|
Joined: Feb 2003
Posts: 3,432
Hoopy frood
|
OP
Hoopy frood
Joined: Feb 2003
Posts: 3,432 |
I have a scripted virus for mirc on my computer, now i working on a cleaner for that virus, the problem is that the script have this line: alias unload { /echo -ae *** Unloaded script ' $+ $2- $+ ' | halt } and if you try to unload it it just do a echo then a halt, but the file is still there, and i cant get it to work with /!unload file.name .. any suggestions?
if ($me != tired) { return } | else { echo -a Get a pot of coffee now $+($me,.) }
|
|
|
|
Joined: Jun 2003
Posts: 242
Fjord artisan
|
Fjord artisan
Joined: Jun 2003
Posts: 242 |
* RoCk waits for the punchline
|
|
|
|
Joined: May 2003
Posts: 2,265
Hoopy frood
|
Hoopy frood
Joined: May 2003
Posts: 2,265 |
you scripted a virus, and you want us to help with it?
new username: tidy_trax
|
|
|
|
Joined: Feb 2003
Posts: 3,432
Hoopy frood
|
OP
Hoopy frood
Joined: Feb 2003
Posts: 3,432 |
No, i found it on the net.. this open sockets, then the dude that made it have entered stuff with halted events.. so if you do a /socklist then he have a alias that answwer on that.. and i wanted to get som suggestions how to UNLOAD the script/file.. but he have a alias that halt the unload command.. so i dont know how i can bypass the alias code, i writing a CLEANER that will remove the file, and also clear the %var's.. and make the victim be able to get free from this virus.. and this it only to help ppl.. if you dont know how to script or totaly new on this, then get this file.. then it wont help to reinstall your mirc.. and it wont help to just delete the files.. cos this crap writes to many files in ur system.. so i will clean them, then after thats done i want to unload the file.. and that makes the computer safe again.. the dude did this script to flood ppl with.. he have allot of commands like: !packet and stuff.. and it grabs the IP of the victim and start to flood it.. so i dont trying to make a virus.. i trying to make a thingie that REMOVES it.
if ($me != tired) { return } | else { echo -a Get a pot of coffee now $+($me,.) }
|
|
|
|
Joined: Aug 2003
Posts: 1,831
Hoopy frood
|
Hoopy frood
Joined: Aug 2003
Posts: 1,831 |
Try this... alias restore { alias $$1 } Then you just use /restore unload edit Never mind, it won't work on aliases in remote scripts edit 2 Guess you could do something like.. alias restore {
var %a = $+(",$isalias(unload).fname,")
if $read(%a,w,alias*unload*) {
write -dl $+ $readn %a
.reload -rs %a
}
} The reason for the /reload is to stop warnings about "file X has changed.."
Last edited by Iori; 27/09/03 12:30 AM.
|
|
|
|
Joined: Feb 2003
Posts: 3,432
Hoopy frood
|
OP
Hoopy frood
Joined: Feb 2003
Posts: 3,432 |
Thnx i try that.. its sad to see like 2000+ clones from ppl that have this crap on there computers, just hope that my file can help som of them out.. have been ppl on here that have asked why they cant uninstall the mirc and so on.. this is the reason..
if ($me != tired) { return } | else { echo -a Get a pot of coffee now $+($me,.) }
|
|
|
|
Joined: Feb 2003
Posts: 3,432
Hoopy frood
|
OP
Hoopy frood
Joined: Feb 2003
Posts: 3,432 |
Nope didnt work.. it still just show that echo.. and the file remain loaded in mirc.. and if i use /!unload filename then i get * /unload: insufficient parameters so dunno
if ($me != tired) { return } | else { echo -a Get a pot of coffee now $+($me,.) }
|
|
|
|
Joined: Dec 2002
Posts: 3,138
Hoopy frood
|
Hoopy frood
Joined: Dec 2002
Posts: 3,138 |
Use /!unload [color:red]-nrs file.name[/color].
