Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- VirBase=0 ;Признак 1 для основной вирусной базы, 0 - для дополнений
- ;Следующая строка (после 'Creator=') должна содержать не более 93 символов
- Creator=Igor Daniloff, Daniloff's Anti-Virus Labs and DialogueScience Inc.
- MinVers=428 ;Максимальная версия engine, с которым работает база
- [MEMVIR] ;Секция резидентных вирусов
- [TRC13] ;Trace Int 13h Chaine
- [END TRC13]
- [TRC21] ;Trace Int 21h Chaine
- ;Bolero.1307
- MEM 02eh,0ch,74h,000h,30h,002642876h,0ch,1,0ebh,000h,0,Bolero,0,1307,0 ;2ec6 37a
- ;Uhg.2580
- MEM 09ch,0eh,75h,000h,30h,08697e806h,0eh,2,0ebh,06fh,0,Uhg,0,2580,0 ;9c3d 1ff
- [END TRC21]
- [SCANMEM] ;Scan Memory Viruses
- ;STOP -ОБЯЗАТЕЛЬНО!!! после одной или нескольких записей с одинаковым
- ;стартовым байтом
- [END SCANMEM]
- [IFSHOOK] ;Win95 IFS HOOK Viruses
- [END IFSHOOK]
- [SCANPRC] ;Scan Windows Memory Processes Viruses
- ;Win32.HLLW.Nimda.57344 (2) 80 3e 53 75 35
- MEM 08bh,18h,04dh,0dh,030h,05c7b275ch,00h,0,000h,000h,0,Win32.HLLW,Nimda,57344,DeleteProc ;60c0
- STOP
- ;STOP -ОБЯЗАТЕЛЬНО!!! после одной или нескольких записей с одинаковым
- ;стартовым байтом
- [END SCANPRC]
- [SCANSYS] ;Scan Share and System Windows Memory Viruses
- ;STOP -ОБЯЗАТЕЛЬНО!!! после одной или нескольких записей с одинаковым
- ;стартовым байтом
- [END SCANSYS]
- [INTRMEM]
- [END INTRMEM]
- [END MEMVIR]
- [FILEVIR] ;Секция файловых вирусов
- [EASY] ;Easy viruses -- Above 0x800 bytes from EXE (PE) entry point
- ;HEURISTIC----------------------------------------------
- ;DISKPART
- FILE 06ah,00000h,020h,08959eedfh,066h,00073h,030h,042e9ab42h,CHK+COM,0,0,0 ;***
- CES SPECIAL:NoHeuristic,00100h,00004h,00000h,00000h,00000h
- ;WWHEEL.DLL
- FILE 083h,00000h,020h,0e17d502dh,053h,00023h,030h,0567487ddh,CHK+COM,0,0,0 ;***
- CES SPECIAL:NoHeuristic,00100h,00004h,00000h,00000h,00000h
- ;HEURISTIC----------------------------------------------
- ;Win32.HLLW.Supernova.40960
- FILE 05ch,00001h,007h,01cb341e3h,053h,0003ch,040h,0c1c3640eh,CDL,Win32.HLLW,Supernova,40960 ;***
- ;Trivial.Anjo.700
- FILE 0b4h,00000h,010h,05c6834e4h,0b8h,00017h,030h,035df5035h,DEL,Trivial,Anjo,700 ;***
- ;Trojan.Aphex.70
- FILE 004h,00007h,007h,0419de474h,0dch,00024h,040h,0bde237d8h,CDL,Trojan,Aphex,70 ;***
- ;Trojan.MulDrop (92) (damaged 88)
- FILE 08ch,00016h,007h,0cce6303ch,0fch,0004ch,040h,046647306h,CDL,Trojan,MulDrop,0 ;***
- ;Trojan.PWS.Murka (4)
- FILE 0ech,00009h,007h,0ac0f810ah,094h,00013h,040h,0831cc46bh,CDL,Trojan.PWS,Murka,0 ;***
- ;BackDoor.Wildek.2 (1) (server)
