Home » Archimedes archive » Micro User » MU 1991-08.adf » !VKiller/Docs/!Viruses/Chapter1/Text
!VKiller/Docs/!Viruses/Chapter1/Text
This website contains an archive of files for the Acorn Electron, BBC Micro, Acorn Archimedes, Commodore 16 and Commodore 64 computers, which Dominic Ford has rescued from his private collection of floppy disks and cassettes.
Some of these files were originally commercial releases in the 1980s and 1990s, but they are now widely available online. I assume that copyright over them is no longer being asserted. If you own the copyright and would like files to be removed, please contact me.
| Tape/disk: | Home » Archimedes archive » Micro User » MU 1991-08.adf |
| Filename: | !VKiller/Docs/!Viruses/Chapter1/Text |
| Read OK: | ✔ |
| File size: | 528C bytes |
| Load address: | FFFD8843 |
| Exec address: | 6D3961D7 |
File contents
�R�����������������������������������������������@��BH=�������G�����������ArchieVirus
���������@��t��x�4���c���$�This is very detailed (although stopping short of a disassembly of course) description of ��t��Et���
}���]+���$��ArchieVirus. It is strongly recommended reading, if only to give you a better understand-���t���H��BXr=��
��$��ing of how the virus operates.
�����������H���8��B���E������h7�Technical information
h�������8��p���T��������$�This is a piece of ARM code that is appended to executables with the Absolute (&FF8) ����p��x���p����}���$��filetype. It is 920 (&398) bytes long and has a tell-tale 4-character string at the end of its ��x��p���
�]i��=����$��code, "1210", which is used as an "already-infected" flag. The first instruction of the �p��p�����
1���_���$��original executable is saved near the end of the virus code space and is replaced by a ��p��%T��B�Y����'���$��branch to the first instruction of the ArchieVirus code.
���T��%`��B�����������$�Here's a complete run-down of what ArchieVirus does when first run:
����`��x���\-�*��}Y���$�1. Attempts to infect executables (Absolute filetype) with the filespecs "@.*" and "%.*". In ����x��%l��B<6]�=!���$��other words, all executables in the current and library directory are attacked.
����l��t����5=���
����$�2. Uses OS_File 36 as a "semaphore" to see if it is lodged in RMA. If a call to OS_File 36 ��t��p������R��݁���$��returns with an error, then it hasn't infected the RMA yet, so it proceeds to claim 920 �p��t���t�����I���$��bytes of RMA, copy itself into there and points a claim of the OS_File vector to its new ����t��%(��B�$}�]���$��RMA location.
���(��h�����]{��=����$�NOTE: A *RMTidy command effectively releases this OS_File claim and is an easy ��h��%L��B�A
C���q���$��manual way of removing ArchieVirus from the RMA.
���L��l���$`����
���$�3. The time is checked to see if it is the 13th of the month. If so, the code loops �l��%p��B����������$��indefinitely, displaying the 45-character message: HEHE...ArchieVirus strikes again...
�p��t���(��<��}k���$�Since there is no linefeed present, this will fill the screen with a fast scrolling blur. ���t��t����]��=3���$��Obviously, Shift+Control will allow mere humans to read it. Interestingly, this is the only �t��t���d�
�������$��place that the virus name, ArchieVirus, is found and this is tricky to spot because it is ���t��%,��B�uݓ������$��EORed with &64.
����,��p������,���[���$�4. Assuming it wasn't the 13th of the month � and NO, it doesn't check for a Friday � ���p��t���<�}�]#���$��then the original first instruction of the executable is replaced and the original normal ���t��%<��B�=���
��$��code continues from &8000 onwards.
�<��%h��BLw
U�������$�The OS_File vector claim is quite important, because this serves two purposes:
�h��p�������
���$�a. It allows OS_File 36 to return without an error, signalling that the RMA is already ��p��%$��B@���������$��infected.
��$��p�����N��}}���$�b. It checks for OS_Files 0 and 10 (Save memory to file), 11 (create empty file) and ����p��t���8
]��=E���$��12,14,16 and 255 (Load file). If any of these are encountered then an infection attack is ���t���D��B�g
��
���$��activated (see step 1 above).
���������D�����������������4����������������@��B�����L�h7�ArchieVirus Decrement Count
mem�������@��x����,Q�
���$�Yet again, this is a virus that has a strange way of keeping track of infections. A count is ����x��l�������G��$��DECREMENTED after a successful infection, which is strange indeed. It's as if the ���l��t���
�����$��author was considering a "limiter" in the code (when count = 0, don't infect anymore) but ���t��%H��BD�l��L���$��decided not to include one at the last minute.
��H��p����LA�,p��$�Of course, it could just be a warped mind � only the author knows the original value of �p��p���<�
��7��$��the count, so a simple subtraction will give ONLY HIM the number of infections. By the ��p��h����c������$��way, the copy of ArchieVirus I have has its decrement count at 1 in case you're �h������BX���l���$��interested. VKiller will display this Decrement Count when the ArchieVirus is detected.
��������������L��B�=��L`�h7�Possibly serious problems with ArchieVirus
�������L��t���@+,��
���$�The version of ArchieVirus I was given has a constant &A718 at offset &20 from the start ����t��t���<�u�̤��$��of the ArchieVirus code. This constant is *supposed* to indicate the start address of the ���t��p���x,�=�l��$��ArchieVirus code + 12. However, this constant NEVER changes and the code incorrectly ����p��t���t�l�L4��$��uses it for a copy reference point when duplicating itself into RMA. Hence, any calls to ����t��t���p,��
���$��OS_File once this faulty ArchieVirus code is installed will cause an "Address exception" ����t��l�����������$��or "Undefined instruction" error depending on what rubbish has been copied into the �l��% ��B@���\����$��RMA.
��� ��t�������l$��$�Ironically, I have patched one instruction in my own personal copy of ArchieVirus to use ����t��p�����L��,���$��a relative address and the code is now stable and no longer crashes I have done this ����p��l���|�
�����$��because I suspect the original author of ArchieVirus may have spotted the bug and ���l��%D��B\R�L�{��$��patched the code in a similar way to me.
���D��p����������$�As is very typical with many viruses, the ArchieVirus code does very little file error ��p��t�����l��L���$��checking and frequently reports "Not open for update" if the file is locked or the disk is ��t���X��B�,u�
���$��write-protected whilst attempting an infection.
I ���������X���<��B������<�h7�ArchieVirus Innoculation
���������<��t����7̊����$�The 4 character ASCII string "1210" at the end of the executable is checked for existence ���t��%\��B���R�l���$��by ArchieVirus to decide if it has infected the executable yet.
����\��%`��B�Kl��L��$�It is therefore easy to innoculate against ArchieVirus in two steps:
����`��t����L��,���$�1) Replace the first instruction of the original executable with the copy held in the virus �t��%$��B���
L��z��$��code area.
��$��l����o������$�2) Remove the 920 bytes of virus code and replace it with the 8 character string ����l��h���
r������$��"Hypo1210" (this was the string originally used by Hugo Fiennes' "Hypothermic" ��h��%T��B$�lt�L���$��innoculator so I've decided to stick with his convention).
�T��p���T�L
�,<��$�Hence, the executable will shrink back in size to only 8 bytes longer than its original �p���P��B�i
�����$��length and will have been innoculated too.
���������P����������������������������������0��Bpۥ���G�CeBit Virus
��������0��t���x[5�;d��$�This is very detailed (although stopping short of a disassembly of course) description of ���t��l��� X��+��$��the CeBit virus. It is strongly recommended reading, if only to give you a better ���l���P��B�\������$��understanding of how the virus operates.
����������P���8��B��KF���h7�Technical information
�������8��%\��B${��[ ��$�This is a module called "TlodMod" with the following title string:
�\��%T��B�P[s�;���$�TlodMod 1.11 (11 Nov 1990) by Devil the LORD OF DARKNESS
���T��t����;
�;��$�I'm not sure how it came to be called the "CeBit Virus", but that was the reference name ����t��%@��Bl ������$��given to me by Alan Glover of Acorn.
���@��p���ȣ�l����$�It is 1240 (&4D8) bytes long and hooks itself into UpCallV. It then activates once a ����p��t���D �4�{c��$��minute and first checks for the existence of <Obey$Dir>.TlodMod. If this already exists, ����t��p���T�[��;+��$��then no further action is taken. If it doesn't, however, it then attempts to append the �p��%@��B�������$��following line to <Obey$Dir>.!Boot:
����@��%@��B�~�\�ۋ��$�rme. TlodMod 0 rml. <Obey$Dir>.TlodMod
�@��l����M���$��$�If it succeeds at this, a counter is incremented and the module is replicated as ����l��p��������{���$��<Obey$Dir>.TlodMod. Every 16th successful infection will trip the virus into issuing a ��p��Ep���D�[��;���$��"*Wipe $.path.file*" (which will inevitably fail!) and then displaying a message accom-�p���D��B�HM��{��$��panied by a simple graphic.
rt���������D���@��B�M�����h7�CeBit Virus Infection Count
ver�������@��x����-�b�����$�This is a straight increment (my copy had a count of 110), but every time it hits a multiple ����x��x���
+{*�[Y��$��of 16, the virus does it nasty work (see above). VKiller will display the Infection Count if it �x��t����%;��!��$��finds the module in RMA or on disk � the text message displayed by the virus itself also ����t��p�����������$��proclaims the number of infections too. Here is the text of the message displayed every �p���8��B�1�������$��16th infection:
pa���������8��%\��B@���{I��
�This is a warning to all Users, I am back on the Archimedes ...
����\��%\��B�[��;��
�Your Archie is infected now and with him most of your programms.
���\��%\��B�������
�Don't worry, nothing is damaged, but keep in mind the protection!
��\��%\��B��q�����
�And always think about the other side of THE LORD OF DARKNESS ...
��\���D��B=9�9�{h��
� Virus generation is <count> ��������
����D��l�����{��[��$�<count> will be the value of the Infection Count. Notice how "programms" is spelt ���l���`��B<2;�����$��incorrectly (neither American nor British spelling...).
�����������`���<��B�����a�h7�CeBit Virus Innoculation
y �������<��d�����ۯ�����$�Sadly, this virus ALWAYS appends the *RMEnsure command to <Obey$Dir>.!Boot, �d��h���S�w�{���$��regardless as to whether it has done so already or not. Hence, the only way to ��h��x����[?�;n��$��temporarily innoculate is to set <Obey$Dir> to null:$ in the !Run file of VKiller. This will ����x����BD����������\�������������%p��BD�
�����$��only last as long as another application isn't run (which will reset <Obey$Dir> again).
�p��l������m�ʜ��$�There is only one (pretty unacceptable) way of permanently innoculating against the �l��p���T��5��d��$��CeBit Virus � a dummy "TlodMod" file could be created in every application directory. ���p��%@��B� j��J,��$��However, this has two disadvantages:
���@��%P��B�fJ��*���$�1) Leads to many extra files being created on the disk.
�P��l�����*/�
^��$�2) Could cause confusion and panic between the "dummy" TlodMod file and the "real" ��l���<��B ����%��$��TlodMod virus module.
���������<���0��B(?�`�����G�Extend Virus
n �������0��t���xj��J ��$�This is very detailed (although stopping short of a disassembly of course) description of ���t��l���D*��
���$��the Extend Virus. It is strongly recommended reading, if only to give you a better ��l���P��B�\��ʮ��$��understanding of how the virus operates.
a���������P���8��B��Z��G�h7�Technical information
�������8��p���d����j���$�It's a module which can go under 8 different filenames (the name is picked at random ����p��%<��B��J]�*���$��using the current time as a seed):
�<��`���Ć*��
%��$�MonitorRM, CheckMod, ExtendRM, OSextend, ColourRM, Fastmod, CodeRM or ���`��% ��B$��������$��MemRM.
� ��%T��B$��V�����$�However, the module itself has the following title string:
�T��%4��B�&����
��$�Extend 1.56 (08 Jul 1989)
��4��t����
���j���$�and is always known as "Extend" in the module list. For reference purposes, I shall refer ���t��%8��Bl+JP�*��$��to it as the "Extend Virus".
���8��p���D *��
��$�The date seems to imply that it has been around for nearly 2 years, which is a worrying �p��t����5������$��thought indeed. It is 940 (&3AC) bytes long and initialises itself as a nameless Wimp task ��t��t���P0�x�����$��which then looks for Wimp Message 5 (double-click). It attempts to either create an !Boot ���t��%x��B8
j@�Jo��$��in the application directory or append to an already existing one with the following lines:
����x��X���t�J��*��$�IconSprites <Obey$Dir>.!Sprites<&0D> RMEnsure Extend 0 RMRun ����X��%<��B�6
������$��<Obey$Dir>.ModName<&0D> ||<&FF>
����<��t����$�9��h��$�The "IconSprites" line is omitted if it is appended to an existing !Boot. "ModName" is one ��t��p���d���0��$��of the 8 possible filenames. The Extend Virus uses the <&FF> (i.e. decimal 255) byte at �p��t����j��J���$��the end as a self-check to see if has infected the !Boot file already. Of course, it copies �t��p���t�*��
���$��itself to the new name inside the application directory as you would expect. Note the ���p��t���x�X�ʇ��$��incorrect use of <&0D> (decimal 13) to terminate the lines, rather than the more correct ����t��%0��BT�� ��O��$��<&0A> (decimal 10).
����0��p���l���j���$�A Shift+double-click does NOT cause an infection, but it DOES claim yet another 1K of ���p��%4��BTCJ��*���$��never-to-be-released RMA.
��4������������������������������p�����Y��9��$�I have gone through the entire code and the only destructive thing it does, apart from ��p��p���Ե������$��wasting disk space with copies of itself, is to claim the 1K of RMA for every double-����p���d��Bܗ�d�����$��clicked file or directory (eventually crashing the system).
)
��
�������d���@��B��I���,�h7�Extend Virus Execution Count
f
�������@��h����yz�Y���$�There was one bit of the Extend Virus module code that perplexed me � why would �h��l�����9B�q��$��someone increment a memory location within the module and never use it? At first I ��l��p����2� ��8��$��skipped this code, but, remembering some viruses on the Amiga, I suddenly realised that �p��p�����������$��the incremented value would be copied whenever the module duplicated itself during a ����p��%(��B� y��Y���$��new infection.
��(��l�����Y2�9a��$�Now if the original author was smart, he would have incremented the counter IF AND ��l��h���4����(��$��ONLY IF there was a completely successful new infection (in fact, he would have �h��p���T�������$��incremented it prior to the new infection and decremented it if the infection failed). ��p��p��������y���$��However, the Extend Virus module actually increments the counter whenever it is first ���p��p�����YQ�9���$��started (usually via the *RMEnsure appended to the !Boot)...thus the counter does not ���p��t���t���G��$��correlate to the number of infections so far. Because of this, I've decided to call it the ��t���H��B<�������$��"Execution Count" from now on.
irs
��
�������H���P��B�xIb����h7�Extend Virus deliberately faulty virus coding?
�������P��p�����y��Y%��$�When the Extend Virus initialises itself as a nameless task, it does not save its task ��p��h���`�9�����$��handle. Hence, when it comes to execute Wimp_CloseDown (only via a *RMKill � it �h��l��������ٴ��$��cannot be killed by the Task Manager) it does NOT supply a valid task handle. Thus, �l��p������M��|��$��opening up the Task Manager afterwards causes it to fatally crash...which isn't nice. I �p��l�����y�YD��$��have managed to solve this problem 50% of the time, but the other half is down to ���l��p���9��
��$��Acorn's omission of a way of getting a task handle when supplied with a task name (null �p��%0��B�������$��string in this case).
��0��x����-�=��l��$�The upshot of this all is that if VKiller is run BEFORE the Extend Virus is, then VKiller will ��x��p���|���y4��$��patch the active virus in RMA so that it shuts down with a proper task handle and the ���p��l���0�Y��9���$��Task Manager can still be safely used. However, should the Extend Virus already be ��l��t����������$��present when VKiller is run, then the Task Manager will fatally crash the Desktop if it is ��t��%L��Bp��\�����$��opened (or is already open when VKiller is run).
���L��%@��B�����$��$�The solutions to all this are simple:
��@��%L��B�
���y���$�1. Close the Task Manager before running VKiller.
��L��p����-y'�YV��$�2. Do not open the Task Manager after VKiller has RMKilled the Extend Virus. My advice ��p��%l��B�9�
��$��is to scan/innoculate the infected disk or disks and then hard reset the machine.
��l��t����%��������$�Hopefully someone out there in the Public Domain will be able to fill in the 'missing' code �t��p������O���~���$��� see the FNgettaskhand() function in the !RunImage source code for more details. If ����p���t��B\%���yF���$��this happens, then the precautions won't be so elaborate in future releases.
�
��
�������t���<��B�
���Y��h7�Extend Virus Innoculation
h
�������<������������������������������p������ս�����$�VKiller can innoculate a !Boot file. This involves fooling the Extend Virus that it has �p��%p��B�Hh���H̽��$��already infected that !Boot file by attaching the following to the end of the file:
����p��l���8�H6��(e���$�IconSprites <Obey$Dir>.!Sprites<&0A> | This file has been innoculated against the ���l��%4��B�[����,���$��Extend Virus<&0A> ||<&FF>
��4��p�����薼��ż��$�The IconSprites line is only included if a new !Boot is created from scratch AND if the �p��x����
�^�������$��application directory contains an !Sprites file with the Sprite filetype. If the original !Boot �x��l��� �h&��HU���$��was not properly terminated by a linefeed (<&0A>), then a linefeed will be appended �l��t�����(�
���$��prior to the addition of any innoculation lines. Note the critical difference between the ���t��t���L+赻����$��Extend Virus infection and the innoculation: The penultimate line is terminated by <&0A> ����t��h����g�}�������$��and not <&0D>. This is how VKiller can differentiate between innoculations and ��h��%(��B��hE��Ht���$��infections.
����(��t���� H�(
���$�Please note that creating new innoculated !Boot files from scratch will cause the double-����t��p���D�����Ժ��$��click action to open a directory window to take longer because the applications inside ��p���P��B�5�m�������$��that window have these new !Boot files.
������������P���0��B�����5���G�Vigay Virus
ype�������0��t�����Hg��(����$�This is very detailed (although stopping short of a listing of course) description of the ���t��Et����/���]���$��Vigay Virus. It is strongly recommended reading, if only to give you a better understand-���t���H��BXr����%���$��ing of how the virus operates.
the �� �������H���8��B��8x������h7�Technical information
�������8��l�����h
��H;���$�This is a 2311-byte BASIC program called "datadqm" with an associated 97-byte !Boot �l���d��Bh�(Է����$��file. The REMs at the start of the program are as follows:
un: �� �������d��%0��B֯m��蛷��
�REM (C)1989 PAUL VIGAY
��0��%
��B�:��4���c���
�REM
�
��%<��Bb�����h+���
�REM A nasty little Archie Virus !!
��<��%L��B0�HĶ�(�
�REM ... or is something up with your monitor ???
����L��%
��B�:����躶��
�REM
�
���L��BE��S�������
�REM version 1.1a (24th October 1989) " ������
����L��p���x/������$�Hence you now know why it's called the "Vigay Virus" � the author's name appears as a ���p��%0��BT�h���H��$��comment at the start!
���0��p���4�HM��(|���$�When first run, it initialises as a Wimp task called "TaskManager" and then waits for ���p��%$��BT�����C���$��either:
����$��x����/譴��ܴ��$�1) a chance of (500 * hours left of a Thursday) to 1 to crop up to spark off a silly "wobble" ���x��h���T��u�������$��demo (wobbles the screen and mouse pointer). Yes, this demo only appears on a ���h��%L��B�<h=��Hl���$��Thursday and more frequently as the day wears on.
��L��% ��B�D�Hֳ�(���$�or:
���� ��x���4�(o������$�2) a file/directory double-click, in which case it attempts to replicate itself to the first ����x��t����6���e���$��application directory at that level that doesn't already have either an !Boot or a datadqm ��t����B�W�����������������������% ��B�W��հ�����$��file.
�� ��t���x�n�������$�There is no infection count maintained across replications. Because it installs itself as a �t��t����%�6��we���$��BASIC Wimp task, it cannot be easily detected by VKiller if it is present PRIOR to VKiller ��t��p����'W���7-���$��being run. Please see the "!ReadMe" on how to minimise this problem. If the Vigay Virus �p��h����_Ư����$��installs itself as a Wimp task AFTER VKiller has been run, then VKiller sends a �h���T��B���������$��Message_Quit Wimp message to shut it down.
tab!��!�������T���<��B��G���U��h7�Vigay Virus Innoculation
��!�������<��p����-w���WҮ��$�Innoculation can be achieved by creating a new !Boot in the same manner as the Extend ���p��%0��B��7k������$��Virus is innoculated.
