This program has been created for experimenting purposes, this has not the intention to be viral, the "VIRUS" in the name is just a name, it won't became viral.
Be consent about you are downloading, this malicious software (commonly called malware)
I am not responsible for any damage caused by this malware and your negligence in general.
I strongly recommend you neither run this malware on real hardware nor misuse this malware to prank your friends.
This malware causes data loss, it may affect personal or important data...
-
Creator: BenjaminFretez
-
Passwörd of the file: "*J4d'X4D;y&2$SdM" (without quotes)
-
Versions of Windows tested: Windows 7 to 11 (most tested in 10)
-
Admin rights required: yes
(needs user consent)
If user selects no, the next message shows up:
("Ok, you missed the fun")
First of all, it overwrites the MBR with a game, then the malware sets the time to 6/JUN/6666 3:33:33 infinitely
It disables everything that every malware disables: CMD, taskmgr, etc.
It makes Start Menu and UWP taskbar options (like clock) not working (in Windows 10),
Then it infects some programs to run its own code with an infected message
If one of those programs are running, the program kills them
It also infects the Logon User Interface (LogonUI.exe) for making not working when E.G. you press CTRL+ALT+DEL
Or if you (find out the way for) log off you cannot Log-In anymore
And yes, your user account was deleted so you cannot recover it anymore
Maybe your files yes but your account not
It also infects programs like MS-SETTINGS (UWP) and RunDLL32 which some settings cannot be changed
It starts to download from the Internet some files that in the 3rd step will be shown (Like the Wordpad, the Paint, the Background) except the notes that it will written by the program itself
There's nothing more to show, since it happens at the background so we see like everything is normal except the time
After downloading everything (see 2nd Step) it follows the next steps*
- It changes the Background
- It creates random files on your desktop
- Note: This may take a while, because it creates all of those files in one instant. It maybe shows only a few files for an instant like in the background photo.
- Note 2: Those random files cannot be deleted because it's open with 'Unwanted.exe'
-
It open a note "...you ran the Unwanted Virus..."
-
Starts doing a screen effect
-
Starts a (kind of) scary music
-
Starts to pop-up random messages
-
It opens a Wordpad Document
-
It opens a Paint drawing with (I think) cute kittens
-
It opens notepads with Random messages
-
Open a Final Note ("10 seconds left")
After (approximately) 10 or 15 seconds the computer dies with a blue screen of death with a 0x0000029A code
Then Since the MBR has been overwritten it will load the game:
(this game is 'Invaders' by nanochess https://github.com/nanochess/Invaders)
-
The original name was
Úñåáñþéð ß¾®ü’but clearly is namedUnwanted Virus -
It took 6 months approximately to do this malware
If you right click something you can see rare items in the menu:
If you click one of those items, your computer will die instantly
This is a easter egg, if you delete winlogon.exe (Without restarting, is possible) and then run the malware you got this message box, then your computer restarts
This easter egg can be found if you run the malware with 'DisableCMD=1' This malware rarely uses cmd, this messagebox was programmed because it comes from a legacy version (it used cmd for everything)
If you disconnect the internet before you run the malware it will show the next message
(ERR_INTERNET_DISCONNECTED)
Then the computer dies with BSOD
if you disconnect after you run the malware the message will be different
(UNKNOWN_HARD_ERROR)
Then the computer dies with BSOD
This happens because the malware checks the internet connection and then download the files, if there's no internet connection it throws the first error (ERR_INTERNET_CONNECTION), else if you disconnect while you are running the malware (downloading) it shows the last error shown (UNKNOWN_HARD_ERROR)
If you run this program without admin rights it will stop by throwing the (UNKNOWN_HARD_ERROR) shown recently.
If you find any other, you can create an issue.
A bug that I found (rarely happens) that the program stops at the 3rd step, I don't know why (maybe too many threads: I tried to add one and dies or PC specs idk) just i let it there if someone of you happens...
Discord: https://discord.gg/FgZYVKwTN4
© BenjaminFretez 2021-2022