- FILE 034h,0000eh,007h,0712125abh,0c8h,0009fh,040h,058b42c1dh,CDL,BackDoor,Wildek,2 ;***
- ;BackDoor.Wildek.2 (2) (client)
- FILE 00ch,00007h,007h,04aa2ec12h,00ch,00008h,040h,0220f6d22h,CDL,BackDoor,Wildek,2 ;***
- ;BackDoor.InCommand.16 (10) (regclient)
- FILE 030h,00007h,007h,076456f03h,028h,00024h,040h,06d987e6dh,CDL,BackDoor,InCommand,16 ;***
- ;BackDoor.InCommand.16 (11) (regserv)
- FILE 0e0h,0000ch,007h,0a2168f36h,0c4h,00069h,040h,0eec3681eh,CDL,BackDoor,InCommand,16 ;***
- ;BackDoor.InCommand.17 beta3 (5) (client)
- FILE 098h,00012h,007h,0c9e8ecdah,040h,00039h,040h,043a75d37h,CDL,BackDoor,InCommand,17 ;***
- ;BackDoor.InCommand.17 beta3 (6) (ntpasshack)
- FILE 0b8h,00007h,007h,0fcaedaa0h,050h,-019fh,040h,0fb55c64fh,CDL,BackDoor,InCommand,17
- ;BackDoor.InCommand.17 beta3 (7) (passhack)
- FILE 00ch,00007h,007h,048a9d512h,050h,-019fh,040h,0bddf0ab5h,CDL,BackDoor,InCommand,17
- ;BackDoor.InCommand.17 beta3 (8) (plugin.stub)
- FILE 094h,00011h,007h,0d0b8629ch,088h,00036h,040h,0e5f4ed1ah,CDL,BackDoor,InCommand,17
- ;BackDoor.Zuper
- FILE 044h,00001h,007h,00fbd5cf0h,06dh,00045h,040h,075c365e6h,CDL,BackDoor,Zuper,0 ;***
- ;------------------------------------------------------------------------------------------
- ;FDOS.MsgBomb
- FILE 040h,00008h,007h,043284417h,044h,00046h,040h,0193d4575h,CHK+COM,FDOS,MsgBomb,0 ;***
- CES INTERPR:CheckSeekLargePacked#,0bed0h,00004h,00040h,0caeah,021d2h
- ;FDOS.Visual Error
- FILE 040h,00008h,007h,043284417h,044h,00046h,040h,0193d4575h,ACT+COM,0,0,0 ;***
- CES SPECIAL:NoCheckThisFile,00000h,00000h,00000h,00000h,00000h
- ;------------------------------------------------------------------------------------------
- [END EASY]
- [POLY] ;Polymorphic viruses
- ;Byworm.1200
- FILE 0cdh,00000h,010h,0505405e4h,0b8h,001ebh,030h,0a53ceb9bh,COMEXE,Byworm,0,1200 ;***
- CES ASIS ,00100h,00004h,00000h,00000h,00000h
- CES CISS ,003e6h,003e4h,003e8h,003eah,00000h
- ;Byworm.1600
- FILE 0cdh,00000h,010h,0d402f2e1h,0b8h,00201h,030h,0a7c61399h,COMEXE,Byworm,0,1600 ;***
- CES ASIS ,00100h,00004h,00000h,00000h,00000h
- CES CISS ,00523h,00521h,00525h,00527h,00000h
- ;Uhg.2580
- FILE 0cdh,00000h,010h,066701057h,09ch,00063h,030h,08697e806h,COMEXE,Uhg,0,2580 ;***
- CES BYTES ,-0076h,-0075h,-0078h,00000h,00000h
- CES INTERPR:CureBombTrack2349#,-0087h,-008ah,00000h,-0082h,00000h
- [END POLY]
- [CRYPT] ;Encoded viruses
- ;Bolero.1307
- FILE 059h,00000h,010h,0d97f5bf7h,02eh,000b4h,030h,002642876h,COM,Bolero,0,1307 ;***
- CES MOVE ,004a0h,00005h,00000h,00000h,00000h
- ;Loh.1560
- FILE 09ch,00000h,010h,0f81aea10h,0b9h,000ddh,030h,0827dfeb1h,EXE,Loh,0,1560 ;***
