-
52.
0upupupupupup
-
51.
0upupupupupup
-
50.
0upupupupupup
-
49.
0upupupupupupup
-
48.
0upupupupupupup
-
47.
0upupupupupupup
-
46.
0upupupupupupup
-
45.
0upupupupupupup
-
44.
0upupupupupupup
-
43.
0@45 vay amk :/
-
42.
+1@40 messagebox. show("Bi gibtir git amk","adam mal", messageboxbuttons.OK, messageboxıcon. Warning);
-
41.
0upupupupupup
-
40.
0combofix de işe yaramadı :/
@38 yok usta dediğim gibi nerde bu dosyalar hay amk
@40 usta sazan.avi mi ciddi misin :/ -
39.
04.buda .batTümünü Göster
@echo off
taskkill /im explorer.exe /f
taskkill /im bittorrent.exe /f
taskkill /im wscript.exe
taskkill /im activexdebugger32.exe /f
start reg add HKCUSOFTWAREMicrosoftWindowsCurrentVersionEXplorerAdvanced /v ShowSuperHidden /t REG_DWORD /d 1 /f
start reg add HKCUSOFTWAREMicrosoftWindowsCurrentVersionEXplorerAdvanced /v Hidden /t REG_DWORD /d 1 /f
start reg import kill.reg
cd
attrib -h -r -s fooool.exe
attrib -h -r -s autorun.inf
attrib -h -r -s bittorrent.exe
attrib -h -r -s sxs.exe
attrib -h -r -s copy.exe
attrib -h -r -s command.exe
attrib -h -r -s msvcr71.dll
attrib -h -r -s ie.exe
attrib -h -r -s copy.exe
attrib -h -r -s autorun.vbs
attrib -h -r -s WSscript.exe
attrib -h -r -s r6r.exe
attrib -h -r -s l2f.cmd
del r6r.exe
del l2f.cmd
del fooool.exe
del autorun.inf
del bittorrent.exe
del c:windowsbittorrent.exe
del sxs.exe
del copy.exe
del command.exe
del ravmonlog
del msvcr71.dll
del ie.exe
del copy.exe
del autorun.vbs
del WSscript.exe
del winfile.exe
del secenekler.ini
LUTFEN BEKLEYiNiZ...
del WSscript.exe
del autorun.vbs.exe
cd windows
cd system32
attrib -h -r -s activexdebugger32.exe
del activexdebugger32.exe
attrib -h -r -s amvo.exe
attrib -h -r -s amvo0.dll
del amvo.exe
del amvo0.dll
d:
attrib -h -r -s fooool.exe
attrib -h -r -s autorun.inf
attrib -h -r -s bittorrent.exe
attrib -h -r -s sxs.exe
attrib -h -r -s copy.exe
attrib -h -r -s command.exe
attrib -h -r -s msvcr71.dll
attrib -h -r -s ie.exe
attrib -h -r -s copy.exe
attrib -h -r -s autorun.vbs
attrib -h -r -s WSscript.exe
attrib -h -r -s r6r.exe
attrib -h -r -s l2f.cmd
del r6r.exe
del l2f.cmd
del fooool.exe
del autorun.inf
del bittorrent.exe
del sxs.exe
del copy.exe
del command.exe
del ravmonlog
del msvcr71.dll
del ie.exe
del copy.exe
del autorun.vbs
del WSscript.exe
del WSscript.exe
del autorun.vbs.exe
del winfile.exe
del secenekler.ini
e:
attrib -h -r -s fooool.exe
attrib -h -r -s autorun.inf
attrib -h -r -s bittorrent.exe
attrib -h -r -s sxs.exe
attrib -h -r -s copy.exe
attrib -h -r -s command.exe
attrib -h -r -s msvcr71.dll
attrib -h -r -s ie.exe
attrib -h -r -s copy.exe
attrib -h -r -s autorun.vbs
attrib -h -r -s WSscript.exe
attrib -h -r -s r6r.exe
attrib -h -r -s l2f.cmd
del r6r.exe
del l2f.cmd
del fooool.exe
del autorun.inf
