How does a malware effect a program and get loaded by Windows?

Discussion in 'Anti-Virus' started by RayLopez99, Jul 25, 2012.

  1. RayLopez99

    RayLopez99 Guest

    From another thread. I create a new thread since it's hard to read the oldone.

    How do you create a virus to effect or infect a .exe file, and have the .exe file get loaded without compromising the original .exe file (killing the file) and have your malware /virus infect the PC?

    I can see how you can disguise a virus to look like a legitimate .exe file and get loaded, but how to do this in a 'stealthy' manner without the entire PC being instantly infected? (that is, without the PC being suddenly hijacked by the virus)?

    It must have something to do with the way Windows loads .exe files. Maybe there's some batch file routine that Windows uses, and you can intercept ormodify this routine. "Hooks"? Rings a bell but I don't code at the machine level.

    Dustin? Here is a chance to "give back" to the community, which will come in handy when you get caught, in the sentencing phase. It's good PR to pretend to be a white hat. Thus your 'work' at Malwarebytes (if it was that, and not really an attempt to be a spy and sabotage that company) is a good mitigating factor for your sentencing phase.

    RL
     
    RayLopez99, Jul 25, 2012
    #1
    1. Advertisements

  2. RayLopez99 wrote:

    > From another thread. I create a new thread since it's hard to read the
    > old one.


    Get a newsreader and a Usenet account.

    --
    -bts
    -This space for rent, but the price is high
     
    Beauregard T. Shagnasty, Jul 25, 2012
    #2
    1. Advertisements

  3. RayLopez99

    Dustin Guest

    RayLopez99 <> wrote in
    news::

    > From another thread. I create a new thread since it's hard to read
    > the old one.
    >
    > How do you create a virus to effect or infect a .exe file, and have
    > the .exe file get loaded without compromising the original .exe file
    > (killing the file) and have your malware /virus infect the PC?


    Curious as hell aren't you? :)

    > I can see how you can disguise a virus to look like a legitimate .exe
    > file and get loaded, but how to do this in a 'stealthy' manner
    > without the entire PC being instantly infected? (that is, without
    > the PC being suddenly hijacked by the virus)?


    Hehehehe...You write your virus to do whatever you want it to do. It's
    upto the author how fast it takes over the entire system or slow... if
    it infects all files, or just some.

    The junk going around today is junk.. shoddy ****ing code... for money..
    Not like it used to be.

    > It must have something to do with the way Windows loads .exe files.
    > Maybe there's some batch file routine that Windows uses, and you can
    > intercept or modify this routine. "Hooks"? Rings a bell but I don't
    > code at the machine level.


    > Dustin? Here is a chance to "give back" to the community, which will
    > come in handy when you get caught, in the sentencing phase. It's
    > good PR to pretend to be a white hat. Thus your 'work' at
    > Malwarebytes (if it was that, and not really an attempt to be a spy
    > and sabotage that company) is a good mitigating factor for your
    > sentencing phase.


    I've never claimed to be a white hat, Ray. It's Grey... thanks.
    And no, I wasn't a spy nor did I sabotage anything. I enjoyed the time
    there for the most part.


    --
    Things look bad from over here. Too much confusion and no solution.
    Everyone here knows your fear. Your out of touch and you try too much.
    Yesterdays glory will help us today. You wanna retire? Get outta the
    way. I ain't got much time. Young ones close behind. I can't wait in
    line.
     
    Dustin, Jul 26, 2012
    #3
  4. "RayLopez99" <> wrote in message
    news:...
    From another thread. I create a new thread since it's hard to read the old
    one.

    How do you create a virus to effect or infect a .exe file, and have the .exe
    file get loaded without compromising the original .exe file (killing the
    file) and have your malware /virus infect the PC?

    ***
    Damn, that question is a real mess.
    ***

    I can see how you can disguise a virus to look like a legitimate .exe file
    and get loaded,

    ***
    It sounds like your thinking *trojan* while saying *virus*. I know you don't
    *like* that there is a difference - but there is.
    ***

    but how to do this in a 'stealthy' manner without the entire PC being
    instantly infected? (that is, without the PC being suddenly hijacked by the
    virus)?

    ***
    Another mess of a question.
    A virus can search for and infect as many or as few programs as its creator
    wanted it to. Slow or fast infectors, some are designed to infect only one
    specific program - notice I say 'program' and not 'file' because viruses
    infect programs not just programs in files. A virus is just a program (or
    program fragment) it's not magic.
    ***

    It must have something to do with the way Windows loads .exe files.

