The trojan horse which I have created appears itself as an antivirus program that scans the computer for malware programs. However, in reality it does nothing other than eating up the hard disk space on the root drive by filling it up with a huge junk file. The rate at which it fills up the hard disk space it too high. As a result, the the root drive gets filled up completely with in minutes of running this program.
Once the disk space is full, the trojan reports that the scan is complete. The victim will not be able to clean up the hard disk space using any of the cleanup program. This is because, the trojan intelligently creates a huge file in the WindowsSystem32 folder with the .dll extension. Since the junk file has the .dll extension it is often ignored by the disk cleanup software. Hence there is now way to recover the hard disk space other than reformatting the drive.
The algorithm of the Trojan is as follows:
- Search for the root drive.
- Navigate to %systemroot%WindowsSystem32 on the root drive.
- Create the file named “spceshot.dll“.
- Start dumping the junk data onto the above file and keep increasing its size until the drive is full.
- Once the drive is full, stop the process.
How to test this trojan horse?
To test the trojan, just run the SpaceEater.exe file on your computer. It will generate a warning message at the beginning. Once you accept it, the Trojan runs and eats up the hard disk space.
How to fix the damage and free up the space?
To remove the damage and free up the space, just type the following in the “run” dialog box:
Now search for the file “spceshot.dll“. Just delete it and you’re done. No need to re-format the hard disk.