Useful links : Invite Your Friends | Recover password |  Advertising in CM | Join Carding Class


Results 1 to 10 of 10
  1. 04-21-2012, 10:14 PM #1
    4don4i
    4don4i is offline
    Zeus Killer [C & C++] 4don4i's Avatar
    Join Date
    Apr 2012
    Posts
    57

    Zeus Killer [C & C++]

    You can not watch the Post Because You are a Visitor
    If you have already an account at Card Mafia   Do log in as Member

    To complete     &  You can register a new account

    Totally FREE     --

    click Here )
    Nickname
    Password



















    Reply With Quote Reply With Quote
    2. Ad expire 17 February 2020
  2. 12-15-2012, 10:40 PM #2
    precedenceDemon
    precedenceDemon is offline
    Zeus Killer [C & C++]
    Join Date
    Nov 2012
    Posts
    4
    Code:
    #include <windows.h>
#pragma warning(disable : 4005) // macro redefinition
#include <ntdll.h>
#pragma warning(default : 4005)
#include <shlwapi.h>
#include <shlobj.h>
void GetZeusInfo(ULONG dwArg, PCHAR lpOut, DWORD dwOutLn, PCHAR lpMutex, DWORD dwMutexLn)
{
PSYSTEM_HANDLE_INFORMATION shi = 0;
NTSTATUS Status = 0;
ULONG len = 0x2000;
POBJECT_NAME_INFORMATION obn = 0;
HANDLE proc = 0, thandle = 0, hFile = 0;
BOOLEAN enable = FALSE;
UCHAR name[300] = {0};
ULONG temp = 0, rw = 0;
do
{
shi = (PSYSTEM_HANDLE_INFORMATION)malloc(len);
if (shi == 0)
{
return;
}
Status = NtQuerySystemInformation(SystemHandleInformation, shi, len, NULL);
if (Status == STATUS_INFO_LENGTH_MISMATCH)
{
free(shi);
len *= 2;
}
else
if (NT_ERROR(Status))
{
free(shi);
return;
}
} while (Status == STATUS_INFO_LENGTH_MISMATCH);
RtlAdjustPrivilege(SE_DEBUG_PRIVILEGE, 1, 0, &enable);
for (int i=0; i<(int)shi->uCount; i++)
{
proc = OpenProcess(PROCESS_DUP_HANDLE, FALSE, shi->aSH[i].uIdProcess);
if (proc == 0)
{
continue;
}
Status = NtDuplicateObject(proc, (HANDLE)shi->aSH[i].Handle, NtCurrentProcess(),
&thandle, 0, 0, DUPLICATE_SAME_ACCESS);
if (NT_ERROR(Status))
{
NtClose(proc);
continue;
}
Status = NtQueryObject(thandle, ObjectNameInformation, 0, 0, &len);
if (Status != STATUS_INFO_LENGTH_MISMATCH || len == 0)
{
NtClose(thandle);
NtClose(proc);
continue;
}
obn = (POBJECT_NAME_INFORMATION)malloc(len);
if (obn == 0)
{
NtClose(thandle);
NtClose(proc);
continue;
}
Status = NtQueryObject(thandle, ObjectNameInformation, obn, len, &len);
if (NT_ERROR(Status) || obn->Name.Buffer == 0)
{
free(obn);
NtClose(thandle);
NtClose(proc);
continue;
}
RtlZeroMemory(name, sizeof(name));
WideCharToMultiByte(CP_ACP, 0, obn->Name.Buffer, obn->Name.Length >> 1,
(LPSTR)name, 300, NULL, NULL);
if (strstr((LPSTR)name, "__SYSTEM__") || strstr((LPSTR)name, "_AVIRA_"))
{
lstrcpyW((LPWSTR)name, L"\\\\.\\pipe\\");
lstrcatW((LPWSTR)name, obn->Name.Buffer);
__retry:
hFile = CreateFileW((LPWSTR)name, GENERIC_READ|GENERIC_WRITE,
FILE_SHARE_READ|FILE_SHARE_WRITE, 0, OPEN_EXISTING, 0, 0);
if (hFile == INVALID_HANDLE_VALUE)
{
WaitNamedPipeW((LPWSTR)name, INFINITE);
hFile = CreateFileW((LPWSTR)name,
GENERIC_READ|GENERIC_WRITE, FILE_SHARE_READ|FILE_SHARE_WRITE, 0, OPEN_EXISTING, 0, 0);
if (hFile == INVALID_HANDLE_VALUE)
{
WCHAR wszBNO[] = { L"\\BaseNamedObjects\\" };
if (LPWSTR wszBNOPos = StrStrW((LPWSTR)name, wszBNO))
{
lstrcpyW((LPWSTR)name, L"\\\\.\\pipe\\");
lstrcatW((LPWSTR)name,
(LPWSTR)((PBYTE)wszBNOPos + (sizeof(wszBNO) - 1 * sizeof(WCHAR))));
goto __retry;
}
free(obn);
NtClose(thandle);
NtClose(proc);
continue;
}
}
temp = PIPE_READMODE_MESSAGE;
if (!SetNamedPipeHandleState(hFile, &temp, 0, 0))
{
CloseHandle(hFile);
free(obn);
NtClose(thandle);
NtClose(proc);
continue;
}
temp = dwArg;
if (!WriteFile(hFile, &temp, 4, &rw, 0))
{
CloseHandle(hFile);
free(obn);
NtClose(thandle);
NtClose(proc);
continue;
}
