MSX Virus

Pagina 2/4
1 | | 3 | 4

Van Necron

Prophet (2266)

afbeelding van Necron

17-09-2003, 22:25

Do you see??? MSX is a so good platform that even the viruses remain living until now!!! Do you see any Michelangelo or any other old virus into your PC's nowadays? Nooooo... they are all sissy-pc-virus that can't stand for too long... Smile

Be proud gentleman! Our viruses are much better than the viruses of other stinking platforms! AHhahahah... LOL! LOL! LOL! LOL!

Van anonymous

incognito ergo sum (116)

afbeelding van anonymous

18-09-2003, 01:48

/me waves to Saeba as well. And thanks to him, I had my MSX HD FULL with the ZAPP virus, just last year. So it's a survivor for sure.
LOL, I remember Saeba being mad at YOU for giving HIM the virus!
So ehm, who is right here? Tongue

Van Latok

msx guru (3836)

afbeelding van Latok

18-09-2003, 08:50

I think Saeba and I will never agree on this one Tongue

Van Vincent van Dam

Hero (513)

afbeelding van Vincent van Dam

18-09-2003, 09:24

I made a virus (4br&da) in the mid-90s, but never put it in the wild (that was never the intention also). It acted as a tsr and hooked the bdos. If the open function was being called for a .com file it attached itself to this file. The source code for this virus was online for years, but the server the page was hosted on doesn't seem to exist anymore. I still have the source in my archive, though.

Van BiFi

Enlighted (4348)

afbeelding van BiFi

18-09-2003, 10:10

Apart from spreading itself using the BDOS open function call, what does it do?

Van Vincent van Dam

Hero (513)

afbeelding van Vincent van Dam

18-09-2003, 10:43

Every infect increased a generation counter, when this reached a certain value it displayed "Love to Brenda" before the application started. The generation counter wasn't very impressive, so it revealed itself pretty fast (i focussed on the spreading). A friend of mine made a few variations, one of them 'click-clack' turned the motor on and off every few seconds Smile

The engine itself did a encrypt (xor with the r-register) on the virus code itself to make it more difficult to make a signature of the virus. It also substracted the size of the virus if you did a dir, so you wouldn't notice the infected files had increased in size. It used dos-2 and was mainly focussed for infection on hd's. It didn't check if the disk was write protected, and I think it gave an error if the disk was write protected.

We also made some fun .com files which when started also acted as a tsr and did some annoying stuff (this was before I made the virus). Also never spread those, but annoyed eachother with them. The most fun ones were:
- after an open, make the file a system file, so it seems to have disappeared, but you can't create a new file with that name.
- every x seconds, put a backspace in the keyboard buffer.

Van cax

Prophet (3736)

afbeelding van cax

18-09-2003, 14:20

In fact, there were at least 2 viruses - one that sits in boot sector and wishes you happy birthday, and another that infects COMs. I remember myself running the infected files in the debugger and cleaning them this way. Indeed, there was XORing with the register R, so I can confirm that I saw this virus in Russia.

Van k0ga

Expert (77)

afbeelding van k0ga

24-09-2003, 11:14

IIRC, there were 2 anti-virus programs for the Zapp virus. One is TCAV (Techno Crew's Anti Virus) and the other I can't remember.
Zapp is quite annoying. I know just last year a spanish MSX user was infected with it, even though it's almost 10 years old!
Keeping infected COMs in LZH/PMA archive and then distributing wil do that to ya Tongue

I was this spanish guy was infected. It was very funny because I was programming with compass and I saw the changes and traced it with debugger, but I could not think that was a MSX virus, ainss, programming is very bad for health Big smile

Van BiFi

Enlighted (4348)

afbeelding van BiFi

24-09-2003, 11:21

Another way of learning how things are done, not a nice way to do it, but nevertheless quite effective.

Van NYYRIKKI

Enlighted (5880)

afbeelding van NYYRIKKI

19-04-2004, 12:31

Eh... I just got ZAPPed!

I tried to run unzapp on my HD and yes, it fixes the problem, but it also makes crosslinked clusters. Is there any GOOD unzapp program available? I could not find TCAV anywhere...

Pagina 2/4
1 | | 3 | 4