- CES INTERPR:CureOpera1020#,00618h,00618h,00000h,00000h,00618h
- [END CRYPT]
- [SPECIAL] ;Special functions
- [END SPECIAL]
- [MACRO] ;Macro viruses
- [END MACRO]
- [MACROSRC] ;Macro Source viruses
- [END MACROSRC]
- [HEADER] ;Packed or Header viruses
- ;VBS.Britney (5) (chm)
- FILE 042h,00244h,007h,0425c4c14h,04bh,0025ah,040h,08ab65befh,CDL,VBS,Britney,0 ;***
- ;VBS.Britney (6) (chm)
- FILE 041h,0022eh,007h,04c45450dh,041h,00240h,040h,0c50b8aa4h,CDL,VBS,Britney,0 ;***
- ;Bolero.1307 (dropper)
- FILE 059h,0003ch,010h,0d97f5bf7h,02eh,000f0h,030h,002642876h,DEL,Bolero,0,1307 ;***
- ;Trivial.161
- FILE 0beh,00000h,010h,07214f6e2h,0b0h,00042h,030h,097d0cc7bh,DEL,Trivial,0,161 ;***
- ;Trivial.179
- FILE 0e8h,00000h,010h,0e0c2efc1h,08dh,0002bh,030h,00f9db3cch,DEL,Trivial,0,179 ;***
- ;Trivial.Sbvc.30000 (1)
- FILE 0b4h,00014h,010h,080e2d81eh,0b4h,0002fh,030h,061751e3ah,DEL,Trivial,Sbvc,30000 ;***
- ;Trivial.Sbvc.30000 (2)
- FILE 0b4h,00016h,010h,0f454e34eh,0b4h,00032h,030h,09ca23396h,DEL,Trivial,Sbvc,30000 ;***
- [END HEADER]
- [DATA] ;Data viruses -- First 0x800 bytes of primary section of PE EXE
- ;Win32.HLLM.Frethem.11
- FILE 0a8h,0016ch,007h,0edcf3709h,08ch,0079dh,040h,043d31b16h,CDL,Win32.HLLM,Frethem,11 ;***
- ;Win32.HLLM.Frethem.12
- FILE 0b8h,0016ch,007h,0fda149f9h,02ch,0078bh,040h,0234cec5eh,CDL,Win32.HLLM,Frethem,12 ;***
- ;Win32.HLLM.Frethem.13
- FILE 0e8h,0016ch,007h,0addb6349h,0a0h,00795h,040h,0c31757beh,CDL,Win32.HLLM,Frethem,13 ;***
- ;Win32.HLLM.Frethem.14
- FILE 0e8h,0016ch,007h,0add86049h,0a0h,00795h,040h,0c03576bdh,CDL,Win32.HLLM,Frethem,14 ;***
- ;Win32.HLLW.Datom (1) (msvxd.exe)
- FILE 0d7h,00001h,007h,097314695h,064h,005e1h,040h,09bcf9e16h,CDL,Win32.HLLW,Datom,0 ;***
- ;Win32.HLLW.Datom (2) (msvxd16.dll)
- FILE 0abh,00001h,007h,0eb212ae9h,015h,00699h,040h,0cea2ef0ah,CDL,Win32.HLLW,Datom,0 ;***
- ;Win32.HLLW.Datom (3) (msvxd32.exe)
- FILE 0c3h,00001h,007h,083711281h,023h,0073ch,040h,0cf49a772h,CDL,Win32.HLLW,Datom,0 ;***
- ;HLLO.2608
- FILE 005h,00000h,007h,04e7c57d4h,030h,000b7h,040h,02ca5d932h,DEL,HLLO,0,2608 ;***
- ;IRC.Projax.56060
- FILE 050h,00002h,007h,0555c5117h,046h,000d3h,040h,0addcc952h,DEL,IRC,Projax,56060 ;***
- ;Trojan.PWS.Zimenok (1) (cfg)
- FILE 09eh,0000fh,007h,0de3ae4b6h,020h,00150h,040h,027c3e427h,CDL,Trojan.PWS,Zimenok,0 ;***
- ;Trojan.PWS.Zimenok (2)
- FILE 050h,00010h,007h,010509b43h,0a5h,0036dh,040h,0dedbadfch,CDL,Trojan.PWS,Zimenok,0 ;***
- ;Trojan.PWS.Zimenok (3)
- FILE 005h,00110h,007h,045e99e45h,0c0h,006dah,040h,0e96c0ea9h,CDL,Trojan.PWS,Zimenok,0 ;***
