Thorin - Virus for Windows by Billy Belcebu

Virus for Windows

Billy Belcebu
Author's notes

Why 'Thorin'?

Heh, are you an incult guy? Heh, have you ever read the wonderful book of the wonderful author J. R. R. Tolkien, called "The Hobbit"? Ok, if you did it, you can realize that the most important dwarf is called in this way :) He died with honour, and he couldn't taste the victory and be the king, anyway thanks to him, the Middle-Earth was a much better world for years. Ain't it charming? ;)


Ok, here i will list all that this babe is able to do...


Yes, this virus has multiple payloads (hi DuST!). Let's see a little overview of them (executed every 26 of October).

  1. The biggest one, based in a trick that i learnt from mandragore's viruses, dropping a file as C:\WIN.COM, that gets executed by the system before of the file that should be, that is C:\WINDOWS\WIN.COM, thus bringing us the possibility of own the computer before windows :) Well, it consists in a very little, simple and easy quiz that all ppl who had read "The Hobbit" once in his life would be able to pass without problems, and consists of 3 questions.
  2. Sets the HD's name as 'THORIN'.
  3. Due an idea that my friend Qozah gave me, it swaps the mouse buttons, thus making the user be stoned... All you clicked with the left button, now you'll have to click with the right one, and vice-versa.
  4. The typical MessageBox with a silly message.
  5. Launches user to Microsoft page, thus annoying him and make his little and ignorant mind to think that the awaited Micro$oft offensive over the earth has began. Well, ain't this one charming? ;)


This virus is able to spread itself using the most used IRC programs over the world: mIRC, PIRCH and ViRC. Every infected system will have a little infected file in C:\PR0N.EXE. This file is sent to everyone that joins the channel where the user is chatting by DCC. Very simple and effective.


This is, nowadays, my best virus so far, over Iced Earth, Garaipena, and Nitro, all of them for Windoze. I needed to do at least a good virus, for feed my own ego (why lie?), and i think this is what really happened. But i won't stop there, there are many things yet to explore (and exploit) in 32 bit enviroments, there are many problems unsolved, and i will try to contribute with my humble code for all those purposes. Btw, i used, in my other viruses, to try to optimize , but in this virus i didn't. I mean, you won't see here OBVIOUS lacks of optimization, like CMP reg,-1 but i will use many times the same code in different procedures many strings, two droppers (one for IRC distribution, and other for one payload). This virus is big in its size, well not as Win32.Harrier, Win32.Libertine, WinNT.Remex, etc., but it's a 'big' one, and i hope this will mean a 'good' one. Fuck, i've coded also a lot of payloads, none of them is destructive, but all are VERY annoying... The description is above, if you don't believe me.

Well, now i'm gonna excuse myself, because while making this virus (based initially on my Win95.Iced Earth) i have noticed the great quantity of bugs that my Iced Earth virus had (believe me, more than 10 incredible bugs!), and i'm still wondering why all those escaped from my beta testing. Moreover, all those bugs only reflect my incompetence. With this virus i have made very serious tests, mainly because some delicated parts of the virus needed it to work perfecly (i.e. per-process residence). Maybe there will be also bugs, but now at least i know there are less :)

My next steps will be the research in the fields of MMX polymorphism, some metamorphism, and i hope that my next virus will use EPO techniques, because i haven't experimented yet with such a kewl thing.


Benny doesn't like that i use to talk about politics, but i have put it there just for explain some things that could guide you to misunderstand my way of act. Everybody knows that i tend to Marxism, right? Well, but i'm not saying with this that i support Fidel Castro, Mao, and such like pseudo-communists (that tend to totalitarism). I think that everybody must have the same oportunities, and without any kind of discrimination. But as i am not a guy with an only idea, i support also (if there isn't any other choice) the democracy, but i prefer it to be a democracy as participation and not as a procediment. Whom has studied some philosophy will know of what i am talking about: avoid the fierce and discriminatory capitalism. As i am tolerant, you can be againist my ideas, and i will accept it. So Benny, i'm not a totalitarian asshole, just the opposite, i'm just a young idealist :) Be free, enjoy life...

Final note

Although it screwed me a lot, i haven't put data in the heap as i used to do because this virus is too big and the data used temporally is also too big, and it generated some protection faults... SHIT!!!!

