How does a malware effect a program and get loaded by Windows?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
From another thread.  I create a new thread since it's hard to read the old=
 one.  

How do you create a virus to effect or infect a .exe file, and have the .ex=
e file get loaded without compromising the original .exe file (killing the =
file) and have your malware /virus infect the PC?

I can see how you can disguise a virus to look like a legitimate .exe file =
and get loaded, but how to do this in a 'stealthy' manner without the entir=
e PC being instantly infected?  (that is, without the PC being suddenly hij=
acked by the virus)?

It must have something to do with the way Windows loads .exe files.  Maybe =
there's some batch file routine that Windows uses, and you can intercept or=
 modify this routine.  "Hooks"?  Rings a bell but I don't code at the machi=
ne level.

Dustin?  Here is a chance to "give back" to the community, which will come =
in handy when you get caught, in the sentencing phase.  It's good PR to pre=
tend to be a white hat.  Thus your 'work' at Malwarebytes (if it was that, =
and not really an attempt to be a spy and sabotage that company) is a good =
mitigating factor for your sentencing phase.

RL

Re: How does a malware effect a program and get loaded by Windows?

RayLopez99 wrote:

Quoted text here. Click to load it

Get a newsreader and a Usenet account.

--
   -bts
   -This space for rent, but the price is high

Re: How does a malware effect a program and get loaded by Windows?


From another thread.  I create a new thread since it's hard to read the old
one.

How do you create a virus to effect or infect a .exe file, and have the .exe
file get loaded without compromising the original .exe file (killing the
file) and have your malware /virus infect the PC?

***
Damn, that question is a real mess.
***

I can see how you can disguise a virus to look like a legitimate .exe file
and get loaded,

***
It sounds like your thinking *trojan* while saying *virus*. I know you don't
*like* that there is a difference - but there is.
***

but how to do this in a 'stealthy' manner without the entire PC being
instantly infected?  (that is, without the PC being suddenly hijacked by the
virus)?

***
Another mess of a question.
A virus can search for and infect as many or as few programs as its creator
wanted it to. Slow or fast infectors, some are designed to infect only one
specific program - notice I say 'program' and not 'file' because viruses
infect programs not just programs in files. A virus is just a program (or
program fragment) it's not magic.
***

It must have something to do with the way Windows loads .exe files.

***
That and how some programs are stored as files
***

 [...]



Re: How does a malware effect a program and get loaded by Windows?

On Wednesday, July 25, 2012 10:32:32 PM UTC-4, FromTheRafters wrote:
=20
Quoted text here. Click to load it
=20
Thanks Rafters.  I would have liked Dustin to have answered but, as usual, =
he evaded the issue.  He did cut and paste some code from who knows where, =
claiming he authored it, for one of his malwares from way back when, but th=
ere's not telling what was his contribution if any.  I myself actually have=
 a book on how to write viruses, complete with source, but I've not had tim=
e to go through it.  Dustbin is evasive as to the 'how'.  As an aside, it's=
 also curious that he keeps mentioning his illegal activity--and everytime =
he does that, he continues to run the clock and prevent the statute of limi=
tations from expiring on his computer virus crimes--assuming the poster her=
e is in fact "Dustin" to begin with.  It's amusing how he continuously digs=
 his own grave.

Dustin, aka Slam, Raid or whatever, tell us noobs for the last time please:=
  walk us through a virus, how it 'slowly' can infect a file and get loaded=
 into Windows?  If you know how that is...

RL

Re: How does a malware effect a program and get loaded by Windows?


Quoted text here. Click to load it

I said something about respect Ray. I accepted your challenge. I posted
snippits to irok v1.1c. My last released virus. As you still can't
properly address me by name, I will not pursue this with you any
further.

I know who I am, most here do as well, the fact you choose to ignore it,
is funny as hell to me.

Have a good day, and read that virus book. You shouldn't be asking these
basic questions. That book should have them covered.


--
Things look bad from over here. Too much confusion and no solution.
Everyone here knows your fear. Your out of touch and you try too much.
Yesterdays glory will help us today. You wanna retire? Get outta the
way. I ain't got much time. Young ones close behind. I can't wait in
line.


Re: How does a malware effect a program and get loaded by Windows?


Quoted text here. Click to load it

We're done then.


--
Things look bad from over here. Too much confusion and no solution.
Everyone here knows your fear. Your out of touch and you try too much.
Yesterdays glory will help us today. You wanna retire? Get outta the
way. I ain't got much time. Young ones close behind. I can't wait in
line.


Re: How does a malware effect a program and get loaded by Windows?

On Friday, July 27, 2012 4:45:07 PM UTC-4, Dustin wrote:
=20
Quoted text here. Click to load it

We may be done--you lost the challenge--but don't think for a moment you're=
 out of the cross hairs of the law.  The wheels of government grind slowly =
but they grind exceedingly fine.  These organizations are looking for peopl=
e like you to justify their tight budgets in these hard times.  You are fod=
der for them to show their worth by taking you down.  And you reopened the =
statute of limitations several times in this thread alone, not to mention y=
our past boasts.  Clearly you are a kiddie scripter with sycophant friends =
in this forum, but in the real world you are nothing, except food for compu=
ter crime law enforcement professionals, and they will eat you alive.

Pleasant dreams and keep that music pirating going...I'm sure that is more =
grist for their mill, in the civil lawsuits that will take away all the mea=
ger worldly possessions you have.  Your 'good deeds' from working at Malwar=
ebytes will get maybe a few months off your sentence in the sentencing phas=
e of your trial.

Goodbye Dustbin.  But I'll be watching you from time to time, just to add t=
o my file.  

RL

Re: How does a malware effect a program and get loaded by Windows?


