Let's walk through this virus source code, shall we?

[Dustin]

Does not 'cover your end'. You end is exposed like the child you
are--and everybody is laughing at your exposed end Dustin.

Here's another quickie I wrote up for you. It creates a file and dumps a
text string into it. The same string it prints on the screen. The text
file will be 39 bytes in length, named Ray.txt.

segment code

start:
mov ax,data
mov ds,ax
mov ax,stack
mov ss,ax
mov sp,stacktop

mov dx,hello
mov ah,9
int 0x21

mov ah,0x3c
mov cx,0
mov dx,files
int 0x21

mov [filehnd],ax

mov ah,0x40
mov bx, [filehnd]
mov cx,[msglength]
mov dx,hello
int 0x21

mov ah,0x3e
mov bx,filehnd
int 0x21

mov ax,0x4c00
int 0x21

segment data

hello: db 'Hi! Ray How did I get created Today?',13,10,'$'
files db 'ray.txt', 0
filehnd dw 1
msglength dw 38


segment stack stack
resb 64
stacktop:




--
Things look bad from over here. Too much confusion and no solution.
Everyone here knows your fear. Your out of touch and you try too much.
Yesterdays glory will help us today. You wanna retire? Get outta the
way. I ain't got much time. Young ones close behind. I can't wait in
line.

 

[Dustin]

screen. The text file will be 39 bytes in length, named Ray.txt.

38 bytes in length, sorry. [g]

Go ahead, google around for this source code if you think I stole it.

heres the directory dump:

Volume in drive C has no label.
Volume Serial Number is B051-3A91

Directory of C:\PROGRA~1\nasm

08/03/2012 10:36 PM 518 RAY.ASM
3 File(s) 1,036 bytes
0 Dir(s) 24,318,357,504 bytes free

 

[Dustin]

You're too kind (but I don't mind)!

Excellent.

Would you care to provide your opinion on my work below: Basically let
people know if it's bullshit code I came up with out of thin air, or
actually will function as written... [g] And if you don't mind, would
you also confirm my history for Ray and that irok is mine, as well as
this? Thanks. hehe.

segment code

start:
mov ax,data
mov ds,ax
mov ax,stack
mov ss,ax
mov sp,stacktop

mov dx,hello
mov ah,9
int 0x21

mov ah,0x3c
mov cx,0
mov dx,files
int 0x21

mov [filehnd],ax

mov ah,0x40
mov bx, [filehnd]
mov cx,[msglength]
mov dx,hello
int 0x21

mov ah,0x3e
mov bx,filehnd
int 0x21

mov ax,0x4c00
int 0x21

segment data

hello: db 'Hi! Ray How did I get created Today?',13,10,'$'
files db 'ray.txt', 0
filehnd dw 1
msglength dw 38


segment stack stack
resb 64
stacktop:



--
Things look bad from over here. Too much confusion and no solution.
Everyone here knows your fear. Your out of touch and you try too much.
Yesterdays glory will help us today. You wanna retire? Get outta the
way. I ain't got much time. Young ones close behind. I can't wait in
line.

 

[RayLopez99]

:

Would you care to provide your opinion on my work below: Basically let

people know if it's bullshit code I came up with out of thin air, or

actually will function as written... [g]

Yes, it looks fine - apart from the fact there's no error checking,

particularly on the "create file" operation. However, error handling

is often omitted in examples for simplicity so, no biggie.

And if you don't mind, would

you also confirm my history for Ray and that irok is mine, as well as

this? Thanks. hehe.

I'm not sure that what I say will persuade Ray of anything. He seems

not to have read my comments and description of DOS interrupts in the

"hello world" code or has not understood (going by his reply to your

comments on the code). On the other hand, he may not be interested so

much in a dialog with me as trolling you. Anyway, for what it's worth,

you are the former VXer Raid and you wrote Irok. I've no reason to

suspect that you did not write this code example and I'm sure you

understand it.

No I disagree Ant. It's true I troll but I also make substantive points. This person is clearly attention seeking and he has not demonstrated he knows anything about the code they copied and pasted.

I did not respond to your posts because I lost them--using Google as a newsreader--and I cannot easily find anything in a long thread.

I have downloaded an book on assembly and will study it in due time. Right now I'm learning F# just for fun.

Thanks for your insights.

RL

 

[Dustin]

Would you care to provide your opinion on my work below: Basically
let people know if it's bullshit code I came up with out of thin
air, or actually will function as written... [g]

Yes, it looks fine - apart from the fact there's no error checking,
particularly on the "create file" operation. However, error handling
is often omitted in examples for simplicity so, no biggie.

And if you don't mind, would
you also confirm my history for Ray and that irok is mine, as well
as this? Thanks. hehe.

I'm not sure that what I say will persuade Ray of anything. He seems
not to have read my comments and description of DOS interrupts in the
"hello world" code or has not understood (going by his reply to your
comments on the code). On the other hand, he may not be interested so
much in a dialog with me as trolling you. Anyway, for what it's
worth, you are the former VXer Raid and you wrote Irok. I've no
reason to suspect that you did not write this code example and I'm
sure you understand it.

