textfiles/virus/DOCUMENTATION/npox.txt

As you will notice, I have submitted, two Stealth Viruses, in this Info-   
Journal. Theses Viruses are the `NuKE PoX' Family. There are 100% my work. 
                                                                           
%NuKE PoX v1.0% This is a .COM Infecting Virus, it will hide in memory,    
~~~~~~~~~~~~~~~ and make your memory smaller by about 1.2k. It will hide   
away from any Memory Mapping Utilities. Thus, DOS or any other program will
not know it is in memory. It will infect a .COM every time it is executed. 
And it appends itself to the end of the COM. And the Seconds field will    
change to 58 seconds, thus marking this file as infected. It will hide     
from the Dos DIR command, and any other FCB method of reading the Directory
Interrupts hooked at Int 21h & Int 9h. And if you Warm Reboot your system  
(CTRL-ALT-DEL) and the Date is the 24th of ANY month, your Drive C: will   
be overwritten. And lossing your FAT. Lastly, this is a Simple Encrypting  
Virus, which will encrypt itself 100 different ways. About 8 bytes are     
contant. This Virus is also known as `Mutating Rocko'                      
                                                                           
%NuKE PoX v1.1% From the SAME frame, I removed the Encyption routine, and  
~~~~~~~~~~~~~~~ made this file Infect .EXEs and .COMs, when they are       
executed. The Directory Stealth is the Same as Version 1.0 also the way    
it goes and hides in Memory is the Same as Version 1.0. However, this file 
WILL NOT Infect (F-PROT, SCAN, CLEAN) Anti-Viral Files, as theses files    
have a type of Checksum within themselves. and Complain when the file is   
bigger in size. Therefore the virus gets to move farther, undetected, also 
this file will Infect COMMAND.COM on the first Executed file. And it will  
make sure COMMAND.COM is always Infected. The Int 9h reboot routine is the 
same. That is rebooting on the 24th of any month. Unfortunately, I Released
ONE copy of the Virus as `Evil Genuis / R.S' and guess which virus they    
found first? Anyhow same Directory Stealth routine is in here.             
                                                                           
%NuKE PoX v2.0% From the Same frame, this virus, will Infect EXEs and COMs 
~~~~~~~~~~~~~~~ and when they are executed, the files will be DIS-INFECTED 
and loaded in Memory DISINFECTED. Therefore on the DISK the file stays     
Infected. though Runs As if it was NOT infected, therefore ANY Checksum or 
CRC-32 checkers checking the FILE, (In memory of course) will notice NO    
Infection. this will also have the Directory stealth with Method #1 + #2.  
It will be released in the next InfoJournal. As Anti-Viral Programs HAVEN'T
picked up, or Noticed this Virus Yet!?!? Perhaps it may be a While? But    
the Sources Codes will be given away to you. Only ONE virus uptodate acts  
like this one, SVC 6.0 though NuKE PoX is half its Size.                   
                                                                           
                        Rock Steady / NuKE                                 
             ``Don't Worry, NuKE PoX WILL Get You!''