | active |in memor|
|00006000| 79 2c 20 74 68 65 20 76 | 69 72 75 73 20 75 73 65 |y, the v|irus use|
|00006010| 73 20 73 74 65 61 6c 74 | 68 20 74 6f 20 63 6f 6e |s stealt|h to con|
|00006020| 63 65 61 6c 20 74 68 65 | 20 69 02 02 10 00 00 00 |ceal the| i......|
|00006030| 22 0e 4d 53 20 53 61 6e | 73 20 53 65 72 69 66 03 |".MS San|s Serif.|
|00006040| 14 b4 00 14 02 06 10 00 | 00 00 22 0e 4d 53 20 53 |........|..".MS S|
|00006050| 61 6e 73 20 53 65 72 69 | 66 03 02 16 04 18 b4 00 |ans Seri|f.......|
|00006060| 04 00 b8 00 b4 0e 38 30 | 35 02 02 10 00 00 00 22 |......80|5......"|
|00006070| 0e 4d 53 20 53 61 6e 73 | 20 53 65 72 69 66 03 04 |.MS Sans| Serif..|
|00006080| b8 00 b4 2e 46 69 6c 65 | 20 76 69 72 75 73 2e 02 |....File| virus..|
|00006090| 02 10 00 00 00 22 0e 4d | 53 20 53 61 6e 73 20 53 |.....".M|S Sans S|
|000060a0| 65 72 69 66 03 08 b8 00 | b4 ca 43 4f 4d 20 61 6e |erif....|..COM an|
|000060b0| 64 20 45 58 45 20 66 69 | 6c 65 73 20 77 68 65 6e |d EXE fi|les when|
|000060c0| 20 61 6e 20 69 6e 66 65 | 63 74 65 64 20 70 72 6f | an infe|cted pro|
|000060d0| 67 72 61 6d 20 69 73 20 | 72 75 6e 2e 02 02 10 00 |gram is |run.....|
|000060e0| 00 00 22 0e 4d 53 20 53 | 61 6e 73 20 53 65 72 69 |..".MS S|ans Seri|
|000060f0| 66 03 0c b8 00 b4 46 37 | 38 39 20 74 6f 20 38 30 |f.....F7|89 to 80|
|00006100| 35 20 62 79 74 65 73 2e | 02 02 10 00 00 00 22 0e |5 bytes.|......".|
|00006110| 4d 53 20 53 61 6e 73 20 | 53 65 72 69 66 03 10 b8 |MS Sans |Serif...|
|00006120| 00 b4 fd 07 4f 6e 20 53 | 65 70 74 65 6d 62 65 72 |....On S|eptember|
|00006130| 20 32 34 74 68 20 61 66 | 74 65 72 20 37 20 61 2e | 24th af|ter 7 a.|
|00006140| 6d 2e 2c 20 74 68 65 20 | 76 69 72 75 73 20 6f 76 |m., the |virus ov|
|00006150| 65 72 77 72 69 74 65 73 | 20 74 68 65 20 66 69 72 |erwrites| the fir|
|00006160| 73 74 20 32 30 30 20 73 | 65 63 74 6f 72 73 20 6f |st 200 s|ectors o|
|00006170| 66 20 65 76 65 72 79 20 | 44 4f 53 20 76 6f 6c 75 |f every |DOS volu|
|00006180| 6d 65 2e 3c 70 3e 0d 0a | 3c 68 33 3e 20 56 61 72 |me.<p>..|<h3> Var|
|00006190| 69 61 6e 74 73 3c 2f 68 | 33 3e 0d 0a 54 68 65 72 |iants</h|3>..Ther|
|000061a0| 65 20 69 73 20 61 20 76 | 61 72 69 61 6e 74 20 77 |e is a v|ariant w|
|000061b0| 68 69 63 68 20 64 6f 65 | 73 20 74 68 65 20 73 61 |hich doe|s the sa|
|000061c0| 6d 65 20 74 68 69 6e 67 | 20 6f 6e 20 46 65 62 72 |me thing| on Febr|
|000061d0| 75 61 72 79 20 31 33 74 | 68 20 61 66 74 65 72 20 |uary 13t|h after |
|000061e0| 31 20 70 2e 6d 2e 20 54 | 68 69 73 20 76 61 72 69 |1 p.m. T|his vari|
|000061f0| 61 6e 74 20 61 64 64 73 | 20 38 31 37 20 62 79 74 |ant adds| 817 byt|
|00006200| 65 73 20 74 6f 20 66 69 | 6c 65 73 2e 3c 70 3e 0d |es to fi|les.<p>.|
