AVP-Aids - Virus for MS-DOS by Tcp

Virus for MS-DOS

Released in 29A#1 magazine

Author's comments

AVP is probably the best antivirus nowadays, but it's the most easily foolable too :) One of its best advantages is that the user himself is able to write his own detection and disinfection routines for any new virus he may find. But a virus author could use that facilities to write a virus, don't you think? :)

All we need to have is the routine editor (AVPRO) which is included in the registrated version of AVP (2.1 and above), or the -older- one in- cluded in the shareware version of AVP 2.0, which is the one i used.

This routine editor gives us a lot of functions and structures we can call. For more info on this, read their definitions in a file named DLINK.H which is included in AVP.

Having access to the vectors of those functions, we may either change or redirect them as a normal virus does with the standard interrupt vectors. We could write trojans, droppers, a stealth routine, and even a whole virus... imagination is the only limit you have ;)

As an example of this, i wrote a simple virus which i named AVP-Aids, because it works in the same way as the known disease does:

I recommend the reading of the file USERGUID.DOC which is included in the AVP pack for a better comprehension about the way AVP-Aids works.

For getting a working dropper of AVP-Aids, first compile the next two files (tasm /m /ml /q avp_dec.asm; tasm /m /ml /q avp_jmp.asm).

