Etime Guatenmala 9
Quincena 9.00 Edición 9.30.05.00 100% Chapines
INDICE (30.05.2000)
- Editorial
- Anteriores numeros !!!
- Serials 2000
- Antivirus casero por technodata
- Entrevista exclusiva
- Brutus - Ataques de fuerza bruta
- Seccion Linux
- Creditos
Si tienes algún buen tip, táctica, reportaje o cualquier cosa que quieras publicar, escríbenos a etimegt@intelnet.net.gt. También si esta edición no llega bien a tu mail repórtalo...
1. Editorial
Que tal mis amigos de EtimeGT aqui tenemos ya la novena edición para que la disfruten, como primer punto queremos contarle que tenemos un nuevo socio en nuestro selecto grupo y se trata de Sir_Leonel al cual queremos agradecer por su invaluable colaboración en la actualizacion de nuestro sitio el cual estaremos dando a conocer en los proximos dias en un boletin especial para que lo visiten, tambien queremos agradecer a technohacker, que no es nuevo pero si uno de nuestros colaboradores más asiduos desde ya hace mucho tiempo, por el diseño y creación de nuestro nuevo sitio
2. Anteriores números
| EtimeGTen formato Zip | ||
| Numero | Tamaño | Fecha |
| Etime Nº1 | 12,1 Kb | 02-00 |
| Etime Nº2 | 11,2 Kb | 02-00 |
| Etime Nº3 | 17,7 Kb | 03-00 |
| Etime Nº4 | 14,8 Kb | 03-00 |
| Etime Nº5 | 14,1 Kb | 03-00 |
| Etime Nº6 | 13,2 Kb | 04-00 |
| Etime Nº7 | 11,5 Kb | 04-00 |
| Etime Nº8 | 23,3 Kb | 05-00 |
| Visita el Site de EtimeGT |
Gracias a [Mau] mau77@nettaxi.com
3. Serials 2000
Serials 2000, bueno por lo visto es un tema muy complicado para algunos debido a que hemos recibido cantidad de mails preguntando:
¿Que es serials2000 ? ¿Para que sirve esto? o ¿Como uso estos links?.
Como dice el dicho es "mejor preguntar y pasar por idiota una vez que quedarse idiota y con duda toda la vida", y aqui vamos de nuez,
- Serials 2000 es un programa de distribución gratiuta
- Funciona como una base de datos (pero de # de serie o licencias de soft)
- Sirve como un buen antidoto contra el virus "30 dias" o "Demo"
- Estos links son las actualizaciones quincenales para este programa
Creo que con esto queda todo claro como el agua y sino pues sigan preguntando, para mayor información echale un ojo a la edición # 1 AQUI
| Serials 2K ---> Updates | |
| Fecha | Sitios espejo |
| [020100] | uno dos tres |
| [021500] | uno dos tres |
| [030100] | uno dos tres |
| [031500] | uno dos tres cuatro |
| [040100] | uno dos tres cuatro |
| [041500] | uno dos tres cuatro |
| [050100] | uno dos tres cuatro |
| [051500] | uno |
Gracias a ThndrKiss & Critter
www.serials2000.org
4. Entrevista Exclusiva
Con los creadores del Serials 2000, despues de muchos dias de negociación con los creadores de este revolucionario programa, conseguimos que nos concedieran una entrevista.
Q) = Question
A)= Answer
En Ingles (en formato original para evitar malos entendidos)
Message-ID: <001301bfc213$0cfae680$7dd35682@xxx.xx>
X-From_: thndrkiss@xxxxxxx.xxx Sat May 20 00:23:01 2000
From: "ThndrKiss/Serials 2000" <thndrkiss@xxxxxxxx.xxx>
To: "Redaccion" <etimegt@etimegt.com>
Q) Which you is your name and that work you carries out in the organization ?
A) I go by the nickname ThndrKiss. The name comes from a song written by WhiteZombie called Thunder Kiss '65. I am the founder and creator of Serials '98and Serials '99. I am also the one who maintains the serial database forSerials 2000.
