💾 Archived View for spam.works › mirrors › textfiles › virus › diogenesdoc.vir captured on 2023-11-04 at 16:00:54.

View Raw

More Information

⬅️ Previous capture (2023-06-16)

-=-=-=-=-=-=-

DIOGENES 2.0 DOCUMENTATION & USER NOTES                

DIOGENES is a destructive VCL 1.0 variant that was not created directly 
with Nowhere Man's Virus Creation Laboratory, but rather began life as a
first generation descendant of Urnst Kouch's DIARRHEA 4.  You'll remember 
DIARRHEA 4 from a previous Crypt Newsletter -- it's the tenuous little .COM 
infector that displays a colorful "Eat My Diarrhea" ANSI on Fridays.  
The Crypt newsletter's magnanimous distribution of such well-commented 
source codes as those churned out by VCL 1.0 is of course a boon to 
potential virus authors.  

DIOGENES is an appending, encrypted .COM infector.  When it can find no 
more .COMs to infect within the current directory, it will search the system 
path for them.  COMMAND.COM is a viable target, but its infection will not
crash the system.  Infected files become dangerous time bombs -- execution
on the 31st of any month will trigger an overwrite of the C: drive, starting 
with sector 1 and continuing through 718.  This will eradicate the FAT and
the root directory, as well as whatever other data happens to lie within 
those sectors.  The overwrite consists of a message written to the disk
over and over.  This cheery missive is also displayed to the screen 
once before the user is returned politely to the DOS prompt, undoubtedly
leaving the victim with a warm feeling inside that will make him forget all 
about his lost data.  Diogenes' greeting is as follows:
                                                                             

"DIOGENES 2.0 has visited your hard drive.....

 This has been another fine product of the Lehigh Valley.
 Watch (out) for future 'upgrades'.

 The world's deceit has raped my soul.  We melt the plastic 
 people down, then we melt their plastic town....."


The second line of the message is in homage to the Lehigh Virus.  The last 
two lines are taken from the song 'Plastic Town' by Powermad.  The message 
is not visible within the encrypted virus.  

As a token of the author's mercy and benevolence, the affected system can 
still be rebooted off the C: drive following its Diogenization.  However, 
recovery of data (that which hasn't been overwritten, that is,) will be a 
major undertaking under most circumstances.  (Seeker is too kind. The routine
which overwrites your data is thorough. Affected disks are a nightmare
for even powerful tools like Mace Utilities and Norton. Only a masochist
would spend more than 5 minutes checking the disk before wiping it. -URNST)
Additionally, any recovered .COMs would still be infected.

DIOGENES is not scannable by SCAN 95b, with its vaunted ability to spot any
VCL product.  Face it -- with a little patience and experimentation, any 
viral source code can be altered in such a way as to render the assembled 
virus unrecognizable to any given scan-string scanner.  Far from being 
obsolete, Nowhere Man's VCL, with its generously commented source codes so
valuable and inviting as both raw material and learning aid to the potential 
new virus author, has in fact given such scanners a hearty shove towards 
their rapidly approaching demise.

--SEEKER