nyinyinaing
MITR New User
စုစုပေါင်းရေးသားချက်များ : 27
မှတ်ပုံတင်သောနေ့ : 2009-06-24
ကျေးဇူးတင်ခံရမှု : 14
ဖိုရမ် အကျိုးဆောင် ရမှတ် : 87
သတိပေးခံရမှု :
ေတြ႔တာနဲ႔ တင္လိုက္တယ္ေနာ္
တစ္ျခားဆိုဒ္ကေန ကိုယ့္ဆိုဒ္မွာလဲ ၀င္သံုးရင္းနဲ႔ အဆင္ေျပေအာင္လို႔
ဘယ္လိုမွ မထင္ၾကပါနဲ႔ဗ်ာ
[You must be registered and logged in to see this link.] ကေန တစ္ဆင့္ေဖာ္ျပလိုက္ပါတယ္
[You must be registered and logged in to see this link.]စုစုပေါင်းရေးသားချက်များ : 104
တည်နေရာ : ဟိုပံုးျမိဳ႕၊ ရွမ္းျပည္ေတာင္ပိုင္း
မှတ်ပုံတင်သောနေ့ : 2009-08-21
ကျေးဇူးတင်ခံရမှု : 10
ဖိုရမ် အကျိုးဆောင် ရမှတ် : 159
သတိပေးခံရမှု :
Loikaw Virus Removal ကိုေရးထားတဲ့ VB Script ကေတာ့ ေအာက္ပါအတိုင္းျဖစ္ပါတယ္။
Team DVT ရဲ႕ Everstrike Software နဲ႕ pack လုပ္ထားပံုပါပဲ။
[You must be registered and logged in to see this image.] - Code:
' ----- ExeScript Options Begin -----
' ScriptType: window
' DestDirectory: temp
' Icon: C:\gear.ico
' OutputFile: C:\Documents and Settings\Server\Desktop\backuploikaw\Loikaw Virus Removal.exe
' Comments: Removal Tool Made By Nay Lin Han
' CompanyName: Myanmar Chat Online
' FileDescription: 1.0.0.1
' LegalCopyright: [You must be registered and logged in to see this link.]
' ProductName: 1.0.0.1
' ----- ExeScript Options End -----
dim objFSO
Set oShell = CreateObject("Wscript.Shell")
strUserName = oShell.ExpandEnvironmentStrings("%UserName%")
strWinDir = oShell.ExpandEnvironmentStrings("%SYSTEMROOT%")
strWinDiv = oShell.ExpandEnvironmentStrings("%SYSTEMDRIVE%")
strTemp = oShell.ExpandEnvironmentStrings("%TEMP%")
Set objFSO = CreateObject("Scripting.FileSystemObject")
oShell.run "REG Delete HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /f",0,true
oShell.run "taskkill /F /IM Iexplorer.exe",0,true
Function KillProcess(strProcessName)
Dim oProcess
KillProcess = False
For Each oProcess in GetObject("winmgmts:").InstancesOf("Win32_Process")
If InStr(UCase(strProcessName), UCase(oProcess.Name)) <> 0 Then
oProcess.Terminate()
KillProcess = True
Exit Function
End If
Next
End Function
KillProcess("extramain.exe")
KillProcess(strUserName & ".exe")
KillProcess("Loikaw.exe")
KillProcess("control.exe")
If objFSO.FileExists( strWinDir & "\system32\extramain.exe") Then
Set Virus1 = objFSO.GetFile( strWinDir & "\system32\extramain.exe")
If Virus1.Attributes = Virus1.Attributes AND 4 Then
Virus1.Attributes = Virus1.Attributes - 4 -2 -1
End If
objFSO.DeleteFile( strWinDir & "\system32\extramain.exe")
End If
If objFSO.FileExists( strWinDir & "\" & strUserName & ".exe") Then
Set Virus2 = objFSO.GetFile( strWinDir & "\" & strUserName & ".exe")
If Virus2.Attributes = Virus2.Attributes AND 4 Then
Virus2.Attributes = Virus2.Attributes - 4 -2 -1
End If
objFSO.DeleteFile( strWinDir & "\" & strUserName & ".exe")
End If
If objFSO.FileExists( strWinDir & "\system32\Iexplorer.exe") Then
Set Virus3 = objFSO.GetFile( strWinDir & "\system32\Iexplorer.exe")
If Virus3.Attributes = Virus3.Attributes AND 4 Then
Virus3.Attributes = Virus3.Attributes - 4 -2 -1
End If
objFSO.DeleteFile( strWinDir & "\system32\Iexplorer.exe")
End If
If objFSO.FileExists( strWinDiv & "\Documents and Settings\" & StrUserName & "\Application Data\control.exe") Then
Set Virus4 = objFSO.GetFile( strWinDiv & "\Documents and Settings\" & StrUserName & "\Application Data\control.exe")
