home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Hacks & Cracks
/
Hacks_and_Cracks.iso
/
hackersguides-&-software
/
doomsday.zip
/
DOOMSDAY.DOC
< prev
Wrap
Text File
|
1992-03-12
|
2KB
|
35 lines
The Doomsday virus is a parasitic, non-resident, self-encrypting, COM
infector. It is EXTREMELY damaging when it activates.
The virus attachs itself to the end of host COM files. When an infected
program is executed, the virus will search the root directory of the
current drive for an uninfected COM file. If the drive is bootable, this
will almost always be COMMAND.COM. If no uninfected COM file is found in
the root directory, the virus will then search the current directoy. If
no uninfected files can be found in the current directory, then the date
is checked. If the date happens to be the 29th day of any month, the virus
will activate. As long as a file can be infected, the virus will not
activate.
Upon activation, (most likely when you boot the computer as COMMAND.COM
should have been one of the first files infected), the virus will start
reading in logical sectors from the current drive. These sectors will then
be XOR'ed in memory and written back to their original locations on the disk.
This effectively destroys EVERYTHING on the disk. This continues until the
entire disk is encrypted. Partially throught the destruction process
(beyond the point of no return), a message is displayed alerting the user
to his situation.
This virus employs a simple but effective encryption mechanism, making every
infection different from one another. The only common code between
infections is a short, 15 byte de-encryptor code. This is what the
included SCAN string searches for.
WARNING!! This zip file contains a live virus. It was created for
educational study of viral action. DO NOT DISTRIBUTE. For research
purposes only. The author cannot be held responsible for misuse of this
program.
Have fun but BE CAREFUL!