Quoted text here. Click to load it

Well, I've lost no challenge as I did present functional code snippits.
You demanded I share the more important ones with full commentation. Why
does it need full commentation I wonder? That's because YOU can't really
program. :)

I've provided more of the subroutines and various functions, I've even
included the worm drop section. Now, describe what each function is
doing, if you can.
 
Quoted text here. Click to load it

LOL. Ray, it's 2012; and you still can't code a functional virus. I did,
over 15 years ago. [g]


--
Things look bad from over here. Too much confusion and no solution.
Everyone here knows your fear. Your out of touch and you try too much.
Yesterdays glory will help us today. You wanna retire? Get outta the
way. I ain't got much time. Young ones close behind. I can't wait in
line.


Re: How does a malware effect a program and get loaded by Windows?


Quoted text here. Click to load it

Dustin is not always well. Catch him at a good moment and he's good. Catch
him at a bad moment and he says the strangest things. I think he's a good
guy though.

Jax
--
Bear Bottoms
http://bearware.info

Re: How does a malware effect a program and get loaded by Windows?


Quoted text here. Click to load it

I know about the mis identified descriptions. That's not all of them. Some
claim the payload causes HD failure, but it doesn't.

Irok isn't a trojan. It is a worm and a virus tho.
 


--
Things look bad from over here. Too much confusion and no solution.
Everyone here knows your fear. Your out of touch and you try too much.
Yesterdays glory will help us today. You wanna retire? Get outta the way.
I ain't got much time. Young ones close behind. I can't wait in line.


Re: How does a malware effect a program and get loaded by Windows?

Quoted text here. Click to load it

The Anti-Virus People said it is,
are you calling Symantec a Liar..
< http://dictionary.reference.com/browse/Liar
 

Re: How does a malware effect a program and get loaded by Windows?


Quoted text here. Click to load it

I am.

Symantec isn't all antivirus people. There is no irok trojan. That's a
misID on syamntecs end.

Irok is a worm and virus. There is no such thing as a trojan virus.
Period.


--
Things look bad from over here. Too much confusion and no solution.
Everyone here knows your fear. Your out of touch and you try too much.
Yesterdays glory will help us today. You wanna retire? Get outta the
way. I ain't got much time. Young ones close behind. I can't wait in
line.


Re: How does a malware effect a program and get loaded by Windows?

Quoted text here. Click to load it

So you said there no such thing as a Trojan,
and that we need to Believe you,
above all The Antivirus People,
As if you was the one only Antivirus King...

As this Trojan passes it's way from News Server to News Server,
it Subject will become a worm unto you,
And a Virus from News Groups to News Groups...
  

Re: How does a malware effect a program and get loaded by Windows?

On Sun, 5 Aug 2012 13:55:13 -0500, "Hot-Text"

Quoted text here. Click to load it

...and right on cue, there's some of that delicious Haiku-like stuff
of which I spoke. :-)


Re: How does a malware effect a program and get loaded by Windows?

Char Jackson used his keyboard to write :
Quoted text here. Click to load it

It takes some getting used to, but there is communication in there
somewhere. Unfortunately, the information being expounded is often
wrong.



Re: How does a malware effect a program and get loaded by Windows?

On Mon, 06 Aug 2012 15:40:47 -0400, "FromTheRafters"
email.me>...
Quoted text here. Click to load it

And considering the communication is intentionally obfuscated
(recalling a post where that was admitted), I see no reason to even
attempt to extract what information is actually there.

--
Zaphod

Vell, Zaphod's just zis guy, ya know? - Gag Halfrunt

Re: How does a malware effect a program and get loaded by Windows?

Quoted text here. Click to load it

Char it's good to see your can read;
but to some of us,
we take care of are computers,
in a verger religious way...

Re: How does a malware effect a program and get loaded by Windows?

Quoted text here. Click to load it

Char it's good to see your can read;
but to some of us,
we take care of are computers,
in a verger religious way...

Re: How does a malware effect a program and get loaded by Windows?


Quoted text here. Click to load it

Executable file extensions
Following is a partial list of file types
that should be considered suspicious
when received in email
and should not be opened
unless you requested or expected the attachment:

ADE - Microsoft Access Project Extension
ADP - Microsoft Access Project
BAS - Visual Basic Class Module
BAT - Batch File
CHM - Compiled HTML Help File
CMD - Windows NT Command Script
COM - MS-DOS Application
CPL - Control Panel Extension
CRT - Security Certificate
DLL - Dynamic Link Library
DO* - Word Documents and Templates
EXE - Application
HLP - Windows Help File
HTA - HTML Applications
INF - Setup Information File
INS - Internet Communication Settings
ISP - Internet Communication Settings
JS - JScript File
JSE - JScript Encoded Script File
LNK - Shortcut
MDB - Microsoft Access Application
MDE - Microsoft Access MDE Database
MSC - Microsoft Common Console Document
MSI - Windows Installer Package
MSP - Windows Installer Patch
MST - Visual Test Source File
OCX - ActiveX Objects
PCD - Photo CD Image
PIF - Shortcut to MS-DOS Program
POT - PowerPoint Templates
PPT - PowerPoint Files
REG - Registration Entries
SCR - Screen Saver
SCT - Windows Script Component
SHB - Document Shortcut File
SHS - Shell Scrap Object
SYS - System Config/Driver
URL - Internet Shortcut (Uniform Resource Locator)
VB - VBScript File
VBE - VBScript Encoded Script File
VBS - VBScript Script File
WSC - Windows Script Component
WSF - Windows Script File
WSH - Windows Scripting Host Settings File
XL* - Excel Files and Templates  

Re: How does a malware effect a program and get loaded by Windows?

Quoted text here. Click to load it

What if it doesn't have an extension?



Site Timeline