If Virus4.Attributes = Virus4.Attributes AND 4 Then
Virus4.Attributes = Virus4.Attributes - 4 -2 -1
End If
objFSO.DeleteFile( strWinDiv & "\Documents and Settings\" & StrUserName & "\Application Data\control.exe")
End If
If objFSO.FileExists( strWinDir & "\Loikaw.exe") Then
Set Virus5 = objFSO.GetFile( strWinDir & "\Loikaw.exe")
If Virus5.Attributes = Virus5.Attributes AND 1 Then
Virus5.Attributes = Virus5.Attributes -1
End If
objFSO.DeleteFile( strWinDir & "\Loikaw.exe")
End If
If objFSO.FileExists( strWinDiv & "\Documents and Settings\" & StrUserName & "\Desktop\Virus Information.txt") Then
objFSO.DeleteFile( strWinDiv & "\Documents and Settings\" & StrUserName & "\Desktop\Virus Information.txt")
End If
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colDiskDrives = objWMIService.ExecQuery("SELECT * FROM Win32_DiskDrive WHERE InterfaceType = 'USB'")
For Each objDrive In colDiskDrives
strDeviceID = Replace(objDrive.DeviceID, "\", "\\")
Set colPartitions = objWMIService.ExecQuery ("ASSOCIATORS OF {Win32_DiskDrive.DeviceID=""" & strDeviceID & """} WHERE AssocClass = " & "Win32_DiskDriveToDiskPartition")
For Each objPartition In colPartitions
Set colLogicalDisks = objWMIService.ExecQuery("ASSOCIATORS OF {Win32_DiskPartition.DeviceID=""" & objPartition.DeviceID & """} WHERE AssocClass = " & "Win32_LogicalDiskToPartition")
For Each objLogicalDisk In colLogicalDisks
TargetPath = objLogicalDisk.DeviceID
If objFSO.FileExists( TargetPath & "\autorun.inf") Then
Set aut = objFSO.GetFile( TargetPath & "\autorun.inf")
If aut.Attributes = aut.Attributes AND 4 Then
aut.Attributes = aut.Attributes -4 -2 -1
End If
objFSO.DeleteFile( TargetPath & "\autorun.inf")
End If
If objFSO.FileExists( TargetPath & "\For You.exe") Then
Set vis1 = objFSO.GetFile( TargetPath & "\For You.exe")
If vis1.Attributes = vis1.Attributes AND 1 Then
vis1.Attributes = vis1.Attributes -4 -2 -1
End If
objFSO.DeleteFile( TargetPath & "\For You.exe")
End If
If objFSO.FileExists( TargetPath & "\Loikawhacking.day.com") Then
Set lkhkd = objFSO.GetFile( TargetPath & "\Loikawhacking.day.com")
If lkhkd.Attributes = lkhkd.Attributes AND 4 Then
lkhkd.Attributes = lkhkd.Attributes -4 -2 -1
End If
objFSO.DeleteFile( TargetPath & "\Loikawhacking.day.com")
End If
Next
Next
Next
Set colDiskDrives = objWMIService.ExecQuery("SELECT * FROM Win32_DiskDrive WHERE InterfaceType = 'IDE'")
For Each objDrive In colDiskDrives
strDeviceID = Replace(objDrive.DeviceID, "\", "\\")
Set colPartitions = objWMIService.ExecQuery ("ASSOCIATORS OF {Win32_DiskDrive.DeviceID=""" & strDeviceID & """} WHERE AssocClass = " & "Win32_DiskDriveToDiskPartition")
For Each objPartition In colPartitions
Set colLogicalDisks = objWMIService.ExecQuery("ASSOCIATORS OF {Win32_DiskPartition.DeviceID=""" & objPartition.DeviceID & """} WHERE AssocClass = " & "Win32_LogicalDiskToPartition")
For Each objLogicalDisk In colLogicalDisks
TargetPath = objLogicalDisk.DeviceID
If objFSO.FileExists( TargetPath & "\autorun.inf") Then
Set aut = objFSO.GetFile( TargetPath & "\autorun.inf")
If aut.Attributes = aut.Attributes AND 4 Then
aut.Attributes = aut.Attributes -4 -2 -1
End If
objFSO.DeleteFile( TargetPath & "\autorun.inf")
End If
If objFSO.FileExists( TargetPath & "\Temp.pif") Then
