Maximize
Bookmark

VX Heaven

Library Collection Sources Engines Constructors Simulators Utilities Links Forum

Source code of computer viruses

.aiD - Virus for Windows by mort

Virus for Windows

mort
Show all viruses by this author

2000-00-00

Comments
Download aid.zip (18426 bytes) or browse online

Released in Matrix#2

Author's notes

Description

EPO
replacing first 5 bytes with jump to virii
IPC
mutex, mailslot, event, file-mapping

Behaviour

When running first time virus install its server to three directories: current, windows, system and add entries to registry which run it after each reboot.

When server is running it creates three threads. First creates a mailslot and wait until some client is executed. Second wait for event setting from first thread to scan all HDDs for files to infect. Third wait some time and them run a payload.

When an infected file is executed after reboot (= client), it creates one thread, restores and get back to host. Thread maps shared file needed for infection, coz client carry packed server and itself:). Client search for files in current direcotry and send them to server via mailslot. This first client execution will make run the second thread of server. Final infection is done by server.


By accessing, viewing, downloading or otherwise using this content you agree to be bound by the Terms of Use! vxer.org aka vx.netlux.org