�0��$�����������$��$�����������$��$�����������$�����yV4 00000000 8c 52 00 00 03 00 00 00 00 00 00 00 06 08 00 00 |.R..............|
00000010 00 08 00 00 01 10 00 00 00 00 00 00 00 00 00 00 |................|
00000020 00 10 00 00 02 18 00 00 a0 00 00 00 00 00 00 00 |................|
00000030 01 10 00 00 00 00 00 00 00 18 00 00 a5 40 00 00 |.............@..|
00000040 42 48 10 02 3d a5 fe ff fd 02 ff ff d0 47 00 02 |BH..=........G..|
00000050 07 10 00 00 01 10 00 00 01 10 00 00 00 00 00 00 |................|
00000060 41 72 63 68 69 65 56 69 72 75 73 0d 08 08 00 00 |ArchieVirus.....|
00000070 01 10 00 00 00 00 00 00 00 40 00 00 05 74 00 00 |.........@...t..|
00000080 03 78 0e 07 bd 34 fe ff 9d 63 fe ff f0 24 00 02 |.x...4...c...$..|
00000090 54 68 69 73 20 69 73 20 76 65 72 79 20 64 65 74 |This is very det|
000000a0 61 69 6c 65 64 20 28 61 6c 74 68 6f 75 05 67 68 |ailed (althou.gh|
000000b0 20 73 74 6f 70 70 69 6e 67 20 73 68 6f 72 74 20 | stopping short |
000000c0 6f 66 20 61 20 64 69 73 61 73 73 65 6d 62 6c 79 |of a disassembly|
000000d0 20 6f 66 20 63 6f 75 72 73 65 29 20 64 65 73 63 | of course) desc|
000000e0 72 69 70 74 69 6f 6e 20 6f 66 20 00 00 74 00 00 |ription of ..t..|
000000f0 45 74 00 00 00 20 1e 07 7d fc fd ff 5d 2b fe ff |Et... ..}...]+..|
00000100 f0 24 00 00 41 72 63 68 69 65 56 69 72 75 73 2e |.$..ArchieVirus.|
00000110 20 49 74 20 69 73 20 73 74 72 6f 6e 67 6c 79 20 | It is strongly |
00000120 72 65 63 6f 6d 6d 65 6e 64 65 64 20 72 65 61 64 |recommended read|
00000130 69 6e 67 2c 20 69 66 20 6f 6e 6c 79 20 74 6f 20 |ing, if only to |
00000140 67 69 76 65 20 79 6f 75 20 61 20 62 65 74 74 65 |give you a bette|
00000150 72 20 75 6e 64 65 72 73 74 61 6e 64 14 2d 00 00 |r understand.-..|
00000160 00 74 00 00 a5 48 00 00 42 58 72 02 3d c4 fd ff |.t...H..BXr.=...|
00000170 1d f3 fd ff f0 24 00 00 69 6e 67 20 6f 66 20 68 |.....$..ing of h|
00000180 6f 77 20 74 68 65 20 76 69 72 75 73 20 6f 70 65 |ow the virus ope|
00000190 72 61 74 65 73 2e 20 0d 07 0d fd ff 02 13 00 00 |rates. .........|
000001a0 02 13 00 00 00 00 00 00 00 48 00 00 a5 38 00 00 |.........H...8..|
000001b0 42 ba 9d 02 ad 45 fd ff fd 8b fd ff 68 37 00 02 |B....E......h7..|
000001c0 54 65 63 68 6e 69 63 61 6c 20 69 6e 66 6f 72 6d |Technical inform|
000001d0 61 74 69 6f 6e 0d 08 68 02 13 00 00 00 00 00 00 |ation..h........|
000001e0 00 38 00 00 05 70 00 00 00 54 fc 06 dd d9 fc ff |.8...p...T......|
000001f0 bd 08 fd ff f0 24 00 02 54 68 69 73 20 69 73 20 |.....$..This is |
00000200 61 20 70 69 65 63 65 20 6f 66 20 41 52 4d 20 63 |a piece of ARM c|
00000210 6f 64 65 20 74 68 61 74 20 69 73 20 61 70 70 65 |ode that is appe|
00000220 6e 64 65 64 20 74 6f 20 65 78 65 63 75 74 61 62 |nded to executab|
00000230 6c 65 73 20 77 69 74 68 20 74 68 65 20 41 62 73 |les with the Abs|
00000240 6f 6c 75 74 65 20 28 26 46 46 38 29 20 00 00 00 |olute (&FF8) ...|
00000250 00 70 00 00 05 78 00 00 00 70 16 07 9d a1 fc ff |.p...x...p......|
00000260 7d d0 fc ff f0 24 00 00 66 69 6c 65 74 79 70 65 |}....$..filetype|
00000270 2e 20 49 74 20 69 73 20 39 32 30 20 28 26 33 39 |. It is 920 (&39|
00000280 38 29 20 62 79 74 65 73 20 6c 6f 6e 67 20 61 6e |8) bytes long an|
00000290 64 20 68 61 73 20 61 20 74 65 6c 6c 2d 74 61 6c |d has a tell-tal|
000002a0 65 20 34 2d 63 68 61 72 61 63 74 65 72 20 73 74 |e 4-character st|
000002b0 72 69 6e 67 20 61 74 20 74 68 65 20 65 6e 64 20 |ring at the end |
000002c0 6f 66 20 69 74 73 20 00 00 78 00 00 05 70 00 00 |of its ..x...p..|
000002d0 00 0c ba 06 5d 69 fc ff 3d 98 fc ff f0 24 00 00 |....]i..=....$..|
000002e0 63 6f 64 65 2c 20 22 31 32 31 30 22 2c 20 77 68 |code, "1210", wh|
000002f0 69 63 68 20 69 73 20 75 73 65 64 20 61 73 20 61 |ich is used as a|
00000300 6e 20 22 61 6c 72 65 61 64 79 2d 69 6e 66 65 63 |n "already-infec|
00000310 74 65 64 22 20 66 6c 61 67 2e 20 54 68 65 20 66 |ted" flag. The f|
00000320 69 72 73 74 20 69 6e 73 74 72 75 63 74 69 6f 6e |irst instruction|
00000330 20 6f 66 20 74 68 65 20 00 70 00 00 05 70 00 00 | of the .p...p..|
00000340 00 98 f4 06 1d 31 fc ff fd 5f fc ff f0 24 00 00 |.....1..._...$..|
00000350 6f 72 69 67 69 6e 61 6c 20 65 78 65 63 75 74 61 |original executa|
00000360 62 6c 65 20 69 73 20 73 61 76 65 64 20 6e 65 61 |ble is saved nea|
00000370 72 20 74 68 65 20 65 6e 64 20 6f 66 20 74 68 65 |r the end of the|
00000380 20 76 69 72 75 73 20 63 6f 64 65 20 73 70 61 63 | virus code spac|
00000390 65 20 61 6e 64 20 69 73 20 72 65 70 6c 61 63 65 |e and is replace|
000003a0 64 20 62 79 20 61 20 00 00 70 00 00 25 54 00 00 |d by a ..p..%T..|
000003b0 42 84 59 04 dd f8 fb ff bd 27 fc ff f0 24 00 00 |B.Y......'...$..|
000003c0 62 72 61 6e 63 68 20 74 6f 20 74 68 65 20 66 69 |branch to the fi|
000003d0 72 73 74 20 69 6e 73 74 72 75 63 74 69 6f 6e 20 |rst instruction |
000003e0 6f 66 20 74 68 65 20 41 72 63 68 69 65 56 69 72 |of the ArchieVir|
000003f0 75 73 20 63 6f 64 65 2e 20 0d 00 00 00 54 00 00 |us code. ....T..|
00000400 25 60 00 00 42 9c 9d 05 bd 91 fb ff 9d c0 fb ff |%`..B...........|
00000410 f0 24 00 02 48 65 72 65 27 73 20 61 20 63 6f 6d |.$..Here's a com|
00000420 70 6c 65 74 65 20 72 75 6e 2d 64 6f 77 6e 20 6f |plete run-down o|
00000430 66 20 77 68 61 74 20 41 72 63 68 69 65 56 69 72 |f what ArchieVir|
00000440 75 73 20 64 6f 65 73 20 77 68 65 6e 20 66 69 72 |us does when fir|
00000450 73 74 20 72 75 6e 3a 20 0d 00 00 00 00 60 00 00 |st run: .....`..|
00000460 05 78 00 00 00 5c 2d 07 9d 2a fb ff 7d 59 fb ff |.x...\-..*..}Y..|
00000470 f0 24 00 02 31 2e 20 41 74 74 65 6d 70 74 73 20 |.$..1. Attempts |
00000480 74 6f 20 69 6e 66 65 63 74 20 65 78 65 63 75 74 |to infect execut|
00000490 61 62 6c 65 73 20 28 41 62 73 6f 6c 75 74 65 20 |ables (Absolute |
000004a0 66 69 6c 65 74 79 70 65 29 20 77 69 74 68 20 74 |filetype) with t|
000004b0 68 65 20 66 69 6c 65 73 70 65 63 73 20 22 40 2e |he filespecs "@.|
000004c0 2a 22 20 61 6e 64 20 22 25 2e 2a 22 2e 20 49 6e |*" and "%.*". In|
000004d0 20 00 00 00 00 78 00 00 25 6c 00 00 42 3c 36 06 | ....x..%l..B<6.|
000004e0 5d f2 fa ff 3d 21 fb ff f0 24 00 00 6f 74 68 65 |]...=!...$..othe|
000004f0 72 20 77 6f 72 64 73 2c 20 61 6c 6c 20 65 78 65 |r words, all exe|
00000500 63 75 74 61 62 6c 65 73 20 69 6e 20 74 68 65 20 |cutables in the |
00000510 63 75 72 72 65 6e 74 20 61 6e 64 20 6c 69 62 72 |current and libr|
00000520 61 72 79 20 64 69 72 65 63 74 6f 72 79 20 61 72 |ary directory ar|
00000530 65 20 61 74 74 61 63 6b 65 64 2e 20 0d 00 00 00 |e attacked. ....|
00000540 00 6c 00 00 05 74 00 00 00 00 35 07 3d 8b fa ff |.l...t....5.=...|
00000550 1d ba fa ff f0 24 00 02 32 2e 20 55 73 65 73 20 |.....$..2. Uses |
00000560 4f 53 5f 46 69 6c 65 20 33 36 20 61 73 20 61 20 |OS_File 36 as a |
00000570 22 73 65 6d 61 70 68 6f 72 65 22 20 74 6f 20 73 |"semaphore" to s|
00000580 65 65 20 69 66 20 69 74 20 69 73 20 6c 6f 64 67 |ee if it is lodg|
00000590 65 64 20 69 6e 20 52 4d 41 2e 20 49 66 20 61 20 |ed in RMA. If a |
000005a0 63 61 6c 6c 20 74 6f 20 4f 53 5f 46 69 6c 65 20 |call to OS_File |
000005b0 33 36 20 00 00 74 00 00 05 70 00 00 00 88 ce 06 |36 ..t...p......|
000005c0 fd 52 fa ff dd 81 fa ff f0 24 00 00 72 65 74 75 |.R.......$..retu|
000005d0 72 6e 73 20 77 69 74 68 20 61 6e 20 65 72 72 6f |rns with an erro|
000005e0 72 2c 20 74 68 65 6e 20 69 74 20 68 61 73 6e 27 |r, then it hasn'|
000005f0 74 20 69 6e 66 65 63 74 65 64 20 74 68 65 20 52 |t infected the R|
00000600 4d 41 20 79 65 74 2c 20 73 6f 20 69 74 20 70 72 |MA yet, so it pr|
00000610 6f 63 65 65 64 73 20 74 6f 20 63 6c 61 69 6d 20 |oceeds to claim |
00000620 39 32 30 20 00 70 00 00 05 74 00 00 00 74 f4 06 |920 .p...t...t..|
00000630 bd 1a fa ff 9d 49 fa ff f0 24 00 00 62 79 74 65 |.....I...$..byte|
00000640 73 20 6f 66 20 52 4d 41 2c 20 63 6f 70 79 20 69 |s of RMA, copy i|
00000650 74 73 65 6c 66 20 69 6e 74 6f 20 74 68 65 72 65 |tself into there|
00000660 20 61 6e 64 20 70 6f 69 6e 74 73 20 61 20 63 6c | and points a cl|
00000670 61 69 6d 20 6f 66 20 74 68 65 20 4f 53 5f 46 69 |aim of the OS_Fi|
00000680 6c 65 20 76 65 63 74 6f 72 20 74 6f 20 69 74 73 |le vector to its|
00000690 20 6e 65 77 20 00 00 00 00 74 00 00 25 28 00 00 | new ....t..%(..|
000006a0 42 c8 24 01 7d e2 f9 ff 5d 11 fa ff f0 24 00 00 |B.$.}...]....$..|
000006b0 52 4d 41 20 6c 6f 63 61 74 69 6f 6e 2e 0d 00 00 |RMA location....|
000006c0 00 28 00 00 05 68 00 00 00 b0 b5 06 5d 7b f9 ff |.(...h......]{..|
000006d0 3d aa f9 ff f0 24 00 02 4e 4f 54 45 3a 20 41 20 |=....$..NOTE: A |
000006e0 2a 52 4d 54 69 64 79 20 63 6f 6d 6d 61 6e 64 20 |*RMTidy command |
000006f0 65 66 66 65 63 74 69 76 65 6c 79 20 72 65 6c 65 |effectively rele|
00000700 61 73 65 73 20 74 68 69 73 20 4f 53 5f 46 69 6c |ases this OS_Fil|
00000710 65 20 63 6c 61 69 6d 20 61 6e 64 20 69 73 20 61 |e claim and is a|
00000720 6e 20 65 61 73 79 20 00 00 68 00 00 25 4c 00 00 |n easy ..h..%L..|
00000730 42 e4 41 04 1d 43 f9 ff fd 71 f9 ff f0 24 00 00 |B.A..C...q...$..|
00000740 6d 61 6e 75 61 6c 20 77 61 79 20 6f 66 20 72 65 |manual way of re|
00000750 6d 6f 76 69 6e 67 20 41 72 63 68 69 65 56 69 72 |moving ArchieVir|
00000760 75 73 20 66 72 6f 6d 20 74 68 65 20 52 4d 41 2e |us from the RMA.|
00000770 20 0d 00 00 00 4c 00 00 05 6c 00 00 00 24 60 06 | ....L...l...$`.|
00000780 fd db f8 ff dd 0a f9 ff f0 24 00 02 33 2e 20 54 |.........$..3. T|
00000790 68 65 20 74 69 6d 65 20 69 73 20 63 68 65 63 6b |he time is check|
000007a0 65 64 20 74 6f 20 73 65 65 20 69 66 20 69 74 20 |ed to see if it |
000007b0 69 73 20 74 68 65 20 31 33 74 68 20 6f 66 20 74 |is the 13th of t|
000007c0 68 65 20 6d 6f 6e 74 68 2e 20 49 66 20 73 6f 2c |he month. If so,|
000007d0 20 74 68 65 20 63 6f 64 65 20 6c 6f 6f 70 73 20 | the code loops |
000007e0 00 6c 00 00 25 70 00 00 42 bc f1 06 bd a3 f8 ff |.l..%p..B.......|
000007f0 9d d2 f8 ff f0 24 00 00 69 6e 64 65 66 69 6e 69 |.....$..indefini|
00000800 74 65 6c 79 2c 20 64 69 73 70 6c 61 79 69 6e 67 |tely, displaying|
00000810 20 74 68 65 20 34 35 2d 63 68 61 72 61 63 74 65 | the 45-characte|
00000820 72 20 6d 65 73 73 61 67 65 3a 20 48 45 48 45 2e |r message: HEHE.|
00000830 2e 2e 41 72 63 68 69 65 56 69 72 75 73 20 73 74 |..ArchieVirus st|
00000840 72 69 6b 65 73 20 61 67 61 69 6e 2e 2e 2e 20 0d |rikes again... .|
00000850 00 70 00 00 05 74 00 00 00 28 8c 06 9d 3c f8 ff |.p...t...(...<..|
00000860 7d 6b f8 ff f0 24 00 02 53 69 6e 63 65 20 74 68 |}k...$..Since th|
00000870 65 72 65 20 69 73 20 6e 6f 20 6c 69 6e 65 66 65 |ere is no linefe|
00000880 65 64 20 70 72 65 73 65 6e 74 2c 20 74 68 69 73 |ed present, this|
00000890 20 77 69 6c 6c 20 66 69 6c 6c 20 74 68 65 20 73 | will fill the s|
000008a0 63 72 65 65 6e 20 77 69 74 68 20 61 20 66 61 73 |creen with a fas|
000008b0 74 20 73 63 72 6f 6c 6c 69 6e 67 20 62 6c 75 72 |t scrolling blur|
000008c0 2e 20 00 00 00 74 00 00 05 74 00 00 00 dc 07 07 |. ...t...t......|
000008d0 5d 04 f8 ff 3d 33 f8 ff f0 24 00 00 4f 62 76 69 |]...=3...$..Obvi|
000008e0 6f 75 73 6c 79 2c 20 53 68 69 66 74 2b 43 6f 6e |ously, Shift+Con|
000008f0 74 72 6f 6c 20 77 69 6c 6c 20 61 6c 6c 6f 77 20 |trol will allow |
00000900 6d 65 72 65 20 68 75 6d 61 6e 73 20 74 6f 20 72 |mere humans to r|
00000910 65 61 64 20 69 74 2e 20 49 6e 74 65 72 65 73 74 |ead it. Interest|
00000920 69 6e 67 6c 79 2c 20 74 68 69 73 20 69 73 20 74 |ingly, this is t|
00000930 68 65 20 6f 6e 6c 79 20 00 74 00 00 05 74 00 00 |he only .t...t..|
00000940 00 64 da 06 1d cc f7 ff fd fa f7 ff f0 24 00 00 |.d...........$..|
00000950 70 6c 61 63 65 20 74 68 61 74 20 74 68 65 20 76 |place that the v|
00000960 69 72 75 73 20 6e 61 6d 65 2c 20 41 72 63 68 69 |irus name, Archi|
00000970 65 56 69 72 75 73 2c 20 69 73 20 66 6f 75 6e 64 |eVirus, is found|
00000980 20 61 6e 64 20 74 68 69 73 20 69 73 20 74 72 69 | and this is tri|
00000990 63 6b 79 20 74 6f 20 73 70 6f 74 20 62 65 63 61 |cky to spot beca|
000009a0 75 73 65 20 69 74 20 69 73 20 00 00 00 74 00 00 |use it is ...t..|
000009b0 25 2c 00 00 42 98 75 01 dd 93 f7 ff bd c2 f7 ff |%,..B.u.........|
000009c0 f0 24 00 00 45 4f 52 65 64 20 77 69 74 68 20 26 |.$..EORed with &|
000009d0 36 34 2e 20 0d 00 00 00 00 2c 00 00 05 70 00 00 |64. .....,...p..|
000009e0 00 00 fc 06 bd 2c f7 ff 9d 5b f7 ff f0 24 00 02 |.....,...[...$..|
000009f0 34 2e 20 41 73 73 75 6d 69 6e 67 20 69 74 20 77 |4. Assuming it w|
00000a00 61 73 6e 27 74 20 74 68 65 20 31 33 74 68 20 6f |asn't the 13th o|
00000a10 66 20 74 68 65 20 6d 6f 6e 74 68 20 98 20 61 6e |f the month . an|
00000a20 64 20 4e 4f 2c 20 69 74 20 64 6f 65 73 6e 27 74 |d NO, it doesn't|
00000a30 20 63 68 65 63 6b 20 66 6f 72 20 61 20 46 72 69 | check for a Fri|
00000a40 64 61 79 20 98 20 00 00 00 70 00 00 05 74 00 00 |day . ...p...t..|
00000a50 00 3c d5 06 7d f4 f6 ff 5d 23 f7 ff f0 24 00 00 |.<..}...]#...$..|
00000a60 74 68 65 6e 20 74 68 65 20 6f 72 69 67 69 6e 61 |then the origina|
00000a70 6c 20 66 69 72 73 74 20 69 6e 73 74 72 75 63 74 |l first instruct|
00000a80 69 6f 6e 20 6f 66 20 74 68 65 20 65 78 65 63 75 |ion of the execu|
00000a90 74 61 62 6c 65 20 69 73 20 72 65 70 6c 61 63 65 |table is replace|
00000aa0 64 20 61 6e 64 20 74 68 65 20 6f 72 69 67 69 6e |d and the origin|
00000ab0 61 6c 20 6e 6f 72 6d 61 6c 20 00 00 00 74 00 00 |al normal ...t..|
00000ac0 25 3c 00 00 42 e0 13 03 3d bc f6 ff 1d eb f6 ff |%<..B...=.......|
00000ad0 f0 24 00 00 63 6f 64 65 20 63 6f 6e 74 69 6e 75 |.$..code continu|
00000ae0 65 73 20 66 72 6f 6d 20 26 38 30 30 30 20 6f 6e |es from &8000 on|
00000af0 77 61 72 64 73 2e 20 0d 00 3c 00 00 25 68 00 00 |wards. ..<..%h..|
00000b00 42 4c 77 06 1d 55 f6 ff fd 83 f6 ff f0 24 00 02 |BLw..U.......$..|
00000b10 54 68 65 20 4f 53 5f 46 69 6c 65 20 76 65 63 74 |The OS_File vect|
00000b20 6f 72 20 63 6c 61 69 6d 20 69 73 20 71 75 69 74 |or claim is quit|
00000b30 65 20 69 6d 70 6f 72 74 61 6e 74 2c 20 62 65 63 |e important, bec|
00000b40 61 75 73 65 20 74 68 69 73 20 73 65 72 76 65 73 |ause this serves|
00000b50 20 74 77 6f 20 70 75 72 70 6f 73 65 73 3a 20 0d | two purposes: .|
00000b60 00 68 00 00 05 70 00 00 00 e0 b5 06 fd ed f5 ff |.h...p..........|
00000b70 dd 1c f6 ff f0 24 00 02 61 2e 20 49 74 20 61 6c |.....$..a. It al|
00000b80 6c 6f 77 73 20 4f 53 5f 46 69 6c 65 20 33 36 20 |lows OS_File 36 |
00000b90 74 6f 20 72 65 74 75 72 6e 20 77 69 74 68 6f 75 |to return withou|
00000ba0 74 20 61 6e 20 65 72 72 6f 72 2c 20 73 69 67 6e |t an error, sign|
00000bb0 61 6c 6c 69 6e 67 20 74 68 61 74 20 74 68 65 20 |alling that the |