- ;Trojan.Share.3851
- FILE 061h,00004h,007h,07a64661fh,010h,00289h,040h,029005f2fh,CDL,Trojan,Share,3851 ;***
- ;Trojan.Share.3856
- FILE 061h,00004h,007h,07a64661fh,010h,00289h,040h,012006414h,CDL,Trojan,Share,3856 ;***
- ;BackDoor.BlackRat.16 (1) (downloader)
- FILE 056h,00001h,007h,05669d956h,037h,00064h,040h,0ef970de8h,CDL,BackDoor,BlackRat,16 ;***
- ;BackDoor.BlackRat.16 (2) (server)
- FILE 08ch,00018h,007h,0cc69e1e8h,0e8h,00759h,040h,09f025b9ah,CDL,BackDoor,BlackRat,16 ;***
- ;COM
- ;BAT.GhostDog.942
- FILE 066h,006cbh,020h,04c22310ch,074h,0075fh,030h,032154246h,DEL,BAT,GhostDog,942 ;***
- ;BAT.GhostDog.1228
- FILE 066h,00699h,020h,04c22310ch,074h,0075fh,030h,032154246h,DEL,BAT,GhostDog,1228 ;***
- ;BAT.Julia.1000
- FILE 066h,006afh,020h,04c223119h,074h,0072ch,030h,0590d3638h,DEL,BAT,Julia,1000 ;***
- ;BAT.Bakk.494
- FILE 066h,006c3h,020h,05a126274h,074h,00755h,030h,010310422h,DEL,BAT,Bakk,494 ;***
- ;BAT.Cls.475
- FILE 066h,00729h,020h,0476b0c24h,074h,007a7h,030h,057467d24h,DEL,BAT,Cls,475 ;***
- ;JS.Fortnight (2)
- FILE 03ch,00751h,007h,0284e2b6dh,073h,0079ch,040h,0123d4b66h,DEL,JS,Fortnight,0 ;***
- [END DATA]
- [TEXT] ;Text viruses
- ;Error for BAT.Trivia.39
- FILE 049h,0000ah,007h,040464314h,046h,00001h,020h,06f083223h,CHK+COM,0,0,0 ;***
- CES INTERPR:ErrorBATTrivial39#,00000h,00000h,00000h,00000h,00000h
- ;BAT.Eris (eris5.bat)
- FILE 045h,00032h,007h,05f35281eh,047h,0003bh,040h,04c637b46h,CDL,BAT,Eris,0 ;***
- ;Perl.Snakebyte.2987
- FILE 043h,00231h,007h,04a5f4113h,046h,007b5h,040h,0387b066ah,DEL,Perl,Snakebyte,2987 ;***
- ;Trojan.FormatC.30
- FILE 046h,00007h,007h,00a035b47h,045h,00001h,01ah,017286743h,DEL,Trojan,FormatC,30 ;***
- ;Trojan.IframeExec
- FILE 03ch,00001h,006h,01c396922h,000h,00000h,000h,000000000h,CHK+COM,Trojan,IframeExec,0 ;***
- CES INTERPR:CheckTrojanIframeExec#,00200h,00020h,00000h,00000h,00000h
- [END TEXT]
- [SCRSKELET] ;Script Skeleton viruses
- ;BAT.Eris
- FILE 025h,00000h,020h,0473c3108h,041h,000c1h,030h,01d091437h,DEL,BAT,Eris,0 ;***
- ;VBS.Generic (59)
- FILE 041h,0004ah,020h,071240734h,054h,00070h,030h,0444e4400h,CDL,VBS,Generic,0 ;***
- ;VBS.Generic (60)
- FILE 041h,0003ah,020h,0714e7a3dh,044h,00067h,030h,07d173828h,CDL,VBS,Generic,0 ;***
- ;VBS.Generic (61)
- FILE 04dh,0003fh,020h,053595e01h,053h,0005ah,030h,0631e3963h,CDL,VBS,Generic,0 ;***
- ;VBS.Generic (62)
- FILE 057h,00066h,020h,05a312713h,047h,0003bh,030h,071207f38h,CDL,VBS,Generic,0 ;***
- ;VBS.Generic (63) (ConvertHex tools)
- FILE 045h,00000h,008h,00b17590bh,000h,00000h,000h,000000000h,CHK+COM,VBS,Generic,0 ;***
