EViLH0MeR - Virus for MS-DOS by Sepultura

Virus for MS-DOS

Author's comments

Compile with A86

This is is a simple, lame, parasitic, non-resident, .com infector. It doesnt even restore original date and time stamps, and turn of read-only attributes.

The only reason i wrote this virus is to illustrate an idea... the idea of marking infected files in their _SIZE_ field.. I tried explaining it to a few people, but they didnt get WTF i was rambling on aobut.. so i just whipped up this thing to show them.

Basically all infected file lengths end in AAh (that is the last byte of the size field), so one in 256 files will falsely be identified as infected. This is like illeagal date and time fields (seconds=62 or years+=100), but it is not doing anything illeagle, and wont set of any flags or suspicions.. It is just a new (i think) way to mark infected files, without having to open them (although this virus opens them 1st).

I first got this idea from looking at the Size Padding in Havoc, so thanks go to Neurobasher.

South Australia is a Stagnant State..

