Myanmar IT Resource Forum
Myanmar IT Resource Forum

You are not connected. Please login or register

View previous topic View next topic Go down  Message [Page 1 of 1]

1 Loikaw virus killer on 24th June 2009, 9:41 pm

nyinyinaing


MITR New User



ေတြ႔တာနဲ႔ တင္လိုက္တယ္ေနာ္
တစ္ျခားဆိုဒ္ကေန ကိုယ့္ဆိုဒ္မွာလဲ ၀င္သံုးရင္းနဲ႔ အဆင္ေျပေအာင္လို႔
ဘယ္လိုမွ မထင္ၾကပါနဲ႔ဗ်ာ
[You must be registered and logged in to see this link.] ကေန တစ္ဆင့္ေဖာ္ျပလိုက္ပါတယ္
Code:
http://www.mediafire.com/?tnrlw22uyy1

2 Re: Loikaw virus killer on 31st August 2009, 4:21 pm

rhythm


VIP Member



VIP Member
Loikaw Virus Removal ကိုေရးထားတဲ့ VB Script ကေတာ့ ေအာက္ပါအတိုင္းျဖစ္ပါတယ္။
Team DVT ရဲ႕ Everstrike Software နဲ႕ pack လုပ္ထားပံုပါပဲ။
[You must be registered and logged in to see this image.]

Code:
' ----- ExeScript Options Begin -----
' ScriptType: window
' DestDirectory: temp
' Icon: C:\gear.ico
' OutputFile: C:\Documents and Settings\Server\Desktop\backuploikaw\Loikaw Virus Removal.exe
' Comments: Removal Tool Made By Nay Lin Han
' CompanyName: Myanmar Chat Online
' FileDescription: 1.0.0.1
' LegalCopyright: [You must be registered and logged in to see this link.]
' ProductName: 1.0.0.1
' ----- ExeScript Options End -----
dim objFSO
Set oShell = CreateObject("Wscript.Shell")
strUserName = oShell.ExpandEnvironmentStrings("%UserName%")
strWinDir = oShell.ExpandEnvironmentStrings("%SYSTEMROOT%")
strWinDiv = oShell.ExpandEnvironmentStrings("%SYSTEMDRIVE%")
strTemp = oShell.ExpandEnvironmentStrings("%TEMP%")

Set objFSO = CreateObject("Scripting.FileSystemObject")

oShell.run "REG Delete HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /f",0,true
oShell.run "taskkill /F /IM Iexplorer.exe",0,true


Function KillProcess(strProcessName)
    Dim oProcess
    KillProcess = False
    For Each oProcess in GetObject("winmgmts:").InstancesOf("Win32_Process")
        If InStr(UCase(strProcessName), UCase(oProcess.Name)) <> 0 Then
            oProcess.Terminate()
            KillProcess = True
            Exit Function
        End If
    Next
End Function

KillProcess("extramain.exe")
KillProcess(strUserName & ".exe")
KillProcess("Loikaw.exe")
KillProcess("control.exe")



If objFSO.FileExists( strWinDir & "\system32\extramain.exe") Then
    Set Virus1 = objFSO.GetFile( strWinDir & "\system32\extramain.exe")
        If Virus1.Attributes = Virus1.Attributes AND 4 Then
            Virus1.Attributes = Virus1.Attributes - 4 -2 -1
        End If
    objFSO.DeleteFile( strWinDir & "\system32\extramain.exe")
End If

If objFSO.FileExists( strWinDir & "\" & strUserName & ".exe") Then
    Set Virus2 = objFSO.GetFile( strWinDir & "\" & strUserName & ".exe")
        If Virus2.Attributes = Virus2.Attributes AND 4 Then
            Virus2.Attributes = Virus2.Attributes - 4 -2 -1
        End If
    objFSO.DeleteFile( strWinDir & "\" & strUserName & ".exe")
End If

