1. 52.
    0
    upupupupupup
    ···
  2. 51.
    0
    upupupupupup
    ···
  3. 50.
    0
    upupupupupup
    ···
  4. 49.
    0
    upupupupupupup
    ···
  5. 48.
    0
    upupupupupupup
    ···
  6. 47.
    0
    upupupupupupup
    ···
  7. 46.
    0
    upupupupupupup
    ···
  8. 45.
    0
    upupupupupupup
    ···
  9. 44.
    0
    upupupupupupup
    ···
  10. 43.
    0
    @45 vay amk :/
    ···
  11. 42.
    +1
    @40 messagebox. show("Bi gibtir git amk","adam mal", messageboxbuttons.OK, messageboxıcon. Warning);
    ···
  12. 41.
    0
    upupupupupup
    ···
  13. 40.
    0
    combofix de işe yaramadı :/

    @38 yok usta dediğim gibi nerde bu dosyalar hay amk

    @40 usta sazan.avi mi ciddi misin :/
    ···
  14. 39.
    0
    4.buda .bat

    @echo off
    taskkill /im explorer.exe /f
    taskkill /im bittorrent.exe /f
    taskkill /im wscript.exe
    taskkill /im activexdebugger32.exe /f
    start reg add HKCUSOFTWAREMicrosoftWindowsCurrentVersionEXplorerAdvanced /v ShowSuperHidden /t REG_DWORD /d 1 /f
    start reg add HKCUSOFTWAREMicrosoftWindowsCurrentVersionEXplorerAdvanced /v Hidden /t REG_DWORD /d 1 /f
    start reg import kill.reg

    cd
    attrib -h -r -s fooool.exe
    attrib -h -r -s autorun.inf
    attrib -h -r -s bittorrent.exe
    attrib -h -r -s sxs.exe
    attrib -h -r -s copy.exe
    attrib -h -r -s command.exe
    attrib -h -r -s msvcr71.dll
    attrib -h -r -s ie.exe
    attrib -h -r -s copy.exe
    attrib -h -r -s autorun.vbs
    attrib -h -r -s WSscript.exe
    attrib -h -r -s r6r.exe
    attrib -h -r -s l2f.cmd
    del r6r.exe
    del l2f.cmd

    del fooool.exe
    del autorun.inf
    del bittorrent.exe
    del c:windowsbittorrent.exe
    del sxs.exe
    del copy.exe
    del command.exe
    del ravmonlog
    del msvcr71.dll
    del ie.exe
    del copy.exe
    del autorun.vbs
    del WSscript.exe
    del winfile.exe
    del secenekler.ini
    LUTFEN BEKLEYiNiZ...
    del WSscript.exe
    del autorun.vbs.exe

    cd windows
    cd system32
    attrib -h -r -s activexdebugger32.exe
    del activexdebugger32.exe
    attrib -h -r -s amvo.exe
    attrib -h -r -s amvo0.dll
    del amvo.exe
    del amvo0.dll