00000bc0 52 4d 41 20 69 73 20 61 6c 72 65 61 64 79 20 00 |RMA is already .|
00000bd0 00 70 00 00 25 24 00 00 42 40 bf 00 bd b5 f5 ff |.p..%$..B@......|
00000be0 9d e4 f5 ff f0 24 00 00 69 6e 66 65 63 74 65 64 |.....$..infected|
00000bf0 2e 20 0d 00 00 24 00 00 05 70 00 00 00 14 bb 06 |. ...$...p......|
00000c00 9d 4e f5 ff 7d 7d f5 ff f0 24 00 02 62 2e 20 49 |.N..}}...$..b. I|
00000c10 74 20 63 68 65 63 6b 73 20 66 6f 72 20 4f 53 5f |t checks for OS_|
00000c20 46 69 6c 65 73 20 30 20 61 6e 64 20 31 30 20 28 |Files 0 and 10 (|
00000c30 53 61 76 65 20 6d 65 6d 6f 72 79 20 74 6f 20 66 |Save memory to f|
00000c40 69 6c 65 29 2c 20 31 31 20 28 63 72 65 61 74 65 |ile), 11 (create|
00000c50 20 65 6d 70 74 79 20 66 69 6c 65 29 20 61 6e 64 | empty file) and|
00000c60 20 00 00 00 00 70 00 00 05 74 00 00 00 38 0c 07 | ....p...t...8..|
00000c70 5d 16 f5 ff 3d 45 f5 ff f0 24 00 00 31 32 2c 31 |]...=E...$..12,1|
00000c80 34 2c 31 36 20 61 6e 64 20 32 35 35 20 28 4c 6f |4,16 and 255 (Lo|
00000c90 61 64 20 66 69 6c 65 29 2e 20 49 66 20 61 6e 79 |ad file). If any|
00000ca0 20 6f 66 20 74 68 65 73 65 20 61 72 65 20 65 6e | of these are en|
00000cb0 63 6f 75 6e 74 65 72 65 64 20 74 68 65 6e 20 61 |countered then a|
00000cc0 6e 20 69 6e 66 65 63 74 69 6f 6e 20 61 74 74 61 |n infection atta|
00000cd0 63 6b 20 69 73 20 00 00 00 74 00 00 a5 44 00 00 |ck is ...t...D..|
00000ce0 42 f0 67 02 1d de f4 ff fd 0c f5 ff f0 24 00 00 |B.g..........$..|
00000cf0 61 63 74 69 76 61 74 65 64 20 28 73 65 65 20 73 |activated (see s|
00000d00 74 65 70 20 31 20 61 62 6f 76 65 29 2e 20 0d 07 |tep 1 above). ..|
00000d10 02 14 00 00 02 14 00 00 00 00 00 00 00 44 00 00 |.............D..|
00000d20 01 10 00 00 00 00 00 00 00 00 00 00 00 10 00 00 |................|
00000d30 02 18 00 00 34 01 00 00 00 00 00 00 02 14 00 00 |....4...........|
00000d40 00 00 00 00 00 18 00 00 a5 40 00 00 42 80 a3 03 |.........@..B...|
00000d50 fc bc f1 ff 4c 03 f2 ff 68 37 00 02 41 72 63 68 |....L...h7..Arch|
00000d60 69 65 56 69 72 75 73 20 44 65 63 72 65 6d 65 6e |ieVirus Decremen|
00000d70 74 20 43 6f 75 6e 74 0d 08 6d 65 6d 02 14 00 00 |t Count..mem....|
00000d80 00 00 00 00 00 40 00 00 05 78 00 00 00 a4 1b 07 |.....@...x......|
00000d90 2c 51 f1 ff 0c 80 f1 ff f0 24 00 02 59 65 74 20 |,Q.......$..Yet |
00000da0 61 67 61 69 6e 2c 20 74 68 69 73 20 69 73 20 61 |again, this is a|
00000db0 20 76 69 72 75 73 20 74 68 61 74 20 68 61 73 20 | virus that has |
00000dc0 61 20 73 74 72 61 6e 67 65 20 77 61 79 20 6f 66 |a strange way of|
00000dd0 20 6b 65 65 70 69 6e 67 20 74 72 61 63 6b 20 6f | keeping track o|
00000de0 66 20 69 6e 66 65 63 74 69 6f 6e 73 2e 20 41 20 |f infections. A |
00000df0 63 6f 75 6e 74 20 69 73 20 00 00 00 00 78 00 00 |count is ....x..|
00000e00 05 6c 00 00 00 ec a9 06 ec 18 f1 ff cc 47 f1 ff |.l...........G..|
00000e10 f0 24 00 00 44 45 43 52 45 4d 45 4e 54 45 44 20 |.$..DECREMENTED |
00000e20 61 66 74 65 72 20 61 20 73 75 63 63 65 73 73 66 |after a successf|
00000e30 75 6c 20 69 6e 66 65 63 74 69 6f 6e 2c 20 77 68 |ul infection, wh|
00000e40 69 63 68 20 69 73 20 73 74 72 61 6e 67 65 20 69 |ich is strange i|
00000e50 6e 64 65 65 64 2e 20 49 74 27 73 20 61 73 20 69 |ndeed. It's as i|
00000e60 66 20 74 68 65 20 00 00 00 6c 00 00 05 74 00 00 |f the ...l...t..|
00000e70 00 0c 20 07 ac e0 f0 ff 8c 0f f1 ff f0 24 00 00 |.. ..........$..|
00000e80 61 75 74 68 6f 72 20 77 61 73 20 63 6f 6e 73 69 |author was consi|
00000e90 64 65 72 69 6e 67 20 61 20 22 6c 69 6d 69 74 65 |dering a "limite|
00000ea0 72 22 20 69 6e 20 74 68 65 20 63 6f 64 65 20 28 |r" in the code (|
00000eb0 77 68 65 6e 20 63 6f 75 6e 74 20 3d 20 30 2c 20 |when count = 0, |
00000ec0 64 6f 6e 27 74 20 69 6e 66 65 63 74 20 61 6e 79 |don't infect any|
00000ed0 6d 6f 72 65 29 20 62 75 74 20 00 00 00 74 00 00 |more) but ...t..|
00000ee0 25 48 00 00 42 44 a3 03 6c a8 f0 ff 4c d7 f0 ff |%H..BD..l...L...|
00000ef0 f0 24 00 00 64 65 63 69 64 65 64 20 6e 6f 74 20 |.$..decided not |
00000f00 74 6f 20 69 6e 63 6c 75 64 65 20 6f 6e 65 20 61 |to include one a|
00000f10 74 20 74 68 65 20 6c 61 73 74 20 6d 69 6e 75 74 |t the last minut|
00000f20 65 2e 0d 00 00 48 00 00 05 70 00 00 00 bc 06 07 |e....H...p......|
00000f30 4c 41 f0 ff 2c 70 f0 ff f0 24 00 02 4f 66 20 63 |LA..,p...$..Of c|
00000f40 6f 75 72 73 65 2c 20 69 74 20 63 6f 75 6c 64 20 |ourse, it could |
00000f50 6a 75 73 74 20 62 65 20 61 20 77 61 72 70 65 64 |just be a warped|
00000f60 20 6d 69 6e 64 20 98 20 6f 6e 6c 79 20 74 68 65 | mind . only the|
00000f70 20 61 75 74 68 6f 72 20 6b 6e 6f 77 73 20 74 68 | author knows th|
00000f80 65 20 6f 72 69 67 69 6e 61 6c 20 76 61 6c 75 65 |e original value|
00000f90 20 6f 66 20 00 70 00 00 05 70 00 00 00 3c fc 06 | of .p...p...<..|
00000fa0 0c 09 f0 ff ec 37 f0 ff f0 24 00 00 74 68 65 20 |.....7...$..the |
00000fb0 63 6f 75 6e 74 2c 20 73 6f 20 61 20 73 69 6d 70 |count, so a simp|
00000fc0 6c 65 20 73 75 62 74 72 61 63 74 69 6f 6e 20 77 |le subtraction w|
00000fd0 69 6c 6c 20 67 69 76 65 20 4f 4e 4c 59 20 48 49 |ill give ONLY HI|
00000fe0 4d 20 74 68 65 20 6e 75 6d 62 65 72 20 6f 66 20 |M the number of |
00000ff0 69 6e 66 65 63 74 69 6f 6e 73 2e 20 42 79 20 74 |infections. By t|
00001000 68 65 20 00 00 70 00 00 05 68 00 00 00 c0 63 06 |he ..p...h....c.|
00001010 cc d0 ef ff ac ff ef ff f0 24 00 00 77 61 79 2c |.........$..way,|
00001020 20 74 68 65 20 63 6f 70 79 20 6f 66 20 41 72 63 | the copy of Arc|
00001030 68 69 65 56 69 72 75 73 20 49 20 68 61 76 65 20 |hieVirus I have |
00001040 68 61 73 20 69 74 73 20 64 65 63 72 65 6d 65 6e |has its decremen|
00001050 74 20 63 6f 75 6e 74 20 61 74 20 31 20 69 6e 20 |t count at 1 in |
00001060 63 61 73 65 20 79 6f 75 27 72 65 20 00 68 00 00 |case you're .h..|
00001070 a5 80 00 00 42 58 01 07 8c 98 ef ff 6c c7 ef ff |....BX......l...|
00001080 f0 24 00 00 69 6e 74 65 72 65 73 74 65 64 2e 20 |.$..interested. |
00001090 56 4b 69 6c 6c 65 72 20 77 69 6c 6c 20 64 69 73 |VKiller will dis|
000010a0 70 6c 61 79 20 74 68 69 73 20 44 65 63 72 65 6d |play this Decrem|
000010b0 65 6e 74 20 43 6f 75 6e 74 20 77 68 65 6e 20 74 |ent Count when t|
000010c0 68 65 20 41 72 63 68 69 65 56 69 72 75 73 20 69 |he ArchieVirus i|
000010d0 73 20 64 65 74 65 63 74 65 64 2e 20 0d 07 bf 06 |s detected. ....|
000010e0 02 15 00 00 02 15 00 00 00 00 00 00 00 80 00 00 |................|
000010f0 a5 4c 00 00 42 b4 3d 05 fc 19 ef ff 4c 60 ef ff |.L..B.=.....L`..|
00001100 68 37 00 02 50 6f 73 73 69 62 6c 79 20 73 65 72 |h7..Possibly ser|
00001110 69 6f 75 73 20 70 72 6f 62 6c 65 6d 73 20 77 69 |ious problems wi|
00001120 74 68 20 41 72 63 68 69 65 56 69 72 75 73 0d 08 |th ArchieVirus..|
00001130 02 15 00 00 00 00 00 00 00 4c 00 00 05 74 00 00 |.........L...t..|
00001140 00 40 2b 07 2c ae ee ff 0c dd ee ff f0 24 00 02 |.@+.,........$..|
00001150 54 68 65 20 76 65 72 73 69 6f 6e 20 6f 66 20 41 |The version of A|
00001160 72 63 68 69 65 56 69 72 75 73 20 49 20 77 61 73 |rchieVirus I was|
00001170 20 67 69 76 65 6e 20 68 61 73 20 61 20 63 6f 6e | given has a con|
00001180 73 74 61 6e 74 20 26 41 37 31 38 20 61 74 20 6f |stant &A718 at o|
00001190 66 66 73 65 74 20 26 32 30 20 66 72 6f 6d 20 74 |ffset &20 from t|
000011a0 68 65 20 73 74 61 72 74 20 00 00 00 00 74 00 00 |he start ....t..|
000011b0 05 74 00 00 00 3c 11 07 ec 75 ee ff cc a4 ee ff |.t...<...u......|
000011c0 f0 24 00 00 6f 66 20 74 68 65 20 41 72 63 68 69 |.$..of the Archi|
000011d0 65 56 69 72 75 73 20 63 6f 64 65 2e 20 54 68 69 |eVirus code. Thi|
000011e0 73 20 63 6f 6e 73 74 61 6e 74 20 69 73 20 2a 73 |s constant is *s|
000011f0 75 70 70 6f 73 65 64 2a 20 74 6f 20 69 6e 64 69 |upposed* to indi|
00001200 63 61 74 65 20 74 68 65 20 73 74 61 72 74 20 61 |cate the start a|
00001210 64 64 72 65 73 73 20 6f 66 20 74 68 65 20 00 00 |ddress of the ..|
00001220 00 74 00 00 05 70 00 00 00 78 2c 07 ac 3d ee ff |.t...p...x,..=..|
00001230 8c 6c ee ff f0 24 00 00 41 72 63 68 69 65 56 69 |.l...$..ArchieVi|
00001240 72 75 73 20 63 6f 64 65 20 2b 20 31 32 2e 20 48 |rus code + 12. H|
00001250 6f 77 65 76 65 72 2c 20 74 68 69 73 20 63 6f 6e |owever, this con|
00001260 73 74 61 6e 74 20 4e 45 56 45 52 20 63 68 61 6e |stant NEVER chan|
00001270 67 65 73 20 61 6e 64 20 74 68 65 20 63 6f 64 65 |ges and the code|
00001280 20 69 6e 63 6f 72 72 65 63 74 6c 79 20 00 00 00 | incorrectly ...|
00001290 00 70 00 00 05 74 00 00 00 74 f4 06 6c 05 ee ff |.p...t...t..l...|
000012a0 4c 34 ee ff f0 24 00 00 75 73 65 73 20 69 74 20 |L4...$..uses it |
000012b0 66 6f 72 20 61 20 63 6f 70 79 20 72 65 66 65 72 |for a copy refer|
000012c0 65 6e 63 65 20 70 6f 69 6e 74 20 77 68 65 6e 20 |ence point when |
000012d0 64 75 70 6c 69 63 61 74 69 6e 67 20 69 74 73 65 |duplicating itse|
000012e0 6c 66 20 69 6e 74 6f 20 52 4d 41 2e 20 48 65 6e |lf into RMA. Hen|
000012f0 63 65 2c 20 61 6e 79 20 63 61 6c 6c 73 20 74 6f |ce, any calls to|
00001300 20 00 00 00 00 74 00 00 05 74 00 00 00 70 10 07 | ....t...t...p..|
00001310 2c cd ed ff 0c fc ed ff f0 24 00 00 4f 53 5f 46 |,........$..OS_F|
00001320 69 6c 65 20 6f 6e 63 65 20 74 68 69 73 20 66 61 |ile once this fa|
00001330 75 6c 74 79 20 41 72 63 68 69 65 56 69 72 75 73 |ulty ArchieVirus|
00001340 20 63 6f 64 65 20 69 73 20 69 6e 73 74 61 6c 6c | code is install|
00001350 65 64 20 77 69 6c 6c 20 63 61 75 73 65 20 61 6e |ed will cause an|
00001360 20 22 41 64 64 72 65 73 73 20 65 78 63 65 70 74 | "Address except|
00001370 69 6f 6e 22 20 00 00 00 00 74 00 00 05 6c 00 00 |ion" ....t...l..|
00001380 00 f0 cc 06 ec 94 ed ff cc c3 ed ff f0 24 00 00 |.............$..|
00001390 6f 72 20 22 55 6e 64 65 66 69 6e 65 64 20 69 6e |or "Undefined in|
000013a0 73 74 72 75 63 74 69 6f 6e 22 20 65 72 72 6f 72 |struction" error|
000013b0 20 64 65 70 65 6e 64 69 6e 67 20 6f 6e 20 77 68 | depending on wh|
000013c0 61 74 20 72 75 62 62 69 73 68 20 68 61 73 20 62 |at rubbish has b|
000013d0 65 65 6e 20 63 6f 70 69 65 64 20 69 6e 74 6f 20 |een copied into |
000013e0 74 68 65 20 00 6c 00 00 25 20 00 00 42 40 83 00 |the .l..% ..B@..|
000013f0 ac 5c ed ff 8c 8b ed ff f0 24 00 00 52 4d 41 2e |.\.......$..RMA.|
00001400 20 0d 00 00 00 20 00 00 05 74 00 00 00 b8 13 07 | .... ...t......|
00001410 8c f5 ec ff 6c 24 ed ff f0 24 00 02 49 72 6f 6e |....l$...$..Iron|
00001420 69 63 61 6c 6c 79 2c 20 49 20 68 61 76 65 20 70 |ically, I have p|
00001430 61 74 63 68 65 64 20 6f 6e 65 20 69 6e 73 74 72 |atched one instr|
00001440 75 63 74 69 6f 6e 20 69 6e 20 6d 79 20 6f 77 6e |uction in my own|
00001450 20 70 65 72 73 6f 6e 61 6c 20 63 6f 70 79 20 6f | personal copy o|
00001460 66 20 41 72 63 68 69 65 56 69 72 75 73 20 74 6f |f ArchieVirus to|
00001470 20 75 73 65 20 00 00 00 00 74 00 00 05 70 00 00 | use ....t...p..|
00001480 00 c8 df 06 4c bd ec ff 2c ec ec ff f0 24 00 00 |....L...,....$..|
00001490 61 20 72 65 6c 61 74 69 76 65 20 61 64 64 72 65 |a relative addre|
000014a0 73 73 20 61 6e 64 20 74 68 65 20 63 6f 64 65 20 |ss and the code |
000014b0 69 73 20 6e 6f 77 20 73 74 61 62 6c 65 20 61 6e |is now stable an|
000014c0 64 20 6e 6f 20 6c 6f 6e 67 65 72 20 63 72 61 73 |d no longer cras|
000014d0 68 65 73 20 49 20 68 61 76 65 20 64 6f 6e 65 20 |hes I have done |
000014e0 74 68 69 73 20 00 00 00 00 70 00 00 05 6c 00 00 |this ....p...l..|
000014f0 00 7c b3 06 0c 85 ec ff ec b3 ec ff f0 24 00 00 |.|...........$..|
00001500 62 65 63 61 75 73 65 20 49 20 73 75 73 70 65 63 |because I suspec|
00001510 74 20 74 68 65 20 6f 72 69 67 69 6e 61 6c 20 61 |t the original a|
00001520 75 74 68 6f 72 20 6f 66 20 41 72 63 68 69 65 56 |uthor of ArchieV|
00001530 69 72 75 73 20 6d 61 79 20 68 61 76 65 20 73 70 |irus may have sp|
00001540 6f 74 74 65 64 20 74 68 65 20 62 75 67 20 61 6e |otted the bug an|
00001550 64 20 00 00 00 6c 00 00 25 44 00 00 42 5c 52 03 |d ...l..%D..B\R.|
00001560 cc 4c ec ff ac 7b ec ff f0 24 00 00 70 61 74 63 |.L...{...$..patc|
00001570 68 65 64 20 74 68 65 20 63 6f 64 65 20 69 6e 20 |hed the code in |
00001580 61 20 73 69 6d 69 6c 61 72 20 77 61 79 20 74 6f |a similar way to|
00001590 20 6d 65 2e 20 0d 00 00 00 44 00 00 05 70 00 00 | me. ....D...p..|
000015a0 00 a0 9b 06 ac e5 eb ff 8c 14 ec ff f0 24 00 02 |.............$..|
000015b0 41 73 20 69 73 20 76 65 72 79 20 74 79 70 69 63 |As is very typic|
000015c0 61 6c 20 77 69 74 68 20 6d 61 6e 79 20 76 69 72 |al with many vir|
000015d0 75 73 65 73 2c 20 74 68 65 20 41 72 63 68 69 65 |uses, the Archie|
000015e0 56 69 72 75 73 20 63 6f 64 65 20 64 6f 65 73 20 |Virus code does |
000015f0 76 65 72 79 20 6c 69 74 74 6c 65 20 66 69 6c 65 |very little file|
00001600 20 65 72 72 6f 72 20 00 00 70 00 00 05 74 00 00 | error ..p...t..|
00001610 00 bc ee 06 6c ad eb ff 4c dc eb ff f0 24 00 00 |....l...L....$..|
00001620 63 68 65 63 6b 69 6e 67 20 61 6e 64 20 66 72 65 |checking and fre|
00001630 71 75 65 6e 74 6c 79 20 72 65 70 6f 72 74 73 20 |quently reports |
00001640 22 4e 6f 74 20 6f 70 65 6e 20 66 6f 72 20 75 70 |"Not open for up|
00001650 64 61 74 65 22 20 69 66 20 74 68 65 20 66 69 6c |date" if the fil|
00001660 65 20 69 73 20 6c 6f 63 6b 65 64 20 6f 72 20 74 |e is locked or t|
00001670 68 65 20 64 69 73 6b 20 69 73 20 00 00 74 00 00 |he disk is ..t..|
00001680 a5 58 00 00 42 f0 b7 03 2c 75 eb ff 0c a4 eb ff |.X..B...,u......|
00001690 f0 24 00 00 77 72 69 74 65 2d 70 72 6f 74 65 63 |.$..write-protec|
000016a0 74 65 64 20 77 68 69 6c 73 74 20 61 74 74 65 6d |ted whilst attem|
000016b0 70 74 69 6e 67 20 61 6e 20 69 6e 66 65 63 74 69 |pting an infecti|
000016c0 6f 6e 2e 20 0d 07 49 20 02 16 00 00 02 16 00 00 |on. ..I ........|
000016d0 00 00 00 00 00 58 00 00 a5 3c 00 00 42 a8 f7 02 |.....X...<..B...|
000016e0 9c f6 ea ff ec 3c eb ff 68 37 00 02 41 72 63 68 |.....<..h7..Arch|
000016f0 69 65 56 69 72 75 73 20 49 6e 6e 6f 63 75 6c 61 |ieVirus Innocula|
00001700 74 69 6f 6e 0d 08 00 00 02 16 00 00 00 00 00 00 |tion............|
00001710 00 3c 00 00 05 74 00 00 00 c4 37 07 cc 8a ea ff |.<...t....7.....|
00001720 ac b9 ea ff f0 24 00 02 54 68 65 20 34 20 63 68 |.....$..The 4 ch|
00001730 61 72 61 63 74 65 72 20 41 53 43 49 49 20 73 74 |aracter ASCII st|
00001740 72 69 6e 67 20 22 31 32 31 30 22 20 61 74 20 74 |ring "1210" at t|
00001750 68 65 20 65 6e 64 20 6f 66 20 74 68 65 20 65 78 |he end of the ex|
00001760 65 63 75 74 61 62 6c 65 20 69 73 20 63 68 65 63 |ecutable is chec|
00001770 6b 65 64 20 66 6f 72 20 65 78 69 73 74 65 6e 63 |ked for existenc|
00001780 65 20 00 00 00 74 00 00 25 5c 00 00 42 b0 f0 04 |e ...t..%\..B...|