|00006210| 0a 54 68 65 72 65 20 69 | 73 20 61 6c 73 6f 20 61 |.There i|s also a|
|00006220| 20 76 61 02 02 10 00 00 | 00 22 0e 4d 53 20 53 61 | va.....|.".MS Sa|
|00006230| 6e 73 20 53 65 72 69 66 | 03 14 b8 00 14 02 06 10 |ns Serif|........|
|00006240| 00 00 00 22 0e 4d 53 20 | 53 61 6e 73 20 53 65 72 |...".MS |Sans Ser|
|00006250| 69 66 03 02 16 04 18 b8 | 00 04 00 bc 00 b4 1a 39 |if......|.......9|
|00006260| 2e 38 6d 69 6e 02 02 10 | 00 00 00 22 0e 4d 53 20 |.8min...|...".MS |
|00006270| 53 61 6e 73 20 53 65 72 | 69 66 03 04 bc 00 b4 6e |Sans Ser|if.....n|
|00006280| 4d 65 6d 6f 72 79 20 72 | 65 73 69 64 65 6e 74 20 |Memory r|esident |
|00006290| 66 69 6c 65 20 76 69 72 | 75 73 2e 02 02 10 00 00 |file vir|us......|
|000062a0| 00 22 0e 4d 53 20 53 61 | 6e 73 20 53 65 72 69 66 |.".MS Sa|ns Serif|
|000062b0| 03 08 bc 00 b4 05 03 43 | 4f 4d 20 61 6e 64 20 45 |.......C|OM and E|
|000062c0| 58 45 20 66 69 6c 65 73 | 20 6f 6e 20 65 78 65 63 |XE files| on exec|
|000062d0| 75 74 69 6f 6e 2e 20 49 | 66 20 44 4f 53 20 32 20 |ution. I|f DOS 2 |
|000062e0| 69 73 20 72 75 6e 6e 69 | 6e 67 2c 20 66 69 6c 65 |is runni|ng, file|
|000062f0| 73 20 61 72 65 20 61 6c | 73 6f 20 69 6e 66 65 63 |s are al|so infec|
|00006300| 74 65 64 20 77 68 65 6e | 20 74 68 65 79 20 61 72 |ted when| they ar|
|00006310| 65 20 72 65 61 64 2e 02 | 02 10 00 00 00 22 0e 4d |e read..|.....".M|
|00006320| 53 20 53 61 6e 73 20 53 | 65 72 69 66 03 0c bc 00 |S Sans S|erif....|
|00006330| b4 56 31 2c 32 33 32 20 | 74 6f 20 31 2c 34 38 37 |.V1,232 |to 1,487|
|00006340| 20 62 79 74 65 73 2e 02 | 02 10 00 00 00 22 0e 4d | bytes..|.....".M|
|00006350| 53 20 53 61 6e 73 20 53 | 65 72 69 66 03 10 bc 00 |S Sans S|erif....|
|00006360| b4 a5 06 45 76 65 72 79 | 20 31 30 20 6d 69 6e 75 |...Every| 10 minu|
|00006370| 74 65 73 2c 20 66 6f 72 | 20 61 20 70 65 72 69 6f |tes, for| a perio|
|00006380| 64 20 6f 66 20 74 77 6f | 20 73 65 63 6f 6e 64 73 |d of two| seconds|
|00006390| 2c 20 74 68 65 20 76 69 | 72 75 73 20 61 64 64 73 |, the vi|rus adds|
|000063a0| 20 66 69 76 65 20 6d 6f | 72 65 20 6f 66 20 74 68 | five mo|re of th|
|000063b0| 65 20 73 61 6d 65 20 6b | 65 79 20 74 6f 20 61 6e |e same k|ey to an|
|000063c0| 79 20 6b 65 79 70 72 65 | 73 73 2e 3c 70 3e 0d 0a |y keypre|ss.<p>..|
|000063d0| 3c 68 33 3e 20 56 61 72 | 69 61 6e 74 73 3c 2f 68 |<h3> Var|iants</h|
|000063e0| 33 3e 0d 0a 61 2c 20 62 | 2c 20 63 2c 20 64 2c 20 |3>..a, b|, c, d, |
|000063f0| 65 2c 20 53 61 6d 73 6f | 66 74 2c 20 61 6e 64 20 |e, Samso|ft, and |
+--------+-------------------------+-------------------------+--------+--------+
Only 25.0 KB of data is shown above.