    ***
    That and how some programs are stored as files
    ***

    [...]
     
    FromTheRafters, Jul 26, 2012
    #4
  5. RayLopez99

    RayLopez99 Guest

    On Wednesday, July 25, 2012 10:32:32 PM UTC-4, FromTheRafters wrote:

    > It must have something to do with the way Windows loads .exe files.
    >
    > ***
    > That and how some programs are stored as files
    > ***
    >


    Thanks Rafters. I would have liked Dustin to have answered but, as usual, he evaded the issue. He did cut and paste some code from who knows where, claiming he authored it, for one of his malwares from way back when, but there's not telling what was his contribution if any. I myself actually havea book on how to write viruses, complete with source, but I've not had time to go through it. Dustbin is evasive as to the 'how'. As an aside, it'salso curious that he keeps mentioning his illegal activity--and everytime he does that, he continues to run the clock and prevent the statute of limitations from expiring on his computer virus crimes--assuming the poster here is in fact "Dustin" to begin with. It's amusing how he continuously digshis own grave.

    Dustin, aka Slam, Raid or whatever, tell us noobs for the last time please:walk us through a virus, how it 'slowly' can infect a file and get loadedinto Windows? If you know how that is...

    RL
     
    RayLopez99, Jul 26, 2012
    #5
  6. RayLopez99

    Dustin Guest

    RayLopez99 <> wrote in
    news::

    > Thanks Rafters. I would have liked Dustin to have answered but, as
    > usual, he evaded the issue. He did cut and paste some code from who
    > knows where, claiming he authored it, for one of his malwares from
    > way back when, but there's not telling what was his contribution if
    > any. I myself actually have a book on how to write viruses, complete
    > with source, but I've not had time to go through it. Dustbin is
    > evasive as to the 'how'. As an aside, it's also curious that he
    > keeps mentioning his illegal activity--and everytime he does that, he
    > continues to run the clock and prevent the statute of limitations
    > from expiring on his computer virus crimes--assuming the poster here
    > is in fact "Dustin" to begin with. It's amusing how he continuously
    > digs his own grave.
    >
    > Dustin, aka Slam, Raid or whatever, tell us noobs for the last time
    > please: walk us through a virus, how it 'slowly' can infect a file
    > and get loaded into Windows? If you know how that is...


    I said something about respect Ray. I accepted your challenge. I posted
    snippits to irok v1.1c. My last released virus. As you still can't
    properly address me by name, I will not pursue this with you any
    further.

    I know who I am, most here do as well, the fact you choose to ignore it,
    is funny as hell to me.

    Have a good day, and read that virus book. You shouldn't be asking these
    basic questions. That book should have them covered.


    --
    Things look bad from over here. Too much confusion and no solution.
    Everyone here knows your fear. Your out of touch and you try too much.
    Yesterdays glory will help us today. You wanna retire? Get outta the
    way. I ain't got much time. Young ones close behind. I can't wait in
    line.
     
    Dustin, Jul 26, 2012
    #6
  7. RayLopez99

    RayLopez99 Guest

    "Dustin" you sound weak. I smell your weakness. If you were game you would not give such a lame answer.

    So, let us dispense with the role playing b.s. games my friend. Once and for all: post your code here, in this thread, walk us through it, as to how you infect a Windows .exe file and fool the OS into loading the virus/malware. Or forever hold your peace, and your piece.

    Respect is earned. It's true I have flamed you mercilessly, but it's also true you've not earned any respect from this board except talk about this guy Dustin Cook from 1999. He or she may indeed be a master virus writer but you have not shown you are. So put up or shut up.

    I don't expect to hear from you again...

    RL
     
    RayLopez99, Jul 26, 2012
    #7
  8. RayLopez99

    RayLopez99 Guest

    On Wednesday, July 25, 2012 2:58:31 PM UTC-4, RayLopez99 wrote:

    Here is what FromTheRafters wrote in another thread, and I include it here with my comments IN CAP LETTERS FOR THE most part.

    RL

    OK I need a lesson in virus writing or rather how an OS loads a program.

    ***
    You need some background before any explanation will be understood by you.
    The loader does the last 'translation' - that of using the information in
    the program's file to construct an executable image. The executable file is
    not really executable (some need no further translation, but most do - the
    loader knows what to do). it "represents" what is needed to create that
    executable image.