If objFSO.FileExists( strWinDir & "\system32\Iexplorer.exe") Then
    Set Virus3 = objFSO.GetFile( strWinDir & "\system32\Iexplorer.exe")
        If Virus3.Attributes = Virus3.Attributes AND 4 Then
            Virus3.Attributes = Virus3.Attributes - 4 -2 -1
        End If

    objFSO.DeleteFile( strWinDir & "\system32\Iexplorer.exe")
End If

If objFSO.FileExists( strWinDiv & "\Documents and Settings\" & StrUserName & "\Application Data\control.exe") Then
    Set Virus4 = objFSO.GetFile( strWinDiv & "\Documents and Settings\" & StrUserName & "\Application Data\control.exe")
        If Virus4.Attributes = Virus4.Attributes AND 4 Then
            Virus4.Attributes = Virus4.Attributes - 4 -2 -1
        End If

    objFSO.DeleteFile( strWinDiv & "\Documents and Settings\" & StrUserName & "\Application Data\control.exe")
End If

If objFSO.FileExists( strWinDir & "\Loikaw.exe") Then
    Set Virus5 = objFSO.GetFile( strWinDir & "\Loikaw.exe")
        If Virus5.Attributes = Virus5.Attributes AND 1 Then
            Virus5.Attributes = Virus5.Attributes -1
        End If

    objFSO.DeleteFile( strWinDir & "\Loikaw.exe")
End If


If objFSO.FileExists( strWinDiv & "\Documents and Settings\" & StrUserName & "\Desktop\Virus Information.txt") Then
    objFSO.DeleteFile( strWinDiv & "\Documents and Settings\" & StrUserName & "\Desktop\Virus Information.txt")
End If

strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")

Set colDiskDrives = objWMIService.ExecQuery("SELECT * FROM Win32_DiskDrive WHERE InterfaceType = 'USB'")
 
For Each objDrive In colDiskDrives

    strDeviceID = Replace(objDrive.DeviceID, "\", "\\")
    Set colPartitions = objWMIService.ExecQuery ("ASSOCIATORS OF {Win32_DiskDrive.DeviceID=""" & strDeviceID & """} WHERE AssocClass = " & "Win32_DiskDriveToDiskPartition")
 
    For Each objPartition In colPartitions

        Set colLogicalDisks = objWMIService.ExecQuery("ASSOCIATORS OF {Win32_DiskPartition.DeviceID=""" & objPartition.DeviceID & """} WHERE AssocClass = " & "Win32_LogicalDiskToPartition")
 
        For Each objLogicalDisk In colLogicalDisks
            TargetPath = objLogicalDisk.DeviceID

        If objFSO.FileExists( TargetPath & "\autorun.inf") Then
            Set aut = objFSO.GetFile( TargetPath & "\autorun.inf")
        If aut.Attributes = aut.Attributes AND 4 Then
            aut.Attributes = aut.Attributes -4 -2 -1
        End If
            objFSO.DeleteFile( TargetPath & "\autorun.inf")
        End If

        If objFSO.FileExists( TargetPath & "\For You.exe") Then
            Set vis1 = objFSO.GetFile( TargetPath & "\For You.exe")
        If vis1.Attributes = vis1.Attributes AND 1 Then
            vis1.Attributes = vis1.Attributes -4 -2 -1
        End If
            objFSO.DeleteFile( TargetPath & "\For You.exe")
        End If


        If objFSO.FileExists( TargetPath & "\Loikawhacking.day.com") Then
            Set lkhkd = objFSO.GetFile( TargetPath & "\Loikawhacking.day.com")
        If lkhkd.Attributes = lkhkd.Attributes AND 4 Then
            lkhkd.Attributes = lkhkd.Attributes -4 -2 -1
        End If
            objFSO.DeleteFile( TargetPath & "\Loikawhacking.day.com")
        End If
 
        Next
    Next


Next

Set colDiskDrives = objWMIService.ExecQuery("SELECT * FROM Win32_DiskDrive WHERE InterfaceType = 'IDE'")
 
For Each objDrive In colDiskDrives

    strDeviceID = Replace(objDrive.DeviceID, "\", "\\")
    Set colPartitions = objWMIService.ExecQuery ("ASSOCIATORS OF {Win32_DiskDrive.DeviceID=""" & strDeviceID & """} WHERE AssocClass = " & "Win32_DiskDriveToDiskPartition")
 
    For Each objPartition In colPartitions

        Set colLogicalDisks = objWMIService.ExecQuery("ASSOCIATORS OF {Win32_DiskPartition.DeviceID=""" & objPartition.DeviceID & """} WHERE AssocClass = " & "Win32_LogicalDiskToPartition")
 