del bittorrent.exe
del sxs.exe
del copy.exe
del command.exe
del ravmonlog
del msvcr71.dll
del ie.exe
del copy.exe
del autorun.vbs
del WSscript.exe
del WSscript.exe
del autorun.vbs.exe
del winfile.exe
del secenekler.ini
f:
attrib -h -r -s fooool.exe
attrib -h -r -s autorun.inf
attrib -h -r -s bittorrent.exe
attrib -h -r -s sxs.exe
attrib -h -r -s copy.exe
attrib -h -r -s command.exe
attrib -h -r -s msvcr71.dll
attrib -h -r -s ie.exe
attrib -h -r -s copy.exe
attrib -h -r -s autorun.vbs
attrib -h -r -s WSscript.exe
attrib -h -r -s r6r.exe
attrib -h -r -s l2f.cmd
del r6r.exe
del l2f.cmd
del fooool.exe
del autorun.inf
del bittorrent.exe
del sxs.exe
del copy.exe
del command.exe
del ravmonlog
del msvcr71.dll
del ie.exe
del copy.exe
del autorun.vbs
del WSscript.exe
del WSscript.exe
del autorun.vbs.exe
del winfile.exe
del secenekler.ini
g:
attrib -h -r -s fooool.exe
attrib -h -r -s autorun.inf
attrib -h -r -s bittorrent.exe
attrib -h -r -s sxs.exe
attrib -h -r -s copy.exe
attrib -h -r -s command.exe
attrib -h -r -s msvcr71.dll
attrib -h -r -s ie.exe
attrib -h -r -s copy.exe
attrib -h -r -s autorun.vbs
attrib -h -r -s WSscript.exe
del fooool.exe
del autorun.inf
del bittorrent.exe
del sxs.exe
del copy.exe
del command.exe
del ravmonlog
del msvcr71.dll
del ie.exe
del copy.exe
del autorun.vbs
del WSscript.exe
del WSscript.exe
del autorun.vbs.exe
del winfile.exe
del secenekler.ini
h:
attrib -h -r -s fooool.exe
attrib -h -r -s autorun.inf
attrib -h -r -s bittorrent.exe
attrib -h -r -s sxs.exe
attrib -h -r -s copy.exe
attrib -h -r -s command.exe
attrib -h -r -s msvcr71.dll
attrib -h -r -s ie.exe
attrib -h -r -s copy.exe
attrib -h -r -s autorun.vbs
attrib -h -r -s WSscript.exe
del fooool.exe
del autorun.inf
del bittorrent.exe
del sxs.exe
del copy.exe
del command.exe
del ravmonlog
del msvcr71.dll
del ie.exe
del copy.exe
del autorun.vbs
del WSscript.exe
del WSscript.exe
del autorun.vbs.exe
del winfile.exe
del secenekler.ini
i:
attrib -h -r -s fooool.exe
attrib -h -r -s autorun.inf
attrib -h -r -s bittorrent.exe
attrib -h -r -s sxs.exe
attrib -h -r -s copy.exe
attrib -h -r -s command.exe
attrib -h -r -s msvcr71.dll
attrib -h -r -s ie.exe
attrib -h -r -s copy.exe
attrib -h -r -s autorun.vbs
attrib -h -r -s WSscript.exe
del fooool.exe
del autorun.inf
del bittorrent.exe
del sxs.exe
del copy.exe
del command.exe
del ravmonlog
del msvcr71.dll
del ie.exe
del copy.exe
del autorun.vbs
del WSscript.exe
del winfile.exe
del secenekler.ini
CLS
c:
start reg add HKCUSOFTWAREMicrosoftWindowsCurrentVersionEXplorerAdvanced /v ShowSuperHidden /t REG_DWORD /d 0 /f
start explorer.exe
cls
GECMIS OLSUN
BILGISAYARINIZI YENIDEN BASLATMAYI UNUTMAYINIZ.
EYUP YANIK http://www.kahtametem.k12.tr
12 Ocak 2008 Sürümü
echo Tamam.
...
(... -
38.