I appreciate you taking the time to do this for me, Ant. Thanks very
much.


--
Things look bad from over here. Too much confusion and no solution.
Everyone here knows your fear. Your out of touch and you try too much.
Yesterdays glory will help us today. You wanna retire? Get outta the
way. I ain't got much time. Young ones close behind. I can't wait in
line.

 

[Dustin]

:

Would you care to provide your opinion on my work below: Basically
let

people know if it's bullshit code I came up with out of thin air,
or

actually will function as written... [g]

Yes, it looks fine - apart from the fact there's no error checking,

particularly on the "create file" operation. However, error handling

is often omitted in examples for simplicity so, no biggie.

And if you don't mind, would

you also confirm my history for Ray and that irok is mine, as well
as

this? Thanks. hehe.

I'm not sure that what I say will persuade Ray of anything. He seems

not to have read my comments and description of DOS interrupts in
the

"hello world" code or has not understood (going by his reply to your

comments on the code). On the other hand, he may not be interested
so

much in a dialog with me as trolling you. Anyway, for what it's
worth,

you are the former VXer Raid and you wrote Irok. I've no reason to

suspect that you did not write this code example and I'm sure you

understand it.

No I disagree Ant. It's true I troll but I also make substantive
points. This person is clearly attention seeking and he has not
demonstrated he knows anything about the code they copied and pasted.

You don't make substantive points. You instead, use reverse psy nonsense
to try and get others to explain things to you. When they do so, you
repay them with "Well, I already knew that; I wanted to see if you did.
Now, ****off, I know more than you." Until your next question, that is.

Based on the questions you did ask about the assembler code I shared
with you, it's obvious you are barely! and I do mean barely qualified as
a programmer. You aren't a coder of any sort. Not even close.

I bet you still think "int" means an integer variable? The ASCII hex
confused was especially funny Ray.

Assembler isn't BASIC. It uses c style pointers to reference memory
addresses. It can instead reference the contents of the memory space
instead of it's address.. If you really were a c coder, you would have
known what was meant by a pointer. It wasn't the contents of variables,
but their memory space.

The ray.asm file I wrote for you to demonstrate a little more than
"Hello world" does both. I invited you to try and tell me what it's
doing.

"I have downloaded an book on assembly and will study it in due time."

This tells me you won't be doing that anytime soon, and you are
completely ****ing lost in both of those samples. I figured something
was up and you were bullshitting when you couldn't make heads or tails
of irok and still can't explain how it works.

You can't explain how a virus can infect a program and that program
still run. It's a mystery to you, even after sharing enough code to give
you the general idea. Without comments, you don't understand the code
huh? You aren't a coder, bro. And seriously, probably not even really a
programmer either.

You're not a good troll, because I already knew how this would turn out
as soon as I again, 0wned your dumbarse in a technical discussion.

I bet you won't soon ask for assembler source to prove something again.
lol. Why bother asking for something you can't read/understand anyway?

Fact is, I'm the only person on this earth to have irok's source code.
That's because I wrote it. [g]

I did not respond to your posts because I lost them--using Google as
a newsreader--and I cannot easily find anything in a long thread.

It's piss easy to find his/my posts with google.

I have downloaded an book on assembly and will study it in due time.
Right now I'm learning F# just for fun.

I thought you had a book on assembly already and was going to check my
work for fraud?

What about that virus book you have Ray? I know atleast 3 of the
function calls I used can be found in the book if it has the history of
DOS viruses.

Have you learned yet how Irok works?

Thanks for your insights.

He's right you know.


--
Things look bad from over here. Too much confusion and no solution.
Everyone here knows your fear. Your out of touch and you try too much.
Yesterdays glory will help us today. You wanna retire? Get outta the
way. I ain't got much time. Young ones close behind. I can't wait in
line.

 

[RayLopez99]

RayLopez99 <[email protected]> wrote in

You don't make substantive points. You instead, use reverse psy nonsense

to try and get others to explain things to you. When they do so, you

repay them with "Well, I already knew that; I wanted to see if you did.

Now, ****off, I know more than you." Until your next question, that is.

Not true in this thread at all. The fact that you had to resort to this lie shows you are trying to set up a strawman argument.

Based on the questions you did ask about the assembler code I shared

with you, it's obvious you are barely! and I do mean barely qualified as

a programmer. You aren't a coder of any sort. Not even close.