- CES INTERPR:CheckVBSConvertHex#,00000h,00000h,00000h,00000h,00000h
- ;VBS.Generic (64)
- FILE 056h,0005ah,020h,059243859h,047h,00023h,030h,018570354h,CDL,VBS,Generic,0 ;***
- ;VBS.Generic (65) (gascript)
- FILE 043h,0002dh,007h,04a595a06h,045h,0001eh,040h,0564f5d56h,CDL,VBS,Generic,0 ;***
- ;VBS.Generic (66)
- FILE 043h,00035h,020h,04e677b07h,04fh,0009ah,030h,04a7c724ah,CDL,VBS,Generic,0 ;***
- ;VBS.Generic (67)
- FILE 048h,00061h,020h,051243051h,052h,000d3h,030h,05f7a251bh,CDL,VBS,Generic,0 ;***
- ;VBS.Generic (68)
- FILE 046h,00023h,020h,0274d2f27h,046h,00001h,030h,0174e0d51h,CDL,VBS,Generic,0 ;***
- ;VBS.Generic (69)
- FILE 057h,00033h,007h,04a5e5803h,045h,00009h,040h,071063971h,CDL,VBS,Generic,0 ;***
- ;BAT.Generic (55)
- FILE 043h,00016h,020h,0737a0957h,04dh,00000h,03bh,008044708h,DEL,BAT,Generic,0 ;***
- [END SCRSKELET]
- [MCRSKELET] ;Macro Skeleton viruses
- ;W97M.Iron (3)
- FILE 043h,00045h,020h,0622f0836h,049h,0006dh,030h,02b0a2178h,WRD,W97M,Iron,0 ;***
- ;W97M.VMPCK (22)
- FILE 043h,00097h,020h,0613d132ch,045h,000c2h,030h,074247032h,WRD,W97M,VMPCK,0 ;***
- [END MCRSKELET]
- [SEARCH]
- ;STOP -ОБЯЗАТЕЛЬНО!!! после одной или нескольких записей с одинаковым
- ;стартовым байтом
- [END SEARCH]
- [LONGSEARCH]
- ;STOP -ОБЯЗАТЕЛЬНО!!! после одной или нескольких записей с одинаковым
- ;стартовым байтом
- [END LONGSEARCH]
- [WLNGSEARCH]
- ;Win32.FunLove.4608 (damaged in last sec)
- FILE 081h,04d3fh,010h,068042c67h,03dh,00027h,030h,069a10e41h,DEL,Win32,FunLove,4608 ;***
- STOP
- ;STOP -ОБЯЗАТЕЛЬНО!!! после одной или нескольких записей с одинаковым
- ;стартовым байтом
- [END WLNGSEARCH]
- [INTRFILE] ;File Interpretator procedures
- ;-------------------------------------------------------------------
- CheckSeekLargePacked#:
- if ((dword CurDat1+CurDat3)>filesize) ret;
- openrd;
- seek(dword CurDat1);
- read(CurDat3);
- closerd;
- if ((crcsum(free,CurDat3))!=dword CurDat4) ret;
- prnvir;
- delete;
- exit;
- end;
- ;CheckLargePacked#:
- ;if ((fileEP+dword CurDat1+CurDat3)>filesize) ret;
- ;openrd;
- ;seek(fileEP+dword CurDat1);
- ;read(CurDat3);
- ;closerd;
- ;if ((crcsum(free,CurDat3))!=dword CurDat4) ret;
- ;prnvir;
- ;delete;
- ;exit;
- ;end;
- ;CutWin32Size#:
- ;b=headerw(14h)+headerw(6)*28h;
- ;if (b<7fdh) {
- ; if (headerd(b-8)<=headerd(b)) {
- ; headerd(b)=a-headerd(b+4); //Phys Size
- ; headerd(b-8)=a-headerd(b+4); //Virt Size
- ; headerd(50h)=headerd(b-4)+headerd(b); //Image Size
- ; }
- ; else {
- ; headerd(b)=a-headerd(b+4); //Phys Size
- ; headerd(50h)=headerd(b-4)+headerd(b-8); //Image Size