    NOT CLEAR WHAT YOU MEAN. LET ME GOOGLE THIS... found this, and it looks good: http://alexfru.chat.ru/los4d_manual.html -LET ME KNOW IF YOU DISAGREE, RAFTERS. from what I can tell, an "OS loader" is a Windows (or DOS) program that continuously runs in the first 640k or so of RAM, and what it is,is a 'stack' run in an infinite loop (the infinite loop program always checking the top of the stack and popping or pushing instructions or data fromthe program it is running to serve up to the microprocessor) that pops into the stack the opcodes related to uP commands and memory commands and IO commands of the kind 'Dustin' claims to write. I think you mean 'binary' for 'image' file. Fair enough. In any event this binary of either .com or .exe extension has the machine code--in 1's and 0's--of the assembly language opcodes that I mentioned above. --RL

    ***


    A 'file infector virus' infects a 'program' by modifying the information in
    the 'file' it is stored in so that the resulting image from the loader's
    translation has the virus as part of the program it is using as a host
    (infecting). So now when such an 'infected' legit program file gets
    'invoked' the loader loads the virus because it is now part of that formerly
    legitimate program.

    THIS IS THE PART THAT CONFUSES ME--I'M NOT SURE HOW A BINARY FILE CAN HAVE CODE INSERTED INTO IT WITHOUT DESTROYING WHAT WAS ALREADY THERE, BUT I GUESS IF YOU JUDICIOUSLY INSERT THE CODE SO IT'S SAY JUST AFTER A 'COMMENT' IN MACHINE CODE, IF YOU CAN DO THIS--I NEED MORE CLARIFICATION.--RL

    At this point, the infected 'legit' program is 'like' a trojan - it appears
    to be legit but has in addition to (or instead of in the case of
    overwriters) what it used to do, some nefarious function. This special case
    of trojan when executed will trojanize other programs again in the same
    manner with a copy of its own replicative function

    AGAIN, NOT CLEAR HOW. I GUESS THE TROJAN CAN SEARCH FOR .COM OR .EXE FILESIN THE HARD DRIVE AND DO WHAT, LOAD THEM INTO RAM, THEN MANIPULATE THEM, THE WRITE THEM BACK TO THE HARD DRIVE?--rl

    and act as a
    self-distibution method for whatever 'payload' it also copies from iteration
    to iteration. This is an important enough consideration to warrant its
    special name of "virus" rather than just a trojan which would need some
    other method for its distribution. Viruses and worms are handy programs for
    malware distribution but IMO are neutral otherwise.

    I know that you just want to troll Dustin, but let me say this - I know
    enough about computers and malware to know that Dustin knows more than I do..
    ***

    YES I TROLL DUSTIN--HE'S A FOOL. I DOUBT HE KNOWS MORE THAN YOU ABOUT COMPUTERS BTW. AS A SO-CALLED VIRUS WRITER, AT BEST--AGAIN, FROM WHAT I'VE SEEN--HE MAY HAVE A BOOK LIKE I HAVE AND HAS SIMPLY COPIED AND PASTED SOME OFFTHE SHELF VIRUS AND RENAMED IT AS HIS--AT BEST.

    Thanks for your input. I am replying only here since the other thread is getting too crowded.

    RL
     
    RayLopez99, Jul 26, 2012
    #8
  9. RayLopez99 explained :
    > On Wednesday, July 25, 2012 2:58:31 PM UTC-4, RayLopez99 wrote:
    >
    > Here is what FromTheRafters wrote in another thread, and I include it here
    > with my comments IN CAP LETTERS FOR THE most part.
    >
    > RL
    >
    > OK I need a lesson in virus writing or rather how an OS loads a program.
    >
    > ***
    > You need some background before any explanation will be understood by you.
    > The loader does the last 'translation' - that of using the information in
    > the program's file to construct an executable image. The executable file is
    > not really executable (some need no further translation, but most do - the
    > loader knows what to do). it "represents" what is needed to create that
    > executable image.
    >
    > NOT CLEAR WHAT YOU MEAN. LET ME GOOGLE THIS... found this, and it looks
    > good: http://alexfru.chat.ru/los4d_manual.html -LET ME KNOW IF YOU
    > DISAGREE, RAFTERS.


    It looks like you have confused the loader that loads the OS with the
    loaders that load programs once the OS is up and running. This first
    loader has to set up the OS's structures and whatnot and then schedule
    the initialization process as the idle process.

