WolfWorld Posted May 22, 2007 Share Posted May 22, 2007 (edited) It Not A real ANTIVirus it con only direct process virus onlyOKNO INSTALL NEEDThis is a Demo that will see autoit3.exe as a virus Download : http://www.adload.co.nr/LowAntivirus-Demo.exeexpandcollapse popup$virus = 'Autoit3.exe' Dim $arrComputers, $strQuery, $SINK, $objContext, $objWMIService, $objAsyncContextItem, $return, $account $arrComputers = _ArrayCreate(".") $strQuery = "SELECT * FROM __InstanceCreationEvent WITHIN 1 WHERE TargetInstance ISA 'Win32_Process'" $SINK = ObjCreate("WbemScripting.SWbemSink") ObjEvent($SINK, "SINK_") For $strComputer In $arrComputers $objContext = ObjCreate("WbemScripting.SWbemNamedValueSet") $objContext.Add ("hostname", $strComputer) $objContext.Add ("SinkName", "sinktest") $objWMIService = ObjGet("winmgmts:!\\" & $strComputer) If Not @error Then $objWMIService.ExecNotificationQueryAsync ($SINK, $strQuery, Default, Default, Default, $objContext) EndIf Next While 1 Sleep(500) WEnd Func scan($fn) If $virus = $fn Then $tvirus = ProcessExists($fn) If $tvirus Then ProcessClose($tvirus) EndIf EndFunc ;==>scan ;****************************************************************************** Func SINK_OnObjectReady($objLatestEvent, $objAsyncContext) ;Trap asynchronous events. Local $essai1, $essai2 $objAsyncContextItem = $objAsyncContext.Item ("hostname") $filename = $objLatestEvent.TargetInstance.Properties_.item ("Name").value scan($filename) EndFunc ;==>SINK_OnObjectReady Func sink_onprogress($iUpperBound, $iCurrent, $strMessage, $objWbemAsyncContext) EndFunc ;==>sink_onprogressFULL VERSIONDOWNLOAD : http://www.adload.co.nr/LowAntivirus.exe Version 0.5 BetaUpdate at http://www.adload.co.nr/Links.txtPut Links.txt in LowAntivirus.exe DirectionDownload Virus for testing(It not a real virus) http://www.adload.co.nr/scvhost.exe(It will close the LAV and put a message ATTACK This IS A LOOP) This show the reloader of LAV and It will killVersion 0.5 BetaADD Change the reloader as a temp file and system file and readonlyVersion 0.4 BetaFix/ADD ADD Full Scan after been close by a virus(Fix because it will not see it in Real time scan because it has been load)Version 0.3 BetaADD Unclose able can't not beclose(If you want to close it shutdown)Version 0.2 BetaADD Register FIX or DeleteVersion 0.1 BetaFirst version scan for process virus only Edited May 23, 2007 by athiwatc Main project - Eat Spaghetti - Obfuscate and Optimize your script. The most advance add-on.Website more of GadGets! Link to comment Share on other sites More sharing options...
jokke Posted May 22, 2007 Share Posted May 22, 2007 I like the idea. How are you going to store your definitions list ? UDF:Crypter a file encrypt / decrypt tool with no need to remember a password again. Based on Caesar cipher using entire ASCII Table.Script's: PixelSearch Helper, quick and simple way to create a PixelSeach.Chatserver - simplified, not so complicated multi-socket server.AutoIT - Firewall, simple example on howto create a firewall with AutoIt. Link to comment Share on other sites More sharing options...
James Posted May 22, 2007 Share Posted May 22, 2007 Hmm.. So it will read a file to see if it is a virus. Hmm.. Why use AutoIt.exe as the virus in this demo? Blog - Seriously epic web hosting - Twitter - GitHub - Cachet HQ Link to comment Share on other sites More sharing options...