00001790 8c 52 ea ff 6c 81 ea ff f0 24 00 00 62 79 20 41 |.R..l....$..by A|
000017a0 72 63 68 69 65 56 69 72 75 73 20 74 6f 20 64 65 |rchieVirus to de|
000017b0 63 69 64 65 20 69 66 20 69 74 20 68 61 73 20 69 |cide if it has i|
000017c0 6e 66 65 63 74 65 64 20 74 68 65 20 65 78 65 63 |nfected the exec|
000017d0 75 74 61 62 6c 65 20 79 65 74 2e 20 0d 00 00 00 |utable yet. ....|
000017e0 00 5c 00 00 25 60 00 00 42 d0 4b 05 6c eb e9 ff |.\..%`..B.K.l...|
000017f0 4c 1a ea ff f0 24 00 02 49 74 20 69 73 20 74 68 |L....$..It is th|
00001800 65 72 65 66 6f 72 65 20 65 61 73 79 20 74 6f 20 |erefore easy to |
00001810 69 6e 6e 6f 63 75 6c 61 74 65 20 61 67 61 69 6e |innoculate again|
00001820 73 74 20 41 72 63 68 69 65 56 69 72 75 73 20 69 |st ArchieVirus i|
00001830 6e 20 74 77 6f 20 73 74 65 70 73 3a 0d 00 00 00 |n two steps:....|
00001840 00 60 00 00 05 74 00 00 00 14 f7 06 4c 84 e9 ff |.`...t......L...|
00001850 2c b3 e9 ff f0 24 00 02 31 29 20 52 65 70 6c 61 |,....$..1) Repla|
00001860 63 65 20 74 68 65 20 66 69 72 73 74 20 69 6e 73 |ce the first ins|
00001870 74 72 75 63 74 69 6f 6e 20 6f 66 20 74 68 65 20 |truction of the |
00001880 6f 72 69 67 69 6e 61 6c 20 65 78 65 63 75 74 61 |original executa|
00001890 62 6c 65 20 77 69 74 68 20 74 68 65 20 63 6f 70 |ble with the cop|
000018a0 79 20 68 65 6c 64 20 69 6e 20 74 68 65 20 76 69 |y held in the vi|
000018b0 72 75 73 20 00 74 00 00 25 24 00 00 42 84 de 00 |rus .t..%$..B...|
000018c0 0c 4c e9 ff ec 7a e9 ff f0 24 00 00 63 6f 64 65 |.L...z...$..code|
000018d0 20 61 72 65 61 2e 0d 00 00 24 00 00 05 6c 00 00 | area....$...l..|
000018e0 00 9c 6f 06 ec e4 e8 ff cc 13 e9 ff f0 24 00 02 |..o..........$..|
000018f0 32 29 20 52 65 6d 6f 76 65 20 74 68 65 20 39 32 |2) Remove the 92|
00001900 30 20 62 79 74 65 73 20 6f 66 20 76 69 72 75 73 |0 bytes of virus|
00001910 20 63 6f 64 65 20 61 6e 64 20 72 65 70 6c 61 63 | code and replac|
00001920 65 20 69 74 20 77 69 74 68 20 74 68 65 20 38 20 |e it with the 8 |
00001930 63 68 61 72 61 63 74 65 72 20 73 74 72 69 6e 67 |character string|
00001940 20 00 00 00 00 6c 00 00 05 68 00 00 00 0c 72 06 | ....l...h....r.|
00001950 ac ac e8 ff 8c db e8 ff f0 24 00 00 22 48 79 70 |.........$.."Hyp|
00001960 6f 31 32 31 30 22 20 28 74 68 69 73 20 77 61 73 |o1210" (this was|
00001970 20 74 68 65 20 73 74 72 69 6e 67 20 6f 72 69 67 | the string orig|
00001980 69 6e 61 6c 6c 79 20 75 73 65 64 20 62 79 20 48 |inally used by H|
00001990 75 67 6f 20 46 69 65 6e 6e 65 73 27 20 22 48 79 |ugo Fiennes' "Hy|
000019a0 70 6f 74 68 65 72 6d 69 63 22 20 00 00 68 00 00 |pothermic" ..h..|
000019b0 25 54 00 00 42 24 8c 04 6c 74 e8 ff 4c a3 e8 ff |%T..B$..lt..L...|
000019c0 f0 24 00 00 69 6e 6e 6f 63 75 6c 61 74 6f 72 20 |.$..innoculator |
000019d0 73 6f 20 49 27 76 65 20 64 65 63 69 64 65 64 20 |so I've decided |
000019e0 74 6f 20 73 74 69 63 6b 20 77 69 74 68 20 68 69 |to stick with hi|
000019f0 73 20 63 6f 6e 76 65 6e 74 69 6f 6e 29 2e 20 0d |s convention). .|
00001a00 00 54 00 00 05 70 00 00 00 54 c0 06 4c 0d e8 ff |.T...p...T..L...|
00001a10 2c 3c e8 ff f0 24 00 02 48 65 6e 63 65 2c 20 74 |,<...$..Hence, t|
00001a20 68 65 20 65 78 65 63 75 74 61 62 6c 65 20 77 69 |he executable wi|
00001a30 6c 6c 20 73 68 72 69 6e 6b 20 62 61 63 6b 20 69 |ll shrink back i|
00001a40 6e 20 73 69 7a 65 20 74 6f 20 6f 6e 6c 79 20 38 |n size to only 8|
00001a50 20 62 79 74 65 73 20 6c 6f 6e 67 65 72 20 74 68 | bytes longer th|
00001a60 61 6e 20 69 74 73 20 6f 72 69 67 69 6e 61 6c 20 |an its original |
00001a70 00 70 00 00 a5 50 00 00 42 f0 69 03 0c d5 e7 ff |.p...P..B.i.....|
00001a80 ec 03 e8 ff f0 24 00 00 6c 65 6e 67 74 68 20 61 |.....$..length a|
00001a90 6e 64 20 77 69 6c 6c 20 68 61 76 65 20 62 65 65 |nd will have bee|
00001aa0 6e 20 69 6e 6e 6f 63 75 6c 61 74 65 64 20 74 6f |n innoculated to|
00001ab0 6f 2e 0d 07 01 11 00 00 01 11 00 00 00 00 00 00 |o...............|
00001ac0 00 50 00 00 01 10 00 00 00 00 00 00 00 00 00 00 |.P..............|
00001ad0 00 10 00 00 02 18 00 00 c8 01 00 00 00 00 00 00 |................|
00001ae0 01 11 00 00 00 00 00 00 00 18 00 00 a5 30 00 00 |.............0..|
00001af0 42 70 15 02 db a5 e4 ff 9b 03 e5 ff d0 47 00 02 |Bp...........G..|
00001b00 43 65 42 69 74 20 56 69 72 75 73 20 0d 08 db ff |CeBit Virus ....|
00001b10 01 11 00 00 00 00 00 00 00 30 00 00 05 74 00 00 |.........0...t..|
00001b20 00 78 0e 07 5b 35 e4 ff 3b 64 e4 ff f0 24 00 02 |.x..[5..;d...$..|
00001b30 54 68 69 73 20 69 73 20 76 65 72 79 20 64 65 74 |This is very det|
00001b40 61 69 6c 65 64 20 28 61 6c 74 68 6f 75 67 68 20 |ailed (although |
00001b50 73 74 6f 70 70 69 6e 67 20 73 68 6f 72 74 20 6f |stopping short o|
00001b60 66 20 61 20 64 69 73 61 73 73 65 6d 62 6c 79 20 |f a disassembly |
00001b70 6f 66 20 63 6f 75 72 73 65 29 20 64 65 73 63 72 |of course) descr|
00001b80 69 70 74 69 6f 6e 20 6f 66 20 00 00 00 74 00 00 |iption of ...t..|
00001b90 05 6c 00 00 00 20 58 06 1b fd e3 ff fb 2b e4 ff |.l... X......+..|
00001ba0 f0 24 00 00 74 68 65 20 43 65 42 69 74 20 76 69 |.$..the CeBit vi|
00001bb0 72 75 73 2e 20 49 74 20 69 73 20 73 74 72 6f 6e |rus. It is stron|
00001bc0 67 6c 79 20 72 65 63 6f 6d 6d 65 6e 64 65 64 20 |gly recommended |
00001bd0 72 65 61 64 69 6e 67 2c 20 69 66 20 6f 6e 6c 79 |reading, if only|
00001be0 20 74 6f 20 67 69 76 65 20 79 6f 75 20 61 20 62 | to give you a b|
00001bf0 65 74 74 65 72 20 00 00 00 6c 00 00 a5 50 00 00 |etter ...l...P..|
00001c00 42 dc 5c 03 db c4 e3 ff bb f3 e3 ff f0 24 00 00 |B.\..........$..|
00001c10 75 6e 64 65 72 73 74 61 6e 64 69 6e 67 20 6f 66 |understanding of|
00001c20 20 68 6f 77 20 74 68 65 20 76 69 72 75 73 20 6f | how the virus o|
00001c30 70 65 72 61 74 65 73 2e 20 0d 07 00 02 17 00 00 |perates. .......|
00001c40 02 17 00 00 00 00 00 00 00 50 00 00 a5 38 00 00 |.........P...8..|
00001c50 42 ba 9d 02 4b 46 e3 ff 9b 8c e3 ff 68 37 00 02 |B...KF......h7..|
00001c60 54 65 63 68 6e 69 63 61 6c 20 69 6e 66 6f 72 6d |Technical inform|
00001c70 61 74 69 6f 6e 0d 08 02 02 17 00 00 00 00 00 00 |ation...........|
00001c80 00 38 00 00 25 5c 00 00 42 04 24 05 7b da e2 ff |.8..%\..B.$.{...|
00001c90 5b 09 e3 ff f0 24 00 02 54 68 69 73 20 69 73 20 |[....$..This is |
00001ca0 61 20 6d 6f 64 75 6c 65 20 63 61 6c 6c 65 64 20 |a module called |
00001cb0 22 54 6c 6f 64 4d 6f 64 22 20 77 69 74 68 20 74 |"TlodMod" with t|
00001cc0 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 74 69 74 |he following tit|
00001cd0 6c 65 20 73 74 72 69 6e 67 3a 20 0d 00 5c 00 00 |le string: ..\..|
00001ce0 25 54 00 00 42 e0 50 05 5b 73 e2 ff 3b a2 e2 ff |%T..B.P.[s..;...|
00001cf0 f0 24 00 02 54 6c 6f 64 4d 6f 64 20 31 2e 31 31 |.$..TlodMod 1.11|
00001d00 20 28 31 31 20 4e 6f 76 20 31 39 39 30 29 20 62 | (11 Nov 1990) b|
00001d10 79 20 44 65 76 69 6c 20 74 68 65 20 4c 4f 52 44 |y Devil the LORD|
00001d20 20 4f 46 20 44 41 52 4b 4e 45 53 53 20 0d 00 00 | OF DARKNESS ...|
00001d30 00 54 00 00 05 74 00 00 00 88 19 07 3b 0c e2 ff |.T...t......;...|
00001d40 1b 3b e2 ff f0 24 00 02 49 27 6d 20 6e 6f 74 20 |.;...$..I'm not |
00001d50 73 75 72 65 20 68 6f 77 20 69 74 20 63 61 6d 65 |sure how it came|
00001d60 20 74 6f 20 62 65 20 63 61 6c 6c 65 64 20 74 68 | to be called th|
00001d70 65 20 22 43 65 42 69 74 20 56 69 72 75 73 22 2c |e "CeBit Virus",|
00001d80 20 62 75 74 20 74 68 61 74 20 77 61 73 20 74 68 | but that was th|
00001d90 65 20 72 65 66 65 72 65 6e 63 65 20 6e 61 6d 65 |e reference name|
00001da0 20 00 00 00 00 74 00 00 25 40 00 00 42 6c 09 03 | ....t..%@..Bl..|
00001db0 fb d3 e1 ff db 02 e2 ff f0 24 00 00 67 69 76 65 |.........$..give|
00001dc0 6e 20 74 6f 20 6d 65 20 62 79 20 41 6c 61 6e 20 |n to me by Alan |
00001dd0 47 6c 6f 76 65 72 20 6f 66 20 41 63 6f 72 6e 2e |Glover of Acorn.|
00001de0 20 0d 00 00 00 40 00 00 05 70 00 00 00 c8 a3 06 | ....@...p......|
00001df0 db 6c e1 ff bb 9b e1 ff f0 24 00 02 49 74 20 69 |.l.......$..It i|
00001e00 73 20 31 32 34 30 20 28 26 34 44 38 29 20 62 79 |s 1240 (&4D8) by|
00001e10 74 65 73 20 6c 6f 6e 67 20 61 6e 64 20 68 6f 6f |tes long and hoo|
00001e20 6b 73 20 69 74 73 65 6c 66 20 69 6e 74 6f 20 55 |ks itself into U|
00001e30 70 43 61 6c 6c 56 2e 20 49 74 20 74 68 65 6e 20 |pCallV. It then |
00001e40 61 63 74 69 76 61 74 65 73 20 6f 6e 63 65 20 61 |activates once a|
00001e50 20 00 00 00 00 70 00 00 05 74 00 00 00 44 09 07 | ....p...t...D..|
00001e60 9b 34 e1 ff 7b 63 e1 ff f0 24 00 00 6d 69 6e 75 |.4..{c...$..minu|
00001e70 74 65 20 61 6e 64 20 66 69 72 73 74 20 63 68 65 |te and first che|
00001e80 63 6b 73 20 66 6f 72 20 74 68 65 20 65 78 69 73 |cks for the exis|
00001e90 74 65 6e 63 65 20 6f 66 20 3c 4f 62 65 79 24 44 |tence of <Obey$D|
00001ea0 69 72 3e 2e 54 6c 6f 64 4d 6f 64 2e 20 49 66 20 |ir>.TlodMod. If |
00001eb0 74 68 69 73 20 61 6c 72 65 61 64 79 20 65 78 69 |this already exi|
00001ec0 73 74 73 2c 20 00 00 00 00 74 00 00 05 70 00 00 |sts, ....t...p..|
00001ed0 00 54 b7 06 5b fc e0 ff 3b 2b e1 ff f0 24 00 00 |.T..[...;+...$..|
00001ee0 74 68 65 6e 20 6e 6f 20 66 75 72 74 68 65 72 20 |then no further |
00001ef0 61 63 74 69 6f 6e 20 69 73 20 74 61 6b 65 6e 2e |action is taken.|
00001f00 20 49 66 20 69 74 20 64 6f 65 73 6e 27 74 2c 20 | If it doesn't, |
00001f10 68 6f 77 65 76 65 72 2c 20 69 74 20 74 68 65 6e |however, it then|
00001f20 20 61 74 74 65 6d 70 74 73 20 74 6f 20 61 70 70 | attempts to app|
00001f30 65 6e 64 20 74 68 65 20 00 70 00 00 25 40 00 00 |end the .p..%@..|
00001f40 42 c0 df 02 1b c4 e0 ff fb f2 e0 ff f0 24 00 00 |B............$..|
00001f50 66 6f 6c 6c 6f 77 69 6e 67 20 6c 69 6e 65 20 74 |following line t|
00001f60 6f 20 3c 4f 62 65 79 24 44 69 72 3e 2e 21 42 6f |o <Obey$Dir>.!Bo|
00001f70 6f 74 3a 20 0d 00 00 00 00 40 00 00 25 40 00 00 |ot: .....@..%@..|
00001f80 42 84 7e 03 fb 5c e0 ff db 8b e0 ff f0 24 00 02 |B.~..\.......$..|
00001f90 72 6d 65 2e 20 54 6c 6f 64 4d 6f 64 20 30 20 72 |rme. TlodMod 0 r|
00001fa0 6d 6c 2e 20 3c 4f 62 65 79 24 44 69 72 3e 2e 54 |ml. <Obey$Dir>.T|
00001fb0 6c 6f 64 4d 6f 64 20 0d 00 40 00 00 05 6c 00 00 |lodMod ..@...l..|
00001fc0 00 c4 4d 06 db f5 df ff bb 24 e0 ff f0 24 00 02 |..M......$...$..|
00001fd0 49 66 20 69 74 20 73 75 63 63 65 65 64 73 20 61 |If it succeeds a|
00001fe0 74 20 74 68 69 73 2c 20 61 20 63 6f 75 6e 74 65 |t this, a counte|
00001ff0 72 20 69 73 20 69 6e 63 72 65 6d 65 6e 74 65 64 |r is incremented|
00002000 20 61 6e 64 20 74 68 65 20 6d 6f 64 75 6c 65 20 | and the module |
00002010 69 73 20 72 65 70 6c 69 63 61 74 65 64 20 61 73 |is replicated as|
00002020 20 00 00 00 00 6c 00 00 05 70 00 00 00 ac d7 06 | ....l...p......|
00002030 9b bd df ff 7b ec df ff f0 24 00 00 3c 4f 62 65 |....{....$..<Obe|
00002040 79 24 44 69 72 3e 2e 54 6c 6f 64 4d 6f 64 2e 20 |y$Dir>.TlodMod. |
00002050 45 76 65 72 79 20 31 36 74 68 20 73 75 63 63 65 |Every 16th succe|
00002060 73 73 66 75 6c 20 69 6e 66 65 63 74 69 6f 6e 20 |ssful infection |
00002070 77 69 6c 6c 20 74 72 69 70 20 74 68 65 20 76 69 |will trip the vi|
00002080 72 75 73 20 69 6e 74 6f 20 69 73 73 75 69 6e 67 |rus into issuing|
00002090 20 61 20 00 00 70 00 00 45 70 00 00 00 44 dc 06 | a ..p..Ep...D..|
000020a0 5b 85 df ff 3b b4 df ff f0 24 00 00 22 2a 57 69 |[...;....$.."*Wi|
000020b0 70 65 20 24 2e 70 61 74 68 2e 66 69 6c 65 2a 22 |pe $.path.file*"|
000020c0 20 28 77 68 69 63 68 20 77 69 6c 6c 20 69 6e 65 | (which will ine|
000020d0 76 69 74 61 62 6c 79 20 66 61 69 6c 21 29 20 61 |vitably fail!) a|
000020e0 6e 64 20 74 68 65 6e 20 64 69 73 70 6c 61 79 69 |nd then displayi|
000020f0 6e 67 20 61 20 6d 65 73 73 61 67 65 20 61 63 63 |ng a message acc|
00002100 6f 6d 14 2d 00 70 00 00 a5 44 00 00 42 a0 48 02 |om.-.p...D..B.H.|
00002110 1b 4d df ff fb 7b df ff f0 24 00 00 70 61 6e 69 |.M...{...$..pani|
00002120 65 64 20 62 79 20 61 20 73 69 6d 70 6c 65 20 67 |ed by a simple g|
00002130 72 61 70 68 69 63 2e 20 0d 07 72 74 02 18 00 00 |raphic. ..rt....|
00002140 02 18 00 00 00 00 00 00 00 44 00 00 a5 40 00 00 |.........D...@..|
00002150 42 a6 4d 03 8b ce de ff db 14 df ff 68 37 00 02 |B.M.........h7..|
00002160 43 65 42 69 74 20 56 69 72 75 73 20 49 6e 66 65 |CeBit Virus Infe|
00002170 63 74 69 6f 6e 20 43 6f 75 6e 74 0d 08 76 65 72 |ction Count..ver|
00002180 02 18 00 00 00 00 00 00 00 40 00 00 05 78 00 00 |.........@...x..|
00002190 00 b0 2d 07 bb 62 de ff 9b 91 de ff f0 24 00 02 |..-..b.......$..|
000021a0 54 68 69 73 20 69 73 20 61 20 73 74 72 61 69 67 |This is a straig|
000021b0 68 74 20 69 6e 63 72 65 6d 65 6e 74 20 28 6d 79 |ht increment (my|
000021c0 20 63 6f 70 79 20 68 61 64 20 61 20 63 6f 75 6e | copy had a coun|
000021d0 74 20 6f 66 20 31 31 30 29 2c 20 62 75 74 20 65 |t of 110), but e|
000021e0 76 65 72 79 20 74 69 6d 65 20 69 74 20 68 69 74 |very time it hit|
000021f0 73 20 61 20 6d 75 6c 74 69 70 6c 65 20 00 00 00 |s a multiple ...|
00002200 00 78 00 00 05 78 00 00 00 1c 2b 07 7b 2a de ff |.x...x....+.{*..|
00002210 5b 59 de ff f0 24 00 00 6f 66 20 31 36 2c 20 74 |[Y...$..of 16, t|
00002220 68 65 20 76 69 72 75 73 20 64 6f 65 73 20 69 74 |he virus does it|
00002230 20 6e 61 73 74 79 20 77 6f 72 6b 20 28 73 65 65 | nasty work (see|
00002240 20 61 62 6f 76 65 29 2e 20 56 4b 69 6c 6c 65 72 | above). VKiller|
00002250 20 77 69 6c 6c 20 64 69 73 70 6c 61 79 20 74 68 | will display th|
00002260 65 20 49 6e 66 65 63 74 69 6f 6e 20 43 6f 75 6e |e Infection Coun|
00002270 74 20 69 66 20 69 74 20 00 78 00 00 05 74 00 00 |t if it .x...t..|
00002280 00 e8 25 07 3b f2 dd ff 1b 21 de ff f0 24 00 00 |..%.;....!...$..|
00002290 66 69 6e 64 73 20 74 68 65 20 6d 6f 64 75 6c 65 |finds the module|
000022a0 20 69 6e 20 52 4d 41 20 6f 72 20 6f 6e 20 64 69 | in RMA or on di|
000022b0 73 6b 20 98 20 74 68 65 20 74 65 78 74 20 6d 65 |sk . the text me|
000022c0 73 73 61 67 65 20 64 69 73 70 6c 61 79 65 64 20 |ssage displayed |
000022d0 62 79 20 74 68 65 20 76 69 72 75 73 20 69 74 73 |by the virus its|
000022e0 65 6c 66 20 61 6c 73 6f 20 00 00 00 00 74 00 00 |elf also ....t..|
000022f0 05 70 00 00 00 84 0e 07 fb b9 dd ff db e8 dd ff |.p..............|
00002300 f0 24 00 00 70 72 6f 63 6c 61 69 6d 73 20 74 68 |.$..proclaims th|
00002310 65 20 6e 75 6d 62 65 72 20 6f 66 20 69 6e 66 65 |e number of infe|
00002320 63 74 69 6f 6e 73 20 74 6f 6f 2e 20 48 65 72 65 |ctions too. Here|
00002330 20 69 73 20 74 68 65 20 74 65 78 74 20 6f 66 20 | is the text of |
00002340 74 68 65 20 6d 65 73 73 61 67 65 20 64 69 73 70 |the message disp|
00002350 6c 61 79 65 64 20 65 76 65 72 79 20 00 70 00 00 |layed every .p..|