temp = 0;
if (!WriteFile(hFile, &temp, 4, &rw, 0))
{
CloseHandle(hFile);
free(obn);
NtClose(thandle);
NtClose(proc);
continue;
}
temp = 0;
if (!WriteFile(hFile, &temp, 0, &rw, 0))
{
CloseHandle(hFile);
free(obn);
NtClose(thandle);
NtClose(proc);
continue;
}
temp = 0;
if (!ReadFile(hFile, &temp, 4, &rw, 0))
{
CloseHandle(hFile);
free(obn);
NtClose(thandle);
NtClose(proc);
continue;
}
temp = 0;
if (!ReadFile(hFile, &temp, 4, &rw, 0))
{
CloseHandle(hFile);
free(obn);
NtClose(thandle);
NtClose(proc);
continue;
}
if (temp > MAX_PATH)
{
CloseHandle(hFile);
free(obn);
NtClose(thandle);
NtClose(proc);
continue;
}
rw = temp;
temp = (ULONG)malloc(temp);
if (!temp)
{
CloseHandle(hFile);
free(obn);
NtClose(thandle);
NtClose(proc);
continue;
}
if (!ReadFile(hFile, (PVOID)temp, rw, &rw, 0))
{
free((PVOID)temp);
CloseHandle(hFile);
free(obn);
NtClose(thandle);
NtClose(proc);
continue;
}
if ( (temp) && lstrlenW((LPCWSTR)temp) < (int)dwOutLn) {
RtlZeroMemory(lpOut, dwOutLn);
WideCharToMultiByte(CP_ACP, 0, (PWCHAR)temp,
lstrlenW((LPCWSTR)temp), (LPSTR)lpOut, dwOutLn, NULL, NULL);
}
if (lpMutex) {
LPWSTR lpwMutexName = obn->Name.Buffer;
LPWSTR lpwTemp;
while (lpwTemp = StrStrW(lpwMutexName, L"\\")) {
lpwMutexName = lpwTemp + 1;
}
RtlZeroMemory(lpMutex, dwMutexLn);
WideCharToMultiByte(CP_ACP, 0, lpwMutexName,
lstrlenW(lpwMutexName), (LPSTR)lpMutex, dwMutexLn, NULL, NULL);
}
free((PVOID)temp);
CloseHandle(hFile);
}
free(obn);
NtClose(thandle);
NtClose(proc);
}
}
BOOL DeleteHiddenFile(PCHAR szPath)
{
SetFileAttributes(szPath, FILE_ATTRIBUTE_ARCHIVE);
return DeleteFile(szPath);
}
#define ZEUS_FASTCLEAN
BOOL KillZeus()
{
// Getting info
CHAR szMutexName[MAX_PATH] = {0};
CHAR szZeusPath[MAX_PATH];
GetZeusInfo(11, szZeusPath, sizeof szZeusPath, szMutexName, sizeof szMutexName);
if (!strlen(szMutexName)) {
#ifdef _DEBUGLITE
OutputDebugStringEx(__FUNCTION__" : ERROR : Cannot get szMutexName");
#endif
return FALSE;
}
#ifndef ZEUS_FASTCLEAN
CHAR szZeusConfig[MAX_PATH];
GetZeusInfo(12, szZeusConfig, sizeof szZeusConfig, NULL, NULL);
CHAR szZeusLog[MAX_PATH];
GetZeusInfo(13, szZeusLog, sizeof szZeusLog, NULL, NULL);
#endif
#ifdef _DEBUGLITE
OutputDebugStringEx(__FUNCTION__" : INFO : 0.) Mutex \"%s\"", szMutexName);
OutputDebugStringEx(__FUNCTION__" : INFO : 1.) Path \"%s\"", szZeusPath);
#ifndef ZEUS_FASTCLEAN
OutputDebugStringEx(__FUNCTION__" : INFO : 2.) Config \"%s\"", szZeusConfig);
OutputDebugStringEx(__FUNCTION__" : INFO : 3.) Log \"%s\"", szZeusLog);
#endif
#endif
// Killing
GetZeusInfo(3, NULL, NULL, NULL, NULL);
// Waiting
HANDLE hMutex;
for (INT i = 0; i < 10; i++) {
hMutex =
OpenMutex(MUTANT_QUERY_STATE|SYNCHRONIZE|STANDARD_RIGHTS_REQUIRED, FALSE,
szMutexName);
if (!hMutex)
break;
CloseHandle(hMutex);
Sleep(1000);
}
if (hMutex) {
#ifdef _DEBUGLITE
OutputDebugStringEx(__FUNCTION__" : ERROR : hMutex is still active");
#endif
return FALSE;
}
// Deleting files
if (!DeleteHiddenFile(szZeusPath)) {
#ifdef _DEBUGLITE
OutputDebugStringEx(__FUNCTION__" : WARNING : Cannot delete \"%s\"",
szZeusPath);
#endif
}
#ifndef ZEUS_FASTCLEAN
if (!DeleteHiddenFile(szZeusConfig)) {
#ifdef _DEBUGLITE
OutputDebugStringEx(__FUNCTION__" : WARNING : Cannot delete \"%s\"",
szZeusConfig);
#endif
}
if (!DeleteHiddenFile(szZeusLog)) {
#ifdef _DEBUGLITE
OutputDebugStringEx(__FUNCTION__" : WARNING : Cannot delete \"%s\"",
szZeusLog);
#endif
}
#endif
#ifdef _DEBUGLITE
OutputDebugStringEx(__FUNCTION__" : INFO : EXIT");
#endif
return TRUE;
}
    Credits go to GriboDemon.
    Reply With Quote Reply With Quote
  3. 12-16-2012, 08:21 PM #3
    Gean alexsander
    Gean alexsander is offline
    Zeus Killer [C &amp; C++] Gean alexsander's Avatar
    Join Date
    Aug 2012
    Posts
    162