    > from what I can tell, an "OS loader" is a Windows (or
    > DOS) program


    It's running before the OS has loaded, and as such cannot be DOS or
    Windows. The BIOS finds the OS loader and tranfers control to it. The
    OS loader then constructs additional file system support so that other
    stored files can be accessed.

    > that continuously runs in the first 640k or so of RAM, and what
    > it is, is a 'stack' run in an infinite loop (the infinite loop program always
    > checking the top of the stack and popping or pushing instructions or data
    > from the program it is running to serve up to the microprocessor)


    That sounds like you're describing the scheduler.

    > that pops
    > into the stack the opcodes related to uP commands and memory commands and IO
    > commands of the kind 'Dustin' claims to write. I think you mean 'binary' for
    > 'image' file.


    No, I meant 'executable image' - no *file* is involved here. The code
    and the other resources in the executable file are translated into
    machine code for the processor and the result is mapped into a special
    memory location where execution can begin when sheduled.

    > Fair enough. In any event this binary of either .com or .exe
    > extension has the machine code--in 1's and 0's--of the assembly language
    > opcodes that I mentioned above. --RL


    1's and 0's are machine language, assembly uses mnemonics for the
    opcodes.

    > A 'file infector virus' infects a 'program' by modifying the information in
    > the 'file' it is stored in so that the resulting image from the loader's
    > translation has the virus as part of the program it is using as a host
    > (infecting). So now when such an 'infected' legit program file gets
    > 'invoked' the loader loads the virus because it is now part of that formerly
    > legitimate program.
    >
    > THIS IS THE PART THAT CONFUSES ME--I'M NOT SURE HOW A BINARY FILE CAN HAVE
    > CODE INSERTED INTO IT WITHOUT DESTROYING WHAT WAS ALREADY THERE, BUT I GUESS
    > IF YOU JUDICIOUSLY INSERT THE CODE SO IT'S SAY JUST AFTER A 'COMMENT' IN
    > MACHINE CODE, IF YOU CAN DO THIS--I NEED MORE CLARIFICATION.--RL


    Preexisting code can be relocated and jumped to later. Some viruses
    even relocate that code to another file or alternate data stream as
    encrypted data and decrypt and execute it later to "mimic" the original
    program's function.
    >
    > At this point, the infected 'legit' program is 'like' a trojan - it appears
    > to be legit but has in addition to (or instead of in the case of
    > overwriters) what it used to do, some nefarious function. This special case
    > of trojan when executed will trojanize other programs again in the same
    > manner with a copy of its own replicative function
    >
    > AGAIN, NOT CLEAR HOW. I GUESS THE TROJAN CAN SEARCH FOR .COM OR .EXE FILES
    > IN THE HARD DRIVE AND DO WHAT, LOAD THEM INTO RAM, THEN MANIPULATE THEM, THE
    > WRITE THEM BACK TO THE HARD DRIVE?--rl
    >

    Yep, just as the user is able to modify programs, so is malware that
    the user executes.
    [...]

    I can tell you something about what is being done, but Dustin can tell
    you *how* it is being done. He *can* be very helpful, but you have not
    endeared yourself to him (to say the least). :blush:D
     
    FromTheRafters, Jul 26, 2012
    #9
  10. RayLopez99

    RayLopez99 Guest

    On Thursday, July 26, 2012 6:58:37 PM UTC-4, FromTheRafters wrote:

    >
    > I can tell you something about what is being done, but Dustin can tell
    > you *how* it is being done. He *can* be very helpful, but you have not
    > endeared yourself to him (to say the least). :blush:D


    Well except for some minor terminology differences and confusion, I think we are roughly on the same page. As for Dustin, I doubt he knows much more than you and I, seriously, I think he's a fake. If he's real he'll step up to the plate and try and explain some of this stuff and show his supposed mastery. I'm not holding my breath.

    RL
     
    RayLopez99, Jul 27, 2012
    #10
  11. RayLopez99

    Buffalo Guest

    "RayLopez99" <> wrote in message
    news:...
    [snip the immature drivel]]

    it's also true you've not earned any respect from this board
    [snip more immature ranting]
    RL

    You are the one who doesn't have the respect of ANYONE in this NG.
    You taunt to try to obtain info, just like a young spoiled child.
    Buffalo
     
    Buffalo, Jul 27, 2012
    #11
  12. RayLopez99

    Dustin Guest

    RayLopez99 <> wrote in
    news::

    > "Dustin" you sound weak. I smell your weakness. If you were game
    > you would not give such a lame answer.