00002360 a5 38 00 00 42 e8 31 01 bb 81 dd ff 9b b0 dd ff |.8..B.1.........|
00002370 f0 24 00 00 31 36 74 68 20 69 6e 66 65 63 74 69 |.$..16th infecti|
00002380 6f 6e 3a 20 0d 07 70 61 06 19 00 00 06 19 00 00 |on: ..pa........|
00002390 00 00 00 00 00 38 00 00 25 5c 00 00 42 40 e8 04 |.....8..%\..B@..|
000023a0 9b 1a dd ff 7b 49 dd ff 9c 1e 00 02 54 68 69 73 |....{I......This|
000023b0 20 69 73 20 61 20 77 61 72 6e 69 6e 67 20 74 6f | is a warning to|
000023c0 20 61 6c 6c 20 55 73 65 72 73 2c 20 49 20 61 6d | all Users, I am|
000023d0 20 62 61 63 6b 20 6f 6e 20 74 68 65 20 41 72 63 | back on the Arc|
000023e0 68 69 6d 65 64 65 73 20 2e 2e 2e 20 0d 00 00 00 |himedes ... ....|
000023f0 00 5c 00 00 25 5c 00 00 42 e1 fb 04 5b e2 dc ff |.\..%\..B...[...|
00002400 3b 11 dd ff 9c 1e 00 02 59 6f 75 72 20 41 72 63 |;.......Your Arc|
00002410 68 69 65 20 69 73 20 69 6e 66 65 63 74 65 64 20 |hie is infected |
00002420 6e 6f 77 20 61 6e 64 20 77 69 74 68 20 68 69 6d |now and with him|
00002430 20 6d 6f 73 74 20 6f 66 20 79 6f 75 72 20 70 72 | most of your pr|
00002440 6f 67 72 61 6d 6d 73 2e 20 0d 00 00 00 5c 00 00 |ogramms. ....\..|
00002450 25 5c 00 00 42 82 0f 05 1b aa dc ff fb d8 dc ff |%\..B...........|
00002460 9c 1e 00 02 44 6f 6e 27 74 20 77 6f 72 72 79 2c |....Don't worry,|
00002470 20 6e 6f 74 68 69 6e 67 20 69 73 20 64 61 6d 61 | nothing is dama|
00002480 67 65 64 2c 20 62 75 74 20 6b 65 65 70 20 69 6e |ged, but keep in|
00002490 20 6d 69 6e 64 20 74 68 65 20 70 72 6f 74 65 63 | mind the protec|
000024a0 74 69 6f 6e 21 20 0d 00 00 5c 00 00 25 5c 00 00 |tion! ...\..%\..|
000024b0 42 82 0f 05 db 71 dc ff bb a0 dc ff 9c 1e 00 02 |B....q..........|
000024c0 41 6e 64 20 61 6c 77 61 79 73 20 74 68 69 6e 6b |And always think|
000024d0 20 61 62 6f 75 74 20 74 68 65 20 6f 74 68 65 72 | about the other|
000024e0 20 73 69 64 65 20 6f 66 20 54 48 45 20 4c 4f 52 | side of THE LOR|
000024f0 44 20 4f 46 20 44 41 52 4b 4e 45 53 53 20 2e 2e |D OF DARKNESS ..|
00002500 2e 20 0d 00 00 5c 00 00 a5 44 00 00 42 3d 39 02 |. ...\...D..B=9.|
00002510 9b 39 dc ff 7b 68 dc ff 9c 1e 00 02 20 56 69 72 |.9..{h...... Vir|
00002520 75 73 20 67 65 6e 65 72 61 74 69 6f 6e 20 69 73 |us generation is|
00002530 20 3c 63 6f 75 6e 74 3e 20 08 00 00 06 19 00 00 | <count> .......|
00002540 00 00 00 00 0d 00 00 00 00 44 00 00 05 6c 00 00 |.........D...l..|
00002550 00 b0 8b 06 7b d2 db ff 5b 01 dc ff f0 24 00 02 |....{...[....$..|
00002560 3c 63 6f 75 6e 74 3e 20 77 69 6c 6c 20 62 65 20 |<count> will be |
00002570 74 68 65 20 76 61 6c 75 65 20 6f 66 20 74 68 65 |the value of the|
00002580 20 49 6e 66 65 63 74 69 6f 6e 20 43 6f 75 6e 74 | Infection Count|
00002590 2e 20 4e 6f 74 69 63 65 20 68 6f 77 20 22 70 72 |. Notice how "pr|
000025a0 6f 67 72 61 6d 6d 73 22 20 69 73 20 73 70 65 6c |ogramms" is spel|
000025b0 74 20 00 00 00 6c 00 00 a5 60 00 00 42 3c 32 04 |t ...l...`..B<2.|
000025c0 3b 9a db ff 1b c9 db ff f0 24 00 00 69 6e 63 6f |;........$..inco|
000025d0 72 72 65 63 74 6c 79 20 28 6e 65 69 74 68 65 72 |rrectly (neither|
000025e0 20 41 6d 65 72 69 63 61 6e 20 6e 6f 72 20 42 72 | American nor Br|
000025f0 69 74 69 73 68 20 73 70 65 6c 6c 69 6e 67 2e 2e |itish spelling..|
00002600 2e 29 2e 20 0d 07 00 00 02 1a 00 00 02 1a 00 00 |.). ............|
00002610 00 00 00 00 00 60 00 00 a5 3c 00 00 42 da ef 02 |.....`...<..B...|
00002620 ab 1b db ff fb 61 db ff 68 37 00 02 43 65 42 69 |.....a..h7..CeBi|
00002630 74 20 56 69 72 75 73 20 49 6e 6e 6f 63 75 6c 61 |t Virus Innocula|
00002640 74 69 6f 6e 0d 08 79 20 02 1a 00 00 00 00 00 00 |tion..y ........|
00002650 00 3c 00 00 05 64 00 00 00 88 c5 06 db af da ff |.<...d..........|
00002660 bb de da ff f0 24 00 02 53 61 64 6c 79 2c 20 74 |.....$..Sadly, t|
00002670 68 69 73 20 76 69 72 75 73 20 41 4c 57 41 59 53 |his virus ALWAYS|
00002680 20 61 70 70 65 6e 64 73 20 74 68 65 20 2a 52 4d | appends the *RM|
00002690 45 6e 73 75 72 65 20 63 6f 6d 6d 61 6e 64 20 74 |Ensure command t|
000026a0 6f 20 3c 4f 62 65 79 24 44 69 72 3e 2e 21 42 6f |o <Obey$Dir>.!Bo|
000026b0 6f 74 2c 20 00 64 00 00 05 68 00 00 00 04 53 06 |ot, .d...h....S.|
000026c0 9b 77 da ff 7b a6 da ff f0 24 00 00 72 65 67 61 |.w..{....$..rega|
000026d0 72 64 6c 65 73 73 20 61 73 20 74 6f 20 77 68 65 |rdless as to whe|
000026e0 74 68 65 72 20 69 74 20 68 61 73 20 64 6f 6e 65 |ther it has done|
000026f0 20 73 6f 20 61 6c 72 65 61 64 79 20 6f 72 20 6e | so already or n|
00002700 6f 74 2e 20 48 65 6e 63 65 2c 20 74 68 65 20 6f |ot. Hence, the o|
00002710 6e 6c 79 20 77 61 79 20 74 6f 20 00 00 68 00 00 |nly way to ..h..|
00002720 05 78 00 00 00 f0 f6 06 5b 3f da ff 3b 6e da ff |.x......[?..;n..|
00002730 f0 24 00 00 74 65 6d 70 6f 72 61 72 69 6c 79 20 |.$..temporarily |
00002740 69 6e 6e 6f 63 75 6c 61 74 65 20 69 73 20 74 6f |innoculate is to|
00002750 20 73 65 74 20 3c 4f 62 65 79 24 44 69 72 3e 20 | set <Obey$Dir> |
00002760 74 6f 20 6e 75 6c 6c 3a 24 20 69 6e 20 74 68 65 |to null:$ in the|
00002770 20 21 52 75 6e 20 66 69 6c 65 20 6f 66 20 56 4b | !Run file of VK|
00002780 69 6c 6c 65 72 2e 20 54 68 69 73 20 77 69 6c 6c |iller. This will|
00002790 20 00 00 00 00 78 00 00 01 10 00 00 42 44 d6 06 | ....x......BD..|
000027a0 00 00 00 00 00 10 00 00 02 14 00 00 5c 02 00 00 |............\...|
000027b0 00 00 00 00 00 00 00 00 00 14 00 00 25 70 00 00 |............%p..|
000027c0 42 44 d6 06 0a d5 d7 ff ea 03 d8 ff f0 24 00 00 |BD...........$..|
000027d0 6f 6e 6c 79 20 6c 61 73 74 20 61 73 20 6c 6f 6e |only last as lon|
000027e0 67 20 61 73 20 61 6e 6f 74 68 65 72 20 61 70 70 |g as another app|
000027f0 6c 69 63 61 74 69 6f 6e 20 69 73 6e 27 74 20 72 |lication isn't r|
00002800 75 6e 20 28 77 68 69 63 68 20 77 69 6c 6c 20 72 |un (which will r|
00002810 65 73 65 74 20 3c 4f 62 65 79 24 44 69 72 3e 20 |eset <Obey$Dir> |
00002820 61 67 61 69 6e 29 2e 0d 00 70 00 00 05 6c 00 00 |again)...p...l..|
00002830 00 d4 ca 06 ea 6d d7 ff ca 9c d7 ff f0 24 00 02 |.....m.......$..|
00002840 54 68 65 72 65 20 69 73 20 6f 6e 6c 79 20 6f 6e |There is only on|
00002850 65 20 28 70 72 65 74 74 79 20 75 6e 61 63 63 65 |e (pretty unacce|
00002860 70 74 61 62 6c 65 29 20 77 61 79 20 6f 66 20 70 |ptable) way of p|
00002870 65 72 6d 61 6e 65 6e 74 6c 79 20 69 6e 6e 6f 63 |ermanently innoc|
00002880 75 6c 61 74 69 6e 67 20 61 67 61 69 6e 73 74 20 |ulating against |
00002890 74 68 65 20 00 6c 00 00 05 70 00 00 00 54 f6 06 |the .l...p...T..|
000028a0 aa 35 d7 ff 8a 64 d7 ff f0 24 00 00 43 65 42 69 |.5...d...$..CeBi|
000028b0 74 20 56 69 72 75 73 20 98 20 61 20 64 75 6d 6d |t Virus . a dumm|
000028c0 79 20 22 54 6c 6f 64 4d 6f 64 22 20 66 69 6c 65 |y "TlodMod" file|
000028d0 20 63 6f 75 6c 64 20 62 65 20 63 72 65 61 74 65 | could be create|
000028e0 64 20 69 6e 20 65 76 65 72 79 20 61 70 70 6c 69 |d in every appli|
000028f0 63 61 74 69 6f 6e 20 64 69 72 65 63 74 6f 72 79 |cation directory|
00002900 2e 20 00 00 00 70 00 00 25 40 00 00 42 dc 20 03 |. ...p..%@..B. .|
00002910 6a fd d6 ff 4a 2c d7 ff f0 24 00 00 48 6f 77 65 |j...J,...$..Howe|
00002920 76 65 72 2c 20 74 68 69 73 20 68 61 73 20 74 77 |ver, this has tw|
00002930 6f 20 64 69 73 61 64 76 61 6e 74 61 67 65 73 3a |o disadvantages:|
00002940 20 0d 00 00 00 40 00 00 25 50 00 00 42 98 66 04 | ....@..%P..B.f.|
00002950 4a 96 d6 ff 2a c5 d6 ff f0 24 00 02 31 29 20 4c |J...*....$..1) L|
00002960 65 61 64 73 20 74 6f 20 6d 61 6e 79 20 65 78 74 |eads to many ext|
00002970 72 61 20 66 69 6c 65 73 20 62 65 69 6e 67 20 63 |ra files being c|
00002980 72 65 61 74 65 64 20 6f 6e 20 74 68 65 20 64 69 |reated on the di|
00002990 73 6b 2e 0d 00 50 00 00 05 6c 00 00 00 c0 f0 06 |sk...P...l......|
000029a0 2a 2f d6 ff 0a 5e d6 ff f0 24 00 02 32 29 20 43 |*/...^...$..2) C|
000029b0 6f 75 6c 64 20 63 61 75 73 65 20 63 6f 6e 66 75 |ould cause confu|
000029c0 73 69 6f 6e 20 61 6e 64 20 70 61 6e 69 63 20 62 |sion and panic b|
000029d0 65 74 77 65 65 6e 20 74 68 65 20 22 64 75 6d 6d |etween the "dumm|
000029e0 79 22 20 54 6c 6f 64 4d 6f 64 20 66 69 6c 65 20 |y" TlodMod file |
000029f0 61 6e 64 20 74 68 65 20 22 72 65 61 6c 22 20 00 |and the "real" .|
00002a00 00 6c 00 00 a5 3c 00 00 42 20 db 01 ea f6 d5 ff |.l...<..B ......|
00002a10 ca 25 d6 ff f0 24 00 00 54 6c 6f 64 4d 6f 64 20 |.%...$..TlodMod |
00002a20 76 69 72 75 73 20 6d 6f 64 75 6c 65 2e 0d 07 20 |virus module... |
00002a30 01 12 00 00 01 12 00 00 00 00 00 00 00 3c 00 00 |.............<..|
00002a40 a5 30 00 00 42 28 3f 02 ea 60 d5 ff aa be d5 ff |.0..B(?..`......|
00002a50 d0 47 00 02 45 78 74 65 6e 64 20 56 69 72 75 73 |.G..Extend Virus|
00002a60 0d 08 6e 20 01 12 00 00 00 00 00 00 00 30 00 00 |..n .........0..|
00002a70 05 74 00 00 00 78 0e 07 6a f0 d4 ff 4a 1f d5 ff |.t...x..j...J...|
00002a80 f0 24 00 02 54 68 69 73 20 69 73 20 76 65 72 79 |.$..This is very|
00002a90 20 64 65 74 61 69 6c 65 64 20 28 61 6c 74 68 6f | detailed (altho|
00002aa0 75 67 68 20 73 74 6f 70 70 69 6e 67 20 73 68 6f |ugh stopping sho|
00002ab0 72 74 20 6f 66 20 61 20 64 69 73 61 73 73 65 6d |rt of a disassem|
00002ac0 62 6c 79 20 6f 66 20 63 6f 75 72 73 65 29 20 64 |bly of course) d|
00002ad0 65 73 63 72 69 70 74 69 6f 6e 20 6f 66 20 00 00 |escription of ..|
00002ae0 00 74 00 00 05 6c 00 00 00 44 7f 06 2a b8 d4 ff |.t...l...D..*...|
00002af0 0a e7 d4 ff f0 24 00 00 74 68 65 20 45 78 74 65 |.....$..the Exte|
00002b00 6e 64 20 56 69 72 75 73 2e 20 49 74 20 69 73 20 |nd Virus. It is |
00002b10 73 74 72 6f 6e 67 6c 79 20 72 65 63 6f 6d 6d 65 |strongly recomme|
00002b20 6e 64 65 64 20 72 65 61 64 69 6e 67 2c 20 69 66 |nded reading, if|
00002b30 20 6f 6e 6c 79 20 74 6f 20 67 69 76 65 20 79 6f | only to give yo|
00002b40 75 20 61 20 62 65 74 74 65 72 20 00 00 6c 00 00 |u a better ..l..|
00002b50 a5 50 00 00 42 dc 5c 03 ea 7f d4 ff ca ae d4 ff |.P..B.\.........|
00002b60 f0 24 00 00 75 6e 64 65 72 73 74 61 6e 64 69 6e |.$..understandin|
00002b70 67 20 6f 66 20 68 6f 77 20 74 68 65 20 76 69 72 |g of how the vir|
00002b80 75 73 20 6f 70 65 72 61 74 65 73 2e 20 0d 07 61 |us operates. ..a|
00002b90 02 1b 00 00 02 1b 00 00 00 00 00 00 00 50 00 00 |.............P..|
00002ba0 a5 38 00 00 42 ba 9d 02 5a 01 d4 ff aa 47 d4 ff |.8..B...Z....G..|
00002bb0 68 37 00 02 54 65 63 68 6e 69 63 61 6c 20 69 6e |h7..Technical in|
00002bc0 66 6f 72 6d 61 74 69 6f 6e 0d 08 07 02 1b 00 00 |formation.......|
00002bd0 00 00 00 00 00 38 00 00 05 70 00 00 00 64 e3 06 |.....8...p...d..|
00002be0 8a 95 d3 ff 6a c4 d3 ff f0 24 00 02 49 74 27 73 |....j....$..It's|
00002bf0 20 61 20 6d 6f 64 75 6c 65 20 77 68 69 63 68 20 | a module which |
00002c00 63 61 6e 20 67 6f 20 75 6e 64 65 72 20 38 20 64 |can go under 8 d|
00002c10 69 66 66 65 72 65 6e 74 20 66 69 6c 65 6e 61 6d |ifferent filenam|
00002c20 65 73 20 28 74 68 65 20 6e 61 6d 65 20 69 73 20 |es (the name is |
00002c30 70 69 63 6b 65 64 20 61 74 20 72 61 6e 64 6f 6d |picked at random|
00002c40 20 00 00 00 00 70 00 00 25 3c 00 00 42 b0 c5 02 | ....p..%<..B...|
00002c50 4a 5d d3 ff 2a 8c d3 ff f0 24 00 00 75 73 69 6e |J]..*....$..usin|
00002c60 67 20 74 68 65 20 63 75 72 72 65 6e 74 20 74 69 |g the current ti|
00002c70 6d 65 20 61 73 20 61 20 73 65 65 64 29 3a 20 0d |me as a seed): .|
00002c80 00 3c 00 00 05 60 00 00 00 c4 86 06 2a f6 d2 ff |.<...`......*...|
00002c90 0a 25 d3 ff f0 24 00 02 4d 6f 6e 69 74 6f 72 52 |.%...$..MonitorR|
00002ca0 4d 2c 20 43 68 65 63 6b 4d 6f 64 2c 20 45 78 74 |M, CheckMod, Ext|
00002cb0 65 6e 64 52 4d 2c 20 4f 53 65 78 74 65 6e 64 2c |endRM, OSextend,|
00002cc0 20 43 6f 6c 6f 75 72 52 4d 2c 20 46 61 73 74 6d | ColourRM, Fastm|
00002cd0 6f 64 2c 20 43 6f 64 65 52 4d 20 6f 72 20 00 00 |od, CodeRM or ..|
00002ce0 00 60 00 00 25 20 00 00 42 24 cc 00 ea bd d2 ff |.`..% ..B$......|
00002cf0 ca ec d2 ff f0 24 00 00 4d 65 6d 52 4d 2e 20 0d |.....$..MemRM. .|
00002d00 00 20 00 00 25 54 00 00 42 24 83 04 ca 56 d2 ff |. ..%T..B$...V..|
00002d10 aa 85 d2 ff f0 24 00 02 48 6f 77 65 76 65 72 2c |.....$..However,|
00002d20 20 74 68 65 20 6d 6f 64 75 6c 65 20 69 74 73 65 | the module itse|
00002d30 6c 66 20 68 61 73 20 74 68 65 20 66 6f 6c 6c 6f |lf has the follo|
00002d40 77 69 6e 67 20 74 69 74 6c 65 20 73 74 72 69 6e |wing title strin|
00002d50 67 3a 20 0d 00 54 00 00 25 34 00 00 42 d4 26 02 |g: ..T..%4..B.&.|
00002d60 aa ef d1 ff 8a 1e d2 ff f0 24 00 02 45 78 74 65 |.........$..Exte|
00002d70 6e 64 20 31 2e 35 36 20 28 30 38 20 4a 75 6c 20 |nd 1.56 (08 Jul |
00002d80 31 39 38 39 29 20 0d 00 00 34 00 00 05 74 00 00 |1989) ...4...t..|
00002d90 00 84 1d 07 8a 88 d1 ff 6a b7 d1 ff f0 24 00 02 |........j....$..|
00002da0 61 6e 64 20 69 73 20 61 6c 77 61 79 73 20 6b 6e |and is always kn|
00002db0 6f 77 6e 20 61 73 20 22 45 78 74 65 6e 64 22 20 |own as "Extend" |
00002dc0 69 6e 20 74 68 65 20 6d 6f 64 75 6c 65 20 6c 69 |in the module li|
00002dd0 73 74 2e 20 46 6f 72 20 72 65 66 65 72 65 6e 63 |st. For referenc|
00002de0 65 20 70 75 72 70 6f 73 65 73 2c 20 49 20 73 68 |e purposes, I sh|
00002df0 61 6c 6c 20 72 65 66 65 72 20 00 00 00 74 00 00 |all refer ...t..|
00002e00 25 38 00 00 42 6c 2b 02 4a 50 d1 ff 2a 7f d1 ff |%8..Bl+.JP..*...|
00002e10 f0 24 00 00 74 6f 20 69 74 20 61 73 20 74 68 65 |.$..to it as the|
00002e20 20 22 45 78 74 65 6e 64 20 56 69 72 75 73 22 2e | "Extend Virus".|
00002e30 20 0d 00 00 00 38 00 00 05 70 00 00 00 44 09 07 | ....8...p...D..|
00002e40 2a e9 d0 ff 0a 18 d1 ff f0 24 00 02 54 68 65 20 |*........$..The |
00002e50 64 61 74 65 20 73 65 65 6d 73 20 74 6f 20 69 6d |date seems to im|
00002e60 70 6c 79 20 74 68 61 74 20 69 74 20 68 61 73 20 |ply that it has |
00002e70 62 65 65 6e 20 61 72 6f 75 6e 64 20 66 6f 72 20 |been around for |
00002e80 6e 65 61 72 6c 79 20 32 20 79 65 61 72 73 2c 20 |nearly 2 years, |
00002e90 77 68 69 63 68 20 69 73 20 61 20 77 6f 72 72 79 |which is a worry|
00002ea0 69 6e 67 20 00 70 00 00 05 74 00 00 00 90 35 07 |ing .p...t....5.|
00002eb0 ea b0 d0 ff ca df d0 ff f0 24 00 00 74 68 6f 75 |.........$..thou|
00002ec0 67 68 74 20 69 6e 64 65 65 64 2e 20 49 74 20 69 |ght indeed. It i|
00002ed0 73 20 39 34 30 20 28 26 33 41 43 29 20 62 79 74 |s 940 (&3AC) byt|
00002ee0 65 73 20 6c 6f 6e 67 20 61 6e 64 20 69 6e 69 74 |es long and init|
00002ef0 69 61 6c 69 73 65 73 20 69 74 73 65 6c 66 20 61 |ialises itself a|
00002f00 73 20 61 20 6e 61 6d 65 6c 65 73 73 20 57 69 6d |s a nameless Wim|
00002f10 70 20 74 61 73 6b 20 00 00 74 00 00 05 74 00 00 |p task ..t...t..|
00002f20 00 50 30 07 aa 78 d0 ff 8a a7 d0 ff f0 24 00 00 |.P0..x.......$..|
