Scratch

ihaveamac · 2010-10-29 20:34:34

How funny. I made a program to test in VM, I didn't give it to anyone except a person who tests viruses on purpose on YouTube. It deletes hal.dll, constantly terminates and opens explorer.exe, and kills some processes such as taskmgr.exe. I was testing my skills in a Virtual Machine, not to make harm to real computers.

I left it somewhere by accident where Malwarebytes' got a copy of it and marked it as Trojan.Downloader. I notice one flaw in it: It does not download anyyyyything.
Click to get a closer look

The first thing that made me realize Malwarebytes' flagged it is when the protection module (I bought MBAM) said a malicious file was about to execute. I don't know what tried to execute that file. I clicked quarantine. Just to save my computer incase it ran and destroyed my computer.

No, I will not send it to Malwarebytes' to make it a false positive, and no, you can't have a copy. It deletes hal.dll!

littletonkslover · 2010-10-29 20:38:33

lolwut?

PW132 · 2010-10-29 20:40:42

You made. A virus.

Scratchthatguys · 2010-10-29 20:41:57

Yes. I only made a happy virus (It makes a billion windows open up, and freezes the computer.), and it's easy to stop.

ihaveamac · 2010-10-29 20:55:42

PW132 wrote:
You made. A virus.

You didn't read enough.

Jonathanpb · 2010-10-29 20:58:04

lol LOL!!! yikes

ihaveamac · 2010-10-29 21:05:30

Jonathanpb wrote:
LOL!!!

ikr

ihaveamac · 2010-10-29 21:34:19

Bump

This is an epic thread.

recycle49 · 2010-10-29 21:36:37

Wow, nice going... LOL lol I cant make fake files, i can open them with winrar and do that stuffs, but not do that, lol i would have cried laughing if your computer tried forever to execute it lol

ihaveamac · 2010-10-29 21:43:04

recycle49 wrote:
Wow, nice going... LOL I cant make fake files, i can open them with winrar and do that stuffs, but not do that, lol i would have cried laughing if your computer tried forever to execute it

I made mine in CMD, and got a batch converter and made an exe where it runs the batch file without a cmd window.

Blade-Edge · 2010-10-29 22:12:34

ihaveamac wrote:
PW132 wrote:
You made. A virus.
You didn't read enough.

You expected him to? Lol

throughthefire · 2010-10-30 01:06:31

WOW 0_0
Malwarebytes is good anti-malware, so I wouldn't expect this!

ihaveamac · 2010-10-30 01:13:54

throughthefire wrote:
WOW 0_0
Malwarebytes is good anti-malware, so I wouldn't expect this!

I guess
1) Malwarebytes found it
2) Someone reported it
3) When it was scanned it looked suspicious

Last edited by ihaveamac (2010-10-30 01:20:47)

what-the · 2010-10-30 04:51:03

Why make a virus. That's weak and pathetic. I could program one with my eyes closed, literally. Also your program failed it shouldn't be detected. Only once has any of my programs been detected by a anti virus and that was because I self signed a digital certificate and put it on the program.

fire219 · 2010-10-30 08:14:46

lol Sounds like how your Norton hates SIMPL-DOS! Except, in this case, MBAM did what it is supposed to do.

recycle49 · 2010-10-30 08:57:05

ihaveamac wrote:
recycle49 wrote:
Wow, nice going... LOL I cant make fake files, i can open them with winrar and do that stuffs, but not do that, lol i would have cried laughing if your computer tried forever to execute it
I made mine in CMD, and got a batch converter and made an exe where it runs the batch file without a cmd window.

XD! Malwear cought it though lol

ihaveamac · 2010-10-30 11:55:17

what-the wrote:
Why make a virus. That's weak and pathetic. I could program one with my eyes closed, literally. Also your program failed it shouldn't be detected. Only once has any of my programs been detected by a anti virus and that was because I self signed a digital certificate and put it on the program.

Read the most some more. It says why I made one.

Scratchthatguys · 2010-10-30 12:05:27

Make it run in the background. Oh yeah, and doesn't the /b switch make it run in background?

ihaveamac · 2010-10-30 12:44:48

Scratchthatguys wrote:
Make it run in the background. Oh yeah, and doesn't the /b switch make it run in background?