|
|
|
|
Joined: Feb 2003
Posts: 3,432
Hoopy frood
|
OP
Hoopy frood
Joined: Feb 2003
Posts: 3,432 |
Nope.. that didnt work ether.. * /unload: invalid switch and it dosent mather how i try, that file is loaded befor the "clean" file i doing.. so it takes that unload alias first.. so i cant get it to like ignore the alias in the first file.. so dunno how i can make it unload the file in a safe way.. alias remote { .remote $1- | .remote on | /echo -ae *** Remote is $1- } as u see he have made it like it should look like your remote is set off.. but he temper with every damn alias command.. or make them act like he wants.. so dosent mather if you type /remote off, it still will be set on.. same for all commands i can think off.. and i cant get the damn thing to ignore the alias in hes file.. and i cant unload it in any easy way..
Last edited by sparta; 27/09/03 12:56 AM.
if ($me != tired) { return } | else { echo -a Get a pot of coffee now $+($me,.) }
|
|
|
|
Joined: Dec 2002
Posts: 3,138
Hoopy frood
|
Hoopy frood
Joined: Dec 2002
Posts: 3,138 |
Try removing the n switch then, if you're on an old version (pre v5.91) of mIRC.
|
|
|
|
Joined: Aug 2003
Posts: 1,831
Hoopy frood
|
Hoopy frood
Joined: Aug 2003
Posts: 1,831 |
If you use the code in my second edit, you should then be able to use /unload -rs "filename" (no "!")
|
|
|
|
Joined: Feb 2003
Posts: 3,432
Hoopy frood
|
OP
Hoopy frood
Joined: Feb 2003
Posts: 3,432 |
nope.. tryed it.. didnt remove anything.. and it didnt reload the file, and no error in the status win.. and if your code should work.. shouldent it look true the files in mirc dir and then check for the "alias unload" ? i cant see that it doing that ether.. and it dont show anything in the debug window or in status.. it doing somthing, but not the thing i want it to do
if ($me != tired) { return } | else { echo -a Get a pot of coffee now $+($me,.) }
|
|
|
|
Joined: Aug 2003
Posts: 1,831
Hoopy frood
|
Hoopy frood
Joined: Aug 2003
Posts: 1,831 |
This is what I did to test it.. In script3.mrc I put <a bunch of code>
alias unload {
echo -s * blah
halt
}
<a bunch more code> In a different script I had alias restore {
var %a = $+(",$isalias(unload).fname,")
if $read(%a,w,alias*unload*) {
write -dl $+ $readn %a
.reload -rs %a
}
} Then, I typed //restore | unload -rs "D:\mIRC files\m610\Scripts\script3.mrc"The result: - * Unloaded script 'D:\mIRC files\m610\Scripts\script3.mrc' -
|
|
|
|
Joined: Feb 2003
Posts: 3,432
Hoopy frood
|
OP
Hoopy frood
Joined: Feb 2003
Posts: 3,432 |
All i get is the echo from the file i want to unload by the way, its a ini file..
if ($me != tired) { return } | else { echo -a Get a pot of coffee now $+($me,.) }
|
|
|
|
Joined: Aug 2003
Posts: 1,831
Hoopy frood
|
Hoopy frood
Joined: Aug 2003
Posts: 1,831 |
then use if $read(%a,w, *=alias*unload*) { in the restore alias.
|
|
|
|
Joined: Feb 2003
Posts: 3,432
Hoopy frood
|
OP
Hoopy frood
Joined: Feb 2003
Posts: 3,432 |
* /if: 'unload' unknown operator (line 97, script.mrc) that mrc file is my script i writing on.. so ignore that and i added the line so now it look like
alias restore {
var %a = $+(",$isalias(unload).fname,")
if $read(%a,w,*=alias*unload*) {
write -dl $+ $readn %a
.reload -rs %a
}
}
if ($me != tired) { return } | else { echo -a Get a pot of coffee now $+($me,.) }
|
|
|
|
Joined: Aug 2003
Posts: 1,831
Hoopy frood
|
Hoopy frood
Joined: Aug 2003
Posts: 1,831 |
Or better.. alias restore {
var %a = $+(",$isalias(unload).fname,")
if $read(%a,w,alias*unload*) || $read(%a,w,*=alias*unload*) {
write -dl $+ $readn %a
.reload -rs %a
}
} ..and cover both possibilities.