00002f30 77 68 69 63 68 20 74 68 65 6e 20 6c 6f 6f 6b 73 |which then looks|
00002f40 20 66 6f 72 20 57 69 6d 70 20 4d 65 73 73 61 67 | for Wimp Messag|
00002f50 65 20 35 20 28 64 6f 75 62 6c 65 2d 63 6c 69 63 |e 5 (double-clic|
00002f60 6b 29 2e 20 49 74 20 61 74 74 65 6d 70 74 73 20 |k). It attempts |
00002f70 74 6f 20 65 69 74 68 65 72 20 63 72 65 61 74 65 |to either create|
00002f80 20 61 6e 20 21 42 6f 6f 74 20 00 00 00 74 00 00 | an !Boot ...t..|
00002f90 25 78 00 00 42 38 1e 07 6a 40 d0 ff 4a 6f d0 ff |%x..B8..j@..Jo..|
00002fa0 f0 24 00 00 69 6e 20 74 68 65 20 61 70 70 6c 69 |.$..in the appli|
00002fb0 63 61 74 69 6f 6e 20 64 69 72 65 63 74 6f 72 79 |cation directory|
00002fc0 20 6f 72 20 61 70 70 65 6e 64 20 74 6f 20 61 6e | or append to an|
00002fd0 20 61 6c 72 65 61 64 79 20 65 78 69 73 74 69 6e | already existin|
00002fe0 67 20 6f 6e 65 20 77 69 74 68 20 74 68 65 20 66 |g one with the f|
00002ff0 6f 6c 6c 6f 77 69 6e 67 20 6c 69 6e 65 73 3a 20 |ollowing lines: |
00003000 0d 00 00 00 00 78 00 00 05 58 00 00 00 74 8f 05 |.....x...X...t..|
00003010 4a d9 cf ff 2a 08 d0 ff f0 24 00 02 49 63 6f 6e |J...*....$..Icon|
00003020 53 70 72 69 74 65 73 20 3c 4f 62 65 79 24 44 69 |Sprites <Obey$Di|
00003030 72 3e 2e 21 53 70 72 69 74 65 73 3c 26 30 44 3e |r>.!Sprites<&0D>|
00003040 20 52 4d 45 6e 73 75 72 65 20 45 78 74 65 6e 64 | RMEnsure Extend|
00003050 20 30 20 52 4d 52 75 6e 20 00 00 00 00 58 00 00 | 0 RMRun ....X..|
00003060 25 3c 00 00 42 9c 36 03 0a a1 cf ff ea cf cf ff |%<..B.6.........|
00003070 f0 24 00 00 3c 4f 62 65 79 24 44 69 72 3e 2e 4d |.$..<Obey$Dir>.M|
00003080 6f 64 4e 61 6d 65 3c 26 30 44 3e 20 7c 7c 3c 26 |odName<&0D> ||<&|
00003090 46 46 3e 20 0d 00 00 00 00 3c 00 00 05 74 00 00 |FF> .....<...t..|
000030a0 00 d4 24 07 ea 39 cf ff ca 68 cf ff f0 24 00 02 |..$..9...h...$..|
000030b0 54 68 65 20 22 49 63 6f 6e 53 70 72 69 74 65 73 |The "IconSprites|
000030c0 22 20 6c 69 6e 65 20 69 73 20 6f 6d 69 74 74 65 |" line is omitte|
000030d0 64 20 69 66 20 69 74 20 69 73 20 61 70 70 65 6e |d if it is appen|
000030e0 64 65 64 20 74 6f 20 61 6e 20 65 78 69 73 74 69 |ded to an existi|
000030f0 6e 67 20 21 42 6f 6f 74 2e 20 22 4d 6f 64 4e 61 |ng !Boot. "ModNa|
00003100 6d 65 22 20 69 73 20 6f 6e 65 20 00 00 74 00 00 |me" is one ..t..|
00003110 05 70 00 00 00 64 16 07 aa 01 cf ff 8a 30 cf ff |.p...d.......0..|
00003120 f0 24 00 00 6f 66 20 74 68 65 20 38 20 70 6f 73 |.$..of the 8 pos|
00003130 73 69 62 6c 65 20 66 69 6c 65 6e 61 6d 65 73 2e |sible filenames.|
00003140 20 54 68 65 20 45 78 74 65 6e 64 20 56 69 72 75 | The Extend Viru|
00003150 73 20 75 73 65 73 20 74 68 65 20 3c 26 46 46 3e |s uses the <&FF>|
00003160 20 28 69 2e 65 2e 20 64 65 63 69 6d 61 6c 20 32 | (i.e. decimal 2|
00003170 35 35 29 20 62 79 74 65 20 61 74 20 00 70 00 00 |55) byte at .p..|
00003180 05 74 00 00 00 a0 01 07 6a c9 ce ff 4a f8 ce ff |.t......j...J...|
00003190 f0 24 00 00 74 68 65 20 65 6e 64 20 61 73 20 61 |.$..the end as a|
000031a0 20 73 65 6c 66 2d 63 68 65 63 6b 20 74 6f 20 73 | self-check to s|
000031b0 65 65 20 69 66 20 68 61 73 20 69 6e 66 65 63 74 |ee if has infect|
000031c0 65 64 20 74 68 65 20 21 42 6f 6f 74 20 66 69 6c |ed the !Boot fil|
000031d0 65 20 61 6c 72 65 61 64 79 2e 20 4f 66 20 63 6f |e already. Of co|
000031e0 75 72 73 65 2c 20 69 74 20 63 6f 70 69 65 73 20 |urse, it copies |
000031f0 00 74 00 00 05 70 00 00 00 74 cd 06 2a 91 ce ff |.t...p...t..*...|
00003200 0a c0 ce ff f0 24 00 00 69 74 73 65 6c 66 20 74 |.....$..itself t|
00003210 6f 20 74 68 65 20 6e 65 77 20 6e 61 6d 65 20 69 |o the new name i|
00003220 6e 73 69 64 65 20 74 68 65 20 61 70 70 6c 69 63 |nside the applic|
00003230 61 74 69 6f 6e 20 64 69 72 65 63 74 6f 72 79 20 |ation directory |
00003240 61 73 20 79 6f 75 20 77 6f 75 6c 64 20 65 78 70 |as you would exp|
00003250 65 63 74 2e 20 4e 6f 74 65 20 74 68 65 20 00 00 |ect. Note the ..|
00003260 00 70 00 00 05 74 00 00 00 78 0e 07 ea 58 ce ff |.p...t...x...X..|
00003270 ca 87 ce ff f0 24 00 00 69 6e 63 6f 72 72 65 63 |.....$..incorrec|
00003280 74 20 75 73 65 20 6f 66 20 3c 26 30 44 3e 20 28 |t use of <&0D> (|
00003290 64 65 63 69 6d 61 6c 20 31 33 29 20 74 6f 20 74 |decimal 13) to t|
000032a0 65 72 6d 69 6e 61 74 65 20 74 68 65 20 6c 69 6e |erminate the lin|
000032b0 65 73 2c 20 72 61 74 68 65 72 20 74 68 61 6e 20 |es, rather than |
000032c0 74 68 65 20 6d 6f 72 65 20 63 6f 72 72 65 63 74 |the more correct|
000032d0 20 00 00 00 00 74 00 00 25 30 00 00 42 54 b9 01 | ....t..%0..BT..|
000032e0 aa 20 ce ff 8a 4f ce ff f0 24 00 00 3c 26 30 41 |. ...O...$..<&0A|
000032f0 3e 20 28 64 65 63 69 6d 61 6c 20 31 30 29 2e 20 |> (decimal 10). |
00003300 0d 00 00 00 00 30 00 00 05 70 00 00 00 6c 05 07 |.....0...p...l..|
00003310 8a b9 cd ff 6a e8 cd ff f0 24 00 02 41 20 53 68 |....j....$..A Sh|
00003320 69 66 74 2b 64 6f 75 62 6c 65 2d 63 6c 69 63 6b |ift+double-click|
00003330 20 64 6f 65 73 20 4e 4f 54 20 63 61 75 73 65 20 | does NOT cause |
00003340 61 6e 20 69 6e 66 65 63 74 69 6f 6e 2c 20 62 75 |an infection, bu|
00003350 74 20 69 74 20 44 4f 45 53 20 63 6c 61 69 6d 20 |t it DOES claim |
00003360 79 65 74 20 61 6e 6f 74 68 65 72 20 31 4b 20 6f |yet another 1K o|
00003370 66 20 00 00 00 70 00 00 25 34 00 00 42 54 43 02 |f ...p..%4..BTC.|
00003380 4a 81 cd ff 2a b0 cd ff f0 24 00 00 6e 65 76 65 |J...*....$..neve|
00003390 72 2d 74 6f 2d 62 65 2d 72 65 6c 65 61 73 65 64 |r-to-be-released|
000033a0 20 52 4d 41 2e 20 0d 00 00 34 00 00 01 10 00 00 | RMA. ...4......|
000033b0 00 a0 da 06 00 00 00 00 00 10 00 00 02 14 00 00 |................|
000033c0 f0 02 00 00 00 00 00 00 00 00 00 00 00 14 00 00 |................|
000033d0 05 70 00 00 00 a0 da 06 59 d5 ca ff 39 04 cb ff |.p......Y...9...|
000033e0 f0 24 00 02 49 20 68 61 76 65 20 67 6f 6e 65 20 |.$..I have gone |
000033f0 74 68 72 6f 75 67 68 20 74 68 65 20 65 6e 74 69 |through the enti|
00003400 72 65 20 63 6f 64 65 20 61 6e 64 20 74 68 65 20 |re code and the |
00003410 6f 6e 6c 79 20 64 65 73 74 72 75 63 74 69 76 65 |only destructive|
00003420 20 74 68 69 6e 67 20 69 74 20 64 6f 65 73 2c 20 | thing it does, |
00003430 61 70 61 72 74 20 66 72 6f 6d 20 00 00 70 00 00 |apart from ..p..|
00003440 05 70 00 00 00 d4 b5 06 19 9d ca ff f9 cb ca ff |.p..............|
00003450 f0 24 00 00 77 61 73 74 69 6e 67 20 64 69 73 6b |.$..wasting disk|
00003460 20 73 70 61 63 65 20 77 69 74 68 20 63 6f 70 69 | space with copi|
00003470 65 73 20 6f 66 20 69 74 73 65 6c 66 2c 20 69 73 |es of itself, is|
00003480 20 74 6f 20 63 6c 61 69 6d 20 74 68 65 20 31 4b | to claim the 1K|
00003490 20 6f 66 20 52 4d 41 20 66 6f 72 20 65 76 65 72 | of RMA for ever|
000034a0 79 20 64 6f 75 62 6c 65 2d 00 00 00 00 70 00 00 |y double-....p..|
000034b0 a5 64 00 00 42 dc 97 04 d9 64 ca ff b9 93 ca ff |.d..B....d......|
000034c0 f0 24 00 00 63 6c 69 63 6b 65 64 20 66 69 6c 65 |.$..clicked file|
000034d0 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 28 65 | or directory (e|
000034e0 76 65 6e 74 75 61 6c 6c 79 20 63 72 61 73 68 69 |ventually crashi|
000034f0 6e 67 20 74 68 65 20 73 79 73 74 65 6d 29 2e 20 |ng the system). |
00003500 0d 07 29 20 02 1c 00 00 02 1c 00 00 00 00 00 00 |..) ............|
00003510 00 64 00 00 a5 40 00 00 42 94 a7 03 49 e6 c9 ff |.d...@..B...I...|
00003520 99 2c ca ff 68 37 00 02 45 78 74 65 6e 64 20 56 |.,..h7..Extend V|
00003530 69 72 75 73 20 45 78 65 63 75 74 69 6f 6e 20 43 |irus Execution C|
00003540 6f 75 6e 74 0d 08 66 20 02 1c 00 00 00 00 00 00 |ount..f ........|
00003550 00 40 00 00 05 68 00 00 00 08 d0 06 79 7a c9 ff |.@...h......yz..|
00003560 59 a9 c9 ff f0 24 00 02 54 68 65 72 65 20 77 61 |Y....$..There wa|
00003570 73 20 6f 6e 65 20 62 69 74 20 6f 66 20 74 68 65 |s one bit of the|
00003580 20 45 78 74 65 6e 64 20 56 69 72 75 73 20 6d 6f | Extend Virus mo|
00003590 64 75 6c 65 20 63 6f 64 65 20 74 68 61 74 20 70 |dule code that p|
000035a0 65 72 70 6c 65 78 65 64 20 6d 65 20 98 20 77 68 |erplexed me . wh|
000035b0 79 20 77 6f 75 6c 64 20 00 68 00 00 05 6c 00 00 |y would .h...l..|
000035c0 00 e8 c2 06 39 42 c9 ff 19 71 c9 ff f0 24 00 00 |....9B...q...$..|
000035d0 73 6f 6d 65 6f 6e 65 20 69 6e 63 72 65 6d 65 6e |someone incremen|
000035e0 74 20 61 20 6d 65 6d 6f 72 79 20 6c 6f 63 61 74 |t a memory locat|
000035f0 69 6f 6e 20 77 69 74 68 69 6e 20 74 68 65 20 6d |ion within the m|
00003600 6f 64 75 6c 65 20 61 6e 64 20 6e 65 76 65 72 20 |odule and never |
00003610 75 73 65 20 69 74 3f 20 41 74 20 66 69 72 73 74 |use it? At first|
00003620 20 49 20 00 00 6c 00 00 05 70 00 00 00 fc 32 07 | I ..l...p....2.|
00003630 f9 09 c9 ff d9 38 c9 ff f0 24 00 00 73 6b 69 70 |.....8...$..skip|
00003640 70 65 64 20 74 68 69 73 20 63 6f 64 65 2c 20 62 |ped this code, b|
00003650 75 74 2c 20 72 65 6d 65 6d 62 65 72 69 6e 67 20 |ut, remembering |
00003660 73 6f 6d 65 20 76 69 72 75 73 65 73 20 6f 6e 20 |some viruses on |
00003670 74 68 65 20 41 6d 69 67 61 2c 20 49 20 73 75 64 |the Amiga, I sud|
00003680 64 65 6e 6c 79 20 72 65 61 6c 69 73 65 64 20 74 |denly realised t|
00003690 68 61 74 20 00 70 00 00 05 70 00 00 00 94 01 07 |hat .p...p......|
000036a0 b9 d1 c8 ff 99 00 c9 ff f0 24 00 00 74 68 65 20 |.........$..the |
000036b0 69 6e 63 72 65 6d 65 6e 74 65 64 20 76 61 6c 75 |incremented valu|
000036c0 65 20 77 6f 75 6c 64 20 62 65 20 63 6f 70 69 65 |e would be copie|
000036d0 64 20 77 68 65 6e 65 76 65 72 20 74 68 65 20 6d |d whenever the m|
000036e0 6f 64 75 6c 65 20 64 75 70 6c 69 63 61 74 65 64 |odule duplicated|
000036f0 20 69 74 73 65 6c 66 20 64 75 72 69 6e 67 20 61 | itself during a|
00003700 20 00 00 00 00 70 00 00 25 28 00 00 42 a0 1f 01 | ....p..%(..B...|
00003710 79 99 c8 ff 59 c8 c8 ff f0 24 00 00 6e 65 77 20 |y...Y....$..new |
00003720 69 6e 66 65 63 74 69 6f 6e 2e 0d 00 00 28 00 00 |infection....(..|
00003730 05 6c 00 00 00 8c df 06 59 32 c8 ff 39 61 c8 ff |.l......Y2..9a..|
00003740 f0 24 00 02 4e 6f 77 20 69 66 20 74 68 65 20 6f |.$..Now if the o|
00003750 72 69 67 69 6e 61 6c 20 61 75 74 68 6f 72 20 77 |riginal author w|
00003760 61 73 20 73 6d 61 72 74 2c 20 68 65 20 77 6f 75 |as smart, he wou|
00003770 6c 64 20 68 61 76 65 20 69 6e 63 72 65 6d 65 6e |ld have incremen|
00003780 74 65 64 20 74 68 65 20 63 6f 75 6e 74 65 72 20 |ted the counter |
00003790 49 46 20 41 4e 44 20 00 00 6c 00 00 05 68 00 00 |IF AND ..l...h..|
000037a0 00 34 8c 06 19 fa c7 ff f9 28 c8 ff f0 24 00 00 |.4.......(...$..|
000037b0 4f 4e 4c 59 20 49 46 20 74 68 65 72 65 20 77 61 |ONLY IF there wa|
000037c0 73 20 61 20 63 6f 6d 70 6c 65 74 65 6c 79 20 73 |s a completely s|
000037d0 75 63 63 65 73 73 66 75 6c 20 6e 65 77 20 69 6e |uccessful new in|
000037e0 66 65 63 74 69 6f 6e 20 28 69 6e 20 66 61 63 74 |fection (in fact|
000037f0 2c 20 68 65 20 77 6f 75 6c 64 20 68 61 76 65 20 |, he would have |
00003800 00 68 00 00 05 70 00 00 00 54 99 06 d9 c1 c7 ff |.h...p...T......|
00003810 b9 f0 c7 ff f0 24 00 00 69 6e 63 72 65 6d 65 6e |.....$..incremen|
00003820 74 65 64 20 69 74 20 70 72 69 6f 72 20 74 6f 20 |ted it prior to |
00003830 74 68 65 20 6e 65 77 20 69 6e 66 65 63 74 69 6f |the new infectio|
00003840 6e 20 61 6e 64 20 64 65 63 72 65 6d 65 6e 74 65 |n and decremente|
00003850 64 20 69 74 20 69 66 20 74 68 65 20 69 6e 66 65 |d it if the infe|
00003860 63 74 69 6f 6e 20 66 61 69 6c 65 64 29 2e 20 00 |ction failed). .|
00003870 00 70 00 00 05 70 00 00 00 88 ec 06 99 89 c7 ff |.p...p..........|
00003880 79 b8 c7 ff f0 24 00 00 48 6f 77 65 76 65 72 2c |y....$..However,|
00003890 20 74 68 65 20 45 78 74 65 6e 64 20 56 69 72 75 | the Extend Viru|
000038a0 73 20 6d 6f 64 75 6c 65 20 61 63 74 75 61 6c 6c |s module actuall|
000038b0 79 20 69 6e 63 72 65 6d 65 6e 74 73 20 74 68 65 |y increments the|
000038c0 20 63 6f 75 6e 74 65 72 20 77 68 65 6e 65 76 65 | counter wheneve|
000038d0 72 20 69 74 20 69 73 20 66 69 72 73 74 20 00 00 |r it is first ..|
000038e0 00 70 00 00 05 70 00 00 00 a4 f4 06 59 51 c7 ff |.p...p......YQ..|
000038f0 39 80 c7 ff f0 24 00 00 73 74 61 72 74 65 64 20 |9....$..started |
00003900 28 75 73 75 61 6c 6c 79 20 76 69 61 20 74 68 65 |(usually via the|
00003910 20 2a 52 4d 45 6e 73 75 72 65 20 61 70 70 65 6e | *RMEnsure appen|
00003920 64 65 64 20 74 6f 20 74 68 65 20 21 42 6f 6f 74 |ded to the !Boot|
00003930 29 2e 2e 2e 74 68 75 73 20 74 68 65 20 63 6f 75 |)...thus the cou|
00003940 6e 74 65 72 20 64 6f 65 73 20 6e 6f 74 20 00 00 |nter does not ..|
00003950 00 70 00 00 05 74 00 00 00 74 d6 06 19 19 c7 ff |.p...t...t......|
00003960 f9 47 c7 ff f0 24 00 00 63 6f 72 72 65 6c 61 74 |.G...$..correlat|
00003970 65 20 74 6f 20 74 68 65 20 6e 75 6d 62 65 72 20 |e to the number |
00003980 6f 66 20 69 6e 66 65 63 74 69 6f 6e 73 20 73 6f |of infections so|
00003990 20 66 61 72 2e 20 42 65 63 61 75 73 65 20 6f 66 | far. Because of|
000039a0 20 74 68 69 73 2c 20 49 27 76 65 20 64 65 63 69 | this, I've deci|
000039b0 64 65 64 20 74 6f 20 63 61 6c 6c 20 69 74 20 74 |ded to call it t|
000039c0 68 65 20 00 00 74 00 00 a5 48 00 00 42 3c a3 02 |he ..t...H..B<..|
000039d0 d9 e0 c6 ff b9 0f c7 ff f0 24 00 00 22 45 78 65 |.........$.."Exe|
000039e0 63 75 74 69 6f 6e 20 43 6f 75 6e 74 22 20 66 72 |cution Count" fr|
000039f0 6f 6d 20 6e 6f 77 20 6f 6e 2e 20 0d 07 69 72 73 |om now on. ..irs|
00003a00 02 1d 00 00 02 1d 00 00 00 00 00 00 00 48 00 00 |.............H..|
00003a10 a5 50 00 00 42 8e 78 05 49 62 c6 ff 99 a8 c6 ff |.P..B.x.Ib......|
00003a20 68 37 00 02 45 78 74 65 6e 64 20 56 69 72 75 73 |h7..Extend Virus|
00003a30 20 64 65 6c 69 62 65 72 61 74 65 6c 79 20 66 61 | deliberately fa|
00003a40 75 6c 74 79 20 76 69 72 75 73 20 63 6f 64 69 6e |ulty virus codin|
00003a50 67 3f 0d 08 02 1d 00 00 00 00 00 00 00 50 00 00 |g?...........P..|
00003a60 05 70 00 00 00 80 b8 06 79 f6 c5 ff 59 25 c6 ff |.p......y...Y%..|
00003a70 f0 24 00 02 57 68 65 6e 20 74 68 65 20 45 78 74 |.$..When the Ext|
00003a80 65 6e 64 20 56 69 72 75 73 20 69 6e 69 74 69 61 |end Virus initia|
00003a90 6c 69 73 65 73 20 69 74 73 65 6c 66 20 61 73 20 |lises itself as |
00003aa0 61 20 6e 61 6d 65 6c 65 73 73 20 74 61 73 6b 2c |a nameless task,|
00003ab0 20 69 74 20 64 6f 65 73 20 6e 6f 74 20 73 61 76 | it does not sav|
00003ac0 65 20 69 74 73 20 74 61 73 6b 20 00 00 70 00 00 |e its task ..p..|
00003ad0 05 68 00 00 00 60 d2 06 39 be c5 ff 19 ed c5 ff |.h...`..9.......|
00003ae0 f0 24 00 00 68 61 6e 64 6c 65 2e 20 48 65 6e 63 |.$..handle. Henc|
00003af0 65 2c 20 77 68 65 6e 20 69 74 20 63 6f 6d 65 73 |e, when it comes|