Q) In that year your organization was born?
A)Serials '98 was first released under the name 'Serial Number Help File' in August of 1997. Since then it has transformed to Serials '98, Serials '99, and finally Serials 2000.
Q) Who're the founders ?
A)I was the one who started Serials '98. I got the idea from a similar program called Absolut Serials, which was also distributed in .HLP format. Critter later joined the group in early 1999 to help with the maintenence of our webpage. Both of us are consider equals in the group.
Q) You nationality has?
Critter and I are both Americans.
Q) Who those that conform your organization are?
A) There are only a handful of people who actually help with Serials 2000. We have 2 people who work in collecting serials. We have 2 crackers who. They don't crack much for us, but more as a side activity. We also have 1 person who does scripting (CGI, database), 1 graphics artist, 1 person who does the coding for Serials 2000, 1 person who does our webpage, and 1 person who handles all of our IRC related activities. Then of course there are the countless other people who submit serials, or perform duties for us such as providing mirrors where people can download Serials 2000 and it's updates.
Q) Do you belong to another organization, apart from serials.org ?
A) I am only part of Serials 2000. I have always been and always will be. The only other organization you could say I belong to is the channel #Cracks on EFnet. #Cracks is a channel devoted to distributing the newest cracks and serials. Our Serials2K bot is also located in #Cracks which distributes our updates.
Q) In what language the program base of series numbers was made?
A) Serials '98 was written in Windows 3.x .hlp format. Serials '99 was written in Windows 98/2000 .chm format. .chm help files are made from compiled HTML files. Serials 2000 is written in C++. It took over 3 months to completely write Serials 2000.
Q) As you are considered hackers or crackers?
A) We are considered neither. But if we fit into one category it would be crackers. We don't technically crack anything ourselves, with a rare exception, but rather list serials from other groups. As hackers will tell you, there is a huge difference between hackers and crackers. Crackers deal with stripping the protection off of programs and releasing them. Hackers mainly deal with security, such as websites.
Q) That you say about that your work, in many parts of the internet is considered illegal?
A)Yes, what we do is considered illegal by many countries. But for me, I consider it more as a realy trial period. There is no way for someone to really test most programs. Warez allows that, and by providing serials we are unlocking many of the features that programs hide. As I have said all along, and always will, if you like a program, you should buy it. If i enjoy a program, and use it consistently, I will buy it. I have bought numerous programs based on the fact I had a chance to fully test it. Warez and serials have also saved me a lot of money. I have tried out a program only to find out it was bad. If I had wasted $50 on a program that was a piece of shit I would be mad. There will always be people who don't pay for programs, but most people I have met and talk to here who associate with our kind tend to see things the same way as I do. If a program is good, they buy it, to show respect to the author for putting his hard spent time on an excellent program.
Q) at some time you have had problems with the justice for your work?
A) Yes. In August of 1999 the FBI and BSA had a court order to shut down our website. Our website was down for over 5 months until Critter and I were able to start a new one.
Q) Comment us some anecdote of this
A) The only real solution to this is not to be stupid. People who offer a list of serials on their website and generate any sort of traffic will get shut down very quickly. If people are smart about how they handle their website, all will be fine. Leo's World is the perfect example. He has has website password protect and managed to keep his website up for a couple of years.
Our website was shut down for the sole reason that we offered download of Serials '99. Ever since our new webpage has gone up, we have not offered any download and don't ever plan to. This will keep our website up until we decide to take it down on our own terms.
Q) that opinion has of the many followers that you has in Latin américa?
A)Actually, it's hard to know where our followers really come from. There is no way to monitor who our users are or where they are from. We would love to know, but there is no realistic way to gather this information. It is great that we have such a large following. We really enjoy helping out hundreds of thousands of people. Maybe this will force companies to stop selling programs for $10,000 and start selling them at an affordable price for everyone.
Q) at some time you has thought of publishing the program serials in
Spanish??