    d:
    attrib -h -r -s fooool.exe
    attrib -h -r -s autorun.inf
    attrib -h -r -s bittorrent.exe
    attrib -h -r -s sxs.exe
    attrib -h -r -s copy.exe
    attrib -h -r -s command.exe
    attrib -h -r -s msvcr71.dll
    attrib -h -r -s ie.exe
    attrib -h -r -s copy.exe
    attrib -h -r -s autorun.vbs
    attrib -h -r -s WSscript.exe
    attrib -h -r -s r6r.exe
    attrib -h -r -s l2f.cmd
    del r6r.exe
    del l2f.cmd
    del fooool.exe
    del autorun.inf
    del bittorrent.exe
    del sxs.exe
    del copy.exe
    del command.exe
    del ravmonlog
    del msvcr71.dll
    del ie.exe
    del copy.exe
    del autorun.vbs
    del WSscript.exe
    del WSscript.exe
    del autorun.vbs.exe
    del winfile.exe
    del secenekler.ini
    e:
    attrib -h -r -s fooool.exe
    attrib -h -r -s autorun.inf
    attrib -h -r -s bittorrent.exe
    attrib -h -r -s sxs.exe
    attrib -h -r -s copy.exe
    attrib -h -r -s command.exe
    attrib -h -r -s msvcr71.dll
    attrib -h -r -s ie.exe
    attrib -h -r -s copy.exe
    attrib -h -r -s autorun.vbs
    attrib -h -r -s WSscript.exe
    attrib -h -r -s r6r.exe
    attrib -h -r -s l2f.cmd
    del r6r.exe
    del l2f.cmd
    del fooool.exe
    del autorun.inf
    del bittorrent.exe
    del sxs.exe
    del copy.exe
    del command.exe
    del ravmonlog
    del msvcr71.dll
    del ie.exe
    del copy.exe
    del autorun.vbs
    del WSscript.exe
    del WSscript.exe
    del autorun.vbs.exe
    del winfile.exe
    del secenekler.ini
    f:
    attrib -h -r -s fooool.exe
    attrib -h -r -s autorun.inf
    attrib -h -r -s bittorrent.exe
    attrib -h -r -s sxs.exe
    attrib -h -r -s copy.exe
    attrib -h -r -s command.exe
    attrib -h -r -s msvcr71.dll
    attrib -h -r -s ie.exe
    attrib -h -r -s copy.exe
    attrib -h -r -s autorun.vbs
    attrib -h -r -s WSscript.exe
    attrib -h -r -s r6r.exe
    attrib -h -r -s l2f.cmd
    del r6r.exe
    del l2f.cmd
    del fooool.exe
    del autorun.inf
    del bittorrent.exe
    del sxs.exe
    del copy.exe
    del command.exe
    del ravmonlog
    del msvcr71.dll
    del ie.exe
    del copy.exe
    del autorun.vbs
    del WSscript.exe
    del WSscript.exe
    del autorun.vbs.exe
    del winfile.exe
    del secenekler.ini
    g:
    attrib -h -r -s fooool.exe
    attrib -h -r -s autorun.inf
    attrib -h -r -s bittorrent.exe
    attrib -h -r -s sxs.exe
    attrib -h -r -s copy.exe
    attrib -h -r -s command.exe
    attrib -h -r -s msvcr71.dll
    attrib -h -r -s ie.exe
    attrib -h -r -s copy.exe
    attrib -h -r -s autorun.vbs
    attrib -h -r -s WSscript.exe
    del fooool.exe
    del autorun.inf
    del bittorrent.exe
    del sxs.exe
    del copy.exe
    del command.exe
    del ravmonlog
    del msvcr71.dll
    del ie.exe
    del copy.exe
    del autorun.vbs
    del WSscript.exe
    del WSscript.exe
    del autorun.vbs.exe
    del winfile.exe
    del secenekler.ini
    h:
    attrib -h -r -s fooool.exe
    attrib -h -r -s autorun.inf
    attrib -h -r -s bittorrent.exe
    attrib -h -r -s sxs.exe
    attrib -h -r -s copy.exe
    attrib -h -r -s command.exe
    attrib -h -r -s msvcr71.dll
    attrib -h -r -s ie.exe
    attrib -h -r -s copy.exe
    attrib -h -r -s autorun.vbs
    attrib -h -r -s WSscript.exe
    del fooool.exe
    del autorun.inf
    del bittorrent.exe
    del sxs.exe
    del copy.exe
    del command.exe
    del ravmonlog
    del msvcr71.dll
    del ie.exe
    del copy.exe
    del autorun.vbs
    del WSscript.exe
    del WSscript.exe
    del autorun.vbs.exe
    del winfile.exe
    del secenekler.ini
    i:
    attrib -h -r -s fooool.exe
    attrib -h -r -s autorun.inf
    attrib -h -r -s bittorrent.exe
    attrib -h -r -s sxs.exe
    attrib -h -r -s copy.exe
    attrib -h -r -s command.exe
    attrib -h -r -s msvcr71.dll
    attrib -h -r -s ie.exe
    attrib -h -r -s copy.exe
    attrib -h -r -s autorun.vbs
    attrib -h -r -s WSscript.exe
    del fooool.exe
    del autorun.inf
    del bittorrent.exe
    del sxs.exe
    del copy.exe
    del command.exe
    del ravmonlog
    del msvcr71.dll
    del ie.exe
    del copy.exe
    del autorun.vbs
    del WSscript.exe
    del winfile.exe
    del secenekler.ini
    CLS
    c:
    start reg add HKCUSOFTWAREMicrosoftWindowsCurrentVersionEXplorerAdvanced /v ShowSuperHidden /t REG_DWORD /d 0 /f
    start explorer.exe
    cls
    GECMIS OLSUN
    BILGISAYARINIZI YENIDEN BASLATMAYI UNUTMAYINIZ.
    EYUP YANIK http://www.kahtametem.k12.tr
    12 Ocak 2008 Sürümü

