Virus Programming: Batch File Programming

Google+ Pinterest LinkedIn Tumblr +

[Disclaimer Notification: All that information given in this book is only for educational means,

and the author of this book solely will not hold responsibility for whatever you mess with this stuff.]

There were few things that are un-covered in most of the batch programs, and that is nothing but

the dark-side of the batch. Batch program offers its programmers to create their custom viruses just by

misusing the way the command works, which leads to the creation of batch viruses. In this chapter we are

going to learn about the dark-side of the batch by learning how to misuse commands to create batch


Folder Replicator Virus:

Here is a Simple batch virus that contains only 6 lines, has the tendency to replicate itself again

objShell.Run strCommand, vbHide, TRUE

copy the above coding into a notepad file, replace the eC:\ yourfile.batf with the actual name of the batch

file that you have created, along with the location and then save this file with a .vbs extension. Now you

may execute this VBScript file to run the batch file too, so there is no need for you to execute the batch

file separately. Now the batch was still running in the background and remains hidden.

The only way to end the process is to open the task manager and kill the process that says WScript.This virus program will begin its operation at C:\windows\system32 and creates a new directory

with name ‘1001’, changes the time to 12:00 and date to 01-01-2000, then creates a new user with account

name ‘Microsoft_support’ with a password ‘support’ matching the account.

It automatically assigns administrator rights to the user account that was created, then shares the

root drive ‘C:’ which really is a security issue making the system completely vulnerable.

It will create a VBScript file with name ‘warnusr.vbs’ that is used to display a message ‘Microsoft

Windows recently had found some Malicious Virus on your computer, Press Yes to Neutralize the virus or

Press No to Ignore the Virus’, that really seems to be coming from the operating system itself, then it will

change the keyboard setting by reducing the rate and delay time.

Since the time and date has been already modified by the virus, it will automatically pop up a message

stating ‘You are requested to restart your Computer Now to prevent Damages or Data loss’ exactly at

12:01 and 12:02, if the user restarts the computer, then it’s gone.

Whenever the user try to login to the computer, it will automatically reboots continuously, because the

command ‘shutdown -r’ is set with time 00, and kept in start-up folder, the user has nothing to stop this

unless he enters in safe mode and delete the file, more over the file is set with system and hidden attribute

making it invisible.

The only way to stop this is to enter in safe mode and disable the start-up items, and then delete the file

that reside in C:\windows\system32\1001 and in the start-up folder.


About Author

Leave A Reply