2 replies to this topic

[AdvMutant]

Hey all.
I'm trying to design a virus for Windows XP, and I already have a general idea. It's supposed to run from a SanDisk Cruzer because it can emulate a CD drive, so Windows won't ask me if I want to run autorun.exe - it'll start without asking questions. So it will -

a) Run itself silently.
b) Check if it's already installed - if it is, go to step g. Else, continue.
c) Copy the files[TightVNC] somewhere.
d) Silently start TightVNC.
e) Configure TightVNC - set it to start as a system service, with a hidden window.
f) E-mail the user's IP to a specified adress.
g) Run the original autorun.exe.

Well, I do know that you can hide TightVNC's icon, but can you do it immediately after the service is installed? Else, can you use a third-party program that will take an exe file as an argument and start it without showing it's window?

The virus is done just as a hobby, I'm a beginner white-hat hacker. I want to have it mainly to play a prank on a friend. I know I can do it manually, but it's not as fun as automating the process. Remember that the target OS is Windows XP only, for now.

Thanks, Mike.

[Alexander]

What you would be looking for is called an unattended install, in this case TightVNC appears to allow a "/verysilent" switch during install, along with pre-entering a password for the VNC control by adding a registry key manually (which can be done with the wrapper you create to install tightVNC, a batch file is possible to do this):
TightVNC Documentation, Win32 Version

As for emailing their IP, I will let you be creative. Imagine the wrapper runs a bat file on autorun, you can open up an internet explorer process, and point it to some-free-host.com/you/?ip=ww.xx.yy.zz and have PHP email you the resulting IP. I am unsure what you would do to hide the icon in the taskbar, but I am 100% sure there is a method.

[AdvMutant]

I thought more about emailing the content of cmyip.com to myself using a separate executable, basically a light configurable CLI utility for sending e-mails but your idea is kinda better. I'll check it out.

As about the installation, I don't wanna use the original installer because it installs TightVNC in it's default directory. People might notice it. I planned manually creating a script to copy the needed files to somewhere in the windows folder - tvnserver.exe and screenhooks.dll. Even if the copying files dialog box will appear, it'll be fast. My biggest problem right now is hiding TightVNC. There are three things that I need to set - a custom password(which you said can be done), disable hiding the desktop wallpaper and disable showing the taskbar icon. TightVNC can be easily configured for those, but it can only be done manually.