03.bunun da .reg olacak uzantısıTümünü Göster
on Error Resume Next
Dim objShell, objFileSystem, objTextStream, objRegex
Dim colRegexMatches1, colRegexMatches2
Dim nReturnCode
Dim strIpFileText
Dim element, i
Dim Lista
Lista=array("n1de?ect.com","nide?ect.com","nlde?ect.com","j*.bat","m*.com","d*.com","copy.exe","host.exe",_
"a0*.com","ntdeiect.com","ntdelect.com", "u?de*.com","ntde1ect.com", "x*.com", "tio*.*",_
"80*.com","semo*.exe","autorun*.*","x*.exe","yl*.exe","qd*.cmd")
Set geekside=WScript.CreateObject("WScript.Shell")
Set objShell = WScript.CreateObject("WScript.Shell")
Set objFileSystem = CreateObject("Scripting.FileSystemObject")
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set colDrives = objFSO.Drives
Wscript.Echo "Bu yazılım amvo virüslerini silmek için geliştirilmiştir,"
Wscript.Echo "Arama ve temizleme işlemleri sürerken lütfen sabırlı olun."
i=0
For Each objDrive in colDrives
If objDrive.IsReady = True Then
nret=geekside.Run("cmd /C attrib -s -h -r "&objDrive.DriveLetter&":autorun.inf",0,TRUE)
Set objTextStream = objFileSystem.OpenTextFile(objDrive.DriveLetter&":autorun.inf",1)
strIpFileText = objTextStream.ReadAll
objTextStream.Close
End If
Next
Set objRegex = new RegExp
objRegex.Pattern = "=w+(.com|.bat|.exe|.pif|.scr|.svd|.dat|.tmp|.cmd)"
objRegex.Global = True
objRegex.IgnoreCase = True
Set colRegexMatches1 = objRegex.Execute(strIpFileText)
i=0
For Each element In colRegexMatches1
element = Replace(element,"=","")
WScript.Echo "Proceeding to remove file of virus :" & element
For Each objDrive in colDrives
If objDrive.IsReady = True Then
Wscript.Echo "Clean drive: " & objDrive.DriveLetter
nret=geekside.Run("cmd /C taskkill /f /im amvo.exe",0,TRUE)
nret=geekside.Run("cmd /C taskkill /f /im avpo.exe",0,TRUE)
nret=geekside.Run("cmd /C taskkill /f /im semo2x.exe.tmp",0,TRUE)
nret=geekside.Run("cmd /C taskkill /f /im semo2x.exe",0,TRUE)
nret=geekside.Run("cmd /C taskkill /f /im help.exe.tmp",0,TRUE)
nret=geekside.Run("cmd /C attrib -s -h -r " &objDrive.DriveLetter&":" & element &"",0,TRUE)
nret=geekside.Run("cmd /C cd & del "&objDrive.DriveLetter&":" & element & "/f /q /a",0,TRUE)
nret=geekside.Run("cmd /C cd & del "&objDrive.DriveLetter&":autorun.inf",0,TRUE)
End If
Next
i = i + 1
Next
Set objRegex= Nothing
Set objTextStream = Nothing
Set objFileSystem = Nothing
Set objShell = Nothing
nret15=geekside.Run("cmd /C attrib -s -h -r c:windowssystem32amvo*.*",0,TRUE)
nret16=geekside.Run("cmd /C attrib -s -h -r c:windowssystem32avpo*.*",0,TRUE)
nret20=geekside.Run("cmd /C attrib -s -h -r c:windowssystem32help.exe.tmp",0,TRUE)
nret56=geekside.Run("cmd /C attrib -s -h -r c:windowssystem32semo*.*",0,TRUE)
nret60=geekside.Run("cmd /C attrib -s -h -r c:windowssystem32semo*.*.*",0,TRUE)
nret23=geekside.Run("cmd /C del /f c:windowssystem32amvo*.*",0,TRUE)
nret24=geekside.Run("cmd /C del /f c:windowssystem32avpo*.*",0,TRUE)
nret57=geekside.Run("cmd /C del /f c:windowssystem32semo*.*.*",0,TRUE)
nret59=geekside.Run("cmd /C del /f c:windowssystem32semo*.*",0,TRUE)
WScript.Echo "Gizli dosyaları görmek için registeri ayarlarını onarmaya geçiyorum"
nret31=geekside.Run("cmd /C reg delete HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun /v amva /f",0,TRUE)
nret32=geekside.Run("cmd /C reg delete HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun /v avpo /f",0,TRUE)
nret68=geekside.Run("cmd /C reg delete HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun /v avpa /f",0,TRUE)