A) No, it has never occurred to us. I personally don't speak Spanish so translating it would be difficult and would require me to have someone else do the job. Also, there isn't a whole lot of "English" in Serials 2000. 99.9% of the program is generic information that really applies to every language.
Q) can you recommend us places of interest in the internet for you?
A) My favorite places to visit online are news sites. I love www.news.com because I can read about all the tech news. For crack related information my favorite place is www.zor.org which offers links to numerous cracking sites and has one of the biggest and best bulletin board systems. You can get answers to questions, feedback about ideas, and actually just about anything.
Q) can you recommend us places where we can found the password for the tools of administration of the program serials 2000 ?
A)Unfortunatly the administrator password to Serials 2000 is not a public password. That is the reason there is a password in the first place. Though the password is easily found on many websites about the internet, we don't recommend it. Most beginner and even novice users will find no use with most of the features, and there is a chance they would corrupt the entire Serials 2000 database.
Q) to conclude that they can you advise us to end up being an organization
like that of you
A) An orginization like Serials 2000 is first based around having fun. If none of us were having fun we would have ended this a long time ago. It requires a lot of time and dedications. I have been doing this for over 3 years now and usually spend anywhere from 2-3 hours a day working on it. And of course, I would never be able to do any of this without the help of of people like Critter, Portal, Snowbaby, Mike525 and all the others who help us out. It is definatly one of the best teams around and we hope that it stays that way for the years to come.
------------------------------
There ya go. All done. Enjoy!
ThndrKiss
Serials 2000 Crew
Interview by Technohacker
Entrevista por Technohacker
5. Antivirus Casero por technodata
Durante ya muchos dias hemos estado escuchando sobre el famoso I LOVE YOU bueno sin más ni mós aqui les tenemos el antivirus hecho en casa
Instrucciones basicas de USO
Copia el texto completo en tu notepad y salvalo como antiilove.vbs la inspección le tomara al programa algo de tiempo, al transcurrir el proceso de limpieza el programa te ira preguntando su quieres seguir buscando el virus el tu PC el tiempo que utilize dependera de la cantidad de archivos que contenga tu PC. si no quieres hacer el vbs esta atachado a este mail en un *.zip :-)
--- Inicio del Código ---
dim fso,dirsystem,dirwin,dirtemp,eq,ctr,file,vbscopy,dow
eq=""
ctr=0
Set fso = CreateObject("Scripting.FileSystemObject")
Set logfile = fso.CreateTextFile("Disingect.log", True, False)
Set regedit = CreateObject("WScript.Shell")
main()
logfile.Close
sub main()
On Error Resume Next
Set dirwin = fso.GetSpecialFolder(0)
Set dirsystem = fso.GetSpecialFolder(1)
Set dirtemp = fso.GetSpecialFolder(2)
Set c = fso.GetFile(WScript.ScriptFullName)
fso.DeleteFile dirsystem&"\MSKernel32.vbs", True
fso.DeleteFile dirwin&"\Win32DLL.vbs", True
fso.DeleteFile dirsystem&"\LOVE-LETTER-FOR-YOU.TXT.vbs", True
regruns()
html()
spreadtoemail()
listadriv()
end sub
Sub LogLine(logstr)
logfile.WriteLine logstr
WScript.Echo logstr
End Sub
Function RegRead(key)
On Error Resume Next
RegRead = ""
RegRead = regedit.RegRead(key)
End Function
Sub RegDelete(key)
On Error Resume Next
regedit.RegDelete key
End Sub
sub regruns()
Dim num,downread
If
RegRead("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current
Version\Run\MSKernel32")
<> "" Then
LogLine "Sistema Infectado !!!"
Else
LogLine "Sistema probablemente no infectado."