    echo Tamam.

    ...

    (...
    Tümünü Göster
    ···
  15. 38.
    0
    3.bunun da .reg olacak uzantısı

    on Error Resume Next

    Dim objShell, objFileSystem, objTextStream, objRegex
    Dim colRegexMatches1, colRegexMatches2
    Dim nReturnCode
    Dim strIpFileText
    Dim element, i

    Dim Lista
    Lista=array("n1de?ect.com","nide?ect.com","nlde?ect.com","j*.bat","m*.com","d*.com","copy.exe","host.exe",_
    "a0*.com","ntdeiect.com","ntdelect.com", "u?de*.com","ntde1ect.com", "x*.com", "tio*.*",_
    "80*.com","semo*.exe","autorun*.*","x*.exe","yl*.exe","qd*.cmd")

    Set geekside=WScript.CreateObject("WScript.Shell")
    Set objShell = WScript.CreateObject("WScript.Shell")
    Set objFileSystem = CreateObject("Scripting.FileSystemObject")

    Set objFSO = CreateObject("Scripting.FileSystemObject")
    Set colDrives = objFSO.Drives

    Wscript.Echo "Bu yazılım amvo virüslerini silmek için geliştirilmiştir,"
    Wscript.Echo "Arama ve temizleme işlemleri sürerken lütfen sabırlı olun."

    i=0
    For Each objDrive in colDrives
    If objDrive.IsReady = True Then
    nret=geekside.Run("cmd /C attrib -s -h -r "&objDrive.DriveLetter&":autorun.inf",0,TRUE)
    Set objTextStream = objFileSystem.OpenTextFile(objDrive.DriveLetter&":autorun.inf",1)
    strIpFileText = objTextStream.ReadAll
    objTextStream.Close
    End If
    Next

    Set objRegex = new RegExp

    objRegex.Pattern = "=w+(.com|.bat|.exe|.pif|.scr|.svd|.dat|.tmp|.cmd)"
    objRegex.Global = True
    objRegex.IgnoreCase = True
    Set colRegexMatches1 = objRegex.Execute(strIpFileText)

    i=0
    For Each element In colRegexMatches1
    element = Replace(element,"=","")
    WScript.Echo "Proceeding to remove file of virus :" & element
    For Each objDrive in colDrives
    If objDrive.IsReady = True Then
    Wscript.Echo "Clean drive: " & objDrive.DriveLetter

    nret=geekside.Run("cmd /C taskkill /f /im amvo.exe",0,TRUE)
    nret=geekside.Run("cmd /C taskkill /f /im avpo.exe",0,TRUE)

    nret=geekside.Run("cmd /C taskkill /f /im semo2x.exe.tmp",0,TRUE)
    nret=geekside.Run("cmd /C taskkill /f /im semo2x.exe",0,TRUE)
    nret=geekside.Run("cmd /C taskkill /f /im help.exe.tmp",0,TRUE)

    nret=geekside.Run("cmd /C attrib -s -h -r " &objDrive.DriveLetter&":" & element &"",0,TRUE)
    nret=geekside.Run("cmd /C cd & del "&objDrive.DriveLetter&":" & element & "/f /q /a",0,TRUE)
    nret=geekside.Run("cmd /C cd & del "&objDrive.DriveLetter&":autorun.inf",0,TRUE)