Not true at all. I actually demonstrated I do not know much if at all about assembler--I would say I know 1%--and yes I have programmed in Pascal andC, which use pointers. When you say "barely" it shows me again you will resort to twisting the facts. I can code in C# or C++ better than you, but I will admit I don't know assembly at all. The issue is: do you? No amount of flaming will disprove or prove that fact Dustin--you have to show youknow what you are talking about and so far, as I showed, you don't. Perhaps Ant knows that you know how to code in assembly--perhaps--but perhaps also he's assuming things, projecting his skills onto yours. You are a good b.s. artist, that much is true. You may have even cut and paste your commentary from elsewhere. That's why you cannot answer the questions I posted to you, and instead resort to strawman arguments. Answer then if you can about moving pointers into different registers, as I asked. If you dare. You cannot because it was not part of the cut-and-paste commentary that you got online. You are lost if anybody asks a question "out of the blue". Ifnot, then prove me wrong please.

I bet you still think "int" means an integer variable? The ASCII hex

confused was especially funny Ray.

Strawman noted. Like I said.

Assembler isn't BASIC.
Strawman.

It uses c style pointers to reference memory

addresses. It can instead reference the contents of the memory space

instead of it's address.. If you really were a c coder, you would have

known what was meant by a pointer. It wasn't the contents of variables,

but their memory space.

Strawman. I know what a pointer is and dereferencing the same and pointer arithmetic in walking through an array and pointer mistakes too. That's not an issue here and you should know it. If you don't, you're a bullshitter..

The ray.asm file I wrote for you to demonstrate a little more than

"Hello world" does both. I invited you to try and tell me what it's

doing.

No. That was NOT the exercise. Once again you are twisting the facts. The exercise was for YOU, not me, to demonstrate what you know about the program. I already told you I don't know assembly--that's why I'm asking you. But you are showing me and the world you don't know either. Kiddle scripter, just as I thought.

"I have downloaded an book on assembly and will study it in due time."



This tells me you won't be doing that anytime soon, and you are

completely ****ing lost in both of those samples.

No. I am busy with my real work. And I got other things to do. And to beblunt you've not walked me though an Hello World program to wet my appetite. You've not shown me why assembly coding is fun. That's because you don't know how to code yourself. Probably, as I mentioned before, you enjoy the 'flaming' more than the programming--typical of non-technical types.

I figured something

was up and you were bullshitting when you couldn't make heads or tails

of irok and still can't explain how it works.

Again, not my job, but YOURS. And you've failed.

You can't explain how a virus can infect a program and that program

still run. It's a mystery to you, even after sharing enough code to give

you the general idea.

? WTF? Hello World in assembly tells me how to infect a program? We're not even close to explaining how to infect a program.

Without comments, you don't understand the code

huh? You aren't a coder, bro. And seriously, probably not even really a

programmer either.

Again, not my job, yours. Strawman noted.

You're not a good troll, because I already knew how this would turn out

as soon as I again, 0wned your dumbarse in a technical discussion.

You mean 'teknikal' eh hick?

Fact is, I'm the only person on this earth to have irok's source code.

That's because I wrote it. [g]

Nobody is grinning but you. Rest of us are laughing at you, not with you.

{rest of Dustin's boring rant deleted}

RL

 

[Dustin]

Not true in this thread at all. The fact that you had to resort to
this lie shows you are trying to set up a strawman argument.

Completely true. You asked for proof of irok, I provided snippits of
source code that hasn't seen the light of day in nearly 13 years. You
claimed I stole it. I asked you to find it on google. You were unable to
do so.

You danced around the fact that I'm the only one with it's source code
and thus, it's author. You *still* have no idea how it works.

You belittled me and then demanded I post a hello world. I did so. You
went thru it asking silly questions. I went a step further and posted a
program that does a couple of things, purely in assembler.

You tried to BS and say I stole it too.

I had an independent person vouch for the assembler code I posted, my
understanding of said code, AND!! My background concerning who I am and
my virus known as irok.

Not true at all. I actually demonstrated I do not know much if at
all about assembler--I would say I know 1%--and yes I have programmed
in Pascal and C, which use pointers. When you say "barely" it shows

Why did you have to ask me what the assembler source is doing, if you
understand pointers? The irok source is also using pointers, Ray!

me again you will resort to twisting the facts. I can code in C# or
C++ better than you, but I will admit I don't know assembly at all.

Are you sure you can program (you can't code for shit) in either of
those languages better than me? You already ****ed up in the assembler
challenge. Assembler is much harder than c++, Ray.

The issue is: do you? No amount of flaming will disprove or prove
that fact Dustin--you have to show you know what you are talking
about and so far, as I showed, you don't. Perhaps Ant knows that you

Incorrect. I have provided source code to two programs in pure
assembler, two programs in asic which also deal in low level assembler
calls. One being partial virus.

You have shown that you haven't got the foggiest idea what those
assembler commands are doing. int isn't an integer NOR is it a variable.
You've already stated you have an assembler book, but can't be arsed to
even open it right now.

know how to code in assembly--perhaps--but perhaps also he's assuming
things, projecting his skills onto yours. You are a good b.s.

