How to make virus.

Still remember with Aksika virus? Viral "open source" that one does have a lot of variants. Not surprisingly because the source code is really laid it free on the Internet, so anyone can easily modify and compile the source code and there was a new variant. Starting from the convenience of this, many virus maker or a beginner programmers try to make a virus without the need to bother. Most of all it takes is knowledge about operating systems and programming. But convenience is not the worst, when compared to using the program Virus Generator. From the name alone, we've been able to think the usefulness of the program. Yes, Virus Generator is a program to be able to make the virus easily and instantly. Starting from a sample of a virus transmitted by the reader quite a lot to us. PC Media Antivirus Gen.FFE-known by the name of Dawn, but other antivirus software there is also a call by the name Brontok.D. With a simple investigation ultimately found that the virus is made using a Virus Generator. Fast Firus Engine (FFE) Generator makers are calling it with a homemade program Firus Fast Engines. As seen on the program or website creators, he told me that the program is only for learning purposes and not for destructive actions. Still, if this program had fallen into the wrong hands, would be used for destruction. Virus Generator was created using Visual Basic and compressed using a packer-tELock. In the package there are two files, namely Fast Firus Engine.exe and data.ex_. Fast Firus Engine.exe is the main program in the making of the virus and temporary files data.ex_ actually the original virus body is not yet dimodifi tion. When files Fast Firus Engine.exe run, then users will be faced with an interface. You just told to fill in the name of the virus, a maker, and his message. Then by pressing the Generate button, then you become a virus. Workings of the generator is actually very simple. He simply add data you inserted to the end of the original virus file (data.ex_). Later this information is used by the virus infection process. How virus infect? Virus creation FFE does look simple. Just as the generator, he also created using Visual Basic that are compiled with Native-Code method. Then the compressed using tELock order size smaller. This virus has the original size of 55 296 bytes. When the virus first executed, it will create several files in several locations parent. Like in the directory \% WINDOWS% \, will have a file with nama.exe, Win32 exe, activex.exe, and% virusname% (the name of the virus according to which were filled out by the manufacturer on the Generator). In \% WINDOWS% \% system32% \ will have files copy.pif, _default.pif, and surif.bin. In addition, he also modify or create files Oeminfo.ini which is part of the System Properties. So if your computer is infected by the virus results generated from FFE, it will have on the System Properties it says "Generated by Fast Firus Engine". In the directory \% WINDOWS% \% System% \ will have several more parent file that uses the same name as the file system of Windows, such as csrss.exe, winlogon.exe, lsass.exe, smss.exe, svchost. exe, and winlogon.exe. And do not forget, for the root drive will have a file named "read euy.txt" which contain messages from the virus creator. So when creating the viruses by using the generator, then the manufacturer will be presented with several input boxes, such as the Author of the virus, Name of the virus, and Messages. Now, the contents of this message box that will appear in the file "read euy.txt" it. After the virus managed to copy a file to their parent in the system, it will execute the parent before, so that in memory there will be some process of viruses, such as csrss.exe, winlogon.exe, lsass. exe, smss.exe, svchost.exe, and winlogon.exe. Process name similar to the process / services are owned by Windows users may deliberately to deceive. To distinguish, you can see a path or location of the executed process. Process virus usually runs in the System directory as a process / services are running Windows property usually comes from the System32 directory. Change Registry The virus is added some startup items in the registry so when he can start running Windows automatically or to change the settings of Windows to suit his desire. Information about the registry that transformed not be able to easily look for in an encrypted state. What he is such change Userinit value of the item by adding a parameter to the parent file. At key HKEY_CURRENT_ USER \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Windows \ Load also be modified to point to an item with the name of the parent file Activex.exe. On to HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Run \ will have a new item with a present. Key HKEY_ LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \ will have new items as well with the default name and% username%, username here is the current user's name at that time. Virus generated from the FFE results also change the extension to the shell. Exe file, ie by changing the type of information from the Application to File Folder. Setting the Options folder is also modified so as not to show the extension and each fi le with hidden attributes. And that can be active in safe-mode, he also changed the value of the item SafeBoot. With the help of registry Image File Execution Options, this virus also adds a new item on the section with the name of cmd.exe, msconfi g.exe, regedit.exe and taskmgr.exe. The point is that every user accessing the program with a file name like that, it will be bypassed by Windows and transferred to the parent files for viruses. How Viruses Spread? This virus can spread through the data storage media such as flash disks. When you plug the flash disk on the infected computer, then on the flash disk will have several new files, like explorer.exe,% virusname%. Exe, and msvbvm60.dll. Also some support files such as desktop.ini, autorun.inf so that he can be running automatically when accessing the flash disk. Other virus files were stored in a new directory in the flash disk with a file containing the names Recycled Firus.pif and folder.htt. All virus files hidden in a condition so as not to be seen. Virus Action To be able to survive, the virus will try to block any unwanted programs such as antivirus programs or tools included PCMAV. Just as the registry data that is changed, the data about what programs are blocked by it also occurs in the body in an encrypted state. So, when the virus was stay in memory, he will monitor every program that is accessed by the user, ie by reading the file name and window caption. Some antivirus file name that will try to dibloknya is nav.exe, avgcc.exe, njeeves.exe, ccapps.exe, ccapp.exe, kav.exe, nvcoas.exe, avp32.exe, and much more. Including some of the setup program or installer also can not run on the infected computer. Prevention and Management PC Media Antivirus RC19 can clean the infected computer completely and accurately 100% of each virus produced using Fast Firus Generator. To avoid action against PCMAV block the virus, please rename the file first instance PCMAV PCMAV-CLN.EXE become MERDEKA.EXE.note: I will not be responsible for whatever happens