The only authentic One_Half source code.
Exclusively for the *-zine.

    Editorial
    You may remember the time of its Outbreak. It was horrible, unknown and effective. It encrypted your data. It was One_Half. Still on the scene, still in the wild, still in the wild list. Here comes the source.

    Disclaimer
    The code presented below is one of the most successuf virus in the history. It can (under some circumstances) destroy your data. If you compile it, its on you what you 'll do with the exacutable file. We don't care. Guilty for any damage is that asshole, who executes it.


    Dear friends
    some time has already passed since the great days of One Half epidemy.Nevertheless we still hope that a code of this popular virus inspires you also now. A lot of stuff has been written on the subject, so I tink, not many words are necessary about this little creature any more. And, so, here is the original source of One_Half.3577.

          Vyvojar



    OneHalf.3544
    OneHalf aka Slovak Bomber aka Explosion II is multipartite resident com'n'exe virus. When infected file is executed, OneHalf infects the MBR of the harddisk. The original contens of MBR 'll be stored on track 0, on in the 8th sector, when we count from the last one. MBR 'll be altered and the viral body 'll be placed in last 7 sectors of track 0. Then OneHalf looks for last active DOS partition table (or extended patrition table). Then number of first and last sector of this partition 'll be computed and stored at offset 29h in MBR. Starting from this moment, on every system reboot virus subtract this variable by 2 and encrypts 2 cylinders which are pointed by this variable. This means very slow disk encryption. The encrypted areas on disk are decrypted on demand, but only when virus is memory resident. Attempts to remove virus via clean boot and FDISK /MBR are the best way to lost your data. I just forgot to say, that OneHalf is stealth virus. Onehalf infect files on floppy discs and network drives, but not on the local hard drive. This is very good and effective strategy of spreading. We were told, the virus was in the very beginnig planted in the field on 3 computers in university lab. And look - now it is spread world wide.


    In the infected file, the virus decryptor is divided into 10 parts, which are spread across whole the infected file. These parts are connected together by 2 types of jumps and of course, there are here some garbage instruction, randomly choosed from 10 possibles.


    When one half of the disk is encrypted, virus, depending on the system date and generation prints to the screen following message:

        Dis is one half.
        Press any key to continue...

    The body contains also string "Did you leave the room ?", related to Explosion virus by the same author.

    Download here   



.