Ant is a talented coder. He's not projecting his skills onto mine.
Neither of us are bsing you here.

artist, that much is true. You may have even cut and paste your
commentary from elsewhere. That's why you cannot answer the

I didn't cut/paste any source or commentary from anywhere. I wrote it up
here in front of this computer, It's my work.

part of the cut-and-paste commentary that you got online. You are
lost if anybody asks a question "out of the blue". If not, then
prove me wrong please.

I'm not lost. I'm intentionally not very helpful to some of you.

Strawman noted. Like I said.

Bullshit. I commented my code for you, you tried to belittle me and
"correct" it. Int isn't an integer. It's interrupt!

Strawman.

Bullshit, again.

Strawman. I know what a pointer is and dereferencing the same and
pointer arithmetic in walking through an array and pointer mistakes
too. That's not an issue here and you should know it. If you don't,
you're a bullshitter.

Not a strawman, quite on point actually. You again, attempted to correct
my code without understanding what was going on. I'd suggest you google
for the definition of strawman.

No. That was NOT the exercise. Once again you are twisting the
facts. The exercise was for YOU, not me, to demonstrate what you
know about the program. I already told you I don't know
assembly--that's why I'm asking you. But you are showing me and the
world you don't know either. Kiddle scripter, just as I thought.

I just wrote a program you can't find online, described exactly what it
does, and had another person verify the code. What more can I give you?
I commented the first program and you tried to teach me about assembler
in a smug fashion. Claiming I was nuts and the code was a mess. It isn't
and i'm not.

I even went further, I wrote another program for you that makes a few
more interrupt calls, creating a file and writing a line of text into
it. It's more advanced than what you requested; and I wrote it. That
proves I know what i'm doing.

You claimed my source file must be bullshit because idiot savant Morgan
couldn't make it work in debug. I explained it's built as an .exe, Ant
agreed with me!

Ant knows assembler very well Ray. I have no doubt he can put my asm
skills to shame.

No. I am busy with my real work. And I got other things to do. And
to be blunt you've not walked me though an Hello World program to wet
my appetite. You've not shown me why assembly coding is fun. That's
because you don't know how to code yourself. Probably, as I
mentioned before, you enjoy the 'flaming' more than the
programming--typical of non-technical types.

Ray, I'm hardly what you'd call a non technical person. I tried to walk
you thru a simple hello world program, but as usual; you got hostile.
I'm not normally in the habit of coddling supposed, coders. Oh, I'm
sorry, ehh, programmers.

You didn't ask me to show you why assembler coding is fun. I never said
it was. Only that I know the language, and you didn't think I did.. so
you invited me to post proof. I've more than posted enough now.

Again, not my job, but YOURS. And you've failed.

I haven't failed at anything I've set out to accomplish. You aren't able
to analyze the code i've provided because your programming skills are
sub par. When I began to explain what was going on in my code, you
berated me; That wasn't too bright if you expect me to explain how any
of it works.

? WTF? Hello World in assembly tells me how to infect a program?
We're not even close to explaining how to infect a program.

I won't post you assembler code to infect anything either.

Again, not my job, yours. Strawman noted.

If you call yourself a programmer, it certainly is your job to be able
to read others code; sometimes without the benefit of comments.

A coder would be laughed out of the room if he requested, "comment every
line of asic and this assembler program. I'm clueless here."

You mean 'teknikal' eh hick?

Assembler coding "hick". Ray ;p

Nobody is grinning but you. Rest of us are laughing at you, not with
you.

Rest of who Ray?


OK, but are you saying the hex code 0x4c00 has some significance?
Not clear if it does but that seems to be your assumption. Again,
not demonstrating you can explain anything, even if you know what you
are doing (which I doubt).

No. Again, you show your incompetence. What I think this is doing
is moving the ASCII text 'hello' into register dx, which perhaps can
accept a string. Not clear though. Perhaps 'hello' is a variable?
Not clear. it is not doing what you claim it is. I'll say this:
even if you can code in assembly--and you've not shown me you
can--you are a lousy teacher.

WTF you talking about? Did you call a variable 'stack' and defining
a stack segment by that name? Not very smart of you, like calling an
'int' variable 'int'. In any event you are not explaining this line
at all.

As I expected tho, You aren't able to show any respect and just want to
be coddled. I don't be thinking so.

Keep reading those rainbow password kiddie script tables and happy
"hacking" of the kind you seem to enjoy, bad little boy.

Based on your comments above regarding my ASSEMBLER program, It's clear
you're the script kiddy here. [g]

People are laughing Ray, but I doubt it's with you. [g]

Don't challenge people to do things you can't handle or understand. You
just look more like the idiot troll you are (You're probably some repair
technician who charges good money for the information we provide you).
You come up with all sorts of issues. Too many to be happening on your
personal shit.


--
Things look bad from over here. Too much confusion and no solution.
Everyone here knows your fear. Your out of touch and you try too much.
Yesterdays glory will help us today. You wanna retire? Get outta the
way. I ain't got much time. Young ones close behind. I can't wait in
line.



