How to Make a Trojan Horse

How to Make a Trojan HorseMost of you may be curious to know about how to make a Trojan or Virus on your own. Well, here is an answer to your curiosity. In this, post I’ll show you how to make a simple trojan on your own using the C programming language.

This trojan when executed will eat up the hard disk space on the root drive (The drive on which the Windows is installed, usually C: Drive) of the computer on which it is run. Also, this trojan works pretty quickly and is capable of eating up approximately 1 GB of hard disk space for every minute it is run.

So, I’ll call this as Space Eater Trojan. Since this program is written using a high level programming language, it is often undetected by antivirus programs. The source code for this program is available for download at the end of this post. Let’s see how this trojan works:

Before I move on to explain the working of this program, you need to know what exactly is a Trojan horse and how it works. Unlike what many of us think, a trojan horse is not a virus. In simple words, it is just a program that appears to do a favorable task but in reality performs undisclosed malicious functions that allow the attacker to gain unauthorized access to the host machine or cause a damage to the computer.

Now let’s move on to the working of our Trojan:

The trojan horse which I have created appears itself as an antivirus program that scans the computer for malware programs. However, in reality it does nothing other than eating up the hard disk space on the root drive by filling it up with a huge junk file. The rate at which it fills up the hard disk space it too high. As a result, the the root drive gets filled up completely with in minutes of running this program.

Once the disk space is full, the trojan reports that the scan is complete. The victim will not be able to clean up the hard disk space using any of the cleanup program. This is because, the trojan intelligently creates a huge file in the Windows\System32 folder with the .dll extension. Since the junk file has the .dll extension it is often ignored by the disk cleanup software. Hence there is now way to recover the hard disk space other than reformatting the drive.

The algorithm of the Trojan is as follows:

  1. Search for the root drive.

  2. Navigate to %systemroot%\Windows\System32 on the root drive.

  3. Create the file named “spceshot.dll“.

  4. Start dumping the junk data onto the above file and keep increasing its size until the drive is full.

  5. Once the drive is full, stop the process.

You can download the Trojan source code HERE. Please note that I have not included the executable for security reasons. You need to compile it to obtain the executable.

How to compile the program?

For step-by-step compilation guide, refer my post How to compile C Programs.

How to test this trojan horse?

To test the trojan, just run the SpaceEater.exe file on your computer. It will generate a warning message at the beginning. Once you accept it, the Trojan runs and eats up the hard disk space.

NOTE: To remove the warning message you’ve to edit the source code and then re-compile it.

How to fix the damage and free up the space?

To remove the damage and free up the space, just type the following in the “run” dialog box:

%systemroot%\system32

Now search for the file “spceshot.dll“. Just delete it and you’re done. No need to re-format the hard disk.

 NOTE: You can also change the ICON of the virus to make it look like a legitimate program. This method is described in the post: How to Change the ICON of an EXE file ?

Please pass your comments and tell me your opinion. I am just waiting for your comments. :)

81 Comments

  1. m0rebel
    April 6, 2009 at 6:17 AM

    You say with this program there’s no way to recover the disk space except by formatting the hard drive. Umm, can’t you just delete c:\windows\system32\spceshot.dll? Technically, this program wipes the free space on the drive. If you just add one more line of code that deletes the dll at the end, it would be a very useful privacy tool, preventing people from undeleting files.

    I always think of trojans as being programs that allow the attacker to remotely issue commands to the victim. Like, open a port to bind a shell to, or regularly sending reverse shells somewhere, or something like that.


    • Srikanth
      April 6, 2009 at 8:42 AM

      @ m0rebel

      “there’s no way to recover the disk space except by formatting the hard drive” means, for a victim, without knowing the place where the file is dumped it is not possible to delete it. So there’s no other go for him unless formatting the drive. ie: If you know that the file is dumped is %systemroot%\system32 then it’s possible to delete the file and no need of formatting..


  2. Sushant
    April 6, 2009 at 11:43 AM

    I like your work.. keep it up


  3. Aghaamou
    April 6, 2009 at 12:23 PM

    Very Thanks…


  4. Rafay Baloch
    April 6, 2009 at 3:09 PM

    I asked u a question


  5. emmet
    April 6, 2009 at 6:14 PM

    what is borlan c++


  6. Poppernut
    April 7, 2009 at 4:06 AM

    Hello. Is it possible for you to provide the code or program without the warning screen? It is part of the class I lead. You have worked with me before, on the “How to make a virus” post. Speaking of which, I came up with a way to make a program that does the exact same thing but does not use C++ programming. Thank you.


    • Srikanth
      April 8, 2009 at 3:29 PM

      @ Poppernut

      I have purposefully added this warning screen to avoid script kiddies from misusing it. However you can edit the source code and then recompile it to remove the warning…


  7. Neel
    April 7, 2009 at 3:04 PM

    Hey can anybody tell me how to make this type of comment box Please….