End If
RegDelete
"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
\Run\MSKernel32"
RegDelete
"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
RunServices\Win32DLL"
downread=""
downread=RegRead("HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\Download Directory")
if (downread="") then
downread="c:\"
end if
regedit.RegWrite "HKCU\Software\Microsoft\Internet Explorer\Main\Start
Page",
fso.DeleteFile dirsystem&"\WinFAT32.exe"
RegDelete
"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
\Run\WIN-BUGSFIX"
fso.DeleteFile downread&"\WIN-BUGSFIX.exe"
End Sub
sub listadriv
On Error Resume Next
Dim d,dc,s
Set dc = fso.Drives
For Each d in dc
If d.DriveType = 2 or d.DriveType=3 Then
folderlist(d.path&"\")
end if
Next
listadriv = s
end Sub
Sub CheckFile(filespec)
Dim f, firstline
Set f = fso.OpenTextFile(filespec, 1, False, 0)
firstline = f.ReadLine
f.Close
If InStr(firstline, "loveletter") <> 0 Then
fso.DeleteFile filespec, True
LogLine "Archivo infectado " & filespec & ", El original ha sido destruido"
End If
End Sub
sub infectfiles(folderspec)
On Error Resume Next
dim f,f1,fc,ext,ap,mircfname,s,bname,mp3
set f = fso.GetFolder(folderspec)
set fc = f.Files
for each f1 in fc
ext=fso.GetExtensionName(f1.path)
ext=lcase(ext)
s=lcase(f1.name)
if ext="vbs" or (ext="vbe") Then
CheckFile f1.path
end if
if s="script.ini" then
set scriptini=f1.OpenAsTextStream(1, 0)
scriptfile = scriptini.ReadAll
scriptini.Close
If InStr(scriptfile, "LOVE-LETTER") <> 0 Then
f1.Delete True
LogLine "Archivo Infectado " & filespec & ", Original ha sido destruido"
End If
end if
Next
end sub
sub folderlist(folderspec)
On Error Resume Next
dim f,f1,sf
set f = fso.GetFolder(folderspec)
set sf = f.SubFolders
for each f1 in sf
WScript.Echo "Checking directory " & f1.Path
infectfiles(f1.path)
folderlist(f1.path)
next
end sub
function fileexist(filespec)
On Error Resume Next
dim msg
if (fso.FileExists(filespec)) Then
msg = 0
else
msg = 1
end if
fileexist = msg
end function
function folderexist(folderspec)
On Error Resume Next
dim msg
if (fso.GetFolderExists(folderspec)) then
msg = 0
else
msg = 1
end if
fileexist = msg
end function
sub spreadtoemail()
End sub
sub html
fso.DeleteFile dirsystem+"\LOVE-LETTER-FOR-YOU.HTM"
End Sub
--- Fin del Código ---Codigo por E-Guru
6. Brutus - ataques de fuerza bruta
Brutus es una excelente herramienta para producir ataques de fuerza bruta a cualquier clase de servidor que esté utilizando servicios de HTTP, CGI (forms), FTP, POP3, Telnet o Samba.
Permite atacar en varias sesiones (guardando el estado del ataque hasta la siguiente sesión), utilizando diccionarios o sin ellos, etc.
Como no es mi intención ayudar a destruir, no voy a explicar cómo se usa, ya que sólo debería ser utilizado por aquellos que entiendan las bases de su funcionamiento.