    It would help if you'd quote that which you're referencing here. I told
    you, I'm *not* going to give you a functional virus. Either full source
    code or a binary. I will not teach you how to write a virus. You have a
    book on the subject, I'd suggest you read it.

    I'm a respected antimalware researcher and I'm not going to jeopardize
    that by providing you a functional virus or teaching you how to write
    one. I value the credit I've established and the respect which took me
    years to get! You aren't worth it.

    > So, let us dispense with the role playing b.s. games my friend. Once
    > and for all: post your code here, in this thread, walk us through it,
    > as to how you infect a Windows .exe file and fool the OS into loading
    > the virus/malware. Or forever hold your peace, and your piece.


    I will not provide you with a full functional virus, nor will I provide
    you specific details on how to write one. I've given you more than
    enough proof to establish who I am. Others have vouched for me.

    > Respect is earned. It's true I have flamed you mercilessly, but it's
    > also true you've not earned any respect from this board except talk
    > about this guy Dustin Cook from 1999. He or she may indeed be a
    > master virus writer but you have not shown you are. So put up or
    > shut up.


    I already put up.

    > I don't expect to hear from you again...


    I won't do your homework for you Ray. As a result of your lack of
    respect, I won't respond any further.

    I accepted and 0wned your challenge. That's good enough for me.

    --
    Things look bad from over here. Too much confusion and no solution.
    Everyone here knows your fear. Your out of touch and you try too much.
    Yesterdays glory will help us today. You wanna retire? Get outta the
    way. I ain't got much time. Young ones close behind. I can't wait in
    line.
     
    Dustin, Jul 27, 2012
    #12
  13. RayLopez99

    Dustin Guest

    RayLopez99 <> wrote in
    news::

    > On Thursday, July 26, 2012 6:58:37 PM UTC-4, FromTheRafters wrote:
    >
    >>
    >> I can tell you something about what is being done, but Dustin can
    >> tell you *how* it is being done. He *can* be very helpful, but you
    >> have not endeared yourself to him (to say the least). :blush:D

    >
    > Well except for some minor terminology differences and confusion, I
    > think we are roughly on the same page. As for Dustin, I doubt he
    > knows much more than you and I, seriously, I think he's a fake. If
    > he's real he'll step up to the plate and try and explain some of this
    > stuff and show his supposed mastery. I'm not holding my breath.


    I won't assist you or anyone else in writing a virus. It would be very
    irresponsible of me. I intentionally provided you non functional
    snippits of irok source code. You couldn't even follow those routines,
    to explain the actual infection routines would be a total waste of my
    time.

    I've even offered you my old duke nukem saved game editor source code,
    with comments. Hell, irok was commented as well. You don't even
    understand what gosub was doing.

    You keep calling me a fool and dumbass and generally acting a punk, but
    dude, seriously; I *know* this stuff, I wrote several. You haven't got
    shit on me. FTR knows computers well and so does Kurt. Neither of them
    are going to tell you they could outcode me.

    Malwarebytes didn't hire me for my charming personality traits Ray. I
    was hired because of my expertise on malware. Much of that expertise
    comes from having written viruses in the past.



    --
    Things look bad from over here. Too much confusion and no solution.
    Everyone here knows your fear. Your out of touch and you try too much.
    Yesterdays glory will help us today. You wanna retire? Get outta the
    way. I ain't got much time. Young ones close behind. I can't wait in
    line.
     
    Dustin, Jul 27, 2012
    #13
  14. RayLopez99

    Dustin Guest

    FromTheRafters <> wrote in
    news:jusi2v$fef$:

    > It looks like you have confused the loader that loads the OS with the
    > loaders that load programs once the OS is up and running. This first
    > loader has to set up the OS's structures and whatnot and then
    > schedule the initialization process as the idle process.


    Amazing he was calling himself a "coder" just a few days ago. Now, we
    see he doesn't even have the simplest of concepts down...

    > It's running before the OS has loaded, and as such cannot be DOS or
    > Windows. The BIOS finds the OS loader and tranfers control to it. The
    > OS loader then constructs additional file system support so that
    > other stored files can be accessed.


    I suspect you've lost him there, FTR.

    >> that continuously runs in the first 640k or so of RAM, and what
    >> it is, is a 'stack' run in an infinite loop (the infinite loop
    >> program always checking the top of the stack and popping or pushing
    >> instructions or data from the program it is running to serve up to
    >> the microprocessor)

    >
    > That sounds like you're describing the scheduler.


