Source code of computer viruses

Ketamine - Virus for Windows by Benny

Virus for Windows

Download (4261 bytes) or browse online

Author's notes

This is my next (very small) virus, specialised on Win2k machinez. It should be also able to run under WinNT machinez, but I'm not sure, becoz I didn't test it. The virus does not use any APIz, instead of that, its uses NT syscallz. The virus does not do anything special apart of that, it can only infect all EXE filez in current folder and does not manifest itself in any way. Infected filez have the same size, becoz virus overwritez the relocation section. The virus should be compatible with newer versionz of Windows OS'ez based on NT system. The only point of incompatibility is, becoz I decided to not use ANY API, the code where the virus expect the fixed address of NTDLL.dll modul loaded in process virtual memory. Virus searchez inside the NTDLL.dll for syscall numberz and so it SHOULD be forward compatible. At least a bit...;-)

Here I have to thank Ratter, he inspired me a lot with his Win2k.Joss. The functionality of Win2k.Ketamine and Win2k.Joss is almost the same, I only recoded some of his code on my own and added a few new ideaz, which should make Ketamine more compatible with Windows, rather than Joss. I have to say, that he inspired me a lot, but the code is not ripped. I also disassembled NTDLL.dll and NTOSKRNL.EXE and found the same resultz as him, surprisely ;-D But ofcoz, I decided to not discover the America again and so I used some of his code in my virus.

The virus was coded only to show that something is possible, not to make high-spreading virus.

