💾 Archived View for spam.works › mirrors › textfiles › virus › stoned1.vir captured on 2023-06-16 at 21:04:43.
-=-=-=-=-=-=-
06 Oct 89
From: Samson Luk
To: All
Subj: To Remove the Marijuana (Stoned) Virus from HD
------------------------------------------------
Below is an easy way to be followed step-by-step instructions for removing
the Marijuana Virus from an infected hard disk without taking the time to:
a) wipe the disk clean by over-writing all files with zeros and ones,
b) reformat the hard disk and
c) then reload the hard disk from back-ups.
The following instructions was provided by Bill Kenny of Digital Dispatch
Incorporated, producers of the anti-virus product, Data Physician:
First of all you need to verify that the version of the Marijuana virus
that you are infected with is the same as the one that was used to write
these instructions. I (Bill Kenny) have only seen one version, but that
does not mean that other do not exist!
This virus can be removed using DEBUG, a program that comes with DOS.
1) Go into DEBUG and type in the following (do not type the comments -
the ";" and copy that follows):
R IP ;set the IP register
100 ;the command prompt will be a ':', not a '-'
A 100 ;this command starts the Assembler. The prompt for
MOV DX,80 ;these lines will be xxxx:01xx, where the x's stand
MOV CX,1 ;for some hex digit.
MOV BX,200
MOV AX,201
INT 13
;press "Return" on a blank line to exit the Assembler
G 10E ;execute the above program. Upon return , the end of
;the 2nd line (the first starts with AX=) should be
;NC. If the end is CY, you have a problem and cannot
;continue.
D 38A 39F ;dump some memory. The right-hand side of the screen
;should show "Your PC is now Stoned!"
D 3A5 3B7 ;more memory. This should say "LEGALISE MARIJUANA!"
U 200 201 ;show the first instruction. This should be
;JMP 7C00:0005
U 2E4 302 ;Some more code. THIS IS AN IMPORTANT SECTION!
2) The previous Unassemble command in step 1 above should have produced the
following code:
xxxx:02E4 B80000 MOV AX,0000
xxxx:02E7 CD13 INT 13
xxxx:02E9 33C0 XOR AX,AX
xxxx:02EB 8EC0 MOV ES,AX
xxxx:02ED B80102 MOV AX,0201
xxxx:02F0 BB007C MOV BX,7C00
xxxx:02F3 2E CS:
xxxx:02F4 803E080000 CMP BYTE PTR [0008],00
xxxx:02F9 740B JZ 0306
xxxx:02FB B90700 MOV CX,0007
xxxx:02FE BA8000 MOV DX,0080
xxxx:0301 CD13 INT 13
Note: The xxxx above will vary from system to system. These values are
not important to the program.
3) If you do not have a match at any step above, DO NOT PROCEED!
4) To move the virus from your hard disk, enter the following into DEBUG.
R IP
100
A 100
MOV DX,80
MOV CX,7
MOV BX,200
MOV AX,201
INT 13
MOV DX,80
MOV CX,1
MOV BX,200
MOV AX,301
INT 13
;press "Return" on a blank line to exit the Assembler
G 11C ;execute the above program.
5) The Marijuana virus is now removed from your hard disk. You can reboot
your system safely.