WolfWorld Posted May 22, 2007 Author Share Posted May 22, 2007 I like the idea. How are you going to store your definitions list ? Like This [version] signature=10 [Data] antivirus=4D2969927476FC850360A276E7E5EC110C11EC7E83151377CB98FB74C0B78A2DC92895072C60EE7887122CF058 859DF99E0B26BF59BAC1D973996DB3001E10C722FB5E027FB9995FB5C99EAEBFC6260BB543F00E66BDFC1C714721709799C0 35219FE9F663F89350839107D722D70FD5BB9A42D2F972CE165F21B8FF8059ADDEAEEFB102FB5B5535DBC33DE0EA6874436F 70F93EE07E5A14F42F2D2DC9E3B52E4FF977BEE6A58523790EE6949602134449490726C82C9DA8B2534E5070CE8FF355C75A 9E4B53E6D44E14EF5007E06CE3B5C1A9ACFB141213921EA61DE0438058596196A415198FA726AEF2CCD36358AABFA81AC421 DA3F43C7E53311828FCE4A659B4CAE05CCB9FFE76E70379BD697CE7094511DF6BCF14B521FCF10A2D1EA981C5488A1C59DC0 26E3E9719620FDDFE833DED1984A1A3BA15FE54EFB18B59F328E4BA318184865D6438D3ABE70C6275456C63AAD969824896A 87930AE5438D213C16D33B299607A03505ACD83074F00F62A3F0C29B26C5CB250D49CA31FD3A0CD73CA34A952FD6FCEFFDAA 58DB734C870622E71189C1D9E99EFFD6FAB1FCB1F8F8F1454F1286953CB6D403EBFE05E3134BEB6C8E0BE9AFCF643B7CC29B CED12714B5F67562AE4F7DFC52B3436BDEA75E425C21526CEE803E1878E945262F318AC6220A0BF3422CC372F71FDE34EEBE 4E719B40A75DF416AA62F0D4575560 sumcheck=B7CD74FDB71F15CFBE8C9E2E0BA22F6C Main project - Eat Spaghetti - Obfuscate and Optimize your script. The most advance add-on.Website more of GadGets! Link to comment Share on other sites More sharing options...
WolfWorld Posted May 22, 2007 Author Share Posted May 22, 2007 (edited) Hmm.. So it will read a file to see if it is a virus. Hmm.. Why use AutoIt.exe as the virus in this demo?It the only things in my brain at that time srry Edited May 22, 2007 by athiwatc Main project - Eat Spaghetti - Obfuscate and Optimize your script. The most advance add-on.Website more of GadGets! Link to comment Share on other sites More sharing options...
James Posted May 22, 2007 Share Posted May 22, 2007 Oh ok. Well its a good idea Blog - Seriously epic web hosting - Twitter - GitHub - Cachet HQ Link to comment Share on other sites More sharing options...
BillLuvsU Posted May 22, 2007 Share Posted May 22, 2007 I made somthing like this a while back, I just hijacked Norton's definitions using secret ninja (and most likely illegal) methods. But some small suggestions: 1.Make it run as a service. 2.Make sure the process can't be closed. 3.I think there was a UDF some where you can delete the file of a running process. Love it. 4.Figure out how to monitor windows api calls, and look for suspicious stuff like the deletion or modification of system files. Hope these help, lates. [center][/center]Working on the next big thing.Currently Playing: Halo 4, League of LegendsXBL GT: iRememberYhslaw Link to comment Share on other sites More sharing options...
WolfWorld Posted May 23, 2007 Author Share Posted May 23, 2007 I made somthing like this a while back, I just hijacked Norton's definitions using secret ninja (and most likely illegal) methods. But some small suggestions:1.Make it run as a service.2.Make sure the process can't be closed.3.I think there was a UDF some where you can delete the file of a running process. Love it.4.Figure out how to monitor windows api calls, and look for suspicious stuff like the deletion or modification of system files.Hope these help, lates.Thanks can you help me find the UDF I can't find itand 2. I don't know how ?? I try on exit but it work on exit on not on close process Main project - Eat Spaghetti - Obfuscate and Optimize your script. The most advance add-on.Website more of GadGets! Link to comment Share on other sites More sharing options...
James Posted May 23, 2007 Share Posted May 23, 2007 I ran AutoIt exe but nothing happened. It didnt close it. Blog - Seriously epic web hosting - Twitter - GitHub - Cachet HQ Link to comment Share on other sites More sharing options...
WolfWorld Posted May 23, 2007 Author Share Posted May 23, 2007 (edited) I ran AutoIt exe but nothing happened. It didnt close it.Sir it not AutoIt exe It Autoit3 exe << Right try again1 More Things it will kill it self if you do not complie it because it name will be autoit3.exe to Edited May 23, 2007 by athiwatc Main project - Eat Spaghetti - Obfuscate and Optimize your script. The most advance add-on.Website more of GadGets! Link to comment Share on other sites More sharing options...
James Posted May 23, 2007 Share Posted May 23, 2007 Crap. Wrong thing. Lol, sorry dude. Blog - Seriously epic web hosting - Twitter - GitHub - Cachet HQ Link to comment Share on other sites More sharing options...
WolfWorld Posted May 23, 2007 Author Share Posted May 23, 2007 Crap. Wrong thing. Lol, sorry dude. :) Main project - Eat Spaghetti - Obfuscate and Optimize your script. The most advance add-on.Website more of GadGets! Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now