  8. Kapil Kaushal
    April 7, 2009 at 5:21 PM

    Brother,would system restore utility be able to remove the Trojan from system.


    • Srikanth
      April 8, 2009 at 3:27 PM

      @ Kapil Kaushal

      System restore will restore all the settings of your PC to an earlier date. So this may remove the virus (if it is not fully spread). If the virus is spread then chances are low that it will be removed.


  9. Virendra
    April 9, 2009 at 1:55 PM

    Do you have a trojan that can keylogg the victims typed words and send it on a specific mail ID


  10. rathik
    April 10, 2009 at 8:34 AM

    IT is not working IF antivirus avast is installed


  11. Suman
    April 10, 2009 at 5:02 PM

    Do you have a trojan that can keylogg the victims typed words and send it on a specific mail ID….!!!!!!


  12. ishan
    April 10, 2009 at 8:39 PM

    can u tell me how to create such a virus that on opening any window, the comp will shut down?


  13. PIYUSH
    April 11, 2009 at 12:04 AM

    srikant sir,
    ihave problem regarding window 7beta earlier i installed in desktop but it is 30days trial pack. tell me thing how can i make it fully activate


  14. avi
    April 13, 2009 at 1:31 AM

    u said dat it will dump junk data. my hdd is 160 G.B. will it be able to dump such huge amt of data & if at all it dumps wat sort of data will it dump? again after deleting the junk data will i be able to get my previously stored information?


    • Srikanth
      April 13, 2009 at 10:31 PM

      @ avi

      Yes the trojan can fill any amount of diskspace. But it’ll only fill the root drive(C:) not the whole harddisk. So, for example if your C: drive is 40 gb it’ll take a few minutes to fill up the space. Sure, you can get back your space by deleting the junk file.


  15. PIYUSH
    April 14, 2009 at 11:46 AM

    boss i recently installed window 7 ultimate built7000 bt it is a trial pack of 30 days tell me the crack to make it completly full version


    • Srikanth
      April 15, 2009 at 12:20 AM

      @ PIYUSH

      Sorry, I do not provide links to cracks, keygens etc. You may find it yourself..


  16. ema
    April 15, 2009 at 1:18 AM

    Hey,
    I want to ask you why you opened explorer.exe in the code. Why Can not I open internet explorer after ? used your programme.


    • Srikanth
      April 18, 2009 at 3:52 PM

      @ ema

      I opened explorer.exe to make sure it is the root drive..


  17. darkterror
    April 15, 2009 at 1:33 PM

    Sir! I am using Turbo C++ 3.0 by Borland International.
    when i compile the codes and generate it i cannot change the icon of the . exe file using the IconChanger- “cannot change some icons”

    whats the problem?


    • Srikanth
      April 18, 2009 at 3:51 PM

      @ darkterror

      Turbo C++ 3.0 is 16-bit compiler. You need to use a 32-bit compiler (C++ 5.5 or higher)


  18. Gideon
    April 15, 2009 at 7:12 PM

    I want to learn how to hack plssssssss teach me!!………….. email me at GideonX23@yahoo.com …………… i want to save life……..


  19. dps
    April 16, 2009 at 8:05 AM

    nice codes..


  20. darkterror
    April 20, 2009 at 1:34 PM

    tnx for the reply sir Srikanth but where i can download borland c++ 5.5 for free?


    • Srikanth
      April 21, 2009 at 9:19 AM

      @ darkterror

      You can download it for free from Borland Website. Search on google for “Borland C++ 5.5″


  21. jonty
    April 20, 2009 at 2:33 PM

    HOW TO CREATE THAT “spaceshot.dll” file….pls help me


  22. Mishra_90
    April 21, 2009 at 5:35 PM

    thanx that was really a huge one……….


  23. darkterror
    April 22, 2009 at 11:56 AM

    sir srikanth tnx for sharing your knowledge..
    this site can help me to my programming skills
    make some more codes for us.
    tnx


  24. aditya
    April 22, 2009 at 3:20 PM

    hai sir

    can we set a setting to a folder in such a manner that
    when we open it, a c program’s .exe file runs and asks for a string to enter (password). can we set it please reply


    • Srikanth
      April 22, 2009 at 10:47 PM

      @ aditya

      It is not possible to just set a folder to ask for password using a c program. We have to create a seperate project for that. Instead you can use some ready made programs available for password protecting files and folders.


  25. zerocool
    April 22, 2009 at 6:26 PM

    guys i have the real gh0st rat hacking software .yesyesyesyesyessssssssssssssss


  26. scratchlikeme
    April 24, 2009 at 5:39 PM

    thanks dear….


