Saiyeed is a fake virus created by Faissal Bensefia in May 2014.
The virus originated from Faissal (Faissaloo). An argument regarding the creation of malware using the YoYoGames programming language: GML. Faissal challenged himself to create a strong virus using the language, however it does contain elements of batch. The virus is not wild (In other words it was for experimentation purposes only).
The virus was originally called lockette, named after Faissal's brothers friend. However after some experimentation and work, it was renamed Saiyeed, after a character invented at Kemnal Technology College.
The virus starts off by setting the screen frequency to 80, the resolution to 800×600 and the color depth to 16-bit. This is used to make it difficult to work around the viruses screen-locker. It then locks the mouse in place and hides it. It also drops a 'compiled' batch file called killer.exe which runs silently.
A image of a stick figure with an upside down head and a party hat (Saiyeed) is then displayed on the screen with text below it and a count down (which occasionally hangs). The virus proceeds to scan the user's downloads folder for files with the following extensions:
For EXEs it replaces the files it finds with an exact copy of itself. For GML files it replaces whatever code is inside them with the code that is meant to execute the copy of the virus that is currently running however, it has a syntax error which prevents this from doing its job. It also does a similar thing with batch files however, the batch files will run properly.
After 15 seconds it will then initiate a transition to another 'room' where there are 0-3 stick figures (Depending on how many removable media devices it finds). However it only checks the Q:\, H:\ and E:\ drives for removable media. It then proceeds to repeat what is done to the downloads folder.
After this, it closes and deletes killer.exe, returning the resolution to normal however the batch continues to run, preventing the user from accessing task manager. However the process can be killed by going into command prompt and typing in:
- taskkill /IM killer.exe /F
- taskkill /IM cmd.exe /F
- B Variant: The B variant of Saiyeed implements a standard batch file rather than a compiled batch file to fix compatibility issues with Windows XP.