Automag
Vlad [3]
February 1995
Today I worked on some features for Antipode: I wanted it to infect a file during a scan by AV software so I added the usual int 21h 3Dh (open) infection. It already infected the files under McAfee's SCAN so I added the 21h 6Ch (extended open) infection and F-PROT became a vector but I was surprised that TBSCAN didn't infect my test files (5 byte .COM just 3 NOPs and an int 20h). I took SoftICE and traced some code and was really surprised as TBSCAN didn't open any file in my directory!