Re: Bubble Boy Virus Spreading Mechanism

[hecix () HOTMAIL COM (. Hecix)]

Right, first off, SoupNazi is the same as the other one, but writes the same
file to C:\WINDOWS\MENU INICIO\PROGRAMAS\INICIO\UPDATE.HTA. Is this the
Spanish version of the Start menu?? The reason why I removed most of it was
it was the same, and I thought you only wanted the mechanism. I didn't
realize I left one part in that confused people.

The code Vandelay.Doc = " **INSERT CODE HERE**" means that that is the place
where I removed the virus code. For instance if you just wanted your e-mail
virus to write a file that shows an HTML page with a link on it, then you
would do this

Vandelay.Doc = "<html> <a href=""http://www.microsoft.com"";> </html"

The double quotes signifing that single quotes will be written to the file.

As the .HTA file is written into the startup directory, windows will see it
and automatically execute it with MSHTA.exe, which then leads to loads of
e-mails being sent out. I presume you don't need this code. It is somewhat
like the love bug one.

Hope I have answered your questions

________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com