  27. arun
    April 24, 2009 at 8:18 PM

    yaaar you are tooo great


  28. sau
    April 25, 2009 at 5:08 PM

    hi srikant…please tell which line to delete from source code to avoid warning


    • Srikanth
      April 26, 2009 at 10:23 AM

      @ sau

      Deleting the warning part is left upto you. If you are good in C you’ll be able to do that with ease..


  29. ???Guy
    April 26, 2009 at 9:27 AM

    After downloading… can you email the trojan horse and how do you get them to open it


  30. jatin jain
    May 2, 2009 at 11:17 PM

    HELLO SRIKANTH

    I M JATIN I WANT TO KNOW HOW TO OPERATE SOME ONE COMPUTER THROUGH IP ADDRESS ONLY (*I MNOT ASKING ABOUT TELNET LIKE TEEMVIWER OR SHOW MY PC AND LOGMEIN.MSC*)PLS MAIL ME ANSWER IS THIS POSSIBLE OR NOT
    MY E MAIL ID IS –JATINJAIN23@YAHOO.COM


  31. HUMPTYdUmPtY
    May 5, 2009 at 3:20 PM

    Thanks for the explanation bro. i have one question for you how can i see those binaries..wether its 8bit or whatever? dave compiler for c++ is not compiling it ive tried every possible way but its telling me something is wrong..so how do i proceed? am confused….Thanks for your time.


    • Srikanth
      May 6, 2009 at 11:23 AM

      @ HUMPTYdUmPtY

      Use Borland C++ 5.5 or newer to compile. All of my programs are designed for Borland C/C++ compiler. For other compilers you have to make modifications in the code.


  32. Muhammad jamil
    May 7, 2009 at 12:25 AM

    Great work.keep it up…..


  33. sam
    May 7, 2009 at 11:41 AM

    wooooow cooool stuf thanx man..


  34. akshay
    May 7, 2009 at 8:27 PM

    hi hackers i have problem that when i turn on my wifi in laptop it shows some networks the show that massage “secured wireless nework” and a lock logo on them.could u give me a solution or a trick to acesses


  35. Rishi Sangal
    May 11, 2009 at 9:48 PM

    hellooo Dude

    I read your artical & I think it is realy good man. but i have a problem u said that .dll file will not be deleted by disk clean up software’s. can u tell me why


    • Srikanth
      May 11, 2009 at 10:23 PM

      @ Rishi Sangal

      dll stands for Dynamic Link Library. dll files are usually system files and hence disk cleanup softwares never bother about them. They look only for junk files with extension .bak, .tmp etc.


  36. doofus
    May 12, 2009 at 10:24 AM

    how do you send it to someone?
    can you remotely send it and have it automatically execute by itself?


    • Srikanth
      May 12, 2009 at 3:04 PM

      @ doofus

      You can send it by attaching it via email. But the remote user has to execute it, otherwise it’ll not execute on it’s own.


  37. dien nguyen
    May 12, 2009 at 9:20 PM

    thank u for sharing ,i love your job :))


  38. Rohit Kumar
    May 20, 2009 at 1:57 AM

    great!! m a bio student bt thanx2 ur easy language i grasped much ‘f ths..is thr ne size by which i cn sort the files in sys32..i.e does being of a large size (say 1.5~2 gb) guarantee a file being trojan..hw2 identify othrwise??


    • Srikanth
      May 21, 2009 at 7:04 AM

      @ Rohit Kumar

      It is better to scan the file using an antivirus to detect whether or not it’s a malicious file. However you can only suspect a file to be a virus/trojan if it’s too large. But theres no confirmation.


  39. master unais
    May 23, 2009 at 8:06 AM

    sir,
    ma orkut acond hack some 1 how can i found him? he hak ma accond and change ma name and ma dp and he change ma addrs about mee
    wat i do?


  40. paras
    May 25, 2009 at 5:53 PM

    boss can u kindly tell me names of mobile hack softwaers and from where to get them


  41. Aryan
    May 25, 2009 at 6:52 PM

    Hey plssssssss tell me how to create spceshot.dll file………I m creating folder….is this right or i have 2 create file…..if file than tell me how……?


  42. vikas kottari
    May 31, 2009 at 3:02 AM

    You told in detail that how to create the trijan horse…
    but please tell in shortcut way to remove it without formatting….


  43. fanofyours
    June 2, 2009 at 10:42 PM

    hi…..

    i read ur topics

    sure very cool

    i like to know much more from you..

    im a IT student


  44. cindy
    June 3, 2009 at 2:49 AM

    hello
    got to ask something, bec when i was on friendster chatting someone is hacking me there, and i dont know what to do,?? can you help me how to prevent it from hacking me, and can you teach me on how to make a virus for his?her acct, and i want also to learn how to hacked.. thanks

    hope you could help me,,

    more power and god bless,,


  45. x-boy
    June 9, 2009 at 7:56 PM

    and also i was wondering about what spy soft ware would keep out a trojan horse,please notafiy me soon,sinserly,mr.lander’s.