00003b00 20 74 6f 20 65 78 65 63 75 74 65 20 57 69 6d 70 | to execute Wimp|
00003b10 5f 43 6c 6f 73 65 44 6f 77 6e 20 28 6f 6e 6c 79 |_CloseDown (only|
00003b20 20 76 69 61 20 61 20 2a 52 4d 4b 69 6c 6c 20 98 | via a *RMKill .|
00003b30 20 69 74 20 00 68 00 00 05 6c 00 00 00 d0 d7 06 | it .h...l......|
00003b40 f9 85 c5 ff d9 b4 c5 ff f0 24 00 00 63 61 6e 6e |.........$..cann|
00003b50 6f 74 20 62 65 20 6b 69 6c 6c 65 64 20 62 79 20 |ot be killed by |
00003b60 74 68 65 20 54 61 73 6b 20 4d 61 6e 61 67 65 72 |the Task Manager|
00003b70 29 20 69 74 20 64 6f 65 73 20 4e 4f 54 20 73 75 |) it does NOT su|
00003b80 70 70 6c 79 20 61 20 76 61 6c 69 64 20 74 61 73 |pply a valid tas|
00003b90 6b 20 68 61 6e 64 6c 65 2e 20 54 68 75 73 2c 20 |k handle. Thus, |
00003ba0 00 6c 00 00 05 70 00 00 00 c4 e0 06 b9 4d c5 ff |.l...p.......M..|
00003bb0 99 7c c5 ff f0 24 00 00 6f 70 65 6e 69 6e 67 20 |.|...$..opening |
00003bc0 75 70 20 74 68 65 20 54 61 73 6b 20 4d 61 6e 61 |up the Task Mana|
00003bd0 67 65 72 20 61 66 74 65 72 77 61 72 64 73 20 63 |ger afterwards c|
00003be0 61 75 73 65 73 20 69 74 20 74 6f 20 66 61 74 61 |auses it to fata|
00003bf0 6c 6c 79 20 63 72 61 73 68 2e 2e 2e 77 68 69 63 |lly crash...whic|
00003c00 68 20 69 73 6e 27 74 20 6e 69 63 65 2e 20 49 20 |h isn't nice. I |
00003c10 00 70 00 00 05 6c 00 00 00 a0 9e 06 79 15 c5 ff |.p...l......y...|
00003c20 59 44 c5 ff f0 24 00 00 68 61 76 65 20 6d 61 6e |YD...$..have man|
00003c30 61 67 65 64 20 74 6f 20 73 6f 6c 76 65 20 74 68 |aged to solve th|
00003c40 69 73 20 70 72 6f 62 6c 65 6d 20 35 30 25 20 6f |is problem 50% o|
00003c50 66 20 74 68 65 20 74 69 6d 65 2c 20 62 75 74 20 |f the time, but |
00003c60 74 68 65 20 6f 74 68 65 72 20 68 61 6c 66 20 69 |the other half i|
00003c70 73 20 64 6f 77 6e 20 74 6f 20 00 00 00 6c 00 00 |s down to ...l..|
00003c80 05 70 00 00 00 18 1a 07 39 dd c4 ff 19 0c c5 ff |.p......9.......|
00003c90 f0 24 00 00 41 63 6f 72 6e 27 73 20 6f 6d 69 73 |.$..Acorn's omis|
00003ca0 73 69 6f 6e 20 6f 66 20 61 20 77 61 79 20 6f 66 |sion of a way of|
00003cb0 20 67 65 74 74 69 6e 67 20 61 20 74 61 73 6b 20 | getting a task |
00003cc0 68 61 6e 64 6c 65 20 77 68 65 6e 20 73 75 70 70 |handle when supp|
00003cd0 6c 69 65 64 20 77 69 74 68 20 61 20 74 61 73 6b |lied with a task|
00003ce0 20 6e 61 6d 65 20 28 6e 75 6c 6c 20 00 70 00 00 | name (null .p..|
00003cf0 25 30 00 00 42 d0 94 01 f9 a4 c4 ff d9 d3 c4 ff |%0..B...........|
00003d00 f0 24 00 00 73 74 72 69 6e 67 20 69 6e 20 74 68 |.$..string in th|
00003d10 69 73 20 63 61 73 65 29 2e 20 0d 00 00 30 00 00 |is case). ...0..|
00003d20 05 78 00 00 00 a4 2d 07 d9 3d c4 ff b9 6c c4 ff |.x....-..=...l..|
00003d30 f0 24 00 02 54 68 65 20 75 70 73 68 6f 74 20 6f |.$..The upshot o|
00003d40 66 20 74 68 69 73 20 61 6c 6c 20 69 73 20 74 68 |f this all is th|
00003d50 61 74 20 69 66 20 56 4b 69 6c 6c 65 72 20 69 73 |at if VKiller is|
00003d60 20 72 75 6e 20 42 45 46 4f 52 45 20 74 68 65 20 | run BEFORE the |
00003d70 45 78 74 65 6e 64 20 56 69 72 75 73 20 69 73 2c |Extend Virus is,|
00003d80 20 74 68 65 6e 20 56 4b 69 6c 6c 65 72 20 77 69 | then VKiller wi|
00003d90 6c 6c 20 00 00 78 00 00 05 70 00 00 00 7c da 06 |ll ..x...p...|..|
00003da0 99 05 c4 ff 79 34 c4 ff f0 24 00 00 70 61 74 63 |....y4...$..patc|
00003db0 68 20 74 68 65 20 61 63 74 69 76 65 20 76 69 72 |h the active vir|
00003dc0 75 73 20 69 6e 20 52 4d 41 20 73 6f 20 74 68 61 |us in RMA so tha|
00003dd0 74 20 69 74 20 73 68 75 74 73 20 64 6f 77 6e 20 |t it shuts down |
00003de0 77 69 74 68 20 61 20 70 72 6f 70 65 72 20 74 61 |with a proper ta|
00003df0 73 6b 20 68 61 6e 64 6c 65 20 61 6e 64 20 74 68 |sk handle and th|
00003e00 65 20 00 00 00 70 00 00 05 6c 00 00 00 30 d5 06 |e ...p...l...0..|
00003e10 59 cd c3 ff 39 fc c3 ff f0 24 00 00 54 61 73 6b |Y...9....$..Task|
00003e20 20 4d 61 6e 61 67 65 72 20 63 61 6e 20 73 74 69 | Manager can sti|
00003e30 6c 6c 20 62 65 20 73 61 66 65 6c 79 20 75 73 65 |ll be safely use|
00003e40 64 2e 20 48 6f 77 65 76 65 72 2c 20 73 68 6f 75 |d. However, shou|
00003e50 6c 64 20 74 68 65 20 45 78 74 65 6e 64 20 56 69 |ld the Extend Vi|
00003e60 72 75 73 20 61 6c 72 65 61 64 79 20 62 65 20 00 |rus already be .|
00003e70 00 6c 00 00 05 74 00 00 00 c4 fe 06 19 95 c3 ff |.l...t..........|
00003e80 f9 c3 c3 ff f0 24 00 00 70 72 65 73 65 6e 74 20 |.....$..present |
00003e90 77 68 65 6e 20 56 4b 69 6c 6c 65 72 20 69 73 20 |when VKiller is |
00003ea0 72 75 6e 2c 20 74 68 65 6e 20 74 68 65 20 54 61 |run, then the Ta|
00003eb0 73 6b 20 4d 61 6e 61 67 65 72 20 77 69 6c 6c 20 |sk Manager will |
00003ec0 66 61 74 61 6c 6c 79 20 63 72 61 73 68 20 74 68 |fatally crash th|
00003ed0 65 20 44 65 73 6b 74 6f 70 20 69 66 20 69 74 20 |e Desktop if it |
00003ee0 69 73 20 00 00 74 00 00 25 4c 00 00 42 70 e9 03 |is ..t..%L..Bp..|
00003ef0 d9 5c c3 ff b9 8b c3 ff f0 24 00 00 6f 70 65 6e |.\.......$..open|
00003f00 65 64 20 28 6f 72 20 69 73 20 61 6c 72 65 61 64 |ed (or is alread|
00003f10 79 20 6f 70 65 6e 20 77 68 65 6e 20 56 4b 69 6c |y open when VKil|
00003f20 6c 65 72 20 69 73 20 72 75 6e 29 2e 20 0d 00 00 |ler is run). ...|
00003f30 00 4c 00 00 25 40 00 00 42 14 dd 02 b9 f5 c2 ff |.L..%@..B.......|
00003f40 99 24 c3 ff f0 24 00 02 54 68 65 20 73 6f 6c 75 |.$...$..The solu|
00003f50 74 69 6f 6e 73 20 74 6f 20 61 6c 6c 20 74 68 69 |tions to all thi|
00003f60 73 20 61 72 65 20 73 69 6d 70 6c 65 3a 20 0d 00 |s are simple: ..|
00003f70 00 40 00 00 25 4c 00 00 42 90 1d 04 99 8e c2 ff |.@..%L..B.......|
00003f80 79 bd c2 ff f0 24 00 02 31 2e 20 43 6c 6f 73 65 |y....$..1. Close|
00003f90 20 74 68 65 20 54 61 73 6b 20 4d 61 6e 61 67 65 | the Task Manage|
00003fa0 72 20 62 65 66 6f 72 65 20 72 75 6e 6e 69 6e 67 |r before running|
00003fb0 20 56 4b 69 6c 6c 65 72 2e 20 0d 00 00 4c 00 00 | VKiller. ...L..|
00003fc0 05 70 00 00 00 bc 2d 07 79 27 c2 ff 59 56 c2 ff |.p....-.y'..YV..|
00003fd0 f0 24 00 02 32 2e 20 44 6f 20 6e 6f 74 20 6f 70 |.$..2. Do not op|
00003fe0 65 6e 20 74 68 65 20 54 61 73 6b 20 4d 61 6e 61 |en the Task Mana|
00003ff0 67 65 72 20 61 66 74 65 72 20 56 4b 69 6c 6c 65 |ger after VKille|
00004000 72 20 68 61 73 20 52 4d 4b 69 6c 6c 65 64 20 74 |r has RMKilled t|
00004010 68 65 20 45 78 74 65 6e 64 20 56 69 72 75 73 2e |he Extend Virus.|
00004020 20 4d 79 20 61 64 76 69 63 65 20 00 00 70 00 00 | My advice ..p..|
00004030 25 6c 00 00 42 f0 81 06 39 ef c1 ff 19 1e c2 ff |%l..B...9.......|
00004040 f0 24 00 00 69 73 20 74 6f 20 73 63 61 6e 2f 69 |.$..is to scan/i|
00004050 6e 6e 6f 63 75 6c 61 74 65 20 74 68 65 20 69 6e |nnoculate the in|
00004060 66 65 63 74 65 64 20 64 69 73 6b 20 6f 72 20 64 |fected disk or d|
00004070 69 73 6b 73 20 61 6e 64 20 74 68 65 6e 20 68 61 |isks and then ha|
00004080 72 64 20 72 65 73 65 74 20 74 68 65 20 6d 61 63 |rd reset the mac|
00004090 68 69 6e 65 2e 20 0d 00 00 6c 00 00 05 74 00 00 |hine. ...l...t..|
000040a0 00 94 25 07 19 88 c1 ff f9 b6 c1 ff f0 24 00 02 |..%..........$..|
000040b0 48 6f 70 65 66 75 6c 6c 79 20 73 6f 6d 65 6f 6e |Hopefully someon|
000040c0 65 20 6f 75 74 20 74 68 65 72 65 20 69 6e 20 74 |e out there in t|
000040d0 68 65 20 50 75 62 6c 69 63 20 44 6f 6d 61 69 6e |he Public Domain|
000040e0 20 77 69 6c 6c 20 62 65 20 61 62 6c 65 20 74 6f | will be able to|
000040f0 20 66 69 6c 6c 20 69 6e 20 74 68 65 20 27 6d 69 | fill in the 'mi|
00004100 73 73 69 6e 67 27 20 63 6f 64 65 20 00 74 00 00 |ssing' code .t..|
00004110 05 70 00 00 00 80 f4 06 d9 4f c1 ff b9 7e c1 ff |.p.......O...~..|
00004120 f0 24 00 00 98 20 73 65 65 20 74 68 65 20 46 4e |.$... see the FN|
00004130 67 65 74 74 61 73 6b 68 61 6e 64 28 29 20 66 75 |gettaskhand() fu|
00004140 6e 63 74 69 6f 6e 20 69 6e 20 74 68 65 20 21 52 |nction in the !R|
00004150 75 6e 49 6d 61 67 65 20 73 6f 75 72 63 65 20 63 |unImage source c|
00004160 6f 64 65 20 66 6f 72 20 6d 6f 72 65 20 64 65 74 |ode for more det|
00004170 61 69 6c 73 2e 20 49 66 20 00 00 00 00 70 00 00 |ails. If ....p..|
00004180 a5 74 00 00 42 5c 25 06 99 17 c1 ff 79 46 c1 ff |.t..B\%.....yF..|
00004190 f0 24 00 00 74 68 69 73 20 68 61 70 70 65 6e 73 |.$..this happens|
000041a0 2c 20 74 68 65 6e 20 74 68 65 20 70 72 65 63 61 |, then the preca|
000041b0 75 74 69 6f 6e 73 20 77 6f 6e 27 74 20 62 65 20 |utions won't be |
000041c0 73 6f 20 65 6c 61 62 6f 72 61 74 65 20 69 6e 20 |so elaborate in |
000041d0 66 75 74 75 72 65 20 72 65 6c 65 61 73 65 73 2e |future releases.|
000041e0 20 0d 07 00 02 1e 00 00 02 1e 00 00 00 00 00 00 | ...............|
000041f0 00 74 00 00 a5 3c 00 00 42 d2 1e 03 09 99 c0 ff |.t...<..B.......|
00004200 59 df c0 ff 68 37 00 02 45 78 74 65 6e 64 20 56 |Y...h7..Extend V|
00004210 69 72 75 73 20 49 6e 6e 6f 63 75 6c 61 74 69 6f |irus Innoculatio|
00004220 6e 0d 08 68 02 1e 00 00 00 00 00 00 00 3c 00 00 |n..h.........<..|
00004230 01 10 00 00 00 90 ab 06 00 00 00 00 00 10 00 00 |................|
00004240 02 14 00 00 84 03 00 00 00 00 00 00 00 00 00 00 |................|
00004250 00 14 00 00 05 70 00 00 00 90 ab 06 a8 d5 bd ff |.....p..........|
00004260 88 04 be ff f0 24 00 02 56 4b 69 6c 6c 65 72 20 |.....$..VKiller |
00004270 63 61 6e 20 69 6e 6e 6f 63 75 6c 61 74 65 20 61 |can innoculate a|
00004280 20 21 42 6f 6f 74 20 66 69 6c 65 2e 20 54 68 69 | !Boot file. Thi|
00004290 73 20 69 6e 76 6f 6c 76 65 73 20 66 6f 6f 6c 69 |s involves fooli|
000042a0 6e 67 20 74 68 65 20 45 78 74 65 6e 64 20 56 69 |ng the Extend Vi|
000042b0 72 75 73 20 74 68 61 74 20 69 74 20 68 61 73 20 |rus that it has |
000042c0 00 70 00 00 25 70 00 00 42 c0 48 06 68 9d bd ff |.p..%p..B.H.h...|
000042d0 48 cc bd ff f0 24 00 00 61 6c 72 65 61 64 79 20 |H....$..already |
000042e0 69 6e 66 65 63 74 65 64 20 74 68 61 74 20 21 42 |infected that !B|
000042f0 6f 6f 74 20 66 69 6c 65 20 62 79 20 61 74 74 61 |oot file by atta|
00004300 63 68 69 6e 67 20 74 68 65 20 66 6f 6c 6c 6f 77 |ching the follow|
00004310 69 6e 67 20 74 6f 20 74 68 65 20 65 6e 64 20 6f |ing to the end o|
00004320 66 20 74 68 65 20 66 69 6c 65 3a 20 0d 00 00 00 |f the file: ....|
00004330 00 70 00 00 05 6c 00 00 00 38 b5 06 48 36 bd ff |.p...l...8..H6..|
00004340 28 65 bd ff f0 24 00 02 49 63 6f 6e 53 70 72 69 |(e...$..IconSpri|
00004350 74 65 73 20 3c 4f 62 65 79 24 44 69 72 3e 2e 21 |tes <Obey$Dir>.!|
00004360 53 70 72 69 74 65 73 3c 26 30 41 3e 20 7c 20 54 |Sprites<&0A> | T|
00004370 68 69 73 20 66 69 6c 65 20 68 61 73 20 62 65 65 |his file has bee|
00004380 6e 20 69 6e 6e 6f 63 75 6c 61 74 65 64 20 61 67 |n innoculated ag|
00004390 61 69 6e 73 74 20 74 68 65 20 00 00 00 6c 00 00 |ainst the ...l..|
000043a0 25 34 00 00 42 d8 5b 02 08 fe bc ff e8 2c bd ff |%4..B.[......,..|
000043b0 f0 24 00 00 45 78 74 65 6e 64 20 56 69 72 75 73 |.$..Extend Virus|
000043c0 3c 26 30 41 3e 20 7c 7c 3c 26 46 46 3e 20 0d 00 |<&0A> ||<&FF> ..|
000043d0 00 34 00 00 05 70 00 00 00 8c df 06 e8 96 bc ff |.4...p..........|
000043e0 c8 c5 bc ff f0 24 00 02 54 68 65 20 49 63 6f 6e |.....$..The Icon|
000043f0 53 70 72 69 74 65 73 20 6c 69 6e 65 20 69 73 20 |Sprites line is |
00004400 6f 6e 6c 79 20 69 6e 63 6c 75 64 65 64 20 69 66 |only included if|
00004410 20 61 20 6e 65 77 20 21 42 6f 6f 74 20 69 73 20 | a new !Boot is |
00004420 63 72 65 61 74 65 64 20 66 72 6f 6d 20 73 63 72 |created from scr|
00004430 61 74 63 68 20 41 4e 44 20 69 66 20 74 68 65 20 |atch AND if the |
00004440 00 70 00 00 05 78 00 00 00 f0 0b 07 a8 5e bc ff |.p...x.......^..|
00004450 88 8d bc ff f0 24 00 00 61 70 70 6c 69 63 61 74 |.....$..applicat|
00004460 69 6f 6e 20 64 69 72 65 63 74 6f 72 79 20 63 6f |ion directory co|
00004470 6e 74 61 69 6e 73 20 61 6e 20 21 53 70 72 69 74 |ntains an !Sprit|
00004480 65 73 20 66 69 6c 65 20 77 69 74 68 20 74 68 65 |es file with the|
00004490 20 53 70 72 69 74 65 20 66 69 6c 65 74 79 70 65 | Sprite filetype|
000044a0 2e 20 49 66 20 74 68 65 20 6f 72 69 67 69 6e 61 |. If the origina|
000044b0 6c 20 21 42 6f 6f 74 20 00 78 00 00 05 6c 00 00 |l !Boot .x...l..|
000044c0 00 20 d0 06 68 26 bc ff 48 55 bc ff f0 24 00 00 |. ..h&..HU...$..|
000044d0 77 61 73 20 6e 6f 74 20 70 72 6f 70 65 72 6c 79 |was not properly|
000044e0 20 74 65 72 6d 69 6e 61 74 65 64 20 62 79 20 61 | terminated by a|
000044f0 20 6c 69 6e 65 66 65 65 64 20 28 3c 26 30 41 3e | linefeed (<&0A>|
00004500 29 2c 20 74 68 65 6e 20 61 20 6c 69 6e 65 66 65 |), then a linefe|
00004510 65 64 20 77 69 6c 6c 20 62 65 20 61 70 70 65 6e |ed will be appen|
00004520 64 65 64 20 00 6c 00 00 05 74 00 00 00 e8 d7 06 |ded .l...t......|
00004530 28 ee bb ff 08 1d bc ff f0 24 00 00 70 72 69 6f |(........$..prio|
00004540 72 20 74 6f 20 74 68 65 20 61 64 64 69 74 69 6f |r to the additio|
00004550 6e 20 6f 66 20 61 6e 79 20 69 6e 6e 6f 63 75 6c |n of any innocul|
00004560 61 74 69 6f 6e 20 6c 69 6e 65 73 2e 20 4e 6f 74 |ation lines. Not|
00004570 65 20 74 68 65 20 63 72 69 74 69 63 61 6c 20 64 |e the critical d|
00004580 69 66 66 65 72 65 6e 63 65 20 62 65 74 77 65 65 |ifference betwee|
00004590 6e 20 74 68 65 20 00 00 00 74 00 00 05 74 00 00 |n the ...t...t..|
000045a0 00 4c 2b 07 e8 b5 bb ff c8 e4 bb ff f0 24 00 00 |.L+..........$..|
000045b0 45 78 74 65 6e 64 20 56 69 72 75 73 20 69 6e 66 |Extend Virus inf|
000045c0 65 63 74 69 6f 6e 20 61 6e 64 20 74 68 65 20 69 |ection and the i|
000045d0 6e 6e 6f 63 75 6c 61 74 69 6f 6e 3a 20 54 68 65 |nnoculation: The|
000045e0 20 70 65 6e 75 6c 74 69 6d 61 74 65 20 6c 69 6e | penultimate lin|
000045f0 65 20 69 73 20 74 65 72 6d 69 6e 61 74 65 64 20 |e is terminated |
00004600 62 79 20 3c 26 30 41 3e 20 00 00 00 00 74 00 00 |by <&0A> ....t..|
00004610 05 68 00 00 00 e0 67 06 a8 7d bb ff 88 ac bb ff |.h....g..}......|
00004620 f0 24 00 00 61 6e 64 20 6e 6f 74 20 3c 26 30 44 |.$..and not <&0D|
00004630 3e 2e 20 54 68 69 73 20 69 73 20 68 6f 77 20 56 |>. This is how V|
00004640 4b 69 6c 6c 65 72 20 63 61 6e 20 64 69 66 66 65 |Killer can diffe|
00004650 72 65 6e 74 69 61 74 65 20 62 65 74 77 65 65 6e |rentiate between|
00004660 20 69 6e 6e 6f 63 75 6c 61 74 69 6f 6e 73 20 61 | innoculations a|
00004670 6e 64 20 00 00 68 00 00 25 28 00 00 42 18 e1 00 |nd ..h..%(..B...|
00004680 68 45 bb ff 48 74 bb ff f0 24 00 00 69 6e 66 65 |hE..Ht...$..infe|
00004690 63 74 69 6f 6e 73 2e 20 0d 00 00 00 00 28 00 00 |ctions. .....(..|
000046a0 05 74 00 00 00 cc 20 07 48 de ba ff 28 0d bb ff |.t.... .H...(...|
000046b0 f0 24 00 02 50 6c 65 61 73 65 20 6e 6f 74 65 20 |.$..Please note |