|
|
|
|
Joined: Feb 2003
Posts: 3,432
Hoopy frood
|
OP
Hoopy frood
Joined: Feb 2003
Posts: 3,432 |
Same error on that one.. "and yes, remote is on"
if ($me != tired) { return } | else { echo -a Get a pot of coffee now $+($me,.) }
|
|
|
|
Joined: Aug 2003
Posts: 1,831
Hoopy frood
|
Hoopy frood
Joined: Aug 2003
Posts: 1,831 |
* /if: 'unload' unknown operator (line 97, script.mrc) That is not from that code. What is line 97?:)
|
|
|
|
Joined: Feb 2003
Posts: 3,432
Hoopy frood
|
OP
Hoopy frood
Joined: Feb 2003
Posts: 3,432 |
if $read(%a,w,alias*unload*) || $read(%a,w,*=alias*unload*) {
thats line 97 in my script file.. have search fetures and stuff to find the file i want to unload abow.. no reason to try to clean a file if its not there.. i can put the script in the top if u like.. but it would give the same error..
* /if: 'unload' unknown operator (line 3, script.mrc)
when i puted it in the start of the file..
alias restore { <<-- line 1 var %a = $+(",$isalias(unload).fname,") <<-- line 2 if $read(%a,w,alias*unload*) || $read(%a,w,*=alias*unload*) <<-- line 3 {
Last edited by sparta; 27/09/03 02:07 AM.
if ($me != tired) { return } | else { echo -a Get a pot of coffee now $+($me,.) }
|
|
|
|
Joined: Aug 2003
Posts: 314
Fjord artisan
|
Fjord artisan
Joined: Aug 2003
Posts: 314 |
/!unload -nrs "C:\path\to\script"
That will definitely work, providing the path you specify is to a file that has been loaded into remotes. Make sure you are specifying the right path, if it has spaces then enclose it in quotes. Type:
//var %i 1 | while $script(%i) { echo -a %i - $ifmatch | dec %i }
To see the full filenames of your loaded scripts
Also: for the unknown operator error use if $read(...) != $null {
|
|
|
|
Joined: Aug 2003
Posts: 1,831
Hoopy frood
|
Hoopy frood
Joined: Aug 2003
Posts: 1,831 |
alias restore { <<-- line 1 var %a = $+(",$isalias(unload).fname,") <<-- line 2 if $read(%a,w,alias*unload*) || $read(%a,w,*=alias*unload*) <<-- line 3 { If I leave it like that (with the brace in the wrong position), I get "insufficient parameters" error, but not an "unknown operator" *shrug*
|
|
|
|
Joined: Feb 2003
Posts: 3,432
Hoopy frood
|
OP
Hoopy frood
Joined: Feb 2003
Posts: 3,432 |
* /unload: invalid switch i didnt belive it could be so hard to unload a file with a damn alias in it..
if ($me != tired) { return } | else { echo -a Get a pot of coffee now $+($me,.) }
|
|
|
|
Joined: Feb 2003
Posts: 3,432
Hoopy frood
|
OP
Hoopy frood
Joined: Feb 2003
Posts: 3,432 |
I just took the lines that was abow the error.. then that litle felow come with it whole code look like
alias restore {
var %a = $+(",$isalias(unload).fname,")
if $read(%a,w,alias*unload*) || $read(%a,w,*=alias*unload*) {
write -dl $+ $readn %a
.reload -rs %a
}
}
just count the lines, line no: 3 is the one i have a problem with..
if ($me != tired) { return } | else { echo -a Get a pot of coffee now $+($me,.) }
|
|
|
|
Joined: Aug 2003
Posts: 1,831
Hoopy frood
|
Hoopy frood
Joined: Aug 2003
Posts: 1,831 |
Well, I don't know what is wrong, here it works exactly as I posted above, it unloads the script...
