messkill killer.doc

credits:

coded by coolorado/corpse

how the killer works:

first of all i must let you know that it was quite difficult for me to 
code this viruskiller because this virus was (hehehe!) a strange son of
a bitch! ok i don't want you to get bored because of listening to my 
personal experiences but let me just tell you how the virus works:
the virus spread in a file called messkill.lha which in the file id 
seemed to be a viruskiller with the ability remove the so 
called 'messangel' virus which within my knowledge doesn't exist at all!
however, when i tried to run the file messangelkiller.exe that was
included in the archieve messkill.lha the program told me that it was
checking my startup-sequence. yeahhh! great i thought, now it will
remove the virus that it pretended to have found! but eat my balls, 
instead it installed a file called b onto sys: and then also prepared 
it to be executed from the top of the startup-sequence. the program then
made a reset on my command (there was no other option) to remove the 
virus from memory with a reset. and so it did! my computer booted up 
normally until i watched it do another reset almost immediately when 
trying to procede with the startup-sequence. strange! well, it booted up
again but this time with no reset! everything seemed to be alright until
when i later checked the contents of my hd. there it was, the file b.
hmm, i checked it up and began to think about possibilities of a virus
infection. i checked my startup-sequence which now was much bigger than
before and found that the file b was called from it! so, what the fuck, i
deleted the file b and removed it from my startup-sequence and rebooted
my computer. yeaaah, there came an error requester! hmm, i rebooted 
holding down both buttons and made the computer boot without startup.
now it worked. i checked the file that had flipped out but couldn't find
anything special execept that it had been saved today!! now i was almost
sure that i was suffering from a virus, so i began to investigate other
files on my hd and found that quite many files had been saved today!!
now i will not tell you in detail how i managed to discover the function
of the infected files etc etc because then i could write a book!! but,
the main idea is that the file b was the mother of all other infected 
files. then when you removed the b file the other files fucked up!
what the motherfile did was that it infected the files by searching for
a jsr -$228(a6) instruction which is used to open a library. almost every
file does this! then it replaced it with it's own instruction which 
was jsr -$1400(a6) and saved the file! now, if the motherfile wasn't in
memory, then the latest mentioned instuction would not work because the
computer wouldn't find anything at -$1400(a6), but if the motherfile was
in memory then it would find the old jmp -$228(a6) instruction at -$1400(a6)
and the computer would continue it's work! smart but not enough!! 
what my repair program does is that it runs parts of the virus but wice versa!
if it finds a jsr -$1400(a6) instruction then it will replace it with its
original instruction (jsr -$228(a6)). now, since i'm not a master in 
programming and time was running away (who want's the killer at christmas
time?)
i released this version (0.9) so that you at least can repair your most
important programs. i give no guarantees that it will repair all you files
because as i said before, i can't make such a program because of a simple
but annoying guru in my first source code (never released!).
ok, instruction for how to use the killer for best result:

put this in your startup-sequence:
run repair.exe

now you will see a window at the upper right side of you screen which 
indicates which files have been tested and (perhaps!) also repaired.
observe that the killer doesn't check all files that are being executed.
when your startup-sequence has done all it's supposed to do, then run
as many of your programs as you can. almost every file (libs/#? etc etc)
that is related to the program you run will be tested and repaired if 
infected. when you think that you have tested the most probably infected
files then you can remove the killer from your startup-sequence and try
to run your startup without it! if everything now works fine=no gurus then
the repair was successful. otherwize the computer will (like before) flip
out on some files. but don't give up! then follow step ii:

step ii:

boot your computer with no startup-sequence
type 'run repair.exe' at the promt
now, if your startup-sequence for example fucked up when trying to load 
the file c/viruschecker then (*this is important*) enter the filename
including all its paths. in this case i would type:
dh0:c/viruschecker
this is so that the killer finds the file!! now you can be 99% sure that 
the file has been repaired (if infected), otherwize mail me a bomb!!!

i think that's all, but if you find any bugs or want some personal help
from me then you're welcome to visit me at any corpse dist site!
signed....coolorado/corpse

personal greetings from me to:
orgasmatron/x-trade - dixy/disorder - pain/indep - mr.coke (know me?)
warhammer/afl - duffy/spoon - all corpse members - all x-trade's
and everyone who deserves it!!!

_/\____/\_____/\_____/\______/\____/\____
\· .____  .  |   __·\   __·\· __/· _____/   
/  |   |  l  |  |   /   ___/___ \  ____/ 
\______|_____|__:___)___|________)____/pd!  
-------------------------------------------
             proudly present
          messkill repair v0.9 !

 this utility repairs almost all files on 
 your hd that might have been damaged by
 the virus spread in the file messkill.lha!
         coded by coolorado/crp
-------------------------------------------