Image default
Softorial

Virus Tutorial – VIRUS SIMULATION AND THE RELATION WITH DOS COMMAND

Hallo, meet again.

 

Now we try to discuss about virus simulation. What is virus simulation? Just read the article below.

 

Origin Begin

 

In the fact this program made for testing or do network penetration in a company. Clear outside Indonesia. Why? We will discuss it later. So Infocoon ( That Company Name ) want to test their network and need tools like this below :

In the fact there are so many modules. But I can’t explain it one by one. It’s difficult.

 

So what is the connection with Virus Simulation? Yeah, there is a tools. This tools useful to inject the network, open the port and service, make and delete group or user on computer, etc. To make this tools in the fact is still use DOS command ( Disket Operating System ) on Windows XP. So not at all use API command ( Application Programming Interface ).

 

FILE THAT NEED

——————–

 

File that need to run to run this application :

 

– ASService.dll
To make service

 

– NTSVC.ocx
To run service on Windows XP

 

– MSWINSCK.OCX
File that need VB to run network program

 

So that file can be execute by VS application , just follow the steps below :

 

  1. Copy ASService.dll and MSWINSCK.OCX to c:\windows\system32 ( for winxp ) and c:\windows\system ( for win9x ) directory.
  2. Do register with, click start à run à type “cmd” without double quotation mark.
  3. Then type regsvr32 [space] file name, and then press enter, or wholly :

regsvr32 ASService.dll -> untuk file ASService.dll
regsvr32 NTSVC.ocx -> untuk file NTSVC.ocx
regsvr32 MSWINSCK.OCX -> untuk file MSWINSCK.OCX

 

MODULE ON PROGRAM

——————————-

 

From module on program divided be 9 parts, that is :

  • Module Port and Service opener
  • Module User maker
  • Module User eraser
  • Module to insert user into group
  • Module Group maker
  • Module Group eraser
  • Module to find changed registry
  • Module Registry Injection
  • Module file extention maker

 

MODULE PORT AND SERVICE OPENER

————————————————-

 

To open Port and Service on this program do with API command on VB programming. In the fact it can do with DOS command too, but to open the service I can not find the manner yet, hahaha… There is a way to see active service in DOS, enter the DOS terminal then type command :

 

NET START

Then enter, so there wiil be more service shown on your computer.

 

On Virus Simulation ( VS ), we use API command. This explain we ever have discuss on “Make Service On Windows XP”. Try to find the article on this link, www.virologi.info.

 

MODULE USER MAKER

—————————–

 

To make a user can do with DOS command, that is with type command :

NET USER [nama user] [password] /ADD

After that type enter, then try to log off from windows. Now you can see on Windows Login Menu there is a user name that you have been created. This can do with VB, with use this script as follows :

 

Private Sub cmdextcute_Click()
Shell “NET USER” & ” ” & txtuser.Text & ” ” & txtpass.Text & ” ” & “/ADD”, vbHide
MsgBox “Your Account with ” & vbCrLf & “User : ” & txtuser.Text & vbCrLf & “password : ” & _
txtpass.Text & vbCrLf & ” is created “, vbExclamation, “WARNING”

txtuser.Text = “”
txtpass.Text = “”

Unload Me
End Sub

If you don’t understand, just see the source code.

 

MODULE USER ERASER

——————————

 

Such also to erase user on DOS use command :

NET USER [nama user] /DELETE

On VB can be implemented with script as follows :

Private Sub cmddel_Click()
Dim warning
warning = MsgBox(“Are U Sure to delete?”, vbYesNo, “WARNING!!!”)

If warning = vbYes Then
Shell “NET USER” & ” ” & txtuser.Text & ” ” & “/DELETE”, vbHide
MsgBox “Your Account with ” & vbCrLf & “User : ” & txtuser.Text & vbCrLf & “password : ” & _
txtpass.Text & vbCrLf & ” is deleted “, vbExclamation, “WARNING”
End If

txtuser.Text = “”
txtpass.Text = “”

Unload Me

End Sub

MODULE TO INSERT USER INTO GROUP

—————————————————-

 

This can do by the virus, first create user, then enter that user into Group Administrator or special account. To enter it just with command :

NET LOCALGROUP [nama group] /ADD [user name]

Or for example we want insert user that you have been created into administrator, just with command :

NET LOCALGROUP administrators /ADD our user

 

Now our user will enter to group that have a  Highest Class, that is Administrators.

Private Sub cmdadd_Click()
Shell “NET LOCALGROUP” & ” ” & txtgroup.Text & ” ” & “/ADD” & ” ” & txtuser.Text, vbHide
MsgBox “Your User ” & txtuser.Text & ” is Added to Group ” & txtgroup.Text, vbExclamation, “WARNING”

txtgroup.Text = “”
txtuser.Text = “”
Unload Me

MODULE TO CREATE AND ERASE GROUP

—————————————————–

 

While to create and erase some of group can do with command :

NET LOCALGROUP [group name] /ADD

And to erase can be do with command :

NET LOCALGROUP [group name] /DELETE

That is enough our tutorial about DOS command that can be do by VB. Don’t belittle DOS. Maybe for now we use SO WINDOWS XP. But don’t forget, use DOS is still shown the power to break the Windows System.

 

EXTENDED MODULE

————————–

 

Once again to show if DOS power is still exist. You must be ever can’t restart your computer or shutdown the computer. Ever? So? Know because it? Because there is an application that still concern on memory. Like regedit application. Huh? Yeah, regedit, sometimes because of virus. Or pirated Windows, regedit become confused. After turn it on. Sometimes regedit still nesting on the memory. To kill the process try to write the script below with name kill.bat. The way is :

  1. Open the Notepad.
  2. Write the script below :

TASKKILL /S system /F /IM regedit.exe /T

  1. Then save with name kill.bat
  2. Then click that file

Or download the source code on this link :

DOWNLOAD Source kill.bat

This script useful to kill the regedit that still concern in memory forcibly. Can be implemented in another application like :

svchost.exe
inetinfo.exe
kernell32.dll

Etc. Have a try.

 

If you want to develop the Virus Simulation, it can download from :

DOWNLOAD Virus Simulation v1.0b

Try to develop in the right way, okay? Bye bye for now.

 

sincerely yours,

overlord@virologi.com

 

 

Related posts

Virus Tutorial – Search The Active IP Address

adminviro

P3K Virus – P3K Dokumen Word yang termakan virus diary dot exe , Trojan Kangen.M , Trojan Virus

adminviro

Virus Tutorial – INJECT THE REGISTRY WITH VISUAL BASIC

adminviro

Leave a Comment