8326442@AWIWUW11.BITNET (Martin Zejma) (01/10/91)
hello hunters |
During autumn I worked out a TurboPascal 5.5 ( without OOP , so just
5.0 ) program , that tries to show the infection path of a group of
infections with the 1701/1704 Virus , found with (no brackets) (170X)
when using SCAN. The virus stores the 32-bit system clock from
0040:006C or something like that, --> ( you get the TIME when the
virus gets resident )
2) it stores the jump instruction to the eof from the previous infection
( so you get the length of the previous infected file while being resident)
3) and all the original interrupt-vectors , so you can seperate different envi
ronments while infections occured
4) the original length of the current infected file
all that stuff quite simple programmed.
Now I want to know : IS this interesting enough to be posted in the
VIRUS-L archives ???
Please send opinions ( to me directly or to the list , i'm a maniac
reader ) especially the moderator of these fabulous list , Mr Ken van
Wyk .
Thank's for waisting your time
Martin
+-----------------------------------------------------------------------+
| Martin Zejma 8326442 @ AWIWUW11.BITNET |
| |
| Wirtschaftsuniversitaet Wien --- Univ. of Economics Vienna/Austria |
+-----------------------------------------------------------------------+