--
Things look bad from over here. Too much confusion and no solution.
Everyone here knows your fear. Your out of touch and you try too much.
Yesterdays glory will help us today. You wanna retire? Get outta the
way. I ain't got much time. Young ones close behind. I can't wait in
line.

 

[Hot-Text]

irok.exe was a Email attachment executed in Newsgroups: alt.politics.scorched-earth
In a Iframe Link to: AnnExCafe
That was posted by ~BD~ and you,

< http://service1.symantec.com/sarc/sarc.nsf/html/Irok.Trojan.Worm.html >

Now UT know that irok.exe is virus that act like a trojan,
By the time you remove all Irok look like a Trojan files and from reg-keys,
it have raided write it self in NetWork Software,
and all anti-virus Software,
Plus all backup Files,
it is a bad M-F..

A Trojan-Virus
and yes it not a Trojan,
but a Virus that at like like Trojan,
to give time for the Virus to write it self,
into all the NetWork & anti-virus backup Files.

"Irok" Number One Target is backup Files...

 

[Hot-Text]

Does not 'cover your end'. You end is exposed like the child you
are--and everybody is laughing at your exposed end Dustin.

Here's another quickie I wrote up for you. It creates a file and dumps a
text string into it. The same string it prints on the screen. The text
file will be 39 bytes in length, named Ray.txt.

segment code

start:
mov ax,data
mov ds,ax
mov ax,stack
mov ss,ax
mov sp,stacktop

mov dx,hello
mov ah,9
int 0x21

mov ah,0x3c
mov cx,0
mov dx,files
int 0x21

mov [filehnd],ax

mov ah,0x40
mov bx, [filehnd]
mov cx,[msglength]
mov dx,hello
int 0x21

mov ah,0x3e
mov bx,filehnd
int 0x21

mov ax,0x4c00
int 0x21

segment data

hello: db 'Hi! Ray How did I get created Today?',13,10,'$'
files db 'ray.txt', 0
filehnd dw 1
msglength dw 38


segment stack stack
resb 64
stacktop:

procedure ENDDRAG(DROP:BOOLEAN)
function GETTEXTBUF(BUFFERCHAR;BUFSIZE:INTEGER):INTEGER
function GETTEXTLEN:INTEGE
procedure SETTEXTBUF(BUFFERCHAR)
function PERFORM(MSG:CARDINAL;WPARAM,LPARAM:LONGINT):LONGINT
function SCREENTOCLIENT(POINT:TPOINT):TPOINT

TControl
TWINCONTROL
TWinControl
Parent
Longint
Handle
Boolean
Showing
Integer
TabOrder
TabStop

function CANFOCUS:BOOLEAN
function FOCUSED:BOOLEAN
TCONTROL INTEGER
CONTROLS
INTEGER
CONTROLCOUNT

function HandleAllocated: Boolean;
procedure HandleNeeded;
procedure EnableAlign;
procedure RemoveControl(AControl: TControl);
procedure InsertControl(AControl: TControl);
procedure Realign;
procedure ScaleBy(M, D: Integer);
procedure ScrollBy(DeltaX, DeltaY: Integer);
procedure SetFocus; virtual
procedure PAINTTO(DC:Longint;X,Y:INTEGER)
function CONTAINSCONTROL(CONTROL:TCONTROL):BOOLEAN
procedure DISABLEALIGN
procedure UPDATECONTROLSTATE
TBRUSH
BRUSH
LONGINT

HELPCONTEXT S
TControl
TGRAPHICCONTROL S
TWinControl

 

[Dustin]

irok.exe was a Email attachment executed in Newsgroups:
alt.politics.scorched-earth In a Iframe Link to: AnnExCafe
That was posted by ~BD~ and you,

It's never been posted functional to any newsgroups.

BD doesn't have a viable binary. I never posted one either.

Now UT know that irok.exe is virus that act like a trojan,
By the time you remove all Irok look like a Trojan files and from
reg-keys, it have raided write it self in NetWork Software,
and all anti-virus Software,

Irok doesn't leave behind registry keys; it makes no use of your system
registry. It doesn't leave behind "trojan" files either.

It does like some antivirus software. yes.

Plus all backup Files,
it is a bad M-F..

It's interested in replication... So, it's open for most any executable.

A Trojan-Virus

No such thing. It's bad marketing. It has no technical meaning.

and yes it not a Trojan,

I know it' s not a trojan.

but a Virus that at like like Trojan,

Hmm... It does claim to be something else, yes. [g]

I didn't go overboard with system/app specific exploits and try to
autoexecute the file attachment. Instead, I went for stability and
relied on the user to run me.

In order to do that, I had to socially engineer the user. So, Irok
claims to be a startrek screen saver; and if you execute it in worm
mode, it actually does have a side ways moving star scroller it'll show
you until you press a key. The worm copy will always do that and try to
hide it's viral intentions.