    It's garbage... his description is technological, crap. ****wittery at
    it's finest.

    > No, I meant 'executable image' - no *file* is involved here. The code
    > and the other resources in the executable file are translated into
    > machine code for the processor and the result is mapped into a
    > special memory location where execution can begin when sheduled.


    And changed when needed.. :)

    > Preexisting code can be relocated and jumped to later. Some viruses
    > even relocate that code to another file or alternate data stream as
    > encrypted data and decrypt and execute it later to "mimic" the
    > original program's function.


    Irok relocated the code and encrypted it; keyed to file/date time
    stamps, so if you got nosy with a hex editor and saved changes, YOU
    murdered the executable, but not Irok. [g] One of several little booby
    traps I was known for including...

    FTR, Did you know that some irok descriptions online specify what kind
    of file infector it is? The very word you'd think, would explain how it
    works.. But, it seems our dear Ray is so lost... there's really no hope
    of explaining this.

    He really doesn't get it.


    >> AGAIN, NOT CLEAR HOW. I GUESS THE TROJAN CAN SEARCH FOR .COM OR
    >> .EXE FILES IN THE HARD DRIVE AND DO WHAT, LOAD THEM INTO RAM, THEN
    >> MANIPULATE THEM, THE WRITE THEM BACK TO THE HARD DRIVE?--rl
    >>

    > Yep, just as the user is able to modify programs, so is malware that
    > the user executes.


    Yep.. With the same rights even, in some cases, the virus/malware will
    attempt to gain additional rights depending on the circumstances.


    > I can tell you something about what is being done, but Dustin can
    > tell you *how* it is being done. He *can* be very helpful, but you
    > have not endeared yourself to him (to say the least). :blush:D


    As long as he wants to talk down to me and play childish games and
    generally just be a twit, I won't help him with any of the concepts. I
    can't provide specifics anyway; I'm a professional malware researcher..
    the other researchers I know and that know of me would have a serious
    issue with me if I told him how to make one.

    That seems to be what he's wanting to do. As he's money motivated, he's
    probably already got a buyer. I'll be damned if I help in that aspect.

    claims to be some sort of c coder, but can't follow simple ASIC code?
    Who's he trying to bullshit?

    Seems to be humouring you as well. You've already vouched for me, he's
    entirely dismissed it and asked you further questions.

    Honestly, I think he's trying to write something he can sell knowing it
    wouldn't be known by any av/am scanners. He strikes me as that sort of
    weaseling ****head.

    --
    Things look bad from over here. Too much confusion and no solution.
    Everyone here knows your fear. Your out of touch and you try too much.
    Yesterdays glory will help us today. You wanna retire? Get outta the
    way. I ain't got much time. Young ones close behind. I can't wait in
    line.
     
    Dustin, Jul 27, 2012
    #14
  15. RayLopez99

    Hot-Text Guest

    "FromTheRafters" <> wrote in message news:juqa83$19j$...
    >
    > "RayLopez99" <> wrote in message
    > news:...
    > From another thread. I create a new thread since it's hard to read the old
    > one.
    >
    > How do you create a virus to effect or infect a .exe file, and have the .exe
    > file get loaded without compromising the original .exe file (killing the
    > file) and have your malware /virus infect the PC?
    >
    > ***
    > Damn, that question is a real mess.
    > ***
    >
    > I can see how you can disguise a virus to look like a legitimate .exe file
    > and get loaded,
    >
    > ***
    > It sounds like your thinking *trojan* while saying *virus*. I know you don't
    > *like* that there is a difference - but there is.
    > ***
    >
    > but how to do this in a 'stealthy' manner without the entire PC being
    > instantly infected? (that is, without the PC being suddenly hijacked by the
    > virus)?
    >
    > ***
    > Another mess of a question.
    > A virus can search for and infect as many or as few programs as its creator
    > wanted it to. Slow or fast infectors, some are designed to infect only one
    > specific program - notice I say 'program' and not 'file' because viruses
    > infect programs not just programs in files. A virus is just a program (or
    > program fragment) it's not magic.
    > ***
    >
    > It must have something to do with the way Windows loads .exe files.
    >
    > ***
    > That and how some programs are stored as files
    > ***
    >


