[Disclaimer Notification: All that information given in this book is only for educational means,
and the author of this book solely will not hold responsibility for whatever you mess with this stuff.]
There were few things that are un-covered in most of the batch programs, and that is nothing but
the dark-side of the batch. Batch program offers its programmers to create their custom viruses just by
misusing the way the command works, which leads to the creation of batch viruses. In this chapter we are
going to learn about the dark-side of the batch by learning how to misuse commands to create batch
Folder Replicator Virus:
Here is a Simple batch virus that contains only 6 lines, has the tendency to replicate itself again
objShell.Run strCommand, vbHide, TRUE
copy the above coding into a notepad file, replace the eC:\ yourfile.batf with the actual name of the batch
file that you have created, along with the location and then save this file with a .vbs extension. Now you
may execute this VBScript file to run the batch file too, so there is no need for you to execute the batch
file separately. Now the batch was still running in the background and remains hidden.
The only way to end the process is to open the task manager and kill the process that says WScript.This virus program will begin its operation at C:\windows\system32 and creates a new directory
with name ‘1001’, changes the time to 12:00 and date to 01-01-2000, then creates a new user with account
name ‘Microsoft_support’ with a password ‘support’ matching the account.
It automatically assigns administrator rights to the user account that was created, then shares the
root drive ‘C:’ which really is a security issue making the system completely vulnerable.
It will create a VBScript file with name ‘warnusr.vbs’ that is used to display a message ‘Microsoft
Windows recently had found some Malicious Virus on your computer, Press Yes to Neutralize the virus or
Press No to Ignore the Virus’, that really seems to be coming from the operating system itself, then it will
change the keyboard setting by reducing the rate and delay time.
Since the time and date has been already modified by the virus, it will automatically pop up a message
stating ‘You are requested to restart your Computer Now to prevent Damages or Data loss’ exactly at
12:01 and 12:02, if the user restarts the computer, then it’s gone.
Whenever the user try to login to the computer, it will automatically reboots continuously, because the
command ‘shutdown -r’ is set with time 00, and kept in start-up folder, the user has nothing to stop this
unless he enters in safe mode and delete the file, more over the file is set with system and hidden attribute
making it invisible.
The only way to stop this is to enter in safe mode and disable the start-up items, and then delete the file
that reside in C:\windows\system32\1001 and in the start-up folder.