I made it EXE and not .BAT/.CMD extension. The virus tester doesn't take bat/cmd files with those extensions.

Scratchthatguys · 2010-10-30 12:45:35

Oh.

ihaveamac · 2010-10-30 16:10:25

bump

WindozeNT · 2010-10-30 16:46:54

ihaveamac wrote:
No, I will not send it to Malwarebytes' to make it a false positive, and no, you can't have a copy. It deletes hal.dll!

I could make the exact same thing, if not worse, in Microsoft Visual Basic 6! I'm a professional in that language.

EDIT: I have this one virtual machine. It runs a modded Windows XP that looks, acts and feels like Win2K Pro. I hacked everything down to the last system DLL. It calles itself Windows 2000 Professional instead of Windows XP Professional because of a registry hack. Of course, my Win XP file hacking lead to a few OS bugs (I can't access Control Panel and Shell32 acts wierd in some areas). The bootscreen was changed and every other aspect of the XP OS was changed and hacked with Windows 2000 aspects, so you can't even identify it as Windows XP without reverse engeneering the NTOSKRNL.EXE file.
One time, I was bored, so I decided to see if the BSOD lookedn like 2K's as it should to fit the Windows 2000 environment, so I deleted the registry. On next boot, I got a DOS messsage saying Windows 2000 (even the bootloader thinks it's 2K!) couldn't boot because the registry went boom and files it required had vanished in thin air. Windows paniced about it and refused to boot. I exited the VM and told MS Virtual PC 2007 to delete the undo disk changes.
On the next VM start, the homemade Win2K booted up and greeted me with the startup sound. Epic.
WindozeNT

Last edited by WindozeNT (2010-10-30 17:13:48)

ihaveamac · 2010-10-30 18:19:01

Nice.
And I have a real computer installed with Windows 7 Ultimate.

WindozeNT · 2010-10-30 19:03:16

ihaveamac wrote:
Nice.
And I have a real computer installed with Windows 7 Ultimate.

In addition, you have a Mac, too. tongue

ihaveamac · 2010-10-31 14:05:23

Code:

BUMP
rpmo
i ys
n  t
g

Scratch

archived forums

#1 2010-10-29 20:34:34

My program detected as Trojan

#2 2010-10-29 20:38:33

Re: My program detected as Trojan

#3 2010-10-29 20:40:42

Re: My program detected as Trojan

#4 2010-10-29 20:41:57

Re: My program detected as Trojan

#5 2010-10-29 20:55:42

Re: My program detected as Trojan

PW132 wrote:

#6 2010-10-29 20:58:04

Re: My program detected as Trojan

#7 2010-10-29 21:05:30

Re: My program detected as Trojan

Jonathanpb wrote:

#8 2010-10-29 21:34:19

Re: My program detected as Trojan

#9 2010-10-29 21:36:37

Re: My program detected as Trojan

#10 2010-10-29 21:43:04

Re: My program detected as Trojan

recycle49 wrote:

#11 2010-10-29 22:12:34

Re: My program detected as Trojan

ihaveamac wrote:

PW132 wrote:

#12 2010-10-30 01:06:31

Re: My program detected as Trojan

#13 2010-10-30 01:13:54

Re: My program detected as Trojan

throughthefire wrote:

#14 2010-10-30 04:51:03

Re: My program detected as Trojan

#15 2010-10-30 08:14:46

Re: My program detected as Trojan

#16 2010-10-30 08:57:05

Re: My program detected as Trojan

ihaveamac wrote:

recycle49 wrote:

#17 2010-10-30 11:55:17

Re: My program detected as Trojan

what-the wrote:

#18 2010-10-30 12:05:27

Re: My program detected as Trojan

#19 2010-10-30 12:44:48

Re: My program detected as Trojan

Scratchthatguys wrote:

#20 2010-10-30 12:45:35

Re: My program detected as Trojan

#21 2010-10-30 16:10:25

Re: My program detected as Trojan

#22 2010-10-30 16:46:54

Re: My program detected as Trojan

ihaveamac wrote:

#23 2010-10-30 18:19:01

Re: My program detected as Trojan

#24 2010-10-30 19:03:16

Re: My program detected as Trojan

ihaveamac wrote:

#25 2010-10-31 14:05:23

Re: My program detected as Trojan

Code:

Board footer