000046c0 74 68 61 74 20 63 72 65 61 74 69 6e 67 20 6e 65 |that creating ne|
000046d0 77 20 69 6e 6e 6f 63 75 6c 61 74 65 64 20 21 42 |w innoculated !B|
000046e0 6f 6f 74 20 66 69 6c 65 73 20 66 72 6f 6d 20 73 |oot files from s|
000046f0 63 72 61 74 63 68 20 77 69 6c 6c 20 63 61 75 73 |cratch will caus|
00004700 65 20 74 68 65 20 64 6f 75 62 6c 65 2d 00 00 00 |e the double-...|
00004710 00 74 00 00 05 70 00 00 00 44 e2 06 08 a6 ba ff |.t...p...D......|
00004720 e8 d4 ba ff f0 24 00 00 63 6c 69 63 6b 20 61 63 |.....$..click ac|
00004730 74 69 6f 6e 20 74 6f 20 6f 70 65 6e 20 61 20 64 |tion to open a d|
00004740 69 72 65 63 74 6f 72 79 20 77 69 6e 64 6f 77 20 |irectory window |
00004750 74 6f 20 74 61 6b 65 20 6c 6f 6e 67 65 72 20 62 |to take longer b|
00004760 65 63 61 75 73 65 20 74 68 65 20 61 70 70 6c 69 |ecause the appli|
00004770 63 61 74 69 6f 6e 73 20 69 6e 73 69 64 65 20 00 |cations inside .|
00004780 00 70 00 00 a5 50 00 00 42 c4 35 03 c8 6d ba ff |.p...P..B.5..m..|
00004790 a8 9c ba ff f0 24 00 00 74 68 61 74 20 77 69 6e |.....$..that win|
000047a0 64 6f 77 20 68 61 76 65 20 74 68 65 73 65 20 6e |dow have these n|
000047b0 65 77 20 21 42 6f 6f 74 20 66 69 6c 65 73 2e 0d |ew !Boot files..|
000047c0 07 00 00 00 01 0f 00 00 01 0f 00 00 00 00 00 00 |................|
000047d0 00 50 00 00 a5 30 00 00 42 b8 00 02 c8 d7 b9 ff |.P...0..B.......|
000047e0 88 35 ba ff d0 47 00 02 56 69 67 61 79 20 56 69 |.5...G..Vigay Vi|
000047f0 72 75 73 0d 08 79 70 65 01 0f 00 00 00 00 00 00 |rus..ype........|
00004800 00 30 00 00 05 74 00 00 00 9c d2 06 48 67 b9 ff |.0...t......Hg..|
00004810 28 96 b9 ff f0 24 00 02 54 68 69 73 20 69 73 20 |(....$..This is |
00004820 76 65 72 79 20 64 65 74 61 69 6c 65 64 20 28 61 |very detailed (a|
00004830 6c 74 68 6f 75 67 68 20 73 74 6f 70 70 69 6e 67 |lthough stopping|
00004840 20 73 68 6f 72 74 20 6f 66 20 61 20 6c 69 73 74 | short of a list|
00004850 69 6e 67 20 6f 66 20 63 6f 75 72 73 65 29 20 64 |ing of course) d|
00004860 65 73 63 72 69 70 74 69 6f 6e 20 6f 66 20 74 68 |escription of th|
00004870 65 20 00 00 00 74 00 00 45 74 00 00 00 8c 1b 07 |e ...t..Et......|
00004880 08 2f b9 ff e8 5d b9 ff f0 24 00 00 56 69 67 61 |./...]...$..Viga|
00004890 79 20 56 69 72 75 73 2e 20 49 74 20 69 73 20 73 |y Virus. It is s|
000048a0 74 72 6f 6e 67 6c 79 20 72 65 63 6f 6d 6d 65 6e |trongly recommen|
000048b0 64 65 64 20 72 65 61 64 69 6e 67 2c 20 69 66 20 |ded reading, if |
000048c0 6f 6e 6c 79 20 74 6f 20 67 69 76 65 20 79 6f 75 |only to give you|
000048d0 20 61 20 62 65 74 74 65 72 20 75 6e 64 65 72 73 | a better unders|
000048e0 74 61 6e 64 14 2d 00 00 00 74 00 00 a5 48 00 00 |tand.-...t...H..|
000048f0 42 58 72 02 c8 f6 b8 ff a8 25 b9 ff f0 24 00 00 |BXr......%...$..|
00004900 69 6e 67 20 6f 66 20 68 6f 77 20 74 68 65 20 76 |ing of how the v|
00004910 69 72 75 73 20 6f 70 65 72 61 74 65 73 2e 20 0d |irus operates. .|
00004920 07 74 68 65 02 1f 00 00 02 1f 00 00 00 00 00 00 |.the............|
00004930 00 48 00 00 a5 38 00 00 42 ba 9d 02 38 78 b8 ff |.H...8..B...8x..|
00004940 88 be b8 ff 68 37 00 02 54 65 63 68 6e 69 63 61 |....h7..Technica|
00004950 6c 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 0d 08 20 |l information.. |
00004960 02 1f 00 00 00 00 00 00 00 38 00 00 05 6c 00 00 |.........8...l..|
00004970 00 ec 00 07 68 0c b8 ff 48 3b b8 ff f0 24 00 02 |....h...H;...$..|
00004980 54 68 69 73 20 69 73 20 61 20 32 33 31 31 2d 62 |This is a 2311-b|
00004990 79 74 65 20 42 41 53 49 43 20 70 72 6f 67 72 61 |yte BASIC progra|
000049a0 6d 20 63 61 6c 6c 65 64 20 22 64 61 74 61 64 71 |m called "datadq|
000049b0 6d 22 20 77 69 74 68 20 61 6e 20 61 73 73 6f 63 |m" with an assoc|
000049c0 69 61 74 65 64 20 39 37 2d 62 79 74 65 20 21 42 |iated 97-byte !B|
000049d0 6f 6f 74 20 00 6c 00 00 a5 64 00 00 42 68 a2 04 |oot .l...d..Bh..|
000049e0 28 d4 b7 ff 08 03 b8 ff f0 24 00 00 66 69 6c 65 |(........$..file|
000049f0 2e 20 54 68 65 20 52 45 4d 73 20 61 74 20 74 68 |. The REMs at th|
00004a00 65 20 73 74 61 72 74 20 6f 66 20 74 68 65 20 70 |e start of the p|
00004a10 72 6f 67 72 61 6d 20 61 72 65 20 61 73 20 66 6f |rogram are as fo|
00004a20 6c 6c 6f 77 73 3a 20 0d 07 75 6e 3a 06 20 00 00 |llows: ..un:. ..|
00004a30 06 20 00 00 00 00 00 00 00 64 00 00 25 30 00 00 |. .......d..%0..|
00004a40 42 d6 af 01 08 6d b7 ff e8 9b b7 ff 9c 1e 00 02 |B....m..........|
00004a50 52 45 4d 20 28 43 29 31 39 38 39 20 50 41 55 4c |REM (C)1989 PAUL|
00004a60 20 56 49 47 41 59 0d 00 00 30 00 00 25 1c 00 00 | VIGAY...0..%...|
00004a70 42 e3 3a 00 c8 34 b7 ff a8 63 b7 ff 9c 1e 00 02 |B.:..4...c......|
00004a80 52 45 4d 0d 00 1c 00 00 25 3c 00 00 42 62 9b 02 |REM.....%<..Bb..|
00004a90 88 fc b6 ff 68 2b b7 ff 9c 1e 00 02 52 45 4d 20 |....h+......REM |
00004aa0 41 20 6e 61 73 74 79 20 6c 69 74 74 6c 65 20 41 |A nasty little A|
00004ab0 72 63 68 69 65 20 56 69 72 75 73 20 21 21 0d 00 |rchie Virus !!..|
00004ac0 00 3c 00 00 25 4c 00 00 42 30 ae 03 48 c4 b6 ff |.<..%L..B0..H...|
00004ad0 28 f3 b6 ff 9c 1e 00 02 52 45 4d 20 2e 2e 2e 20 |(.......REM ... |
00004ae0 6f 72 20 69 73 20 73 6f 6d 65 74 68 69 6e 67 20 |or is something |
00004af0 75 70 20 77 69 74 68 20 79 6f 75 72 20 6d 6f 6e |up with your mon|
00004b00 69 74 6f 72 20 3f 3f 3f 0d 00 00 00 00 4c 00 00 |itor ???.....L..|
00004b10 25 1c 00 00 42 e3 3a 00 08 8c b6 ff e8 ba b6 ff |%...B.:.........|
00004b20 9c 1e 00 02 52 45 4d 0d 00 1c 00 00 a5 4c 00 00 |....REM......L..|
00004b30 42 45 d6 02 c8 53 b6 ff a8 82 b6 ff 9c 1e 00 02 |BE...S..........|
00004b40 52 45 4d 20 76 65 72 73 69 6f 6e 20 31 2e 31 61 |REM version 1.1a|
00004b50 20 28 32 34 74 68 20 4f 63 74 6f 62 65 72 20 31 | (24th October 1|
00004b60 39 38 39 29 20 08 22 20 06 20 00 00 00 00 00 00 |989) ." . ......|
00004b70 0d 00 00 00 00 4c 00 00 05 70 00 00 00 78 2f 07 |.....L...p...x/.|
00004b80 a8 ec b5 ff 88 1b b6 ff f0 24 00 02 48 65 6e 63 |.........$..Henc|
00004b90 65 20 79 6f 75 20 6e 6f 77 20 6b 6e 6f 77 20 77 |e you now know w|
00004ba0 68 79 20 69 74 27 73 20 63 61 6c 6c 65 64 20 74 |hy it's called t|
00004bb0 68 65 20 22 56 69 67 61 79 20 56 69 72 75 73 22 |he "Vigay Virus"|
00004bc0 20 98 20 74 68 65 20 61 75 74 68 6f 72 27 73 20 | . the author's |
00004bd0 6e 61 6d 65 20 61 70 70 65 61 72 73 20 61 73 20 |name appears as |
00004be0 61 20 00 00 00 70 00 00 25 30 00 00 42 54 b9 01 |a ...p..%0..BT..|
00004bf0 68 b4 b5 ff 48 e3 b5 ff f0 24 00 00 63 6f 6d 6d |h...H....$..comm|
00004c00 65 6e 74 20 61 74 20 74 68 65 20 73 74 61 72 74 |ent at the start|
00004c10 21 0d 00 00 00 30 00 00 05 70 00 00 00 34 c2 06 |!....0...p...4..|
00004c20 48 4d b5 ff 28 7c b5 ff f0 24 00 02 57 68 65 6e |HM..(|...$..When|
00004c30 20 66 69 72 73 74 20 72 75 6e 2c 20 69 74 20 69 | first run, it i|
00004c40 6e 69 74 69 61 6c 69 73 65 73 20 61 73 20 61 20 |nitialises as a |
00004c50 57 69 6d 70 20 74 61 73 6b 20 63 61 6c 6c 65 64 |Wimp task called|
00004c60 20 22 54 61 73 6b 4d 61 6e 61 67 65 72 22 20 61 | "TaskManager" a|
00004c70 6e 64 20 74 68 65 6e 20 77 61 69 74 73 20 66 6f |nd then waits fo|
00004c80 72 20 00 00 00 70 00 00 25 24 00 00 42 54 90 00 |r ...p..%$..BT..|
00004c90 08 15 b5 ff e8 43 b5 ff f0 24 00 00 65 69 74 68 |.....C...$..eith|
00004ca0 65 72 3a 20 0d 00 00 00 00 24 00 00 05 78 00 00 |er: .....$...x..|
00004cb0 00 e4 2f 07 e8 ad b4 ff c8 dc b4 ff f0 24 00 02 |../..........$..|
00004cc0 31 29 20 61 20 63 68 61 6e 63 65 20 6f 66 20 28 |1) a chance of (|
00004cd0 35 30 30 20 2a 20 68 6f 75 72 73 20 6c 65 66 74 |500 * hours left|
00004ce0 20 6f 66 20 61 20 54 68 75 72 73 64 61 79 29 20 | of a Thursday) |
00004cf0 74 6f 20 31 20 74 6f 20 63 72 6f 70 20 75 70 20 |to 1 to crop up |
00004d00 74 6f 20 73 70 61 72 6b 20 6f 66 66 20 61 20 73 |to spark off a s|
00004d10 69 6c 6c 79 20 22 77 6f 62 62 6c 65 22 20 00 00 |illy "wobble" ..|
00004d20 00 78 00 00 05 68 00 00 00 54 99 06 a8 75 b4 ff |.x...h...T...u..|
00004d30 88 a4 b4 ff f0 24 00 00 64 65 6d 6f 20 28 77 6f |.....$..demo (wo|
00004d40 62 62 6c 65 73 20 74 68 65 20 73 63 72 65 65 6e |bbles the screen|
00004d50 20 61 6e 64 20 6d 6f 75 73 65 20 70 6f 69 6e 74 | and mouse point|
00004d60 65 72 29 2e 20 59 65 73 2c 20 74 68 69 73 20 64 |er). Yes, this d|
00004d70 65 6d 6f 20 6f 6e 6c 79 20 61 70 70 65 61 72 73 |emo only appears|
00004d80 20 6f 6e 20 61 20 00 00 00 68 00 00 25 4c 00 00 | on a ...h..%L..|
00004d90 42 e0 3c 04 68 3d b4 ff 48 6c b4 ff f0 24 00 00 |B.<.h=..Hl...$..|
00004da0 54 68 75 72 73 64 61 79 20 61 6e 64 20 6d 6f 72 |Thursday and mor|
00004db0 65 20 66 72 65 71 75 65 6e 74 6c 79 20 61 73 20 |e frequently as |
00004dc0 74 68 65 20 64 61 79 20 77 65 61 72 73 20 6f 6e |the day wears on|
00004dd0 2e 20 0d 00 00 4c 00 00 25 20 00 00 42 c4 44 00 |. ...L..% ..B.D.|
00004de0 48 d6 b3 ff 28 05 b4 ff f0 24 00 02 6f 72 3a 20 |H...(....$..or: |
00004df0 0d 00 00 00 00 20 00 00 05 78 00 00 00 34 b3 06 |..... ...x...4..|
00004e00 28 6f b3 ff 08 9e b3 ff f0 24 00 02 32 29 20 61 |(o.......$..2) a|
00004e10 20 66 69 6c 65 2f 64 69 72 65 63 74 6f 72 79 20 | file/directory |
00004e20 64 6f 75 62 6c 65 2d 63 6c 69 63 6b 2c 20 69 6e |double-click, in|
00004e30 20 77 68 69 63 68 20 63 61 73 65 20 69 74 20 61 | which case it a|
00004e40 74 74 65 6d 70 74 73 20 74 6f 20 72 65 70 6c 69 |ttempts to repli|
00004e50 63 61 74 65 20 69 74 73 65 6c 66 20 74 6f 20 74 |cate itself to t|
00004e60 68 65 20 66 69 72 73 74 20 00 00 00 00 78 00 00 |he first ....x..|
00004e70 05 74 00 00 00 08 15 07 e8 36 b3 ff c8 65 b3 ff |.t.......6...e..|
00004e80 f0 24 00 00 61 70 70 6c 69 63 61 74 69 6f 6e 20 |.$..application |
00004e90 64 69 72 65 63 74 6f 72 79 20 61 74 20 74 68 61 |directory at tha|
00004ea0 74 20 6c 65 76 65 6c 20 74 68 61 74 20 64 6f 65 |t level that doe|
00004eb0 73 6e 27 74 20 61 6c 72 65 61 64 79 20 68 61 76 |sn't already hav|
00004ec0 65 20 65 69 74 68 65 72 20 61 6e 20 21 42 6f 6f |e either an !Boo|
00004ed0 74 20 6f 72 20 61 20 64 61 74 61 64 71 6d 20 00 |t or a datadqm .|
00004ee0 00 74 00 00 01 10 00 00 42 00 57 00 00 00 00 00 |.t......B.W.....|
00004ef0 00 10 00 00 02 14 00 00 18 04 00 00 00 00 00 00 |................|
00004f00 00 00 00 00 00 14 00 00 25 20 00 00 42 00 57 00 |........% ..B.W.|
00004f10 f7 d5 b0 ff d7 04 b1 ff f0 24 00 00 66 69 6c 65 |.........$..file|
00004f20 2e 20 0d 00 00 20 00 00 05 74 00 00 00 78 0e 07 |. ... ...t...x..|
00004f30 d7 6e b0 ff b7 9d b0 ff f0 24 00 02 54 68 65 72 |.n.......$..Ther|
00004f40 65 20 69 73 20 6e 6f 20 69 6e 66 65 63 74 69 6f |e is no infectio|
00004f50 6e 20 63 6f 75 6e 74 20 6d 61 69 6e 74 61 69 6e |n count maintain|
00004f60 65 64 20 61 63 72 6f 73 73 20 72 65 70 6c 69 63 |ed across replic|
00004f70 61 74 69 6f 6e 73 2e 20 42 65 63 61 75 73 65 20 |ations. Because |
00004f80 69 74 20 69 6e 73 74 61 6c 6c 73 20 69 74 73 65 |it installs itse|
00004f90 6c 66 20 61 73 20 61 20 00 74 00 00 05 74 00 00 |lf as a .t...t..|
00004fa0 00 d0 25 07 97 36 b0 ff 77 65 b0 ff f0 24 00 00 |..%..6..we...$..|
00004fb0 42 41 53 49 43 20 57 69 6d 70 20 74 61 73 6b 2c |BASIC Wimp task,|
00004fc0 20 69 74 20 63 61 6e 6e 6f 74 20 62 65 20 65 61 | it cannot be ea|
00004fd0 73 69 6c 79 20 64 65 74 65 63 74 65 64 20 62 79 |sily detected by|
00004fe0 20 56 4b 69 6c 6c 65 72 20 69 66 20 69 74 20 69 | VKiller if it i|
00004ff0 73 20 70 72 65 73 65 6e 74 20 50 52 49 4f 52 20 |s present PRIOR |
00005000 74 6f 20 56 4b 69 6c 6c 65 72 20 00 00 74 00 00 |to VKiller ..t..|
00005010 05 70 00 00 00 f8 27 07 57 fe af ff 37 2d b0 ff |.p....'.W...7-..|
00005020 f0 24 00 00 62 65 69 6e 67 20 72 75 6e 2e 20 50 |.$..being run. P|
00005030 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 22 21 |lease see the "!|
00005040 52 65 61 64 4d 65 22 20 6f 6e 20 68 6f 77 20 74 |ReadMe" on how t|
00005050 6f 20 6d 69 6e 69 6d 69 73 65 20 74 68 69 73 20 |o minimise this |
00005060 70 72 6f 62 6c 65 6d 2e 20 49 66 20 74 68 65 20 |problem. If the |
00005070 56 69 67 61 79 20 56 69 72 75 73 20 00 70 00 00 |Vigay Virus .p..|
00005080 05 68 00 00 00 d0 5f 06 17 c6 af ff f7 f4 af ff |.h...._.........|
00005090 f0 24 00 00 69 6e 73 74 61 6c 6c 73 20 69 74 73 |.$..installs its|
000050a0 65 6c 66 20 61 73 20 61 20 57 69 6d 70 20 74 61 |elf as a Wimp ta|
000050b0 73 6b 20 41 46 54 45 52 20 56 4b 69 6c 6c 65 72 |sk AFTER VKiller|
000050c0 20 68 61 73 20 62 65 65 6e 20 72 75 6e 2c 20 74 | has been run, t|
000050d0 68 65 6e 20 56 4b 69 6c 6c 65 72 20 73 65 6e 64 |hen VKiller send|
000050e0 73 20 61 20 00 68 00 00 a5 54 00 00 42 94 d4 03 |s a .h...T..B...|
000050f0 d7 8d af ff b7 bc af ff f0 24 00 00 4d 65 73 73 |.........$..Mess|
00005100 61 67 65 5f 51 75 69 74 20 57 69 6d 70 20 6d 65 |age_Quit Wimp me|
00005110 73 73 61 67 65 20 74 6f 20 73 68 75 74 20 69 74 |ssage to shut it|
00005120 20 64 6f 77 6e 2e 20 0d 07 74 61 62 02 21 00 00 | down. ..tab.!..|
00005130 02 21 00 00 00 00 00 00 00 54 00 00 a5 3c 00 00 |.!.......T...<..|
00005140 42 ca f3 02 47 0f af ff 97 55 af ff 68 37 00 02 |B...G....U..h7..|
00005150 56 69 67 61 79 20 56 69 72 75 73 20 49 6e 6e 6f |Vigay Virus Inno|
00005160 63 75 6c 61 74 69 6f 6e 0d 08 00 00 02 21 00 00 |culation.....!..|
00005170 00 00 00 00 00 3c 00 00 05 70 00 00 00 f8 2d 07 |.....<...p....-.|
00005180 77 a3 ae ff 57 d2 ae ff f0 24 00 02 49 6e 6e 6f |w...W....$..Inno|
00005190 63 75 6c 61 74 69 6f 6e 20 63 61 6e 20 62 65 20 |culation can be |
000051a0 61 63 68 69 65 76 65 64 20 62 79 20 63 72 65 61 |achieved by crea|
000051b0 74 69 6e 67 20 61 20 6e 65 77 20 21 42 6f 6f 74 |ting a new !Boot|
000051c0 20 69 6e 20 74 68 65 20 73 61 6d 65 20 6d 61 6e | in the same man|
000051d0 6e 65 72 20 61 73 20 74 68 65 20 45 78 74 65 6e |ner as the Exten|
000051e0 64 20 00 00 00 70 00 00 25 30 00 00 42 80 b1 01 |d ...p..%0..B...|
000051f0 37 6b ae ff 17 9a ae ff f0 24 00 00 56 69 72 75 |7k.......$..Viru|
00005200 73 20 69 73 20 69 6e 6e 6f 63 75 6c 61 74 65 64 |s is innoculated|
00005210 2e 20 05 0d 00 30 00 00 01 24 00 00 00 00 00 00 |. ...0...$......|
00005220 00 00 00 00 05 05 05 05 05 05 05 05 05 05 05 05 |................|
00005230 05 05 05 05 05 05 05 05 00 24 00 00 01 24 00 00 |.........$...$..|
00005240 00 00 00 00 00 00 00 00 05 05 05 05 05 05 05 05 |................|
00005250 05 05 05 05 05 05 05 05 05 05 05 05 00 24 00 00 |.............$..|
00005260 01 24 00 00 00 00 00 00 00 00 00 00 05 05 05 05 |.$..............|
00005270 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 |................|
00005280 00 24 00 00 06 00 00 00 79 56 34 12 |.$......yV4.|
0000528c 
.