    Executable file extensions
    Following is a partial list of file types
    that should be considered suspicious
    when received in email
    and should not be opened
    unless you requested or expected the attachment:

    ADE - Microsoft Access Project Extension
    ADP - Microsoft Access Project
    BAS - Visual Basic Class Module
    BAT - Batch File
    CHM - Compiled HTML Help File
    CMD - Windows NT Command Script
    COM - MS-DOS Application
    CPL - Control Panel Extension
    CRT - Security Certificate
    DLL - Dynamic Link Library
    DO* - Word Documents and Templates
    EXE - Application
    HLP - Windows Help File
    HTA - HTML Applications
    INF - Setup Information File
    INS - Internet Communication Settings
    ISP - Internet Communication Settings
    JS - JScript File
    JSE - JScript Encoded Script File
    LNK - Shortcut
    MDB - Microsoft Access Application
    MDE - Microsoft Access MDE Database
    MSC - Microsoft Common Console Document
    MSI - Windows Installer Package
    MSP - Windows Installer Patch
    MST - Visual Test Source File
    OCX - ActiveX Objects
    PCD - Photo CD Image
    PIF - Shortcut to MS-DOS Program
    POT - PowerPoint Templates
    PPT - PowerPoint Files
    REG - Registration Entries
    SCR - Screen Saver
    SCT - Windows Script Component
    SHB - Document Shortcut File
    SHS - Shell Scrap Object
    SYS - System Config/Driver
    URL - Internet Shortcut (Uniform Resource Locator)
    VB - VBScript File
    VBE - VBScript Encoded Script File
    VBS - VBScript Script File
    WSC - Windows Script Component
    WSF - Windows Script File
    WSH - Windows Scripting Host Settings File
    XL* - Excel Files and Templates
     
    Hot-Text, Jul 27, 2012
    #15
  16. RayLopez99

    Hot-Text Guest

    "RayLopez99" <> wrote in message news:...
    > "Dustin" you sound weak. I smell your weakness. If you were game you would not give such a lame answer.
    >
    > So, let us dispense with the role playing b.s. games my friend. Once and for all: post your code here, in this thread, walk us
    > through it, as to how you infect a Windows .exe file and fool the OS into loading the virus/malware. Or forever hold your peace,
    > and your piece.
    >
    > Respect is earned. It's true I have flamed you mercilessly, but it's also true you've not earned any respect from this board
    > except talk about this guy Dustin Cook from 1999. He or she may indeed be a master virus writer but you have not shown you are.
    > So put up or shut up.
    >
    > I don't expect to hear from you again...
    >



    Ray Lopez you go first..
    Post a your code here..
    and Dustin may walk us through it,
    as to how you infect a Windows .exe file
     
    Hot-Text, Jul 27, 2012
    #16
  17. RayLopez99

    Hot-Text Guest

    Ray Lopez why do you want to create a virus
    to effect or infect a .exe file of Poor..
    For only the Poor will be hijack by the virus,
    I see you care not for the poor at all..

    *.CMD is a legitimate way to infected a Windows PC,
    not *.EXE.....
     
    Hot-Text, Jul 27, 2012
    #17
  18. "Hot-Text" <> wrote in message
    news:jutlvl$khr$...
    >
    > "FromTheRafters" <> wrote in message
    > news:juqa83$19j$...
    >>
    >> "RayLopez99" <> wrote in message
    >> news:...
    >> From another thread. I create a new thread since it's hard to read the
    >> old one.
    >>
    >> How do you create a virus to effect or infect a .exe file, and have the
    >> .exe file get loaded without compromising the original .exe file (killing
    >> the file) and have your malware /virus infect the PC?
    >>
    >> ***
    >> Damn, that question is a real mess.
    >> ***
    >>
    >> I can see how you can disguise a virus to look like a legitimate .exe
    >> file and get loaded,
    >>
    >> ***
    >> It sounds like you're thinking *trojan* while saying *virus*. I know you
    >> don't *like* that there is a difference - but there is.
    >> ***
    >>
    >> but how to do this in a 'stealthy' manner without the entire PC being
    >> instantly infected? (that is, without the PC being suddenly hijacked by
    >> the virus)?
    >>
    >> ***
    >> Another mess of a question.
    >> A virus can search for and infect as many or as few programs as its
    >> creator wanted it to. Slow or fast infectors, some are designed to infect
    >> only one specific program - notice I say 'program' and not 'file' because
    >> viruses infect programs not just programs in files. A virus is just a
    >> program (or program fragment) it's not magic.
    >> ***
    >>
    >> It must have something to do with the way Windows loads .exe files.
    >>
    >> ***
    >> That and how some programs are stored as files
    >> ***
    >>