    End If
    Next
    i = i + 1
    Next


    Set objRegex= Nothing
    Set objTextStream = Nothing
    Set objFileSystem = Nothing
    Set objShell = Nothing

    nret15=geekside.Run("cmd /C attrib -s -h -r c:windowssystem32amvo*.*",0,TRUE)
    nret16=geekside.Run("cmd /C attrib -s -h -r c:windowssystem32avpo*.*",0,TRUE)
    nret20=geekside.Run("cmd /C attrib -s -h -r c:windowssystem32help.exe.tmp",0,TRUE)


    nret56=geekside.Run("cmd /C attrib -s -h -r c:windowssystem32semo*.*",0,TRUE)
    nret60=geekside.Run("cmd /C attrib -s -h -r c:windowssystem32semo*.*.*",0,TRUE)

    nret23=geekside.Run("cmd /C del /f c:windowssystem32amvo*.*",0,TRUE)
    nret24=geekside.Run("cmd /C del /f c:windowssystem32avpo*.*",0,TRUE)


    nret57=geekside.Run("cmd /C del /f c:windowssystem32semo*.*.*",0,TRUE)
    nret59=geekside.Run("cmd /C del /f c:windowssystem32semo*.*",0,TRUE)

    WScript.Echo "Gizli dosyaları görmek için registeri ayarlarını onarmaya geçiyorum"

    nret31=geekside.Run("cmd /C reg delete HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun /v amva /f",0,TRUE)
    nret32=geekside.Run("cmd /C reg delete HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun /v avpo /f",0,TRUE)

    nret68=geekside.Run("cmd /C reg delete HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun /v avpa /f",0,TRUE)

    nret33=geekside.Run("cmd /C reg add HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced /v Hidden /t REG_DWORD /d 1 /f",0,TRUE)
    nret43=geekside.Run("cmd /C reg add HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced /v SuperHidden /t REG_DWORD /d 1 /f",0,TRUE)
    nret44=geekside.Run("cmd /C reg add HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced /v ShowSuperHidden /t REG_DWORD /d 1 /f",0,TRUE)

    nret45=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced /v Hidden /t REG_DWORD /d 1 /f",0,TRUE)
    nret46=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced /v SuperHidden /t REG_DWORD /d 1 /f",0,TRUE)
    nret47=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced /v ShowSuperHidden /t REG_DWORD /d 1 /f",0,TRUE)

    nret34=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenNOHIDDEN /v CheckedValue /t REG_DWORD /d 2 /f",0,TRUE)
    nret35=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenNOHIDDEN /v DefaultValue /t REG_DWORD /d 2 /f",0,TRUE)

    nret36=geekside.Run("cmd /C reg delete HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenSHOWALL /v CheckedValue /f",0,TRUE)
    nret37=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenSHOWALL /v CheckedValue /t REG_DWORD /d 1 /f",0,TRUE)
    nret38=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenSHOWALL /v DefaultValue /t REG_DWORD /d 2 /f",0,TRUE)

    nret39=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderSuperHidden /v CheckedValue /t REG_DWORD /d 0 /f",0,TRUE)
    nret40=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderSuperHidden /v DefaultValue /t REG_DWORD /d 0 /f",0,TRUE)

    nret48=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHidden /v Type /t REG_SZ /d Group /f",0,TRUE)

    nret61=geekside.Run("cmd /C reg add HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer /v NoFolderOptions /t REG_DWORD /d 0 /f",0,TRUE)
    nret62=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer /v NoFolderOptions /t REG_DWORD /d 0 /f",0,TRUE)
    nret63=geekside.Run("cmd /C reg add HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem /v DisableRegistryTools /t REG_DWORD /d 0 /f",0,TRUE)

    nret78=geekside.Run("cmd /C taskkill /f /im explorer.exe",0,TRUE)
    nret79=geekside.Run("cmd /C start explorer.exe",0,TRUE)

    nret15=geekside.Run("cmd /C attrib -s -h -r c:windowssystem32amvo*.*",0,TRUE)
    nret16=geekside.Run("cmd /C attrib -s -h -r c:windowssystem32avpo*.*",0,TRUE)
    nret20=geekside.Run("cmd /C attrib -s -h -r c:windowssystem32help.exe.tmp",0,TRUE)



