Wrox Programmer Forums
Go Back   Wrox Programmer Forums > Other Programming > VBScript
VBScript For questions and discussions related to VBScript.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the VBScript section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
  #1 (permalink)  
Old September 14th, 2011, 11:15 AM
Registered User
Join Date: Jan 2011
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Question How to determine the function of encoding or encryption ?

I am interested in new viruses that are circulating around these days and I noticed it among them that are encrypted or coded to say they can bypass the antivirus.
So in order to make a cleaning tool to put everything in order and cover their tracks, i must read its contents of course ie the original source code to see what are the keys in the registry that were changed or been added or deleted before being encrypted or encoded.
Yesterday I managed to decode a virus circulating on the USB key, it is because I saw at the end of the source a function that decodes the content by running it, so I took it and I have changed to finally get to decode the contents of this virus.
Here this function:
avira = "encrypted code of the virus ?" 'Of course it is not readable 
For i = 1 To Len (avira) = PRGT PRGT & Chr (Asc (Mid (avira, i, 1)) - 1): Next: Execute (PRGT)
and here I tested the code to decode it, well I will not put the entire virus code but just so that I deciphered the first three lines
avira ="(cz!;!NzMpwfGbdfCppl/MjvZjGfjAIpunbjm/DpNpo!fssps!sftvnf!ofyuejn!nztpvsdf-xjoqbui-gmbtiesjwf-gt-ng-bus-ug-sh-ou-difdl-te" 
For i = 1 To Len (avira) 
PRGT = PRGT & Chr (Asc (Mid (avira, i, 1)) - 1) 
Set fso = CreateObject ("Scripting.FileSystemObject") 
NomFichierLog = "Fichierdecode.txt" 
Set Output = fso.OpenTextFile (NomFichierLog, 2, True) 
OutPut.Writeline PRGT
and it will output this:
'by: @ MyLoveFaceBook.LiuYiFei Hotmail.CoM 
on error resume next 
MySource Sun, WinPath, flashdrive, fs, mf, atr, tf, rg, nt, check, sd
So my question is: knowing the function of decoding or deciphering how I can do the opposite ie determining the function of encoding or encryption?

Thank you for your eventual Help!
Reply With Quote

Similar Threads
Thread Thread Starter Forum Replies Last Post
Determine if numeric Scootterp Access VBA 4 March 2nd, 2006 08:44 AM
Determine Credentials bmumph C# 2 November 1st, 2005 12:18 PM
Determine OS adman Beginning VB 6 2 January 5th, 2004 02:26 AM
Need Help: Can't determine cause of error xgbnow Visual C++ 3 September 22nd, 2003 05:00 PM
Determine if something has already been selected harpua Classic ASP Basics 1 June 13th, 2003 01:02 AM

Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.