The idea is you'll like it and pass it to more of your friends in the
event irok isn't compatable with your email client. This turned out to
be exactly what happened, so.. the theory worked.

to give time for the Virus to write it self,
into all the NetWork & anti-virus backup Files.

Hmm. No. Irok doesn't need much time. her file i/o routines are just as
quick as BugHunters. It doesn't target network/AV right off the bat. It
tries to establish it's presence within the system by infecting local
exe/com files it finds in current directory, working it's way back to
root as well as whatever folders are listed in your path environment
variable. This practically ensures Irok has your CLI programs, and
you'll continue to spread the virus when you use any of them from
console.

Irok took alot of time to develop. It's a completely self contained
program.

"Irok" Number One Target is backup Files...

No, it's not.



--
Things look bad from over here. Too much confusion and no solution.
Everyone here knows your fear. Your out of touch and you try too much.
Yesterdays glory will help us today. You wanna retire? Get outta the
way. I ain't got much time. Young ones close behind. I can't wait in
line.

 

[Dustin]

Does not 'cover your end'. You end is exposed like the child you
are--and everybody is laughing at your exposed end Dustin.

Here's another quickie I wrote up for you. It creates a file and
dumps a text string into it. The same string it prints on the
screen. The text file will be 39 bytes in length, named Ray.txt.

segment code

start:
mov ax,data
mov ds,ax
mov ax,stack
mov ss,ax
mov sp,stacktop

mov dx,hello
mov ah,9
int 0x21

mov ah,0x3c
mov cx,0
mov dx,files
int 0x21

mov [filehnd],ax

mov ah,0x40
mov bx, [filehnd]
mov cx,[msglength]
mov dx,hello
int 0x21

mov ah,0x3e
mov bx,filehnd
int 0x21

mov ax,0x4c00
int 0x21

segment data

hello: db 'Hi! Ray How did I get created Today?',13,10,'$'
files db 'ray.txt', 0
filehnd dw 1
msglength dw 38


segment stack stack
resb 64
stacktop:

<snip garbage>

You could have just said you didn't know.

I told you and Ray from the getgo, You're both way out of your leagues
with me on these subjects.



--
Things look bad from over here. Too much confusion and no solution.
Everyone here knows your fear. Your out of touch and you try too much.
Yesterdays glory will help us today. You wanna retire? Get outta the
way. I ain't got much time. Young ones close behind. I can't wait in
line.

 

[Hot-Text]

It's never been posted functional to any newsgroups.

BD doesn't have a viable binary. I never posted one either.

I did not say it was you or ~BD~,
I said it was at AnnExCafe in a Iframe on webpage..

Irok doesn't leave behind registry keys; it makes no use of your system
registry. It doesn't leave behind "trojan" files either.

Irok maybe not be yours or someone may add to it....

It does like some antivirus software. yes.

It target
"Microsoft Security Essentials"
"Norton AntiVirus 2012"
"malwarebytes"

But with malwarebytes it play a Game with and stop update,
with Norton it kill,
with MSE it stop Scan and update

It's interested in replication... So, it's open for most any executable.

True


No such thing. It's bad marketing. It has no technical meaning.

True but we not talking marketing or a technical meaning.

and yes it not a Trojan,

I know it' s not a trojan.

but a Virus that at like like Trojan,

Hmm... It does claim to be something else, yes. [g]

True and it is plus doing something new.....

I didn't go overboard with system/app specific exploits and try to
autoexecute the file attachment. Instead, I went for stability and
relied on the user to run me.

Understand But it is under the name Irok
and a new Irok that see doing a reg-keys..
so if you did play a Game with malwarebytes,

Someone add to the Virus to make it look like a Trojan

In order to do that, I had to socially engineer the user. So, Irok
claims to be a startrek screen saver; and if you execute it in worm
mode, it actually does have a side ways moving star scroller it'll show
you until you press a key. The worm copy will always do that and try to
hide it's viral intentions.

Now it have no claims ..

The idea is you'll like it and pass it to more of your friends in the
event irok isn't compatable with your email client. This turned out to
be exactly what happened, so.. the theory worked.


Hmm. No. Irok doesn't need much time. her file i/o routines are just as
quick as BugHunters. It doesn't target network/AV right off the bat. It
tries to establish it's presence within the system by infecting local
exe/com files it finds in current directory, working it's way back to
root as well as whatever folders are listed in your path environment
variable. This practically ensures Irok has your CLI programs, and
you'll continue to spread the virus when you use any of them from
console.

Irok took alot of time to develop. It's a completely self contained
program.


No, it's not.

yes It did a year a go,
I do not have it and gave the HDD to UT..
the link to it was at:
analytics.annexcafe.org

 

[Hot-Text]

Does not 'cover your end'. You end is exposed like the child you
are--and everybody is laughing at your exposed end Dustin.

