![]() Exclusively for the *-zine.
You may remember the time of its Outbreak. It was horrible, unknown and effective. It encrypted your data. It was One_Half. Still on the scene, still in the wild, still in the wild list. Here comes the source. Disclaimer The code presented below is one of the most successuf virus in the history. It can (under some circumstances) destroy your data. If you compile it, its on you what you 'll do with the exacutable file. We don't care. Guilty for any damage is that asshole, who executes it. ![]()
some time has already passed since the great days of One Half epidemy.Nevertheless we still hope that a code of this popular virus inspires you also now. A lot of stuff has been written on the subject, so I tink, not many words are necessary about this little creature any more. And, so, here is the original source of One_Half.3577. ![]()
OneHalf aka Slovak Bomber aka Explosion II is multipartite resident com'n'exe virus. When infected file is executed, OneHalf infects the MBR of the harddisk. The original contens of MBR 'll be stored on track 0, on in the 8th sector, when we count from the last one. MBR 'll be altered and the viral body 'll be placed in last 7 sectors of track 0. Then OneHalf looks for last active DOS partition table (or extended patrition table). Then number of first and last sector of this partition 'll be computed and stored at offset 29h in MBR. Starting from this moment, on every system reboot virus subtract this variable by 2 and encrypts 2 cylinders which are pointed by this variable. This means very slow disk encryption. The encrypted areas on disk are decrypted on demand, but only when virus is memory resident. Attempts to remove virus via clean boot and FDISK /MBR are the best way to lost your data. I just forgot to say, that OneHalf is stealth virus. Onehalf infect files on floppy discs and network drives, but not on the local hard drive. This is very good and effective strategy of spreading. We were told, the virus was in the very beginnig planted in the field on 3 computers in university lab. And look - now it is spread world wide. ![]()
![]()
Press any key to continue... The body contains also string "Did you leave the room ?", related to Explosion virus by the same author. ![]() | . |