home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
BBS Toolkit
/
BBS Toolkit.iso
/
doors_1
/
filefi06.zip
/
EMMIE.TXT
next >
Wrap
Text File
|
1992-05-16
|
2KB
|
53 lines
------------------------------------------------------------------------
Echo Flag : Permanent: N Export: N Personal Read: Y
BBS: ICEBER Conference: VIRUS Imported: 5/15/1992
To: ALL Num: 1683 Date: 5/11/1992
From: NEMROD KEDEM Re: 0 Time: 1:12 pm
Subj: Emmie Virus - more... Prvt: N Read: N
Hello, All.
After continueing with the analysis of Emmie virus we came up with a simple
way to check if Emmie virus is present in memory.
Emmie uses INT 21 service 0FACEh to check it's presence in memory.
If this function returns AX=0CEFAh and BX=000Ch then the virus is resident.
The following DEBUG script will create a 93 bytes COM file that can check if
Emmie virus is present in memory:
---------------------------------------------------------
N CHKEMMIE.COM
E 0100 EB 33 45 6D 6D 69 65 20 76 69 72 75 73 20 69 73
E 0110 20 24 72 65 73 69 64 65 6E 74 20 69 6E 20 6D 65
E 0120 6D 6F 72 79 21 07 24 4E 4F 54 20 72 65 73 69 64
E 0130 65 6E 74 2E 24 BA 02 01 B4 09 CD 21 B8 CE FA BB
E 0140 00 00 CD 21 3D FA CE 75 07 83 FB 0C 75 02 EB 05
E 0150 BA 27 01 EB 03 BA 12 01 B4 09 CD 21 C3
RCX
005D
W
Q
---------------------------------------------------------
If you have downloaded this script file, remove
any captured communications header and then enter
DEBUG < filename
where filename is the name of this script file.
BTW- This COM file can not be infected by Emmie for it is only 93 bytes and
Emmie infects files larger then 2702 bytes.
Good luck.
Nemrod Kedem,
Authorized Agent of McAfee Associates.
---
* Origin: <Rudy's Place - Israel> Hard disks never die... (2:403/138.0)