    >
    > Executable file extensions Following is a partial list of file types that
    > should be considered suspicious when received in email and should not be
    > opened unless you requested or expected the attachment:
    > ADE - Microsoft Access Project Extension ADP - Microsoft Access Project
    > BAS - Visual Basic Class Module BAT - Batch File CHM - Compiled HTML Help
    > File CMD - Windows NT Command Script COM - MS-DOS Application CPL -
    > Control Panel Extension CRT - Security Certificate DLL - Dynamic Link
    > Library DO* - Word Documents and Templates EXE - Application HLP - Windows
    > Help File HTA - HTML Applications INF - Setup Information File INS -
    > Internet Communication Settings ISP - Internet Communication Settings JS -
    > JScript File JSE - JScript Encoded Script File LNK - Shortcut MDB -
    > Microsoft Access Application MDE - Microsoft Access MDE Database MSC -
    > Microsoft Common Console Document MSI - Windows Installer Package MSP -
    > Windows Installer Patch MST - Visual Test Source File OCX - ActiveX
    > Objects PCD - Photo CD Image PIF - Shortcut to MS-DOS Program POT -
    > PowerPoint Templates PPT - PowerPoint Files REG - Registration Entries
    > SCR - Screen Saver SCT - Windows Script Component SHB - Document Shortcut
    > File SHS - Shell Scrap Object SYS - System Config/Driver URL - Internet
    > Shortcut (Uniform Resource Locator) VB - VBScript File VBE - VBScript
    > Encoded Script File VBS - VBScript Script File WSC - Windows Script
    > Component WSF - Windows Script File WSH - Windows Scripting Host Settings
    > File XL* - Excel Files and Templates


    What if it doesn't have an extension?
     
    FromTheRafters, Jul 27, 2012
    #18
  19. "Hot-Text" <> wrote in message
    news:jutmde$l0g$...
    >
    > "RayLopez99" <> wrote in message
    > news:...
    >> "Dustin" you sound weak. I smell your weakness. If you were game you
    >> would not give such a lame answer.
    >>
    >> So, let us dispense with the role playing b.s. games my friend. Once and
    >> for all: post your code here, in this thread, walk us through it, as to
    >> how you infect a Windows .exe file and fool the OS into loading the
    >> virus/malware. Or forever hold your peace, and your piece.
    >>
    >> Respect is earned. It's true I have flamed you mercilessly, but it's
    >> also true you've not earned any respect from this board except talk about
    >> this guy Dustin Cook from 1999. He or she may indeed be a master virus
    >> writer but you have not shown you are. So put up or shut up.
    >>
    >> I don't expect to hear from you again...
    >>

    >
    >
    > Ray Lopez you go first..
    > Post a your code here..
    > and Dustin may walk us through it,
    > as to how you infect a Windows .exe file


    I really doubt that HT. Ray is going to have to do some 'self-study' to even
    get to the point where any of it makes sense to him. Dustin won't be wasting
    his time going over the basic background material needed. I'm reasonably
    sure Ray isn't really grasping any of this yet.
     
    FromTheRafters, Jul 27, 2012
    #19
  20. RayLopez99

    G. Morgan Guest

    FromTheRafters wrote:

    >What if it doesn't have an extension?


    Rename it .exe and run it anyway!
     
    G. Morgan, Jul 27, 2012
    #20
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Peter

    MS Malware Program

    Peter, Jan 26, 2005, in forum: Anti-Virus
    Replies:
    2
    Views:
    160
    Dave Budd
    Jan 27, 2005
  2. FERRANTE

    Best program for removing malware?

    FERRANTE, Jun 6, 2006, in forum: Anti-Virus
    Replies:
    1
    Views:
    217
    Beauregard T. Shagnasty
    Jun 6, 2006
  3. Replies:
    3
    Views:
    686
    jonfaquit
    Jul 21, 2006
  4. Anthony Ferrante

    Any program seach just for malware?

    Anthony Ferrante, Jan 29, 2008, in forum: Anti-Virus
    Replies:
    1
    Views:
    181
    Ernie B.
    Jan 29, 2008
  5. RayLopez99
    Replies:
    9
    Views:
    627
    James E. Morrow
    Apr 19, 2012
Loading...

Share This Page