    harderman now

    gribodemon retired, both for now and harderman or SpyEye botnet Zeus, nice tut , please post more ,thanks bro: Cool:
    Reply With Quote Reply With Quote
  4. 06-12-2017, 02:34 AM #4
    Ethan4765
    Ethan4765 is offline
    Zeus Killer [C &amp; C++]
    Join Date
    Jun 2017
    Posts
    4
    i followed all the steps but once i poured the milk in my computer it started buzzing so idk if that helped or not.
    Reply With Quote Reply With Quote
  5. 07-14-2017, 03:49 PM #5
    apopi0254
    apopi0254 is offline
    Zeus Killer [C &amp; C++]
    Join Date
    Jul 2017
    Posts
    3
    2199991290394449/234/01/23 amex
    Reply With Quote Reply With Quote
  6. 07-14-2017, 03:50 PM #6
    apopi0254
    apopi0254 is offline
    Zeus Killer [C &amp; C++]
    Join Date
    Jul 2017
    Posts
    3
    hi man im help for evriyane
    Reply With Quote Reply With Quote
  7. 09-15-2017, 01:56 PM #7
    Cherry45
    Cherry45 is offline
    Zeus Killer [C &amp; C++]
    Join Date
    Sep 2017
    Posts
    4

    ?

    remind me again wht this does?
    Reply With Quote Reply With Quote
  8. 10-28-2017, 08:24 AM #8
    barbie
    barbie is offline
    Zeus Killer [C &amp; C++] barbie's Avatar
    Join Date
    Oct 2017
    Location
    Willows, Wisconsin
    Posts
    20
    Send a message via AIM to barbie
    Interesting.
    Reply With Quote Reply With Quote
  9. 05-18-2018, 09:18 PM #9
    ResintuToko
    ResintuToko is offline
    Zeus Killer [C &amp; C++]
    Join Date
    May 2018
    Posts
    3
    Oh sweet this worked
    Reply With Quote Reply With Quote
  10. 07-02-2018, 06:21 PM #10
    maxm58
    maxm58 is offline
    Zeus Killer [C &amp; C++]
    Join Date
    Jul 2018
    Posts
    2
    Thanks for this!
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules

CardMafia Official twitter AccountCardMafia Official Telegram Channel

CardMafia Official Youtube Channel

The administration is not responsible for the actions of users. The information on this site is for informational purposes only. Contact us at [email protected] for removal of any objectionable material.
logo