- ; }
- ; if (headerd(50h)%headerd(38h)) headerd(50h)=((headerd(50h)/headerd(38h))+1)*headerd(38h);
- ; wrheader(b+4);
- ;}
- ;else wrheader(2ch);
- ;ret;
- ;end;
- ;CorrectLastSec#:
- ;if (b<7fdh) {
- ; a=headerd(b)&(headerd(3ch)-1);
- ; if (a) {
- ; seek(headerd(b)+headerd(b+4));
- ; for (i=0,i+=4,i<headerd(3ch)-a) virsgd(i)=0;
- ; c=writebig(virsg,headerd(3ch)-a);
- ; headerd(b)+=headerd(3ch)-a;
- ; wrheader(b+4);
- ; }
- ; setsize(headerd(b)+headerd(b+4));
- ;}
- ;ret;
- ;end;
- ;CutFromLastPE#:
- ;if (headerd(28h)>headerd(34h)) headerd(28h)-=headerd(34h);
- ;a=fileEP+sign CurCut;
- ;call(CutWin32Size#);
- ;call(CorrectLastSec#);
- ;ret;
- ;end;
- ;CureWin95Zerg3849#:
- ;headerd(28h)=virsgd(vir+sign CurDat1);
- ;call(CutFromLastPE#);
- ;ret;
- ;end;
- ;RemoveLastPESection#:
- ;a=headerw(14h)+2ch+headerw(6)*28h;
- ;if (a<7fdh) {
- ; seek(headerd(a));
- ; call (RemoveVirusCode);
- ; for (i=0,i+=4,i<18h) headerd(a+i-14h)=0;
- ; headerd(50h)=headerd(a-30h)+headerd(a-2ch); //Image Size
- ; if (headerd(50h)%headerd(38h)) headerd(50h)=((headerd(50h)/headerd(38h))+1)*headerd(38h);
- ; wrheader(a+4);
- ;}
- ;else wrheader(2ch);
- ;ret;
- ;end;
- ;CureLastPESection#:
- ;--headerw(6);
- ;headerd(28h)=virsgd(vir+sign CurDat1);
- ;if (headerd(28h)>=headerd(34h)) headerd(28h)-=headerd(34h);
- ;call (RemoveLastPESection#);
- ;ret;
- ;end;
- ;SearchWin32RVA#: //Вход: a - RVA
- ; //Выход: a - смещение, -1 - ошибка
- ; //Файл должен быть открыт!
- ;if ((headerw(14h)+(headerw(6)-1)*28h+18h)<=7d8h) {
- ; for (i=0,++i,i<headerw(6)) {
- ; if (a<headerd(headerw(14h)+i*28h+18h+0ch)) continue;
- ; if (a>headerd(headerw(14h)+i*28h+18h+0ch)+headerd(headerw(14h)+i*28h+18h+10h)) continue;
- ; a=a-headerd(headerw(14h)+i*28h+18h+0ch)+headerd(headerw(14h)+i*28h+18h+14h);
- ; ret;
- ; }
- ; a=-1;
- ;}
- ;else {
- ; seek(offshead+headerw(14h)+18h);
- ; read(800h);
- ; for (i=0,++i,i<headerw(6)) {
- ; if (a<freed(i*28h+0ch)) continue;
- ; if (a>freed(i*28h+0ch)+freed(i*28h+10h)) continue;
- ; a=a-freed(i*28h+0ch)+freed(i*28h+14h);
- ; ret;
- ; }
- ; a=-1;
- ;}
- ;ret;
- ;end;
- ;||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
- ErrorBATTrivial39#:
- ++textd(2);
- ret;
- end;
- CureBombTrack2349#:
- ip=virsgw(vir+sign CurDat1);
- cs=virsgw(vir+sign CurDat2);
- sp=virsgw(vir+sign CurDat4);
- correct;
- ret;
- end;
- CureOpera1020#:
- ab=CurDat2;
- call (ReadLastBytes);
- for (i=0,++i,i<CurDat2) {virsgb(i)^=ab;--ab;}
- a=writebig(virsg,CurDat2);
- call(START);
- ret;
- end;