Here's another quickie I wrote up for you. It creates a file and
dumps a text string into it. The same string it prints on the
screen. The text file will be 39 bytes in length, named Ray.txt.

segment code

start:
mov ax,data
mov ds,ax
mov ax,stack
mov ss,ax
mov sp,stacktop

mov dx,hello
mov ah,9
int 0x21

mov ah,0x3c
mov cx,0
mov dx,files
int 0x21

mov [filehnd],ax

mov ah,0x40
mov bx, [filehnd]
mov cx,[msglength]
mov dx,hello
int 0x21

mov ah,0x3e
mov bx,filehnd
int 0x21

mov ax,0x4c00
int 0x21

segment data

hello: db 'Hi! Ray How did I get created Today?',13,10,'$'
files db 'ray.txt', 0
filehnd dw 1
msglength dw 38


segment stack stack
resb 64
stacktop:

<snip garbage>

You could have just said you didn't know.

I told you and Ray from the getgo, You're both way out of your leagues
with me on these subjects.

I see mov ax,0x4c00 as a

cf64CommonFilesdirectory64bit1
groupThepathtotheprogramgroup1
+sendtoThepathtothecurrentusersSendTofolder1

Maybe You and Ray,
both out of Pascol Scripting leagues,
you can InnoIDE that Dustin..

%userappdataThepathtothedesktopfilder1
0commonappdataThepathtotheApplicationsDatafolder1
%userdesktopThepathtothedesktopfolder1
'commondesktopThepathtothedesktopfolder1
&userdocsThepathtotheMyDocumentsfolder1
(commondocsThepathtotheMyDocumentsfolder1


garbage is just your little micro...

 

[Dustin]

I did not say it was you or ~BD~,
I said it was at AnnExCafe in a Iframe on webpage..

Nope. it's not. Irok doesn't do html.

Irok maybe not be yours or someone may add to it....

Irok is mine, and nobodies added anything to it. It's source was never
shared.

It target
"Microsoft Security Essentials"
"Norton AntiVirus 2012"
"malwarebytes"

Umm, no actually it doesn't specifically target those apps. They didn't
exist when Irok was written. Except Norton.. it existed, but that
version certainly didn't.

But with malwarebytes it play a Game with and stop update,

Hmm... I don't see why it would. Irok doesn't diddle networking
components. And it's not aware of malwarebytes or it's software..

with Norton it kill,

Yes. If it's still able to do so, Norton hasn't updated some very old
code.

with MSE it stop Scan and update

It doesn't know MSE.

True but we not talking marketing or a technical meaning.

I'm speaking of technical, so we're clear.

True and it is plus doing something new.....

No, it's not.

Understand But it is under the name Irok
and a new Irok that see doing a reg-keys..

There is no new irok doing reg keys...

so if you did play a Game with malwarebytes,

I did not.

Someone add to the Virus to make it look like a Trojan

Not possible. I'm the only asic virus coder. Irok source was never
released to vx or av. Nobody can add/take away or modify much without
the source code. It's possible to tinker in asm, but would be a huge
waste of time do to it purely in asm.

Now it have no claims ..
Huh?

yes It did a year a go,

No, it didn't.

I do not have it and gave the HDD to UT..
the link to it was at:
analytics.annexcafe.org

You don't have an irok binary. Quit bsing.


--
Things look bad from over here. Too much confusion and no solution.
Everyone here knows your fear. Your out of touch and you try too much.
Yesterdays glory will help us today. You wanna retire? Get outta the
way. I ain't got much time. Young ones close behind. I can't wait in
line.

 

[Dustin]

Does not 'cover your end'. You end is exposed like the child you
are--and everybody is laughing at your exposed end Dustin.

Here's another quickie I wrote up for you. It creates a file and
dumps a text string into it. The same string it prints on the
screen. The text file will be 39 bytes in length, named Ray.txt.

segment code

start:
mov ax,data
mov ds,ax
mov ax,stack
mov ss,ax
mov sp,stacktop

mov dx,hello
mov ah,9
int 0x21

mov ah,0x3c
mov cx,0
mov dx,files
int 0x21

mov [filehnd],ax

mov ah,0x40
mov bx, [filehnd]
mov cx,[msglength]
mov dx,hello
int 0x21

mov ah,0x3e
mov bx,filehnd
int 0x21

mov ax,0x4c00
int 0x21

segment data

hello: db 'Hi! Ray How did I get created Today?',13,10,'$'
files db 'ray.txt', 0
filehnd dw 1
msglength dw 38


segment stack stack
resb 64
stacktop:

<snip garbage>

You could have just said you didn't know.

I told you and Ray from the getgo, You're both way out of your
leagues with me on these subjects.

I see mov ax,0x4c00 as a

cf64CommonFilesdirectory64bit1
groupThepathtotheprogramgroup1
+sendtoThepathtothecurrentusersSendTofolder1
Maybe You and Ray,
both out of Pascol Scripting leagues,
you can InnoIDE that Dustin..

Again, you're an idiot. mov ax,0x4c00 is the dos function for exit
program. I call it via interrupt 21 "int 21". Combined, it's the equ of
end in BASIC.