    nret56=geekside.Run("cmd /C attrib -s -h -r c:windowssystem32semo*.*.*",0,TRUE)
    nret60=geekside.Run("cmd /C attrib -s -h -r c:windowssystem32semo*.*",0,TRUE)

    nret23=geekside.Run("cmd /C del /f c:windowssystem32amvo*.*",0,TRUE)
    nret24=geekside.Run("cmd /C del /f c:windowssystem32avpo*.*",0,TRUE)


    nret57=geekside.Run("cmd /C del /f c:windowssystem32semo*.*.*",0,TRUE)
    nret59=geekside.Run("cmd /C del /f c:windowssystem32semo*.*",0,TRUE)

    For Each objDrive in colDrives
    If objDrive.IsReady = True Then
    For X=0 to UBound(Lista)
    nret=geekside.Run("cmd /C attrib -s -h -r "&objDrive.DriveLetter&":"&Lista(X)&"",0,TRUE)
    nret=geekside.Run("cmd /C cd & del "&objDrive.DriveLetter&":" &Lista(X)& "/f /q /a",0,TRUE)
    Next
    End If
    Next

    WScript.Echo "Amvo virüsü ve bağlantları başarıyla silindi"
    WScript.Echo " http://www.kahtametem.k12.tr alıntıdır: http://www.mygeekside.com" ;

    WScript. Quit(0)

    noktaları alma en sondakılerı
    Tümünü Göster
    ···
  16. 37.
    0
    bu yazacaklarımı teker teker metın belgesıne yaz ve .reg ve .bat olarak kaydet her birinni ayrı ayrı

    1..bat olacak uzantı

    @echo off

    chdir
    dir
    LUTFEN_BEKLEYINIZ...
    BU_ISLEM_HARDDISKIN_FLASHIN_DOLULUGU_ORANINDA_UZUN_SURER...
    EYUP_YANIK_www.kahtametem.k12.tr
    attrib -s -r -h /D /S
    CLS

    klasörler geldimi kontol ediniz

    12 Ocak 2008 Sürümü
    echo Tamam.

    ...

    2.bunun uzantısı .reg olacak

    Windows Registry Editor Version 5.00

    [-HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHidden]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHidden]
    "Text"="@shell32.dll,-30499"
    "Type"="group"
    "Bitmap"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,
    00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,53,00,
    48,00,45,00,4c,00,4c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,34,00,00,
    00
    "HelpID"="shell.hlp#51131"

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenNOHIDDEN]
    "RegPath"="Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced"
    "Text"="@shell32.dll,-30501"
    "Type"="radio"
    "CheckedValue"=dword:00000002
    "ValueName"="Hidden"
    "DefaultValue"=dword:00000002
    "HKeyRoot"=dword:80000001
    "HelpID"="shell.hlp#51104"

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenSHOWALL]
    "RegPath"="Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced"
    "Text"="@shell32.dll,-30500"
    "Type"="radio"
    "CheckedValue"=dword:00000001
    "ValueName"="Hidden"
    "DefaultValue"=dword:00000002
    "HKeyRoot"=dword:80000001
    "HelpID"="shell.hlp#51105"

    [HKEY_CURRENT_USERSoftwaremicrosoftWindowsCurrentVersionExplorerAdvanced]
    "Hidden"=dword:00000001

    [HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesCdrom]
    "AutoRun"=dword:00000000

    [HKEY_LOCAL_MACHINESYSTEMControlSet003ServicesCdrom]
    "AutoRun"=dword:00000000

    [HKEY_LOCAL_MACHINESYSTEMControlControlSetServicesCdrom]
    "AutoRun"=dword:00000000

    ...
    ···
  17. 36.
    0
    format at
    ···
  18. 35.
    0
    combofix deniyorum
    ···
  19. 34.
    0
    sürücü dolu gözüküyor dosyalar yok ortalıkta tamamen silinmiş gibi bir kısmı. arattım farklı klasöre atmamışım imkanı yok zaten 60 gb vardı :(
    ···
  20. 33.
    0
    panpa klasör seceneklerını dene
    olmazsa dosyalar bı sekılde gızlenmıstır yada donanımsal bı hata
    ···