06 Oct 89
From:   Samson Luk
To:     All
Subj:   To Remove the Marijuana (Stoned) Virus from HD

------------------------------------------------
Below is an easy way to be followed step-by-step instructions for removing
the Marijuana Virus from an infected hard disk without taking the time to:

    a) wipe the disk clean by over-writing all files with zeros and ones,
    b) reformat the hard disk and
    c) then reload the hard disk from back-ups.

  The following instructions was provided by Bill Kenny of Digital Dispatch
  Incorporated, producers of the anti-virus product, Data Physician:

  First of all you need to verify that the version of the Marijuana virus
  that you are infected with is the same as the one that was used to write
  these instructions. I (Bill Kenny) have only seen one version, but that
  does not mean that other do not exist!

  This virus can be removed using DEBUG, a program that comes with DOS.
  1) Go into DEBUG and type in the following (do not type the comments -
     the ";" and copy that follows):

    R IP               ;set the IP register
    100                ;the command prompt will be a ':', not a '-'
    A 100              ;this command starts the Assembler. The prompt for
    MOV DX,80          ;these lines will be xxxx:01xx, where the x's stand
    MOV CX,1           ;for some hex digit.
    MOV BX,200
    MOV AX,201
    INT 13
                       ;press "Return" on a blank line to exit the Assembler
    G 10E              ;execute the above program. Upon return , the end of
                       ;the 2nd line (the first starts with AX=) should be
                       ;NC. If the end is CY, you have a problem and cannot
                       ;continue.
    D 38A 39F          ;dump some memory. The right-hand side of the screen
                       ;should show "Your PC is now Stoned!"
    D 3A5 3B7          ;more memory. This should say "LEGALISE MARIJUANA!"
    U 200 201          ;show the first instruction. This should be
                       ;JMP 7C00:0005
    U 2E4 302          ;Some more code. THIS IS AN IMPORTANT SECTION!

  2) The previous Unassemble command in step 1 above should have produced the
     following code:

    xxxx:02E4 B80000     MOV AX,0000
    xxxx:02E7 CD13       INT 13
    xxxx:02E9 33C0       XOR AX,AX
    xxxx:02EB 8EC0       MOV ES,AX
    xxxx:02ED B80102     MOV AX,0201
    xxxx:02F0 BB007C     MOV BX,7C00
    xxxx:02F3 2E         CS:
    xxxx:02F4 803E080000 CMP BYTE PTR [0008],00
    xxxx:02F9 740B       JZ  0306
    xxxx:02FB B90700     MOV CX,0007
    xxxx:02FE BA8000     MOV DX,0080
    xxxx:0301 CD13       INT 13

    Note: The xxxx above will vary from system to system. These values are
          not important to the program.

  3) If you do not have a match at any step above, DO NOT PROCEED!

  4) To move the virus from your hard disk, enter the following into DEBUG.

    R IP
    100
    A 100
    MOV DX,80
    MOV CX,7
    MOV BX,200
    MOV AX,201
    INT 13
    MOV DX,80
    MOV CX,1
    MOV BX,200
    MOV AX,301
    INT 13
                       ;press "Return" on a blank line to exit the Assembler
    G 11C              ;execute the above program.

  5) The Marijuana virus is now removed from your hard disk. You can reboot
     your system safely.