BBS: Inland Empire Archive Date: 11-01-92 (11:02) Number: 2 From: JAMES VAHN Refer#: 400 To: MARK BUTLER Recvd: NO Subj: Postit Conf: (2) Quik_Bas
JV> OPEN "virus.com" FOR OUTPUT AS #1 JV> FOR t = 1 TO 12: READ a: PRINT #1, CHR$(a); : NEXT JV> CLOSE : DATA 205,20,14,1,207,232,0,0,91,129,235,169 205,32, shucks... see below for the lame excuse.. JV> Completely harmless despite the name. Run this Basic file to JV> generate virus.com, then run McAffee's SCAN on the drive. You JV> will find yourself 'infected'- and without using postit. JV> Even harder to eyeball this one, eh? MB> SCAN reports that 'virus.com' contains the "Fish" virus. If MB> 'virus.com' is actually executed SCAN will report that the MB> "Fish" virus is active in memory even after a warmboot. MB> Tell us all about this latest "whoopee cushion" of yours MB> here James. Just how did you deduce that it would trip SCAN MB> off to the presence of the 'Fish' virus? What is this code MB> =actually= doing (assuming it was 'harmless' as you said) This is REALLY off-topic, but it should be explained I suppose.. SCAN and all the others use Search Strings to locate 'Known' viruses. That is simply SCAN's FISH virus search string... Other virus scanners use other strings and won't detect this demo. That is also why false detections are made. If you tried to execute VIRUS.COM, you loaded it into memory. A warm boot does not erase memory. A debug dump of those 12 bytes: -nvirus.com -l -u100 10b 0D24:0100 CD20 INT 20 0D24:0102 0E PUSH CS 0D24:0103 01CF ADD DI,CX 0D24:0105 E80000 CALL 0108 0D24:0108 5B POP BX 0D24:0109 81EBA93D SUB BX,3DA9 -q BTW- I blew it. JV> CLOSE : DATA 205,20,14,1,207,232,0,0,91,129,235,169 ^^ That should be 32, like: DATA 205,32,14,1,207,232,0,0,91,129,235,169 SCAN uses a search string of 10 characters. JUST IN CASE someone ACTUALLY executed this thing, I inserted INT 20h to simply return to DOS- making it "Harmless". Ahem... Well, I forgot to convert the 20h to a decimal 32 and it actually calls INT 14h and continues executing the string doing who-knows-what. It depends on what else was in memory at the time. My sincere appologies for this error. If you archived that message, please correct it. * SLMR 2.1a *
Books at Amazon:
Back to BASIC: The History, Corruption, and Future of the Language
Hackers: Heroes of the Computer Revolution (including Tiny BASIC)
Go to: The Story of the Math Majors, Bridge Players, Engineers, Chess Wizards, Scientists and Iconoclasts who were the Hero Programmers of the Software Revolution
The Advent of the Algorithm: The Idea that Rules the World
Moths in the Machine: The Power and Perils of Programming
Mastering Visual Basic .NET