CMD/BAT - Новый вирус осторожно с файлами в интернете

nfs911 · Отправлено: **00:28, 09-01-2016** | #2

infoman1@vk, внутри повсюду WScript.StdOut.Write("текст который надо преобразовывать чтобы понять");

nfs911 · Отправлено: **01:45, 09-01-2016** | #3

Декодировал(примитивно):
в итоге оно собирает эезешник
В спойлере некоторые читабельные части

Скрытый текст

MZ@ !L!This program cannot be run in DOS mode.
<MrQ;EEruntime error
TLOSS error
SING error
DOMAIN error
R6028
- unable to initialize heap
R6027
- not enough space for lowio initialization
R6026
- not enough space for stdio initialization
R6025
- pure virtual function call
R6024
- not enough space for _onexit/atexit table
R6019
- unable to open console device
R6018
- unexpected heap error
R6017
- unexpected multithread lock error
R6016
- not enough space for thread data

abnormal program termination
R6009
- not enough space for environment
R6008
- not enough space for arguments
R6002
- floating point not loaded
Microsoft Visual C++ Runtime Library

Runtime Error!

Program: ...<program name unknown>GetLastActivePopupGetActiveWindowMessageBoxAuser32.dllE"EEEVEZEHnh\(z 6Hj|:8Nhz ,8Tl^N>2$DefWindowProcADestroyWindowDispatchMessageAGetKeyboardTypeTranslateMessage*GetMessageAYCrea teWindowExAWindowFromPointRegisterClassALoadCursorALoadIconA"SetClassWordEnableWindowPostMessageAUSE R32.dllWinExecGetLocalTimeWriteFileOpenSemaphoreAACreateNamedPipeA1CreateEventA?CreateMutexAOpenFile GetCurrentProcessIdGetEnvironmentStringsWaitForSingleObjectjSetFilePointer&GetModuleHandleAKERNEL32. dllPGetStartupInfoAGetCommandLineAtGetVersion}ExitProcessTerminateProcessGetCurrentProcessUnhandledE xceptionFilter$GetModuleFileNameAFreeEnvironmentStringsAFreeEnvironmentStringsWWideCharToMultiByteGe tEnvironmentStringsWmSetHandleCountRGetStdHandleGetFileTypeGetCurrentThreadIdTlsSetValueTlsAllocqSet LastErrorTlsGetValueGetLastErrorHeapDestroyHeapCreateVirtualFreeHeapFree/RtlUnwindInitializeCriticalSectionfEnterCriticalSectionLeaveCriticalSectionGetCPInfoGetACP1GetOEMCPH eapAllocVirtualAllocHeapReAlloc>GetProcAddressLoadLibraryAMultiByteToWideCharLCMapStringALCMapString WSGetStringTypeAVGetStringTypeWLEbnbnnbbbnbnnbb1FhCAC8|@K@SxF~T
RCr7"KUBW~_FxTW4#^#a6l\x{+3;s'+6v'XSPdN^J.oF9^C~VeZA*jM1_D"^i\zF#n^ LU~7zpMZG,LCsjldYqdZHVepYIHxdQCuAdiGtHrfpnvpshljgbflLeWuMeahmllxSkUPInSgngyWLZDjJFAqjigrTtOKPzotElZR qNNbDSVxyLqcEcppbeLjtCUhMHKjJfxMrhaPoy.lqeQwGAPwRpSUmyCBizbCxqRJwwegZOuGwSQuFGYhTBWedDqXCjkXgtjQiEtN AQrzzzjmYFALoGuhoBxmpNNmiqVRnGbnuKIlWZWXLywidFmeSsYvX,*`h01
z0+Qu+