        For Each objLogicalDisk In colLogicalDisks
            TargetPath = objLogicalDisk.DeviceID

        If objFSO.FileExists( TargetPath & "\autorun.inf") Then
            Set aut = objFSO.GetFile( TargetPath & "\autorun.inf")
        If aut.Attributes = aut.Attributes AND 4 Then
            aut.Attributes = aut.Attributes -4 -2 -1
        End If
            objFSO.DeleteFile( TargetPath & "\autorun.inf")
        End If

        If objFSO.FileExists( TargetPath & "\Temp.pif") Then
            Set tmp = objFSO.GetFile( TargetPath & "\Temp.pif")
        If tmp.Attributes = tmp.Attributes AND 4 Then
            tmp.Attributes = tmp.Attributes -4 -2 -1
        End If
            objFSO.DeleteFile( TargetPath & "\Temp.pif")
        End If

        Next
    Next


Next

Set colDiskDrives = objWMIService.ExecQuery("SELECT * FROM Win32_DiskDrive WHERE InterfaceType = 'SATA'")
 
For Each objDrive In colDiskDrives

    strDeviceID = Replace(objDrive.DeviceID, "\", "\\")
    Set colPartitions = objWMIService.ExecQuery ("ASSOCIATORS OF {Win32_DiskDrive.DeviceID=""" & strDeviceID & """} WHERE AssocClass = " & "Win32_DiskDriveToDiskPartition")
 
    For Each objPartition In colPartitions

        Set colLogicalDisks = objWMIService.ExecQuery("ASSOCIATORS OF {Win32_DiskPartition.DeviceID=""" & objPartition.DeviceID & """} WHERE AssocClass = " & "Win32_LogicalDiskToPartition")
 
        For Each objLogicalDisk In colLogicalDisks
            TargetPath = objLogicalDisk.DeviceID

        If objFSO.FileExists( TargetPath & "\autorun.inf") Then
            Set aut = objFSO.GetFile( TargetPath & "\autorun.inf")
        If aut.Attributes = aut.Attributes AND 4 Then
            aut.Attributes = aut.Attributes -4 -2 -1
        End If
            objFSO.DeleteFile( TargetPath & "\autorun.inf")
        End If

        If objFSO.FileExists( TargetPath & "\Temp.pif") Then
            Set tmp = objFSO.GetFile( TargetPath & "\Temp.pif")
        If tmp.Attributes = tmp.Attributes AND 4 Then
            tmp.Attributes = tmp.Attributes -4 -2 -1
        End If
            objFSO.DeleteFile( TargetPath & "\Temp.pif")
        End If

        Next
    Next


Next

Dim WshShell
Set WshShell = WScript.CreateObject("WScript.Shell")
On Error Resume Next
WshShell.RegDelete "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\system\DisableRegistryTools"
On Error Resume Next
WshShell.RegDelete "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\system\DisableTaskMgr"
On Error Resume Next
WshShell.RegDelete "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun"
On Error Resume Next
WshShell.RegDelete "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions"
On Error Resume Next
WshShell.RegDelete "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\system\DisableRegistryTools"
On Error Resume Next
WshShell.RegDelete "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\system\DisableTaskMgr"
On Error Resume Next
WshShell.RegDelete "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun"
On Error Resume Next
WshShell.RegDelete "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions"
On Error Resume Next
WshShell.RegDelete "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ * "
On Error Resume Next
WshShell.RegDelete "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Load"
On Error Resume Next
WshShell.RegWrite "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit", "C:\WINDOWS\system32\userinit.exe,", "REG_SZ"
On Error Resume Next
WshShell.RegWrite "HKCR\.bat\", "batfile", "REG_SZ"
On Error Resume Next
WshShell.RegWrite "HKCR\.cmd\", "cmdfile", "REG_SZ"
On Error Resume Next
WshShell.RegWrite "HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\DefaultIcon\", "%SystemRoot%\Explorer.exe,0", "REG_EXPAND_SZ"
On Error Resume Next