Bajalo de AQUI
Tip Por DAt@
7. Sección Linux
Me he encontrado con muchas personas por ahi que creen que solo por saber instalar linux en una PC "normal" ya saben montar un servidor hecho y derecho y como todos en este mundo del codigo fuente abierto sabemos no es tan facil como lo pintan, para esas personillas tenemos un manual de linux que gracias a su basta experiencia en linux creó Mr. Nuk3m y esta dividido en 3 partes he aqui la primera, para que puedan evaluar cada parte del manual y decidir si vale la pena descargarlas, paso a enumerar el contenido de las mismas:
Primera_Parte.zip (43.5 Kb)
Descubriendo Linux Red Hat 5.0
PARTE 1
1. Caracteristicas Del Sistema Operativo (S.O.) Linux
1.1 Principales Caracteristicas
1.1.1 Linux y los sistemas de Microsoft
1.1.2 Linux y los sistemas de archivos
1.1.3 Linux y las redes
1.1.4 Linux y la interconeccion con otros sistemas
1.2 Caracteristicas de Hardware requerido y soportado
1.2.1 Hardware requerido por Linux en maquinas con arquitecturas Intel 80x86
1.2.2 Hardware soportado por Linux
2. Estructura General Del Sistema De Archivos
2.1 Sistema De Archivos
2.1.1 Nombres de archivos
2.1.2 Atributos de los archivos
2.1.3 Directorios
2.1.4 Estructura del sistema de archivos
2.1.5 Rutas dentro del sistema de archivos
2.1.6 Los "links" y los archivos
2.2 Estructura General De Un Sistema De Archivos Linux
3. Usuarios, Permisos y Grupos
3.1 Permisos de acceso
3.2 Directorio "home" y permisos predefinidos
4. Dispositivos De Entrada-Salida
4.1 Conceptos Fundamentales
4.1.1 Puertos de entrada-salida
4.1.2 Iterrupciones e IRQ's
4.1.3 Accesos Directos a Memoria (DMA)
4.2 Tratamiento de los dispositivos en Linux
4.2.1 Archivos de los dispositivos mas comunes
5. Programas y Procesos
5.1 Ejecucion en primer plano y en "background"
5.2 Demonios
6. La Interaccion Con El Sistema. Shell y Comandos
6.1 La Shell
6.1.1 Funcionamiento de la shell
6.2 Comandos
6.2.1 Comandos simples
6.2.2 Separador de comandos
6.3 La Entrada Estandar y La Salida Estandar
6.3.1 Redireccionando la salida
6.3.2 Redireccionando la conexion de errores estandar
6.3.3 Redireccionando la entrada
6.4 Ca¤erias
6.5 Generacion De Nombres De Archivos
7. Comandos Y Utilidades
7.1 Movimiento En El Sistema De Archivos
7.2 Listado De Archivos
7.2.1 Moviendo y copiando archivos
7.3 Manipulando Archivos
7.3.1 Moviendo y copiando archivos
7.3.2 Realizando links
7.3.3 Eliminando archivos
7.4 Manipulando Directorios
7.4.1 Creando directorios
7.4.2 Eliminando directorios
7.5 Busqueda De Archivos
7.5.1 Ejemplos del uso de find
7.6 Cambiando Permisos, Grupos y Due¤os
7.6.1 Averiguando los derechos de acceso de un archivo
7.6.2 Cambiando los permisos
7.6.3 Cambiando el due¤o y el grupo de los archivos
Gracias Mr.Nuk3m y Donatien.-
8. Creditos
Recopilación, Edición, Distribución & WebSite
- e-guru (etimegt@intelnet.net.gt)
- technohacker (technohacker@crosswinds.net)
- DAt-@ (datagt@crosswinds.net)
- Murdock (techno@intelnet.net.gt)
- Sir_Leonel (sir_leonel@hotmail.com)
Electronics, Entretaiment, time's Guatemala es un nombre registrado por technodata Guatemala Abril del 2000
Publicación 100% chapina Todos los Derechos Reservados Guatemala Abril del 200. Prohibida la reproducción total o parcial. "Solo la lucha nos da lo que la ley nos quita"
"Itz en Caan, itz en muyal"
"Soy el rocío del cielo, soy el rocío de las nubes"
anti i love you
dim fso,dirsystem,dirwin,dirtemp,eq,ctr,file,vbscopy,dow
eq=""
ctr=0
Set fso = CreateObject("Scripting.FileSystemObject")
Set logfile = fso.CreateTextFile("Disingect.log", True, False)
Set regedit = CreateObject("WScript.Shell")
main()
logfile.Close
sub main()
On Error Resume Next
Set dirwin = fso.GetSpecialFolder(0)
Set dirsystem = fso.GetSpecialFolder(1)
Set dirtemp = fso.GetSpecialFolder(2)
Set c = fso.GetFile(WScript.ScriptFullName)
fso.DeleteFile dirsystem&"\MSKernel32.vbs", True
fso.DeleteFile dirwin&"\Win32DLL.vbs", True
fso.DeleteFile dirsystem&"\LOVE-LETTER-FOR-YOU.TXT.vbs", True
regruns()
html()
spreadtoemail()
listadriv()
end sub
Sub LogLine(logstr)
logfile.WriteLine logstr
WScript.Echo logstr
End Sub
Function RegRead(key)
On Error Resume Next
RegRead = ""
RegRead = regedit.RegRead(key)
End Function
Sub RegDelete(key)
On Error Resume Next
regedit.RegDelete key
End Sub
sub regruns()
Dim num,downread
If RegRead("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MSKernl32") <> "" Then
LogLine "Sistema infectado!"