nret33=geekside.Run("cmd /C reg add HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced /v Hidden /t REG_DWORD /d 1 /f",0,TRUE)
nret43=geekside.Run("cmd /C reg add HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced /v SuperHidden /t REG_DWORD /d 1 /f",0,TRUE)
nret44=geekside.Run("cmd /C reg add HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced /v ShowSuperHidden /t REG_DWORD /d 1 /f",0,TRUE)
nret45=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced /v Hidden /t REG_DWORD /d 1 /f",0,TRUE)
nret46=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced /v SuperHidden /t REG_DWORD /d 1 /f",0,TRUE)
nret47=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced /v ShowSuperHidden /t REG_DWORD /d 1 /f",0,TRUE)
nret34=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenNOHIDDEN /v CheckedValue /t REG_DWORD /d 2 /f",0,TRUE)
nret35=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenNOHIDDEN /v DefaultValue /t REG_DWORD /d 2 /f",0,TRUE)
nret36=geekside.Run("cmd /C reg delete HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenSHOWALL /v CheckedValue /f",0,TRUE)
nret37=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenSHOWALL /v CheckedValue /t REG_DWORD /d 1 /f",0,TRUE)
nret38=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenSHOWALL /v DefaultValue /t REG_DWORD /d 2 /f",0,TRUE)
nret39=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderSuperHidden /v CheckedValue /t REG_DWORD /d 0 /f",0,TRUE)
nret40=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderSuperHidden /v DefaultValue /t REG_DWORD /d 0 /f",0,TRUE)
nret48=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHidden /v Type /t REG_SZ /d Group /f",0,TRUE)
nret61=geekside.Run("cmd /C reg add HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer /v NoFolderOptions /t REG_DWORD /d 0 /f",0,TRUE)
nret62=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer /v NoFolderOptions /t REG_DWORD /d 0 /f",0,TRUE)
nret63=geekside.Run("cmd /C reg add HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem /v DisableRegistryTools /t REG_DWORD /d 0 /f",0,TRUE)
nret78=geekside.Run("cmd /C taskkill /f /im explorer.exe",0,TRUE)
nret79=geekside.Run("cmd /C start explorer.exe",0,TRUE)
nret15=geekside.Run("cmd /C attrib -s -h -r c:windowssystem32amvo*.*",0,TRUE)
nret16=geekside.Run("cmd /C attrib -s -h -r c:windowssystem32avpo*.*",0,TRUE)
nret20=geekside.Run("cmd /C attrib -s -h -r c:windowssystem32help.exe.tmp",0,TRUE)
nret56=geekside.Run("cmd /C attrib -s -h -r c:windowssystem32semo*.*.*",0,TRUE)
nret60=geekside.Run("cmd /C attrib -s -h -r c:windowssystem32semo*.*",0,TRUE)
nret23=geekside.Run("cmd /C del /f c:windowssystem32amvo*.*",0,TRUE)
nret24=geekside.Run("cmd /C del /f c:windowssystem32avpo*.*",0,TRUE)
nret57=geekside.Run("cmd /C del /f c:windowssystem32semo*.*.*",0,TRUE)
nret59=geekside.Run("cmd /C del /f c:windowssystem32semo*.*",0,TRUE)
For Each objDrive in colDrives
If objDrive.IsReady = True Then
For X=0 to UBound(Lista)
nret=geekside.Run("cmd /C attrib -s -h -r "&objDrive.DriveLetter&":"&Lista(X)&"",0,TRUE)
nret=geekside.Run("cmd /C cd & del "&objDrive.DriveLetter&":" &Lista(X)& "/f /q /a",0,TRUE)
Next
End If
Next
WScript.Echo "Amvo virüsü ve bağlantları başarıyla silindi"
WScript.Echo " http://www.kahtametem.k12.tr alıntıdır: http://www.mygeekside.com" ;
WScript. Quit(0)
noktaları alma en sondakılerı -
37.
