MSX Virus | MSX Resource Center (Page 2/4)

Prophet (2266)

17-09-2003, 22:25

Do you see??? MSX is a so good platform that even the viruses remain living until now!!! Do you see any Michelangelo or any other old virus into your PC's nowadays? Nooooo... they are all sissy-pc-virus that can't stand for too long...

Be proud gentleman! Our viruses are much better than the viruses of other stinking platforms! AHhahahah...

By anonymous

incognito ergo sum (116)

18-09-2003, 01:48

/me waves to Saeba as well. And thanks to him, I had my MSX HD FULL with the ZAPP virus, just last year. So it's a survivor for sure.
LOL, I remember Saeba being mad at YOU for giving HIM the virus!
So ehm, who is right here?

By Latok

msx guru (3867)

18-09-2003, 08:50

I think Saeba and I will never agree on this one

By Vincent van Dam

Hero (513)

18-09-2003, 09:24

I made a virus (4br&da) in the mid-90s, but never put it in the wild (that was never the intention also). It acted as a tsr and hooked the bdos. If the open function was being called for a .com file it attached itself to this file. The source code for this virus was online for years, but the server the page was hosted on doesn't seem to exist anymore. I still have the source in my archive, though.

By BiFi

Enlighted (4348)

18-09-2003, 10:10

Apart from spreading itself using the BDOS open function call, what does it do?

By Vincent van Dam

Hero (513)

18-09-2003, 10:43

Every infect increased a generation counter, when this reached a certain value it displayed "Love to Brenda" before the application started. The generation counter wasn't very impressive, so it revealed itself pretty fast (i focussed on the spreading). A friend of mine made a few variations, one of them 'click-clack' turned the motor on and off every few seconds

The engine itself did a encrypt (xor with the r-register) on the virus code itself to make it more difficult to make a signature of the virus. It also substracted the size of the virus if you did a dir, so you wouldn't notice the infected files had increased in size. It used dos-2 and was mainly focussed for infection on hd's. It didn't check if the disk was write protected, and I think it gave an error if the disk was write protected.

We also made some fun .com files which when started also acted as a tsr and did some annoying stuff (this was before I made the virus). Also never spread those, but annoyed eachother with them. The most fun ones were:
- after an open, make the file a system file, so it seems to have disappeared, but you can't create a new file with that name.
- every x seconds, put a backspace in the keyboard buffer.

By cax

Prophet (3737)

18-09-2003, 14:20

In fact, there were at least 2 viruses - one that sits in boot sector and wishes you happy birthday, and another that infects COMs. I remember myself running the infected files in the debugger and cleaning them this way. Indeed, there was XORing with the register R, so I can confirm that I saw this virus in Russia.

By k0ga

Expert (77)

24-09-2003, 11:14

IIRC, there were 2 anti-virus programs for the Zapp virus. One is TCAV (Techno Crew's Anti Virus) and the other I can't remember.
Zapp is quite annoying. I know just last year a spanish MSX user was infected with it, even though it's almost 10 years old!
Keeping infected COMs in LZH/PMA archive and then distributing wil do that to ya

I was this spanish guy was infected. It was very funny because I was programming with compass and I saw the changes and traced it with debugger, but I could not think that was a MSX virus, ainss, programming is very bad for health

By BiFi

Enlighted (4348)

24-09-2003, 11:21

Another way of learning how things are done, not a nice way to do it, but nevertheless quite effective.

By NYYRIKKI

Enlighted (5918)

19-04-2004, 12:31

Eh... I just got ZAPPed!

I tried to run unzapp on my HD and yes, it fixes the problem, but it also makes crosslinked clusters. Is there any GOOD unzapp program available? I could not find TCAV anywhere...