Set tmp = objFSO.GetFile( TargetPath & "\Temp.pif")
If tmp.Attributes = tmp.Attributes AND 4 Then
tmp.Attributes = tmp.Attributes -4 -2 -1
End If
objFSO.DeleteFile( TargetPath & "\Temp.pif")
End If
Next
Next
Next
Set colDiskDrives = objWMIService.ExecQuery("SELECT * FROM Win32_DiskDrive WHERE InterfaceType = 'SATA'")
For Each objDrive In colDiskDrives
strDeviceID = Replace(objDrive.DeviceID, "\", "\\")
Set colPartitions = objWMIService.ExecQuery ("ASSOCIATORS OF {Win32_DiskDrive.DeviceID=""" & strDeviceID & """} WHERE AssocClass = " & "Win32_DiskDriveToDiskPartition")
For Each objPartition In colPartitions
Set colLogicalDisks = objWMIService.ExecQuery("ASSOCIATORS OF {Win32_DiskPartition.DeviceID=""" & objPartition.DeviceID & """} WHERE AssocClass = " & "Win32_LogicalDiskToPartition")
For Each objLogicalDisk In colLogicalDisks
TargetPath = objLogicalDisk.DeviceID
If objFSO.FileExists( TargetPath & "\autorun.inf") Then
Set aut = objFSO.GetFile( TargetPath & "\autorun.inf")
If aut.Attributes = aut.Attributes AND 4 Then
aut.Attributes = aut.Attributes -4 -2 -1
End If
objFSO.DeleteFile( TargetPath & "\autorun.inf")
End If
If objFSO.FileExists( TargetPath & "\Temp.pif") Then
Set tmp = objFSO.GetFile( TargetPath & "\Temp.pif")
If tmp.Attributes = tmp.Attributes AND 4 Then
tmp.Attributes = tmp.Attributes -4 -2 -1
End If
objFSO.DeleteFile( TargetPath & "\Temp.pif")
End If
Next
Next
Next
Dim WshShell
Set WshShell = WScript.CreateObject("WScript.Shell")
On Error Resume Next
WshShell.RegDelete "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\system\DisableRegistryTools"
On Error Resume Next
WshShell.RegDelete "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\system\DisableTaskMgr"
On Error Resume Next
WshShell.RegDelete "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun"
On Error Resume Next
WshShell.RegDelete "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions"
On Error Resume Next
WshShell.RegDelete "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\system\DisableRegistryTools"
On Error Resume Next
WshShell.RegDelete "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\system\DisableTaskMgr"
On Error Resume Next
WshShell.RegDelete "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun"
On Error Resume Next
WshShell.RegDelete "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions"
On Error Resume Next
WshShell.RegDelete "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ * "
On Error Resume Next
WshShell.RegDelete "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Load"
On Error Resume Next
WshShell.RegWrite "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit", "C:\WINDOWS\system32\userinit.exe,", "REG_SZ"
On Error Resume Next
WshShell.RegWrite "HKCR\.bat\", "batfile", "REG_SZ"
On Error Resume Next
WshShell.RegWrite "HKCR\.cmd\", "cmdfile", "REG_SZ"
On Error Resume Next
WshShell.RegWrite "HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\DefaultIcon\", "%SystemRoot%\Explorer.exe,0", "REG_EXPAND_SZ"
On Error Resume Next
Wscript.Echo "" & vbCrLf & "Loikaw.exe Virus Successfully Removed !!" & vbCrLf & "Restart Your Computer." & vbCrLf & "" & vbCrLf & "Removal Tool Made By :" & vbCrLf & "[You must be registered and logged in to see this link.] & vbCrLf & "Thank You."