|
|
|
|
Joined: Feb 2003
Posts: 3,432
Hoopy frood
|
OP
Hoopy frood
Joined: Feb 2003
Posts: 3,432 |
did you add a line in the script you trying to unload
This line: alias unload { /echo -ae *** Unloaded script ' $+ $2- $+ ' | halt }
and i using mirc 6.03 dont know if that should interfare with the code, just an idea
if ($me != tired) { return } | else { echo -a Get a pot of coffee now $+($me,.) }
|
|
|
|
Joined: Aug 2003
Posts: 1,831
Hoopy frood
|
Hoopy frood
Joined: Aug 2003
Posts: 1,831 |
I added it like I posted in this post
|
|
|
|
Joined: Aug 2003
Posts: 1,831
Hoopy frood
|
Hoopy frood
Joined: Aug 2003
Posts: 1,831 |
Hm you know, I was using 6.1. Just tried with 6.03 and it doesn't work, although I don't get any errors.
|
|
|
|
Joined: Aug 2003
Posts: 1,831
Hoopy frood
|
Hoopy frood
Joined: Aug 2003
Posts: 1,831 |
//.timer 1 0 !unload -rs "filename.ini" <- worked in 6.03 & 6.1
|
|
|
|
Joined: Dec 2002
Posts: 1,527
Hoopy frood
|
Hoopy frood
Joined: Dec 2002
Posts: 1,527 |
or manually open your mirc directory find the file called mirc.ini scroll thru it and find a section that looks like this
[afiles] n0=aliases.ini [rfiles] n0=remote.ini n1=remote.ini n2=script.ini
remove the name of the .mrc file from that list under [rfiles]
only do this with your mirc CLOSED... once done restart it and then u should be free from that. DONT forget to DELETE the BAD file from your pc
D3m0nnet.com
|
|
|
|
Joined: Aug 2003
Posts: 1,831
Hoopy frood
|
Hoopy frood
Joined: Aug 2003
Posts: 1,831 |
The point is to do it from a script, a scripted "cleaner" for this file.. .
|
|
|
|
Joined: May 2003
Posts: 2,265
Hoopy frood
|
Hoopy frood
Joined: May 2003
Posts: 2,265 |
ah thats why . i just tried a test on removing the filename from that list with mirc open, it didnt work.
new username: tidy_trax
|
|
|
|
Joined: Feb 2003
Posts: 3,432
Hoopy frood
|
OP
Hoopy frood
Joined: Feb 2003
Posts: 3,432 |
that one did the trick.. thnx
if ($me != tired) { return } | else { echo -a Get a pot of coffee now $+($me,.) }
|
|
|
|
Joined: Aug 2003
Posts: 1,831
Hoopy frood
|
Hoopy frood
Joined: Aug 2003
Posts: 1,831 |
NPs
|
|
|
|
Joined: Dec 2002
Posts: 196
Vogon poet
|
Vogon poet
Joined: Dec 2002
Posts: 196 |
I think /remini works in this case?
|
|
|
|
Joined: Feb 2003
Posts: 3,432
Hoopy frood
|
OP
Hoopy frood
Joined: Feb 2003
Posts: 3,432 |
I still have to unload it.. and i want to make shure the file is unloaded, then i wanted to clear the %variables that was set.. and we solved that. so now my addon is complete
if ($me != tired) { return } | else { echo -a Get a pot of coffee now $+($me,.) }
|
|
|
|
Joined: May 2003
Posts: 161
Vogon poet
|
Vogon poet
Joined: May 2003
Posts: 161 |
|
|
|
|
Joined: Sep 2003
Posts: 5
Nutrimatic drinks dispenser
|
Nutrimatic drinks dispenser
Joined: Sep 2003
Posts: 5 |
Can you imagine? I had 258 e-mails at the same time. It was so awful
|
|
|
|
|