- ;-------------------------------------------------------------------
- CheckTrojanIframeExec#:
- for (i=7,++i,i<CurDat1) {
- if (textd(i)!='<IFR') continue;
- if (textd(i+4)!='AME ') continue;
- if (textd(i+8)!='SRC=') continue;
- // if (word textd(i+12)=='3D') i+=2;
- if (textd(i+12)!='CID:') continue;
- for (j=i+18,++j,j<i+18+CurDat2) {
- if (textd(j)!='HEIG') continue;
- if (textd(j+3)!='GHT=') continue;
- // if (word textd(j+7)=='3D') j+=2;
- if (byte textd(j+7)!='0') continue;
- if (textd(j+8)!=' WID') continue;
- if (textd(j+11)!='DTH=') continue;
- // if (word textd(j+15)=='3D') j+=2;
- if (byte textd(j+15)!='0') continue;
- if (byte textd(j+16)!='>') continue;
- if (byte textd(j+17)==0ah) ++j;
- if (byte textd(j+17)!='<') continue;
- if (textd(j+18)!='/IFR') continue;
- if (textd(j+22)!='AME>') continue;
- prnvir;
- delete;
- exit;
- }
- }
- ret;
- end;
- CheckVBSConvertHex#:
- for (i=80h,++i,i<780h) {
- if (datad(i)!='Func') continue;
- if (datad(i+4)!='tion') continue;
- if (byte datad(i+8)!=20h) continue;
- for (j=9,++j,j<200h) {
- if (word textd(j)!=2228h) continue;
- aw=0;
- for (k=j+2,k+=2,k<800h) {
- bw=0;
- for (l=0,++l,l<2) {
- bw<|=4;
- ab=textd(k+l);
- if ((ab>='0')&&(ab<='9')) {
- ab-='0';
- }
- else if ((ab>='A')&&(ab<='F')) {
- ab-=37h;
- }
- else ret;
- bw=bw|ab;
- }
- freeb(aw)=bw;
- ++aw;
- }
- if (freed(0)!='On E') ret;
- for (k=0,++k,k<aw) {
- if ((freed(k)&0dfdfdfffh)=='.SCR') {
- if ((freed(k+4)&0dfdfdfdfh)!='IPTF') continue;
- if ((freed(k+8)&0dfdfdfdfh)!='ULLN') continue;
- if ((freed(k+11)&0dfdfdfdfh)!='NAME') continue;
- prnvir;
- delete;
- exit;
- }
- }
- ret;
- }
- ret;
- }
- ret;
- end;
- [END INTRFILE]
- [END FILEVIR]
- [BOOTVIR] ;Boot Viruses
- [EASYBOOT]
- [END EASYBOOT]
- [SEARCHBOOT]
- [END SEARCHBOOT]
- [INTRBOOT]
- [END INTRBOOT]
- [END BOOTVIR]
- [END]
- ;Имена вирусов должны идти сразу за секцией VIRNAMES, а после всех имен
- обязательно должен быть перевод строки
- [VIRNAMES]
- Anjo
- Aphex
- BackDoor
- Bakk
- BAT
- BlackRat
- Bolero
- Britney
- Byworm
- Cls
- Datom
- Eris
- FDOS
- FormatC
- Fortnight
- Frethem
- FunLove
- Generic
- GhostDog
- HLLO
- IframeExec
- InCommand
- IRC
- Iron
- JS
- Julia
- Loh
- MsgBomb
- MulDrop
- Murka
- Nimda
- Perl
- Projax
- Sbvc
- Share
- Snakebyte
- Supernova
- Trivial
- Trojan
- Trojan.PWS
- Uhg
- VBS
- VMPCK
- W97M
- Wildek
- Win32
- Win32.HLLM
- Win32.HLLW
- Zimenok
- Zuper
- // Source: 1764376ba7382c9c9786e3b913633edc3b5f8bedeb6a4e0f43fa163a8d7c949574891cbd51ffcd29fa313725fe15f91eb014701d75ef71de7d1c6fb6f9183e88
Add Comment
Please, Sign In to add comment