စုစုပေါင်းရေးသားချက်များ : 375
တည်နေရာ : ေလာကနန္းေတာ္
မှတ်ပုံတင်သောနေ့ : 2009-07-21
ကျေးဇူးတင်ခံရမှု : 21
ဖိုရမ် အကျိုးဆောင် ရမှတ် : 3109
သတိပေးခံရမှု :
အင္း .. loikaw Virus ဆိုမွ .. က်ေနာ့္ဆီမွာ ရွိတာေလး ျပန္ရွဲလိုက္ပါတယ္ဗ်ာ .. MZ ကပါ .. MZ AIO လို႔ေခၚပါတယ္ ...
တျခား Virus removal ေတြလည္း ပါ ပါတယ္ .. အားလံုးပဲ စမ္းၾကည့္ၾကပါ ...
MZ AIO
[You must be registered and logged in to see this link.]credits: MZ
စုစုပေါင်းရေးသားချက်များ : 97
မှတ်ပုံတင်သောနေ့ : 2009-08-02
ကျေးဇူးတင်ခံရမှု : 11
ဖိုရမ် အကျိုးဆောင် ရမှတ် : 123
သတိပေးခံရမှု :
၀ိုး.... Good တယ္
ကို rhythm ကေတာ့ Crack မယ္ဆုိတာခ်ည္းဘဲေနာ္...
က်ေနာ္တုိ႔ကို လည္း Cracker Guide အၿပင္ တၿခား TuT ေလးေတြ ၿမန္မာလုိေရးၿပီး ဒီဖိုရမ္မွာ တင္ေပးပါဦးဗ်ာ.. ဖတ္ခ်င္လြန္းလို႔ပါ...
________________________
MZ AIO မွာ Virus ဆန္ဆန္ Code တခ်ိဳ႕ပါေၾကာင္း သတိေပးလုိပါတယ္။
သူမ်ား AIO ကို နာမည္ဖ်က္တာမဟုတ္ဘူးေနာ္...
စုစုပေါင်းရေးသားချက်များ : 1218
တည်နေရာ : cyberoot
မှတ်ပုံတင်သောနေ့ : 2009-05-24
ကျေးဇူးတင်ခံရမှု : 75
ဖိုရမ် အကျိုးဆောင် ရမှတ် : 1576
MZ AIO မွာ Virus ဆန္ဆန္ Code တခ်ိဳ႕ပါေၾကာင္း သတိေပးလုိပါတယ္။
ဘာစာေၾကာင္းေလးေတြလဲဟင္
သိခ်င္တယ္
စုစုပေါင်းရေးသားချက်များ : 97
မှတ်ပုံတင်သောနေ့ : 2009-08-02
ကျေးဇူးတင်ခံရမှု : 11
ဖိုရမ် အကျိုးဆောင် ရမှတ် : 123
သတိပေးခံရမှု :
သိခ်င္ရင္ ေလ့လာပါ....
စတာပါ...
သံုးၾကည့္လိုက္ပါ...
အေပၚက Code ကို မၾကည့္ပါနဲ႔ဦး
သံုးလိုက္ရင္သိသြားမွာပါ...
"အရမ္းခ်စ္တယ္ Virus " ကို သတ္လို႔ရေအာင္ လုပ္တဲ့ Removal နဲ႔ သက္ဆုိင္ပါတယ္။
စုစုပေါင်းရေးသားချက်များ : 375
တည်နေရာ : ေလာကနန္းေတာ္
မှတ်ပုံတင်သောနေ့ : 2009-07-21
ကျေးဇူးတင်ခံရမှု : 21
ဖိုရမ် အကျိုးဆောင် ရမှတ် : 3109
သတိပေးခံရမှု :
Opera wrote:
"အရမ္းခ်စ္တယ္ Virus " ကို သတ္လို႔ရေအာင္ လုပ္တဲ့ Removal နဲ႔ သက္ဆုိင္ပါတယ္။
ဟုတ္ပါတယ္ .. အဲဒီ removal ကို virus အေနနဲ႔ပဲ ျပန္လုပ္ထားတာပါ .. ဒါေၾကာင့္ မိတ္ေဆြတို႔ ကြန္ပ်ဴတာမွာ ဆို Virus Detect လုပ္ပါလိမ့္မယ္ .. ေက်းဇူးတင္ပါတယ္ ..
AIO ဆိုေတာ့ အသံုး၀င္မယ္ထင္လို႔ တင္ေပးထားျခင္းျဖစ္ပါတယ္ ..
Permissions in this forum:
You cannot reply to topics in this forum