Infection INF file part II ~~~~~~~~~~~~~~~~~~~~~~~~~~ This continuation of articles published in MATRiX E-ZiNE #1. After release of a ezine to me very many letters(mail) in which have come were source INF of viruses of ideas on infection etc.. I have decided to continue this theme to tell on more detailed the theory of infection... % Introduction % **************** Many likely know that such INF files if is not present, look e-zine MATRiX#1 or open the catalogue windows\inf, you will see many these filez. I can shortly tell that it script files which are very necessary to system windoze. In May of this year I have decided (solved) again to engage INF in files and to write parasite inf infector and in some hours I has understood as it to write. Infection INF easily to write for this purpose it is necessary to use Debug Script. Method of infection which I shall describe in this articles approaches both for DOS and for Windows of viruses it(he) is universal... % Infection % ************* þ For Dos of viruses we will need to search for section [DefaultInstall] if her(it) is not present that to create and to write down there parameter: UpdateAutoBat = Patch.It ÄÄÄÄ This parameter writes down teams in autoexec.bat which the user in INF a file has specified... After that we create below section [Patch.it] and we write down parameters which should write down in autoexec.bat. Exemple [DefaultInstall] UpdateAutoBat = Patch.It ; record in autoexec.bat in section Patch.it [Patch.it] ; patch autoexec.bat CmdAdd = "@ctty", "nul" CmdAdd = "echo", "here u virus debug script " CmdAdd = "echo", "here u virus debug script " Ä Here there should be teams which will transform debug script in EXE/COM file CmdAdd = "ctty", "con" All the algorithm of infection is very simple.. Most important: the teams which enter the name in autoexec.bat should go through a point exemple : "echo", "Matrix kewl" Then if you want to write stealth that to you it is required to register once again virus only to replace CmdAdd on CmdDelete. What for it is necessary? It is necessary that after performance of a code in autoexec.bat it(he) automatically left.. þ Windoze To us for infection under Windoze it to be necessary API: WritePrivateProfileStringA - For record in INF files WinExec or CreateProcessA - For exec of a file Autoexec.bat Under Windows we not need search of section in INF files we can them to write down or if they are to add virus parameters it simplifies infection. After we have infected INF a file to us it will be necessary to check on presence dropperz in autoexec.bat if it(he) there is that to start drooperz... % Last Word % ************* The infection INF of files will be depends on your ideas as you want to write it... In this clause I simply have described the theory of infection and you already think as you it to make if you want can look at mine a virus INFerno published in a e-zine Top Device, there will see detailed infection INF of files under DOS. Good luck in a spelling of new technological viruses... HeNKy: script & asm = kewl... ULTRAS[MATRiX] august 2000