Failed to compile %s skin!)%s skin has been successfully decompiled!Failed to decompile %s skin!Failed to load %s skin!Failed to load %s.sys driver!%This application is designed to use %s.sys driver v%d.%d. Different version of RTdriver is installed and in use now. It is strongly recommended to close all applications using this driver and restart this application to allow correct driver version usage, otherwise it may function improperly.ESome of MSI Afterburner components are expired, missing or corrupted!2Failed to load %s skin, reverting to default skin! Unsupported %s skin file format!Your current system state has been used to build Hardware Emulation Layer. The application will function through HEL after the next restart.2I2C dump has been saved to the application folder.2Failed to save I2C dump to the application folder.IFailed to initialize main window with %s skin, reverting to default skin!!Failed to initialize main window!Sorry, the fan speed curve you've defined doesn't appear to be valid! It is not allowed to define a curve causing fan speed to decrease with increasing temperature!
GPU%d : %sGPU%dEmulated %s on %s GPU%s on %s GPU
%-20s : %sDisplay deviceDisplay driver%dMBOn-board memoryBIOSGUIDmastersynchronized with masterMulti-GPU roleOSDLCDtray)Select a graph to access graph properties%s graph properties@Tick checkmark to activate the graph and access graph propertiesRUpdating %d graph(s) with %d ms period, polling time : %.3f ms, GUI time : %.3f ms>Updating fan speed(s) with %d ms period, update time : %.3f msBitmap cache flushedTip: MSI Afterburner is currently minimized to system tray area. You may click its' tray icon to bring MSI Afterburner window to top.(Failed to restore main window DIB cache!MSI Afterburner propertiesiThe changes you've made will be applied after restarting MSI Afterburner. Do you want to restart it now?On-Screen Display serverActive client(s)server is not loadednot detectedActive 3D processAdditional server process has been loaded for the first time. The server is automatically loaded by MSI Afterburner as soon as you enable the functionality depending on it. Such functionality includes but not limited to automatic profiles management, screen capture, framerate monitoring and On-Screen Display rendering. When the server is loaded, you may check which MSI Afterburner modules are connected to it as the clients by clicking <i> button.Profile %d appliedProfile %d loadedProfile %d deletedProfile %d savedGPU%d selected"MSI Afterburner%s hardware monitorframerate monitoring moduleOn-Screen Display moduleautomatic profiles managerscreen capture moduleYou've activated user defined software automatic fan control mode for the first time. Please take a note that you can redefine the fan speed curve for this mode via advanced MSI Afterburner properties. Do you want to go to advanced properties and edit the curve right now?#Warning! You are trying to display too many text information in the On-Screen Display. Displayed text will be truncated causing some information to be lost, it is recommended to disable On-Screen Display output for some unnecessary hardware monitoring graphs. Do you want to do it right now?in %sNot assignedemptyGraph
PropertiesMinMaxAbout %s
expires on %sZThere is no new version available at this time. Currently installed version is up to date.YMSI Afterburner v%s is available for download. Do you want to open the download page now?:Cannot retrieve update information from the update server!3Cannot establish connection with the update server!Hardware monitor is paused%s localization creator(MSI Afterburner %s localization feedbackProfiles modification lockedProfiles modification unlocked5Resource file copy has been successfully saved to %s!(Failed to save resource file copy to %s!Log session started+Log session terminated due to write failure*Log session terminated due to user request/Log session terminated due to log size overflowLogging to %s (%I64u bytes)cannot open internet connectionKRivaTuner hardware monitoring log files (*.hml)|*.hml|All files (*.*)|*.*||compiled on %d-%m-%Y %H:%M:%SVoltage defaults capturedOFailed to initialize hotkey handler, global hotkeys will not function properly!.Please select target folder for screen capture6CTaskSchedulerInterface::%s failed with error code %d!'%s skin has been successfully compiled!Beta %d#On-Screen Display Server is blockedScreenshot captured-Please select target folder for video capturevideo capture module%d%% qualityFramerate %d FPSExternal profile appliedcannot open server connectioncannot open HTTP requestcannot send HTTP requestcannot query HTTP infoproxy authentification requiredcannot read fileunknown reason %dReason : %s, error code %d9Warning! This version expires on %A, %B %d, %Y, %H:%M:%S!'Last checked on %A, %B %d, %Y, %H:%M:%SAuto selectThere are no devices availableWASAPI playback deviceWASAPI capture deviceuncompressedRTV1 compressionMJPG compressionMPNG compressionTClock limits have been extended. Please reboot the PC in order to apply the changes.TClock limits have been restored. Please reboot the PC in order to apply the changes.It is strongly recommended to reboot the PC in order to detect default settings properly. Do you want to reboot it right now? Answer NO to detect default settings without rebooting the PC.Framerate limit %d FPS%d FPSFramerate limit disabledPower limit %sVFW compression : %snot configuredBPlease configure VFW compression or select different video format.Assigned hotkeys Profile 1 Profile 2 Profile 3 Profile 4 Profile 5
Toggle OSDShow OSDHide OSDBlock OSD ServerCapture screenshot
Capture videoPush-To-Talk 1Push-To-Talk 2VDDC controllerMVDDC controllerAUX controller%s on I2C bus %d, device %02Xh^The changes you've made will be applied after rebooting the PC. Do you want to reboot it now?Registry keyPathCustomDefault%SERVERPRODUCTNAME% installation has been detected detected. It will be able to provide additional functionality to %PRODUCTNAME% after restarting the application. Do you want to restart it now?VersionAudio Video Interleave AVIMatroska MKVexternal plugin : %sBPlease configure external plugin or select different video format.jThis video format is not compatible with AVI container. Please select different video or container format. @4 @4 @4 @4 @4 @4 h h h<assembly xmlns = "urn:schemas-microsoft-com:asm.v1" manifestVersion = "1.0" >
<dependency>
<dependentAssembly ><assemblyIdentity version ="6.0.0.0" type = "win32" name = "Microsoft.Windows.Common-Controls" publicKeyToken = "6595b64144ccf1df" processorArchitecture= "x86" language = "*" >
</assemblyIdentity >
</dependentAssembly >
</dependency >
<trustInfo xmlns ="urn:schemas-microsoft-com:asm.v3" >
<security ><requestedPrivileges >
<requestedExecutionLevel uiAccess = "false" level = "asInvoker" >
</requestedExecutionLevel >
</requestedPrivileges >
</security >
</trustInfo >
</assembly >

Короче говоря данный ялык это ярлык+обфусцированный WScript код