 |
 |
 |
 |
|
 |
 |
 |
 |
|
|
|
|
|
|
|
|
|
 |
A couple of years ago (4 years or something) I became interested in virusses/virii. Like you and me, we all heard
the media hysteria when some virus was threatening our society (scream!! aaahhhhh ; )). I thought (and still think)
virusses are cool, they slip through your fingers and hide themselves everywhere, like living creatures, so I went
searching for info. I found a book (finally, I had no Internet) about virusses (don't know the name), which contained
2 full source codes of virii in Assembly! Around the same time I was learning Assembly (or the virii where the
motivation)... Soon (well, a couple of months) I produced my first virus.... a single directory com-infecting non-resident
virus. Since then I only thought out ideas & routines for virusses, but didn't spend the time to combine them
to real virusses. I will try to make my ideas & research public here, so you can use it. |
| Research on polymorf dos virus - status: Cancelled | |
| Research on behaviour of win32 virii ... | |
| Research on possibility of partially emulating win32 programs ... | |
| Research on polymorf win32 virus ... | |
Fast Progress: Reversing the Happy99 or win32.ska virus for DREAD, 29A and myself See the nice fireworks/payload of the deactivated Happy99/Ska virus! Download here. Download the living Happy99/Ska virus here. How to disinfect your Ska infected compu -Delete ska.dll & ska.exe from your windows system directory. -Look if there is a wsock32.ska in the same directory, ifso copy wsock32.ska to wsock32.dll and delete wsock32.ska . -Look in regedit in the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce if there is a value with the name Ska.exe and the value Ska.exe . Ifso delete the value. -Check if there is a liste.ska file in your windows system directory. It contains the mailaddresses of mails where the ska program has attached itself to. You better warn the people from those mailaddresses. :) Find base address of kernel32.dll without using GetModuleHandleA or GetProcAddr Executable search2.exe, source search2.asm . Displays messagebox with found address/modulehandle & addr found in header. For same vague reason, the messageboxes with the result wont display on WinNT. If you know why, mail me at anarchriz@hotmail.com . |
| The Viral Database | Biggest and Best merge of texts on virii by Cicatrix - 1.8 out! | |
| BioTech - Virus Research Labs | At the 'info' section lots of background info on win32 - btw c00l web design by GriYo! |
| Great VX groups | ||
| The Code Breakers | Magazine #5 is out! codebreakers.org still down, see Spook's site | |
| 29A | The 29A Labs - Check out their latest Magazine #3 ! Darkman says #4 is coming in september. | |
| SLAM | Cyber_Yoda/SLAM's homepage | |
| NOP | Virogen's page also for NOP releases | |