This has nothing whatsoever to do with the code I posted.

garbage is just your little micro...

Language barrier issue aside, you really are an idiot. Why? You're
posing as someone you aren't. IE: programmer.




--
Things look bad from over here. Too much confusion and no solution.
Everyone here knows your fear. Your out of touch and you try too much.
Yesterdays glory will help us today. You wanna retire? Get outta the
way. I ain't got much time. Young ones close behind. I can't wait in
line.

 

[Hot-Text]

Nope. it's not. Irok doesn't do html.


Irok is mine, and nobodies added anything to it. It's source was never
shared.


Umm, no actually it doesn't specifically target those apps. They didn't
exist when Irok was written. Except Norton.. it existed, but that
version certainly didn't.


Hmm... I don't see why it would. Irok doesn't diddle networking
components. And it's not aware of malwarebytes or it's software..


Yes. If it's still able to do so, Norton hasn't updated some very old
code.


It doesn't know MSE.


I'm speaking of technical, so we're clear.


No, it's not.


There is no new irok doing reg keys...


I did not.


Not possible. I'm the only asic virus coder. Irok source was never
released to vx or av. Nobody can add/take away or modify much without
the source code. It's possible to tinker in asm, but would be a huge
waste of time do to it purely in asm.

See how Google add the text
irok.exe to < hxxp://testmyfirewall.c-m/irokexe.asp >
For testmyfirewall pay Google good for that too.......

Look like irok.exe is being use as pay text ads for Search Engine..
trying to for spelling check..

No, it didn't.


You don't have an irok binary. Quit bsing.

No irok binary,
by the time I saw Irok.exe it was a empty shell,
at 0-bits..

But I my have the wrong spelling too,
iror.exe

Mmm I may owed you one
I'll be dam..............

 

[Dustin]

See how Google add the text
irok.exe to < hxxp://testmyfirewall.c-m/irokexe.asp >
For testmyfirewall pay Google good for that too.......

That's because irok.exe is in worm mode. They don't understand that it
doesnt make port calls itself tho. So the firewall better handle
filename based attachments. [g]

Look like irok.exe is being use as pay text ads for Search Engine..
trying to for spelling check..

Probably not. it's an algorithm you're seeing.

No irok binary,
by the time I saw Irok.exe it was a empty shell,
at 0-bits..

You've never seen irok, either in full source or binary fashion.

But I my have the wrong spelling too,
iror.exe

Mmm I may owed you one
I'll be dam..............

Like I said...


--
Things look bad from over here. Too much confusion and no solution.
Everyone here knows your fear. Your out of touch and you try too much.
Yesterdays glory will help us today. You wanna retire? Get outta the
way. I ain't got much time. Young ones close behind. I can't wait in
line.

 

[Hot-Text]

Does not 'cover your end'. You end is exposed like the child you
are--and everybody is laughing at your exposed end Dustin.

Here's another quickie I wrote up for you. It creates a file and
dumps a text string into it. The same string it prints on the
screen. The text file will be 39 bytes in length, named Ray.txt.

segment code

start:
mov ax,data
mov ds,ax
mov ax,stack
mov ss,ax
mov sp,stacktop

mov dx,hello
mov ah,9
int 0x21

mov ah,0x3c
mov cx,0
mov dx,files
int 0x21

mov [filehnd],ax

mov ah,0x40
mov bx, [filehnd]
mov cx,[msglength]
mov dx,hello
int 0x21

mov ah,0x3e
mov bx,filehnd
int 0x21

mov ax,0x4c00
int 0x21

segment data

hello: db 'Hi! Ray How did I get created Today?',13,10,'$'
files db 'ray.txt', 0
filehnd dw 1
msglength dw 38


segment stack stack
resb 64
stacktop:



<snip garbage>

You could have just said you didn't know.

I told you and Ray from the getgo, You're both way out of your
leagues with me on these subjects.

I see mov ax,0x4c00 as a

cf64CommonFilesdirectory64bit1
groupThepathtotheprogramgroup1
+sendtoThepathtothecurrentusersSendTofolder1
Maybe You and Ray,
both out of Pascol Scripting leagues,
you can InnoIDE that Dustin..

Again, you're an idiot. mov ax,0x4c00 is the dos function for exit
program. I call it via interrupt 21 "int 21". Combined, it's the equ of
end in BASIC.

This has nothing whatsoever to do with the code I posted.

garbage is just your little micro...

Language barrier issue aside, you really are an idiot. Why? You're
posing as someone you aren't. IE: programmer.

Yeah, I'm a computer programmer.
I write computer programs.
Constantly.

For AX is not a DOS only Function,
and a minimal Basic interpreter..

As for MDC-IE: Plug-In programming,
I have not post one at no time,

For the Pascol Script above,
was not in the right Format in the first place..

But it may take 5 to 6 years to get ray,
to a high-level languages in a newsgroups..