For this, the virus needs to be executed only once and from then on, it will carry out rest of the operation on it’s own. I have programmed this virus using the C language. If you are familiar with the C language then it is too easy to understand the logic behind the coding. The code is not posted here in this article, but you can download it from the link below.
UnRar the file and you should see the source code: Sysres.C
For a step-by-step compilation guide, refer my post: How to compile C Programs?
You can compile and test this virus on your own PC without any fear. To test, just double-click the sysres.exe file and restart the system manually. From now on, every time the PC is booted and the desktop is loaded, your PC will restart automatically again and again.
It will not do any harm apart from automatically restarting your system. After testing it, you can remove the virus by following the below mentioned steps:
Reboot your computer in the SAFE MODE
You will find a file by name sysres.exe, delete it.
Type regedit in run. You will go to the registry editor. Here navigate to:
There, on the right site you will see an entry by name “sres“. Delete this entry. That’s it. You have now removed this virus successfully.
If I do not explain the logic(Algorithm) behind the working of the virus program, I think this post would become an incomplete one. So I’ll explain the logic in a simplified manner without getting much into the technical aspects of the program. If you have further doubts, you can pass your comments.
First the virus will find the Root partition (Partition on which Windows is installed).
Next, it will determine whether or not the virus file (sysres.exe) is already copied into %systemroot%\Windows\System.
If not it will just place a copy of itself into %systemroot%\Windows\System and makes a registry entry to put this virus file into the Windows startup.
Or else if the virus is already found in the %systemroot%\Windows\System directory (folder), then it just gives a command to restart the computer.
This process is repeated every time the PC is restarted.
After you compile, the sysres.exe file that you get will have a default icon. If you send this file to your friends they may not execute it since it has a default ICON. So it is possible to change the ICON of this Sysres.exe file into any other ICON that is more trusted and looks attractive.
For example, you can change the icon into Norton antivirus ICON itself so that the people seeing this file believes that it is Norton antivirus. Or you can change it’s ICON into the ICON of any popular or trusted programs so that people will definitely click on it.
The detailed tutorial on changing the ICON is given in my post How to Change the ICON of an EXE File?