  46. akash
    June 14, 2009 at 10:57 AM

    sir i would like know which file i should delete frm system32 dr r too many files


  47. anonymous
    June 15, 2009 at 3:09 PM

    Didn,t work for windows 7 RC with AVG


  48. ARJIT
    June 15, 2009 at 4:43 PM

    HI BHAI, YAAR I WANT 2 HACK MY GF”S ORKUT ACCOUNT. IS IT POSSIBLE IF IT IS THEN TELL ME PLZ. IT IS THE QUESTION OF MY LOVE.


  49. john
    June 18, 2009 at 11:37 AM

    hi
    i just want to know how do came to know about all this ? was it through experiment or through a book,please reply


    • Srikanth
      June 22, 2009 at 8:12 AM

      @ john

      Creating this trojan was totally my concept. I framed the algorithm and coded that in C.


  50. karthik
    June 21, 2009 at 9:42 AM

    hi sri……
    2 delete the …warning message i hav edited the code n saved it…n then re compiled it..bt am nt gettin exe file….
    i want 2 send the new exe file…without warnin message plzz help me…


  51. Bill
    June 24, 2009 at 9:36 AM

    Hey Srikant,
    I made some changes in the above torjan and made it look like a kaspersky scanner.I changed the heading, the inner text and put the icon of kaspersky anti-virus on to it to make it look like an original kaspersky scanner and sent it to my dad for fun.But the kaspersky anti-virus of my dad’s computer displayed the following message:
    The requested object is INFECTED with the following viruses: not-a-virus:FraudTool.Win32.Agent.ru

    To have a look to the modified torjan visit the follwoing link:

    But, when I tried to download the original torjan which you created, kaspersky didn’t display any warning.Can you tell me the reason for this?


    • Srikanth
      June 24, 2009 at 4:17 PM

      @ Bill

      The reason may be that you are using the name “KasperskyAntivirusscanner2009″ and you’re using the kaspersky icon. try changing the icon to someother antivirus.


  52. Amit
    June 26, 2009 at 5:22 PM

    marvelous. just in one read i undrstood the whole thing.keep posting articles like these. it will help beginners like us to make our hacking career bright and prosperous


  53. Irena
    July 1, 2009 at 9:18 PM

    Thanks for such good example, I tried it on my laptop just to see how it works. I need help with something else, can you tell me some program which I can use to convert this code to code in Delphi, does something like that exist.


  54. Santanu
    July 2, 2009 at 12:23 AM

    Brother, thanks for all of ur instructions…
    I am using Turbo C++ 4.5 and when i make an exe program with this, the exe program does not run saying that 16-bit MS Dos subsystem and gives the option of ignore or close..i’m using Vista 32-bit system…whether i have to use another compiler of 32-bit or something else…
    Thank u in advance…


  55. sam
    July 4, 2009 at 1:32 PM

    how to get the junk file or is it tht when u create spceshot.dll automaticlly the junk data gets added
    plsss tell me


  56. Harjyot
    July 4, 2009 at 10:37 PM

    Sir i dot know c so can you provind the same source for c++


  57. Santanu
    July 5, 2009 at 2:13 AM

    yes spaceshot itself acts as virus which is actually a junk file….keep in mind,it occupies the memory of the hard disk and fill it up…

    visit my blog:-www.toprated1@blogspot.com for WBUT informations…


  58. xeno
    July 13, 2009 at 11:18 AM

    can anybody plzz tell me whre can i get good blinders


  59. PArth
    July 16, 2009 at 2:07 PM

    really grt8 work man

    thanxs.....


  60. ali sofi
    July 17, 2009 at 2:16 AM

    this website very googd
    i’m thanks of you


  61. james
    July 18, 2009 at 8:21 AM

    hi !!!! how to send a virus to cellphone using pc?????? can you plz tell me!!


  62. SONU
    July 19, 2009 at 10:49 AM

    I AM BEGINER IN THE FILED OF HACKING SO NEED THE COMPLETE BASIC KNWLEDGE OF HACKHING


  63. NINAD
    August 5, 2009 at 9:47 PM

    very nice , sir………!


  64. hitler
    August 6, 2009 at 2:59 PM

    Grt work man


  65. ram
    August 14, 2009 at 4:16 PM

    hyyyyyy yarr tumne ye sab khud sikha tha ya tumne bhi kisi se sikha lekin jo bhi ho tumne mera rasta aasan kardiya thanks.