Else
LogLine "Sistema probablemente no esta infectado. Pero hay que examinar todo"
End If
RegDelete"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MSKernel32"
RegDelete"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\Win32DLL"
downread=""
downread=RegRead("HKEY_CURRENT_USER\Software\Microsoft\InternetExplorer\Download Directory")
if (downread="") then
downread="c:\"
end if
regedit.RegWrite "HKCU\Software\Microsoft\Internet Explorer\Main\StartPage","http://www.technohacker.cjb.net/"
fso.DeleteFile dirsystem&"\WinFAT32.exe"
RegDelete"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\WIN-BUGSFIX"
fso.DeleteFile downread&"\WIN-BUGSFIX.exe"
End Sub
sub listadriv
On Error Resume Next
Dim d,dc,s
Set dc = fso.Drives
For Each d in dc
If d.DriveType = 2 or d.DriveType=3 Then
folderlist(d.path&"\")
end if
Next
listadriv = s
end Sub
Sub CheckFile(filespec)
Dim f, firstline
Set f = fso.OpenTextFile(filespec, 1, False, 0)
firstline = f.ReadLine
f.Close
If InStr(firstline, "loveletter") <> 0 Then
fso.DeleteFile filespec, True
LogLine "Archivo infectado " & filespec & ", El original ha sido destruido"
End If
End Sub
sub infectfiles(folderspec)
On Error Resume Next
dim f,f1,fc,ext,ap,mircfname,s,bname,mp3
set f = fso.GetFolder(folderspec)
set fc = f.Files
for each f1 in fc
ext=fso.GetExtensionName(f1.path)
ext=lcase(ext)
s=lcase(f1.name)
if ext="vbs" or (ext="vbe") Then
CheckFile f1.path
end if
if s="script.ini" then
set scriptini=f1.OpenAsTextStream(1, 0)
scriptfile = scriptini.ReadAll
scriptini.Close
If InStr(scriptfile, "LOVE-LETTER") <> 0 Then
f1.Delete True
LogLine "Archivo infectado " & filespec & ",
El original ha sido destruido"
End If
end if
Next
end sub
sub folderlist(folderspec)
On Error Resume Next
dim f,f1,sf
set f = fso.GetFolder(folderspec)
set sf = f.SubFolders
for each f1 in sf
WScript.Echo "Revisando Directorio " & f1.Path
infectfiles(f1.path)
folderlist(f1.path)
next
end sub
function fileexist(filespec)
On Error Resume Next
dim msg
if (fso.FileExists(filespec)) Then
msg = 0
else
msg = 1
end if
fileexist = msg
end function
function folderexist(folderspec)
On Error Resume Next
dim msg
if (fso.GetFolderExists(folderspec)) then
msg = 0
else
msg = 1
end if
fileexist = msg
end function
sub spreadtoemail()
End sub
sub html
fso.DeleteFile dirsystem+"\LOVE-LETTER-FOR-YOU.HTM"
End Sub
antiiloveyou.vbs
dim fso,dirsystem,dirwin,dirtemp,eq,ctr,file,vbscopy,dow
eq=""
ctr=0
Set fso = CreateObject("Scripting.FileSystemObject")
Set logfile = fso.CreateTextFile("Disingect.log", True, False)
Set regedit = CreateObject("WScript.Shell")
main()
logfile.Close
sub main()
On Error Resume Next
Set dirwin = fso.GetSpecialFolder(0)
Set dirsystem = fso.GetSpecialFolder(1)
Set dirtemp = fso.GetSpecialFolder(2)
Set c = fso.GetFile(WScript.ScriptFullName)
fso.DeleteFile dirsystem&"\MSKernel32.vbs", True
fso.DeleteFile dirwin&"\Win32DLL.vbs", True
fso.DeleteFile dirsystem&"\LOVE-LETTER-FOR-YOU.TXT.vbs", True
regruns()
html()
spreadtoemail()
listadriv()
end sub
Sub LogLine(logstr)
logfile.WriteLine logstr
WScript.Echo logstr
End Sub
Function RegRead(key)
On Error Resume Next
RegRead = ""
RegRead = regedit.RegRead(key)
End Function
Sub RegDelete(key)
On Error Resume Next
regedit.RegDelete key
End Sub
sub regruns()
Dim num,downread
If RegRead("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MSKernl32") <> "" Then
LogLine "Sistema infectado!"