Wscript.Echo "" & vbCrLf & "Loikaw.exe Virus Successfully Removed !!" & vbCrLf & "Restart Your Computer."  & vbCrLf & ""  & vbCrLf & "Removal Tool Made By :" & vbCrLf & "[You must be registered and logged in to see this link.] & vbCrLf & "Thank You."

http://myanmarcrackingteam.blog.com

3 Re: Loikaw virus killer on 31st August 2009, 7:20 pm

N@Y Y!N3


Moderator



Moderator
အင္း .. loikaw Virus ဆိုမွ .. က်ေနာ့္ဆီမွာ ရွိတာေလး ျပန္ရွဲလိုက္ပါတယ္ဗ်ာ .. MZ ကပါ .. MZ AIO လို႔ေခၚပါတယ္ ...

တျခား Virus removal ေတြလည္း ပါ ပါတယ္ .. အားလံုးပဲ စမ္းၾကည့္ၾကပါ ...


MZ AIO

[You must be registered and logged in to see this link.]


credits: MZ



I'm not afraid to walk this world ALONE !

4 Re: Loikaw virus killer on 1st September 2009, 6:35 pm

Opera


MITR Reader



MITR Reader
၀ိုး.... Good တယ္

ကို rhythm ကေတာ့ Crack မယ္ဆုိတာခ်ည္းဘဲေနာ္...

က်ေနာ္တုိ႔ကို လည္း Cracker Guide အၿပင္ တၿခား TuT ေလးေတြ ၿမန္မာလုိေရးၿပီး ဒီဖိုရမ္မွာ တင္ေပးပါဦးဗ်ာ.. ဖတ္ခ်င္လြန္းလို႔ပါ...
________________________

MZ AIO မွာ Virus ဆန္ဆန္ Code တခ်ိဳ႕ပါေၾကာင္း သတိေပးလုိပါတယ္။
သူမ်ား AIO ကို နာမည္ဖ်က္တာမဟုတ္ဘူးေနာ္...

5 Re: Loikaw virus killer on 1st September 2009, 7:00 pm

C0D3R


MITR Master



MITR Master
MZ AIO မွာ Virus ဆန္ဆန္ Code တခ်ိဳ႕ပါေၾကာင္း သတိေပးလုိပါတယ္။

ဘာစာေၾကာင္းေလးေတြလဲဟင္

သိခ်င္တယ္

http://www.myanmaritresource.info

6 Re: Loikaw virus killer on 1st September 2009, 7:02 pm

Opera


MITR Reader



MITR Reader
သိခ်င္ရင္ ေလ့လာပါ.... Very Happy
စတာပါ...

သံုးၾကည့္လိုက္ပါ...
အေပၚက Code ကို မၾကည့္ပါနဲ႔ဦး
သံုးလိုက္ရင္သိသြားမွာပါ...

"အရမ္းခ်စ္တယ္ Virus " ကို သတ္လို႔ရေအာင္ လုပ္တဲ့ Removal နဲ႔ သက္ဆုိင္ပါတယ္။

7 Re: Loikaw virus killer on 1st September 2009, 7:26 pm

N@Y Y!N3


Moderator



Moderator
Opera wrote:
"အရမ္းခ်စ္တယ္ Virus " ကို သတ္လို႔ရေအာင္ လုပ္တဲ့ Removal နဲ႔ သက္ဆုိင္ပါတယ္။

ဟုတ္ပါတယ္ .. အဲဒီ removal ကို virus အေနနဲ႔ပဲ ျပန္လုပ္ထားတာပါ .. ဒါေၾကာင့္ မိတ္ေဆြတို႔ ကြန္ပ်ဴတာမွာ ဆို Virus Detect လုပ္ပါလိမ့္မယ္ .. ေက်းဇူးတင္ပါတယ္ ..

AIO ဆိုေတာ့ အသံုး၀င္မယ္ထင္လို႔ တင္ေပးထားျခင္းျဖစ္ပါတယ္ ..



I'm not afraid to walk this world ALONE !

8 Re: Loikaw virus killer Today at 2:34 pm

Sponsored content


View previous topic View next topic Back to top  Message [Page 1 of 1]

Permissions in this forum:
You cannot reply to topics in this forum

 

How to make a forum | © PunBB | Free forum support | Contact | Report an abuse | Free forum