Source code of computer viruses

AntiCARO - Virus for MS-DOS by Mister Sandman

Virus for MS-DOS

Mister Sandman
Released in 29A#1 magazine

Author's comments

As i don't agree with CARO and with the way the name viruses, and spe- cially the way they *misnamed* VLAD's Bizatch, i decided to write this virus... just to protest against the biggest dickhead under the sun, Vesselin Bonchev, the virus-baptizer who does whatever he wants making abuse of his 'power' in that fucking sect named CARO.

And as i know that, albeit he works at Frisk, his favourite AV is AVP, i just took the decission to write this baby, which will modify AVP so it will detect Bizatch as 'Bizatch_:P' and not as Boza.

The virus is lame as hell (but i swear i wasn't able to reach Ratboy's or YAM's coding skills)... i only developed its originality. Anyway, it's interesting to see how does it modify AVP:

It looks for AVP.SET in the current directory it's being loaded from. If it finds that file, it will insert a new viral database in the se- cond field, and later it will drop that new database, which contains the data needed for detecting Bizatch from AVP (have a look at the co- de, which is found at the end of this virus).

As this new viral database has been loaded before the rest of the other databases (except of KERNEL.AVB, which must be always loaded in the first place), it will be the first one containing Bizatch's search strings, so it will be the fortunate participant to show the name of the virus it has detected :)

About the virus itself, as i told before, it's a lame TSR COM infec- tor which hits files on execution (4b00h) and uses SFTs for performing the file infection.

This virus is dedicated to my friends Quantum and Qark (ex VLAD) for obvious reasons and to Tcp/29A because of his help on its writing.

Compiling instructions:

        tasm /m anticaro.asm
        tlink anticaro.obj
        exe2bin anticaro.exe