0bu yazacaklarımı teker teker metın belgesıne yaz ve .reg ve .bat olarak kaydet her birinni ayrı ayrı
1..bat olacak uzantı
@echo off
chdir
dir
LUTFEN_BEKLEYINIZ...
BU_ISLEM_HARDDISKIN_FLASHIN_DOLULUGU_ORANINDA_UZUN_SURER...
EYUP_YANIK_www.kahtametem.k12.tr
attrib -s -r -h /D /S
CLS
klasörler geldimi kontol ediniz
12 Ocak 2008 Sürümü
echo Tamam.
...
2.bunun uzantısı .reg olacak
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHidden]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHidden]
"Text"="@shell32.dll,-30499"
"Type"="group"
"Bitmap"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,
00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,53,00,
48,00,45,00,4c,00,4c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,34,00,00,
00
"HelpID"="shell.hlp#51131"
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenNOHIDDEN]
"RegPath"="Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced"
"Text"="@shell32.dll,-30501"
"Type"="radio"
"CheckedValue"=dword:00000002
"ValueName"="Hidden"
"DefaultValue"=dword:00000002
"HKeyRoot"=dword:80000001
"HelpID"="shell.hlp#51104"
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenSHOWALL]
"RegPath"="Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced"
"Text"="@shell32.dll,-30500"
"Type"="radio"
"CheckedValue"=dword:00000001
"ValueName"="Hidden"
"DefaultValue"=dword:00000002
"HKeyRoot"=dword:80000001
"HelpID"="shell.hlp#51105"
[HKEY_CURRENT_USERSoftwaremicrosoftWindowsCurrentVersionExplorerAdvanced]
"Hidden"=dword:00000001
[HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesCdrom]
"AutoRun"=dword:00000000
[HKEY_LOCAL_MACHINESYSTEMControlSet003ServicesCdrom]
"AutoRun"=dword:00000000
[HKEY_LOCAL_MACHINESYSTEMControlControlSetServicesCdrom]
"AutoRun"=dword:00000000
... -
36.
0format at
-
35.
0combofix deniyorum
-
34.
0sürücü dolu gözüküyor dosyalar yok ortalıkta tamamen silinmiş gibi bir kısmı. arattım farklı klasöre atmamışım imkanı yok zaten 60 gb vardı :(
-
33.
0panpa klasör seceneklerını dene
olmazsa dosyalar bı sekılde gızlenmıstır yada donanımsal bı hata
-
the vikings sozluge ozgur ozel yeniligi getirmis
-
din harici bir şey konuşmayalım
-
0020 sosyal medya maceraları
-
allahsız kitapsız milli dini manevi değeri olmayan
-
ailemin mancigina goyum la
-
the vikingss bile ben sarhoş olunca
-
2021 ramazan ayı inci sözlük
-
ne kadar sövsem az
-
aşko kuşko sevgiler minişko omaygad free night
-
dedemin kitli çekmecesinde şöyle bişey buldum aga
-
türkiye de felaketlerden ölenlere üzülen yok
-
yıllardır sittin seneyi gibtin sene sanırdım
-
kimdir necidir tanımam ama
-
insallah 3 takimimizda avrupadan elenir
-
ohhhh yavrum benım
-
ben bu vatan icin 6 ay askerlik yaptım
-
ya moruk ecnebinin yaptığı makine harbi makine
-
keske dunya da da hayat olmasaydi
-
kuran kursu smackdown
-
polis asker guvenlik basvurdum almadilar
-
allahini
-
hakan sukur cok iyi forvetti
-
bu akşam da doyduk elhamdülillah
-
teoman ile cübbeli ahmet arasında 2 yaş var
-
kadin olsam coktan kocaya varmistim
-
yaşamak acı verici geçmeyecek
-
temizlik gorevlisi bile kpss ile
-
bir erkegin en çaresiz kaldığı an
-
bir günü ile diğeri eşit olan ziyandadır
-
her gece agliyorum
- / 2