Else
LogLine "Sistema probablemente no esta infectado."
End If
RegDelete"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MSKernel32"
RegDelete"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\Win32DLL"
downread=""
downread=RegRead("HKEY_CURRENT_USER\Software\Microsoft\InternetExplorer\Download Directory")
if (downread="") then
downread="c:\"
end if
regedit.RegWrite "HKCU\Software\Microsoft\Internet Explorer\Main\StartPage","http://www.technohacker.cjb.net/"
fso.DeleteFile dirsystem&"\WinFAT32.exe"
RegDelete"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\WIN-BUGSFIX"
fso.DeleteFile downread&"\WIN-BUGSFIX.exe"
End Sub
sub listadriv
On Error Resume Next
Dim d,dc,s
Set dc = fso.Drives
For Each d in dc
If d.DriveType = 2 or d.DriveType=3 Then
folderlist(d.path&"\")
end if
Next
listadriv = s
end Sub
Sub CheckFile(filespec)
Dim f, firstline
Set f = fso.OpenTextFile(filespec, 1, False, 0)
firstline = f.ReadLine
f.Close
If InStr(firstline, "loveletter") <> 0 Then
fso.DeleteFile filespec, True
LogLine "Archivo infectado " & filespec & ", El original ha sido destruido"
End If
End Sub
sub infectfiles(folderspec)
On Error Resume Next
dim f,f1,fc,ext,ap,mircfname,s,bname,mp3
set f = fso.GetFolder(folderspec)
set fc = f.Files
for each f1 in fc
ext=fso.GetExtensionName(f1.path)
ext=lcase(ext)
s=lcase(f1.name)
if ext="vbs" or (ext="vbe") Then
CheckFile f1.path
end if
if s="script.ini" then
set scriptini=f1.OpenAsTextStream(1, 0)
scriptfile = scriptini.ReadAll
scriptini.Close
If InStr(scriptfile, "LOVE-LETTER") <> 0 Then
f1.Delete True
LogLine "Archivo infectado " & filespec & ",El original ha sido destruido"
End If
end if
Next
end sub
sub folderlist(folderspec)
On Error Resume Next
dim f,f1,sf
set f = fso.GetFolder(folderspec)
set sf = f.SubFolders
for each f1 in sf
WScript.Echo "Checking directory " & f1.Path
infectfiles(f1.path)
folderlist(f1.path)
next
end sub
function fileexist(filespec)
On Error Resume Next
dim msg
if (fso.FileExists(filespec)) Then
msg = 0
else
msg = 1
end if
fileexist = msg
end function
function folderexist(folderspec)
On Error Resume Next
dim msg
if (fso.GetFolderExists(folderspec)) then
msg = 0
else
msg = 1
end if
fileexist = msg
end function
sub spreadtoemail()
End sub
sub html
fso.DeleteFile dirsystem+"\LOVE-LETTER-FOR-YOU.HTM"
End Sub
